Table of Contents
This manual describes how to install, use and extend NixOS, a Linux distribution based on the purely functional package management system Nix.
If you encounter problems, please report them on the
nix-dev@lists.science.uu.nl
mailing list or on the
#nixos channel on Freenode. Bugs should
be reported in NixOS’ GitHub
issue tracker.
NixOS ISO images can be downloaded from the NixOS homepage. These can be burned onto a CD. It is also possible to copy them onto a USB stick and install NixOS from there. For details, see the NixOS Wiki.
As an alternative to installing NixOS yourself, you can get a running NixOS system through several other means:
Using virtual appliances in Open Virtualization Format (OVF) that can be imported into VirtualBox. These are available from the NixOS homepage.
Using AMIs for Amazon’s EC2. To find one for your region and instance type, please refer to the list of most recent AMIs.
Using NixOps, the NixOS-based cloud deployment tool, which allows you to provision VirtualBox and EC2 NixOS instances from declarative specifications. Check out the NixOps homepage for details.
Boot from the CD.
The CD contains a basic NixOS installation. (It also contains Memtest86+, useful if you want to test new hardware.) When it’s finished booting, it should have detected most of your hardware and brought up networking (check ifconfig). Networking is necessary for the installer, since it will download lots of stuff (such as source tarballs or Nixpkgs channel binaries). It’s best if you have a DHCP server on your network. Otherwise configure networking manually using ifconfig.
The NixOS manual is available on virtual console 8 (press Alt+F8 to access).
Login as root and the empty
password.
If you downloaded the graphical ISO image, you can run start display-manager to start KDE.
The NixOS installer doesn’t do any partitioning or formatting yet, so you need to that yourself. Use the following commands:
For partitioning: fdisk.
For initialising Ext4 partitions:
mkfs.ext4. It is recommended that you assign a
unique symbolic label to the file system using the option
-L , since this
makes the file system configuration independent from device
changes. For example:
label
$ mkfs.ext4 -L nixos /dev/sda1
For creating swap partitions:
mkswap. Again it’s recommended to assign a
label to the swap partition: -L
.label
For creating LVM volumes, the LVM commands, e.g.,
$ pvcreate /dev/sda1 /dev/sdb1 $ vgcreate MyVolGroup /dev/sda1 /dev/sdb1 $ lvcreate --size 2G --name bigdisk MyVolGroup $ lvcreate --size 1G --name smalldisk MyVolGroup
For creating software RAID devices, use mdadm.
Mount the target file system on which NixOS should
be installed on /mnt, e.g.
$ mount /dev/disk/by-label/nixos /mnt
If your machine has a limited amount of memory, you
may want to activate swap devices now (swapon
device). The installer (or
rather, the build actions that it may spawn) may need quite a bit of
RAM, depending on your configuration.
You now need to create a file
/mnt/etc/nixos/configuration.nix that
specifies the intended configuration of the system. This is
because NixOS has a declarative configuration
model: you create or edit a description of the desired
configuration of your system, and then NixOS takes care of making
it happen. The syntax of the NixOS configuration file is
described in Section 2.1, “Configuration syntax”, while a
list of available configuration options appears in Appendix B, Configuration options. A minimal example is shown in Example 1.2, “NixOS configuration”.
The command nixos-generate-config can generate an initial configuration file for you:
$ nixos-generate-config --root /mnt
You should then edit
/mnt/etc/nixos/configuration.nix to suit your
needs:
$ nano /mnt/etc/nixos/configuration.nix
The vim text editor is also available.
You must set the option
boot.loader.grub.device to specify on which disk
the GRUB boot loader is to be installed. Without it, NixOS cannot
boot.
Another critical option is fileSystems,
specifying the file systems that need to be mounted by NixOS.
However, you typically don’t need to set it yourself, because
nixos-generate-config sets it automatically in
/mnt/etc/nixos/hardware-configuration.nix
from your currently mounted file systems. (The configuration file
hardware-configuration.nix is included from
configuration.nix and will be overwritten by
future invocations of nixos-generate-config;
thus, you generally should not modify it.)
boot.initrd.kernelModules to include the kernel
modules that are necessary for mounting the root file system,
otherwise the installed system will not be able to boot. (If this
happens, boot from the CD again, mount the target file system on
/mnt, fix
/mnt/etc/nixos/configuration.nix and rerun
nixos-install.) In most cases,
nixos-generate-config will figure out the
required modules.Examples of real-world NixOS configuration files can be found at https://nixos.org/repos/nix/configurations/trunk/.
Do the installation:
$ nixos-install
Cross fingers. If this fails due to a temporary problem (such as
a network issue while downloading binaries from the NixOS binary
cache), you can just re-run nixos-install.
Otherwise, fix your configuration.nix and
then re-run nixos-install.
If everything went well:
$ reboot
You should now be able to boot into the installed NixOS. The GRUB boot menu shows a list of available configurations (initially just one). Every time you change the NixOS configuration (see Section 1.3, “Changing the configuration”), a new item appears in the menu. This allows you to easily roll back to another configuration if something goes wrong.
You should log in and change the root
password with passwd.
You’ll probably want to create some user accounts as well, which can be done with useradd:
$ useradd -c 'Eelco Dolstra' -m eelco $ passwd eelco
You may also want to install some software. For instance,
$ nix-env -qa \*
shows what packages are available, and
$ nix-env -i w3m
install the w3m browser.
To summarise, Example 1.1, “Commands for installing NixOS on /dev/sda” shows a
typical sequence of commands for installing NixOS on an empty hard
drive (here /dev/sda). Example 1.2, “NixOS configuration” shows a corresponding configuration Nix expression.
Example 1.1. Commands for installing NixOS on /dev/sda
$ fdisk /dev/sda # (or whatever device you want to install on)
$ mkfs.ext4 -L nixos /dev/sda1
$ mkswap -L swap /dev/sda2
$ swapon /dev/sda2
$ mount /dev/disk/by-label/nixos /mnt
$ nixos-generate-config --root /mnt
$ nano /mnt/etc/nixos/configuration.nix
$ nixos-install
$ rebootExample 1.2. NixOS configuration
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
boot.loader.grub.device = "/dev/sda";
# Note: setting fileSystems is generally not
# necessary, since nixos-generate-config figures them out
# automatically in hardware-configuration.nix.
#fileSystems."/".device = "/dev/disk/by-label/nixos";
# Enable the OpenSSH server.
services.sshd.enable = true;
}NixOS can also be installed on UEFI systems. The procedure is by and large the same as a BIOS installation, with the following changes:
You should boot the live CD in UEFI mode (consult your specific hardware's documentation for instructions).
Instead of fdisk, you should use
gdisk to partition your disks. You will need to
have a separate partition for /boot with
partition code EF00, and it should be formatted as a
vfat filesystem.
You must set boot.loader.gummiboot.enable to
true. nixos-generate-config
should do this automatically for new configurations when booted in
UEFI mode.
You may want to look at the options starting with
boot.loader.efi and boot.loader.gummiboot
as well.
To see console messages during early boot, add "fbcon"
to your boot.initrd.kernelModules.
For systems withoua CD drive, the NixOS livecd can be booted from a usb stick. For non-UEFI installations, unetbootin will work. For UEFI installations, you should mount the ISO, copy its contents verbatim to your drive, then either:
Change the label of the disk partition to the label of the ISO (visible with the blkid command), or
Edit loader/entries/nixos-livecd.conf on the drive
and change the root= field in the options
line to point to your drive (see the documentation on root=
in
the kernel documentation for more details).
The file /etc/nixos/configuration.nix
contains the current configuration of your machine. Whenever you’ve
changed something to that file, you should do
$ nixos-rebuild switch
to build the new configuration, make it the default configuration for booting, and try to realise the configuration in the running system (e.g., by restarting system services).
sudo -i.You can also do
$ nixos-rebuild test
to build the configuration and switch the running system to it, but without making it the boot default. So if (say) the configuration locks up your machine, you can just reboot to get back to a working configuration.
There is also
$ nixos-rebuild boot
to build the configuration and make it the boot default, but not switch to it now (so it will only take effect after the next reboot).
You can make your configuration show up in a different submenu of the GRUB 2 boot screen by giving it a different profile name, e.g.
$ nixos-rebuild switch -p test
which causes the new configuration (and previous ones created using
-p test) to show up in the GRUB submenu “NixOS -
Profile 'test'”. This can be useful to separate test configurations
from “stable” configurations.
Finally, you can do
$ nixos-rebuild build
to build the configuration but nothing more. This is useful to see whether everything compiles cleanly.
If you have a machine that supports hardware virtualisation, you can also test the new configuration in a sandbox by building and running a QEMU virtual machine that contains the desired configuration. Just do
$ nixos-rebuild build-vm $ ./result/bin/run-*-vm
The VM does not have any data from your host system, so your existing user accounts and home directories will not be available. You can forward ports on the host to the guest. For instance, the following will forward host port 2222 to guest port 22 (SSH):
$ QEMU_NET_OPTS="hostfwd=tcp::2222-:22" ./result/bin/run-*-vm
allowing you to log in via SSH (assuming you have set the appropriate passwords or SSH authorized keys):
$ ssh -p 2222 localhost
The best way to keep your NixOS installation up to date is to use one of the NixOS channels. A channel is a Nix mechanism for distributing Nix expressions and associated binaries. The NixOS channels are updated automatically from NixOS’s Git repository after certain tests have passed and all packages have been built. These channels are:
Stable channels, such as nixos-14.04.
These only get conservative bug fixes and package upgrades. For
instance, a channel update may cause the Linux kernel on your
system to be upgraded from 3.4.66 to 3.4.67 (a minor bug fix), but
not from 3.4.x to
3.11.x (a major change that has the
potential to break things). Stable channels are generally
maintained until the next stable branch is created.
The unstable channel, nixos-unstable.
This corresponds to NixOS’s main development branch, and may thus
see radical changes between channel updates. It’s not recommended
for production systems.
To see what channels are available, go to http://nixos.org/channels. (Note that the URIs of the various channels redirect to a directory that contains the channel’s latest version and includes ISO images and VirtualBox appliances.)
When you first install NixOS, you’re automatically subscribed to
the NixOS channel that corresponds to your installation source. For
instance, if you installed from a 14.04 ISO, you will be subscribed to
the nixos-14.04 channel. To see which NixOS
channel you’re subscribed to, run the following as root:
$ nix-channel --list | grep nixos nixos https://nixos.org/channels/nixos-unstable
To switch to a different NixOS channel, do
$ nix-channel --add http://nixos.org/channels/channel-name nixos
(Be sure to include the nixos parameter at the
end.) For instance, to use the NixOS 14.04 stable channel:
$ nix-channel --add http://nixos.org/channels/nixos-14.04 nixos
But it you want to live on the bleeding edge:
$ nix-channel --add http://nixos.org/channels/nixos-unstable nixos
You can then upgrade NixOS to the latest version in your chosen channel by running
$ nixos-rebuild switch --upgrade
which is equivalent to the more verbose nix-channel --update
nixos; nixos-rebuild switch.
This chapter describes how to configure various aspects of a
NixOS machine through the configuration file
/etc/nixos/configuration.nix. As described in
Section 1.3, “Changing the configuration”, changes to this file only take
effect after you run nixos-rebuild.
The NixOS configuration file
/etc/nixos/configuration.nix is actually a
Nix expression, which is the Nix package
manager’s purely functional language for describing how to build
packages and configurations. This means you have all the expressive
power of that language at your disposal, including the ability to
abstract over common patterns, which is very useful when managing
complex systems. The syntax and semantics of the Nix language are
fully described in the Nix
manual, but here we give a short overview of the most important
constructs useful in NixOS configuration files.
The NixOS configuration file generally looks like this:
{ config, pkgs, ... }:
{ option definitions
}
The first line ({ config, pkgs, ... }:) denotes
that this is actually a function that takes at least the two arguments
config and pkgs. (These are
explained later.) The function returns a set of
option definitions ({ ). These definitions have the
form ... }name =
valuename is the name of an option and
value is its value. For example,
{ config, pkgs, ... }:
{ services.httpd.enable = true;
services.httpd.adminAddr = "alice@example.org";
services.httpd.documentRoot = "/webroot";
}
defines a configuration with three option definitions that together
enable the Apache HTTP Server with /webroot as
the document root.
Sets can be nested, and in fact dots in option names are
shorthand for defining a set containing another set. For instance,
services.httpd.enable defines a set named
services that contains a set named
httpd, which in turn contains an option definition
named enable with value true.
This means that the example above can also be written as:
{ config, pkgs, ... }:
{ services = {
httpd = {
enable = true;
adminAddr = "alice@example.org";
documentRoot = "/webroot";
};
};
}
which may be more convenient if you have lots of option definitions
that share the same prefix (such as
services.httpd).
NixOS checks your option definitions for correctness. For instance, if you try to define an option that doesn’t exist (that is, doesn’t have a corresponding option declaration), nixos-rebuild will give an error like:
The option `services.httpd.enabl' defined in `/etc/nixos/configuration.nix' does not exist.
Likewise, values in option definitions must have a correct type. For
instance, services.httpd.enable must be a Boolean
(true or false). Trying to give
it a value of another type, such as a string, will cause an error:
The option value `services.httpd.enable' in `/etc/nixos/configuration.nix' is not a boolean.
Options have various types of values. The most important are:
Strings are enclosed in double quotes, e.g.
networking.hostName = "dexter";
Special characters can be escaped by prefixing them with a
backslash (e.g. \").
Multi-line strings can be enclosed in double single quotes, e.g.
networking.extraHosts =
''
127.0.0.2 other-localhost
10.0.0.1 server
'';
The main difference is that preceding whitespace is
automatically stripped from each line, and that characters like
" and \ are not special
(making it more convenient for including things like shell
code).
These can be true or
false, e.g.
networking.firewall.enable = true; networking.firewall.allowPing = false;
For example,
boot.kernel.sysctl."net.ipv4.tcp_keepalive_time" = 60;
(Note that here the attribute name
net.ipv4.tcp_keepalive_time is enclosed in
quotes to prevent it from being interpreted as a set named
net containing a set named
ipv4, and so on. This is because it’s not a
NixOS option but the literal name of a Linux kernel
setting.)
Sets were introduced above. They are name/value pairs enclosed in braces, as in the option definition
fileSystems."/boot" =
{ device = "/dev/sda1";
fsType = "ext4";
options = "rw,data=ordered,relatime";
};
The important thing to note about lists is that list elements are separated by whitespace, like this:
boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ];
List elements can be any other type, e.g. sets:
swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];
Usually, the packages you need are already part of the Nix
Packages collection, which is a set that can be accessed through
the function argument pkgs. Typical uses:
environment.systemPackages =
[ pkgs.thunderbird
pkgs.emacs
];
postgresql.package = pkgs.postgresql90;
The latter option definition changes the default PostgreSQL package used by NixOS’s PostgreSQL service to 9.0. For more information on packages, including how to add new ones, see Section 2.2.1.2, “Adding custom packages”.
If you find yourself repeating yourself over and over, it’s time to abstract. Take, for instance, this Apache HTTP Server configuration:
{
services.httpd.virtualHosts =
[ { hostName = "example.org";
documentRoot = "/webroot";
adminAddr = "alice@example.org";
enableUserDir = true;
}
{ hostName = "example.org";
documentRoot = "/webroot";
adminAddr = "alice@example.org";
enableUserDir = true;
enableSSL = true;
sslServerCert = "/root/ssl-example-org.crt";
sslServerKey = "/root/ssl-example-org.key";
}
];
}
It defines two virtual hosts with nearly identical configuration; the
only difference is that the second one has SSL enabled. To prevent
this duplication, we can use a let:
let
exampleOrgCommon =
{ hostName = "example.org";
documentRoot = "/webroot";
adminAddr = "alice@example.org";
enableUserDir = true;
};
in
{
services.httpd.virtualHosts =
[ exampleOrgCommon
(exampleOrgCommon // {
enableSSL = true;
sslServerCert = "/root/ssl-example-org.crt";
sslServerKey = "/root/ssl-example-org.key";
})
];
}
The let exampleOrgCommon =
defines a variable named
...exampleOrgCommon. The //
operator merges two attribute sets, so the configuration of the second
virtual host is the set exampleOrgCommon extended
with the SSL options.
You can write a let wherever an expression is
allowed. Thus, you also could have written:
{
services.httpd.virtualHosts =
let exampleOrgCommon = ...; in
[ exampleOrgCommon
(exampleOrgCommon // { ... })
];
}
but not { let exampleOrgCommon =
since attributes (as opposed to attribute values) are not
expressions....; in ...;
}
Functions provide another method of abstraction. For instance, suppose that we want to generate lots of different virtual hosts, all with identical configuration except for the host name. This can be done as follows:
{
services.httpd.virtualHosts =
let
makeVirtualHost = name:
{ hostName = name;
documentRoot = "/webroot";
adminAddr = "alice@example.org";
};
in
[ (makeVirtualHost "example.org")
(makeVirtualHost "example.com")
(makeVirtualHost "example.gov")
(makeVirtualHost "example.nl")
];
}
Here, makeVirtualHost is a function that takes a
single argument name and returns the configuration
for a virtual host. That function is then called for several names to
produce the list of virtual host configurations.
We can further improve on this by using the function
map, which applies another function to every
element in a list:
{
services.httpd.virtualHosts =
let
makeVirtualHost = ...;
in map makeVirtualHost
[ "example.org" "example.com" "example.gov" "example.nl" ];
}
(The function map is called a
higher-order function because it takes another
function as an argument.)
What if you need more than one argument, for instance, if we
want to use a different documentRoot for each
virtual host? Then we can make makeVirtualHost a
function that takes a set as its argument, like this:
{
services.httpd.virtualHosts =
let
makeVirtualHost = { name, root }:
{ hostName = name;
documentRoot = root;
adminAddr = "alice@example.org";
};
in map makeVirtualHost
[ { name = "example.org"; root = "/sites/example.org"; }
{ name = "example.com"; root = "/sites/example.com"; }
{ name = "example.gov"; root = "/sites/example.gov"; }
{ name = "example.nl"; root = "/sites/example.nl"; }
];
}
But in this case (where every root is a subdirectory of
/sites named after the virtual host), it would
have been shorter to define makeVirtualHost as
makeVirtualHost = name:
{ hostName = name;
documentRoot = "/sites/${name}";
adminAddr = "alice@example.org";
};
Here, the construct
${ allows the result
of an expression to be spliced into a string....}
The NixOS configuration mechanism is modular. If your
configuration.nix becomes too big, you can split
it into multiple files. Likewise, if you have multiple NixOS
configurations (e.g. for different computers) with some commonality,
you can move the common configuration into a shared file.
Modules have exactly the same syntax as
configuration.nix. In fact,
configuration.nix is itself a module. You can
use other modules by including them from
configuration.nix, e.g.:
{ config, pkgs, ... }:
{ imports = [ ./vpn.nix ./kde.nix ];
services.httpd.enable = true;
environment.systemPackages = [ pkgs.emacs ];
...
}
Here, we include two modules from the same directory,
vpn.nix and kde.nix. The
latter might look like this:
{ config, pkgs, ... }:
{ services.xserver.enable = true;
services.xserver.displayManager.kdm.enable = true;
services.xserver.desktopManager.kde4.enable = true;
environment.systemPackages = [ pkgs.kde4.kscreensaver ];
}
Note that both configuration.nix and
kde.nix define the option
environment.systemPackages. When multiple modules
define an option, NixOS will try to merge the
definitions. In the case of
environment.systemPackages, that’s easy: the lists of
packages can simply be concatenated. The value in
configuration.nix is merged last, so for
list-type options, it will appear at the end of the merged list. If
you want it to appear first, you can use mkBefore:
boot.kernelModules = mkBefore [ "kvm-intel" ];
This causes the kvm-intel kernel module to be
loaded before any other kernel modules.
For other types of options, a merge may not be possible. For
instance, if two modules define
services.httpd.adminAddr,
nixos-rebuild will give an error:
The unique option `services.httpd.adminAddr' is defined multiple times, in `/etc/nixos/httpd.nix' and `/etc/nixos/configuration.nix'.
When that happens, it’s possible to force one definition take precedence over the others:
services.httpd.adminAddr = pkgs.lib.mkForce "bob@example.org";
When using multiple modules, you may need to access
configuration values defined in other modules. This is what the
config function argument is for: it contains the
complete, merged system configuration. That is,
config is the result of combining the
configurations returned by every module[1]. For example, here is a module that adds
some packages to environment.systemPackages only if
services.xserver.enable is set to
true somewhere else:
{ config, pkgs, ... }:
{ environment.systemPackages =
if config.services.xserver.enable then
[ pkgs.firefox
pkgs.thunderbird
]
else
[ ];
}
With multiple modules, it may not be obvious what the final
value of a configuration option is. The command
nixos-option allows you to find out:
$ nixos-option services.xserver.enable
true
$ nixos-option boot.kernelModules
[ "tun" "ipv6" "loop" ... ]
Interactive exploration of the configuration is possible using
nix-repl,
a read-eval-print loop for Nix expressions. It’s not installed by
default; run nix-env -i nix-repl to get it. A
typical use:
$ nix-repl '<nixos>' nix-repl> config.networking.hostName "mandark" nix-repl> map (x: x.hostName) config.services.httpd.virtualHosts [ "example.org" "example.gov" ]
Below is a summary of the most important syntactic constructs in the Nix expression language. It’s not complete. In particular, there are many other built-in functions. See the Nix manual for the rest.
| Example | Description |
|---|---|
| Basic values | |
"Hello world" | A string |
"${pkgs.bash}/bin/sh" | A string containing an expression (expands to "/nix/store/) |
true, false | Booleans |
123 | An integer |
./foo.png | A path (relative to the containing Nix expression) |
| Compound values | |
{ x = 1; y = 2; } | An set with attributes names x and y |
{ foo.bar = 1; } | A nested set, equivalent to { foo = { bar = 1; }; } |
rec { x = "bla"; y = x + "bar"; } | A recursive set, equivalent to { x = "foo"; y = "foobar"; } |
[ "foo" "bar" ] | A list with two elements |
| Operators | |
"foo" + "bar" | String concatenation |
1 + 2 | Integer addition |
"foo" == "f" + "oo" | Equality test (evaluates to true) |
"foo" != "bar" | Inequality test (evaluates to true) |
!true | Boolean negation |
{ x = 1; y = 2; }.x | Attribute selection (evaluates to 1) |
{ x = 1; y = 2; }.z or 3 | Attribute selection with default (evaluates to 3) |
{ x = 1; y = 2; } // { z = 3; } | Merge two sets (attributes in the right-hand set taking precedence) |
| Control structures | |
if 1 + 1 == 2 then "yes!" else "no!" | Conditional expression |
assert 1 + 1 == 2; "yes!" | Assertion check (evaluates to "yes!") |
let x = "foo"; y = "bar"; in x + y | Variable definition |
with pkgs.lib; head [ 1 2 3 ] | Add all attributes from the given set to the scope
(evaluates to 1) |
| Functions (lambdas) | |
x: x + 1 | A function that expects an integer and returns it increased by 1 |
(x: x + 1) 100 | A function call (evaluates to 101) |
let inc = x: x + 1; in inc (inc (inc 100)) | A function bound to a variable and subsequently called by name (evaluates to 103) |
{ x, y }: x + y | A function that expects a set with required attributes
x and y and concatenates
them |
{ x, y ? "bar" }: x + y | A function that expects a set with required attribute
x and optional y, using
"bar" as default value for
y |
{ x, y, ... }: x + y | A function that expects a set with required attributes
x and y and ignores any
other attributes |
{ x, y } @ args: x + y | A function that expects a set with required attributes
x and y, and binds the
whole set to args |
| Built-in functions | |
import ./foo.nix | Load and return Nix expression in given file |
map (x: x + x) [ 1 2 3 ] | Apply a function to every element of a list (evaluates to [ 2 4 6 ]) |
This section describes how to add additional packages to your system. NixOS has two distinct styles of package management:
Declarative, where you declare
what packages you want in your
configuration.nix. Every time you run
nixos-rebuild, NixOS will ensure that you get a
consistent set of binaries corresponding to your
specification.
Ad hoc, where you install, upgrade and uninstall packages via the nix-env command. This style allows mixing packages from different Nixpkgs versions. It’s the only choice for non-root users.
The next two sections describe these two styles.
With declarative package management, you specify which packages
you want on your system by setting the option
environment.systemPackages. For instance, adding the
following line to configuration.nix enables the
Mozilla Thunderbird email application:
environment.systemPackages = [ pkgs.thunderbird ];
The effect of this specification is that the Thunderbird package from Nixpkgs will be built or downloaded as part of the system when you run nixos-rebuild switch.
You can get a list of the available packages as follows:
$ nix-env -qaP '*' --description
nixos.pkgs.firefox firefox-23.0 Mozilla Firefox - the browser, reloaded
...
The first column in the output is the attribute
name, such as
nixos.pkgs.thunderbird. (The
nixos prefix allows distinguishing between
different channels that you might have.)
To “uninstall” a package, simply remove it from
environment.systemPackages and run
nixos-rebuild switch.
Some packages in Nixpkgs have options to enable or disable
optional functionality or change other aspects of the package. For
instance, the Firefox wrapper package (which provides Firefox with a
set of plugins such as the Adobe Flash player) has an option to enable
the Google Talk plugin. It can be set in
configuration.nix as follows:
nixpkgs.config.firefox.enableGoogleTalkPlugin = true;
Apart from high-level options, it’s possible to tweak a package in almost arbitrary ways, such as changing or disabling dependencies of a package. For instance, the Emacs package in Nixpkgs by default has a dependency on GTK+ 2. If you want to build it against GTK+ 3, you can specify that as follows:
environment.systemPackages = [ (pkgs.emacs.override { gtk = pkgs.gtk3; }) ];
The function override performs the call to the Nix
function that produces Emacs, with the original arguments amended by
the set of arguments specified by you. So here the function argument
gtk gets the value pkgs.gtk3,
causing Emacs to depend on GTK+ 3. (The parentheses are necessary
because in Nix, function application binds more weakly than list
construction, so without them,
environment.systemPackages would be a list with two
elements.)
Even greater customisation is possible using the function
overrideDerivation. While the
override mechanism above overrides the arguments of
a package function, overrideDerivation allows
changing the result of the function. This
permits changing any aspect of the package, such as the source code.
For instance, if you want to override the source code of Emacs, you
can say:
environment.systemPackages =
[ (pkgs.lib.overrideDerivation pkgs.emacs (attrs: {
name = "emacs-25.0-pre";
src = /path/to/my/emacs/tree;
}))
];
Here, overrideDerivation takes the Nix derivation
specified by pkgs.emacs and produces a new
derivation in which the original’s name and
src attribute have been replaced by the given
values. The original attributes are accessible via
attrs.
The overrides shown above are not global. They do not affect the original package; other packages in Nixpkgs continue to depend on the original rather than the customised package. This means that if another package in your system depends on the original package, you end up with two instances of the package. If you want to have everything depend on your customised instance, you can apply a global override as follows:
nixpkgs.config.packageOverrides = pkgs:
{ emacs = pkgs.emacs.override { gtk = pkgs.gtk3; };
};
The effect of this definition is essentially equivalent to modifying
the emacs attribute in the Nixpkgs source tree.
Any package in Nixpkgs that depends on emacs will
be passed your customised instance. (However, the value
pkgs.emacs in
nixpkgs.config.packageOverrides refers to the
original rather than overriden instance, to prevent an infinite
recursion.)
It’s possible that a package you need is not available in NixOS. In that case, you can do two things. First, you can clone the Nixpkgs repository, add the package to your clone, and (optionally) submit a patch or pull request to have it accepted into the main Nixpkgs repository. This is described in detail in the Nixpkgs manual. In short, you clone Nixpkgs:
$ git clone git://github.com/NixOS/nixpkgs.git $ cd nixpkgs
Then you write and test the package as described in the Nixpkgs
manual. Finally, you add it to
environment.systemPackages, e.g.
environment.systemPackages = [ pkgs.my-package ];
and you run nixos-rebuild, specifying your own Nixpkgs tree:
$ nixos-rebuild switch -I nixpkgs=/path/to/my/nixpkgs
The second possibility is to add the package outside of the
Nixpkgs tree. For instance, here is how you specify a build of the
GNU Hello
package directly in configuration.nix:
environment.systemPackages =
let
my-hello = with pkgs; stdenv.mkDerivation rec {
name = "hello-2.8";
src = fetchurl {
url = "mirror://gnu/hello/${name}.tar.gz";
sha256 = "0wqd8sjmxfskrflaxywc7gqw7sfawrfvdxd9skxawzfgyy0pzdz6";
};
};
in
[ my-hello ];
Of course, you can also move the definition of
my-hello into a separate Nix expression, e.g.
environment.systemPackages = [ (import ./my-hello.nix) ];
where my-hello.nix contains:
with import <nixpkgs> {}; # bring all of Nixpkgs into scope
stdenv.mkDerivation rec {
name = "hello-2.8";
src = fetchurl {
url = "mirror://gnu/hello/${name}.tar.gz";
sha256 = "0wqd8sjmxfskrflaxywc7gqw7sfawrfvdxd9skxawzfgyy0pzdz6";
};
}
This allows testing the package easily:
$ nix-build my-hello.nix $ ./result/bin/hello Hello, world!
With the command nix-env, you can install and uninstall packages from the command line. For instance, to install Mozilla Thunderbird:
$ nix-env -iA nixos.pkgs.thunderbird
If you invoke this as root, the package is installed in the Nix
profile /nix/var/nix/profiles/default and visible
to all users of the system; otherwise, the package ends up in
/nix/var/nix/profiles/per-user/
and is not visible to other users. The username/profile-A flag
specifies the package by its attribute name; without it, the package
is installed by matching against its package name
(e.g. thunderbird). The latter is slower because
it requires matching against all available Nix packages, and is
ambiguous if there are multiple matching packages.
Packages come from the NixOS channel. You typically upgrade a package by updating to the latest version of the NixOS channel:
$ nix-channel --update nixos
and then running nix-env -i again. Other packages
in the profile are not affected; this is the
crucial difference with the declarative style of package management,
where running nixos-rebuild switch causes all
packages to be updated to their current versions in the NixOS channel.
You can however upgrade all packages for which there is a newer
version by doing:
$ nix-env -u '*'
A package can be uninstalled using the -e
flag:
$ nix-env -e thunderbird
Finally, you can roll back an undesirable nix-env action:
$ nix-env --rollback
nix-env has many more flags. For details, see the nix-env(1) manpage or the Nix manual.
NixOS supports both declarative and imperative styles of user
management. In the declarative style, users are specified in
configuration.nix. For instance, the following
states that a user account named alice shall exist:
users.extraUsers.alice =
{ createHome = true;
home = "/home/alice";
description = "Alice Foobar";
extraGroups = [ "wheel" ];
useDefaultShell = true;
openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ];
};
Note that alice is a member of the
wheel group, which allows her to use
sudo to execute commands as
root. Also note the SSH public key that allows
remote logins with the corresponding private key. Users created in
this way do not have a password by default, so they cannot log in via
mechanisms that require a password. However, you can use the
passwd program to set a password, which is retained
across invocations of nixos-rebuild.
A user ID (uid) is assigned automatically. You can also specify a uid manually by adding
uid = 1000;
to the user specification.
Groups can be specified similarly. The following states that a
group named students shall exist:
users.extraGroups.students.gid = 1000;
As with users, the group ID (gid) is optional and will be assigned automatically if it’s missing.
In the imperative style, users and groups are managed by
commands such as useradd,
groupmod and so on. For instance, to create a user
account named alice:
$ useradd -m alice
The flag -m causes the creation of a home directory
for the new user, which is generally what you want. The user does not
have an initial password and therefore cannot log in. A password can
be set using the passwd utility:
$ passwd alice Enter new UNIX password: *** Retype new UNIX password: ***
A user can be deleted using userdel:
$ userdel -r alice
The flag -r deletes the user’s home directory.
Accounts can be modified using usermod. Unix
groups can be managed using groupadd,
groupmod and groupdel.
You can define file systems using the
fileSystems configuration option. For instance, the
following definition causes NixOS to mount the Ext4 file system on
device /dev/disk/by-label/data onto the mount
point /data:
fileSystems."/data" =
{ device = "/dev/disk/by-label/data";
fsType = "ext4";
};
Mount points are created automatically if they don’t already exist.
For device, it’s best to use the topology-independent
device aliases in /dev/disk/by-label and
/dev/disk/by-uuid, as these don’t change if the
topology changes (e.g. if a disk is moved to another IDE
controller).
You can usually omit the file system type
(fsType), since mount can usually
detect the type and load the necessary kernel module automatically.
However, if the file system is needed at early boot (in the initial
ramdisk) and is not ext2, ext3
or ext4, then it’s best to specify
fsType to ensure that the kernel module is
available.
NixOS supports file systems that are encrypted using
LUKS (Linux Unified Key Setup). For example,
here is how you create an encrypted Ext4 file system on the device
/dev/sda2:
$ cryptsetup luksFormat /dev/sda2 WARNING! ======== This will overwrite data on /dev/sda2 irrevocably. Are you sure? (Type uppercase yes): YES Enter LUKS passphrase: *** Verify passphrase: *** $ cryptsetup luksOpen /dev/sda2 crypted Enter passphrase for /dev/sda2: *** $ mkfs.ext4 /dev/mapper/crypted
To ensure that this file system is automatically mounted at boot time
as /, add the following to
configuration.nix:
boot.initrd.luks.devices = [ { device = "/dev/sda2"; name = "crypted"; } ];
fileSystems."/".device = "/dev/mapper/crypted";
The X Window System (X11) provides the basis of NixOS’ graphical user interface. It can be enabled as follows:
services.xserver.enable = true;
The X server will automatically detect and use the appropriate video
driver from a set of X.org drivers (such as vesa
and intel). You can also specify a driver
manually, e.g.
services.xserver.videoDrivers = [ "r128" ];
to enable X.org’s xf86-video-r128 driver.
You also need to enable at least one desktop or window manager. Otherwise, you can only log into a plain undecorated xterm window. Thus you should pick one or more of the following lines:
services.xserver.desktopManager.kde4.enable = true; services.xserver.desktopManager.xfce.enable = true; services.xserver.windowManager.xmonad.enable = true; services.xserver.windowManager.twm.enable = true; services.xserver.windowManager.icewm.enable = true;
NixOS’s default display manager (the program that provides a graphical login prompt and manages the X server) is SLiM. You can select KDE’s kdm instead:
services.xserver.displayManager.kdm.enable = true;
The X server is started automatically at boot time. If you don’t want this to happen, you can set:
services.xserver.autorun = false;
The X server can then be started manually:
$ systemctl start display-manager.service
NVIDIA provides a proprietary driver for its graphics cards that has better 3D performance than the X.org drivers. It is not enabled by default because it’s not free software. You can enable it as follows:
services.xserver.videoDrivers = [ "nvidia" ];
You may need to reboot after enabling this driver to prevent a clash with other kernel modules.
On 64-bit systems, if you want full acceleration for 32-bit programs such as Wine, you should also set the following:
services.xserver.driSupport32Bit = true;
Support for Synaptics touchpads (found in many laptops such as the Dell Latitude series) can be enabled as follows:
services.xserver.synaptics.enable = true;
The driver has many options (see Appendix B, Configuration options). For instance, the following enables two-finger scrolling:
services.xserver.synaptics.twoFingerScroll = true;
Secure shell (SSH) access to your machine can be enabled by setting:
services.openssh.enable = true;
By default, root logins using a password are disallowed. They can be
disabled entirely by setting
services.openssh.permitRootLogin to
"no".
You can declaratively specify authorised RSA/DSA public keys for a user as follows:
users.extraUsers.alice.openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3NzaC1kc3MAAACBAPIkGWVEt4..." ];
By default, NixOS uses DHCP (specifically, dhcpcd) to automatically configure network interfaces. However, you can configure an interface manually as follows:
networking.interfaces.eth0 = { ipAddress = "192.168.1.2"; prefixLength = 24; };
(The network prefix can also be specified using the option
subnetMask,
e.g. "255.255.255.0", but this is deprecated.)
Typically you’ll also want to set a default gateway and set of name
servers:
networking.defaultGateway = "192.168.1.1"; networking.nameservers = [ "8.8.8.8" ];
interface-name-cfg.service.
The default gateway and name server configuration is performed by
network-setup.service.The host name is set using networking.hostName:
networking.hostName = "cartman";
The default host name is nixos. Set it to the
empty string ("") to allow the DHCP server to
provide the host name.
IPv6 is enabled by default. Stateless address autoconfiguration is used to automatically assign IPv6 addresses to all interfaces. You can disable IPv6 support globally by setting:
networking.enableIPv6 = false;
NixOS has a simple stateful firewall that blocks incoming connections and other unexpected packets. The firewall applies to both IPv4 and IPv6 traffic. It is enabled by default. It can be disabled as follows:
networking.firewall.enable = false;
If the firewall is enabled, you can open specific TCP ports to the outside world:
networking.firewall.allowedTCPPorts = [ 80 443 ];
Note that TCP port 22 (ssh) is opened automatically if the SSH daemon
is enabled (services.openssh.enable = true). UDP
ports can be opened through
networking.firewall.allowedUDPPorts. Also of
interest is
networking.firewall.allowPing = true;
to allow the machine to respond to ping requests. (ICMPv6 pings are always allowed.)
NixOS will start wpa_supplicant for you if you enable this setting:
networking.wireless.enable = true;
NixOS currently does not generate wpa_supplicant's
configuration file, /etc/wpa_supplicant.conf. You should edit this file
yourself to define wireless networks, WPA keys and so on (see
wpa_supplicant.conf(5)).
If you are using WPA2 the wpa_passphrase tool might be useful
to generate the wpa_supplicant.conf.
$ wpa_passphrase ESSID PSK > /etc/wpa_supplicant.conf
After you have edited the wpa_supplicant.conf,
you need to restart the wpa_supplicant service.
$ systemctl restart wpa_supplicant.service
You can use networking.localCommands to specify
shell commands to be run at the end of
network-setup.service. This is useful for doing
network configuration not covered by the existing NixOS modules. For
instance, to statically configure an IPv6 address:
networking.localCommands =
''
ip -6 addr add 2001:610:685:1::1/64 dev eth0
'';
You can override the Linux kernel and associated packages using
the option boot.kernelPackages. For instance, this
selects the Linux 3.10 kernel:
boot.kernelPackages = pkgs.linuxPackages_3_10;
Note that this not only replaces the kernel, but also packages that are specific to the kernel version, such as the NVIDIA video drivers. This ensures that driver packages are consistent with the kernel.
The default Linux kernel configuration should be fine for most
users. You can see the configuration of your current kernel in
/run/booted-system/kernel-modules/config. If you
want to change the kernel configuration, you can use the
packageOverrides feature (see Section 2.2.1.1, “Customising packages”). For instance, to enable
support for the kernel debugger KGDB:
nixpkgs.config.packageOverrides = pkgs:
{ linux_3_4 = pkgs.linux_3_4.override {
extraConfig =
''
KGDB y
'';
};
};
extraConfig takes a list of Linux kernel
configuration options, one per line. The name of the option should
not include the prefix CONFIG_. The option value
is typically y, n or
m (to build something as a kernel module).
Kernel modules for hardware devices are generally loaded
automatically by udev. You can force a module to
be loaded via boot.kernelModules, e.g.
boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ];
If the module is required early during the boot (e.g. to mount the
root file system), you can use
boot.initrd.extraKernelModules:
boot.initrd.extraKernelModules = [ "cifs" ];
This causes the specified modules and their dependencies to be added to the initial ramdark.
Kernel runtime parameters can be set through
boot.kernel.sysctl, e.g.
boot.kernel.sysctl."net.ipv4.tcp_keepalive_time" = 120;
sets the kernel’s TCP keepalive time to 120 seconds. To see the available parameters, run sysctl -a.
[1] If you’re wondering how it’s possible that the (indirect) result of a function is passed as an input to that same function: that’s because Nix is a “lazy” language — it only computes values when they are needed. This works as long as no individual configuration value depends on itself.
This chapter describes various aspects of managing a running NixOS system, such as how to use the systemd service manager.
In NixOS, all system services are started and monitored using
the systemd program. Systemd is the “init” process of the system
(i.e. PID 1), the parent of all other processes. It manages a set of
so-called “units”, which can be things like system services
(programs), but also mount points, swap files, devices, targets
(groups of units) and more. Units can have complex dependencies; for
instance, one unit can require that another unit must be successfully
started before the first unit can be started. When the system boots,
it starts a unit named default.target; the
dependencies of this unit cause all system services to be started,
file systems to be mounted, swap files to be activated, and so
on.
The command systemctl is the main way to interact with systemd. Without any arguments, it shows the status of active units:
$ systemctl
-.mount loaded active mounted /
swapfile.swap loaded active active /swapfile
sshd.service loaded active running SSH Daemon
graphical.target loaded active active Graphical Interface
...
You can ask for detailed status information about a unit, for instance, the PostgreSQL database service:
$ systemctl status postgresql.service
postgresql.service - PostgreSQL Server
Loaded: loaded (/nix/store/pn3q73mvh75gsrl8w7fdlfk3fq5qm5mw-unit/postgresql.service)
Active: active (running) since Mon, 2013-01-07 15:55:57 CET; 9h ago
Main PID: 2390 (postgres)
CGroup: name=systemd:/system/postgresql.service
├─2390 postgres
├─2418 postgres: writer process
├─2419 postgres: wal writer process
├─2420 postgres: autovacuum launcher process
├─2421 postgres: stats collector process
└─2498 postgres: zabbix zabbix [local] idle
Jan 07 15:55:55 hagbard postgres[2394]: [1-1] LOG: database system was shut down at 2013-01-07 15:55:05 CET
Jan 07 15:55:57 hagbard postgres[2390]: [1-1] LOG: database system is ready to accept connections
Jan 07 15:55:57 hagbard postgres[2420]: [1-1] LOG: autovacuum launcher started
Jan 07 15:55:57 hagbard systemd[1]: Started PostgreSQL Server.
Note that this shows the status of the unit (active and running), all the processes belonging to the service, as well as the most recent log messages from the service.
Units can be stopped, started or restarted:
$ systemctl stop postgresql.service $ systemctl start postgresql.service $ systemctl restart postgresql.service
These operations are synchronous: they wait until the service has finished starting or stopping (or has failed). Starting a unit will cause the dependencies of that unit to be started as well (if necessary).
The system can be shut down (and automatically powered off) by doing:
$ shutdown
This is equivalent to running systemctl poweroff.
To reboot the system, run
$ reboot
which is equivalent to systemctl reboot.
Alternatively, you can quickly reboot the system using
kexec, which bypasses the BIOS by directly loading
the new kernel into memory:
$ systemctl kexec
The machine can be suspended to RAM (if supported) using systemctl suspend, and suspended to disk using systemctl hibernate.
These commands can be run by any user who is logged in locally, i.e. on a virtual console or in X11; otherwise, the user is asked for authentication.
Systemd keeps track of all users who are logged into the system (e.g. on a virtual console or remotely via SSH). The command loginctl allows querying and manipulating user sessions. For instance, to list all user sessions:
$ loginctl
SESSION UID USER SEAT
c1 500 eelco seat0
c3 0 root seat0
c4 500 alice
This shows that two users are logged in locally, while another is logged in remotely. (“Seats” are essentially the combinations of displays and input devices attached to the system; usually, there is only one seat.) To get information about a session:
$ loginctl session-status c3
c3 - root (0)
Since: Tue, 2013-01-08 01:17:56 CET; 4min 42s ago
Leader: 2536 (login)
Seat: seat0; vc3
TTY: /dev/tty3
Service: login; type tty; class user
State: online
CGroup: name=systemd:/user/root/c3
├─ 2536 /nix/store/10mn4xip9n7y9bxqwnsx7xwx2v2g34xn-shadow-4.1.5.1/bin/login --
├─10339 -bash
└─10355 w3m nixos.org
This shows that the user is logged in on virtual console 3. It also lists the processes belonging to this session. Since systemd keeps track of this, you can terminate a session in a way that ensures that all the session’s processes are gone:
$ loginctl terminate-session c3
To keep track of the processes in a running system, systemd uses control groups (cgroups). A control group is a set of processes used to allocate resources such as CPU, memory or I/O bandwidth. There can be multiple control group hierarchies, allowing each kind of resource to be managed independently.
The command systemd-cgls lists all control
groups in the systemd hierarchy, which is what
systemd uses to keep track of the processes belonging to each service
or user session:
$ systemd-cgls ├─user │ └─eelco │ └─c1 │ ├─ 2567 -:0 │ ├─ 2682 kdeinit4: kdeinit4 Running... │ ├─...│ └─10851 sh -c less -R └─system ├─httpd.service │ ├─2444 httpd -f /nix/store/3pyacby5cpr55a03qwbnndizpciwq161-httpd.conf -DNO_DETACH │ └─...├─dhcpcd.service │ └─2376 dhcpcd --config /nix/store/f8dif8dsi2yaa70n03xir8r653776ka6-dhcpcd.conf └─...
Similarly, systemd-cgls cpu shows the cgroups in
the CPU hierarchy, which allows per-cgroup CPU scheduling priorities.
By default, every systemd service gets its own CPU cgroup, while all
user sessions are in the top-level CPU cgroup. This ensures, for
instance, that a thousand run-away processes in the
httpd.service cgroup cannot starve the CPU for one
process in the postgresql.service cgroup. (By
contrast, it they were in the same cgroup, then the PostgreSQL process
would get 1/1001 of the cgroup’s CPU time.) You can limit a service’s
CPU share in configuration.nix:
systemd.services.httpd.serviceConfig.CPUShares = 512;
By default, every cgroup has 1024 CPU shares, so this will halve the
CPU allocation of the httpd.service cgroup.
There also is a memory hierarchy that
controls memory allocation limits; by default, all processes are in
the top-level cgroup, so any service or session can exhaust all
available memory. Per-cgroup memory limits can be specified in
configuration.nix; for instance, to limit
httpd.service to 512 MiB of RAM (excluding swap)
and 640 MiB of RAM (including swap):
systemd.services.httpd.serviceConfig.MemoryLimit = "512M"; systemd.services.httpd.serviceConfig.ControlGroupAttribute = [ "memory.memsw.limit_in_bytes 640M" ];
The command systemd-cgtop shows a continuously updated list of all cgroups with their CPU and memory usage.
System-wide logging is provided by systemd’s
journal, which subsumes traditional logging
daemons such as syslogd and klogd. Log entries are kept in binary
files in /var/log/journal/. The command
journalctl allows you to see the contents of the
journal. For example,
$ journalctl -b
shows all journal entries since the last reboot. (The output of journalctl is piped into less by default.) You can use various options and match operators to restrict output to messages of interest. For instance, to get all messages from PostgreSQL:
$ journalctl -u postgresql.service -- Logs begin at Mon, 2013-01-07 13:28:01 CET, end at Tue, 2013-01-08 01:09:57 CET. -- ... Jan 07 15:44:14 hagbard postgres[2681]: [2-1] LOG: database system is shut down -- Reboot -- Jan 07 15:45:10 hagbard postgres[2532]: [1-1] LOG: database system was shut down at 2013-01-07 15:44:14 CET Jan 07 15:45:13 hagbard postgres[2500]: [1-1] LOG: database system is ready to accept connections
Or to get all messages since the last reboot that have at least a “critical” severity level:
$ journalctl -b -p crit Dec 17 21:08:06 mandark sudo[3673]: pam_unix(sudo:auth): auth could not identify password for [alice] Dec 29 01:30:22 mandark kernel[6131]: [1053513.909444] CPU6: Core temperature above threshold, cpu clock throttled (total events = 1)
The system journal is readable by root and by users in the
wheel and systemd-journal
groups. All users have a private journal that can be read using
journalctl.
Nix has a purely functional model, meaning that packages are
never upgraded in place. Instead new versions of packages end up in a
different location in the Nix store (/nix/store).
You should periodically run Nix’s garbage
collector to remove old, unreferenced packages. This is
easy:
$ nix-collect-garbage
Alternatively, you can use a systemd unit that does the same in the background:
$ systemctl start nix-gc.service
You can tell NixOS in configuration.nix to run
this unit automatically at certain points in time, for instance, every
night at 03:15:
nix.gc.automatic = true; nix.gc.dates = "03:15";
The commands above do not remove garbage collector roots, such as old system configurations. Thus they do not remove the ability to roll back to previous configurations. The following command deletes old roots, removing the ability to roll back to them:
$ nix-collect-garbage -d
You can also do this for specific profiles, e.g.
$ nix-env -p /nix/var/nix/profiles/per-user/eelco/profile --delete-generations old
Note that NixOS system configurations are stored in the profile
/nix/var/nix/profiles/system.
Another way to reclaim disk space (often as much as 40% of the size of the Nix store) is to run Nix’s store optimiser, which seeks out identical files in the store and replaces them with hard links to a single copy.
$ nix-store --optimise
Since this command needs to read the entire Nix store, it can take quite a while to finish.
If NixOS fails to boot, there are a number of kernel command
line parameters that may help you to identify or fix the issue. You
can add these parameters in the GRUB boot menu by pressing “e” to
modify the selected boot entry and editing the line starting with
linux. The following are some useful kernel command
line parameters that are recognised by the NixOS boot scripts or by
systemd:
boot.shell_on_failStart a root shell if something goes wrong in stage 1 of the boot process (the initial ramdisk). This is disabled by default because there is no authentication for the root shell.
boot.debug1Start an interactive shell in stage 1 before
anything useful has been done. That is, no modules have been
loaded and no file systems have been mounted, except for
/proc and
/sys.
boot.tracePrint every shell command executed by the stage 1 and 2 boot scripts.
singleBoot into rescue mode (a.k.a. single user mode).
This will cause systemd to start nothing but the unit
rescue.target, which runs
sulogin to prompt for the root password and
start a root login shell. Exiting the shell causes the system to
continue with the normal boot process.
systemd.log_level=debug systemd.log_target=consoleMake systemd very verbose and send log messages to the console instead of the journal.
For more parameters recognised by systemd, see systemd(1).
If no login prompts or X11 login screens appear (e.g. due to hanging dependencies), you can press Alt+ArrowUp. If you’re lucky, this will start rescue mode (described above). (Also note that since most units have a 90-second timeout before systemd gives up on them, the agetty login prompts should appear eventually unless something is very wrong.)
You can enter rescue mode by running:
$ systemctl rescue
This will eventually give you a single-user root shell. Systemd will stop (almost) all system services. To get out of maintenance mode, just exit from the rescue shell.
After running nixos-rebuild to switch to a new configuration, you may find that the new configuration doesn’t work very well. In that case, there are several ways to return to a previous configuration.
First, the GRUB boot manager allows you to boot into any previous configuration that hasn’t been garbage-collected. These configurations can be found under the GRUB submenu “NixOS - All configurations”. This is especially useful if the new configuration fails to boot. After the system has booted, you can make the selected configuration the default for subsequent boots:
$ /run/current-system/bin/switch-to-configuration boot
Second, you can switch to the previous configuration in a running system:
$ nixos-rebuild switch --rollback
This is equivalent to running:
$ /nix/var/nix/profiles/system-N-link/bin/switch-to-configuration switch
where N is the number of the NixOS system
configuration. To get a list of the available configurations, do:
$ ls -l /nix/var/nix/profiles/system-*-link
...
lrwxrwxrwx 1 root root 78 Aug 12 13:54 /nix/var/nix/profiles/system-268-link -> /nix/store/202b...-nixos-13.07pre4932_5a676e4-4be1055
After a system crash, it’s possible for files in the Nix store to become corrupted. (For instance, the Ext4 file system has the tendency to replace un-synced files with zero bytes.) NixOS tries hard to prevent this from happening: it performs a sync before switching to a new configuration, and Nix’s database is fully transactional. If corruption still occurs, you may be able to fix it automatically.
If the corruption is in a path in the closure of the NixOS system configuration, you can fix it by doing
$ nixos-rebuild switch --repair
This will cause Nix to check every path in the closure, and if its cryptographic hash differs from the hash recorded in Nix’s database, the path is rebuilt or redownloaded.
You can also scan the entire Nix store for corrupt paths:
$ nix-store --verify --check-contents --repair
Any corrupt paths will be redownloaded if they’re available in a binary cache; otherwise, they cannot be repaired.
Nix uses a so-called binary cache to
optimise building a package from source into downloading it as a
pre-built binary. That is, whenever a command like
nixos-rebuild needs a path in the Nix store, Nix
will try to download that path from the Internet rather than build it
from source. The default binary cache is
http://cache.nixos.org/. If this cache is unreachable, Nix
operations may take a long time due to HTTP connection timeouts. You
can disable the use of the binary cache by adding --option
use-binary-caches false, e.g.
$ nixos-rebuild switch --option use-binary-caches false
If you have an alternative binary cache at your disposal, you can use it instead:
$ nixos-rebuild switch --option binary-caches http://my-cache.example.org/
NixOS allows you to easily run other NixOS instances as containers. Containers are a light-weight approach to virtualisation that runs software in the container at the same speed as in the host system. NixOS containers share the Nix store of the host, making container creation very efficient.
NixOS containers can be created in two ways: imperatively, using
the command nixos-container, and declaratively, by
specifying them in your configuration.nix. The
declarative approach implies that containers get upgraded along with
your host system when you run nixos-rebuild, which
is often not what you want. By contrast, in the imperative approach,
containers are configured and updated independently from the host
system.
We’ll cover imperative container management using
nixos-container first. You create a container with
identifier foo as follows:
$ nixos-container create foo
This creates the container’s root directory in
/var/lib/containers/foo and a small configuration
file in /etc/containers/foo.conf. It also builds
the container’s initial system configuration and stores it in
/nix/var/nix/profiles/per-container/foo/system. You
can modify the initial configuration of the container on the command
line. For instance, to create a container that has
sshd running, with the given public key for
root:
$ nixos-container create foo --config 'services.openssh.enable = true; \ users.extraUsers.root.openssh.authorizedKeys.keys = ["ssh-dss AAAAB3N…"];'
Creating a container does not start it. To start the container, run:
$ nixos-container start foo
This command will return as soon as the container has booted and has
reached multi-user.target. On the host, the
container runs within a systemd unit called
container@.
Thus, if something went wrong, you can get status info using
systemctl:
container-name.service
$ systemctl status container@foo
If the container has started succesfully, you can log in as root using the root-login operation:
$ nixos-container root-login foo [root@foo:~]#
Note that only root on the host can do this (since there is no authentication). You can also get a regular login prompt using the login operation, which is available to all users on the host:
$ nixos-container login foo foo login: alice Password: ***
With nixos-container run, you can execute arbitrary commands in the container:
$ nixos-container run foo -- uname -a Linux foo 3.4.82 #1-NixOS SMP Thu Mar 20 14:44:05 UTC 2014 x86_64 GNU/Linux
There are several ways to change the configuration of the
container. First, on the host, you can edit
/var/lib/container/,
and run
name/etc/nixos/configuration.nix
$ nixos-container update foo
This will build and activate the new configuration. You can also specify a new configuration on the command line:
$ nixos-container update foo --config 'services.httpd.enable = true; \ services.httpd.adminAddr = "foo@example.org";' $ curl http://$(nixos-container show-ip foo)/ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">…
However, note that this will overwrite the container’s
/etc/nixos/configuration.nix.
Alternatively, you can change the configuration from within the container itself by running nixos-rebuild switch inside the container. Note that the container by default does not have a copy of the NixOS channel, so you should run nix-channel --update first.
Containers can be stopped and started using
nixos-container stop and nixos-container
start, respectively, or by using
systemctl on the container’s service unit. To
destroy a container, including its file system, do
$ nixos-container destroy foo
You can also specify containers and their configuration in the
host’s configuration.nix. For example, the
following specifies that there shall be a container named
database running PostgreSQL:
containers.database =
{ config =
{ config, pkgs, ... }:
{ services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql92;
};
};
If you run nixos-rebuild switch, the container will
be built and started. If the container was already running, it will be
updated in place, without rebooting.
By default, declarative containers share the network namespace of the host, meaning that they can listen on (privileged) ports. However, they cannot change the network configuration. You can give a container its own network as follows:
containers.database =
{ privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.11";
};
This gives the container a private virtual Ethernet interface with IP
address 192.168.100.11, which is hooked up to a
virtual Ethernet interface on the host with IP address
192.168.100.10. (See the next section for details
on container networking.)
To disable the container, just remove it from
configuration.nix and run nixos-rebuild
switch. Note that this will not delete the root directory of
the container in /var/lib/containers.
When you create a container using nixos-container
create, it gets it own private IPv4 address in the range
10.233.0.0/16. You can get the container’s IPv4
address as follows:
$ nixos-container show-ip foo 10.233.4.2 $ ping -c1 10.233.4.2 64 bytes from 10.233.4.2: icmp_seq=1 ttl=64 time=0.106 ms
Networking is implemented using a pair of virtual Ethernet
devices. The network interface in the container is called
eth0, while the matching interface in the host is
called c-
(e.g., container-namec-foo). The container has its own network
namespace and the CAP_NET_ADMIN capability, so it
can perform arbitrary network configuration such as setting up
firewall rules, without affecting or having access to the host’s
network.
By default, containers cannot talk to the outside network. If you want that, you should set up Network Address Translation (NAT) rules on the host to rewrite container traffic to use your external IP address. This can be accomplished using the following configuration on the host:
networking.nat.enable = true; networking.nat.internalInterfaces = ["c-+"]; networking.nat.externalInterface = "eth0";
where eth0 should be replaced with the desired
external interface. Note that c-+ is a wildcard
that matches all container interfaces.
This chapter describes how you can modify and extend NixOS.
By default, NixOS’s nixos-rebuild command
uses the NixOS and Nixpkgs sources provided by the
nixos-unstable channel (kept in
/nix/var/nix/profiles/per-user/root/channels/nixos).
To modify NixOS, however, you should check out the latest sources from
Git. This is done using the following command:
$ nixos-checkout /my/sources
or
$ mkdir -p/my/sources$ cd/my/sources$ nix-env -i git $ git clone git://github.com/NixOS/nixpkgs.git
This will check out the latest NixOS sources to
/my/sources/nixpkgs/nixos/my/sources/nixpkgs
It’s often inconvenient to develop directly on the master branch, since if somebody has just committed (say) a change to GCC, then the binary cache may not have caught up yet and you’ll have to rebuild everything from source. So you may want to create a local branch based on your current NixOS version:
$ nixos-version 14.04.273.ea1952b (Baboon) $ git checkout -b local ea1952b
Or, to base your local branch on the latest version available in the NixOS channel:
$ curl -sI http://nixos.org/channels/nixos-unstable/ | grep Location Location: http://releases.nixos.org/nixos/unstable/nixos-14.10pre43986.acaf4a6/ $ git checkout -b local acaf4a6
You can then use git rebase to sync your local branch with the upstream branch, and use git cherry-pick to copy commits from your local branch to the upstream branch.
If you want to rebuild your system using your (modified)
sources, you need to tell nixos-rebuild about them
using the -I flag:
$ nixos-rebuild switch -I nixpkgs=/my/sources/nixpkgs
If you want nix-env to use the expressions in
/my/sources, use nix-env -f
/my/sources/nixpkgs, or change
the default by adding a symlink in
~/.nix-defexpr:
$ ln -s /my/sources/nixpkgs ~/.nix-defexpr/nixpkgs
You may want to delete the symlink
~/.nix-defexpr/channels_root to prevent root’s
NixOS channel from clashing with your own tree.
NixOS has a modular system for declarative configuration. This
system combines multiple modules to produce the
full system configuration. One of the modules that constitute the
configuration is /etc/nixos/configuration.nix.
Most of the others live in the nixos/modules
subdirectory of the Nixpkgs tree.
Each NixOS module is a file that handles one logical aspect of
the configuration, such as a specific kind of hardware, a service, or
network settings. A module configuration does not have to handle
everything from scratch; it can use the functionality provided by
other modules for its implementation. Thus a module can
declare options that can be used by other
modules, and conversely can define options
provided by other modules in its own implementation. For example, the
module pam.nix
declares the option security.pam.services that allows
other modules (e.g. sshd.nix)
to define PAM services; and it defines the option
environment.etc (declared by etc.nix)
to cause files to be created in
/etc/pam.d.
In Section 2.1, “Configuration syntax”, we saw the following structure of NixOS modules:
{ config, pkgs, ... }:
{ option definitions
}
This is actually an abbreviated form of module that only defines options, but does not declare any. The structure of full NixOS modules is shown in Example 6.1, “Structure of NixOS modules”.
The meaning of each part is as follows.
| This line makes the current Nix expression a function. The
variable |
| This list enumerates the paths to other NixOS modules that
should be included in the evaluation of the system configuration.
A default set of modules is defined in the file
|
| The attribute |
| The attribute |
Example 6.2, “NixOS module for the “locate” service” shows a module that handles
the regular update of the “locate” database, an index of all files in
the file system. This module declares two options that can be defined
by other modules (typically the user’s
configuration.nix):
services.locate.enable (whether the database should
be updated) and services.locate.period (when the
update should be done). It implements its functionality by defining
two options declared by other modules:
systemd.services (the set of all systemd services)
and services.cron.systemCronJobs (the list of
commands to be executed periodically by cron).
Example 6.2. NixOS module for the “locate” service
{ config, lib, pkgs, ... }:
with lib;
let locatedb = "/var/cache/locatedb"; in
{
options = {
services.locate = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
If enabled, NixOS will periodically update the database of
files used by the locate command.
'';
};
period = mkOption {
type = types.str;
default = "15 02 * * *";
description = ''
This option defines (in the format used by cron) when the
locate database is updated. The default is to update at
02:15 at night every day.
'';
};
};
};
config = {
systemd.services.update-locatedb =
{ description = "Update Locate Database";
path = [ pkgs.su ];
script =
''
mkdir -m 0755 -p $(dirname ${locatedb})
exec updatedb --localuser=nobody --output=${locatedb} --prunepaths='/tmp /var/tmp /media /run'
'';
};
services.cron.systemCronJobs = optional config.services.locate.enable
"${config.services.locate.period} root ${config.systemd.package}/bin/systemctl start update-locatedb.service";
};
}An option declaration specifies the name, type and description of a NixOS configuration option. It is illegal to define an option that hasn’t been declared in any module. A option declaration generally looks like this:
options = {
name = mkOption {
type = type specification;
default = default value;
example = example value;
description = "Description for use in the NixOS manual.";
};
};
The function mkOption accepts the following arguments.
typeThe type of the option (see below). It may be omitted, but that’s not advisable since it may lead to errors that are hard to diagnose.
defaultThe default value used if no value is defined by any module. A default is not required; in that case, if the option value is ever used, an error will be thrown.
exampleAn example value that will be shown in the NixOS manual.
descriptionA textual description of the option, in DocBook format, that will be included in the NixOS manual.
Here is a non-exhaustive list of option types:
types.boolA Boolean.
types.intAn integer.
types.strA string.
types.linesA string. If there are multiple definitions, they are concatenated, with newline characters in between.
types.pathA path, defined as anything that, when coerced to a string, starts with a slash. This includes derivations.
types.listOf tA list of elements of type t
(e.g., types.listOf types.str is a list of
strings). Multiple definitions are concatenated together.
types.attrsOf tA set of elements of type t
(e.g., types.attrsOf types.int is a set of
name/value pairs, the values being integers).
types.nullOr tEither the value null or something of
type t.
You can also create new types using the function
mkOptionType. See
lib/types.nix in Nixpkgs for details.
Option definitions are generally straight-forward bindings of values to option names, like
config = {
services.httpd.enable = true;
};
However, sometimes you need to wrap an option definition or set of option definitions in a property to achieve certain effects:
If a set of option definitions is conditional on the value of
another option, you may need to use mkIf.
Consider, for instance:
config = if config.services.httpd.enable then {
environment.systemPackages = [ ... ];
...
} else {};
This definition will cause Nix to fail with an “infinite recursion”
error. Why? Because the value of
config.services.httpd.enable depends on the value
being constructed here. After all, you could also write the clearly
circular and contradictory:
config = if config.services.httpd.enable then {
services.httpd.enable = false;
} else {
services.httpd.enable = true;
};
The solution is to write:
config = mkIf config.services.httpd.enable {
environment.systemPackages = [ ... ];
...
};
The special function mkIf causes the evaluation of
the conditional to be “pushed down” into the individual definitions,
as if you had written:
config = {
environment.systemPackages = if config.services.httpd.enable then [ ... ] else [];
...
};
A module can override the definitions of an option in other
modules by setting a priority. All option
definitions that do not have the lowest priority value are discarded.
By default, option definitions have priority 1000. You can specify an
explicit priority by using mkOverride, e.g.
services.openssh.enable = mkOverride 10 false;
This definition causes all other definitions with priorities above 10
to be discarded. The function mkForce is
equal to mkOverride 50.
In conjunction with mkIf, it is sometimes
useful for a module to return multiple sets of option definitions, to
be merged together as if they were declared in separate modules. This
can be done using mkMerge:
config = mkMerge
[ # Unconditional stuff.
{ environment.systemPackages = [ ... ];
}
# Conditional stuff.
(mkIf config.services.bla.enable {
environment.systemPackages = [ ... ];
})
];
NixOS has many options, but some are of particular importance to module writers.
environment.etcThis set defines files in /etc. A
typical use is:
environment.etc."os-release".text =
''
NAME=NixOS
...
'';
which causes a file named /etc/os-release
to be created with the given contents.
system.activationScriptsA set of shell script fragments that must be executed whenever the configuration is activated (i.e., at boot time, or after running nixos-rebuild switch). For instance,
system.activationScripts.media =
''
mkdir -m 0755 -p /media
'';
causes the directory /media to be created.
Activation scripts must be idempotent. They should not start
background processes such as daemons; use
systemd.services for that.
systemd.servicesThis is the set of systemd services. Example:
systemd.services.dhcpcd =
{ description = "DHCP Client";
wantedBy = [ "multi-user.target" ];
after = [ "systemd-udev-settle.service" ];
path = [ dhcpcd pkgs.nettools pkgs.openresolv ];
serviceConfig =
{ Type = "forking";
PIDFile = "/run/dhcpcd.pid";
ExecStart = "${dhcpcd}/sbin/dhcpcd --config ${dhcpcdConf}";
Restart = "always";
};
};
which creates the systemd unit
dhcpcd.service. The option
wantedBy determined which other units pull this
one in; multi-user.target is the default
target of the system, so dhcpcd.service will
always be started. The option
serviceConfig.ExecStart provides the main
command for the service; it’s also possible to provide pre-start
actions, stop scripts, and so on.
users.extraUsers, users.extraGroupsIf your service requires special UIDs or GIDs, you can define them with these options. See Section 2.3, “User management” for details.
With the command nix-build, you can build specific parts of your NixOS configuration. This is done as follows:
$ cd/path/to/nixpkgs/nixos$ nix-build -A config.option
where option is a NixOS option with type
“derivation” (i.e. something that can be built). Attributes of
interest include:
system.build.toplevelThe top-level option that builds the entire NixOS system.
Everything else in your configuration is indirectly pulled in by
this option. This is what nixos-rebuild
builds and what /run/current-system points
to afterwards.
A shortcut to build this is:
$ nix-build -A system
system.build.manual.manualThe NixOS manual.
system.build.etcA tree of symlinks that form the static parts of
/etc.
system.build.initialRamdisk, system.build.kernelThe initial ramdisk and kernel of the system. This allows
a quick way to test whether the kernel and the initial ramdisk
boot correctly, by using QEMU’s -kernel and
-initrd options:
$ nix-build -A config.system.build.initialRamdisk -o initrd $ nix-build -A config.system.build.kernel -o kernel $ qemu-system-x86_64 -kernel ./kernel/bzImage -initrd ./initrd/initrd -hda /dev/null
system.build.nixos-rebuild, system.build.nixos-install, system.build.nixos-generate-configThese build the corresponding NixOS commands.
systemd.units.unit-name.unitThis builds the unit with the specified name. Note that
since unit names contain dots
(e.g. httpd.service), you need to put them
between quotes, like this:
$ nix-build -A 'config.systemd.units."httpd.service".unit'
You can also test individual units, without rebuilding the whole
system, by putting them in
/run/systemd/system:
$ cp $(nix-build -A 'config.systemd.units."httpd.service".unit')/httpd.service \
/run/systemd/system/tmp-httpd.service
$ systemctl daemon-reload
$ systemctl start tmp-httpd.service
Note that the unit must not have the same name as any unit in
/etc/systemd/system since those take
precedence over /run/systemd/system.
That’s why the unit is installed as
tmp-httpd.service here.
Building a NixOS CD is as easy as configuring your own computer. The
idea is to use another module which will replace
your configuration.nix to configure the system that
would be installed on the CD.
Default CD/DVD configurations are available
inside nixos/modules/installer/cd-dvd. To build them
you have to set NIXOS_CONFIG before
running nix-build to build the ISO.
$ nix-build -A config.system.build.isoImage -I nixos-config=modules/installer/cd-dvd/installation-cd-minimal.nix
Before burning your CD/DVD, you can check the content of the image by mounting anywhere like suggested by the following command:
$ mount -o loop -t iso9660 ./result/iso/cd.iso /mnt/iso
Building, burning, and booting from an installation CD is rather tedious, so here is a quick way to see if the installer works properly:
$ nix-build -A config.system.build.nixos-install $ dd if=/dev/zero of=diskimage seek=2G count=0 bs=1 $ yes | mke2fs -j diskimage $ mount -o loop diskimage /mnt $ ./result/bin/nixos-install
When you add some feature to NixOS, you should write a test for
it. NixOS tests are kept in the directory nixos/tests,
and are executed (using Nix) by a testing framework that automatically
starts one or more virtual machines containing the NixOS system(s)
required for the test.
A NixOS test is a Nix expression that has the following structure:
import ./make-test.nix {
# Either the configuration of a single machine:
machine =
{ config, pkgs, ... }:
{ configuration…
};
# Or a set of machines:
nodes =
{ machine1 =
{ config, pkgs, ... }: { … };
machine2 =
{ config, pkgs, ... }: { … };
…
};
testScript =
''
Perl code…
'';
}
The attribute testScript is a bit of Perl code that
executes the test (described below). During the test, it will start
one or more virtual machines, the configuration of which is described
by the attribute machine (if you need only one
machine in your test) or by the attribute nodes (if
you need multiple machines). For instance, login.nix
only needs a single machine to test whether users can log in on the
virtual console, whether device ownership is correctly maintained when
switching between consoles, and so on. On the other hand, nfs.nix,
which tests NFS client and server functionality in the Linux kernel
(including whether locks are maintained across server crashes),
requires three machines: a server and two clients.
There are a few special NixOS configuration options for test VMs:
virtualisation.memorySizeThe memory of the VM in megabytes.
virtualisation.vlansThe virtual networks to which the VM is
connected. See nat.nix
for an example.
virtualisation.writableStoreBy default, the Nix store in the VM is not writable. If you enable this option, a writable union file system is mounted on top of the Nix store to make it appear writable. This is necessary for tests that run Nix operations that modify the store.
For more options, see the module qemu-vm.nix.
The test script is a sequence of Perl statements that perform
various actions, such as starting VMs, executing commands in the VMs,
and so on. Each virtual machine is represented as an object stored in
the variable $,
where namename is the identifier of the machine
(which is just machine if you didn’t specify
multiple machines using the nodes attribute). For
instance, the following starts the machine, waits until it has
finished booting, then executes a command and checks that the output
is more-or-less correct:
$machine->start;
$machine->waitForUnit("default.target");
$machine->succeed("uname") =~ /Linux/;
The first line is actually unnecessary; machines are implicitly
started when you first execute an action on them (such as
waitForUnit or succeed). If you
have multiple machines, you can speed up the test by starting them in
parallel:
startAll;
The following methods are available on machine objects:
startStart the virtual machine. This method is asynchronous — it does not wait for the machine to finish booting.
shutdownShut down the machine, waiting for the VM to exit.
crashSimulate a sudden power failure, by telling the VM to exit immediately.
blockSimulate unplugging the Ethernet cable that connects the machine to the other machines.
unblockUndo the effect of
block.
screenshotTake a picture of the display of the virtual machine, in PNG format. The screenshot is linked from the HTML log.
sendMonitorCommandSend a command to the QEMU monitor. This is rarely used, but allows doing stuff such as attaching virtual USB disks to a running machine.
sendKeysSimulate pressing keys on the virtual keyboard,
e.g., sendKeys("ctrl-alt-delete").
sendCharsSimulate typing a sequence of characters on the
virtual keyboard, e.g., sendKeys("foobar\n")
will type the string foobar followed by the
Enter key.
executeExecute a shell command, returning a list
(.status,
stdout)
succeedExecute a shell command, raising an exception if the exit status is not zero, otherwise returning the standard output.
failLike succeed, but raising
an exception if the command returns a zero status.
waitUntilSucceedsRepeat a shell command with 1-second intervals until it succeeds.
waitUntilFailsRepeat a shell command with 1-second intervals until it fails.
waitForUnitWait until the specified systemd unit has reached the “active” state.
waitForFileWait until the specified file exists.
waitForOpenPortWait until a process is listening on the given TCP
port (on localhost, at least).
waitForClosedPortWait until nobody is listening on the given TCP port.
waitForXWait until the X11 server is accepting connections.
waitForWindowWait until an X11 window has appeared whose name
matches the given regular expression, e.g.,
waitForWindow(qr/Terminal/).
You can run tests using nix-build. For
example, to run the test login.nix,
you just do:
$ nix-build '<nixpkgs/nixos/tests/login.nix>'
or, if you don’t want to rely on NIX_PATH:
$ cd /my/nixpkgs/nixos/tests $ nix-build login.nix … running the VM test script machine: QEMU running (pid 8841) … 6 out of 6 tests succeeded
After building/downloading all required dependencies, this will perform a build that starts a QEMU/KVM virtual machine containing a NixOS system. The virtual machine mounts the Nix store of the host; this makes VM creation very fast, as no disk image needs to be created. Afterwards, you can view a pretty-printed log of the test:
$ firefox result/log.html
It is also possible to run the test environment interactively, allowing you to experiment with the VMs. For example:
$ nix-build login.nix -A driver $ ./result/bin/nixos-run-vms
The script nixos-run-vms starts the virtual
machines defined by test. The root file system of the VMs is created
on the fly and kept across VM restarts in
./hostname.qcow2.
Finally, the test itself can be run interactively. This is particularly useful when developing or debugging a test:
$ nix-build tests/ -A nfs.driver $ ./result/bin/nixos-test-driver starting VDE switch for network 1 >
You can then take any Perl statement, e.g.
> startAll
> $machine->succeed("touch /tmp/foo")
The function testScript executes the entire test script and drops you back into the test driver command line upon its completion. This allows you to inspect the state of the VMs after the test (e.g. to debug the test script).
This is the second stable release branch of NixOS. In addition to numerous new and upgraded packages and modules, this release has the following highlights:
Installation on UEFI systems is now supported. See Section 1.2.1, “UEFI Installation” for details.
Systemd has been updated to version 212, which has
numerous
improvements. NixOS now automatically starts systemd user
instances when you log in. You can define global user units through
the systemd.unit.* options.
NixOS is now based on Glibc 2.19 and GCC 4.8.
The default Linux kernel has been updated to 3.12.
KDE has been updated to 4.12.
GNOME 3.10 experimental support has been added.
Nix has been updated to 1.7 (details).
NixOS now supports fully declarative management of
users and groups. If you set users.mutableUsers to
false, then the contents of
/etc/passwd and /etc/group
will be congruent
to your NixOS configuration. For instance, if you remove a user from
users.extraUsers and run
nixos-rebuild, the user account will cease to
exist. Also, imperative commands for managing users and groups, such
as useradd, are no longer available. If
users.mutableUsers is true (the
default), then behaviour is unchanged from NixOS
13.10.
NixOS now has basic container support, meaning you can easily run a NixOS instance as a container in a NixOS host system. These containers are suitable for testing and experimentation but not production use, since they’re not fully isolated from the host. See Chapter 5, Containers for details.
Systemd units provided by packages can now be
overridden from the NixOS configuration. For instance, if a package
foo provides systemd units, you can say:
systemd.packages = [ pkgs.foo ];
to enable those units. You can then set or override unit options in the usual way, e.g.
systemd.services.foo.wantedBy = [ "multi-user.target" ]; systemd.services.foo.serviceConfig.MemoryLimit = "512M";
When upgrading from a previous release, please be aware of the following incompatible changes:
Nixpkgs no longer exposes unfree packages by default. If your NixOS configuration requires unfree packages from Nixpkgs, you need to enable support for them explicitly by setting:
nixpkgs.config.allowUnfree = true;
Otherwise, you get an error message such as:
error: package ‘nvidia-x11-331.49-3.12.17’ in ‘…/nvidia-x11/default.nix:56’ has an unfree license, refusing to evaluate
The Adobe Flash player is no longer enabled by default in the Firefox and Chromium wrappers. To enable it, you must set:
nixpkgs.config.allowUnfree = true; nixpkgs.config.firefox.enableAdobeFlash = true; # for Firefox nixpkgs.config.chromium.enableAdobeFlash = true; # for Chromium
The firewall is now enabled by default. If you don’t want this, you need to disable it explicitly:
networking.firewall.enable = false;
The option
boot.loader.grub.memtest86 has been renamed to
boot.loader.grub.memtest86.enable.
The mysql55 service has been
merged into the mysql service, which no longer
sets a default for the option
services.mysql.package.
Package variants are now differentiated by suffixing
the name, rather than the version. For instance,
sqlite-3.8.4.3-interactive is now called
sqlite-interactive-3.8.4.3. This ensures that
nix-env -i sqlite is unambiguous, and that
nix-env -u won’t “upgrade”
sqlite to sqlite-interactive
or vice versa. Notably, this change affects the Firefox wrapper
(which provides plugins), as it is now called
firefox-wrapper. So when using
nix-env, you should do nix-env -e
firefox; nix-env -i firefox-wrapper if you want to keep
using the wrapper. This change does not affect declarative package
management, since attribute names like
pkgs.firefoxWrapper were already
unambiguous.
The symlink /etc/ca-bundle.crt
is gone. Programs should instead use the environment variable
OPENSSL_X509_CERT_FILE (which points to
/etc/ssl/certs/ca-bundle.crt).
This is the first stable release branch of NixOS.
boot.blacklistedKernelModulesList of names of kernel modules that should not be loaded automatically by the hardware probing code.
Default:
[
]
Example:
[
"cirrusfb" "i2c_piix4"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/modprobe.nix>
|
boot.cleanTmpDirWhether to delete all files in /tmp during boot.
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-2.nix>
|
boot.consoleLogLevelThe kernel console log level. Only log messages with a priority numerically less than this will appear on the console.
Default:
4
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.crashDump.enableIf enabled, NixOS will set up a kernel that will boot on crash, and leave the user to a stage1 debug1devices interactive shell to be able to save the crashed kernel dump. It also activates the NMI watchdog.
Default:
false
Declared by:
<nixpkgs/nixos/modules/misc/crashdump.nix>
|
boot.crashDump.kernelPackagesThis will override the boot.kernelPackages, and will add some kernel configuration parameters for the crash dump to work.
Default:
"pkgs.linuxPackages"
Example:
"pkgs.linuxPackages_2_6_25"
Declared by:
<nixpkgs/nixos/modules/misc/crashdump.nix>
|
boot.crashDump.kernelParamsParameters that will be passed to the kernel kexec-ed on crash.
Default:
[
"debug1devices"
]
Declared by:
<nixpkgs/nixos/modules/misc/crashdump.nix>
|
boot.devShmSizeSize limit for the /dev/shm tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.
Default:
"50%"
Example:
"256m"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-2.nix>
|
boot.devSizeSize limit for the /dev tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.
Default:
"5%"
Example:
"32m"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-2.nix>
|
boot.extraModprobeConfigAny additional configuration to be appended to the generated
modprobe.conf. This is typically used to
specify module options. See
modprobe.conf(5) for details.
Default:
""
Example:
'' options parport_pc io=0x378 irq=7 dma=1 ''
Declared by:
<nixpkgs/nixos/modules/system/boot/modprobe.nix>
|
boot.extraModulePackagesA list of additional packages supplying kernel modules.
Default:
[
]
Example:
[ pkgs.linuxPackages.nvidia_x11 ]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.extraTTYsTty (virtual console) devices, in addition to the consoles on
which mingetty and syslogd run, that must be initialised.
Only useful if you have some program that you want to run on
some fixed console. For example, the NixOS installation CD
opens the manual in a web browser on console 7, so it sets
boot.extraTTYs to ["tty7"].
Default:
[
]
Example:
[
"tty8" "tty9"
]
Declared by:
<nixpkgs/nixos/modules/tasks/kbd.nix>
|
boot.hardwareScanWhether to try to load kernel modules for all detected hardware. Usually this does a good job of providing you with the modules you need, but sometimes it can crash the system or cause other nasty effects.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
boot.initrd.availableKernelModulesThe set of kernel modules in the initial ramdisk used during the
boot process. This set must include all modules necessary for
mounting the root device. That is, it should include modules
for the physical device (e.g., SCSI drivers) and for the file
system (e.g., ext3). The set specified here is automatically
closed under the module dependency relation, i.e., all
dependencies of the modules list here are included
automatically. The modules listed here are available in the
initrd, but are only loaded on demand (e.g., the ext3 module is
loaded automatically when an ext3 filesystem is mounted, and
modules for PCI devices are loaded when they match the PCI ID
of a device in your system). To force a module to be loaded,
include it in boot.initrd.kernelModules.
Default:
[
]
Example:
[
"sata_nv" "ext3"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.initrd.checkJournalingFSWhether to run fsck on journaling filesystems such as ext3.
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.kernelModulesList of modules that are always loaded by the initrd.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.initrd.luks.cryptoModulesA list of cryptographic kernel modules needed to decrypt the root device(s). The default includes all common modules.
Default:
[
"aes" "aes_generic" "blowfish" "twofish" "serpent" "cbc" "xts" "lrw" "sha1" "sha256" "sha512" "aes_x86_64"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devicesThe list of devices that should be decrypted using LUKS before trying to mount the root partition. This works for both LVM-over-LUKS and LUKS-over-LVM setups. The devices are decrypted to the device mapper names defined. Make sure that initrd has the crypto modules needed for decryption.
Default:
[
]
Example:
[
{
device = "/dev/sda3"; name = "luksroot"; preLVM = true;
}
]
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.*.allowDiscardsWhether to allow TRIM requests to the underlying device. This option has security implications, please read the LUKS documentation before activating in.
Default:
false
boot.initrd.luks.devices.*.devicePath of the underlying block device.
Example:
"/dev/sda2"
boot.initrd.luks.devices.*.keyFileThe name of the file (can be a raw device or a partition) that should be used as the decryption key for the encrypted device. If not specified, you will be prompted for a passphrase instead.
Default:
null
Example:
"/dev/sdb1"
boot.initrd.luks.devices.*.keyFileSizeThe size of the key file. Use this if only the beginning of the
key file should be used as a key (often the case if a raw device
or partition is used as key file). If not specified, the whole
keyFile will be used decryption, instead of just
the first keyFileSize bytes.
Default:
null
Example:
4096
boot.initrd.luks.devices.*.nameNamed to be used for the generated device in /dev/mapper.
Example:
"luksroot"
boot.initrd.luks.devices.*.preLVMWhether the luksOpen will be attempted before LVM scan or after it.
Default:
true
boot.initrd.luks.devices.*.yubikeyThe options to use for this LUKS device in Yubikey-PBA. If null (the default), Yubikey-PBA will be disabled for this device.
Default:
null
boot.initrd.luks.devices.*.yubikey.gracePeriodTime in seconds to wait before attempting to find the Yubikey
Default:
2
boot.initrd.luks.devices.*.yubikey.iterationStepHow much the iteration count for PBKDF2 is increased at each successful authentication
Default:
0
boot.initrd.luks.devices.*.yubikey.keyLengthLength of the LUKS slot key derived with PBKDF2 in byte
Default:
64
boot.initrd.luks.devices.*.yubikey.ramfsMountPointPath where the ramfs used to update the LUKS key will be mounted in stage-1
Default:
"/crypt-ramfs"
boot.initrd.luks.devices.*.yubikey.saltLengthLength of the new salt in byte (64 is the effective maximum)
Default:
16
boot.initrd.luks.devices.*.yubikey.slotWhich slot on the Yubikey to challenge
Default:
2
boot.initrd.luks.devices.*.yubikey.storageOptions related to the storing the salt
boot.initrd.luks.devices.*.yubikey.storage.deviceAn unencrypted device that will temporarily be mounted in stage-1. Must contain the current salt to create the challenge for this LUKS device.
Default:
boot.initrd.luks.devices.*.yubikey.storage.fsTypeThe filesystem of the unencrypted device
Default:
"vfat"
boot.initrd.luks.devices.*.yubikey.storage.mountPointPath where the unencrypted device will be mounted in stage-1
Default:
"/crypt-storage"
boot.initrd.luks.devices.*.yubikey.storage.pathAbsolute path of the salt on the unencrypted device with that device's root directory as "/".
Default:
"/crypt-storage/default"
boot.initrd.luks.devices.*.yubikey.twoFactorWhether to use a passphrase and a Yubikey (true), or only a Yubikey (false)
Default:
true
boot.initrd.luks.mitigateDMAAttacksUnless enabled, encryption keys can be easily recovered by an attacker with physical access to any machine with PCMCIA, ExpressCard, ThunderBolt or FireWire port. More information: http://en.wikipedia.org/wiki/DMA_attack This option blacklists FireWire drivers, but doesn't remove them. You can manually load the drivers if you need to use a FireWire device, but don't forget to unload them!
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.yubikeySupportEnables support for authenticating with a Yubikey on LUKS devices. See the NixOS wiki for information on how to properly setup a LUKS device and a Yubikey to work with this feature.
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.mdadmConfContents of /etc/mdadm.conf in stage 1.
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.postDeviceCommandsShell commands to be executed immediately after stage 1 of the
boot has loaded kernel modules and created device nodes in
/dev.
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.postMountCommandsShell commands to be executed immediately after the stage 1 filesystems have been mounted.
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.preLVMCommandsShell commands to be executed immediately before LVM discovery.
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.supportedFilesystemsNames of supported filesystem types in the initial ramdisk.
Default:
[
]
Example:
[
"btrfs"
]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.isContainerWhether this NixOS machine is a lightweight container running in another NixOS system.
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
boot.kernel.sysctlRuntime parameters of the Linux kernel, as set by
sysctl(8). Note that sysctl
parameters names must be enclosed in quotes
(e.g. "vm.swappiness" instead of
vm.swappiness). The value of each
parameter may be a string, integer, boolean, or null
(signifying the option will not appear at all).
Default:
{
}
Example:
{
net.ipv4.tcp_syncookies = false; vm.swappiness = 60;
}
Declared by:
<nixpkgs/nixos/modules/config/sysctl.nix>
|
boot.kernelModulesThe set of kernel modules to be loaded in the second stage of
the boot process. Note that modules that are needed to
mount the root file system should be added to
boot.initrd.availableKernelModules or
boot.initrd.kernelModules.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.kernelPackagesThis option allows you to override the Linux kernel used by
NixOS. Since things like external kernel module packages are
tied to the kernel you're using, it also overrides those.
This option is a function that takes Nixpkgs as an argument
(as a convenience), and returns an attribute set containing at
the very least an attribute kernel.
Additional attributes may be needed depending on your
configuration. For instance, if you use the NVIDIA X driver,
then it also needs to contain an attribute
nvidia_x11.
Default:
"pkgs.linuxPackages"
Example:
pkgs.linuxPackages_2_6_25
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.kernelParamsParameters added to the kernel command line.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.loader.efi.canTouchEfiVariablesWhether or not the installation process should modify efi boot variables.
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/efi.nix>
|
boot.loader.efi.efiSysMountPointWhere the EFI System Partition is mounted.
Default:
"/boot"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/efi.nix>
|
boot.loader.generationsDir.copyKernelsWhether copy the necessary boot files into /boot, so /nix/store is not needed by the boot loader.
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix>
|
boot.loader.generationsDir.enableWhether to create symlinks to the system generations under
/boot. When enabled,
/boot/default/kernel,
/boot/default/initrd, etc., are updated to
point to the current generation's kernel image, initial RAM
disk, and other bootstrap files.
This optional is not necessary with boot loaders such as GNU GRUB
for which the menu is updated to point to the latest bootstrap
files. However, it is needed for U-Boot on platforms where the
boot command line is stored in flash memory rather than in a
menu file.
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix>
|
boot.loader.grub.configurationLimitMaximum of configurations in boot menu. GRUB has problems when there are too many entries.
Default:
100
Example:
120
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.configurationNameGRUB entry name instead of default.
Default:
""
Example:
"Stable 2.6.21"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.copyKernelsWhether the GRUB menu builder should copy kernels and initial ramdisks to /boot. This is done automatically if /boot is on a different partition than /.
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.defaultIndex of the default menu item to be booted.
Default:
0
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.deviceThe device on which the GRUB boot loader will be installed.
The special value nodev means that a GRUB
boot menu will be generated, but GRUB itself will not
actually be installed. To install GRUB on multiple devices,
use boot.loader.grub.devices.
Default:
""
Example:
"/dev/hda"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.devicesThe devices on which the boot loader, GRUB, will be
installed. Can be used instead of device to
install grub into multiple devices (e.g., if as softraid arrays holding /boot).
Default:
[
]
Example:
[
"/dev/hda"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.enableWhether to enable the GNU GRUB boot loader.
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.explicitBootRootThe relative path of /boot within the parent volume. Leave empty if /boot is not a btrfs subvolume.
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraConfigAdditional GRUB commands inserted in the configuration file just before the menu entries.
Default:
""
Example:
"serial; terminal_output.serial"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraEntriesAny additional entries you want added to the GRUB boot menu.
Default:
""
Example:
''
# GRUB 1 example (not GRUB 2 compatible)
title Windows
chainloader (hd0,1)+1
# GRUB 2 example
menuentry "Windows 7" {
chainloader (hd0,4)+1
}
''Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraEntriesBeforeNixOSWhether extraEntries are included before the default option.
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraFilesA set of files to be copied to /boot.
Each attribute name denotes the destination file name in
/boot, while the corresponding
attribute value specifies the source file.
Default:
{
}
Example:
{ "memtest.bin" = "${pkgs.memtest86plus}/memtest.bin"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraPerEntryConfigAdditional GRUB commands inserted in the configuration file at the start of each NixOS menu entry.
Default:
""
Example:
"root (hd0)"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraPrepareConfigAdditional bash commands to be run at the script that prepares the grub menu entries.
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.memtest86.enableMake Memtest86+, a memory testing program, available from the GRUB boot menu.
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/memtest.nix>
|
boot.loader.grub.memtest86.paramsParameters added to the Memtest86+ command line. As of memtest86+ 5.01 the following list of (apparently undocumented) parameters are accepted:
console=..., set up a serial console.
Examples:
console=ttyS0,
console=ttyS0,9600 or
console=ttyS0,115200n8.
btrace, enable boot trace.
maxcpus=N, limit number of CPUs.
onepass, run one pass and exit if there
are no errors.
tstlist=..., list of tests to run.
Example: 0,1,2.
cpumask=..., set a CPU mask, to select CPUs
to use for testing.
This list of command line options was obtained by reading the Memtest86+ source code.
Default:
[
]
Example:
[
"console=ttyS0,115200"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/memtest.nix>
|
boot.loader.grub.splashImageBackground image used for GRUB. It must be a 640x480,
14-colour image in XPM format, optionally compressed with
gzip or bzip2. Set to
null to run GRUB in text mode.
Example:
./my-background.png
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.timeoutTimeout (in seconds) until GRUB boots the default menu item.
Default:
5
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.versionThe version of GRUB to use: 1 for GRUB
Legacy (versions 0.9x), or 2 (the
default) for GRUB 2.
Default:
2
Example:
1
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.gummiboot.enableWhether to enable the gummiboot UEFI boot manager
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/gummiboot/gummiboot.nix>
|
boot.loader.gummiboot.timeoutTimeout (in seconds) for how long to show the menu (null if none). Note that even with no timeout the menu can be forced if the space key is pressed during bootup
Default:
null
Example:
4
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/gummiboot/gummiboot.nix>
|
boot.loader.initScript.enableSome systems require a /sbin/init script which is started. Or having it makes starting NixOS easier. This applies to some kind of hosting services and user mode linux. Additionally this script will create /boot/init-other-configurations-contents.txt containing contents of remaining configurations. You can copy paste them into /sbin/init manually running a rescue system or such.
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/init-script/init-script.nix>
|
boot.loader.raspberryPi.enableWhether to create files with the system generations in
/boot.
/boot/old will hold files from old generations.
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>
|
boot.postBootCommandsShell commands to be executed just before systemd is started.
Default:
""
Example:
"rm -f /var/log/messages"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-2.nix>
|
boot.resumeDeviceDevice for manual resume attempt during boot, specified using
the device's major and minor number as
major:minor
Default:
null
Example:
"8:2"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.runSizeSize limit for the /run tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.
Default:
"25%"
Example:
"256m"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-2.nix>
|
boot.spl.hostidZFS uses a system's hostid to determine if a storage pool (zpool) is native to this system, and should thus be imported automatically. Unfortunately, this hostid can change under linux from boot to boot (by changing network adapters, for instance). Specify a unique 32 bit hostid in hex here for zfs to prevent getting a random hostid between boots and having to manually import pools.
Default:
""
Example:
"0xdeadbeef"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.supportedFilesystemsNames of supported filesystem types.
Default:
[
]
Example:
[
"btrfs"
]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.vesaWhether to activate VESA video mode on boot.
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.zfs.useGitUse the git version of the SPL and ZFS packages. Note that these are unreleased versions, with less testing, and therefore may be more unstable.
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
containersA set of NixOS system configurations to be run as lightweight
containers. Each container appears as a service
container-
on the host system, allowing it to be started and stopped via
systemctl .
name
Default:
{
}
Example:
{ webserver =
{ path = "/nix/var/nix/profiles/webserver";
};
database =
{ config =
{ config, pkgs, ... }:
{ services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql92;
};
};
}
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.configA specification of the desired configuration of this container, as a NixOS module.
containers.<name>.hostAddressThe IPv4 address assigned to the host interface.
Default:
null
Example:
"10.231.136.1"
containers.<name>.localAddressThe IPv4 address assigned to eth0
in the container.
Default:
null
Example:
"10.231.136.2"
containers.<name>.pathAs an alternative to specifying
config, you can specify the path to
the evaluated NixOS system configuration, typically a
symlink to a system profile.
Example:
"/nix/var/nix/profiles/containers/webserver"
containers.<name>.privateNetworkWhether to give the container its own private virtual
Ethernet interface. The interface is called
eth0, and is hooked up to the interface
c-
on the host. If this option is not set, then the
container shares the network interfaces of the host,
and can bind to any port on any interface.
container-name
Default:
false
environment.binshThe shell executable that is linked system-wide to
/bin/sh. Please note that NixOS assumes all
over the place that shell to be Bash, so override the default
setting only if you know exactly what you're doing.
Default:
"/nix/store/k0f4zly6fs6dr5x66w8zawipm34msnn6-bash-4.2-p45/bin/sh"
Example:
"\${pkgs.dash}/bin/dash"
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.blcr.enableWhether to enable support for the BLCR checkpointing tool.
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/blcr.nix>
|
environment.checkConfigurationOptionsWhether to check the validity of the entire configuration.
Default:
true
Declared by:
<nixpkgs/nixos/modules/misc/check-config.nix>
|
environment.etcSet of files that have to be linked in /etc.
Default:
{
}
Example:
{ hosts =
{ source = "/nix/store/.../etc/dir/file.conf.example";
mode = "0440";
};
"default/useradd".text = "GROUP=100 ...";
}
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name?>.enableWhether this /etc file should be generated. This option allows specific /etc files to be disabled.
Default:
true
environment.etc.<name?>.gidGID of created file. Only takes affect when the file is copied (that is, the mode is not 'symlink').
Default:
0
environment.etc.<name?>.modeIf set to something else than symlink,
the file is copied instead of symlinked, with the given
file mode.
Default:
"symlink"
Example:
"0600"
environment.etc.<name?>.sourcePath of the source file.
environment.etc.<name?>.targetName of symlink (relative to
/etc). Defaults to the attribute
name.
environment.etc.<name?>.textText of the file.
Default:
null
environment.etc.<name?>.uidUID of created file. Only takes affect when the file is copied (that is, the mode is not 'symlink').
Default:
0
environment.extraInitShell script code called during global environment initialisation after all variables and profileVariables have been set. This code is asumed to be shell-independent, which means you should stick to pure sh without sh word split.
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.gnome3.excludePackagesWhich packages gnome should exclude from the default environment
Default:
[
]
Example:
"[ pkgs.gnome3.totem ]"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix>
|
environment.interactiveShellInitShell script code called during interactive shell initialisation. This code is asumed to be shell-independent, which means you should stick to pure sh without sh word split.
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.kdePackagesThis option is obsolete. Please use environment.systemPackages instead.
Default:
[
]
Example:
"[ pkgs.kde4.kdesdk ]"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/kde4.nix>
|
environment.loginShellInitShell script code called during login shell initialisation. This code is asumed to be shell-independent, which means you should stick to pure sh without sh word split.
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.noXlibsSwitch off the options in the default configuration that require X11 libraries. This includes client-side font configuration and SSH forwarding of X11 authentication in. Thus, you probably do not want to enable this option if you want to run X11 programs on this machine via SSH.
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/no-x-libs.nix>
|
environment.pathsToLinkList of directories to be symlinked in `/run/current-system/sw'.
Default:
[
]
Example:
[
"/"
]
Declared by:
<nixpkgs/nixos/modules/config/system-path.nix>
|
environment.profileVariablesA function which given a profile path should give back a set of environment variables for that profile.
Default:
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.profilesA list of profiles used to setup the global environment.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.shellAliasesAn attribute set that maps aliases (the top level attribute names in this option) to command strings or directly to build outputs. The aliases are added to all users' shells.
Default:
{
}
Example:
{
ll = "ls -l";
}
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.shellInitShell script code called during shell initialisation. This code is asumed to be shell-independent, which means you should stick to pure sh without sh word split.
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.shellsA list of permissible login shells for user accounts.
No need to mention /bin/sh
here, it is placed into this list implicitly.
Default:
[
]
Example:
[
"/run/current-system/sw/bin/zsh"
]
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.systemPackagesThe set of packages that appear in
/run/current-system/sw. These packages are
automatically available to all users, and are
automatically updated every time you rebuild the system
configuration. (The latter is the main difference with
installing them in the default profile,
/nix/var/nix/profiles/default.
Default:
[
]
Example:
"[ pkgs.icecat3 pkgs.thunderbird ]"
Declared by:
<nixpkgs/nixos/modules/config/system-path.nix>
|
environment.unixODBCDriversSpecifies Unix ODBC drivers to be registered in
/etc/odbcinst.ini. You may also want to
add pkgs.unixODBC to the system path to get
a command line client to connnect to ODBC databases.
Default:
[
]
Example:
map (x : x.ini) (with pkgs.unixODBCDrivers; [ mysql psql psqlng ] )
Declared by:
<nixpkgs/nixos/modules/config/unix-odbc-drivers.nix>
|
environment.variablesA set of environment variables used in the global environment. The value of each variable can be either a string or a list of strings. The latter is concatenated, interspersed with colon characters.
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.wvdial.dialerDefaultsContents of the "Dialer Defaults" section of
/etc/wvdial.conf.
Default:
""
Example:
''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"''
Declared by:
<nixpkgs/nixos/modules/programs/wvdial.nix>
|
environment.wvdial.pppDefaultsDefault ppp settings for wvdial.
Default:
'' noipdefault usepeerdns defaultroute persist noauth ''
Declared by:
<nixpkgs/nixos/modules/programs/wvdial.nix>
|
fileSystemsThe file systems to be mounted. It must include an entry for
the root directory (mountPoint = "/"). Each
entry in the list is an attribute set with the following fields:
mountPoint, device,
fsType (a file system type recognised by
mount; defaults to
"auto"), and options
(the mount options passed to mount using the
-o flag; defaults to "defaults").
Instead of specifying device, you can also
specify a volume label (label) for file
systems that support it, such as ext2/ext3 (see mke2fs
-L).
Default:
{
}
Example:
{
/ =
{
device = "/dev/hda1";
}
; /bigdisk =
{
label = "bigdisk";
}
; /data =
{
device = "/dev/hda2"; fsType = "ext3"; options = "data=journal";
}
;
}
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
fileSystems.<name?>.autoFormatIf the device does not currently contain a filesystem (as
determined by blkid, then automatically
format it with the filesystem type specified in
fsType. Use with caution.
Default:
false
fileSystems.<name?>.deviceLocation of the device.
Default:
null
Example:
"/dev/sda"
fileSystems.<name?>.fsTypeType of the file system.
Default:
"auto"
Example:
"ext3"
fileSystems.<name?>.labelLabel of the device (if any).
Default:
null
Example:
"root-partition"
fileSystems.<name?>.mountPointLocation of the mounted the file system.
Example:
"/mnt/usb"
fileSystems.<name?>.neededForBootIf set, this file system will be mounted in the initial
ramdisk. By default, this applies to the root file system
and to the file system containing
/nix/store.
Default:
false
fileSystems.<name?>.noCheckDisable running fsck on this filesystem.
Default:
false
fileSystems.<name?>.optionsOptions used to mount the file system.
Default:
"defaults,relatime"
Example:
"data=journal"
fonts.enableCoreFontsWhether to include Microsoft's proprietary Core Fonts. These fonts are redistributable, but only verbatim, among other restrictions. See http://corefonts.sourceforge.net/eula.htm for details.
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/fonts/corefonts.nix>
|
fonts.enableFontConfigIf enabled, a Fontconfig configuration file will be built pointing to a set of default fonts. If you don't care about running X11 applications or any other program that uses Fontconfig, you can turn this option off and prevent a dependency on all those fonts.
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.enableFontDirWhether to create a directory with links to all fonts in
/run/current-system/sw/share/X11-fonts.
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontdir.nix>
|
fonts.enableGhostscriptFontsWhether to add the fonts provided by Ghostscript (such as various URW fonts and the “Base-14” Postscript fonts) to the list of system fonts, making them available to X11 applications.
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/fonts/ghostscript.nix>
|
fonts.fontsList of primary font paths.
Example:
[
(build of dejavu-fonts-2.34)
]
Declared by:
<nixpkgs/nixos/modules/config/fonts/fonts.nix>
|
gnuWhen enabled, GNU software is chosen by default whenever a there is a choice between GNU and non-GNU software (e.g., GNU lsh vs. OpenSSH).
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/gnu.nix>
|
hardware.amdHybridGraphics.disableCompletely disable the AMD graphics card and use the integrated graphics processor instead.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/amd-hybrid-graphics.nix>
|
hardware.bluetooth.enableWhether to enable support for Bluetooth.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
|
hardware.bumblebee.enableEnable the bumblebee daemon to manage Optimus hybrid video cards. This should power off secondary GPU until its use is requested by running an application with optirun. Only nvidia driver is supported so far.
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
|
hardware.bumblebee.groupGroup for bumblebee socket
Default:
"wheel"
Example:
"video"
Declared by:
<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
|
hardware.cpu.amd.updateMicrocodeUpdate the CPU microcode for AMD processors.
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/amd-microcode.nix>
|
hardware.cpu.intel.updateMicrocodeUpdate the CPU microcode for Intel processors.
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/intel-microcode.nix>
|
hardware.enableAllFirmwareTurn on this option if you want to enable all the firmware shipped with Debian/Ubuntu.
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/all-firmware.nix>
|
hardware.firmwareList of directories containing firmware files. Such files will be loaded automatically if the kernel asks for them (i.e., when it has detected specific hardware that requires firmware to function). If more than one path contains a firmware file with the same name, the first path in the list takes precedence. Note that you must rebuild your system if you add files to any of these directories. For quick testing, put firmware files in /root/test-firmware and add that directory to the list. Note that you can also add firmware packages to this list as these are directories in the nix store.
Default:
[
]
Example:
[
"/root/my-firmware"
]
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
hardware.nvidiaOptimus.disableCompletely disable the NVIDIA graphics card and use the integrated graphics processor instead.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/nvidia-optimus.nix>
|
hardware.opengl.driSupportWhether to enable accelerated OpenGL rendering through the Direct Rendering Interface (DRI).
Default:
true
Declared by:
<nixpkgs/nixos/modules/hardware/opengl.nix>
|
hardware.opengl.driSupport32BitOn 64-bit systems, whether to support Direct Rendering for
32-bit applications (such as Wine). This is currently only
supported for the nvidia driver and for
Mesa.
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/opengl.nix>
|
hardware.opengl.s3tcSupportMake S3TC(S3 Texture Compression) via libtxc_dxtn available to OpenGL drivers instead of the patent-free S2TC replacement. Using this library may require a patent license depending on your location.
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/opengl.nix>
|
hardware.pcmcia.configPath to the configuration file which maps the memory, IRQs and ports used by the PCMCIA hardware.
Default:
null
Declared by:
<nixpkgs/nixos/modules/hardware/pcmcia.nix>
|
hardware.pcmcia.enableEnable this option to support PCMCIA card.
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/pcmcia.nix>
|
hardware.pcmcia.firmwareList of firmware used to handle specific PCMCIA card.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/hardware/pcmcia.nix>
|
hardware.pulseaudio.configFileThe path to the configuration the PulseAudio server should use. By default, the "default.pa" configuration from the PulseAudio distribution is used.
Default:
"/nix/store/7d7xj0fd4n595k0npp3045m3spqygj79-pulseaudio-5.0/etc/pulse/default.pa"
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.daemon.logLevelThe log level that the system-wide pulseaudio daemon should use, if activated.
Default:
"notice"
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.enableWhether to enable the PulseAudio sound server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.packageThe PulseAudio derivation to use. This can be used to enable features (such as JACK support) that are not enabled in the default PulseAudio in Nixpkgs.
Default:
(build of pulseaudio-5.0)
Example:
pulseaudio.override { jackaudioSupport = true; }Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.systemWideIf false, a PulseAudio server is launched automatically for each user that tries to use the sound system. The server runs with user privileges. This is the recommended and most secure way to use PulseAudio. If true, one system-wide PulseAudio server is launched on boot, running as the user "pulse". Please read the PulseAudio documentation for more details.
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.sane.enableEnable support for SANE scanners.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
hardware.sane.snapshotUse a development snapshot of SANE scanner drivers.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
i18n.consoleFontThe font used for the virtual consoles. Leave empty to use whatever the setfont program considers the default font.
Default:
"lat9w-16"
Example:
"LatArCyrHeb-16"
Declared by:
<nixpkgs/nixos/modules/config/i18n.nix>
|
i18n.consoleKeyMapThe keyboard mapping table for the virtual consoles.
Default:
"us"
Example:
"fr"
Declared by:
<nixpkgs/nixos/modules/config/i18n.nix>
|
i18n.defaultLocaleThe default locale. It determines the language for program messages, the format for dates and times, sort order, and so on. It also determines the character set, such as UTF-8.
Default:
"en_US.UTF-8"
Example:
"nl_NL.UTF-8"
Declared by:
<nixpkgs/nixos/modules/config/i18n.nix>
|
i18n.supportedLocalesList of locales that the system should support. The value
"all" means that all locales supported by
Glibc will be installed. A full list of supported locales
can be found at http://sourceware.org/cgi-bin/cvsweb.cgi/libc/localedata/SUPPORTED?cvsroot=glibc.
Default:
[
"all"
]
Example:
[
"en_US.UTF-8/UTF-8" "nl_NL.UTF-8/UTF-8" "nl_NL/ISO-8859-1"
]
Declared by:
<nixpkgs/nixos/modules/config/i18n.nix>
|
jobsThis option is a legacy method to define system services,
dating from the era where NixOS used Upstart instead of
systemd. You should use systemd.services
instead. Services defined using jobs are
mapped automatically to systemd.services, but
may not work perfectly; in particular, most
startOn conditions are not supported.
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/upstart/upstart.nix>
|
jobs.<name?>.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Default:
[
]
jobs.<name?>.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Default:
[
]
jobs.<name?>.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Default:
[
]
jobs.<name?>.conflictsIf the specified units are started, then this unit is stopped and vice versa.
Default:
[
]
jobs.<name?>.daemonTypeDetermines how systemd detects when a daemon should be
considered “running”. The value none means
that the daemon is considered ready immediately. The value
fork means that the daemon will fork once.
The value daemon means that the daemon will
fork twice. The value stop means that the
daemon will raise the SIGSTOP signal to indicate readiness.
Default:
"none"
jobs.<name?>.descriptionDescription of this unit used in systemd messages and progress indicators.
Default:
""
jobs.<name?>.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances (e.g. serial-getty@ttyS0)
from being started.
Default:
true
jobs.<name?>.environmentEnvironment variables passed to the service's processes.
Default:
{
}
Example:
{
LANG = "nl_NL.UTF-8"; PATH = "/foo/bar/bin";
}
jobs.<name?>.execCommand to start the job's main process. If empty, the job has no main process, but can still have pre/post-start and pre/post-stop scripts, and is considered “running” until it is stopped.
Default:
""
jobs.<name?>.nameName of the job, mapped to the systemd unit
name.service
Example:
"sshd"
jobs.<name?>.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Default:
[
]
jobs.<name?>.pathPackages added to the job's PATH environment variable.
Both the bin and sbin
subdirectories of each package are added.
Default:
[
]
jobs.<name?>.postStartShell commands executed after the job is started (i.e. after the job's main process is started), but before the job is considered “running”.
Default:
""
jobs.<name?>.postStopShell commands executed after the job has stopped (i.e. after the job's main process has terminated).
Default:
""
jobs.<name?>.preStartShell commands executed before the service's main process is started.
Default:
""
jobs.<name?>.preStopShell commands executed before the job is stopped (i.e. before systemd kills the job's main process). This can be used to cleanly shut down a daemon.
Default:
""
jobs.<name?>.reloadIfChangedWhether the service should be reloaded during a NixOS
configuration switch if its definition has changed. If
enabled, the value of restartIfChanged is
ignored.
Default:
false
jobs.<name?>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
Default:
[
]
jobs.<name?>.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Default:
[
]
jobs.<name?>.respawnWhether to restart the job automatically if its process ends unexpectedly.
Default:
true
jobs.<name?>.restartIfChangedWhether the service should be restarted during a NixOS configuration switch if its definition has changed.
Default:
true
jobs.<name?>.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Default:
[
]
jobs.<name?>.scriptShell commands executed as the service's main process.
Default:
""
jobs.<name?>.scriptArgsArguments passed to the main process script.
Default:
""
jobs.<name?>.serviceConfigEach attribute in this set specifies an option in the
[Service] section of the unit. See
systemd.service(5) for details.
Default:
{
}
Example:
{
RestartSec = 5; StartLimitInterval = 10;
}
jobs.<name?>.setgidRun the daemon as a different group.
Default:
""
jobs.<name?>.setuidRun the daemon as a different user.
Default:
""
jobs.<name?>.startAtAutomatically start this unit at the given date/time, which
must be in the format described in
systemd.time(5). This is equivalent
to adding a corresponding timer unit with
OnCalendar set to the value given here.
Default:
""
Example:
"Sun 14:00:00"
jobs.<name?>.startOnThe Upstart event that triggers this job to be started. Some are mapped to systemd dependencies; otherwise you will get a warning. If empty, the job will not start automatically.
Default:
""
jobs.<name?>.stopIfChangedIf set, a changed unit is restarted by calling
systemctl stop in the old configuration,
then systemctl start in the new one.
Otherwise, it is restarted in a single step using
systemctl restart in the new configuration.
The latter is less correct because it runs the
ExecStop commands from the new
configuration.
Default:
true
jobs.<name?>.stopOnIgnored; this was the Upstart event that triggers this job to be stopped.
Default:
"starting shutdown"
jobs.<name?>.taskWhether this job is a task rather than a service. Tasks are executed only once, while services are restarted when they exit.
Default:
false
jobs.<name?>.unitGenerated definition of the systemd unit corresponding to this job.
Default:
{
after =
[
]
; before =
[
]
; description = ""; environment =
{
}
; partOf =
[
]
; path =
[
]
; requires =
[
]
; restartIfChanged = true; serviceConfig =
{
RemainAfterExit = true; Type = "oneshot";
}
; unitConfig =
{
}
; wantedBy =
[
]
; wants =
[
]
;
}
jobs.<name?>.unitConfigEach attribute in this set specifies an option in the
[Unit] section of the unit. See
systemd.unit(5) for details.
Default:
{
}
Example:
{
RequiresMountsFor = "/data";
}
jobs.<name?>.wantedByUnits that want (i.e. depend on) this unit.
Default:
[
]
jobs.<name?>.wantsStart the specified units when this unit is started.
Default:
[
]
krb5.defaultRealmDefault realm.
Default:
"ATENA.MIT.EDU"
Declared by:
<nixpkgs/nixos/modules/config/krb5.nix>
|
krb5.domainRealmDefault domain realm.
Default:
"atena.mit.edu"
Declared by:
<nixpkgs/nixos/modules/config/krb5.nix>
|
krb5.enableWhether to enable Kerberos V.
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/krb5.nix>
|
krb5.kdcKerberos Domain Controller
Default:
"kerberos.mit.edu"
Declared by:
<nixpkgs/nixos/modules/config/krb5.nix>
|
krb5.kerberosAdminServerKerberos Admin Server
Default:
"kerberos.mit.edu"
Declared by:
<nixpkgs/nixos/modules/config/krb5.nix>
|
libThis option allows modules to define helper functions, constants, etc.
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/misc/lib.nix>
|
nesting.childrenAdditional configurations to build.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
|
nesting.cloneAdditional configurations to build based on the current configuration which is has a lower priority.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
|
networking.WLANInterfaceObsolete. Use networking.wireless.interfaces instead.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.bondsThis option allows you to define bond devices that aggregate multiple, underlying networking interfaces together. The value of this option is an attribute set. Each attribute specifies a bond, with the attribute name specifying the name of the bond's network interface
Default:
{
}
Example:
{
bond0 =
{
interfaces =
[
"eth0" "wlan0"
]
; miimon = 100; mode = "active-backup";
}
; fatpipe =
{
interfaces =
[
"enp4s0f0" "enp4s0f1" "enp5s0f0" "enp5s0f1"
]
;
}
;
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bonds.<name>.interfacesThe interfaces to bond together
Example:
[
"enp4s0f0" "enp4s0f1" "wlan0"
]
networking.bonds.<name>.miimonMiimon is the number of millisecond in between each round of polling by the device driver for failed links. By default polling is not enabled and the driver is trusted to properly detect and handle failure scenarios.
Default:
null
Example:
100
networking.bonds.<name>.modeThe mode which the bond will be running. The default mode for the bonding driver is balance-rr, optimizing for throughput. More information about valid modes can be found at https://www.kernel.org/doc/Documentation/networking/bonding.txt
Default:
null
Example:
"active-backup"
networking.bridgesThis option allows you to define Ethernet bridge devices that connect physical networks together. The value of this option is an attribute set. Each attribute specifies a bridge, with the attribute name specifying the name of the bridge's network interface.
Default:
{
}
Example:
{
br0 =
{
interfaces =
[
"eth0" "eth1"
]
;
}
; br1 =
{
interfaces =
[
"eth2" "wlan0"
]
;
}
;
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bridges.<name>.interfacesThe physical network interfaces connected by the bridge.
Example:
[
"eth0" "eth1"
]
networking.connman.enableWhether to use ConnMan for managing your network connections.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
|
networking.defaultGatewayThe default gateway. It can be left empty if it is auto-detected through DHCP.
Default:
""
Example:
"131.211.84.1"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGatewayWindowSizeThe window size of the default gateway. It limits maximal data bursts that TCP peers are allowed to send to us.
Default:
null
Example:
524288
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultMailServer.authPassPassword used for SMTP auth. (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
Default:
""
Example:
"correctHorseBatteryStaple"
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
|
networking.defaultMailServer.authUserUsername used for SMTP auth. Leave blank to disable.
Default:
""
Example:
"foo@example.org"
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
|
networking.defaultMailServer.directDeliveryUse the trivial Mail Transfer Agent (MTA)
ssmtp package to allow programs to send
e-mail. If you don't want to run a “real” MTA like
sendmail or postfix on
your machine, set this option to true, and
set the option
networking.defaultMailServer.hostName to the
host name of your preferred mail server.
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
|
networking.defaultMailServer.domainThe domain from which mail will appear to be sent.
Default:
""
Example:
"example.org"
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
|
networking.defaultMailServer.hostNameThe host name of the default mail server to use to deliver e-mail.
Example:
"mail.example.org"
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
|
networking.defaultMailServer.useSTARTTLSWhether the STARTTLS should be used to connect to the default mail server. (This is needed for TLS-capable mail servers running on the default SMTP port 25.)
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
|
networking.defaultMailServer.useTLSWhether TLS should be used to connect to the default mail server.
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
|
networking.dhcpcd.denyInterfacesDisable the DHCP client for any interface whose name matches any of the shell glob patterns in this list. The purpose of this option is to blacklist virtual interfaces such as those created by Xen, libvirt, LXC, etc.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
|
networking.dhcpcd.extraConfigLiteral string to append to the config file generated for dhcpcd.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
|
networking.dnsSingleRequestRecent versions of glibc will issue both ipv4 (A) and ipv6 (AAAA) address queries at the same time, from the same port. Sometimes upstream routers will systemically drop the ipv4 queries. The symptom of this problem is that 'getent hosts example.com' only returns ipv6 (or perhaps only ipv4) addresses. The workaround for this is to specify the option 'single-request' in /etc/resolv.conf. This option enables that.
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.domainThe domain. It can be left empty if it is auto-detected through DHCP.
Default:
""
Example:
"home"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.enableB43FirmwareTurn on this option if you want firmware for the NICs supported by the b43 module.
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/network/b43.nix>
|
networking.enableIPv6Whether to enable support for IPv6.
Default:
true
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.enableIntel2100BGFirmwareTurn on this option if you want firmware for the Intel PRO/Wireless 2100BG to be loaded automatically. This is required if you want to use this device.
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/network/intel-2100bg.nix>
|
networking.enableIntel2200BGFirmwareTurn on this option if you want firmware for the Intel PRO/Wireless 2200BG to be loaded automatically. This is required if you want to use this device.
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/network/intel-2200bg.nix>
|
networking.enableIntel3945ABGFirmwareThis option enables automatic loading of the firmware for the Intel PRO/Wireless 3945ABG.
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/network/intel-3945abg.nix>
|
networking.enableRTL8192cFirmwareTurn on this option if you want firmware for the RTL8192c (and related) NICs.
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/network/rtl8192c.nix>
|
networking.enableRalinkFirmwareTurn on this option if you want firmware for the RT73 NIC.
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/network/ralink.nix>
|
networking.extraHostsAdditional entries to be appended to /etc/hosts.
Default:
""
Example:
"192.168.0.1 lanlocalhost"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.firewall.allowPingWhether to respond to incoming ICMPv4 echo requests ("pings"). ICMPv6 pings are always allowed because the larger address space of IPv6 makes network scanning much less effective.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.allowedTCPPortRangesA range of TCP ports on which incoming connections are accepted.
Default:
[
]
Example:
[
{
from = 8999; to = 9003;
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.allowedTCPPortsList of TCP ports on which incoming connections are accepted.
Default:
[
]
Example:
[
22 80
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.allowedUDPPortRangesRange of open UDP ports.
Default:
[
]
Example:
[
{
from = 60000; to = 61000;
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.allowedUDPPortsList of open UDP ports.
Default:
[
]
Example:
[
53
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.autoLoadConntrackHelpersWhether to auto-load connection-tracking helpers. See the description at networking.firewall.connectionTrackingModules (needs kernel 3.5+)
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.checkReversePathPerforms a reverse path filter test on a packet. If a reply to the packet would not be sent via the same interface that the packet arrived on, it is refused. If using asymmetric routing or other complicated routing, disable this setting and setup your own counter-measures. (needs kernel 3.3+)
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.connectionTrackingModulesList of connection-tracking helpers that are auto-loaded. The complete list of possible values is given in the example. As helpers can pose as a security risk, it is advised to set this to an empty list and disable the setting networking.firewall.autoLoadConntrackHelpers Loading of helpers is recommended to be done through the new CT target. More info: https://home.regit.org/netfilter-en/secure-use-of-helpers/
Default:
[
"ftp"
]
Example:
[
"ftp" "irc" "sane" "sip" "tftp" "amanda" "h323" "netbios_sn" "pptp" "snmp"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.enableWhether to enable the firewall. This is a simple stateful firewall that blocks connection attempts to unauthorised TCP or UDP ports on this machine. It does not affect packet forwarding.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.extraCommandsAdditional shell commands executed as part of the firewall initialisation script. These are executed just before the final "reject" firewall rule is added, so they can be used to allow packets that would otherwise be refused.
Default:
""
Example:
"iptables -A INPUT -p icmp -j ACCEPT"
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.logRefusedConnectionsWhether to log rejected or dropped incoming connections.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.logRefusedPacketsWhether to log all rejected or dropped incoming packets. This tends to give a lot of log messages, so it's mostly useful for debugging.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.logRefusedUnicastsOnlyIf networking.firewall.logRefusedPackets
and this option are enabled, then only log packets
specifically directed at this machine, i.e., not broadcasts
or multicasts.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.pingLimitIf pings are allowed, this allows setting rate limits on them. If non-null, this option should be in the form of flags like "-limit 1/minute -limit-burst 5"
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.rejectPacketsIf set, forbidden packets are rejected rather than dropped (ignored). This means that an ICMP "port unreachable" error message is sent back to the client. Rejecting packets makes port scanning somewhat easier.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.trustedInterfacesTraffic coming in from these interfaces will be accepted unconditionally.
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.hostNameThe name of the machine. Leave it empty if you want to obtain it from a DHCP server (if using DHCP).
Default:
"nixos"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaceMonitor.beepIf true, beep when an Ethernet cable is
plugged in or unplugged.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ifplugd.nix>
|
networking.interfaceMonitor.commandsShell commands to be executed when the link status of an
interface changes. On invocation, the shell variable
iface contains the name of the interface,
while the variable status contains either
up or down to indicate
the new status.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/ifplugd.nix>
|
networking.interfaceMonitor.enableIf true, monitor Ethernet interfaces for
cables being plugged in or unplugged. When this occurs, the
commands specified in
networking.interfaceMonitor.commands are
executed.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ifplugd.nix>
|
networking.interfacesThe configuration for each network interface. If
networking.useDHCP is true, then every
interface not listed here will be configured using DHCP.
Default:
{
}
Example:
{
eth0 =
{
ipAddress = "131.211.84.78"; subnetMask = "255.255.255.128";
}
;
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.ipAddressIP address of the interface. Leave empty to configure the interface using DHCP.
Default:
null
Example:
"10.0.0.1"
networking.interfaces.<name?>.ipv6AddressIPv6 address of the interface. Leave empty to configure the interface using NDP.
Default:
null
Example:
"2001:1470:fffd:2098::e006"
networking.interfaces.<name?>.ipv6prefixLengthSubnet mask of the interface, specified as the number of
bits in the prefix (64).
Default:
64
Example:
64
networking.interfaces.<name?>.macAddressMAC address of the interface. Leave empty to use the default.
Default:
null
Example:
"00:11:22:33:44:55"
networking.interfaces.<name?>.mtuMTU size for packets leaving the interface. Leave empty to use the default.
Default:
null
Example:
9000
networking.interfaces.<name?>.nameName of the interface.
Example:
"eth0"
networking.interfaces.<name?>.prefixLengthSubnet mask of the interface, specified as the number of
bits in the prefix (24).
Default:
null
Example:
24
networking.interfaces.<name?>.proxyARPTurn on proxy_arp for this device (and proxy_ndp for ipv6). This is mainly useful for creating pseudo-bridges between a real interface and a virtual network such as VPN or a virtual machine for interfaces that don't support real bridging (most wlan interfaces). As ARP proxying acts slightly above the link-layer, below-ip traffic isn't bridged, so things like DHCP won't work. The advantage above using NAT lies in the fact that no IP addresses are shared, so all hosts are reachable/routeable. WARNING: turns on ip-routing, so if you have multiple interfaces, you should think of the consequence and setup firewall rules to limit this.
Default:
false
networking.interfaces.<name?>.subnetMaskSubnet mask of the interface, specified as a bitmask.
This is deprecated; use prefixLength
instead.
Default:
""
Example:
"255.255.255.0"
networking.interfaces.<name?>.virtualWhether this interface is virtual and should be created by tunctl. This is mainly useful for creating bridges between a host a virtual network such as VPN or a virtual machine. Defaults to tap device, unless interface contains "tun" in its name.
Default:
false
networking.interfaces.<name?>.virtualOwnerIn case of a virtual device, the user who owns it.
Default:
"root"
networking.localCommandsShell commands to be executed at the end of the
network-setup systemd service. Note that if
you are using DHCP to obtain the network configuration,
interfaces may not be fully configured yet.
Default:
""
Example:
"text=anything; echo You can put \$text here."
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.nameserversThe list of nameservers. It can be left empty if it is auto-detected through DHCP.
Default:
[
]
Example:
[
"130.161.158.4" "130.161.33.17"
]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.nat.enableWhether to enable Network Address Translation (NAT).
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.externalIPThe public IP address to which packets from the local network are to be rewritten. If this is left empty, the IP address associated with the external interface will be used.
Default:
null
Example:
"203.0.113.123"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.externalInterfaceThe name of the external network interface.
Example:
"eth1"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.internalIPsThe IP address ranges for which to perform NAT. Packets coming from these addresses (on any interface) and destined for the external interface will be rewritten.
Default:
[
]
Example:
[
"192.168.1.0/24"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.internalInterfacesThe interfaces for which to perform NAT. Packets coming from these interface and destined for the external interface will be rewritten.
Default:
[
]
Example:
[
"eth0"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.networkmanager.appendNameserversA list of name servers that should be appended to the ones configured in NetworkManager or received by DHCP.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.enableWhether to use NetworkManager to obtain an IP address and other
configuration for all network interfaces that are not manually
configured. If enabled, a group networkmanager
will be created. Add all users that should have permission
to change network settings to this group.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.insertNameserversA list of name servers that should be inserted before the ones configured in NetworkManager or received by DHCP.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.packagesExtra packages that provide NetworkManager plugins.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.tcpcrypt.enableWhether to enable opportunistic TCP encryption. If the other end speaks Tcpcrypt, then your traffic will be encrypted; otherwise it will be sent in clear text. Thus, Tcpcrypt alone provides no guarantees -- it is best effort. If, however, a Tcpcrypt connection is successful and any attackers that exist are passive, then Tcpcrypt guarantees privacy.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/tcpcrypt.nix>
|
networking.useDHCPWhether to use DHCP to obtain an IP address and other configuration for all network interfaces that are not manually configured.
Default:
true
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.useHostResolvConfIn containers, whether to use the
resolv.conf supplied by the host.
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.usePredictableInterfaceNamesWhether to assign predictable
names to network interfaces. If enabled, interfaces
are assigned names that contain topology information
(e.g. wlp3s0) and thus should be stable
across reboots. If disabled, names depend on the order in
which interfaces are discovered by the kernel, which may
change randomly across reboots; for instance, you may find
eth0 and eth1 flipping
unpredictably.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
networking.vlansThis option allows you to define vlan devices that tag packets on top of a physical interface. The value of this option is an attribute set. Each attribute specifies a vlan, with the name specifying the name of the vlan interface.
Default:
{
}
Example:
{
vlan0 =
{
id = 3; interface = "enp3s0";
}
; vlan1 =
{
id = 1; interface = "wlan0";
}
;
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vlans.<name>.idThe vlan identifier
Example:
1
networking.vlans.<name>.interfaceThe interface the vlan will transmit packets through.
Example:
"enp4s0"
networking.wicd.enableWhether to start wicd. Wired and wireless network configurations can then be managed by wicd-client.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/wicd.nix>
|
networking.wireless.driverForce a specific wpa_supplicant driver.
Default:
"nl80211,wext"
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.enableWhether to start wpa_supplicant to scan for
and associate with wireless networks. Note: NixOS currently
does not generate wpa_supplicant's
configuration file, /etc/wpa_supplicant.conf. You
should edit this file yourself to define wireless networks,
WPA keys and so on (see
wpa_supplicant.conf(5)).
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.interfacesThe interfaces wpa_supplicant will use. If empty, it will automatically use all wireless interfaces.
Default:
[
]
Example:
[
"wlan0" "wlan1"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.userControlled.enableAllow normal users to control wpa_supplicant through wpa_gui or wpa_cli. This is useful for laptop users that switch networks a lot. When you want to use this, make sure /etc/wpa_supplicant.conf doesn't exist. It will be created for you. Currently it is also necessary to explicitly specify networking.wireless.interfaces.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.userControlled.groupMembers of this group can control wpa_supplicant.
Default:
"wheel"
Example:
"network"
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
nix.binaryCachesList of binary cache URLs used to obtain pre-built binaries of Nix packages.
Default:
[
"http://cache.nixos.org/"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.buildMachinesThis option lists the machines to be used if distributed
builds are enabled (see
nix.distributedBuilds). Nix will perform
derivations on those machines via SSH by copying the inputs
to the Nix store on the remote machine, starting the build,
then copying the output back to the local Nix store. Each
element of the list should be an attribute set containing
the machine's host name (hostname), the
user name to be used for the SSH connection
(sshUser), the Nix system type
(system, e.g.,
"i686-linux"), the maximum number of
jobs to be run in parallel on that machine
(maxJobs), the path to the SSH private
key to be used to connect (sshKey), a
list of supported features of the machine
(supportedFeatures) and a list of
mandatory features of the machine
(mandatoryFeatures). The SSH private key
should not have a passphrase, and the corresponding public
key should be added to
~
on the remote machine.
sshUser/authorized_keys
Default:
[
]
Example:
[
{
hostName = "voila.labs.cs.uu.nl"; maxJobs = 1; sshKey = "/root/.ssh/id_buildfarm"; sshUser = "nix"; system = "powerpc-darwin";
}
{
hostName = "linux64.example.org"; mandatoryFeatures = "perf"; maxJobs = 2; sshKey = "/root/.ssh/id_buildfarm"; sshUser = "buildfarm"; supportedFeatures = "kvm"; system = "x86_64-linux";
}
]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.chrootDirsDirectories from the host filesystem to be included in the chroot.
Default:
[
]
Example:
[
"/dev" "/proc"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.daemonIONiceLevelNix daemon process I/O priority. This priority propagates to build processes. 0 is the default Unix process I/O priority, 7 is the lowest.
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.daemonNiceLevelNix daemon process priority. This priority propagates to build processes. 0 is the default Unix process priority, 20 is the lowest.
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.distributedBuildsWhether to distribute builds to the machines listed in
nix.buildMachines.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.extraOptionsAdditional text appended to nix.conf.
Default:
""
Example:
'' gc-keep-outputs = true gc-keep-derivations = true ''
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.gc.automaticAutomatically run the garbage collector at a specific time.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
|
nix.gc.datesSpecification (in the format described by systemd.time(5)) of the time at which the garbage collector will run.
Default:
"03:15"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
|
nix.gc.optionsOptions given to nix-collect-garbage when the
garbage collector is run automatically.
Default:
""
Example:
"--max-freed \$((64 * 1024**3))"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
|
nix.maxJobsThis option defines the maximum number of jobs that Nix will try to build in parallel. The default is 1. You should generally set it to the number of CPUs in your system (e.g., 2 on an Athlon 64 X2).
Default:
1
Example:
64
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.nrBuildUsersNumber of nixbld user accounts created to
perform secure concurrent builds. If you receive an error
message saying that “all build users are currently in use”,
you should increase this value.
Default:
10
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.packageThis option specifies the Nix package instance to use throughout the system.
Default:
(build of nix-1.7)
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.proxyThis option specifies the proxy to use for fetchurl. The real effect is just exporting http_proxy, https_proxy and ftp_proxy with that value.
Default:
""
Example:
"http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.readOnlyStoreIf set, NixOS will enforce the immutability of the Nix store
by making /nix/store a read-only bind
mount. Nix will automatically make the store writable when
needed.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.sshServe.enableWhether to enable serving the nix store over ssh.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-ssh-serve.nix>
|
nix.trustedBinaryCachesList of binary cache URLs that non-root users can use (in
addition to those specified using
nix.binaryCaches by passing
--option binary-caches to Nix commands.
Default:
[
]
Example:
[
"http://hydra.nixos.org/"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.useChrootIf set, Nix will perform builds in a chroot-environment that it will set up automatically for each build. This prevents impurities in builds by disallowing access to dependencies outside of the Nix store.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nixpkgs.configThe configuration of the Nix Packages collection. (For
details, see the Nixpkgs documentation.) It allows you to set
package configuration options, and to override packages
globally through the packageOverrides
option. The latter is a function that takes as an argument
the original Nixpkgs, and must evaluate
to a set of new or overridden packages.
Default:
{
}
Example:
{ firefox.enableGeckoMediaPlayer = true;
packageOverrides = pkgs: {
firefox60Pkgs = pkgs.firefox60Pkgs.override {
enableOfficialBranding = true;
};
};
}
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
|
nixpkgs.systemSpecifies the Nix platform type for which NixOS should be built. If unset, it defaults to the platform type of your host system. Specifying this option is useful when doing distributed multi-platform deployment, or when building virtual machines.
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
|
power.ups.enableEnables support for Power Devices, such as Uninterruptible Power Supplies, Power Distribution Units and Solar Controllers.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.maxStartDelayThis can be set as a global variable above your first UPS definition and it can also be set in a UPS section. This value controls how long upsdrvctl will wait for the driver to finish starting. This keeps your system from getting stuck due to a broken driver or UPS.
Default:
45
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.modeThe MODE determines which part of the NUT is to be started, and which configuration files must be modified. The values of MODE can be: - none: NUT is not configured, or use the Integrated Power Management, or use some external system to startup NUT components. So nothing is to be started. - standalone: This mode address a local only configuration, with 1 UPS protecting the local system. This implies to start the 3 NUT layers (driver, upsd and upsmon) and the matching configuration files. This mode can also address UPS redundancy. - netserver: same as for the standalone configuration, but also need some more ACLs and possibly a specific LISTEN directive in upsd.conf. Since this MODE is opened to the network, a special care should be applied to security concerns. - netclient: this mode only requires upsmon.
Default:
"standalone"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.schedulerRulesFile which contains the rules to handle UPS events.
Example:
"/etc/nixos/upssched.conf"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.upsThis is where you configure all the UPSes that this system will be monitoring directly. These are usually attached to serial ports, but USB devices are also supported.
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.ups.<name>.descriptionDescription of the UPS.
Default:
""
power.ups.ups.<name>.directivesList of configuration directives for this UPS.
Default:
[
]
power.ups.ups.<name>.driverSpecify the program to run to talk to this UPS. apcsmart, bestups, and sec are some examples.
power.ups.ups.<name>.maxStartDelayThis can be set as a global variable above your first UPS definition and it can also be set in a UPS section. This value controls how long upsdrvctl will wait for the driver to finish starting. This keeps your system from getting stuck due to a broken driver or UPS.
Default:
null
power.ups.ups.<name>.portThe serial port to which your UPS is connected. /dev/ttyS0 is usually the first port on Linux boxes, for example.
power.ups.ups.<name>.shutdownOrderWhen you have multiple UPSes on your system, you usually need to turn them off in a certain order. upsdrvctl shuts down all the 0s, then the 1s, 2s, and so on. To exclude a UPS from the shutdown sequence, set this to -1.
Default:
0
power.ups.ups.<name>.summaryLines which would be added inside ups.conf for handling this UPS.
Default:
""
powerManagement.cpuFreqGovernorConfigure the governor used to regulate the frequence of the available CPUs. By default, the kernel configures the on-demand governor.
Default:
null
Example:
"ondemand"
Declared by:
<nixpkgs/nixos/modules/tasks/cpu-freq.nix>
|
powerManagement.enableWhether to enable power management. This includes support for suspend-to-RAM and powersave features on laptops.
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/power-management.nix>
|
powerManagement.powerDownCommandsCommands executed when the machine powers down. That is, they're executed both when the system shuts down and when it goes to suspend or hibernation.
Default:
""
Example:
"/nix/store/c10rdpg4jb9ivrdzsbb9sg7v4pzaqcbn-hdparm-9.43/sbin/hdparm -B 255 /dev/sda"
Declared by:
<nixpkgs/nixos/modules/config/power-management.nix>
|
powerManagement.powerUpCommandsCommands executed when the machine powers up. That is, they're executed both when the system first boots and when it resumes from suspend or hibernation.
Default:
""
Example:
"/nix/store/c10rdpg4jb9ivrdzsbb9sg7v4pzaqcbn-hdparm-9.43/sbin/hdparm -B 255 /dev/sda"
Declared by:
<nixpkgs/nixos/modules/config/power-management.nix>
|
powerManagement.resumeCommandsCommands executed after the system resumes from suspend-to-RAM.
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/power-management.nix>
|
powerManagement.scsiLinkPolicyConfigure the SCSI link power management policy. By default, the kernel configures "max_performance".
Default:
""
Example:
"min_power"
Declared by:
<nixpkgs/nixos/modules/tasks/scsi-link-power-management.nix>
|
programs.atop.settingsParameters to be written to /etc/atoprc
Default:
{
}
Example:
{
flags = "a1f"; interval = 5;
}
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
|
programs.bash.enableCompletionEnable Bash completion for all interactive bash shells.
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
|
programs.bash.interactiveShellInitShell script code called during interactive bash shell initialisation.
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
|
programs.bash.loginShellInitShell script code called during login bash shell initialisation.
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
|
programs.bash.promptInitShell script code used to initialise the bash prompt.
Default:
'' # Provide a nice prompt. PROMPT_COLOR="1;31m" let $UID && PROMPT_COLOR="1;32m" PS1="\n\[\033[$PROMPT_COLOR\][\u@\h:\w]\\$\[\033[0m\] " if test "$TERM" = "xterm"; then PS1="\[\033]2;\h:\u:\w\007\]$PS1" fi ''
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
|
programs.bash.shellAliasesSet of aliases for bash shell. See environment.shellAliases
for an option format description.
Default:
{
l = "ls -alh"; ll = "ls -l"; ls = "ls --color=tty"; restart = "systemctl restart"; start = "systemctl start"; status = "systemctl status"; stop = "systemctl stop"; which = "type -P";
}
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
|
programs.bash.shellInitShell script code called during bash shell initialisation.
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
|
programs.screen.screenrcThe contents of /etc/screenrc file.
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/screen.nix>
|
programs.ssh.extraConfigExtra configuration text appended to ssh_config.
See ssh_config(5)
for help.
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.forwardX11Whether to request X11 forwarding on outgoing connections by default. This is useful for running graphical programs on the remote machine and have them display to your local X11 server. Historically, this value has depended on the value used by the local sshd daemon, but there really isn't a relation between the two. Note: there are some security risks to forwarding an X11 connection. NixOS's X server is built with the SECURITY extension, which prevents some obvious attacks. To enable or disable forwarding on a per-connection basis, see the -X and -x options to ssh. The -Y option to ssh enables trusted forwarding, which bypasses the SECURITY extension.
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.setXAuthLocationWhether to set the path to xauth for X11-forwarded connections. This causes a dependency on X11 packages.
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.startAgentWhether to start the OpenSSH agent when you log in. The OpenSSH agent remembers private keys for you so that you don't have to type in passphrases every time you make an SSH connection. Use ssh-add to add a key to the agent.
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.zsh.enableWhenever to configure Zsh as an interactive shell.
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.interactiveShellInitShell script code called during interactive zsh shell initialisation.
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.loginShellInitShell script code called during zsh login shell initialisation.
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.promptInitShell script code used to initialise the zsh prompt.
Default:
'' autoload -U promptinit && promptinit && prompt walters ''
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.shellAliasesSet of aliases for zsh shell. See environment.shellAliases
for an option format description.
Default:
{
l = "ls -alh"; ll = "ls -l"; ls = "ls --color=tty"; restart = "systemctl restart"; start = "systemctl start"; status = "systemctl status"; stop = "systemctl stop";
}
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.shellInitShell script code called during zsh shell initialisation.
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
security.apparmor.confineSUIDApplicationsInstall AppArmor profiles for commonly-used SUID application to mitigate potential privilege escalation attacks due to bugs in such applications. Currently available profiles: ping
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/apparmor-suid.nix>
|
security.apparmor.enableEnable the AppArmor Mandatory Access Control system.
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
|
security.apparmor.profilesList of files containing AppArmor profiles.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
|
security.duosec.acceptEnvFactorLook for factor selection or passcode in the
$DUO_PASSCODE environment variable before
prompting the user for input.
When $DUO_PASSCODE is non-empty, it will override
autopush. The SSH client will need SendEnv DUO_PASSCODE in
its configuration, and the SSH server will similarily need
AcceptEnv DUO_PASSCODE.
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.autopushIf true, Duo Unix will automatically send
a push login request to the user’s phone, falling back on a
phone call if push is unavailable. If
false, the user will be prompted to
choose an authentication method. When configured with
autopush = yes, we recommend setting
prompts = 1.
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.failmodeOn service or configuration errors that prevent Duo authentication, fail "safe" (allow access) or "secure" (deny access). The default is "safe".
Default:
"safe"
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.fallbackLocalIPDuo Unix reports the IP address of the authorizing user, for
the purposes of authorization and whitelisting. If Duo Unix
cannot detect the IP address of the client, setting
fallbackLocalIP = yes will cause Duo Unix
to send the IP address of the server it is running on.
If you are using IP whitelisting, enabling this option could
cause unauthorized logins if the local IP is listed in the
whitelist.
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.groupUse Duo authentication for users only in this group.
Default:
""
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.hostDuo API hostname.
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.ikeyIntegration key.
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.motdPrint the contents of /etc/motd to screen
after a succesful login.
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.pam.enableIf enabled, protect logins with Duo Security using PAM support.
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.promptsIf a user fails to authenticate with a second factor, Duo
Unix will prompt the user to authenticate again. This option
sets the maximum number of prompts that Duo Unix will
display before denying access. Must be 1, 2, or 3. Default
is 3.
For example, when prompts = 1, the user
will have to successfully authenticate on the first prompt,
whereas if prompts = 2, if the user
enters incorrect information at the initial prompt, he/she
will be prompted to authenticate again.
When configured with autopush = true, we
recommend setting prompts = 1.
Default:
3
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.pushinfoInclude information such as the command to be executed in the Duo Push message.
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.skeySecret key.
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.ssh.enableIf enabled, protect SSH logins with Duo Security.
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.grsecurity.config.denyChrootChmodIf true, then set GRKERN_CHROOT_CHMOD
y. If enabled, this denies processes inside a
chroot from setting the suid or sgid bits using
chmod or fchmod.
By default this protection is disabled - it makes it
impossible to use Nix to build software on your system,
which is what most users want.
If you are using NixOps to deploy your software to a
remote machine, you're encouraged to enable this as you
won't need to compile code.
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/grsecurity.nix>
|
security.grsecurity.config.disableRBACIf true, then set GRKERN_NO_RBAC
y. This disables the
/dev/grsec device, which in turn
disables the RBAC system (and gradm).
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/grsecurity.nix>
|
security.grsecurity.config.hardwareVirtualisationgrsecurity hardware virtualisation configuration. Set to
true if your machine supports hardware
accelerated virtualisation.
Default:
null
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/grsecurity.nix>
|
security.grsecurity.config.kernelExtraConfigExtra kernel configuration parameters.
Default:
""
Declared by:
<nixpkgs/nixos/modules/security/grsecurity.nix>
|
security.grsecurity.config.modegrsecurity configuration mode. This specifies whether
grsecurity is auto-configured or otherwise completely
manually configured. Can either by
custom or auto.
auto is recommended.
Default:
"auto"
Example:
"custom"
Declared by:
<nixpkgs/nixos/modules/security/grsecurity.nix>
|
security.grsecurity.config.prioritygrsecurity configuration priority. This specifies whether
the kernel configuration should emphasize speed or
security. Can either by security or
performance.
Default:
"security"
Example:
"performance"
Declared by:
<nixpkgs/nixos/modules/security/grsecurity.nix>
|
security.grsecurity.config.restrictProcIf true, then set GRKERN_PROC_USER
y. This restricts non-root users to only viewing
their own processes and restricts network-related
information, kernel symbols, and module information.
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/grsecurity.nix>
|
security.grsecurity.config.restrictProcWithGroupIf true, then set GRKERN_PROC_USERGROUP
y. This is similar to
restrictProc except it allows a special
group (specified by unrestrictProcGid)
to still access otherwise classified information in
/proc.
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/grsecurity.nix>
|
security.grsecurity.config.sysctlIf true, then set GRKERN_SYSCTL y. If
enabled then grsecurity can be controlled using sysctl
(and turned off). You are advised to *never* enable this,
but if you do, make sure to always set the sysctl
kernel.grsecurity.grsec_lock to
non-zero as soon as all sysctl options are set. *THIS IS
EXTREMELY IMPORTANT*!
If disabled, this also turns off the
systemd-sysctl service.
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/grsecurity.nix>
|
security.grsecurity.config.systemgrsecurity system configuration. This specifies whether
the kernel configuration should be suitable for a Desktop
or a Server. Can either by server or
desktop.
Default:
""
Example:
"desktop"
Declared by:
<nixpkgs/nixos/modules/security/grsecurity.nix>
|
security.grsecurity.config.unrestrictProcGidIf set, specifies a GID which is exempt from
/proc restrictions (set by
GRKERN_PROC_USERGROUP). By default,
this is set to the GID for grsecurity,
a predefined NixOS group, which the
root account is a member of. You may
conveniently add other users to this group if you need
access to /proc
Default:
121
Declared by:
<nixpkgs/nixos/modules/security/grsecurity.nix>
|
security.grsecurity.config.verboseVersionUse verbose version in kernel localversion.
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/grsecurity.nix>
|
security.grsecurity.config.virtualisationConfiggrsecurity virtualisation configuration. This specifies
the virtualisation role of the machine - that is, whether
it will be a virtual machine guest, a virtual machine
host, or neither. Can be one of none,
host, or guest.
Default:
"none"
Example:
"host"
Declared by:
<nixpkgs/nixos/modules/security/grsecurity.nix>
|
security.grsecurity.config.virtualisationSoftwaregrsecurity virtualisation software. Set this to the
specified virtual machine technology if the machine is
running as a guest, or a host.
Can be one of kvm,
xen, vmware or
virtualbox.
Default:
""
Example:
"kvm"
Declared by:
<nixpkgs/nixos/modules/security/grsecurity.nix>
|
security.grsecurity.enableEnable grsecurity support. This enables advanced exploit
hardening for the Linux kernel, and adds support for
administrative Role-Based Acess Control (RBAC) via
gradm. It also includes traditional
utilities for PaX.
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/grsecurity.nix>
|
security.grsecurity.stableEnable the stable grsecurity patch, based on Linux 3.2.
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/grsecurity.nix>
|
security.grsecurity.testingEnable the testing grsecurity patch, based on Linux 3.13.
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/grsecurity.nix>
|
security.grsecurity.vserverEnable the stable grsecurity/vserver patches, based on Linux 3.2.
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/grsecurity.nix>
|
security.initialRootPasswordThe (hashed) password for the root account set on initial
installation. The empty string denotes that root can login
locally without a password (but not via remote services such
as SSH, or indirectly via su or
sudo). The string !
prevents root from logging in using a password.
Note, setting this option sets
users.extraUsers.root.hashedPassword.
Note, if users.mutableUsers is false
you cannot change the root password manually, so in that case
the name of this option is a bit misleading, since it will define
the root password beyond the user initialisation phase.
Default:
""
Example:
"!"
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
security.pam.enableOTPWEnable the OTPW (one-time password) PAM module.
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.enableSSHAgentAuthEnable sudo logins if the user's SSH agent provides a key
present in ~/.ssh/authorized_keys.
This allows machines to exclusively use SSH keys instead of
passwords.
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.loginLimitsDefine resource limits that should apply to users or groups.
Each item in the list should be an attribute set with a
domain, type,
item, and value
attribute. The syntax and semantics of these attributes
must be that described in the limits.conf(5) man page.
Default:
[
]
Example:
[
{
domain = "ftp"; item = "nproc"; type = "hard"; value = "0";
}
{
domain = "@student"; item = "maxlogins"; type = "-"; value = "4";
}
]
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.servicesThis option defines the PAM services. A service typically corresponds to a program that uses PAM, e.g. login or passwd. Each attribute of this set defines a PAM service, with the attribute name defining the name of the service.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.allowNullPasswordWhether to allow logging into accounts that have no password
set (i.e., have an empty password field in
/etc/passwd or
/etc/group). This does not enable
logging into disabled accounts (i.e., that have the password
field set to !). Note that regardless of
what the pam_unix documentation says, accounts with hashed
empty passwords are always allowed to log in.
Default:
false
security.pam.services.<name?>.forwardXAuthWhether X authentication keys should be passed from the calling user to the target user (e.g. for su)
Default:
false
security.pam.services.<name?>.limitsAttribute set describing resource limits. Defaults to the
value of security.pam.loginLimits.
security.pam.services.<name?>.nameName of the PAM service.
Example:
"sshd"
security.pam.services.<name?>.otpwAuthIf set, the OTPW system will be used (if
~/.otpw exists).
Default:
false
security.pam.services.<name?>.rootOKIf set, root doesn't need to authenticate (e.g. for the useradd service).
Default:
false
security.pam.services.<name?>.setLoginUidSet the login uid of the process
(/proc/self/loginuid) for auditing
purposes. The login uid is only set by ‘entry points’ like
login and sshd, not by
commands like sudo.
security.pam.services.<name?>.showMotdWhether to show the message of the day.
Default:
false
security.pam.services.<name?>.sshAgentAuthIf set, the calling user's SSH agent is used to authenticate
against the keys in the calling user's
~/.ssh/authorized_keys. This is useful
for sudo on password-less remote systems.
Default:
false
security.pam.services.<name?>.startSessionIf set, the service will register a new session with systemd's login manager. For local sessions, this will give the user access to audio devices, CD-ROM drives. In the default PolicyKit configuration, it also allows the user to reboot the system.
Default:
false
security.pam.services.<name?>.textContents of the PAM service file.
security.pam.services.<name?>.unixAuthWhether users can log in with passwords defined in
/etc/shadow.
Default:
true
security.pam.services.<name?>.updateWtmpWhether to update /var/log/wtmp.
Default:
false
security.pam.services.<name?>.usbAuthIf set, users listed in
/etc/pamusb.conf are able to log in
with the associated USB key.
Default:
false
security.pam.usb.enableEnable USB login for all login systems that support it. For more information, visit http://pamusb.org/doc/quickstart#setting_up.
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam_usb.nix>
|
security.polkit.adminIdentitiesSpecifies which users are considered “administrators”, for those
actions that require the user to authenticate as an
administrator (i.e. have an auth_admin
value). By default, this is the root
user and all users in the wheel group.
Default:
[
"unix-user:0" "unix-group:wheel"
]
Example:
[
"unix-user:alice" "unix-group:admin"
]
Declared by:
<nixpkgs/nixos/modules/security/polkit.nix>
|
security.polkit.enableWhether to enable PolKit.
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/polkit.nix>
|
security.polkit.extraConfigAny polkit rules to be added to config (in JavaScript ;-). See: http://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html#polkit-rules
Default:
""
Example:
''
/* Log authorization checks. */
polkit.addRule(function(action, subject) {
polkit.log("user " + subject.user + " is attempting action " + action.id + " from PID " + subject.pid);
});
/* Allow any local user to do anything (dangerous!). */
polkit.addRule(function(action, subject) {
if (subject.local) return "yes";
});
''Declared by:
<nixpkgs/nixos/modules/security/polkit.nix>
|
security.rngd.enableWhether to enable the rng daemon, which adds entropy from hardware sources of randomness to the kernel entropy pool when available.
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/rngd.nix>
|
security.rtkit.enableWhether to enable the RealtimeKit system service, which hands out realtime scheduling priority to user processes on demand. For example, the PulseAudio server uses this to acquire realtime priority.
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/rtkit.nix>
|
security.setuidOwnersThis option allows the ownership and permissions on the setuid wrappers for specific programs to be overridden from the default (setuid root, but not setgid root).
Default:
[
]
Example:
[
{
group = "postdrop"; owner = "nobody"; permissions = "u+rx,g+x,o+x"; program = "sendmail"; setgid = true; setuid = false;
}
]
Declared by:
<nixpkgs/nixos/modules/security/setuid-wrappers.nix>
|
security.setuidProgramsThe Nix store cannot contain setuid/setgid programs directly. For this reason, NixOS can automatically generate wrapper programs that have the necessary privileges. This option lists the names of programs in the system environment for which setuid root wrappers should be created.
Default:
[
]
Example:
[
"passwd"
]
Declared by:
<nixpkgs/nixos/modules/security/setuid-wrappers.nix>
|
security.sudo.configFileThis string contains the contents of the
sudoers file.
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.enableWhether to enable the sudo command, which allows non-root users to execute commands as root.
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.wheelNeedsPasswordWhether users of the wheel group can execute
commands as super user without entering a password.
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
services.accounts-daemon.enableWhether to enable AccountsService, a DBus service for accessing the list of user accounts and information attached to those accounts.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/accountservice.nix>
|
services.acpid.acEventCommandsShell commands to execute on an ac_adapter.* event.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.acpid.enableWhether to enable the ACPI daemon.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.acpid.lidEventCommandsShell commands to execute on a button/lid.* event.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.acpid.powerEventCommandsShell commands to execute on a button/power.* event.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.activemq.baseDirThe base directory where ActiveMQ stores its persistent data and logs.
This will be overridden if you set "activemq.base" and "activemq.data"
in the javaProperties option. You can also override
this in activemq.xml.
Default:
"/var/activemq"
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
|
services.activemq.configurationDirThe base directory for ActiveMQ's configuration. By default, this directory is searched for a file named activemq.xml, which should contain the configuration for the broker service.
Default:
"/nix/store/716c6c54p62gm0573wkr8ch5f8ryzgh2-apache-activemq-5.8.0/conf"
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
|
services.activemq.configurationURIThe URI that is passed along to the BrokerFactory to
set up the configuration of the ActiveMQ broker service.
You should not need to change this. For custom configuration,
set the configurationDir instead, and create
an activemq.xml configuration file in it.
Default:
"xbean:activemq.xml"
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
|
services.activemq.enableEnable the Apache ActiveMQ message broker service.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
|
services.activemq.extraJavaOptionsAdd extra options here that you want to be sent to the Java runtime when the broker service is started.
Default:
""
Example:
"-Xmx2G -Xms2G -XX:MaxPermSize=512M"
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
|
services.activemq.javaPropertiesSpecifies Java properties that are sent to the ActiveMQ broker service with the "-D" option. You can set properties here to change the behaviour and configuration of the broker. All essential properties that are not set here are automatically given reasonable defaults.
Default:
{
}
Example:
{
java.net.preferIPv4Stack = "true";
}
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
|
services.almir.director_addressIP/Hostname for Director to connect with bconsole.
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/backup/almir.nix>
|
services.almir.director_nameName of the Director to connect with bconsole.
Declared by:
<nixpkgs/nixos/modules/services/backup/almir.nix>
|
services.almir.director_passwordPassword for Director to connect with bconsole.
Declared by:
<nixpkgs/nixos/modules/services/backup/almir.nix>
|
services.almir.director_portPort for Director to connect with bconsole.
Default:
9101
Declared by:
<nixpkgs/nixos/modules/services/backup/almir.nix>
|
services.almir.enableEnable Almir web server. Also configures postgresql database and installs bacula.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/almir.nix>
|
services.almir.portPort for Almir web server to listen on.
Default:
35000
Declared by:
<nixpkgs/nixos/modules/services/backup/almir.nix>
|
services.almir.sqlalchemy_engine_urlDefine SQL database connection to bacula catalog as specified in http://docs.sqlalchemy.org/en/latest/core/engines.html#database-urls
Example:
'' postgresql://bacula:bacula@localhost:5432/bacula mysql+mysqlconnector://<user>:<password>@<hostname>/<database>' sqlite:////var/lib/bacula/bacula.db' ''
Declared by:
<nixpkgs/nixos/modules/services/backup/almir.nix>
|
services.almir.timezoneTimezone as specified in https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
Example:
"Europe/Ljubljana"
Declared by:
<nixpkgs/nixos/modules/services/backup/almir.nix>
|
services.amule.dataDirThe directory holding configuration, incoming and temporary files.
Default:
"/home/amule/"
Declared by:
<nixpkgs/nixos/modules/services/networking/amuled.nix>
|
services.amule.enableWhether to run the AMule daemon. You need to manually run "amuled --ec-config" to configure the service for the first time.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/amuled.nix>
|
services.amule.userThe user the AMule daemon should run as.
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/amuled.nix>
|
services.apcupsd.configTextContents of the runtime configuration file, apcupsd.conf. The default settings makes apcupsd autodetect USB UPSes, limit network access to localhost and shutdown the system when the battery level is below 50 percent, or when the UPS has calculated that it has 5 minutes or less of remaining power-on time. See man apcupsd.conf for details.
Default:
'' UPSTYPE usb NISIP 127.0.0.1 BATTERYLEVEL 50 MINUTES 5 ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/apcupsd.nix>
|
services.apcupsd.enableWhether to enable the APC UPS daemon. apcupsd monitors your UPS and permits orderly shutdown of your computer in the event of a power failure. User manual: http://www.apcupsd.com/manual/manual.html. Note that apcupsd runs as root (to allow shutdown of computer). You can check the status of your UPS with the "apcaccess" command.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/apcupsd.nix>
|
services.apcupsd.hooksEach attribute in this option names an apcupsd event and the string value it contains will be executed in a shell, in response to that event (prior to the default action). See "man apccontrol" for the list of events and what they represent. A hook script can stop apccontrol from doing its default action by exiting with value 99. Do not do this unless you know what you're doing.
Default:
{
}
Example:
{
doshutdown = "# shell commands to notify that the computer is shutting down";
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/apcupsd.nix>
|
services.atd.allowEveryoneWhether to make /var/spool/at{jobs,spool}
writeable by everyone (and sticky). This is normally not
needed since the at commands are
setuid/setgid atd.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/scheduling/atd.nix>
|
services.atd.enableWhether to enable the at daemon, a command scheduler.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/scheduling/atd.nix>
|
services.avahi.browseDomainsList of non-local DNS domains to be browsed.
Default:
[
"0pointer.de" "zeroconf.org"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.enableWhether to run the Avahi daemon, which allows Avahi clients to use Avahi's service discovery facilities and also allows the local machine to advertise its presence and services (through the mDNS responder implemented by `avahi-daemon').
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.hostNameHost name advertised on the LAN. If not set, avahi will use the value of config.networking.hostName.
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.ipv4Whether to use IPv4
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.ipv6Whether to use IPv6
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.nssmdnsWhether to enable the mDNS NSS (Name Service Switch) plug-in. Enabling it allows applications to resolve names in the `.local' domain by transparently querying the Avahi daemon.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.publishingWhether to allow publishing.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.wideAreaWhether to enable wide-area service discovery.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.bacula-dir.enableWhether to enable Bacula Director Daemon.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.extraConfigExtra configuration for Bacula Director Daemon.
Default:
""
Example:
'' TODO ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.extraDirectorConfigExtra configuration to be passed in Director directive.
Default:
""
Example:
'' Maximum Concurrent Jobs = 20; Heartbeat Interval = 30; ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.extraMessagesConfigExtra configuration to be passed in Messages directive.
Default:
""
Example:
'' console = all ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.nameThe director name used by the system administrator. This directive is required.
Default:
"nixos-dir"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.passwordSpecifies the password that must be supplied for a Director.
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.portSpecify the port (a positive integer) on which the Director daemon will listen for Bacula Console connections. This same port number must be specified in the Director resource of the Console configuration file. The default is 9101, so normally this directive need not be specified. This directive should not be used if you specify DirAddresses (N.B plural) directive.
Default:
9101
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.directorThis option defines director resources in Bacula File Daemon.
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.director.<name>.monitorIf Monitor is set to no (default), this director will have full
Default:
"no"
Example:
"yes"
services.bacula-fd.director.<name>.passwordSpecifies the password that must be supplied for a Director to b
services.bacula-fd.enableWhether to enable Bacula File Daemon.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.extraClientConfigExtra configuration to be passed in Client directive.
Default:
""
Example:
'' Maximum Concurrent Jobs = 20; Heartbeat Interval = 30; ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.extraMessagesConfigExtra configuration to be passed in Messages directive.
Default:
""
Example:
'' console = all ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.nameThe client name that must be used by the Director when connecting. Generally, it is a good idea to use a name related to the machine so that error messages can be easily identified if you have multiple Clients. This directive is required.
Default:
"nixos-fd"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.portThis specifies the port number on which the Client listens for Director connections. It must agree with the FDPort specified in the Client resource of the Director's configuration file. The default is 9102.
Default:
9102
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.deviceThis option defines Device resources in Bacula Storage Daemon.
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.device.<name>.archiveDeviceThe specified name-string gives the system file name of the storage device managed by this storage daemon. This will usually be the device file name of a removable storage device (tape drive), for example " /dev/nst0" or "/dev/rmt/0mbn". For a DVD-writer, it will be for example /dev/hdc. It may also be a directory name if you are archiving to disk storage.
services.bacula-sd.device.<name>.extraDeviceConfigExtra configuration to be passed in Device directive.
Default:
""
Example:
'' LabelMedia = yes Random Access = no AutomaticMount = no RemovableMedia = no MaximumOpenWait = 60 AlwaysOpen = no ''
services.bacula-sd.device.<name>.mediaTypeThe specified name-string names the type of media supported by this device, for example, "DLT7000". Media type names are arbitrary in that you set them to anything you want, but they must be known to the volume database to keep track of which storage daemons can read which volumes. In general, each different storage type should have a unique Media Type associated with it. The same name-string must appear in the appropriate Storage resource definition in the Director's configuration file.
services.bacula-sd.directorThis option defines Director resources in Bacula Storage Daemon.
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.director.<name>.monitorIf Monitor is set to no (default), this director will have full
Default:
"no"
Example:
"yes"
services.bacula-sd.director.<name>.passwordSpecifies the password that must be supplied for a Director to b
services.bacula-sd.enableWhether to enable Bacula Storage Daemon.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.extraMessagesConfigExtra configuration to be passed in Messages directive.
Default:
""
Example:
'' console = all ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.extraStorageConfigExtra configuration to be passed in Storage directive.
Default:
""
Example:
'' Maximum Concurrent Jobs = 20; Heartbeat Interval = 30; ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.nameSpecifies the Name of the Storage daemon.
Default:
"nixos-sd"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.portSpecifies port number on which the Storage daemon listens for Director connections. The default is 9103.
Default:
9103
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bind.blockedNetworksWhat networks are just blocked.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.cacheNetworksWhat networks are allowed to use us as a resolver.
Default:
[
"127.0.0.0/24"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.configFileOverridable config file to use for named. By default, that generated by nixos.
Default:
(build of named.conf)
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.enableWhether to enable BIND domain name server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.forwardersList of servers we should forward requests to.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.ipv4OnlyOnly use ipv4, even if the host supports ipv6.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.zonesList of zones we claim authority over. master=false means slave server; slaves means addresses who may request zone transfer.
Default:
[
]
Example:
[
{
file = "/var/dns/example.com"; master = false; masters =
[
"192.168.0.1"
]
; name = "example.com"; slaves =
[
]
;
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bitlbee.authModeThe following authentication modes are available: Open -- Accept connections from anyone, use NickServ for user authentication. Closed -- Require authorization (using the PASS command during login) before allowing the user to connect at all. Registered -- Only allow registered users to use this server; this disables the register- and the account command until the user identifies himself.
Default:
"Open"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.enableWhether to run the BitlBee IRC to other chat network gateway. Running it allows you to access the MSN, Jabber, Yahoo! and ICQ chat networks via an IRC client.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.extraDefaultsWill be inserted in the Default section of the config file.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.extraSettingsWill be inserted in the Settings section of the config file.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.interfaceThe interface the BitlBee deamon will be listening to. If `127.0.0.1', only clients on the local host can connect to it; if `0.0.0.0', clients can access it from any network interface.
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.portNumberNumber of the port BitlBee will be listening to.
Default:
6667
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.btsync.apiKeyAPI key, which enables the developer API.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.checkForUpdatesDetermines whether to check for updates and alert the user about them in the UI.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.deviceNameName of the Bittorrent Sync device.
Example:
"Voltron"
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.downloadLimitDownload speed limit. 0 is unlimited (default).
Default:
0
Example:
1024
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.enableIf enabled, start the Bittorrent Sync daemon. Once enabled,
you can interact with the service through the Web UI, or
configure it in your NixOS configuration. Enabling the
btsync service also installs a
multi-instance systemd unit which can be used to start
user-specific copies of the daemon. Once installed, you can
use systemctl start btsync@user to start
the daemon only for user user, using the
configuration file located at
$HOME/.config/btsync.conf
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.enableWebUIEnable Web UI for administration. Bound to the specified
httpListenAddress and
httpListenPort.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.encryptLANEncrypt LAN data.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.httpListenAddrHTTP address to bind to.
Default:
"0.0.0.0"
Example:
"1.2.3.4"
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.httpListenPortHTTP port to bind on.
Default:
9000
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.httpLoginHTTP web login username.
Default:
""
Example:
"allyourbase"
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.httpPassHTTP web login password.
Default:
""
Example:
"arebelongtous"
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.listeningPortListening port. Defaults to 0 which randomizes the port.
Default:
0
Example:
44444
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.sharedFoldersShared folder list. If enabled, web UI must be
disabled. Secrets can be generated using btsync
--generate-secret. Note that this secret will be
put inside the Nix store, so it is realistically not very
secret.
Default:
[
]
Example:
[
{
directory = "/home/user/sync_test"; knownHosts =
[
"192.168.1.2:4444" "192.168.1.3:4444"
]
; searchLAN = true; secret = "AHMYFPCQAHBM7LQPFXQ7WV6Y42IGUXJ5Y"; useDHT = false; useRelayServer = true; useSyncTrash = true; useTracker = true;
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.uploadLimitUpload speed limit. 0 is unlimited (default).
Default:
0
Example:
1024
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.useUpnpUse Universal Plug-n-Play (UPnP)
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.cgminer.configAdditional config
Default:
{
}
Example:
{
auto-fan = true; auto-gpu = true; expiry = 120; failover-only = true; gpu-threads = 2; log = 5; queue = 1; scan-time = 60; temp-histeresys = 3;
}
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
|
services.cgminer.enableWhether to enable cgminer, an ASIC/FPGA/GPU miner for bitcoin and litecoin.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
|
services.cgminer.hardwareList of config options for every GPU
Default:
[
]
Example:
[
{
gpu-engine = "0-985"; gpu-fan = "0-85"; gpu-memclock = 860; gpu-powertune = 20; intensity = 9; temp-cutoff = 95; temp-overheat = 85; temp-target = 75;
}
{
gpu-engine = "0-950"; gpu-fan = "0-85"; gpu-memclock = 825; gpu-powertune = 20; intensity = 9; temp-cutoff = 95; temp-overheat = 85; temp-target = 75;
}
]
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
|
services.cgminer.packageWhich cgminer derivation to use.
Default:
(build of cgminer-3.7.2)
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
|
services.cgminer.poolsList of pools where to mine
Default:
[
]
Example:
[
{
password = "X"; url = "http://p2pool.org:9332"; username = "17EUZxTvs9uRmPsjPZSYUU3zCz9iwstudk";
}
]
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
|
services.cgminer.userUser account under which cgminer runs
Default:
"cgminer"
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
|
services.chrony.enableWhether to synchronise your machine's time using chrony. Make sure you disable NTP if you enable this service.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/chrony.nix>
|
services.chrony.extraConfigExtra configuration directives that should be added to
chrony.conf
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/chrony.nix>
|
services.chrony.initstepslewAllow chronyd to make a rapid measurement of the system clock error at boot time, and to correct the system clock by stepping before normal operation begins.
Default:
{
enabled = true; servers =
[
"0.pool.ntp.org" "1.pool.ntp.org" "2.pool.ntp.org"
]
; threshold = 1000;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/chrony.nix>
|
services.chrony.serversThe set of NTP servers from which to synchronise.
Default:
[
"0.pool.ntp.org" "1.pool.ntp.org" "2.pool.ntp.org"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/chrony.nix>
|
services.cjdns.confFileConfiguration file to pipe to cjdroute.
Default:
"/etc/cjdroute.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.enableEnable this option to start a instance of the
cjdns network encryption and and routing engine.
Configuration will be read from confFile.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.clamav.updater.configExtra configuration for freshclam. Contents will be added verbatim to the configuration file.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamav.updater.enableWhether to enable automatic ClamAV virus definitions database updates.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamav.updater.frequencyNumber of database checks per day.
Default:
12
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.cntlm.domainProxy account domain/workgroup name.
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.enableWhether to enable the cntlm, which start a local proxy.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.extraConfigVerbatim contents of cntlm.conf.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.netbios_hostnameThe hostname of your machine.
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.passwordProxy account password. Note: use chmod 0600 on /etc/cntlm.password for security.
Default:
"/etc/cntlm.password"
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.portSpecifies on which ports the cntlm daemon listens.
Default:
[
3128
]
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.proxyA list of NTLM/NTLMv2 authenticating HTTP proxies. Parent proxy, which requires authentication. The same as proxy on the command-line, can be used more than once to specify unlimited number of proxies. Should one proxy fail, cntlm automatically moves on to the next one. The connect request fails only if the whole list of proxies is scanned and (for each request) and found to be invalid. Command-line takes precedence over the configuration file.
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.usernameProxy account name, without the possibility to include domain name ('at' sign is interpreted literally).
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.couchdb.bindAddressDefines the IP address by which CouchDB will be accessible.
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.databaseDirSpecifies location of CouchDB database files (*.couch named). This location should be writable and readable for the user the CouchDB service runs as (couchdb by default).
Default:
"/var/lib/couchdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.enableWhether to run CouchDB Server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.extraConfigExtra configuration. Overrides any other cofiguration.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.groupGroup account under which couchdb runs.
Default:
"couchdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.logFileSpecifies the location of file for logging output.
Default:
"/var/log/couchdb.log"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.packageCouchDB package to use.
Default:
(build of couchdb-1.5.0)
Example:
pkgs.couchdb
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.portDefined the port number to listen.
Default:
5984
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.uriFileThis file contains the full URI that can be used to access this instance of CouchDB. It is used to help discover the port CouchDB is running on (if it was set to 0 (e.g. automatically assigned any free one). This file should be writable and readable for the user that runs the CouchDB service (couchdb by default).
Default:
"/var/run/couchdb/couchdb.uri"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.userUser account under which couchdb runs.
Default:
"couchdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.viewIndexDirSpecifies location of CouchDB view index files. This location should be writable and readable for the user that runs the CouchDB service (couchdb by default).
Default:
"/var/lib/couchdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.cron.enableWhether to enable the Vixie cron daemon.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/scheduling/cron.nix>
|
services.cron.mailtoEmail address to which job output will be mailed.
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/scheduling/cron.nix>
|
services.cron.systemCronJobsA list of Cron jobs to be appended to the system-wide
crontab. See the manual page for crontab for the expected
format. If you want to get the results mailed you must setuid
sendmail. See security.setuidOwners
If neither /var/cron/cron.deny nor /var/cron/cron.allow exist only root
will is allowed to have its own crontab file. The /var/cron/cron.deny file
is created automatically for you. So every user can use a crontab.
Many nixos modules set systemCronJobs, so if you decide to disable vixie cron
and enable another cron daemon, you may want it to get its system crontab
based on systemCronJobs.
Default:
[
]
Example:
[ "* * * * * test ls -l / > /tmp/cronout 2>&1" "* * * * * eelco echo Hello World > /home/eelco/cronout" ]
Declared by:
<nixpkgs/nixos/modules/services/scheduling/cron.nix>
|
services.dbus.enableWhether to start the D-Bus message bus daemon, which is required by many other system services and applications.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/system/dbus.nix>
|
services.dbus.packagesPackages whose D-Bus configuration files should be included in
the configuration of the D-Bus system-wide message bus.
Specifically, every file in
pkg/etc/dbus-1/system.d
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/system/dbus.nix>
|
services.dd-agent.api_keyThe Datadog API key to associate the agent with your account
Example:
"ae0aa6a8f08efa988ba0a17578f009ab"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/dd-agent.nix>
|
services.dd-agent.enableWhether to enable the dd-agent montioring service
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/dd-agent.nix>
|
services.dd-agent.hostnameThe hostname to show in the Datadog dashboard (optional)
Default:
null
Example:
"mymachine.mydomain"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/dd-agent.nix>
|
services.dd-agent.nginxConfigDatadog nginx integration configuration
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/dd-agent.nix>
|
services.dd-agent.postgresqlConfigDatadog PostgreSQL integration configuration
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/dd-agent.nix>
|
services.ddclient.domainDomain name to synchronize.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.enableWhether to synchronise your machine's IP address with a dynamic DNS provider (e.g. dyndns.org).
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.extraConfigExtra configuration. Contents will be added verbatim to the configuration file.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.passwordPassword.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.protocolProtocol to use with dynamic DNS provider. (see also, http://sourceforge.net/apps/trac/ddclient/wiki/Protocols)
Default:
"dyndns2"
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.serverServer
Default:
"members.dyndns.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.usernameUsername.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.webDefault:
"web, web=checkip.dyndns.com/, web-skip='Current IP Address: '"
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.deluge.enableStart Deluge daemon.
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.web.enableStart Deluge Web daemon.
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.dhcpd.configFileThe path of the DHCP server configuration file. If no file is specified, a file is generated using the other options.
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd.enableWhether to enable the DHCP server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd.extraConfigExtra text to be appended to the DHCP server configuration file. Currently, you almost certainly need to specify something here, such as the options specifying the subnet mask, DNS servers, etc.
Default:
""
Example:
''
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.5;
option domain-name-servers 130.161.158.4, 130.161.33.17, 130.161.180.1;
option domain-name "example.org";
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.200;
}
''Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd.interfacesThe interfaces on which the DHCP server should listen.
Default:
[
"eth0"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd.machinesA list mapping ethernet addresses to IP addresses for the DHCP server.
Default:
[
]
Example:
[
{
ethernetAddress = "00:16:76:9a:32:1d"; hostName = "foo"; ipAddress = "192.168.1.10";
}
{
ethernetAddress = "00:19:d1:1d:c4:9a"; hostName = "bar"; ipAddress = "192.168.1.11";
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dictd.DBsList of databases to make available.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/misc/dictd.nix>
|
services.dictd.enableWhether to enable the DICT.org dictionary server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/dictd.nix>
|
services.disnix.enableWhether to enable Disnix
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
|
services.disnix.infrastructureList of name value pairs containing properties for the infrastructure model
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
|
services.disnix.publishAvahiWhether to publish capabilities/properties as a Disnix service through Avahi
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
|
services.disnix.publishInfrastructure.enableWhether to publish capabilities/properties of this machine in as attributes in the infrastructure option
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
|
services.disnix.publishInfrastructure.enableAuthenticationWhether to publish authentication credentials through the infrastructure attribute (not recommended in combination with Avahi)
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
|
services.disnix.useWebServiceInterfaceWhether to enable the DisnixWebService interface running on Apache Tomcat
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
|
services.dnsmasq.enableWhether to run dnsmasq.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
|
services.dnsmasq.extraConfigExtra configuration directives that should be added to
dnsmasq.conf
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
|
services.dnsmasq.serversThe parameter to dnsmasq -S.
Default:
[
]
Example:
[
"8.8.8.8" "8.8.4.4"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
|
services.dovecot2.enableWhether to enable the Dovecot 2.x POP3/IMAP server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.enableImapStart the IMAP listener (when Dovecot is enabled).
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.enablePop3Start the POP3 listener (when Dovecot is enabled).
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.extraConfigAdditional entries to put verbatim into Dovecot's config file.
Default:
""
Example:
"mail_debug = yes"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.groupDovecot group name.
Default:
"dovecot2"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.mailLocationLocation that dovecot will use for mail folders. Dovecot mail_location option.
Default:
"maildir:/var/spool/mail/%u"
Example:
"maildir:~/mail:INBOX=/var/spool/mail/%u"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.showPAMFailureShow the PAM failure message on authentication error (useful for OTPW).
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.sslCACertCA certificate used by the server certificate.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.sslServerCertServer certificate
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.sslServerKeyServer key.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.userDovecot user name.
Default:
"dovecot2"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.drbd.configContents of the drbd.conf configuration file.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/drbd.nix>
|
services.drbd.enableWhether to enable support for DRBD, the Distributed Replicated Block Device.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/drbd.nix>
|
services.ejabberd.confDirLocation of the config directory of ejabberd
Default:
"/var/ejabberd"
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.ejabberd.enableWhether to enable ejabberd server
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.ejabberd.loadDumpsConfiguration dump that should be loaded on the first startup
Default:
[
]
Example:
[ ./myejabberd.dump ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.ejabberd.logsDirLocation of the logfile directory of ejabberd
Default:
"/var/log/ejabberd"
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.ejabberd.spoolDirLocation of the spooldir of ejabberd
Default:
"/var/lib/ejabberd"
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.ejabberd.virtualHostsVirtualhosts that ejabberd should host. Hostnames are surrounded with doublequotes and separated by commas
Default:
''"localhost"''
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.elasticsearch.cluster_nameElasticsearch name that identifies your cluster for auto-discovery
Default:
"elasticsearch"
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.dataDirData directory for elasticsearch.
Default:
"/var/lib/elasticsearch"
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.enableWhether to enable elasticsearch
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.extraConfExtra configuration for elasticsearch
Default:
""
Example:
'' node.name: "elasticsearch" node.master: true node.data: false index.number_of_shards: 5 index.number_of_replicas: 1 ''
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.hostElasticsearch listen address
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.loggingElasticsearch logging configuration
Default:
''
rootLogger: INFO, console
logger:
action: INFO
com.amazonaws: WARN
appender:
console:
type: console
layout:
type: consolePattern
conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"
''Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.portElasticsearch port to listen for HTTP traffic
Default:
9200
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.tcp_portElasticsearch port for the node to node communication
Default:
9300
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.fcron.allowUsers allowed to use fcrontab and fcrondyn (one name per
line, all for everyone).
Default:
[
"all"
]
Declared by:
<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
|
services.fcron.denyUsers forbidden from using fcron.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
|
services.fcron.enableWhether to enable the fcron daemon.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
|
services.fcron.maxSerialJobsMaximum number of serial jobs which can run simultaneously.
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
|
services.fcron.queuelenNumber of jobs the serial queue and the lavg queue can contain.
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
|
services.fcron.systabThe "system" crontab contents.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
|
services.felix.bundlesList of bundles that should be activated on startup
Default:
[
(build of apache-felix-remoteshell-bundle-1.0.4)
]
Declared by:
<nixpkgs/nixos/modules/services/misc/felix.nix>
|
services.felix.enableWhether to enable the Apache Felix OSGi service
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/felix.nix>
|
services.felix.groupGroup account under which Apache Felix runs.
Default:
"osgi"
Declared by:
<nixpkgs/nixos/modules/services/misc/felix.nix>
|
services.felix.userUser account under which Apache Felix runs.
Default:
"osgi"
Declared by:
<nixpkgs/nixos/modules/services/misc/felix.nix>
|
services.firebird.baseDirLocation containing data/ and system/ directories. data/ stores the databases, system/ stores the password database security2.fdb.
Default:
"/var/db/firebird"
Declared by:
<nixpkgs/nixos/modules/services/databases/firebird.nix>
|
services.firebird.enableWhether to enable the Firebird super server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/firebird.nix>
|
services.firebird.packageWhich firebird derivation to use.
Default:
(build of firebird-2.5.2.26540-0)
Declared by:
<nixpkgs/nixos/modules/services/databases/firebird.nix>
|
services.firebird.portPort Firebird uses.
Default:
"3050"
Declared by:
<nixpkgs/nixos/modules/services/databases/firebird.nix>
|
services.firebird.userUser account under which firebird runs.
Default:
"firebird"
Declared by:
<nixpkgs/nixos/modules/services/databases/firebird.nix>
|
services.flashpolicyd.enableWhether to enable the Flash Policy server. This is necessary if you want Flash applications to make connections to your server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/flashpolicyd.nix>
|
services.flashpolicyd.policyThe policy to be served. The default is to allow connections from any domain to any port.
Default:
'' <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="master-only"/> <allow-access-from domain="*" to-ports="*" /> </cross-domain-policy> ''
Declared by:
<nixpkgs/nixos/modules/services/networking/flashpolicyd.nix>
|
services.foldingAtHome.configExtra configuration. Contents will be added verbatim to the configuration file.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/folding-at-home.nix>
|
services.foldingAtHome.enableWhether to enable the Folding@Home to use idle CPU time.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/folding-at-home.nix>
|
services.foldingAtHome.nicknameA unique handle for statistics.
Default:
"Anonymous"
Declared by:
<nixpkgs/nixos/modules/services/misc/folding-at-home.nix>
|
services.fourStore.databaseRDF database name. If it doesn't exist, it will be created. Databases are stored in /var/lib/4store.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/4store.nix>
|
services.fourStore.enableWhether to enable 4Store RDF database server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/4store.nix>
|
services.fourStore.optionsExtra CLI options to pass to 4Store.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/4store.nix>
|
services.fourStoreEndpoint.databaseRDF database name to expose via the endpoint. Defaults to local 4Store database name.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/4store-endpoint.nix>
|
services.fourStoreEndpoint.enableWhether to enable 4Store SPARQL endpoint.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/4store-endpoint.nix>
|
services.fourStoreEndpoint.listenAddressIP address to listen on.
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/4store-endpoint.nix>
|
services.fourStoreEndpoint.optionsExtra CLI options to pass to 4Store's 4s-httpd process.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/4store-endpoint.nix>
|
services.fourStoreEndpoint.portport to listen on.
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/databases/4store-endpoint.nix>
|
services.fprot.updater.enableWhether to enable automatic F-Prot virus definitions database updates.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/fprot.nix>
|
services.fprot.updater.frequencyUpdate virus definitions every X minutes.
Default:
30
Declared by:
<nixpkgs/nixos/modules/services/security/fprot.nix>
|
services.fprot.updater.licenseKeyfileLicense keyfile. Defaults to the one supplied with installation package.
Declared by:
<nixpkgs/nixos/modules/services/security/fprot.nix>
|
services.fprot.updater.productDataproduct.data file. Defaults to the one supplied with installation package.
Declared by:
<nixpkgs/nixos/modules/services/security/fprot.nix>
|
services.frandom.enableenable the /dev/frandom device (a very fast random number generator)
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/frandom.nix>
|
services.freenet.enableEnable the Freenet daemon
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/freenet.nix>
|
services.freenet.niceSet the nice level for the Freenet daemon
Default:
10
Declared by:
<nixpkgs/nixos/modules/services/networking/freenet.nix>
|
services.fuppesd.configMutable configuration file which can be edited with the web interface. Due to possible modification, double quote the full path of the filename stored in your filesystem to avoid attempts to modify the content of the nix store.
Example:
"/etc/fuppes/fuppes.cfg"
Declared by:
<nixpkgs/nixos/modules/services/audio/fuppes.nix>
|
services.fuppesd.databaseDatabase file which index all shared files.
Default:
"/var/lib/fuppes/fuppes.db"
Declared by:
<nixpkgs/nixos/modules/services/audio/fuppes.nix>
|
services.fuppesd.enableEnables Fuppes (UPnP A/V Media Server). Can be used to watch photos, video and listen to music from a phone/tv connected to the local network.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/audio/fuppes.nix>
|
services.fuppesd.log.fileFile which will contains the log produced by the daemon.
Default:
"/var/log/fuppes.log"
Declared by:
<nixpkgs/nixos/modules/services/audio/fuppes.nix>
|
services.fuppesd.log.levelLogging level of fuppes, An integer between 0 and 3.
Default:
0
Example:
3
Declared by:
<nixpkgs/nixos/modules/services/audio/fuppes.nix>
|
services.fuppesd.nameEnables Fuppes (UPnP A/V Media Server). Can be used to watch photos, video and listen to music from a phone/tv connected to the local network.
Example:
"Media Center"
Declared by:
<nixpkgs/nixos/modules/services/audio/fuppes.nix>
|
services.fuppesd.userName of the user which own the configuration files and under which the fuppes daemon will be executed.
Default:
"root"
Example:
"fuppes"
Declared by:
<nixpkgs/nixos/modules/services/audio/fuppes.nix>
|
services.fuppesd.vfolderXML file describing the layout of virtual folder visible by the client.
Example:
/etc/fuppes/vfolder.cfg
Declared by:
<nixpkgs/nixos/modules/services/audio/fuppes.nix>
|
services.ghostOne.configExtra configuration options.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/games/ghost-one.nix>
|
services.ghostOne.enableEnable Ghost-One Warcraft3 game hosting server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/games/ghost-one.nix>
|
services.ghostOne.languageThe language of bot messages: English, Spanish, Russian, Serbian or Turkish.
Default:
"English"
Declared by:
<nixpkgs/nixos/modules/services/games/ghost-one.nix>
|
services.ghostOne.mappathThe path to the directory where you keep your map files. GHost One doesn't require map files but if it has access to them it can send them to players and automatically calculate most map config values. GHost One will search [bot_mappath + map_localpath] for the map file (map_localpath is set in each map's config file).
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/games/ghost-one.nix>
|
services.ghostOne.war3pathThe path to your local Warcraft III directory, which must contain war3.exe, storm.dll, and game.dll.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/games/ghost-one.nix>
|
services.gitDaemon.basePathRemap all the path requests as relative to the given path. For example, if you set base-path to /srv/git, then if you later try to pull git://example.com/hello.git, Git daemon will interpret the path as /srv/git/hello.git.
Default:
""
Example:
"/srv/git/"
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gitDaemon.enableEnable Git daemon, which allows public hosting of git repositories without any access controls. This is mostly intended for read-only access. You can allow write access by setting daemon.receivepack configuration item of the repository to true. This is solely meant for a closed LAN setting where everybody is friendly. If you need any access controls, use something else.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gitDaemon.exportAllPublish all directories that look like Git repositories (have the objects and refs subdirectories), even if they do not have the git-daemon-export-ok file. If disabled, you need to touch .git/git-daemon-export-ok in each repository you want the daemon to publish. Warning: enabling this without a repository whitelist or basePath publishes every git repository you have.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gitDaemon.listenAddressListen on a specific IP address or hostname.
Default:
""
Example:
"example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gitDaemon.optionsExtra configuration options to be passed to Git daemon.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gitDaemon.portPort to listen on.
Default:
9418
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gitDaemon.repositoriesA whitelist of paths of git repositories, or directories containing repositories all of which would be published. Paths must not end in "/". Warning: leaving this empty and enabling exportAll publishes all repositories in your filesystem or basePath if specified.
Default:
[
]
Example:
[
"/srv/git" "/home/user/git/repo2"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gnome3.at-spi2-core.enableWhether to enable at-spi2-core, a service for the Assistive Technologies available on the GNOME platform.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/at-spi2-core.nix>
|
services.gnome3.evolution-data-server.enableWhether to enable Evolution Data Server, a collection of services for storing addressbooks and calendars.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/evolution-data-server.nix>
|
services.gnome3.gnome-documents.enableWhether to enable GNOME Documents services, a document manager application for GNOME.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/gnome-documents.nix>
|
services.gnome3.gnome-keyring.enableWhether to enable GNOME Keyring daemon, a service designed to take care of the user's security credentials, such as user names and passwordsa search engine.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/gnome-keyring.nix>
|
services.gnome3.gnome-online-accounts.enableWhether to enable GNOME Online Accounts daemon, a service that provides a single sign-on framework for the GNOME desktop.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/gnome-online-accounts.nix>
|
services.gnome3.gnome-online-miners.enableWhether to enable GNOME Online Miners, a service that crawls through your online content.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/gnome-online-miners.nix>
|
services.gnome3.gnome-user-share.enableWhether to enable GNOME User Share, a service that exports the contents of the Public folder in your home directory on the local network.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/gnome-user-share.nix>
|
services.gnome3.seahorse.enableWhether to enable Seahorse search provider for the GNOME Shell activity search.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/seahorse.nix>
|
services.gnome3.sushi.enableWhether to enable Sushi, a quick previewer for nautilus.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/sushi.nix>
|
services.gnome3.tracker.enableWhether to enable Tracker services, a search engine, search tool and metadata storage system.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/tracker.nix>
|
services.gnunet.enableWhether to run the GNUnet daemon. GNUnet is GNU's anonymous peer-to-peer communication and file sharing framework.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gnunet.extraOptionsAdditional options that will be copied verbatim in `gnunet.conf'. See `gnunet.conf(5)' for details.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gnunet.fileSharing.quotaMaximum file system usage (in MiB) for file sharing.
Default:
1024
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gnunet.load.hardNetUpBandwidthHard bandwidth limit (in bits per second) when uploading data.
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gnunet.load.maxNetDownBandwidthMaximum bandwidth usage (in bits per second) for GNUnet when downloading data.
Default:
50000
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gnunet.load.maxNetUpBandwidthMaximum bandwidth usage (in bits per second) for GNUnet when downloading data.
Default:
50000
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gnunet.tcp.portThe TCP port for use by GNUnet.
Default:
2086
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gnunet.udp.portThe UDP port for use by GNUnet.
Default:
2086
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gogoclient.autorunWhether to automatically start the tunnel.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/gogoclient.nix>
|
services.gogoclient.enableEnable the gogoCLIENT IPv6 tunnel.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/gogoclient.nix>
|
services.gogoclient.passwordPath to a file (as a string), containing your gogoNET password, if any.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/gogoclient.nix>
|
services.gogoclient.serverThe Gateway6 server to be used.
Default:
"anonymous.freenet6.net"
Example:
"broker.freenet6.net"
Declared by:
<nixpkgs/nixos/modules/services/networking/gogoclient.nix>
|
services.gogoclient.usernameYour Gateway6 login name, if any.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/gogoclient.nix>
|
services.gpm.enableWhether to enable GPM, the General Purpose Mouse daemon, which enables mouse support in virtual consoles.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/ttys/gpm.nix>
|
services.gpm.protocolMouse protocol to use.
Default:
"ps/2"
Declared by:
<nixpkgs/nixos/modules/services/ttys/gpm.nix>
|
services.gpsd.debugLevelThe debugging level.
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/misc/gpsd.nix>
|
services.gpsd.deviceA device may be a local serial device for GPS input, or a URL of the form:
[{dgpsip|ntrip}://][user:passwd@]host[:port][/stream]
in which case it specifies an input source for DGPS or ntrip data.
Default:
"/dev/ttyUSB0"
Declared by:
<nixpkgs/nixos/modules/services/misc/gpsd.nix>
|
services.gpsd.enableWhether to enable `gpsd', a GPS service daemon.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/gpsd.nix>
|
services.gpsd.portThe port where to listen for TCP connections.
Default:
2947
Declared by:
<nixpkgs/nixos/modules/services/misc/gpsd.nix>
|
services.gpsd.readonlyWhether to enable the broken-device-safety, otherwise known as read-only mode. Some popular bluetooth and USB receivers lock up or become totally inaccessible when probed or reconfigured. This switch prevents gpsd from writing to a receiver. This means that gpsd cannot configure the receiver for optimal performance, but it also means that gpsd cannot break the receiver. A better solution would be for Bluetooth to not be so fragile. A platform independent method to identify serial-over-Bluetooth devices would also be nice.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/gpsd.nix>
|
services.graphite.carbon.aggregationRulesDefines if and how received metrics will be agregated
Default:
null
Example:
'' <env>.applications.<app>.all.requests (60) = sum <env>.applications.<app>.*.requests <env>.applications.<app>.all.latency (60) = avg <env>.applications.<app>.*.latency ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.blacklistAny metrics received which match one of the experssions will be dropped
Default:
null
Example:
"^some.noisy.metric.prefix..*"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.configContent of carbon configuration file
Default:
'' [cache] # Listen on localhost by default for security reasons UDP_RECEIVER_INTERFACE = 127.0.0.1 PICKLE_RECEIVER_INTERFACE = 127.0.0.1 LINE_RECEIVER_INTERFACE = 127.0.0.1 CACHE_QUERY_INTERFACE = 127.0.0.1 # Do not log every update LOG_UPDATES = False LOG_CACHE_HITS = False ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.enableAggregatorWhether to enable carbon agregator, the carbon buffering service
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.enableCacheWhether to enable carbon cache, the graphite storage daemon
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.enableRelayWhether to enable carbon relay, the carbon replication and sharding service
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.relayRulesRelay rules are used to send certain metrics to a certain backend.
Default:
null
Example:
'' [example] pattern = ^mydata\.foo\..+ servers = 10.1.2.3, 10.1.2.4:2004, myserver.mydomain.com ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.rewriteRulesRegular expression patterns that can be used to rewrite metric names in a search and replace fashion
Default:
null
Example:
'' [post] _sum$ = _avg$ = ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.storageAggregationDefines how to aggregate data to lower-precision retentions
Default:
null
Example:
'' [all_min] pattern = \.min$ xFilesFactor = 0.1 aggregationMethod = min ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.storageSchemasDefines retention rates for storing metrics
Default:
""
Example:
'' [apache_busyWorkers] pattern = ^servers\.www.*\.workers\.busyWorkers$ retentions = 15s:7d,1m:21d,15m:5y ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.whitelistOnly metrics received which match one of the experssions will be persisted
Default:
null
Example:
".*"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.dataDirData directory for graphite.
Default:
"/var/db/graphite"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.web.enableWhether to enable graphite web frontend
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.web.hostGraphite web frontend listen address
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.web.portGraphite web frontend port
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.gvpe.configFileGVPE config file, if already present
Default:
null
Example:
"/root/my-gvpe-conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
|
services.gvpe.configTextGVPE config contents
Default:
null
Example:
'' tcp-port = 655 udp-port = 655 mtu = 1480 ifname = vpn0 node = alpha hostname = alpha.example.org connect = always enable-udp = true enable-tcp = true on alpha if-up = if-up-0 on alpha pid-file = /var/gvpe/gvpe.pid ''
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
|
services.gvpe.customIFSetupAdditional commands to apply in ifup script
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
|
services.gvpe.enableWhether to run gvpe
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
|
services.gvpe.ipAddressIP address to assign to GVPE interface
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
|
services.gvpe.nodenameGVPE node name
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
|
services.gvpe.startOnCondition to start GVPE
Default:
"started network-interfaces"
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
|
services.gvpe.stopOnCondition to stop GVPE
Default:
"stopping network-interfaces"
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
|
services.gvpe.subnetIP subnet assigned to GVPE network
Default:
null
Example:
"10.0.0.0/8"
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
|
services.haproxy.configDefault configuration.
Default:
'' global log 127.0.0.1 local6 maxconn 24000 daemon nbproc 1 defaults mode http option httpclose # Remove requests from the queue if people press stop button option abortonclose # Try to connect this many times on failure retries 3 # If a client is bound to a particular backend but it goes down, # send them to a different one option redispatch monitor-uri /haproxy-ping timeout connect 7s timeout queue 300s timeout client 300s timeout server 300s # Enable status page at this URL, on the port HAProxy is bound to stats enable stats uri /haproxy-status stats refresh 5s stats realm Haproxy statistics ''
Declared by:
<nixpkgs/nixos/modules/services/networking/haproxy.nix>
|
services.haproxy.enableEnable the HAProxy.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/haproxy.nix>
|
services.hardware.pommed.configFileThe contents of the pommed.conf file.
Default:
"/nix/store/c5zq0jpyikyvwns7gw6z17xgl9hmpyas-pommed-1.39/etc/pommed.conf"
Declared by:
<nixpkgs/nixos/modules/services/hardware/pommed.nix>
|
services.hardware.pommed.enableWhether to use the pommed tool to handle Apple laptop keyboard hotkeys.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/pommed.nix>
|
services.haveged.enableWhether to enable to haveged entropy daemon, which refills /dev/random when low.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/haveged.nix>
|
services.haveged.refill_thresholdThe number of bits of available entropy beneath which haveged should refill the entropy pool.
Default:
1024
Declared by:
<nixpkgs/nixos/modules/services/security/haveged.nix>
|
services.hostapd.channelChannel number (IEEE 802.11) Please note that some drivers do not use this value from hostapd and the channel will need to be configured separately with iwconfig.
Default:
7
Example:
11
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.driverWhich driver hostapd will use. Most things will probably use the default.
Default:
"nl80211"
Example:
"hostapd"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.enableEnable putting a wireless interface into infrastructure mode, allowing other wireless devices to associate with the wireless interface and do wireless networking. A simple access point will enable hostapd.wpa, and hostapd.wpa_passphrase, hostapd.ssid, dhcpd on the wireless interface to provide IP addresses to the associated stations, and nat (from the wireless interface to an upstream interface).
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.extraCfgExtra configuration options to put in the hostapd.conf
Default:
""
Example:
'' auth_algo=0 ieee80211n=1 ht_capab=[HT40-][SHORT-GI-40][DSSS_CCK-40] ''
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.groupmembers of this group can control hostapd
Default:
"wheel"
Example:
"network"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.hwModeOperation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g
Default:
"b"
Example:
"g"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.interfaceThe interfaces hostapd will use.
Default:
""
Example:
"wlan0"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.ssidSSID to be used in IEEE 802.11 management frames.
Default:
"nixos"
Example:
"mySpecialSSID"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.wpaenable WPA (IEEE 802.11i/D3.0) to authenticate to the access point
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.wpaPassphraseWPA-PSK (pre-shared-key) passphrase. Clients will need this passphrase to associate with this access point. Warning: This passphrase will get put into a world-readable file in the nix store.
Default:
"my_sekret"
Example:
"any_64_char_string"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.httpd.adminAddrE-mail address of the server administrator.
Example:
"admin@example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.configFileOverride the configuration file used by Apache. By default, NixOS generates one automatically.
Default:
(build of httpd.conf)
Example:
pkgs.writeText "httpd.conf" "# my custom config file ...";
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.documentRootThe path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root.
Default:
null
Example:
"/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.enableWhether to enable the Apache HTTP Server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.enableSSLWhether to enable SSL (https) support.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.enableUserDirWhether to enable serving ~/public_html as
/~.
username
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.extraConfigThese lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default.
Default:
""
Example:
'' <Directory /home> Options FollowSymlinks AllowOverride All </Directory> ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.extraModulesAdditional Apache modules to be used. These can be
specified as a string in the case of modules distributed
with Apache, or as an attribute set specifying the
name and path of the
module.
Default:
[
]
Example:
[ "proxy_connect" { name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; } ]Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.extraSubservicesExtra subservices to enable in the webserver.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.globalRedirectIf set, all requests for this host are redirected permanently to the given URL.
Default:
null
Example:
"http://newserver.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.groupGroup under which httpd runs. The account is created automatically if it doesn't exist.
Default:
"wwwrun"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.hostNameCanonical hostname for the server.
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.logDirDirectory for Apache's log files. It is created automatically.
Default:
"/var/log/httpd"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.logFormatLog format for Apache's log files. Possible values are: combined, common, referer, agent.
Default:
"common"
Example:
"combined"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.logPerVirtualHostIf enabled, each virtual host gets its own
access_log and
error_log, namely suffixed by the
hostName of the virtual host.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.maxClientsMaximum number of httpd processes (prefork)
Default:
150
Example:
8
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.maxRequestsPerChildMaximum number of httpd requests answered per httpd child (prefork), 0 means unlimited
Default:
0
Example:
500
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.multiProcessingModuleMulti-processing module to be used by Apache. Available
modules are prefork (the default;
handles each request in a separate child process),
worker (hybrid approach that starts a
number of child processes each running a number of
threads) and event (a recent variant of
worker that handles persistent
connections more efficiently).
Default:
"prefork"
Example:
"worker"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.packageOverridable attribute of the Apache HTTP Server package to use.
Default:
(build of apache-httpd-2.2.27)
Example:
"pkgs.apacheHttpd_2_4"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.phpOptionsOptions appended to the PHP configuration file php.ini.
Default:
""
Example:
'' date.timezone = "CET" ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.portPort for the server. 0 means use the default port: 80 for http and 443 for https (i.e. when enableSSL is set).
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.servedDirsThis option provides a simple way to serve static directories.
Default:
[
]
Example:
[
{
dir = "/home/eelco/Dev/nix-homepage"; urlPath = "/nix";
}
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.servedFilesThis option provides a simple way to serve individual, static files.
Default:
[
]
Example:
[
{
dir = "/home/eelco/some-file.png"; urlPath = "/foo/bar.png";
}
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.serverAliasesAdditional names of virtual hosts served by this virtual host configuration.
Default:
[
]
Example:
[
"www.example.org" "www.example.org:8080" "example.org"
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.sslServerCertPath to server SSL certificate.
Default:
null
Example:
"/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.sslServerKeyPath to server SSL certificate key.
Example:
"/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.stateDirDirectory for Apache's transient runtime state (such as PID
files). It is created automatically. Note that the default,
/run/httpd, is deleted at boot time.
Default:
"/run/httpd"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.userUser account under which httpd runs. The account is created automatically if it doesn't exist.
Default:
"wwwrun"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHostsSpecification of the virtual hosts served by Apache. Each element should be an attribute set specifying the configuration of the virtual host. The available options are the non-global options permissible for the main host.
Default:
[
]
Example:
[
{
documentRoot = "/data/webroot-foo"; hostName = "foo";
}
{
documentRoot = "/data/webroot-bar"; hostName = "bar";
}
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.*.adminAddrE-mail address of the server administrator.
Default:
null
Example:
"admin@example.org"
services.httpd.virtualHosts.*.documentRootThe path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root.
Default:
null
Example:
"/data/webserver/docs"
services.httpd.virtualHosts.*.enableSSLWhether to enable SSL (https) support.
Default:
false
services.httpd.virtualHosts.*.enableUserDirWhether to enable serving ~/public_html as
/~.
username
Default:
false
services.httpd.virtualHosts.*.extraConfigThese lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default.
Default:
""
Example:
'' <Directory /home> Options FollowSymlinks AllowOverride All </Directory> ''
services.httpd.virtualHosts.*.extraSubservicesExtra subservices to enable in the webserver.
Default:
[
]
services.httpd.virtualHosts.*.globalRedirectIf set, all requests for this host are redirected permanently to the given URL.
Default:
null
Example:
"http://newserver.example.org/"
services.httpd.virtualHosts.*.hostNameCanonical hostname for the server.
Default:
"localhost"
services.httpd.virtualHosts.*.logFormatLog format for Apache's log files. Possible values are: combined, common, referer, agent.
Default:
"common"
Example:
"combined"
services.httpd.virtualHosts.*.portPort for the server. 0 means use the default port: 80 for http and 443 for https (i.e. when enableSSL is set).
Default:
0
services.httpd.virtualHosts.*.servedDirsThis option provides a simple way to serve static directories.
Default:
[
]
Example:
[
{
dir = "/home/eelco/Dev/nix-homepage"; urlPath = "/nix";
}
]
services.httpd.virtualHosts.*.servedFilesThis option provides a simple way to serve individual, static files.
Default:
[
]
Example:
[
{
dir = "/home/eelco/some-file.png"; urlPath = "/foo/bar.png";
}
]
services.httpd.virtualHosts.*.serverAliasesAdditional names of virtual hosts served by this virtual host configuration.
Default:
[
]
Example:
[
"www.example.org" "www.example.org:8080" "example.org"
]
services.httpd.virtualHosts.*.sslServerCertPath to server SSL certificate.
Default:
null
Example:
"/var/host.cert"
services.httpd.virtualHosts.*.sslServerKeyPath to server SSL certificate key.
Example:
"/var/host.key"
services.iodined.clientStart iodine in client mode
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/iodined.nix>
|
services.iodined.domainDomain or subdomain of which nameservers point to us
Default:
""
Example:
"tunnel.mydomain.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/iodined.nix>
|
services.iodined.enableEnable iodine, ip over dns daemon
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/iodined.nix>
|
services.iodined.extraConfigAdditional command line parameters
Default:
""
Example:
"-P mysecurepassword -l 192.168.1.10 -p 23"
Declared by:
<nixpkgs/nixos/modules/services/networking/iodined.nix>
|
services.iodined.ipAssigned ip address or ip range
Default:
""
Example:
"172.16.10.1/24"
Declared by:
<nixpkgs/nixos/modules/services/networking/iodined.nix>
|
services.ircdHybrid.adminEmailIRCD server administrator e-mail.
Default:
"<bit-bucket@example.com>"
Example:
"<name@domain.tld>"
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.ircdHybrid.certificateIRCD server SSL certificate. There are some limitations - read manual.
Default:
null
Example:
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.ircdHybrid.descriptionIRCD server description.
Default:
"Hybrid-7 IRC server."
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.ircdHybrid.enableEnable IRCD.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.ircdHybrid.extraIPsExtra IP's to bind.
Default:
[
]
Example:
[
"127.0.0.1"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.ircdHybrid.extraPortExtra port to avoid filtering.
Default:
"7117"
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.ircdHybrid.rsaKeyIRCD server RSA key.
Default:
null
Example:
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.ircdHybrid.serverNameIRCD server name.
Default:
"hades.arpa"
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.ircdHybrid.sidIRCD server unique ID in a net of servers.
Default:
"0NL"
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.jboss.deployDirLocation of the deployment files
Default:
"/nix/var/nix/profiles/default/server/default/deploy/"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
|
services.jboss.enableWhether to enable jboss
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
|
services.jboss.libUrlLocation where the shared library JARs are stored
Default:
"file:///nix/var/nix/profiles/default/server/default/lib"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
|
services.jboss.logDirLocation of the logfile directory of JBoss
Default:
"/var/log/jboss"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
|
services.jboss.serverDirLocation of the server instance files
Default:
"/var/jboss/server"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
|
services.jboss.tempDirLocation where JBoss stores its temp files
Default:
"/tmp"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
|
services.jboss.useJKWhether to use to connector to the Apache HTTP server
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
|
services.jboss.userUser account under which jboss runs.
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
|
services.jenkins.enableWhether to enable the jenkins continuous integration server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.environmentAdditional environment variables to be passed to the jenkins process. The environment will always include JENKINS_HOME.
Default:
{
NIX_REMOTE = "daemon";
}
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.groupIf the default user "jenkins" is configured then this is the primary group of that user.
Default:
"jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.homeThe path to use as JENKINS_HOME. If the default user "jenkins" is configured then this is the home of the "jenkins" user.
Default:
"/var/lib/jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.packagesPackages to add to PATH for the jenkins process.
Default:
[
(build of stdenv) (build of git-minimal-1.9.4) (build of openjdk-7u65b32) (build of openssh-6.6p1) (build of )
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.portSpecifies port number on which the jenkins HTTP interface listens. The default is 8080.
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.userUser the jenkins server should execute under.
Default:
"jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkinsSlave.enableIf true the system will be configured to work as a jenkins slave. If the system is also configured to work as a jenkins master then this has no effect. In progress: Currently only assures the jenkins user is configured.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix>
|
services.jenkinsSlave.groupIf the default slave agent user "jenkins" is configured then this is the primary group of that user.
Default:
"jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix>
|
services.jenkinsSlave.homeThe path to use as JENKINS_HOME. If the default user "jenkins" is configured then this is the home of the "jenkins" user.
Default:
"/var/lib/jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix>
|
services.jenkinsSlave.userUser the jenkins slave agent should execute under.
Default:
"jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix>
|
services.journald.consoleIf non-empty, write log messages to the specified TTY device.
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
services.journald.enableHttpGatewayWhether to enable the HTTP gateway to the journal.
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
services.journald.extraConfigExtra config options for systemd-journald. See man journald.conf for available options.
Default:
""
Example:
"Storage=volatile"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
services.journald.rateLimitBurstConfigures the rate limiting burst limit (number of messages per interval) that is applied to all messages generated on the system. This rate limiting is applied per-service, so that two services which log do not interfere with each other's limit.
Default:
100
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
services.journald.rateLimitIntervalConfigures the rate limiting interval that is applied to all messages generated on the system. This rate limiting is applied per-service, so that two services which log do not interfere with each other's limit. The value may be specified in the following units: s, min, h, ms, us. To turn off any kind of rate limiting, set either value to 0.
Default:
"10s"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
services.kerberos_server.enableEnable the kerberos authentification server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/system/kerberos.nix>
|
services.kippo.enableEnable the kippo honeypot ssh server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/kippo.nix>
|
services.kippo.extraConfigExtra verbatim configuration added to the end of kippo.cfg.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/kippo.nix>
|
services.kippo.hostnameHostname for kippo to present to SSH login
Default:
"nas3"
Declared by:
<nixpkgs/nixos/modules/services/networking/kippo.nix>
|
services.kippo.logPathPath of log files needed for operation and configuration.
Default:
"/var/log/kippo"
Declared by:
<nixpkgs/nixos/modules/services/networking/kippo.nix>
|
services.kippo.pidPathPath of pid files needed for operation.
Default:
"/run/kippo"
Declared by:
<nixpkgs/nixos/modules/services/networking/kippo.nix>
|
services.kippo.portTCP port number for kippo to bind to.
Default:
2222
Declared by:
<nixpkgs/nixos/modules/services/networking/kippo.nix>
|
services.kippo.varPathPath of read/write files needed for operation and configuration.
Default:
"/var/lib/kippo"
Declared by:
<nixpkgs/nixos/modules/services/networking/kippo.nix>
|
services.klogd.enableWhether to enable klogd, the kernel log message processing daemon. Since systemd handles logging of kernel messages on Linux 3.5 and later, this is only useful if you're running an older kernel.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/logging/klogd.nix>
|
services.kmscon.enableUse kmscon as the virtual console instead of gettys. kmscon is a kms/dri-based userspace virtual terminal implementation. It supports a richer feature set than the standard linux console VT, including full unicode support, and when the video card supports drm should be much faster.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/ttys/kmscon.nix>
|
services.kmscon.extraConfigExtra contents of the kmscon.conf file.
Default:
""
Example:
"font-size=14"
Declared by:
<nixpkgs/nixos/modules/services/ttys/kmscon.nix>
|
services.kmscon.hwRenderWhether to use 3D hardware acceleration to render the console.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/ttys/kmscon.nix>
|
services.lighttpd.cgit.configTextVerbatim contents of the cgit runtime configuration file. Documentation (with cgitrc example file) is available in "man cgitrc". Or online: http://git.zx2c4.com/cgit/tree/cgitrc.5.txt
Default:
""
Example:
'' cache-size=1000 scan-path=/srv/git ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/cgit.nix>
|
services.lighttpd.cgit.enableIf true, enable cgit (fast web interface for git repositories) as a sub-service in lighttpd. cgit will be accessible at http://yourserver/cgit
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/cgit.nix>
|
services.lighttpd.configTextOverridable config file contents to use for lighttpd. By default, use the contents automatically generated by NixOS.
Default:
""
Example:
"...verbatim config file contents..."
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.lighttpd.document-rootDocument-root of the web server. Must be readable by the "lighttpd" user.
Default:
"/srv/www"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.lighttpd.enableEnable the lighttpd web server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.lighttpd.extraConfigThese configuration lines will be appended to the generated lighttpd
config file. Note that this mechanism does not work when the manual
configText option is used.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.lighttpd.gitweb.enableIf true, enable gitweb in lighttpd. Access it at http://yourserver/gitweb
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/gitweb.nix>
|
services.lighttpd.gitweb.extraConfigVerbatim configuration text appended to the generated gitweb.conf file.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/gitweb.nix>
|
services.lighttpd.gitweb.projectrootPath to git projects (bare repositories) that should be served by gitweb. Must not end with a slash.
Default:
"/srv/git"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/gitweb.nix>
|
services.lighttpd.mod_statusShow server status overview at /server-status, statistics at /server-statistics and list of loaded modules at /server-config.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.lighttpd.mod_userdirIf true, requests in the form /~user/page.html are rewritten to take the file public_html/page.html from the home directory of the user.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.lighttpd.portTCP port number for lighttpd to bind to.
Default:
80
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.locate.enableIf enabled, NixOS will periodically update the database of files used by the locate command.
Default:
false
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
|
services.locate.periodThis option defines (in the format used by cron) when the locate database is updated. The default is to update at 02:15 at night every day.
Default:
"15 02 * * *"
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
|
services.logcheck.configConfig options that you would like in logcheck.conf.
Default:
"FQDN=1"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.enableEnable the logcheck cron job.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.extraGroupsExtra groups for the logcheck user, for example to be able to use sendmail, or to access certain log files.
Default:
[
]
Example:
[
"postdrop" "mongodb"
]
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.extraRulesDirsDirectories with extra rules.
Default:
[
]
Example:
"/etc/logcheck"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.filesWhich log files to check.
Default:
[
"/var/log/messages"
]
Example:
[
"/var/log/messages" "/var/log/mail"
]
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.ignoreThis option defines extra ignore rules.
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.ignore.<name?>.levelSet the logcheck level. Either "workstation", "server", or "paranoid".
Default:
"server"
services.logcheck.ignore.<name?>.regexRegex specifying which log lines to ignore.
Default:
""
services.logcheck.ignoreCronThis option defines extra ignore rules for cronjobs.
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.ignoreCron.<name?>.cmdlineCommand line for the cron job. Will be turned into a regex for the logcheck ignore rule.
Default:
""
services.logcheck.ignoreCron.<name?>.levelSet the logcheck level. Either "workstation", "server", or "paranoid".
Default:
"server"
services.logcheck.ignoreCron.<name?>.regexRegex specifying which log lines to ignore.
Default:
""
services.logcheck.ignoreCron.<name?>.timeArgs"min hr dom mon dow" crontab time args, to auto-create a cronjob too. Leave at null to not do this and just add a logcheck ignore rule.
Default:
null
Example:
"02 06 * * *"
services.logcheck.ignoreCron.<name?>.userUser that runs the cronjob.
Default:
"root"
services.logcheck.levelSet the logcheck level. Either "workstation", "server", or "paranoid".
Default:
"server"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.mailToEmail address to send reports to.
Default:
"root"
Example:
"you@domain.com"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.timeOfDayTime of day to run logcheck. A logcheck will be scheduled at xx:02 each day. Leave default (*) to run every hour. Of course when nothing special was logged, logcheck will be silent.
Default:
"*"
Example:
"6"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.userUsername for the logcheck user.
Default:
"logcheck"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logind.extraConfigExtra config options for systemd-logind. See man logind.conf for available options.
Default:
""
Example:
"HandleLidSwitch=ignore"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
services.logrotate.configThe contents of the logrotate config file
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/logging/logrotate.nix>
|
services.logrotate.enableEnable the logrotate cron job
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/logging/logrotate.nix>
|
services.logstash.enableEnable logstash
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.filterConfiglogstash filter configuration
Default:
"noop {}"
Example:
''
if [type] == "syslog" {
# Keep only relevant systemd fields
# http://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html
prune {
whitelist_names => [
"type", "@timestamp", "@version",
"MESSAGE", "PRIORITY", "SYSLOG_FACILITY",
]
}
}
''Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.inputConfigLogstash input configuration
Default:
''stdin { type => "example" }''
Example:
''
# Read from journal
pipe {
command => "/nix/store/kj0855m9xayg5ph5vwrnvcjzv8wkssbh-systemd-212/bin/journalctl -f -o json"
type => "syslog" codec => json {}
}
''Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.outputConfigLogstash output configuration
Default:
''stdout { debug => true debug_format => "json"}''
Example:
''
redis { host => "localhost" data_type => "list" key => "logstash" codec => json }
elasticsearch { embedded => true }
''Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.lshd.enableWhether to enable the GNU lshd SSH2 daemon, which allows secure remote login.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.hostKeyPath to the server's private key. Note that this key must have been created, e.g., using "lsh-keygen --server | lsh-writekey --server", so that you can run lshd.
Default:
"/etc/lsh/host-key"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.interfacesList of network interfaces where listening for connections. When providing the empty list, `[]', lshd listens on all network interfaces.
Default:
[
]
Example:
[
"localhost" "1.2.3.4:443"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.loginShellIf non-null, override the default login shell with the specified value.
Default:
null
Example:
"/nix/store/xyz-bash-10.0/bin/bash10"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.passwordAuthenticationWhether to enable password authentication.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.portNumberThe port on which to listen for connections.
Default:
22
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.publicKeyAuthenticationWhether to enable public key authentication.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.rootLoginWhether to enable remote root login.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.srpKeyExchangeWhether to enable SRP key exchange and user authentication.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.subsystemsList of subsystem-path pairs, where the head of the pair denotes the subsystem name, and the tail denotes the path to an executable implementing it.
Default:
[
[
"sftp" "/nix/store/7s05hsb9y1wgk3q24w35yj5wqnq3rvg7-lsh-2.0.4/sbin/sftp-server"
]
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.syslogWhether to enable syslog output.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.tcpForwardingWhether to enable TCP/IP forwarding.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.x11ForwardingWhether to enable X11 forwarding.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.mail.freepopsd.bindBind over an IPv4 address instead of any.
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/mail/freepops.nix>
|
services.mail.freepopsd.enableEnables Freepops, a POP3 webmail wrapper.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/freepops.nix>
|
services.mail.freepopsd.logFileFilename of the log file or syslog to rely on the logging daemon.
Default:
"/var/log/freepopsd"
Example:
"syslog"
Declared by:
<nixpkgs/nixos/modules/services/mail/freepops.nix>
|
services.mail.freepopsd.portPort on which the pop server will listen.
Default:
2000
Declared by:
<nixpkgs/nixos/modules/services/mail/freepops.nix>
|
services.mail.freepopsd.suid.groupGroup under which freepopsd will be after binding the port.
Default:
"nogroup"
Declared by:
<nixpkgs/nixos/modules/services/mail/freepops.nix>
|
services.mail.freepopsd.suid.userUser name under which freepopsd will be after binding the port.
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/mail/freepops.nix>
|
services.mail.freepopsd.threadsMax simultaneous connections.
Default:
5
Declared by:
<nixpkgs/nixos/modules/services/mail/freepops.nix>
|
services.mail.sendmailSetuidWrapperConfiguration for the sendmail setuid wrwapper (like an element of security.setuidOwners)";
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/mail.nix>
|
services.memcached.enableWhether to enable Memcached.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
|
services.memcached.extraOptionsA list of extra options that will be added as a suffix when running memcached
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
|
services.memcached.listenThe IP address to bind to
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
|
services.memcached.maxConnectionsThe maximum number of simultaneous connections
Default:
1024
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
|
services.memcached.maxMemoryThe maximum amount of memory to use for storage, in megabytes.
Default:
64
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
|
services.memcached.portThe port to bind to
Default:
11211
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
|
services.memcached.socketUnix socket path to listen on. Setting this will disable network support
Default:
""
Example:
"/var/run/memcached"
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
|
services.memcached.userThe user to run Memcached as
Default:
"memcached"
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
|
services.minecraft-server.enableIf enabled, start a Minecraft Server. The listening port for
the server is always 25565. The server
data will be loaded from and saved to
/var/lib/minecraft.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
|
services.minecraft-server.jvmOptsJVM options for the Minecraft Service.
Default:
"-Xmx2048M -Xms2048M"
Declared by:
<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
|
services.mingetty.greetingLineWelcome line printed by mingetty.
Default:
''<<< Welcome to NixOS 14.04.439.2b27053 (\m) - \l >>>''
Declared by:
<nixpkgs/nixos/modules/services/ttys/agetty.nix>
|
services.mingetty.helpLineHelp line printed by mingetty below the welcome line. Used by the installation CD to give some hints on how to proceed.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/ttys/agetty.nix>
|
services.mingetty.serialSpeedBitrates to allow for agetty's listening on serial ports. Listing more bitrates gives more interoperability but at the cost of long delays for getting a sync on the line.
Default:
[
115200 57600 38400 9600
]
Example:
[
38400 9600
]
Declared by:
<nixpkgs/nixos/modules/services/ttys/agetty.nix>
|
services.minidlna.configThe contents of MiniDLNA's configuration file.
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
|
services.minidlna.enableWhether to enable MiniDLNA, a simple DLNA server. It serves media files such as video and music to DLNA client devices such as televisions and media players.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
|
services.minidlna.mediaDirsDirectories to be scanned for media files. The prefixes
A,, V, and
P, restrict a directory to audio, video
or image files. The directories must be accessible to the
minidlna user account.
Default:
[
]
Example:
[
"/data/media" "V,/home/alice/video"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
|
services.monetdb.dbfarmDirSpecifies location of Monetdb dbfarm (keeps database and auxiliary files).
Default:
"/var/lib/monetdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
|
services.monetdb.enableWhether to enable MonetDB database server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
|
services.monetdb.packageMonetDB package to use.
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
|
services.monetdb.portPort to listen on.
Default:
"50000"
Example:
"50000"
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
|
services.mongodb.bind_ipIP to bind to
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.dbpathLocation where MongoDB stores its files
Default:
"/var/db/mongodb"
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.enableWhether to enable the MongoDB server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.logappendAppend logfile instead over overwriting
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.logpathLocation where MongoDB stores its logfile
Default:
"/var/log/mongodb/mongod.log"
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.packageWhich MongoDB derivation to use.
Default:
(build of mongodb-2.4.8)
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.quietquieter output
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.replSetNameIf this instance is part of a replica set, set its name here. Otherwise, leave empty to run as single node.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.userUser account under which MongoDB runs
Default:
"mongodb"
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.monit.configmonit.conf content
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/monit.nix>
|
services.monit.enableWhether to run Monit system watcher.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/monit.nix>
|
services.monit.startOnWhat Monit supposes to be already present
Default:
"started network-interfaces"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/monit.nix>
|
services.mpd.dataDirThe directory where MPD stores its state, tag cache, playlists etc.
Default:
"/var/lib/mpd/"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.enableWhether to enable MPD, the music player daemon.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.extraConfigExtra directives added to to the end of MPD's configuration file, mpd.conf. Basic configuration like file location and uid/gid is added automatically to the beginning of the file.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.musicDirectoryExtra configuration added to the end of MPD's configuration file, mpd.conf.
Default:
"/var/lib/mpd//music"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.munin-cron.enableEnable munin-cron. Takes care of all heavy lifting to collect data from
nodes and draws graphs to html. Runs munin-update, munin-limits,
munin-graphs and munin-html in that order.
HTML output is in /var/www/munin/, configure your
favourite webserver to serve static files.
Default:
false
Example:
services = {
munin-node.enable = true;
munin-cron = {
enable = true;
hosts = ''
[${config.networking.hostName}]
address localhost
'';
extraGlobalConfig = ''
contact.email.command mail -s "Munin notification for ${var:host}" someone@example.com
'';
};
};
Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
|
services.munin-cron.extraGlobalConfigmunin.conf extra global configuration.
See http://munin-monitoring.org/wiki/munin.conf.
Useful to setup notifications, see
http://munin-monitoring.org/wiki/HowToContact
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
|
services.munin-cron.hostsDefinitions of hosts of nodes to collect data from. Needs at least one hosts for cron to succeed. See http://munin-monitoring.org/wiki/munin.conf
Example:
''
[''${config.networking.hostName}]
address localhost
''Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
|
services.munin-node.enableEnable Munin Node agent. Munin node listens on 0.0.0.0 and by default accepts connections only from 127.0.0.1 for security reasons. See http://munin-monitoring.org/wiki/munin-node.conf.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
|
services.munin-node.extraConfigmunin-node.conf extra configuration. See
http://munin-monitoring.org/wiki/munin-node.conf
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
|
services.murmur.allowHtmlAllow HTML in client messages, comments, and channel descriptions.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.autobanAttemptsNumber of attempts a client is allowed to make in
autobanTimeframe seconds, before being
banned for autobanTime.
Default:
10
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.autobanTimeThe amount of time an IP ban lasts (in seconds).
Default:
300
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.autobanTimeframeTimeframe in which a client can connect without being banned for repeated attempts (in seconds).
Default:
120
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.bandwidthMaximum bandwidth (in bits per second) that clients may send speech at.
Default:
72000
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.bonjourEnable Bonjour auto-discovery, which allows clients over your LAN to automatically discover Murmur servers.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.clientCertRequiredRequire clients to authenticate via certificates.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.enableIf enabled, start the Murmur Service.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.hostNameHost to bind to. Defaults binding on all addresses.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.imgMsgLengthMax length of image messages. Set 0 for no limit.
Default:
131072
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.logDaysHow long to store RPC logs for in the database. Set 0 to keep logs forever, or -1 to disable DB logging.
Default:
31
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.passwordRequired password to join server, if specified.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.pidfilePath to PID file for Murmur daemon.
Default:
"/tmp/murmurd.pid"
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.portPorts to bind to (UDP and TCP).
Default:
64738
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.registerHostnameDNS hostname where your server can be reached. This is only needed if you want your server to be accessed by its hostname and not IP - but the name *must* resolve on the internet properly.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.registerNamePublic server registration name, and also the name of the Root channel. Even if you don't publicly register your server, you probably still want to set this.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.registerPasswordPublic server registry password, used authenticate your server to the registry to prevent impersonation; required for subsequent registry updates.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.registerUrlURL website for your server.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.sendVersionSend Murmur version in UDP response.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.sslCertPath to your SSL certificate.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.sslKeyPath to your SSL key.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.textMsgLengthMax length of text messages. Set 0 for no limit.
Default:
5000
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.usersMaximum number of concurrent clients allowed.
Default:
100
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.welcomeWelcome message for connected clients.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.mysql.dataDirLocation where MySQL stores its table files
Default:
"/var/mysql"
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.enableWhether to enable the MySQL server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.extraOptionsProvide extra options to the MySQL configuration file.
Please note, that these options are added to the
[mysqld] section so you don't need to explicitly
state it again.
Default:
""
Example:
'' key_buffer_size = 6G table_cache = 1600 log-error = /var/log/mysql_err.log ''
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.initialDatabasesList of database names and their initial schemas that should be used to create databases on the first startup of MySQL
Default:
[
]
Example:
[
{
name = "foodatabase"; schema = ./foodatabase.sql;
}
{
name = "bardatabase"; schema = ./bardatabase.sql;
}
]
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.initialScriptA file containing SQL statements to be executed on the first startup. Can be used for granting certain permissions on the database
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.packageWhich MySQL derivation to use.
Example:
pkgs.mysql
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.pidDirLocation of the file which stores the PID of the MySQL server
Default:
"/var/run/mysql"
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.portPort of MySQL
Default:
"3306"
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.replication.masterHostHostname of the MySQL master server
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.replication.masterPasswordPassword of the MySQL replication user
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.replication.masterPortPort number on which the MySQL master server runs
Default:
3306
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.replication.masterUserUsername of the MySQL replication user
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.replication.roleRole of the MySQL server instance. Can be either: master, slave or none
Default:
"none"
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.replication.serverIdId of the MySQL server instance. This number must be unique for each instance
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.rootPasswordPath to a file containing the root password, modified on the first startup. Not specifying a root password will leave the root password empty.
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.userUser account under which MySQL runs
Default:
"mysql"
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysqlBackup.databasesList of database names to dump.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
|
services.mysqlBackup.enableWhether to enable MySQL backups.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
|
services.mysqlBackup.locationLocation to put the gzipped MySQL database dumps.
Default:
"/var/backup/mysql"
Declared by:
<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
|
services.mysqlBackup.periodThis option defines (in the format used by cron) when the databases should be dumped. The default is to update at 01:15 (at night) every day.
Default:
"15 01 * * *"
Declared by:
<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
|
services.mysqlBackup.singleTransactionWhether to create database dump in a single transaction
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
|
services.mysqlBackup.userUser to be used to perform backup.
Default:
"mysql"
Declared by:
<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
|
services.nagios.enableWhether to use Nagios to monitor your system or network.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios/default.nix>
|
services.nagios.enableWebInterface
Whether to enable the Nagios web interface. You should also
enable Apache (services.httpd.enable).
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios/default.nix>
|
services.nagios.objectDefsA list of Nagios object configuration files that must define the hosts, host groups, services and contacts for the network that you want Nagios to monitor.
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios/default.nix>
|
services.nagios.plugins
Packages to be added to the Nagios PATH.
Typically used to add plugins, but can be anything.
Default:
[
(build of nagios-plugins-1.4.10) (build of ssmtp-2.64)
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios/default.nix>
|
services.nagios.urlPath
The URL path under which the Nagios web interface appears.
That is, you can access the Nagios web interface through
http://.
server/urlPath
Default:
"/nagios"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios/default.nix>
|
services.networking.websockify.enableWhether to enable websockify to forward websocket connections to TCP connections.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/websockify.nix>
|
services.networking.websockify.portMapPorts to map by default.
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/websockify.nix>
|
services.networking.websockify.sslCertPath to the SSL certificate.
Declared by:
<nixpkgs/nixos/modules/services/networking/websockify.nix>
|
services.networking.websockify.sslKeyPath to the SSL key.
Default:
"config.services.networking.websockify.sslCert"
Declared by:
<nixpkgs/nixos/modules/services/networking/websockify.nix>
|
services.nfs.server.createMountPointsWhether to create the mount points in the exports file at startup time.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
|
services.nfs.server.enableWhether to enable the kernel's NFS server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
|
services.nfs.server.exportsContents of the /etc/exports file. See exports(5) for the format.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
|
services.nfs.server.hostNameHostname or address on which NFS requests will be accepted.
Default is all. See the -H option in
nfsd(8).
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
|
services.nfs.server.nprocNumber of NFS server threads. Defaults to the recommended value of 8.
Default:
8
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
|
services.nginx.appendConfigConfiguration lines appended to the generated Nginx
configuration file. Commonly used by different modules
providing http snippets. appendConfig
can be specified more than once and it's value will be
concatenated (contrary to config which
can be set only once).
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.configVerbatim nginx.conf configuration.
Default:
"events {}"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.enableEnable the nginx Web Server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.groupGroup account under which nginx runs.
Default:
"nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.httpConfigConfiguration lines to be appended inside of the http {} block.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.packageNginx package to use.
Default:
(build of nginx-1.4.7)
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.stateDirDirectory holding all state for nginx to run.
Default:
"/var/spool/nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.userUser account under which nginx runs.
Default:
"nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.ngircd.configThe ngircd configuration (see ngircd.conf(5)).
Declared by:
<nixpkgs/nixos/modules/services/networking/ngircd.nix>
|
services.ngircd.enableWhether to enable the ngircd IRC server.
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ngircd.nix>
|
services.ngircd.packageThe ngircd package.
Default:
(build of ngircd-21)
Declared by:
<nixpkgs/nixos/modules/services/networking/ngircd.nix>
|
services.nixosManual.browserBrowser used to show the manual.
Default:
"/nix/store/d5jdnf4vdd139ra1cci65r7j4bw4c7na-w3m-0.5.3/bin/w3m"
Declared by:
<nixpkgs/nixos/modules/services/misc/nixos-manual.nix>
|
services.nixosManual.enableWhether to build the NixOS manual pages.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/nixos-manual.nix>
|
services.nixosManual.showManualWhether to show the NixOS manual on one of the virtual consoles.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/nixos-manual.nix>
|
services.nixosManual.ttyNumberVirtual console on which to show the manual.
Default:
"8"
Declared by:
<nixpkgs/nixos/modules/services/misc/nixos-manual.nix>
|
services.notbit.enableEnables the notbit daemon and provides a sendmail binary named `notbit-system-sendmail` for sending mail over the system instance of notbit. Users must be in the notbit group in order to send mail over the system notbit instance. Currently mail recipt is not supported.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/notbit.nix>
|
services.notbit.niceSet the nice level for the notbit daemon
Default:
10
Declared by:
<nixpkgs/nixos/modules/services/networking/notbit.nix>
|
services.notbit.portThe port which the daemon listens for other bitmessage clients
Default:
8443
Declared by:
<nixpkgs/nixos/modules/services/networking/notbit.nix>
|
services.nscd.configConfiguration to use for Name Service Cache Daemon.
Default:
'' server-user nscd threads 1 paranoia no debug-level 0 enable-cache passwd yes positive-time-to-live passwd 600 negative-time-to-live passwd 20 suggested-size passwd 211 check-files passwd yes persistent passwd no shared passwd yes enable-cache group yes positive-time-to-live group 3600 negative-time-to-live group 60 suggested-size group 211 check-files group yes persistent group no shared group yes enable-cache hosts yes positive-time-to-live hosts 600 negative-time-to-live hosts 5 suggested-size hosts 211 check-files hosts yes persistent hosts no shared hosts yes ''
Declared by:
<nixpkgs/nixos/modules/services/system/nscd.nix>
|
services.nscd.enableWhether to enable the Name Service Cache Daemon.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/system/nscd.nix>
|
services.ntopng.configTextOverridable configuration file contents to use for ntopng. By default, use the contents automatically generated by NixOS.
Default:
""
Example:
'' --interface=any --http-port=3000 --disable-login ''
Declared by:
<nixpkgs/nixos/modules/services/networking/ntopng.nix>
|
services.ntopng.enableEnable ntopng, a high-speed web-based traffic analysis and flow collection tool. With the default configuration, ntopng monitors all network interfaces and displays its findings at http://localhost:3000. Default username and password is admin/admin. See the ntopng(8) manual page and http://www.ntop.org/products/ntop/ for more info. Note that enabling ntopng will also enable redis (key-value database server) for persistent data storage.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ntopng.nix>
|
services.ntopng.extraConfigConfiguration lines that will be appended to the generated ntopng
configuration file. Note that this mechanism does not work when the
manual configText option is used.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/ntopng.nix>
|
services.ntopng.http-portSets the HTTP port of the embedded web server.
Default:
3000
Declared by:
<nixpkgs/nixos/modules/services/networking/ntopng.nix>
|
services.ntopng.interfacesList of interfaces to monitor. Use "any" to monitor all interfaces.
Default:
[
"any"
]
Example:
[
"eth0" "wlan0"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ntopng.nix>
|
services.ntp.enableWhether to synchronise your machine's time using the NTP protocol.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ntpd.nix>
|
services.ntp.serversThe set of NTP servers from which to synchronise.
Default:
[
"0.pool.ntp.org" "1.pool.ntp.org" "2.pool.ntp.org"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ntpd.nix>
|
services.oidentd.enableWhether to enable ‘oidentd’, an implementation of the Ident protocol (RFC 1413). It allows remote systems to identify the name of the user associated with a TCP connection.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/oidentd.nix>
|
services.openafsClient.cacheDirectoryCache directory.
Default:
"/var/cache/openafs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs-client/default.nix>
|
services.openafsClient.cacheSizeCache size.
Default:
"100000"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs-client/default.nix>
|
services.openafsClient.cellNameCell name.
Default:
"grand.central.org"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs-client/default.nix>
|
services.openafsClient.cryptWhether to enable (weak) protocol encryption.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs-client/default.nix>
|
services.openafsClient.enableWhether to enable the OpenAFS client.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs-client/default.nix>
|
services.openafsClient.sparseMinimal cell list in /afs.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs-client/default.nix>
|
services.openfire.enableWhether to enable OpenFire XMPP server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/openfire.nix>
|
services.openfire.usePostgreSQLWhether you use PostgreSQL service for your storage back-end.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/openfire.nix>
|
services.openldap.enableWhether to enable the ldap server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
|
services.openldap.extraConfigsldapd.conf configuration
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
|
services.openldap.groupGroup account under which slapd runs.
Default:
"openldap"
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
|
services.openldap.userUser account under which slapd runs.
Default:
"openldap"
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
|
services.opensmtpd.enableWhether to enable the OpenSMTPD server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/opensmtpd.nix>
|
services.opensmtpd.extraServerArgsExtra command line arguments provided when the smtpd process is started.
Default:
[
]
Example:
[
"-v" "-P mta"
]
Declared by:
<nixpkgs/nixos/modules/services/mail/opensmtpd.nix>
|
services.opensmtpd.serverConfigurationThe contents of the smtpd.conf configuration file. See the OpenSMTPD documentation for syntax information. If this option is left empty, the OpenSMTPD server will not start.
Default:
""
Example:
'' listen on lo accept for any deliver to lmtp localhost:24 ''
Declared by:
<nixpkgs/nixos/modules/services/mail/opensmtpd.nix>
|
services.openssh.allowSFTPWhether to enable the SFTP subsystem in the SSH daemon. This enables the use of commands such as sftp and sshfs.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.authorizedKeysFilesFiles from with authorized keys are read.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.challengeResponseAuthenticationSpecifies whether challenge/response authentication is allowed.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.enableWhether to enable the OpenSSH secure shell daemon, which allows secure remote logins.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.extraConfigVerbatim contents of sshd_config.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.forwardX11Whether to allow X11 connections to be forwarded.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.gatewayPortsSpecifies whether remote hosts are allowed to connect to ports forwarded for the client. See sshd_config(5).
Default:
"no"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.hostKeysNixOS can automatically generate SSH host keys. This option specifies the path, type and size of each key. See ssh-keygen(1) for supported types and sizes.
Default:
[
{
bits = 1024; path = "/etc/ssh/ssh_host_dsa_key"; type = "dsa";
}
{
bits = 521; path = "/etc/ssh/ssh_host_ecdsa_key"; type = "ecdsa";
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.knownHostsThe set of system-wide known SSH hosts.
Default:
{
}
Example:
[
{
hostNames =
[
"myhost" "myhost.mydomain.com" "10.10.1.4"
]
; publicKeyFile = ./pubkeys/myhost_ssh_host_dsa_key.pub;
}
{
hostNames =
[
"myhost2"
]
; publicKeyFile = ./pubkeys/myhost2_ssh_host_dsa_key.pub;
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.knownHosts.<name?>.hostNamesA list of host names and/or IP numbers used for accessing the host's ssh service.
Default:
[
]
services.openssh.knownHosts.<name?>.publicKeyFileThe path to the public key file for the host. The public key file is read at build time and saved in the Nix store. You can fetch a public key file from a running SSH server with the ssh-keyscan command.
services.openssh.passwordAuthenticationSpecifies whether password authentication is allowed.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.permitRootLoginWhether the root user can login using ssh. Valid values are
yes, without-password,
forced-commands-only or
no.
Default:
"without-password"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.portsSpecifies on which ports the SSH daemon listens.
Default:
[
22
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.startWhenNeededIf set, sshd is socket-activated; that is, instead of having it permanently running as a daemon, systemd will start an instance for each incoming connection.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openvpn.enableWhether to enable OpenVPN.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
|
services.openvpn.serversEach attribute of this option defines a systemd service that
runs an OpenVPN instance. These can be OpenVPN servers or
clients. The name of each systemd service is
openvpn-,
where name.servicename is the corresponding
attribute name.
Default:
{
}
Example:
{
server = {
config = ''
# Simplest server configuration: http://openvpn.net/index.php/documentation/miscellaneous/static-key-mini-howto.html.
# server :
dev tun
ifconfig 10.8.0.1 10.8.0.2
secret /root/static.key
'';
up = "ip route add ...";
down = "ip route del ...";
};
client = {
config = ''
client
remote vpn.example.org
dev tun
proto tcp-client
port 8080
ca /root/.vpn/ca.crt
cert /root/.vpn/alice.crt
key /root/.vpn/alice.key
'';
up = "echo nameserver $nameserver | ${pkgs.openresolv}/sbin/resolvconf -m 0 -a $dev";
down = "${pkgs.openresolv}/sbin/resolvconf -d $dev";
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
|
services.openvpn.servers.<name>.autoStartWhether this OpenVPN instance should be started automatically.
Default:
true
services.openvpn.servers.<name>.configConfiguration of this OpenVPN instance. See openvpn(8) for details.
services.openvpn.servers.<name>.downShell commands executed when the instance is shutting down.
Default:
""
services.openvpn.servers.<name>.upShell commands executed when the instance is starting.
Default:
""
services.pcscd.enableWhether to enable the PCSC-Lite daemon.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/pcscd.nix>
|
services.phpfpm.extraConfigExtra configuration that should be put in the global section of
the PHP FPM configuration file. Do not specify the options
pid, error_log or
daemonize here, since they are generated by
NixOS.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm.nix>
|
services.phpfpm.phpPackageThe PHP package to use for running the FPM service.
Default:
(build of php-5.4.30)
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm.nix>
|
services.phpfpm.poolConfigsA mapping between PHP FPM pool names and their configurations.
See the documentation on php-fpm.conf for
details on configuration directives. If no pools are defined,
the phpfpm service is disabled.
Default:
{
}
Example:
{
mypool = "listen = /run/phpfpm/mypool\nuser = nobody\npm = dynamic\npm.max_children = 75\npm.start_servers = 10\npm.min_spare_servers = 5\npm.max_spare_servers = 20\npm.max_requests = 500\n";
}
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm.nix>
|
services.postfix.destinationFull (!) list of domains we deliver locally. Leave blank for acceptable Postfix default.
Default:
null
Example:
[
"localhost"
]
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.domainDomain to use. Leave blank to use hostname minus first component.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.enableWhether to run the Postfix mail server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.extraAliasesAdditional entries to put verbatim into aliases file.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.extraConfigExtra lines to be added verbatim to the main.cf configuration file.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.extraMasterConfExtra lines to append to the generated master.cf file.
Default:
""
Example:
"submission inet n - n - - smtpd"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.groupWhat to call the Postfix group (must be used only for postfix).
Default:
"postfix"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.hostnameHostname to use. Leave blank to use just the hostname of machine. It should be FQDN.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.lookupMXWhether relay specified is just domain whose MX must be used.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.networksNet masks for trusted - allowed to relay mail to third parties - hosts. Leave empty to use mynetworks_style configuration or use default (localhost-only).
Default:
null
Example:
[
"192.168.0.1/24"
]
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.networksStyleName of standard way of trusted network specification to use, leave blank if you specify it explicitly or if you want to use default (localhost-only).
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.originOrigin to use in outgoing e-mail. Leave blank to use hostname.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.postmasterAliasWho should receive postmaster e-mail.
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.recipientDelimiterDelimiter for address extension: so mail to user+test can be handled by ~user/.forward+test
Default:
""
Example:
"+"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.relayDomainsList of domains we agree to relay to. Default is the same as destination.
Default:
null
Example:
[
"localdomain"
]
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.relayHostMail relay for outbound mail.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.rootAliasWho should receive root e-mail. Blank for no redirection.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.setSendmailWhether to set the system sendmail to postfix's.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.setgidGroupHow to call postfix setgid group (for postdrop). Should be uniquely used group.
Default:
"postdrop"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.sslCACertSSL certificate of CA.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.sslCertSSL certificate to use.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.sslKeySSL key to use.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.userWhat to call the Postfix user (must be used only for postfix).
Default:
"postfix"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.virtualEntries for the virtual alias map.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postgresql.authenticationDefines how users authenticate themselves to the server. By default, "trust" access to local users will always be granted along with any other custom options. If you do not want this, set this option using "pkgs.lib.mkForce" to override this behaviour.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.dataDirData directory for PostgreSQL.
Default:
"/var/db/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.enableWhether to run PostgreSQL.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.enableTCPIPWhether PostgreSQL should listen on all network interfaces. If disabled, the database can only be accessed via its Unix domain socket or via TCP connections to localhost.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.extraConfigAdditional text to be appended to postgresql.conf.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.extraPluginsWhen this list contains elements a new store path is created. PostgreSQL and the elments are symlinked into it. Then pg_config, postgres and pc_ctl are copied to make them use the new $out/lib directory as pkglibdir. This makes it possible to use postgis without patching the .sql files which reference $libdir/postgis-1.5.
Default:
[
]
Example:
pkgs.postgis
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.identMapDefines the mapping from system users to database users.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.initialScriptA file containing SQL statements to execute on first startup.
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.packagePostgreSQL package to use.
Example:
pkgs.postgresql92
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.portThe port on which PostgreSQL listens.
Default:
5432
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.recoveryConfigContents of the recovery.conf file.
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresqlBackup.databasesList of database names to dump.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
|
services.postgresqlBackup.enableWhether to enable PostgreSQL dumps.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
|
services.postgresqlBackup.locationLocation to put the gzipped PostgreSQL database dumps.
Default:
"/var/backup/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
|
services.postgresqlBackup.periodThis option defines (in the format used by cron) when the databases should be dumped. The default is to update at 01:15 (at night) every day.
Default:
"15 01 * * *"
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
|
services.prayer.enableWhether to run the prayer webmail http server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/prayer.nix>
|
services.prayer.extraConfigExtra configuration. Contents will be added verbatim to the configuration file.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/prayer.nix>
|
services.prayer.portPort the prayer http server is listening to.
Default:
"2080"
Declared by:
<nixpkgs/nixos/modules/services/networking/prayer.nix>
|
services.prey.apiKeyAPI key obtained from https://panel.preyproject.com/profile
Declared by:
<nixpkgs/nixos/modules/security/prey.nix>
|
services.prey.deviceKeyDevice Key obtained from https://panel.preyproject.com/devices (and clicking on the device)
Declared by:
<nixpkgs/nixos/modules/security/prey.nix>
|
services.prey.enableEnables http://preyproject.com/ bash client. Be sure to specify api and device keys. Once setup, cronjob will run evert 15 minutes and report status.
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/prey.nix>
|
services.printing.cupsdConfThe contents of the configuration file of the CUPS daemon
(cupsd.conf).
Default:
""
Example:
'' BrowsePoll cups.example.com LogLevel debug ''
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.driversCUPS drivers to use. Drivers provided by CUPS, Ghostscript and Samba are added unconditionally.
Example:
[ pkgs.splix ]
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.enableWhether to enable printing support through the CUPS daemon.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.listenAddressesA list of addresses and ports on which to listen.
Default:
[
"127.0.0.1:631"
]
Example:
[
"*:631"
]
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.tempDirCUPSd temporary directory.
Default:
"/tmp"
Example:
"/tmp/cups"
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.privoxy.enableWhether to run the machine as a HTTP proxy server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
|
services.privoxy.extraConfigExtra configuration. Contents will be added verbatim to the configuration file.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
|
services.privoxy.listenAddressAddress the proxy server is listening to.
Default:
"127.0.0.1:8118"
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
|
services.privoxy.logDirLocation for privoxy log files.
Default:
"/var/log/privoxy"
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
|
services.quassel.dataDirThe directory holding configuration files, the SQlite database and the SSL Cert.
Default:
"/home/quassel/.config/quassel-irc.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
|
services.quassel.enableWhether to run the Quassel IRC client daemon.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
|
services.quassel.interfaceThe interface the Quassel daemon will be listening to. If `127.0.0.1', only clients on the local host can connect to it; if `0.0.0.0', clients can access it from any network interface.
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
|
services.quassel.portNumberThe port number the Quassel daemon will be listening to.
Default:
4242
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
|
services.quassel.userThe existing user the Quassel daemon should run as. If left empty, a default "quassel" user will be created.
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
|
services.rabbitmq.dataDirData directory for rabbitmq.
Default:
"/var/lib/rabbitmq"
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.rabbitmq.enableWhether to enable the RabbitMQ server, an Advanced Message Queuing Protocol (AMQP) broker.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.rabbitmq.listenAddressIP address on which RabbitMQ will listen for AMQP
connections. Set to the empty string to listen on all
interfaces. Note that RabbitMQ creates a user named
guest with password
guest by default, so you should delete
this user if you intend to allow external access.
Default:
"127.0.0.1"
Example:
""
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.radvd.configThe contents of the radvd configuration file.
Example:
''
interface eth0 {
AdvSendAdvert on;
prefix 2001:db8:1234:5678::/64 { };
};
''Declared by:
<nixpkgs/nixos/modules/services/networking/radvd.nix>
|
services.radvd.enableWhether to enable the Router Advertisement Daemon (radvd), which provides link-local advertisements of IPv6 router addresses and prefixes using the Neighbor Discovery Protocol (NDP). This enables stateless address autoconfiguration in IPv6 clients on the network.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/radvd.nix>
|
services.rdnssd.enableWhether to enable the RDNSS daemon
(rdnssd), which configures DNS servers in
/etc/resolv.conf from RDNSS
advertisements sent by IPv6 routers.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/rdnssd.nix>
|
services.redis.appendFsyncHow often to fsync the append-only log, options: no, always, everysec
Default:
"everysec"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.appendOnlyBy default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.appendOnlyFilenameFilename for the append-only file (stored inside of dbpath)
Default:
"appendonly.aof"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.bindThe IP interface to bind to
Default:
null
Example:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.databasesSet the number of databases.
Default:
16
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.dbFilenameThe filename where to dump the DB
Default:
"dump.rdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.dbpathThe DB will be written inside this directory, with the filename specified using the 'dbFilename' configuration
Default:
"/var/lib/redis"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.enableWhether to enable the Redis server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.extraConfigExtra configuration options for redis.conf
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.logLevelSpecify the server verbosity level, options: debug, verbose, notice, warning
Default:
"notice"
Example:
"debug"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.logfileSpecify the log file name. Also 'stdout' can be used to force Redis to log on the standard output.
Default:
"/dev/null"
Example:
"/var/log/redis.log"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.masterAuthIf the master is password protected (using the requirePass configuration) it is possible to tell the slave to authenticate before starting the replication synchronization process, otherwise the master will refuse the slave request. (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.packageWhich Redis derivation to use.
Default:
(build of redis-2.6.13)
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.pidFileDefault:
"/var/lib/redis/redis.pid"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.portThe port for Redis to listen to
Default:
6379
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.requirePassPassword for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
Default:
null
Example:
"letmein!"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.saveThe schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes.
Default:
[
[
900 1
]
[
300 10
]
[
60 10000
]
]
Example:
[
[
900 1
]
[
300 10
]
[
60 10000
]
]
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.slaveOfAn attribute set with two attributes: ip and port to which this redis instance acts as a slave
Default:
null
Example:
{
ip = "192.168.1.100"; port = 6379;
}
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.slowLogLogSlowerThanLog queries whose execution take longer than X in milliseconds
Default:
10000
Example:
1000
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.slowLogMaxLenMaximum number of items to keep in slow log
Default:
128
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.syslogEnable logging to the system logger.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.unixSocketThe path to the socket to bind to
Default:
null
Example:
"/var/run/redis.sock"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.userUser account under which Redis runs
Default:
"redis"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redshift.brightness.dayScreen brightness to apply during the day (between 0.1 and 1.0)
Default:
"1"
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.redshift.brightness.nightScreen brightness to apply during the night (between 0.1 and 1.0)
Default:
"1"
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.redshift.enableEnable Redshift to change your screen's colour temperature depending on the time of day
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.redshift.latitudeYour current latitude
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.redshift.longitudeYour current longitude
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.redshift.temperature.dayColour temperature to use during day time
Default:
5500
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.redshift.temperature.nightColour temperature to use during night time
Default:
3700
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.rippled.enableWhether to enable rippled
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.extraConfigExtra lines to be added verbatim to the rippled.cfg configuration file.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.peerIpIP address or domain to bind to allow external connections from peers. Defaults to not binding, which disallows external connections from peers.
Default:
null
Example:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.peerPortIf peerIp is supplied, corresponding port to bind to for peer connections.
Default:
51235
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rogue.enableWhether to enable the Rogue game on one of the virtual consoles.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/rogue.nix>
|
services.rogue.ttyVirtual console on which to run Rogue.
Default:
"tty9"
Declared by:
<nixpkgs/nixos/modules/services/misc/rogue.nix>
|
services.rpcbind.enableWhether to enable `rpcbind', an ONC RPC directory service notably used by NFS and NIS, and which can be queried using the rpcinfo(1) command. `rpcbind` is a replacement for `portmap`.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/rpcbind.nix>
|
services.rsnapshot.cronIntervalsPeriodicity at which intervals should be run by cron. Note that the intervals also have to exist in configuration as retain options.
Default:
{
}
Example:
{
daily = "50 21 * * *"; hourly = "0 * * * *";
}
Declared by:
<nixpkgs/nixos/modules/services/backup/rsnapshot.nix>
|
services.rsnapshot.enableWhether to enable rsnapshot backups.
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/backup/rsnapshot.nix>
|
services.rsnapshot.extraConfigrsnapshot configuration option in addition to the defaults from rsnapshot and this module. Note that tabs are required to separate option arguments, and directory names require trailing slashes. The "extra" in the option name might be a little misleading right now, as it is required to get a functional configuration.
Default:
""
Example:
'' retains hourly 24 retain daily 365 backup /home/ localhost/ ''
Declared by:
<nixpkgs/nixos/modules/services/backup/rsnapshot.nix>
|
services.rsyncd.addressIP address the daemon will listen on; rsyncd will listen on all addresses if this is not specified.
Default:
""
Example:
"192.168.1.2"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
|
services.rsyncd.enableWhether to enable the rsync daemon.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
|
services.rsyncd.extraConfig Lines of configuration to add to rsyncd globally.
See man rsyncd.conf for more options.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
|
services.rsyncd.modulesThe list of file paths to export.
Default:
[
]
Example:
[
{
comment = "ftp export area"; extraConfig = " secrets file = /etc/rsyncd.secrets\n "; name = "ftp"; path = "/home/ftp";
}
]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
|
services.rsyncd.modules.*.commentDescription string that is displayed next to the module name when clients obtain a list of available modules.
Default:
""
services.rsyncd.modules.*.extraConfig Lines of configuration to add to this module.
See man rsyncd.conf for more options.
Default:
""
services.rsyncd.modules.*.nameName of export module.
Example:
"ftp"
services.rsyncd.modules.*.pathDirectory to make available in this module.
Example:
"/home/ftp"
services.rsyncd.motdMessage of the day to display to clients on each connect. This usually contains site information and any legal notices.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
|
services.rsyncd.portTCP port the daemon will listen on.
Default:
873
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
|
services.rsyslogd.defaultConfigThe default syslog.conf file configures a
fairly standard setup of log files, which can be extended by
means of extraConfig.
Default:
'' # "local1" is used for dhcpd messages. local1.* -/var/log/dhcpd mail.* -/var/log/mail *.=warning;*.=err -/var/log/warn *.crit /var/log/warn *.*;mail.none;local1.none -/var/log/messages ''
Declared by:
<nixpkgs/nixos/modules/services/logging/rsyslogd.nix>
|
services.rsyslogd.enableWhether to enable syslogd. Note that systemd also logs syslog messages, so you normally don't need to run syslogd.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/logging/rsyslogd.nix>
|
services.rsyslogd.extraConfigAdditional text appended to syslog.conf,
i.e. the contents of defaultConfig.
Default:
""
Example:
"news.* -/var/log/news"
Declared by:
<nixpkgs/nixos/modules/services/logging/rsyslogd.nix>
|
services.rsyslogd.extraParamsAdditional parameters passed to rsyslogd.
Default:
[
]
Example:
[
"-m 0"
]
Declared by:
<nixpkgs/nixos/modules/services/logging/rsyslogd.nix>
|
services.sabnzbd.configFilePath to config file. (You need to create this file yourself!)
Default:
"/var/sabnzbd/sabnzbd.ini"
Declared by:
<nixpkgs/nixos/modules/services/networking/sabnzbd.nix>
|
services.sabnzbd.enableWhether to enable the sabnzbd FTP server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/sabnzbd.nix>
|
services.samba.configFileinternal use to pass filepath to samba pam module
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.defaultShare.enableWhether to share /home/smbd as 'default'.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.defaultShare.guestWhether to allow guest access to default share.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.defaultShare.writeableWhether to allow write access to default share.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.enableWhether to enable Samba, which provides file and print services to Windows clients through the SMB/CIFS protocol.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.extraConfigadditional global section and extra section lines go in here.
Default:
'' # [global] continuing global section here, section is started by nix to set pids etc smb passwd file = /etc/samba/passwd # is this useful ? domain master = auto encrypt passwords = Yes client plaintext auth = No # yes: if you use this you probably also want to enable syncPasswordsByPam # no: You can still use the pam password database. However # passwords will be sent plain text on network (discouraged) workgroup = Users server string = %h comment = Samba log file = /var/log/samba/log.%m log level = 10 max log size = 50000 security = user client lanman auth = Yes dns proxy = no invalid users = root passdb backend = tdbsam passwd program = /usr/bin/passwd %u ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.nsswinsWhether to enable the WINS NSS (Name Service Switch) plug-in. Enabling it allows applications to resolve WINS/NetBIOS names (a.k.a. Windows machine names) by transparently querying the winbindd daemon.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.securityTypeSamba security type
Default:
"user"
Example:
"share"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.syncPasswordsByPamenabling this will add a line directly after pam_unix.so. Whenever a password is changed the samba password will be updated as well. However you still yave to add the samba password once using smbpasswd -a user If you don't want to maintain an extra pwd database you still can send plain text passwords which is not secure.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.searx.configFileThe path of the Searx server configuration file. If no file is specified, a default file is used (default config file has debug mode enabled).
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/searx.nix>
|
services.searx.enableWhether to enable the Searx server. See https://github.com/asciimoo/searx
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/searx.nix>
|
services.sitecopy.backupsList of attributesets describing the backups.
Username/password are extracted from /var/spool/sitecopy/sitecopy.secrets at activation
time. The secrets file lines should have the following structure:
server username password
Default:
[
]
Example:
[
{
https = true; local = "/tmp/backup"; name = "test"; protocol = "webdav"; remote = "/staff-groups/ewi/st/strategoxt/backup/test"; server = "webdata.tudelft.nl"; symlinks = "maintain";
}
]
Declared by:
<nixpkgs/nixos/modules/services/backup/sitecopy-backup.nix>
|
services.sitecopy.enableWhether to enable sitecopy backups of specified directories.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/sitecopy-backup.nix>
|
services.sitecopy.periodThis option defines (in the format used by cron) when the sitecopy backup are being run. The default is to update at 04:15 (at night) every day.
Default:
"15 04 * * *"
Declared by:
<nixpkgs/nixos/modules/services/backup/sitecopy-backup.nix>
|
services.smartd.deviceOptsAdditional options for each device that is monitored. The example turns on SMART Automatic Offline Testing on startup, and schedules short self-tests daily, and long self-tests weekly.
Default:
""
Example:
"-o on -s (S/../.././02|L/../../7/04)"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.devicesList of devices to monitor. By default -- if this list is empty --, smartd will monitor all devices connected to the machine at the time it's being run. Configuring this option has the added benefit of enabling e-mail notifications to "root" every time smartd detects an error.
Default:
[
]
Example:
[
{
device = "/dev/sda";
}
{
device = "/dev/sdb"; options = "-d sat";
}
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.devices.*.deviceLocation of the device.
Example:
"/dev/sda"
services.smartd.devices.*.optionsOptions that determine how smartd monitors the device.
Default:
""
Example:
"-d sat"
services.smartd.enableRun smartd from the smartmontools package. Note that e-mail
notifications will not be enabled unless you configure the list of
devices with services.smartd.devices as well.
Default:
false
Example:
"true"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.solr.enableEnables the solr service.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.solr.extraJarsList of paths pointing to jars. Jars are copied to commonLibFolder to be available to java/solr.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.solr.extraJavaOptionsExtra command line options given to the java process running solr.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.solr.extraWinstoneOptionsExtra command line options given to the Winstone, which is the servlet container hosting solr.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.solr.groupThe group that will own the working directory.
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.solr.javaPackageWhich Java derivation to use for running solr.
Default:
(build of openjre-7u65b32)
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.solr.log4jConfigurationContents of the log4j.properties used. By default,
everything is logged to stdout (picked up by systemd) with level INFO.
Default:
''
log4j.rootLogger=INFO, stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.Target=System.out
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n
''Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.solr.solrHomeThe solr home directory. It is your own responsibility to make sure this directory contains a working solr configuration, and is writeable by the the user running the solr service. Failing to do so, the solr will not start properly.
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.solr.solrPackageWhich solr derivation to use for running solr.
Default:
(build of solr-4.7.0)
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.solr.userThe user that should run the solr process and. the working directories.
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.spamassassin.debugWhether to run the SpamAssassin daemon in debug mode.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/spamassassin.nix>
|
services.spamassassin.enableWhether to run the SpamAssassin daemon.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/spamassassin.nix>
|
services.spiped.configConfiguration for a secure pipe daemon. The daemon can be
started, stopped, or examined using
systemctl, under the name
spiped@foo.
Default:
{
}
Example:
{
pipe1 =
{ keyfile = "/var/lib/spiped/pipe1.key";
encrypt = true;
source = "localhost:6000";
target = "endpoint.example.com:7000";
};
pipe2 =
{ keyfile = "/var/lib/spiped/pipe2.key";
decrypt = true;
source = "0.0.0.0:7000";
target = "localhost:3000";
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.decryptTake encrypted connections from the
source socket and send unencrypted
connections to the target socket.
Default:
false
services.spiped.config.<name>.disableKeepalivesDisable transport layer keep-alives.
Default:
false
services.spiped.config.<name>.disableReresolutionDisable target address re-resolution.
Default:
false
services.spiped.config.<name>.encryptTake unencrypted connections from the
source socket and send encrypted
connections to the target socket.
Default:
false
services.spiped.config.<name>.keyfileName of a file containing the spiped key. As the
daemon runs as the spiped user, the
key file must be somewhere owned by that user. By
default, we recommend putting the keys for any spipe
services in /var/lib/spiped.
services.spiped.config.<name>.maxConnsLimit on the number of simultaneous connections allowed.
Default:
100
services.spiped.config.<name>.resolveRefreshResolution refresh time for the target socket, in seconds.
Default:
60
services.spiped.config.<name>.sourceAddress on which spiped should listen for incoming
connections. Must be in one of the following formats:
/absolute/path/to/unix/socket,
host.name:port,
[ip.v4.ad.dr]:port or
[ipv6::addr]:port - note that
hostnames are resolved when spiped is launched and are
not re-resolved later; thus if DNS entries change
spiped will continue to connect to the expired
address.
services.spiped.config.<name>.targetAddress to which spiped should connect.
services.spiped.config.<name>.timeoutTimeout, in seconds, after which an attempt to connect to the target or a protocol handshake will be aborted (and the connection dropped) if not completed
Default:
5
services.spiped.config.<name>.waitForDNSWait for DNS. Normally when spiped is
launched it resolves addresses and binds to its source
socket before the parent process returns; with this option
it will daemonize first and retry failed DNS lookups until
they succeed. This allows spiped to
launch even if DNS isn't set up yet, but at the expense of
losing the guarantee that once spiped has
finished launching it will be ready to create pipes.
Default:
false
services.spiped.config.<name>.weakHandshakeUse fast/weak handshaking: This reduces the CPU time spent in the initial connection setup, at the expense of losing perfect forward secrecy.
Default:
false
services.spiped.enableEnable the spiped service module.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.sshd.enableAlias of services.openssh.enable.
Declared by:
<nixpkgs/nixos/modules/rename.nix>
|
services.statsd.backendsList of backends statsd will use for data persistance
Default:
[
"graphite"
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
|
services.statsd.enableWhether to enable statsd stats aggregation service
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
|
services.statsd.extraConfigExtra configuration options for statsd
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
|
services.statsd.graphiteHostHostname or IP of Graphite server
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
|
services.statsd.graphitePortPort of Graphite server
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
|
services.statsd.hostAddress that statsd listens on over UDP
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
|
services.statsd.mgmt_addressAddress to run managment TCP interface on
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
|
services.statsd.mgmt_portPort to run the management TCP interface on
Default:
8126
Declared by:
<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
|
services.statsd.portPort that stats listens for messages on over UDP
Default:
8125
Declared by:
<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
|
services.supybot.configFilePath to a supybot config file. This can be generated by running supybot-wizard. Note: all paths should include the full path to the stateDir directory (backup conf data logs logs/plugins plugins tmp web).
Declared by:
<nixpkgs/nixos/modules/services/networking/supybot.nix>
|
services.supybot.enableEnable Supybot, an IRC bot
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/supybot.nix>
|
services.supybot.stateDirThe root directory, logs and plugins are stored here
Default:
"/home/supybot"
Declared by:
<nixpkgs/nixos/modules/services/networking/supybot.nix>
|
services.svnserve.enableWhether to enable svnserve to serve Subversion repositories through the SVN protocol.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/svnserve.nix>
|
services.svnserve.svnBaseDirBase directory from which Subversion repositories are accessed.
Default:
"/repos"
Declared by:
<nixpkgs/nixos/modules/services/misc/svnserve.nix>
|
services.syncthing.dataDirPath where the `.syncthing` (settings and keys) and `Sync` (your synced files) directories will exist. This can be your home directory.
Default:
"/var/lib/syncthing"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.enableWhether to enable the Syncthing, self-hosted open-source alternative to Dropbox and BittorrentSync. Initial interface will be available on http://127.0.0.1:8080/.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.userSyncthing will be run under this user (user must exist, this can be your user name).
Default:
"syncthing"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.synergy.client.autoStartWhether the Synergy client should be started automatically.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.client.enableWhether to enable the Synergy client (receive keyboard and mouse events from a Synergy server).
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.client.screenNameUse the given name instead of the hostname to identify ourselves to the server.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.client.serverAddressThe server address is of the form: [hostname][:port]. The hostname must be the address or hostname of the server. The port overrides the default port, 24800.
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.server.addressAddress on which to listen for clients.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.server.autoStartWhether the Synergy server should be started automatically.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.server.configFileThe Synergy server configuration file.
Default:
"/etc/synergy-server.conf"
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.server.enableWhether to enable the Synergy server (send keyboard and mouse events).
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.server.screenNameUse the given name instead of the hostname to identify this screen in the configuration.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.syslogd.defaultConfigThe default syslog.conf file configures a
fairly standard setup of log files, which can be extended by
means of extraConfig.
Default:
'' # Send emergency messages to all users. *.emerg * # "local1" is used for dhcpd messages. local1.* -/var/log/dhcpd mail.* -/var/log/mail *.=warning;*.=err -/var/log/warn *.crit /var/log/warn *.*;mail.none;local1.none -/var/log/messages ''
Declared by:
<nixpkgs/nixos/modules/services/logging/syslogd.nix>
|
services.syslogd.enableWhether to enable syslogd. Note that systemd also logs syslog messages, so you normally don't need to run syslogd.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/logging/syslogd.nix>
|
services.syslogd.enableNetworkInputAccept logging through UDP. Option -r of syslogd(8).
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/logging/syslogd.nix>
|
services.syslogd.extraConfigAdditional text appended to syslog.conf,
i.e. the contents of defaultConfig.
Default:
""
Example:
"news.* -/var/log/news"
Declared by:
<nixpkgs/nixos/modules/services/logging/syslogd.nix>
|
services.syslogd.extraParamsAdditional parameters passed to syslogd.
Default:
[
]
Example:
[
"-m 0"
]
Declared by:
<nixpkgs/nixos/modules/services/logging/syslogd.nix>
|
services.syslogd.ttyThe tty device on which syslogd will print important log messages. Leave this option blank to disable tty logging.
Default:
"tty10"
Declared by:
<nixpkgs/nixos/modules/services/logging/syslogd.nix>
|
services.systemhealth.drivesDrives to monitor.
Default:
[
]
Example:
[
{
name = "root"; path = "/";
}
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/systemhealth.nix>
|
services.systemhealth.enableEnable the system health monitor and its generation of graphs.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/systemhealth.nix>
|
services.systemhealth.interfacesInterfaces to monitor (minimum one).
Default:
[
"lo"
]
Example:
[
"lo" "eth0" "eth1"
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/systemhealth.nix>
|
services.systemhealth.urlPrefixThe URL prefix under which the System Health web pages appear in httpd.
Default:
"/health"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/systemhealth.nix>
|
services.tarsnap.cachedirTarsnap operations use a "cache directory" which
allows Tarsnap to identify which blocks of data have
been previously stored; this directory is specified
via the cachedir option. If the
cache directory is lost or out of date, tarsnap
creation/deletion operations will exit with an error
message instructing you to run tarsnap
--fsck to regenerate the cache directory.
Default:
"/var/cache/tarsnap"
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.configConfiguration of a Tarsnap archive. In the example, your
machine will have two tarsnap archives:
gamedata (backed up every 30 minutes) and
nixos (backed up at 1:15 AM every night by
default). You can control individual archive backups using
systemctl, using the
tarsnap@nixos or
tarsnap@gamedata units. For example,
systemctl start tarsnap@nixos will
immediately create a new NixOS archive. By default, archives
are suffixed with the timestamp of when they were started,
down to second resolution. This means you can use GNU
sort to sort output easily.
Default:
{
}
Example:
{
nixos =
{ directories = [ "/home" "/root/ssl" ];
};
gamedata =
{ directories = [ "/var/lib/minecraft "];
period = "*/30 * * * *";
};
}
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.config.<name>.aggressiveNetworkingAggressive network behaviour: Use multiple TCP connections when writing archives. Use of this option is recommended only in cases where TCP congestion control is known to be the limiting factor in upload performance.
Default:
false
services.tarsnap.config.<name>.checkpointBytesCreate a checkpoint per a particular amount of
uploaded data. By default, Tarsnap will create
checkpoints once per GB of data uploaded. At
minimum, checkpointBytes must be
1GB.
Can also be set to null to
disable checkpointing.
Default:
"1G"
services.tarsnap.config.<name>.directoriesList of filesystem paths to archive.
Default:
[
]
services.tarsnap.config.<name>.excludesExclude files and directories matching the specified patterns.
Default:
[
]
services.tarsnap.config.<name>.includesInclude only files and directories matching the
specified patterns.
Note that exclusions specified via
excludes take precedence over
inclusions.
Default:
[
]
services.tarsnap.config.<name>.lowmemAttempt to reduce tarsnap memory consumption. This option will slow down the process of creating archives, but may help on systems where the average size of files being backed up is less than 1 MB.
Default:
false
services.tarsnap.config.<name>.nodumpIf set to true, then don't
archive files which have the
nodump flag set.
Default:
true
services.tarsnap.config.<name>.periodThis option defines (in the format used by cron) when tarsnap is run for backups. The default is to backup the specified paths at 01:15 at night every day.
Default:
"15 01 * * *"
services.tarsnap.config.<name>.printStatsPrint statistics when creating archives.
Default:
true
services.tarsnap.config.<name>.verylowmemTry even harder to reduce tarsnap memory
consumption. This can significantly slow down
tarsnap, but reduces its memory usage by an
additional factor of 2 beyond what the
lowmem option does.
Default:
false
services.tarsnap.enableIf enabled, NixOS will periodically create backups of the
specified directories using the tarsnap
backup service. This installs a systemd
service called tarsnap-backup which is
periodically run by cron, or you may run it on-demand.
See the Tarsnap Getting
Started page.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.keyfilePath to the keyfile which identifies the machine
associated with your Tarsnap account. This file can
be created using the
tarsnap-keygen utility, and
providing your Tarsnap login credentials.
Default:
"/root/tarsnap.key"
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.telepathy.enableWhether to enable Telepathy service, a communications framework that enables real-time communication via pluggable protocol backends.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/telepathy.nix>
|
services.tftpd.enableWhether to enable the anonymous FTP user.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/tftpd.nix>
|
services.tftpd.pathWhere the tftp server files are stored
Default:
"/home/tftp"
Declared by:
<nixpkgs/nixos/modules/services/networking/tftpd.nix>
|
services.thinkfan.enableWhether to enable thinkfan, fan controller for ibm/lenovo thinkpads.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
|
services.thinkfan.sensorSensor used by thinkfan
Default:
"/proc/acpi/ibm/thermal"
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
|
services.tomcat.axis2.enableWhether to enable an Apache Axis2 container
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.axis2.servicesList containing AAR files or directories with AAR files which are web services to be deployed on Axis2
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.baseDirLocation where Tomcat stores configuration files, webapplications and logfiles
Default:
"/var/tomcat"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.catalinaOptsParameters to pass to the Java Virtual Machine which spawns the Catalina servlet container
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.commonLibsList containing JAR files or directories with JAR files which are libraries shared by the web applications and the servlet container
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.enableWhether to enable Apache Tomcat
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.extraGroupsDefines extra groups to which the tomcat user belongs.
Default:
[
]
Example:
[
"users"
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.groupGroup account under which Apache Tomcat runs.
Default:
"tomcat"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.javaOptsParameters to pass to the Java Virtual Machine which spawns Apache Tomcat
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.logPerVirtualHostWhether to enable logging per virtual host.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.sharedLibsList containing JAR files or directories with JAR files which are libraries shared by the web applications
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.userUser account under which Apache Tomcat runs.
Default:
"tomcat"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.virtualHostsList consisting of a virtual host name and a list of web applications to deploy on each virtual host
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.webappsList containing WAR files or directories with WAR files which are web applications to be deployed on Tomcat
Default:
[
(build of apache-tomcat-6.0.39)
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tor.client.enableWhether to enable Tor daemon to route application connections. You might want to disable this if you plan running a dedicated Tor relay.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.privoxy.configExtra configuration for Tor's instance of privoxy. Contents will be added verbatim to the configuration file. *This does not configure the standard NixOS instance of privoxy.* This is for Tor connections only! See services.privoxy.extraConfig to configure the standard NixOS instace of privoxy.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.privoxy.enableWhether to enable a special instance of privoxy dedicated to Tor. To have anonymity, protocols need to be scrubbed of identifying information. Most people using Tor want to anonymize their web traffic, so by default we enable an special instance of privoxy specifically for Tor. However, if you are only going to use Tor only for other kinds of traffic then you can disable this option.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.privoxy.listenAddressAddress that Tor's instance of privoxy is listening to. *This does not configure the standard NixOS instance of privoxy.* This is for Tor connections only! See services.privoxy.listenAddress to configure the standard NixOS instace of privoxy.
Default:
"127.0.0.1:8118"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.socksListenAddressBind to this address to listen for connections from Socks-speaking applications.
Default:
"127.0.0.1:9050"
Example:
"192.168.0.1:9100"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.socksListenAddressFasterSame as socksListenAddress but uses weaker circuit isolation to provide performance suitable for a web browser.
Default:
"127.0.0.1:9063"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.socksPolicyEntry policies to allow/deny SOCKS requests based on IP address. First entry that matches wins. If no SocksPolicy is set, we accept all (and only) requests from SocksListenAddress.
Default:
""
Example:
"accept 192.168.0.0/16, reject *"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.configExtra configuration. Contents will be added verbatim to the configuration file.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.bandwidthBurstSpecify this to allow bursts of the bandwidth usage of relayed (server) traffic. The average usage will still be as specified in relayBandwidthRate. Your own traffic is still unthrottled. Units: bytes/second.
Default:
0
Example:
200
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.bandwidthRateSpecify this to limit the bandwidth usage of relayed (server) traffic. Your own traffic is still unthrottled. Units: bytes/second.
Default:
0
Example:
100
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.enableWhether to enable relaying TOR traffic for others. See https://www.torproject.org/docs/tor-doc-relay for details.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.exitPolicyA comma-separated list of exit policies. They're considered first to last, and the first match wins. If you want to _replace_ the default exit policy, end this with either a reject *:* or an accept *:*. Otherwise, you're _augmenting_ (prepending to) the default exit policy. Leave commented to just use the default, which is available in the man page or at https://www.torproject.org/documentation.html Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses for issues you might encounter if you use the default exit policy. If certain IPs and ports are blocked externally, e.g. by your firewall, you should update your exit policy to reflect this -- otherwise Tor users will be told that those destinations are down.
Default:
""
Example:
"accept *:6660-6667,reject *:*"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.isBridgeBridge relays (or "bridges" ) are Tor relays that aren't listed in the main directory. Since there is no complete public list of them, even if an ISP is filtering connections to all the known Tor relays, they probably won't be able to block all the bridges. A bridge relay can't be an exit relay. You need to set relay.enable to true for this option to take effect. The bridge is set up with an obfuscated transport proxy. See https://www.torproject.org/bridges.html.en for more info.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.isExitAn exit relay allows Tor users to access regular Internet services. Unlike running a non-exit relay, running an exit relay may expose you to abuse complaints. See https://www.torproject.org/faq.html.en#ExitPolicies for more info. You can specify which services Tor users may access via your exit relay using exitPolicy option.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.listenAddressSet this if you need to listen on a port other than the one advertised in relayPort (e.g. to advertise 443 but bind to 9090). You'll need to do ipchains or other port forwsarding yourself to make this work.
Default:
""
Example:
"0.0.0.0:9090"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.nicknameA unique handle for your TOR relay.
Default:
"anonymous"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.portWhat port to advertise for Tor connections.
Default:
9001
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.torify.configExtra configuration. Contents will be added verbatim to TSocks configuration file.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/security/torify.nix>
|
services.tor.torify.enableWhether to build torify scipt to relay application traffic via TOR.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/torify.nix>
|
services.tor.torify.serverIP address of TOR client to use.
Default:
"localhost:9050"
Example:
"192.168.0.20"
Declared by:
<nixpkgs/nixos/modules/services/security/torify.nix>
|
services.tor.torsocks.configExtra configuration. Contents will be added verbatim to torsocks configuration file.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
|
services.tor.torsocks.enableWhether to build torsocks scipt to relay application traffic via TOR.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
|
services.tor.torsocks.serverIP address of TOR client to use.
Default:
"127.0.0.1:9050"
Example:
"192.168.0.20:9050"
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
|
services.tor.torsocks.serverFasterIP address of TOR client to use for applications like web browsers which need less circuit isolation to achive satisfactory performance.
Default:
"127.0.0.1:9063"
Example:
"192.168.0.20:9063"
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
|
services.transmission.enableWhether or not to enable the headless Transmission BitTorrent daemon. Transmission daemon can be controlled via the RPC interface using transmission-remote or the WebUI (http://localhost:9091/ by default). Torrents are downloaded to /var/lib/transmission/Downloads/ by default and are accessible to users in the "transmission" group.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.portTCP port number to run the RPC/web interface.
Default:
9091
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.settingsAttribute set whos fields overwrites fields in settings.json (each time the service starts). String values must be quoted, integer and boolean values must not. See https://trac.transmissionbt.com/wiki/EditConfigFiles for documentation and/or look at /var/lib/transmission/.config/transmission-daemon/settings.json.
Default:
{
download-dir = "/var/lib/transmission/Downloads"; incomplete-dir = "/var/lib/transmission/.incomplete"; incomplete-dir-enabled = true;
}
Example:
{
download-dir = "/srv/torrents/"; incomplete-dir = "/srv/torrents/.incomplete/"; incomplete-dir-enabled = true; rpc-whitelist = "127.0.0.1,192.168.*.*";
}
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.udev.extraRulesAdditional udev rules. They'll be written
into file 10-local.rules. Thus they are
read before all other rules.
Default:
""
Example:
''
KERNEL=="eth*", ATTR{address}=="00:1D:60:B9:6D:4F", NAME="my_fast_network_card"
''Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
services.udev.packagesList of packages containing udev rules.
All files found in
pkg/etc/udev/rules.dpkg/lib/udev/rules.d
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
services.udev.pathPackages added to the PATH environment variable when
executing programs from Udev rules.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
services.udisks.enableWhether to enable Udisks, a DBus service that allows applications to query and manipulate storage devices.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/udisks.nix>
|
services.udisks2.enableWhether to enable Udisks, a DBus service that allows applications to query and manipulate storage devices.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/udisks2.nix>
|
services.unbound.allowedAccessWhat networks are allowed to use us as a resolver.
Default:
[
"127.0.0.0/24"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
|
services.unbound.enableWhether to enable the Unbound domain name server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
|
services.unbound.extraConfigExtra unbound config
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
|
services.unbound.forwardAddressesWhat servers to forward the queries to.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
|
services.unbound.interfacesWhat addresses the server should listen to.
Default:
[
"127.0.0.0" "::1"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
|
services.upower.enableWhether to enable Upower, a DBus service that provides power management support to applications.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
|
services.uptime.configFileThe uptime configuration file If mongodb: server != localhost, please set usesRemoteMongo = true If you only want to run the monitor, please set enableWebService = false and enableSeparateMonitoringService = true If autoStartMonitor: false (recommended) and you want to run both services, please set enableSeparateMonitoringService = true
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
|
services.uptime.enableSeparateMonitoringServiceWhether to enable the uptime monitoring service.
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
|
services.uptime.enableWebServiceWhether to enable the uptime monitoring program web service.
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
|
services.uptime.nodeEnvThe node environment to run in (development, production, etc.)
Default:
"production"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
|
services.uptime.usesRemoteMongoWhether the configuration file specifies a remote mongo instance
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
|
services.uptimed.enableUptimed allows you to track your highest uptimes.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/system/uptimed.nix>
|
services.varnish.configVerbatim default.vcl configuration.
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
|
services.varnish.enableEnable the Varnish Server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
|
services.varnish.http_addressHTTP listen address and port.
Default:
"*:6081"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
|
services.varnish.stateDirDirectory holding all state for Varnish to run.
Default:
"/var/spool/varnish"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
|
services.venus.cacheDirectoryWhere cached feeds are stored.
Default:
"/var/cache/venus"
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.venus.datesSpecification (in the format described by systemd.time(5)) of the time at which the Venus will collect feeds.
Default:
"*:0/15"
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.venus.enablePlanet Venus is an awesome ‘river of news’ feed reader. It downloads news feeds published by web sites and aggregates their content together into a single combined feed, latest news first.
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.venus.feedsList of feeds.
Default:
[
]
Example:
[
{
feedUrl = "http://url/to/rss/feed.xml"; homepageUrl = "http://garbas.si"; name = "Rok Garbas";
}
]
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.venus.groupGroup for running venus script.
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.venus.itemsPerPageHow many items to put on each page.
Default:
15
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.venus.linkLink to the main page.
Default:
"http://planet.nixos.org"
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.venus.nameYour planet's name.
Default:
"NixOS Planet"
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.venus.outputDirectoryDirectory to place output files.
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.venus.outputThemeDirectory containing a config.ini file which is merged with this one. This is typically used to specify templating and bill of material information.
Default:
"/nix/store/mjrp7wyibpgsdk8azv85gxjkhcmn2wfs-venus-9de21094a8cf565bdfcf75688e121a5ad1f5397b/themes/classic_fancy"
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.venus.ownerEmailYour e-mail address.
Default:
"some@example.com"
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.venus.ownerNameYour name.
Default:
"Rok Garbas"
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.venus.userUser for running venus script.
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.virtualbox.enableWhether to enable the VirtualBox service and other guest additions.
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>
|
services.virtuoso.configExtra options to put into Virtuoso configuration file.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/virtuoso.nix>
|
services.virtuoso.dirsAllowedA list of directories Virtuoso is allowed to access
Default:
null
Example:
"/www, /home/"
Declared by:
<nixpkgs/nixos/modules/services/databases/virtuoso.nix>
|
services.virtuoso.enableWhether to enable Virtuoso Opensource database server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/virtuoso.nix>
|
services.virtuoso.httpListenAddressip:port or port for Virtuoso HTTP server to listen on.
Default:
null
Example:
"myserver:8080"
Declared by:
<nixpkgs/nixos/modules/services/databases/virtuoso.nix>
|
services.virtuoso.listenAddressip:port or port to listen on.
Default:
"1111"
Example:
"myserver:1323"
Declared by:
<nixpkgs/nixos/modules/services/databases/virtuoso.nix>
|
services.virtuoso.parametersExtra options to put into [Parameters] section of Virtuoso configuration file.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/virtuoso.nix>
|
services.vsftpd.anonymousMkdirEnableWhether any uploads are permitted to anonymous users.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.anonymousUmaskAnonymous write umask.
Default:
"077"
Example:
"002"
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.anonymousUploadEnableWhether any uploads are permitted to anonymous users.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.anonymousUserWhether to enable the anonymous FTP user.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.anonymousUserHomeDirectory to consider the HOME of the anonymous user.
Default:
"/home/ftp/"
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.chrootlocalUserWhether local users are confined to their home directory.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.enableWhether to enable the vsftpd FTP server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.forceLocalDataSSLOnly applies if sslEnable is true. Non anonymous (local) users
must use a secure SSL connection for sending/receiving data on data connection.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.forceLocalLoginsSSLOnly applies if sslEnable is true. Non anonymous (local) users
must use a secure SSL connection to send a password.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.localUsersWhether to enable FTP for local users.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.rsaCertFileRSA certificate file.
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.ssl_sslv2Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.ssl_sslv3Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.ssl_tlsv1Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.userlistSee userlistFile.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.userlistDenySpecifies whether userlistFile is a list of user
names to allow or deny access.
The default false means whitelist/allow.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.userlistEnableWhether users are included.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.userlistFileNewline separated list of names to be allowed/denied if userlistEnable
is true. Meaning see userlistDeny.
The default is a file containing the users from userlist.
If explicitely set to null userlist_file will not be set in vsftpd's config file.
Default:
(build of userlist)
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.writeEnableWhether any write activity is permitted to users.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.wakeonlan.interfacesInterfaces where to enable Wake-On-LAN, and how. Two methods available: "magickey" and "password". The password has the shape of six bytes in hexadecimal separated by a colon each. For more information, check the ethtool manual.
Default:
[
]
Example:
[
{
interface = "eth0"; method = "password"; password = "00:11:22:33:44:55";
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/wakeonlan.nix>
|
services.winstoneDefines independent Winstone services, each serving one WAR-file.
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/web-servers/winstone.nix>
|
services.winstone.<name>.extraJavaOptionsExtra command line options given to the java process running Winstone.
Default:
[
]
services.winstone.<name>.extraOptionsExtra command line options given to the Winstone process.
Default:
[
]
services.winstone.<name>.groupThe group that will own the working directory.
services.winstone.<name>.javaPackageWhich Java derivation to use for running Winstone.
Default:
(build of )
services.winstone.<name>.serviceNameThe name of the systemd service. By default, it is derived from the winstone instance name.
services.winstone.<name>.userThe user that should run this Winstone process and own the working directory.
services.winstone.<name>.warFileThe WAR file that Winstone should serve.
services.winstone.<name>.workDirThe working directory for this Winstone instance. Will contain extracted webapps etc. The directory will be created if it doesn't exist.
services.xfs.enableWhether to enable the X Font Server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/xfs.nix>
|
services.xinetd.enableWhether to enable the xinetd super-server daemon.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.extraDefaultsAdditional configuration lines added to the default section of xinetd's configuration.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.servicesA list of services provided by xinetd.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.services.*.extraConfigExtra configuration-lines added to the section of the service.
Default:
""
services.xinetd.services.*.flagsDefault:
""
services.xinetd.services.*.nameName of the service.
Example:
"login"
services.xinetd.services.*.portPort number of the service.
Default:
0
Example:
123
services.xinetd.services.*.protocolProtocol of the service. Usually tcp or udp.
Default:
"tcp"
services.xinetd.services.*.serverPath of the program that implements the service.
Example:
"/foo/bin/ftpd"
services.xinetd.services.*.serverArgsCommand-line arguments for the server program.
Default:
""
services.xinetd.services.*.unlistedWhether this server is listed in
/etc/services. If so, the port
number can be omitted.
Default:
false
services.xinetd.services.*.userUser account for the service
Default:
"nobody"
services.xserver.autorunWhether to start the X server automatically.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.configThe contents of the configuration file of the X server
(xorg.conf).
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.defaultDepthDefault colour depth.
Default:
0
Example:
8
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.desktopManager.defaultDefault desktop manager loaded if none have been chosen.
Default:
""
Example:
"none"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/default.nix>
|
services.xserver.desktopManager.e17.enableEnable support for the E17 desktop environment.
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/e17.nix>
|
services.xserver.desktopManager.gnome3.enableEnable Gnome 3 desktop manager.
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix>
|
services.xserver.desktopManager.kde4.enableEnable the KDE 4 desktop environment.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/kde4.nix>
|
services.xserver.desktopManager.kde4.phononBackendsWhich phonon multimedia backend kde should use
Default:
[
"gstreamer"
]
Example:
[
"gstreamer" "vlc"
]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/kde4.nix>
|
services.xserver.desktopManager.xbmc.enableEnable the xbmc multimedia center.
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/xbmc.nix>
|
services.xserver.desktopManager.xfce.enableEnable the Xfce desktop environment.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix>
|
services.xserver.desktopManager.xterm.enableEnable a xterm terminal as a desktop manager.
Default:
true
Example:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/xterm.nix>
|
services.xserver.deviceSectionContents of the first Device section of the X server configuration file.
Default:
""
Example:
"VideoRAM 131072"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.displayDisplay number for the X server.
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.displayManager.auto.enableWhether to enable the fake "auto" display manager, which
automatically logs in the user specified in the
user option. This is mostly useful for
automated tests.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/auto.nix>
|
services.xserver.displayManager.auto.userThe user account to login automatically.
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/auto.nix>
|
services.xserver.displayManager.desktopManagerHandlesLidAndPowerWhether the display manager should prevent systemd from handling lid and power events. This is normally handled by the desktop environment's power manager. Turn this off when using a minimal X11 setup without a full power manager.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.job.environmentAdditional environment variables needed by the display manager.
Default:
{
}
Example:
{
SLIM_CFGFILE = ;
}
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.job.execCmdCommand to start the display manager.
Example:
"/nix/store/canykx02h8nkg0jaab2b4j0j9rgrq8pk-slim-1.3.6/bin/slim"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.job.logsXsessionWhether the display manager redirects the
output of the session script to
~/.xsession-errors.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.job.preStartScript executed before the display manager is started.
Default:
""
Example:
"rm -f /var/log/my-display-manager.log"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.kdm.enableWhether to enable the KDE display manager.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/kdm.nix>
|
services.xserver.displayManager.kdm.enableXDMCPWhether to enable XDMCP, which allows remote logins.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/kdm.nix>
|
services.xserver.displayManager.kdm.extraConfigOptions appended to kdmrc, the
configuration file of KDM.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/kdm.nix>
|
services.xserver.displayManager.kdm.setupScriptThe path to a KDM setup script. This script is run as root just before KDM starts. Can be used for setting up monitors with xrandr, for example.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/kdm.nix>
|
services.xserver.displayManager.kdm.themeDirectoryThe path to a KDM theme directory. This theme will be used by the KDM greeter.
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/kdm.nix>
|
services.xserver.displayManager.lightdm.enableWhether to enable lightdm as the display manager.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
|
services.xserver.displayManager.lightdm.greeterThe LightDM greeter to login via. The package should be a directory containing a .desktop file matching the name in the 'name' option.
Default:
{
name = "lightdm-gtk-greeter"; package = (build of lightdm-gtk-greeter);
}
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
|
services.xserver.displayManager.sessionList of sessions supported with the command used to start each
session. Each session script can set the
waitPID shell variable to make this script
wait until the end of the user session. Each script is used
to define either a windows manager or a desktop manager. These
can be differentiated by setting the attribute
manage either to "window"
or "desktop".
The list of desktop manager and window manager should appear
inside the display manager with the desktop manager name
followed by the window manager name.
Default:
[
]
Example:
[ { manage = "desktop";
name = "xterm";
start = ''
${pkgs.xterm}/bin/xterm -ls &
waitPID=$!
'';
}
]
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.sessionCommandsShell commands executed just before the window or desktop manager is started.
Default:
""
Example:
'' xmessage "Hello World!" & ''
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.slim.autoLoginAutomatically log in as the default user.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/slim.nix>
|
services.xserver.displayManager.slim.defaultUserThe default user to load. If you put a username here you get it automatically loaded into the username field, and the focus is placed on the password.
Default:
null
Example:
"login"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/slim.nix>
|
services.xserver.displayManager.slim.enableWhether to enable SLiM as the display manager.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/slim.nix>
|
services.xserver.displayManager.slim.themeThe theme for the SLiM login manager. If not specified, SLiM's default theme is used. See http://slim.berlios.de/themes01.php for a collection of themes. TODO: berlios shut down.
Default:
null
Example:
pkgs.fetchurl {
url = "mirror://sourceforge/slim.berlios/slim-wave.tar.gz";
sha256 = "0ndr419i5myzcylvxb89m9grl2xyq6fbnyc3lkd711mzlmnnfxdy";
}
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/slim.nix>
|
services.xserver.displayManager.xserverArgsList of arguments for the X server.
Default:
[
]
Example:
[
"-ac" "-logverbose" "-nolisten tcp"
]
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.xserverBinPath to the X server used by display managers.
Default:
"/nix/store/931myligsmm639a34dg2x6a01cjm8dfp-xorg-server-1.14.7/bin/X"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.enableWhether to enable the X server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.enableTCPWhether to allow the X server to accept TCP connections.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.exportConfigurationWhether to symlink the X server configuration under
/etc/X11/xorg.conf.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.extraDisplaySettingsLines to be added to every Display subsection of the Screen section.
Default:
""
Example:
"Virtual 2048 2048"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.layoutKeyboard layout.
Default:
"us"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.moduleSectionContents of the Module section of the X server configuration file.
Default:
""
Example:
'' SubSection "extmod" EndSubsection ''
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.modulesPackages to be added to the module search path of the X server.
Default:
[
]
Example:
[
(build of xf86-input-wacom-0.23.0)
]
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.monitorSectionContents of the first Monitor section of the X server configuration file.
Default:
""
Example:
"HorizSync 28-49"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.multitouch.enableWhether to enable multitouch touchpad support.
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/multitouch.nix>
|
services.xserver.multitouch.ignorePalmWhether to ignore touches detected as being the palm (i.e when typing)
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/multitouch.nix>
|
services.xserver.multitouch.invertScrollWhether to invert scrolling direction à la OSX Lion
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/multitouch.nix>
|
services.xserver.resolutionsThe screen resolutions for the X server. The first element is the default resolution. If this list is empty, the X server will automatically configure the resolution.
Default:
[
]
Example:
[
{
x = 1600; y = 1200;
}
{
x = 1024; y = 786;
}
]
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.screenSectionContents of the first Screen section of the X server configuration file.
Default:
""
Example:
'' Option "RandRRotation" "on" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.serverFlagsSectionContents of the ServerFlags section of the X server configuration file.
Default:
""
Example:
'' Option "BlankTime" "0" Option "StandbyTime" "0" Option "SuspendTime" "0" Option "OffTime" "0" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.serverLayoutSectionContents of the ServerLayout section of the X server configuration file.
Default:
""
Example:
'' Option "AIGLX" "true" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.startGnuPGAgentWhether to start the GnuPG agent when you log in. The GnuPG agent remembers private keys for you so that you don't have to type in passphrases every time you make an SSH connection or sign/encrypt data. Use ssh-add to add a key to the agent.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.synaptics.accelFactorCursor acceleration (how fast speed increases from minSpeed to maxSpeed).
Default:
"0.001"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.additionalOptionsAdditional options for synaptics touchpad driver.
Default:
""
Example:
'' Option "RTCornerButton" "2" Option "RBCornerButton" "3" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.buttonsMapRemap touchpad buttons.
Default:
[
1 2 3
]
Example:
[
1 3 2
]
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.devPath for touchpad device. Set to null to apply to any auto-detected touchpad.
Default:
null
Example:
"/dev/input/event0"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.enableWhether to enable touchpad support.
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.horizontalScrollWhether to enable horizontal scrolling (on touchpad)
Default:
true
Example:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.maxSpeedCursor speed factor for highest-speed finger motion.
Default:
"1.0"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.minSpeedCursor speed factor for precision finger motion.
Default:
"0.6"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.palmDetectWhether to enable palm detection (hardware support required)
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.tapButtonsWhether to enable tap buttons.
Default:
true
Example:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.twoFingerScrollWhether to enable two-finger drag-scrolling.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.vertEdgeScrollWhether to enable vertical edge drag-scrolling.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.ttyVirtual console for the X server.
Default:
7
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.useGlamorWhether to use the Glamor module for 2D acceleration, if possible.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.useXFSDetermines how to connect to the X Font Server.
Default:
false
Example:
"unix/:7100"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.vaapiDriversPackages providing libva acceleration drivers.
Default:
[
]
Example:
"[ pkgs.vaapiIntel pkgs.vaapiVdpau ]"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.videoDriverThe name of the video driver for your graphics card. This
option is obsolete; please set the
services.xserver.videoDrivers instead.
Default:
null
Example:
"i810"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.videoDriversThe names of the video drivers the configuration supports. They will be tried in order until one that supports your card is found.
Default:
[
"ati" "cirrus" "intel" "vesa" "vmware"
]
Example:
[
"vesa"
]
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.virtualScreenVirtual screen size for Xrandr.
Default:
null
Example:
{
x = 2048; y = 2048;
}
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.wacom.enableWhether to enable the Wacom touchscreen/digitizer/tablet.
If you ever have any issues such as, try switching to terminal (ctrl-alt-F1) and back
which will make Xorg reconfigure the device ?
If you're not satisfied by the default behaviour you can override
environment.etc."X11/xorg.conf.d/50-wacom.conf" in
configuration.nix easily.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/wacom.nix>
|
services.xserver.windowManager.awesome.enableEnable the Awesome window manager.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/awesome.nix>
|
services.xserver.windowManager.compiz.enableEnable the Compiz window manager.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/compiz.nix>
|
services.xserver.windowManager.compiz.renderingFlagPass the --indirect-rendering flag to Compiz.
Default:
""
Example:
"--indirect-rendering"
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/compiz.nix>
|
services.xserver.windowManager.defaultDefault window manager loaded if none have been chosen.
Default:
"none"
Example:
"wmii"
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/default.nix>
|
services.xserver.windowManager.herbstluftwm.enableEnable the herbstluftwm window manager.
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/herbstluftwm.nix>
|
services.xserver.windowManager.i3.configFilePath to the i3 configuration file. If left at the default value, $HOME/.i3/config will be used.
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/i3.nix>
|
services.xserver.windowManager.i3.enableEnable the i3 tiling window manager.
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/i3.nix>
|
services.xserver.windowManager.icewm.enableEnable the IceWM window manager.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/icewm.nix>
|
services.xserver.windowManager.metacity.enableEnable the metacity window manager.
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/metacity.nix>
|
services.xserver.windowManager.openbox.enableEnable the Openbox window manager.
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/openbox.nix>
|
services.xserver.windowManager.twm.enableEnable the twm window manager.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/twm.nix>
|
services.xserver.windowManager.wmii.enableEnable the wmii window manager.
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/wmii.nix>
|
services.xserver.windowManager.xmonad.enableEnable the xmonad window manager.
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
|
services.xserver.windowManager.xmonad.enableContribAndExtrasEnable xmonad-{contrib,extras} in Xmonad.
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
|
services.xserver.windowManager.xmonad.extraPackagesExtra packages available to ghc when rebuilding Xmonad. The
value must be a function which receives the attrset defined
in haskellpackages as the sole argument.
Default:
null
Example:
haskellPackages: [ haskellPackages.xmonadContrib haskellPackages.monadLogger ]
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
|
services.xserver.windowManager.xmonad.haskellPackageshaskellPackages used to build Xmonad and other packages.
This can be used to change the GHC version used to build
Xmonad and the packages listed in
extraPackages.
Default:
"pkgs.haskellPackages"
Example:
pkgs.haskellPackages_ghc701
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
|
services.xserver.xkbModelKeyboard model.
Default:
"pc104"
Example:
"presario"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.xkbOptionsX keyboard options; layout switching goes here.
Default:
"terminate:ctrl_alt_bksp"
Example:
"grp:caps_toggle, grp_led:scroll"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.xkbVariantX keyboard variant.
Default:
""
Example:
"colemak"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.xrandrHeadsSimple multiple monitor configuration, just specify a list of XRandR outputs which will be mapped from left to right in the order of the list. Be careful using this option with multiple graphic adapters or with drivers that have poor support for XRandR, unexpected things might happen with those.
Default:
[
]
Example:
[
"HDMI-0" "DVI-0"
]
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.zabbixAgent.enableWhether to run the Zabbix monitoring agent on this machine. It will send monitoring data to a Zabbix server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
|
services.zabbixAgent.extraConfigConfiguration that is injected verbatim into the configuration file.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
|
services.zabbixAgent.serverThe IP address or hostname of the Zabbix server to connect to.
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
|
services.zabbixServer.dbPasswordPassword used to connect to the database server.
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
|
services.zabbixServer.dbServerHostname or IP address of the database server. Use an empty string ("") to use peer authentication.
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
|
services.zabbixServer.enableWhether to run the Zabbix server on this machine.
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
|
services.zfs.autoSnapshot.dailyNumber of daily auto-snapshots that you wish to keep.
Default:
7
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.autoSnapshot.enableEnable the (OpenSolaris-compatible) ZFS auto-snapshotting service.
Note that you must set the com.sun:auto-snapshot
property to true on all datasets which you wish
to auto-snapshot.
You can override a child dataset to use, or not use auto-snapshotting
by setting its flag with the given interval:
zfs set com.sun:auto-snapshot:weekly=false DATASET
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.autoSnapshot.frequentNumber of frequent (15-minute) auto-snapshots that you wish to keep.
Default:
4
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.autoSnapshot.hourlyNumber of hourly auto-snapshots that you wish to keep.
Default:
24
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.autoSnapshot.monthlyNumber of monthly auto-snapshots that you wish to keep.
Default:
12
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.autoSnapshot.weeklyNumber of weekly auto-snapshots that you wish to keep.
Default:
4
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zope2.instanceszope2 instances to be created automaticaly by the system.
Default:
{
}
Example:
{
plone01 =
{
extra = "<zodb_db main>\n mount-point /\n cache-size 30000\n <blobstorage>\n blob-dir /var/lib/zope2/plone01/blobstorage\n <filestorage>\n path /var/lib/zope2/plone01/filestorage/Data.fs\n </filestorage>\n </blobstorage>\n</zodb_db>\n"; http_address = "127.0.0.1:8080";
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
|
services.zope2.instances.<name?>.clientHomeHome directory of zope2 instance.
Default:
"/var/lib/zope2/"
services.zope2.instances.<name?>.extraExtra zope.conf
Default:
''
<zodb_db main>
mount-point /
cache-size 30000
<blobstorage>
blob-dir /var/lib/zope2//blobstorage
<filestorage>
path /var/lib/zope2//filestorage/Data.fs
</filestorage>
</blobstorage>
</zodb_db>
''services.zope2.instances.<name?>.http_addressGive a port and adress for the HTTP server.
Default:
"localhost:8080"
services.zope2.instances.<name?>.nameThe name of the zope2 instance. If undefined, the name of the attribute set will be used.
Default:
""
services.zope2.instances.<name?>.packagesThe list of packages you want to make available to the zope2 instance.
services.zope2.instances.<name?>.threadsSpecify the number of threads that Zope's ZServer web server will use to service requests.
Default:
2
services.zope2.instances.<name?>.userThe name of the effective user for the Zope process.
Default:
"zope2"
sound.enableWhether to enable ALSA sound.
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
sound.enableOSSEmulationWhether to enable ALSA OSS emulation (with certain cards sound mixing may not work!).
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
swapDevicesThe swap devices and swap files. These must have been
initialised using mkswap. Each element
should be an attribute set specifying either the path of the
swap device or file (device) or the label
of the swap device (label, see
mkswap -L). Using a label is
recommended.
Default:
[
]
Example:
[
{
device = "/dev/hda7";
}
{
device = "/var/swapfile";
}
{
label = "bigswap";
}
]
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
|
swapDevices.*.devicePath of the device.
Example:
"/dev/sda3"
swapDevices.*.labelLabel of the device. Can be used instead of device.
Example:
"swap"
swapDevices.*.prioritySpecify the priority of the swap device. Priority is a value between 0 and 32767. Higher numbers indicate higher priority. null lets the kernel choose a priority, which will show up as a negative value.
Default:
null
Example:
2048
swapDevices.*.sizeIf this option is set, ‘device’ is interpreted as the path of a swapfile that will be created automatically with the indicated size (in megabytes) if it doesn't exist.
Default:
null
Example:
2048
system.activationScriptsA set of shell script fragments that are executed when a NixOS system configuration is activated. Examples are updating /etc, creating accounts, and so on. Since these are executed every time you boot the system or run nixos-rebuild, it's important that they are idempotent and fast.
Default:
{
}
Example:
{
stdio =
{
deps =
[
]
; text = "# Needed by some programs.\nln -sfn /proc/self/fd /dev/fd\nln -sfn /proc/self/fd/0 /dev/stdin\nln -sfn /proc/self/fd/1 /dev/stdout\nln -sfn /proc/self/fd/2 /dev/stderr\n";
}
;
}
Declared by:
<nixpkgs/nixos/modules/system/activation/activation-script.nix>
|
system.copySystemConfigurationIf enabled, copies the NixOS configuration file
$NIXOS_CONFIG (usually
/etc/nixos/configuration.nix)
to the system store path.
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
|
systemd.automountsDefinition of systemd automount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from the 'where' attribute.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Default:
[
]
systemd.automounts.*.automountConfigEach attribute in this set specifies an option in the
[Automount] section of the unit. See
systemd.automount(5) for details.
Default:
{
}
Example:
{
DirectoryMode = "0775";
}
systemd.automounts.*.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Default:
[
]
systemd.automounts.*.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Default:
[
]
systemd.automounts.*.conflictsIf the specified units are started, then this unit is stopped and vice versa.
Default:
[
]
systemd.automounts.*.descriptionDescription of this unit used in systemd messages and progress indicators.
Default:
""
systemd.automounts.*.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances (e.g. serial-getty@ttyS0)
from being started.
Default:
true
systemd.automounts.*.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Default:
[
]
systemd.automounts.*.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
Default:
[
]
systemd.automounts.*.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Default:
[
]
systemd.automounts.*.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Default:
[
]
systemd.automounts.*.unitConfigEach attribute in this set specifies an option in the
[Unit] section of the unit. See
systemd.unit(5) for details.
Default:
{
}
Example:
{
RequiresMountsFor = "/data";
}
systemd.automounts.*.wantedByUnits that want (i.e. depend on) this unit.
Default:
[
]
systemd.automounts.*.wantsStart the specified units when this unit is started.
Default:
[
]
systemd.automounts.*.whereAbsolute path of a directory of the mount point. Will be created if it doesn't exist. (Mandatory)
Example:
"/mnt"
systemd.defaultUnitDefault unit started when the system boots.
Default:
"multi-user.target"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.enableEmergencyModeWhether to enable emergency mode, which is an sulogin shell started on the console if mounting a filesystem fails. Since some machines (like EC2 instances) have no console of any kind, emergency mode doesn't make sense, and it's better to continue with the boot insofar as possible.
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.extraConfigExtra config options for systemd. See man systemd-system.conf for available options.
Default:
""
Example:
"DefaultLimitCORE=infinity"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.globalEnvironmentEnvironment variables passed to all systemd units.
Default:
{
}
Example:
{
TZ = "CET";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mountsDefinition of systemd mount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from the 'where' attribute.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Default:
[
]
systemd.mounts.*.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Default:
[
]
systemd.mounts.*.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Default:
[
]
systemd.mounts.*.conflictsIf the specified units are started, then this unit is stopped and vice versa.
Default:
[
]
systemd.mounts.*.descriptionDescription of this unit used in systemd messages and progress indicators.
Default:
""
systemd.mounts.*.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances (e.g. serial-getty@ttyS0)
from being started.
Default:
true
systemd.mounts.*.mountConfigEach attribute in this set specifies an option in the
[Mount] section of the unit. See
systemd.mount(5) for details.
Default:
{
}
Example:
{
DirectoryMode = "0775";
}
systemd.mounts.*.optionsOptions used to mount the file system.
Default:
""
Example:
"noatime"
systemd.mounts.*.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Default:
[
]
systemd.mounts.*.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
Default:
[
]
systemd.mounts.*.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Default:
[
]
systemd.mounts.*.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Default:
[
]
systemd.mounts.*.typeFile system type.
Default:
""
Example:
"ext4"
systemd.mounts.*.unitConfigEach attribute in this set specifies an option in the
[Unit] section of the unit. See
systemd.unit(5) for details.
Default:
{
}
Example:
{
RequiresMountsFor = "/data";
}
systemd.mounts.*.wantedByUnits that want (i.e. depend on) this unit.
Default:
[
]
systemd.mounts.*.wantsStart the specified units when this unit is started.
Default:
[
]
systemd.mounts.*.whatAbsolute path of device node, file or other resource. (Mandatory)
Example:
"/dev/sda1"
systemd.mounts.*.whereAbsolute path of a directory of the mount point. Will be created if it doesn't exist. (Mandatory)
Example:
"/mnt"
systemd.packageThe systemd package.
Default:
(build of systemd-212)
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.packagesPackages providing systemd units.
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.pathsDefinition of systemd path units.
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Default:
[
]
systemd.paths.<name>.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Default:
[
]
systemd.paths.<name>.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Default:
[
]
systemd.paths.<name>.conflictsIf the specified units are started, then this unit is stopped and vice versa.
Default:
[
]
systemd.paths.<name>.descriptionDescription of this unit used in systemd messages and progress indicators.
Default:
""
systemd.paths.<name>.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances (e.g. serial-getty@ttyS0)
from being started.
Default:
true
systemd.paths.<name>.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Default:
[
]
systemd.paths.<name>.pathConfigEach attribute in this set specifies an option in the
[Path] section of the unit. See
systemd.path(5) for details.
Default:
{
}
Example:
{
PathChanged = "/some/path"; Unit = "changedpath.service";
}
systemd.paths.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
Default:
[
]
systemd.paths.<name>.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Default:
[
]
systemd.paths.<name>.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Default:
[
]
systemd.paths.<name>.unitConfigEach attribute in this set specifies an option in the
[Unit] section of the unit. See
systemd.unit(5) for details.
Default:
{
}
Example:
{
RequiresMountsFor = "/data";
}
systemd.paths.<name>.wantedByUnits that want (i.e. depend on) this unit.
Default:
[
]
systemd.paths.<name>.wantsStart the specified units when this unit is started.
Default:
[
]
systemd.servicesDefinition of systemd service units.
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/testing/service-runner.nix>
|
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Default:
[
]
systemd.services.<name>.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Default:
[
]
systemd.services.<name>.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Default:
[
]
systemd.services.<name>.conflictsIf the specified units are started, then this unit is stopped and vice versa.
Default:
[
]
systemd.services.<name>.descriptionDescription of this unit used in systemd messages and progress indicators.
Default:
""
systemd.services.<name>.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances (e.g. serial-getty@ttyS0)
from being started.
Default:
true
systemd.services.<name>.environmentEnvironment variables passed to the service's processes.
Default:
{
}
Example:
{
LANG = "nl_NL.UTF-8"; PATH = "/foo/bar/bin";
}
systemd.services.<name>.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Default:
[
]
systemd.services.<name>.pathPackages added to the service's PATH
environment variable. Both the bin
and sbin subdirectories of each
package are added.
Default:
[
]
systemd.services.<name>.postStartShell commands executed after the service's main process is started.
Default:
""
systemd.services.<name>.postStopShell commands executed after the service's main process has exited.
Default:
""
systemd.services.<name>.preStartShell commands executed before the service's main process is started.
Default:
""
systemd.services.<name>.preStopShell commands executed to stop the service.
Default:
""
systemd.services.<name>.reloadIfChangedWhether the service should be reloaded during a NixOS
configuration switch if its definition has changed. If
enabled, the value of restartIfChanged is
ignored.
Default:
false
systemd.services.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
Default:
[
]
systemd.services.<name>.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Default:
[
]
systemd.services.<name>.restartIfChangedWhether the service should be restarted during a NixOS configuration switch if its definition has changed.
Default:
true
systemd.services.<name>.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Default:
[
]
systemd.services.<name>.scriptShell commands executed as the service's main process.
Default:
""
systemd.services.<name>.scriptArgsArguments passed to the main process script.
Default:
""
systemd.services.<name>.serviceConfigEach attribute in this set specifies an option in the
[Service] section of the unit. See
systemd.service(5) for details.
Default:
{
}
Example:
{
RestartSec = 5; StartLimitInterval = 10;
}
systemd.services.<name>.startAtAutomatically start this unit at the given date/time, which
must be in the format described in
systemd.time(5). This is equivalent
to adding a corresponding timer unit with
OnCalendar set to the value given here.
Default:
""
Example:
"Sun 14:00:00"
systemd.services.<name>.stopIfChangedIf set, a changed unit is restarted by calling
systemctl stop in the old configuration,
then systemctl start in the new one.
Otherwise, it is restarted in a single step using
systemctl restart in the new configuration.
The latter is less correct because it runs the
ExecStop commands from the new
configuration.
Default:
true
systemd.services.<name>.unitConfigEach attribute in this set specifies an option in the
[Unit] section of the unit. See
systemd.unit(5) for details.
Default:
{
}
Example:
{
RequiresMountsFor = "/data";
}
systemd.services.<name>.wantedByUnits that want (i.e. depend on) this unit.
Default:
[
]
systemd.services.<name>.wantsStart the specified units when this unit is started.
Default:
[
]
systemd.socketsDefinition of systemd socket units.
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Default:
[
]
systemd.sockets.<name>.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Default:
[
]
systemd.sockets.<name>.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Default:
[
]
systemd.sockets.<name>.conflictsIf the specified units are started, then this unit is stopped and vice versa.
Default:
[
]
systemd.sockets.<name>.descriptionDescription of this unit used in systemd messages and progress indicators.
Default:
""
systemd.sockets.<name>.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances (e.g. serial-getty@ttyS0)
from being started.
Default:
true
systemd.sockets.<name>.listenStreamsFor each item in this list, a ListenStream
option in the [Socket] section will be created.
Default:
[
]
Example:
[
"0.0.0.0:993" "/run/my-socket"
]
systemd.sockets.<name>.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Default:
[
]
systemd.sockets.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
Default:
[
]
systemd.sockets.<name>.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Default:
[
]
systemd.sockets.<name>.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Default:
[
]
systemd.sockets.<name>.socketConfigEach attribute in this set specifies an option in the
[Socket] section of the unit. See
systemd.socket(5) for details.
Default:
{
}
Example:
{
ListenStream = "/run/my-socket";
}
systemd.sockets.<name>.unitConfigEach attribute in this set specifies an option in the
[Unit] section of the unit. See
systemd.unit(5) for details.
Default:
{
}
Example:
{
RequiresMountsFor = "/data";
}
systemd.sockets.<name>.wantedByUnits that want (i.e. depend on) this unit.
Default:
[
]
systemd.sockets.<name>.wantsStart the specified units when this unit is started.
Default:
[
]
systemd.targetsDefinition of systemd target units.
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Default:
[
]
systemd.targets.<name>.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Default:
[
]
systemd.targets.<name>.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Default:
[
]
systemd.targets.<name>.conflictsIf the specified units are started, then this unit is stopped and vice versa.
Default:
[
]
systemd.targets.<name>.descriptionDescription of this unit used in systemd messages and progress indicators.
Default:
""
systemd.targets.<name>.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances (e.g. serial-getty@ttyS0)
from being started.
Default:
true
systemd.targets.<name>.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Default:
[
]
systemd.targets.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
Default:
[
]
systemd.targets.<name>.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Default:
[
]
systemd.targets.<name>.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Default:
[
]
systemd.targets.<name>.unitConfigEach attribute in this set specifies an option in the
[Unit] section of the unit. See
systemd.unit(5) for details.
Default:
{
}
Example:
{
RequiresMountsFor = "/data";
}
systemd.targets.<name>.wantedByUnits that want (i.e. depend on) this unit.
Default:
[
]
systemd.targets.<name>.wantsStart the specified units when this unit is started.
Default:
[
]
systemd.timersDefinition of systemd timer units.
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Default:
[
]
systemd.timers.<name>.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Default:
[
]
systemd.timers.<name>.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Default:
[
]
systemd.timers.<name>.conflictsIf the specified units are started, then this unit is stopped and vice versa.
Default:
[
]
systemd.timers.<name>.descriptionDescription of this unit used in systemd messages and progress indicators.
Default:
""
systemd.timers.<name>.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances (e.g. serial-getty@ttyS0)
from being started.
Default:
true
systemd.timers.<name>.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Default:
[
]
systemd.timers.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
Default:
[
]
systemd.timers.<name>.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Default:
[
]
systemd.timers.<name>.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Default:
[
]
systemd.timers.<name>.timerConfigEach attribute in this set specifies an option in the
[Timer] section of the unit. See
systemd.timer(5) and
systemd.time(5) for details.
Default:
{
}
Example:
{
OnCalendar = "Sun 14:00:00"; Unit = "foo.service";
}
systemd.timers.<name>.unitConfigEach attribute in this set specifies an option in the
[Unit] section of the unit. See
systemd.unit(5) for details.
Default:
{
}
Example:
{
RequiresMountsFor = "/data";
}
systemd.timers.<name>.wantedByUnits that want (i.e. depend on) this unit.
Default:
[
]
systemd.timers.<name>.wantsStart the specified units when this unit is started.
Default:
[
]
systemd.tmpfiles.rulesRules for creating and cleaning up temporary files automatically. See tmpfiles.d(5) for the exact format. You should not use this option to create files required by systemd services, since there is no guarantee that systemd-tmpfiles runs when the system is reconfigured using nixos-rebuild.
Default:
[
]
Example:
[
"d /tmp 1777 root root 10d"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.unitsDefinition of systemd units.
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.units.<name>.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances (e.g. serial-getty@ttyS0)
from being started.
Default:
true
systemd.units.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
Default:
[
]
systemd.units.<name>.textText of this systemd unit.
Default:
null
systemd.units.<name>.wantedByUnits that want (i.e. depend on) this unit.
Default:
[
]
systemd.user.servicesDefinition of systemd per-user service units.
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Default:
[
]
systemd.user.services.<name>.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Default:
[
]
systemd.user.services.<name>.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Default:
[
]
systemd.user.services.<name>.conflictsIf the specified units are started, then this unit is stopped and vice versa.
Default:
[
]
systemd.user.services.<name>.descriptionDescription of this unit used in systemd messages and progress indicators.
Default:
""
systemd.user.services.<name>.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances (e.g. serial-getty@ttyS0)
from being started.
Default:
true
systemd.user.services.<name>.environmentEnvironment variables passed to the service's processes.
Default:
{
}
Example:
{
LANG = "nl_NL.UTF-8"; PATH = "/foo/bar/bin";
}
systemd.user.services.<name>.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Default:
[
]
systemd.user.services.<name>.pathPackages added to the service's PATH
environment variable. Both the bin
and sbin subdirectories of each
package are added.
Default:
[
]
systemd.user.services.<name>.postStartShell commands executed after the service's main process is started.
Default:
""
systemd.user.services.<name>.postStopShell commands executed after the service's main process has exited.
Default:
""
systemd.user.services.<name>.preStartShell commands executed before the service's main process is started.
Default:
""
systemd.user.services.<name>.preStopShell commands executed to stop the service.
Default:
""
systemd.user.services.<name>.reloadIfChangedWhether the service should be reloaded during a NixOS
configuration switch if its definition has changed. If
enabled, the value of restartIfChanged is
ignored.
Default:
false
systemd.user.services.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
Default:
[
]
systemd.user.services.<name>.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Default:
[
]
systemd.user.services.<name>.restartIfChangedWhether the service should be restarted during a NixOS configuration switch if its definition has changed.
Default:
true
systemd.user.services.<name>.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Default:
[
]
systemd.user.services.<name>.scriptShell commands executed as the service's main process.
Default:
""
systemd.user.services.<name>.scriptArgsArguments passed to the main process script.
Default:
""
systemd.user.services.<name>.serviceConfigEach attribute in this set specifies an option in the
[Service] section of the unit. See
systemd.service(5) for details.
Default:
{
}
Example:
{
RestartSec = 5; StartLimitInterval = 10;
}
systemd.user.services.<name>.startAtAutomatically start this unit at the given date/time, which
must be in the format described in
systemd.time(5). This is equivalent
to adding a corresponding timer unit with
OnCalendar set to the value given here.
Default:
""
Example:
"Sun 14:00:00"
systemd.user.services.<name>.stopIfChangedIf set, a changed unit is restarted by calling
systemctl stop in the old configuration,
then systemctl start in the new one.
Otherwise, it is restarted in a single step using
systemctl restart in the new configuration.
The latter is less correct because it runs the
ExecStop commands from the new
configuration.
Default:
true
systemd.user.services.<name>.unitConfigEach attribute in this set specifies an option in the
[Unit] section of the unit. See
systemd.unit(5) for details.
Default:
{
}
Example:
{
RequiresMountsFor = "/data";
}
systemd.user.services.<name>.wantedByUnits that want (i.e. depend on) this unit.
Default:
[
]
systemd.user.services.<name>.wantsStart the specified units when this unit is started.
Default:
[
]
systemd.user.unitsDefinition of systemd per-user units.
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.units.<name>.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances (e.g. serial-getty@ttyS0)
from being started.
Default:
true
systemd.user.units.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
Default:
[
]
systemd.user.units.<name>.textText of this systemd unit.
Default:
null
systemd.user.units.<name>.wantedByUnits that want (i.e. depend on) this unit.
Default:
[
]
time.hardwareClockInLocalTimeIf set, keep the hardware clock in local time instead of UTC.
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/timezone.nix>
|
time.timeZoneThe time zone used when displaying times and dates.
Default:
"CET"
Example:
"America/New_York"
Declared by:
<nixpkgs/nixos/modules/config/timezone.nix>
|
users.defaultUserShellThis option defines the default shell assigned to user accounts. This must not be a store path, since the path is used outside the store (in particular in /etc/passwd). Rather, it should be the path of a symlink that points to the actual shell in the Nix store.
Declared by:
<nixpkgs/nixos/modules/programs/shadow.nix>
|
users.enforceIdUniquenessWhether to require that no two users/groups share the same uid/gid.
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraGroupsAdditional groups to be created automatically by the system.
Default:
{
}
Example:
{
hackers =
{
}
; students =
{
gid = 1001;
}
;
}
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraGroups.<name?>.gidThe group GID. If the mutableUsers option
is false, the GID cannot be null. Otherwise, the GID might be
null, in which case a free GID is picked on activation (by the
groupadd command).
Default:
null
users.extraGroups.<name?>.membersThe user names of the group members, added to the
/etc/group file.
Default:
[
]
users.extraGroups.<name?>.nameThe name of the group. If undefined, the name of the attribute set will be used.
users.extraUsersAdditional user accounts to be created automatically by the system. This can also be used to set options for root.
Default:
{
}
Example:
{
alice =
{
createHome = true; description = "Alice Q. User"; extraGroups =
[
"wheel"
]
; group = "users"; home = "/home/alice"; shell = "/bin/sh"; uid = 1234;
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name?>.createHomeIf true, the home directory will be created automatically. If this option is true and the home directory already exists but is not owned by the user, directory owner and group will be changed to match the user.
Default:
false
users.extraUsers.<name?>.createUserIndicates if the user should be created automatically as a local user. Set this to false if the user for instance is an LDAP user. NixOS will then not modify any of the basic properties for the user account.
Default:
true
users.extraUsers.<name?>.descriptionA short description of the user account, typically the
user's full name. This is actually the “GECOS” or “comment”
field in /etc/passwd.
Default:
""
Example:
"Alice Q. User"
users.extraUsers.<name?>.extraGroupsThe user's auxiliary groups.
Default:
[
]
users.extraUsers.<name?>.groupThe user's primary group.
Default:
"nogroup"
users.extraUsers.<name?>.hashedPasswordSpecifies the (hashed) password for the user.
The options hashedPassword,
password and passwordFile
controls what password is set for the user.
hashedPassword overrides both
password and passwordFile.
password overrides passwordFile.
If none of these three options are set, no password is assigned to
the user, and the user will not be able to do password logins.
If the option users.mutableUsers is true, the
password defined in one of the three options will only be set when
the user is created for the first time. After that, you are free to
change the password with the ordinary user management commands. If
users.mutableUsers is false, you cannot change
user passwords, they will always be set according to the password
options.
Default:
null
users.extraUsers.<name?>.homeThe user's home directory.
Default:
"/var/empty"
users.extraUsers.<name?>.isSystemUserIndicates if the user is a system user or not. This option
only has an effect if mutableUsers is
true and uid is
null, in which case it determines whether
the user's UID is allocated in the range for system users
(below 500) or in the range for normal users (starting at
1000).
Default:
false
users.extraUsers.<name?>.nameThe name of the user account. If undefined, the name of the attribute set will be used.
users.extraUsers.<name?>.openssh.authorizedKeys.keyFilesA list of files each containing one OpenSSH public key that should be
added to the user's authorized keys. The contents of the files are
read at build time and added to a file that the SSH daemon reads in
addition to the the user's authorized_keys file. You can combine the
keyFiles and keys options.
Default:
[
]
users.extraUsers.<name?>.openssh.authorizedKeys.keysA list of verbatim OpenSSH public keys that should be added to the
user's authorized keys. The keys are added to a file that the SSH
daemon reads in addition to the the user's authorized_keys file.
You can combine the keys and
keyFiles options.
Default:
[
]
users.extraUsers.<name?>.passwordSpecifies the (clear text) password for the user.
Warning: do not set confidential information here
because it is world-readable in the Nix store. This option
should only be used for public accounts.
The options hashedPassword,
password and passwordFile
controls what password is set for the user.
hashedPassword overrides both
password and passwordFile.
password overrides passwordFile.
If none of these three options are set, no password is assigned to
the user, and the user will not be able to do password logins.
If the option users.mutableUsers is true, the
password defined in one of the three options will only be set when
the user is created for the first time. After that, you are free to
change the password with the ordinary user management commands. If
users.mutableUsers is false, you cannot change
user passwords, they will always be set according to the password
options.
Default:
null
users.extraUsers.<name?>.passwordFileThe path to a file that contains the user's password. The password
file is read on each system activation. The file should contain
exactly one line, which should be the password in an encrypted form
that is suitable for the chpasswd -e command.
The options hashedPassword,
password and passwordFile
controls what password is set for the user.
hashedPassword overrides both
password and passwordFile.
password overrides passwordFile.
If none of these three options are set, no password is assigned to
the user, and the user will not be able to do password logins.
If the option users.mutableUsers is true, the
password defined in one of the three options will only be set when
the user is created for the first time. After that, you are free to
change the password with the ordinary user management commands. If
users.mutableUsers is false, you cannot change
user passwords, they will always be set according to the password
options.
Default:
null
users.extraUsers.<name?>.shellThe path to the user's shell.
Default:
"/run/current-system/sw/sbin/nologin"
users.extraUsers.<name?>.uidThe account UID. If the mutableUsers option
is false, the UID cannot be null. Otherwise, the UID might be
null, in which case a free UID is picked on activation (by the
useradd command).
Default:
null
users.extraUsers.<name?>.useDefaultShellIf true, the user's shell will be set to
cfg.defaultUserShell.
Default:
false
users.ldap.baseThe distinguished name of the search base.
Example:
"dc=example,dc=org"
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.bind.distinguishedNameThe distinguished name to bind to the LDAP server with. If this is not specified, an anonymous bind will be done.
Default:
""
Example:
"cn=admin,dc=example,dc=com"
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.bind.passwordThe path to a file containing the credentials to use when binding to the LDAP server (if not binding anonymously).
Default:
"/etc/ldap/bind.password"
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.bind.policySpecifies the policy to use for reconnecting to an unavailable
LDAP server. The default is hard_open, which
reconnects if opening the connection to the directory server
failed. By contrast, hard_init reconnects if
initializing the connection failed. Initializing may not
actually contact the directory server, and it is possible that
a malformed configuration file will trigger reconnection. If
soft is specified, then
nss_ldap will return immediately on server
failure. All hard reconnect policies block with exponential
backoff before retrying.
Default:
"hard_open"
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.bind.timeLimitSpecifies the time limit (in seconds) to use when connecting
to the directory server. This is distinct from the time limit
specified in users.ldap.timeLimit and affects
the initial server connection only.
Default:
30
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.daemon.enableWhether to let the nslcd daemon (nss-pam-ldapd) handle the LDAP lookups for NSS and PAM. This can improve performance, and if you need to bind to the LDAP server with a password, it increases security, since only the nslcd user needs to have access to the bindpw file, not everyone that uses NSS and/or PAM. If this option is enabled, a local nscd user is created automatically, and the nslcd service is started automatically when the network get up.
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.daemon.extraConfigExtra configuration options that will be added verbatim at the end of the nslcd configuration file (nslcd.conf).
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.enableWhether to enable authentication against an LDAP server.
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.extraConfigExtra configuration options that will be added verbatim at
the end of the ldap configuration file (ldap.conf).
If users.ldap.daemon is enabled, this
configuration will not be used. In that case, use
users.ldap.daemon.extraConfig instead.
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.serverThe URL of the LDAP server.
Example:
"ldap://ldap.example.org/"
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.timeLimitSpecifies the time limit (in seconds) to use when performing searches. A value of zero (0), which is the default, is to wait indefinitely for searches to be completed.
Default:
0
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.useTLSIf enabled, use TLS (encryption) over an LDAP (port 389)
connection. The alternative is to specify an LDAPS server (port
636) in users.ldap.server or to forego
security.
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.motdMessage of the day shown to users when they log in.
Default:
null
Example:
"Today is Sweetmorn, the 4th day of The Aftermath in the YOLD 3178."
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
users.mutableUsersIf true, you are free to add new users and groups to the system
with the ordinary useradd and
groupadd commands. On system activation, the
existing contents of the /etc/passwd and
/etc/group files will be merged with the
contents generated from the users.extraUsers and
users.extraGroups options. If
mutableUsers is false, the contents of the user and
group files will simply be replaced on system activation. This also
holds for the user passwords; if this option is false, all changed
passwords will be reset according to the
users.extraUsers configuration on activation. If
this option is true, the initial password for a user will be set
according to users.extraUsers, but existing passwords
will not be changed.
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
virtualisation.libvirtd.enableThis option enables libvirtd, a daemon that manages virtual machines. Users in the "libvirtd" group can interact with the daemon (e.g. to start or stop VMs) using the virsh command line tool, among others.
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.enableKVMThis option enables support for QEMU/KVM in libvirtd.
Default:
true
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.extraConfigExtra contents appended to the libvirtd configuration file, libvirtd.conf.
Default:
""
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|