NixOS Manual

This option allows modules to express conditions that must hold for the evaluation of the system configuration to succeed, along with associated error messages for the user.

Default: [ ]

Example: [ { assertion = false; msg = "you can't enable this for that reason"; } ]

Declared by:

Defined by:

List of names of kernel modules that should not be loaded automatically by the hardware probing code.

Default: [ ]

Example: [ "cirrusfb" "i2c_piix4" ]

Declared by:

Defined by:

Obsolete name of boot.loader.grub.bootDevice.

Default: none

Declared by:

Obsolete name of boot.loader.grub.copyKernels.

Default: none

Declared by:

Obsolete name of boot.loader.grub.extraEntries.

Default: none

Declared by:

Obsolete name of boot.loader.grub.extraEntriesBeforeNixOS.

Default: none

Declared by:

Additional user-defined kernel parameters.

Default: [ ]

Example: [ "debugtrace" ]

Declared by:

Any additional configuration to be appended to the generated modprobe.conf. This is typically used to specify module options. See modprobe.conf(5) for details.

Default: ""

Example: "options parport_pc io=0x378 irq=7 dma=1\n"

Declared by:

A list of additional packages supplying kernel modules.

Default: [ ]

Declared by:

Defined by:

Tty (virtual console) devices, in addition to the consoles on which mingetty and syslogd run, that must be initialised. Only useful if you have some program that you want to run on some fixed console. For example, the NixOS installation CD opens the manual in a web browser on console 7, so it sets boot.extraTTYs to ["tty7"].

Default: [ ]

Example: [ "tty8" "tty9" ]

Declared by:

Defined by:

Obsolete name of boot.loader.grub.device.

Default: none

Declared by:

Obsolete name of boot.loader.grub.splashImage.

Default: none

Declared by:

Whether to try to load kernel modules for all detected hardware. Usually this does a good job of providing you with the modules you need, but sometimes it can crash the system or cause other nasty effects. If the hardware scan is turned on, it can be disabled at boot time by adding the safemode parameter to the kernel command line.

Default: true

Declared by:

The set of kernel modules in the initial ramdisk used during the boot process. This set must include all modules necessary for mounting the root device. That is, it should include modules for the physical device (e.g., SCSI drivers) and for the file system (e.g., ext3). The set specified here is automatically closed under the module dependency relation, i.e., all dependencies of the modules list here are included automatically. The modules listed here are available in the initrd, but are only loaded on demand (e.g., the ext3 module is loaded automatically when an ext3 filesystem is mounted, and modules for PCI devices are loaded when they match the PCI ID of a device in your system). To force a module to be loaded, include it in boot.initrd.kernelModules.

Default: [ ]

Example: [ "sata_nv" "ext3" ]

Declared by:

Defined by:

Whether to run fsck on journaling filesystems such as ext3.

Default: true

Declared by:

Whether to show a nice splash screen while booting.

Default: true

Declared by:

Obsolete name of boot.initrd.kernelModules.

Default: none

Declared by:

Shell commands to be executed in the builder of the extra-utils derivation. This can be used to provide additional utilities in the initial ramdisk.

Default: ""

Declared by:

List of modules that are always loaded by the initrd.

Default: [ ]

Declared by:

Defined by:

Shell commands to be executed immediately after stage 1 of the boot has loaded kernel modules and created device nodes in /dev.

Default: ""

Declared by:

Shell commands to be executed immediately after the stage 1 filesystems have been mounted.

Default: ""

Declared by:

The set of kernel modules to be loaded in the second stage of the boot process. Note that modules that are needed to mount the root file system should be added to boot.initrd.availableKernelModules or boot.initrd.kernelModules.

Default: [ ]

Declared by:

Defined by:

This option allows you to override the Linux kernel used by NixOS. Since things like external kernel module packages are tied to the kernel you're using, it also overrides those. This option is a function that takes Nixpkgs as an argument (as a convenience), and returns an attribute set containing at the very least an attribute kernel. Additional attributes may be needed depending on your configuration. For instance, if you use the NVIDIA X driver, then it also needs to contain an attribute nvidia_x11.

Default: { atheros = (build of atheros-0.9.4); aufs = (build of aufs-20090414-2.6.32.10); aufs2 = (build of aufs2-a5883982f82ce927b3cbd8fc9c8d05865fc43bd9-2.6.32.10); aufs2Utils = ; exmap = (build of exmap-0.10); ext3cowtools = (build of ext3cow-tools); iwlwifi = (build of iwlwifi-1.2.25-2.6.32.10); iwlwifi4965ucode = (build of iwlwifi-4965-ucode-228.57.2.21); kernel = (build of ); kqemu = (build of kqemu-1.4.0pre1); ndiswrapper = (build of ndiswrapper-1.53-stable); nvidia_x11 = (build of nvidia-x11-190.53-2.6.32.10); nvidia_x11_legacy = (build of nvidia-x11-96.43.14-2.6.32.10); openafsClient = (build of openafs-1.4.11-2.6.32.10); ov511 = (build of ov511-2.30); snix = (build of snix-0.12rev10946); splashutils = (build of splashutils-1.5.4.3); sysprof = (build of sysprof-1.0.10-2.6.32.10); virtualbox = (build of virtualbox-3.1.4-2.6.32.10); virtualboxGuestAdditions = (build of VirtualBox-GuestAdditions-3.1.4); wis_go7007 = (build of wis-go7007-0.9.8-2.6.32.10); }

Example: "pkgs.linuxPackages_2_6_25"

Declared by:

The kernel parameters. If you want to add additional parameters, it's best to set boot.extraKernelParams.

Default: [ ]

Declared by:

Defined by:

Whether copy the necessary boot files into /boot, so /nix/store is not needed by the boot loadear.

Default: false

Declared by:

Whether to enable the simple preparation of symlinks to the system generations in /boot.

Default: false

Declared by:

Obsolete.

Default: ""

Declared by:

Maximum of configurations in boot menu. GRUB has problems when there are too many entries.

Default: 100

Example: 120

Declared by:

GRUB entry name instead of default.

Default: ""

Example: "Stable 2.6.21"

Declared by:

Whether the GRUB menu builder should copy kernels and initial ramdisks to /boot. This is done automatically if /boot is on a different partition than /.

Default: false

Declared by:

Index of the default menu item to be booted.

Default: 0

Declared by:

The device on which the boot loader, GRUB, will be installed. If empty, GRUB won't be installed and it's your responsibility to make the system bootable.

Default: ""

Example: "/dev/hda"

Declared by:

Whether to enable the GNU GRUB boot loader.

Default: true

Declared by:

Defined by:

Any additional entries you want added to the GRUB boot menu.

Default: ""

Example: "title Windows\n chainloader (hd0,1)+1\n"

Declared by:

Whether extraEntries are included before the default option.

Default: false

Declared by:

Background image used for GRUB. It must be a 640x480, 14-colour image in XPM format, optionally compressed with gzip or bzip2. Set to null to run GRUB in text mode.

Default: (build of 36909-soft-tux.xpm.gz)

Example:

Declared by:

Timeout (in seconds) until GRUB boots the default menu item.

Default: 5

Declared by:

The version of GRUB to use: 1 for GRUB Legacy (versions 0.9x), or 2 for GRUB 2.

Default: 1

Example: 2

Declared by:

Defined by:

Some systems require a /sbin/init script which is started. Or having it makes starting NixOS easier. This applies to some kind of hosting services and user mode linux. Additionaly this script will create /boot/init-other-configurations-contents.txt containing contents of remaining configurations. You can copy paste them into /sbin/init manually running a recue system or such.

Default: false

Declared by:

Shell commands to be executed just before Upstart is started.

Default: ""

Example: "rm -f /var/log/messages"

Declared by:

Device for manual resume attempt during boot. Looks like major:minor. ls -l /dev/SWAP_PARTION shows them.

Default: ""

Example: "0:0"

Declared by:

Whether to activate VESA video mode on boot

Default: true

Example: false

Declared by:

Whether to check the validity of the entire configuration.

Default: true

Example: false

Declared by:

List of files that have to be linked in /etc.

Default: [ ]

Example: [ { mode = "0440"; source = "/nix/store/.../etc/dir/file.conf.example"; target = "dir/file.conf"; } ]

Declared by:

Defined by:

Obsolete name of environment.systemPackages.

Default: none

Declared by:

Additional KDE packages to be used when you use KDE as a desktop manager. By default, you only get the KDE base packages.

Default: [ ]

Example: [ (build of kdegames-4.4.1) ]

Declared by:

Defined by:

This option specifies the Nix package instance to use throughout the system.

Default: (build of nix-0.15)

Example:

Declared by:

Switch off the options in the default configuration that require X libraries. Currently this includes: sshd.forwardX11, dbus, hal, fonts.enableCoreFonts, fonts.enableFontConfig

Default: false

Example: true

Declared by:

Lists directories to be symlinked in `/var/run/current-system/sw'.

Default: [ "/bin" "/sbin" "/lib" "/share/man" "/share/info" "/man" "/info" ]

Example: [ "/" ]

Declared by:

Script used to initialized user shell environments.

Default: ""

Example: "export PATH=/godi/bin/:$PATH"

Declared by:

Defined by:

The set of packages that appear in /var/run/current-system/sw. These packages are automatically available to all users, and are automatically updated every time you rebuild the system configuration. (The latter is the main difference with installing them in the default profile, /nix/var/nix/profiles/default.

Default: [ ]

Example: [ (build of firefox-3.5.8) (build of thunderbird-2.0.0.22) ]

Declared by:

Defined by:

specifies unix odbc drivers to be registered at /etc/odbcinst.ini. Maybe you also want to add pkgs.unixODBC to the system path to get a command line client t connnect to odbc databases.

Default: [ ]

Example: "map (x : x.ini) (with pkgs.unixODBCDrivers; [ mysql psql psqlng ] )"

Declared by:

List of packages added to the system when the X server is activated (services.xserver.enable).

Default: [ ]

Declared by:

Defined by:

The file systems to be mounted. It must include an entry for the root directory (mountPoint = "/"). Each entry in the list is an attribute set with the following fields: mountPoint, device, fsType (a file system type recognised by mount; defaults to "auto"), and options (the mount options passed to mount using the -o flag; defaults to "defaults"). Instead of specifying device, you can also specify a volume label (label) for file systems that support it, such as ext2/ext3 (see mke2fs -L). autocreate forces mountPoint to be created with mkdir -p .

Default: none

Example: [ { device = "/dev/hda1"; mountPoint = "/"; } { device = "/dev/hda2"; fsType = "ext3"; mountPoint = "/data"; options = "data=journal"; } { label = "bigdisk"; mountPoint = "/bigdisk"; } ]

Declared by:

Automatically create the mount point defined in fileSystems.*.mountPoint.

Default: false

Declared by:

Location of the device.

Default:

Example: "/dev/sda"

Declared by:

Type of the file system.

Default: "auto"

Example: "ext3"

Declared by:

Label of the device (if any).

Default:

Example: "root-partition"

Declared by:

Location of the mounted the file system.

Default: none

Example: "/mnt/usb"

Declared by:

Mount this file system to boot on NixOS.

Default: false

Declared by:

Option used to mount the file system.

Default: "defaults,relatime"

Example: "data=journal"

Declared by:

Whether to include Microsoft's proprietary Core Fonts. These fonts are redistributable, but only verbatim, among other restrictions. See http://corefonts.sourceforge.net/eula.htm for details.

Default: false

Declared by:

Defined by:

If enabled, a Fontconfig configuration file will be built pointing to a set of default fonts. If you don't care about running X11 applications or any other program that uses Fontconfig, you can turn this option off and prevent a dependency on all those fonts.

Default: true

Declared by:

Defined by:

Whether to create a directory with links to all fonts in share - so user can configure vncserver script one time (I mean per-user vncserver, so global service is not a good solution).

Default: false

Declared by:

Whether to add the fonts provided by Ghostscript (such as various URW fonts and the ``Base-14'' Postscript fonts) to the list of system fonts, making them available to X11 applications.

Default: false

Declared by:

List of additional fonts.

Default: [ ]

Declared by:

List of primary font paths.

Default: [ "~/.fonts" "~/.nix-profile/lib/X11/fonts" "~/.nix-profile/share/fonts" "/nix/var/nix/profiles/default/lib/X11/fonts" "/nix/var/nix/profiles/default/share/fonts" ]

Declared by:

When enable, GNU software is chosent by default whenever a there is a choice between GNU and non-GNU software (e.g., GNU lsh vs. OpenSSH).

Default: false

Declared by:

List of directories containing firmware files. Such files will be loaded automatically if the kernel asks for them (i.e., when it has detected specific hardware that requires firmware to function).

Default: [ ]

Example: [ "/root/my-firmware" ]

Declared by:

Defined by:

Path to the configuration file which map the memory, irq and ports used by the PCMCIA hardware.

Default:

Declared by:

Enable this option to support PCMCIA card.

Default: false

Declared by:

List of firmware used to handle specific PCMCIA card.

Default: [ ]

Declared by:

The font used for the virtual consoles. Leave empty to use whatever the setfont program considers the default font.

Default: "lat9w-16"

Example: "LatArCyrHeb-16"

Declared by:

The keyboard mapping table for the virtual consoles.

Default: "us"

Example: "fr"

Declared by:

The default locale. It determines the language for program messages, the format for dates and times, sort order, and so on. It also determines the character set, such as UTF-8.

Default: "en_US.UTF-8"

Example: "nl_NL.UTF-8"

Declared by:

List of locales that the system should support. The value "all" means that all locales supported by Glibc will be installed. A full list of supported locales can be found at http://sourceware.org/cgi-bin/cvsweb.cgi/libc/localedata/SUPPORTED?cvsroot=glibc.

Default: [ "all" ]

Example: [ "en_US.UTF-8/UTF-8" "nl_NL.UTF-8/UTF-8" "nl_NL/ISO-8859-1" ]

Declared by:

The group IDs used in NixOS.

Default: none

Declared by:

Defined by:

The user IDs used in NixOS.

Default: none

Declared by:

Defined by:

URLs of manifests to be downloaded when you run nixos-rebuild to speed up builds.

Default: [ "http://nixos.org/releases/nixpkgs/channels/nixpkgs-unstable/MANIFEST" ]

Example: [ "http://nixos.org/releases/nixpkgs/channels/nixpkgs-unstable/MANIFEST" "http://nixos.org/releases/nixpkgs/channels/nixpkgs-stable/MANIFEST" ]

Declared by:

URL of the Nixpkgs distribution to use when building the installation CD.

Default: ""

Example: "http://nixos.org/releases/nix/nixpkgs-0.11pre7577"

Declared by:

Defines, for each supported version control system (e.g. git), the dependencies for the mechanism, as well as a test used to determine whether a directory is a checkout created by that version control system.

Default: { git = { env = [ (build of ) (build of ) (build of ) ] ; valid = "[ -d .git ]"; } ; svn = { env = [ (build of ) (build of subversion-1.6.9) ] ; valid = "[ -d .svn ]"; } ; }

Declared by:

The NixOS repository from which the system will be built. nixos-checkout will update all working copies of the given repositories, nixos-rebuild will use the first item which has the attribute default = true falling back to the first item. The type defines the repository tool added to the path. It also defines a "valid" repository. If the target directory already exists and it's not valid it will be moved to the backup location dir-date. For svn the default target and repositories are /etc/nixos/nixos and https://svn.nixos.org/repos/nix/nixos/trunk. For git repositories update is called after initialization when the repo is initialized. The initialize code is run from working directory dirname target and should create the directory dir. For the executables used see repoTypes.

Default: [ { type = "svn"; } ]

Example: [ { target = "/etc/nixos/nixos-stdenv-updates"; type = "svn"; url = "https://svn.nixos.org/repos/nix/nixos/branches/stdenv-updates"; } { initialize = "git clone git://mawercer.de/nixos $target"; target = "/etc/nixos/nixos-git"; type = "git"; update = "git pull origin"; } ]

Declared by:

same as repos.nixos

Default: [ { type = "svn"; } ]

Declared by:

This option defines the system jobs started and managed by the Upstart daemon.

Default: { }

Declared by:

Defined by:

Command run while building the Upstart job. Can be used to perform simple regression tests (e.g., the Apache Upstart job uses it to check the syntax of the generated httpd.conf.

Default: "true"

Declared by:

Determines how Upstart detects when a daemon should be considered “running”. The value none means that the daemon is considered ready immediately. The value fork means that the daemon will fork once. The value daemon means that the daemon will fork twice. The value stop means that the daemon will raise the SIGSTOP signal to indicate readiness.

Default: "none"

Declared by:

A short description of this job.

Default: "(no description given)"

Declared by:

Environment variables passed to the job's processes.

Default: { }

Example: { LANG = "nl_NL.UTF-8"; PATH = "/foo/bar/bin"; }

Declared by:

Command to start the job's main process. If empty, the job has no main process, but can still have pre/post-start and pre/post-stop scripts, and is considered “running” until it is stopped.

Default: ""

Declared by:

Additional Upstart stanzas not otherwise supported.

Default: ""

Example: "limit nofile 4096 4096"

Declared by:

Derivation that builds the Upstart job file. The default value is generated from other options.

Default: (build of upstart-_name_.conf)

Declared by:

Name of the Upstart job.

Default: none

Example: "sshd"

Declared by:

Defined by:

Shell commands executed after the job is started (i.e. after the job's main process is started), but before the job is considered “running”.

Default: ""

Declared by:

Shell commands executed after the job has stopped (i.e. after the job's main process has terminated).

Default: ""

Declared by:

Shell commands executed before the job is started (i.e. before the job's main process is started).

Default: ""

Declared by:

Shell commands executed before the job is stopped (i.e. before Upstart kills the job's main process). This can be used to cleanly shut down a daemon.

Default: ""

Declared by:

Whether to restart the job automatically if its process ends unexpectedly.

Default: true

Declared by:

Shell commands executed as the job's main process. Can be specified instead of the exec attribute.

Default: ""

Declared by:

The Upstart event that triggers this job to be started. If empty, the job will not start automatically.

Default: ""

Declared by:

The Upstart event that triggers this job to be stopped.

Default: "shutdown"

Declared by:

Whether this job is a task rather than a service. Tasks are executed only once, while services are restarted when they exit.

Default: false

Declared by:

Deprecated name of environment.kdePackages.

Default: none

Declared by:

Default realm.

Default: "ATENA.MIT.EDU"

Declared by:

Whether to enable Kerberos V.

Default: false

Declared by:

Kerberos Domain Controller

Default: "kerberos.mit.edu"

Declared by:

Kerberos Admin Server

Default: "kerberos.mit.edu"

Declared by:

Additional configurations to build.

Default: [ ]

Declared by:

The interface wpa_supplicant will use, if enableWLAN is enabled.

Default: "wlan0"

Declared by:

The default gateway. It can be left empty if it is auto-detected through DHCP.

Default: ""

Example: "131.211.84.1"

Declared by:

Use the trivial Mail Transfer Agent (MTA) ssmtp package to allow programs to send e-mail. If you don't want to run a ``real'' MTA like sendmail or postfix on your machine, set this option to true, and set the option networking.defaultMailServer.hostName to the host name of your preferred mail server.

Default: false

Example: true

Declared by:

The domain from which mail will appear to be sent.

Default: ""

Example: "example.org"

Declared by:

The host name of the default mail server to use to deliver e-mail.

Default: none

Example: "mail.example.org"

Declared by:

Whether the STARTTLS should be used to connect to the default mail server. (This is needed for TLS-capable mail servers running on the default SMTP port 25.)

Default: false

Example: true

Declared by:

Whether TLS should be used to connect to the default mail server.

Default: false

Example: true

Declared by:

The domain. It can be left empty if it is auto-detected through DHCP.

Default: ""

Example: "home"

Declared by:

Turn on this option if you want firmware for the Intel PRO/Wireless 2200BG to be loaded automatically. This is required if you want to use this device. Intel requires you to accept the license for this firmware, see http://ipw2200.sourceforge.net/firmware.php?fid=7.

Default: false

Declared by:

This option enables automatic loading of the firmware for the Intel PRO/Wireless 3945ABG.

Default: false

Declared by:

Turn on this option if you want firmware for the RT73 NIC

Default: false

Declared by:

Whether to start wpa_supplicant to scan for and associate with wireless networks. Note: NixOS currently does not generate wpa_supplicant's configuration file, /etc/wpa_supplicant.conf. You should edit this file yourself to define wireless networks, WPA keys and so on (see wpa_supplicant.conf(5)).

Default: false

Declared by:

Additional entries to be appended to /etc/hosts.

Default: ""

Example: "192.168.0.1 lanlocalhost"

Declared by:

List of TCP ports on which incoming connections are accepted.

Default: [ ]

Example: [ 22 80 ]

Declared by:

Defined by:

Whether to enable the firewall.

Default: false

Declared by:

Whether to log rejected or dropped incoming connections.

Default: true

Declared by:

Whether to log all rejected or dropped incoming packets. This tends to give a lot of log messages, so it's mostly useful for debugging.

Default: false

Declared by:

If set, forbidden packets are rejected rather than dropped (ignored). This means that a ICMP "port unreachable" error message is sent back to the client. Rejecting packets makes port scanning somewhat easier.

Default: false

Declared by:

The name of the machine. Leave it empty if you want to obtain it from a DHCP server (if using DHCP).

Default: "nixos"

Declared by:

If true, beep when an Ethernet cable is plugged in or unplugged.

Default: false

Declared by:

If true, monitor Ethernet interfaces for cables being plugged in or unplugged. When this occurs, the dhclient service is restarted to automatically obtain a new IP address. This is useful for roaming users (laptops).

Default: false

Declared by:

The configuration for each network interface. If networking.useDHCP is true, then every interface not listed here will be configured using DHCP.

Default: [ ]

Example: [ { ipAddress = "131.211.84.78"; name = "eth0"; subnetMask = "255.255.255.128"; } ]

Declared by:

IP address of the interface. Leave empty to configure the interface using DHCP.

Default: ""

Example: "10.0.0.1"

Declared by:

Name of the interface.

Default: none

Example: "eth0"

Declared by:

Subnet mask of the interface. Leave empty to use the default subnet mask.

Default: ""

Example: "255.255.255.0"

Declared by:

Shell commands to be executed at the end of the network-interfaces Upstart job. Note that if you are using DHCP to obtain the network configuration, interfaces may not be fully configured yet.

Default: ""

Example: "text=anything; echo You can put $text here."

Declared by:

The list of nameservers. It can be left empty if it is auto-detected through DHCP.

Default: [ ]

Example: [ "130.161.158.4" "130.161.33.17" ]

Declared by:

Whether to use IPv6 even though gw6c is not used. For example, for Postfix.

Default: false

Declared by:

Whether to use DHCP to obtain an IP adress and other configuration for all network interfaces that are not manually configured.

Default: true

Declared by:

Whether to start wicd. Wired and wireless network configurations can then be managed by wicd-client.

Default: false

Declared by:

This option lists the machines to be used if distributed builds are enabled (see nix.distributedBuilds). Nix will perform derivations on those machines via SSh by copying the inputs to the Nix store on the remote machine, starting the build, then copying the output back to the local Nix store. Each element of the list should be an attribute set containing the machine's host name (hostname), the user name to be used for the SSH connection (sshUser), the Nix system type (system, e.g., "i686-linux"), the maximum number of jobs to be run in parallel on that machine (maxJobs), and the path to the SSH private key to be used to connect (sshKey). The SSH private key should not have a passphrase, and the corresponding public key should be added to ~sshUser/authorized_keys on the remote machine.

Default: none

Example: [ { hostName = "voila.labs.cs.uu.nl"; maxJobs = 1; sshKey = "/root/.ssh/id_buildfarm"; sshUser = "nix"; system = "powerpc-darwin"; } { hostName = "linux64.example.org"; maxJobs = 2; sshKey = "/root/.ssh/id_buildfarm"; sshUser = "buildfarm"; system = "x86_64-linux"; } ]

Declared by:

Nix daemon process I/O priority. This priority propagates to build processes. 0 is the default Unix process I/O priority, 7 is the lowest.

Default: 7

Declared by:

Nix daemon process priority. This priority propagates to build processes. 0 is the default Unix process priority, 20 is the lowest.

Default: 10

Declared by:

Whether to distribute builds to the machines listed in nix.buildMachines.

Default: false

Declared by:

Environment variables used by Nix.

Default: ""

Declared by:

Defined by:

This option allows to append lines to nix.conf.

Default: ""

Example: "\n gc-keep-outputs = true\n gc-keep-derivations = true\n "

Declared by:

Automatically run the garbage collector at specified dates.

Default: false

Example: true

Declared by:

Run the garbage collector at specified dates to avoid full hard-drives.

Default: "15 03 * * *"

Declared by:

Options given to nix-collect-garbage when the garbage collector is run automatically.

Default: ""

Example: "--max-freed $((64 * 1024**3))"

Declared by:

Whether to manually manage the list of buildmachines used in distributed builds in /etc/nix.machines.

Default: false

Declared by:

This option defines the maximum number of jobs that Nix will try to build in parallel. The default is 1. You should generally set it to the number of CPUs in your system (e.g., 2 on a Athlon 64 X2).

Default: 1

Example: 2

Declared by:

Number of nixbld user accounts created to perform secure concurrent builds. If you receive an error message saying that “all build users are currently in use”, you should increase this value.

Default: 10

Declared by:

This option specifies the proxy to use for fetchurl. The real effect is just exporting http_proxy, https_proxy and ftp_proxy with that value.

Default: ""

Example: "http://127.0.0.1:3128"

Declared by:

If set, Nix will perform builds in a chroot-environment that it will set up automatically for each build. This prevents impurities in builds by disallowing access to dependencies outside of the Nix store.

Default: false

Example: true

Declared by:

The configuration of the Nix Packages collection.

Default: { }

Example: { firefox = { enableGeckoMediaPlayer = true; } ; }

Declared by:

The platform for the Nix Packages collection.

Default: { kernelArch = "i386"; kernelAutoModules = true; kernelBaseConfig = "defconfig"; kernelExtraConfig = "# Virtualisation (KVM, Xen...).\nPARAVIRT_GUEST y\nKVM_CLOCK y\nKVM_GUEST y\nXEN y\nKSM y\n\n# We need 64 GB (PAE) support for Xen guest support.\nHIGHMEM64G? y\n"; kernelHeadersBaseConfig = "defconfig"; kernelTarget = "bzImage"; name = "pc"; uboot = ; }

Declared by:

This attribute set will be exported as a system attribute. You can put whatever you want here.

Default: none

Declared by:

Whether to enable power management. This includes support for suspend-to-RAM and powersave features on laptops.

Default: false

Declared by:

Commands executed when the machine powers up. That is, they're executed both when the system first boots and when it resumes from suspend or hibernation.

Default: ""

Example: "/nix/store/sa5p827x18z9r6pszxgxzzcmq1ksaskh-hdparm-8.7/sbin/hdparm -B 255 /dev/sda"

Declared by:

Commands executed after the system resumes from suspend-to-RAM.

Default: ""

Declared by:

Defined by:

FIXME: find another place for this option. FIXME: find a good description.

Default: [ ]

Declared by:

Defined by:

This option lists additional programs that must be made setuid root.

Default: [ ]

Example: [ "fusermount" ]

Declared by:

Defined by:

Define resource limits that should apply to users or groups for the login service. Each item in the list should be an attribute set with a domain, type, item, and value attribute. The syntax and semantics of these attributes must be that described in the limits.conf(5) man page.

Default: [ ]

Example: [ { domain = "ftp"; item = "nproc"; type = "hard"; value = "0"; } { domain = "@student"; item = "maxlogins"; type = "-"; value = "4"; } ]

Declared by:

This option defines the PAM services. A service typically corresponds to a program that uses PAM, e.g. login or passwd. Each element of this list is an attribute set describing a service. The attribute name specifies the name of the service. The attribute rootOK specifies whether the root user is allowed to use this service without authentication. The attribute ownDevices specifies whether ConsoleKit's PAM connector module should be used to give the user ownership of devices such as audio and CD-ROM drives. The attribute forwardXAuth specifies whether X authentication keys should be passed from the calling user to the target user (e.g. for su). The attribute limits defines resource limits that should apply to users or groups for the service. Each item in the list should be an attribute set with a domain, type, item, and value attribute. The syntax and semantics of these attributes must be that described in the limits.conf(5) man page.

Default: [ ]

Example: [ { name = "chsh"; rootOK = true; } { allowNullPassword = true; limits = [ { domain = "ftp"; item = "nproc"; type = "hard"; value = "0"; } ] ; name = "login"; ownDevices = true; } ]

Declared by:

Defined by:

Enable USB login for all login system unless the service disabled it. For more information, visit http://pamusb.org/doc/quickstart#setting_up.

Default: false

Declared by:

Private key. Make it string argument, so it is not copied into store.

Default: "/var/elliptic-keys/private"

Declared by:

Public key. Make it path argument, so it is copied into store and hashed. The key is used to encrypt Gateway 6 configuration in store, as it contains a password for external service. Unfortunately, derivation file should be protected by other means. For example, nix-http-export.cgi will happily export any non-derivation path, but not a derivation.

Default:

Declared by:

This option allows the ownership and permissions on the setuid wrappers for specific programs to be overriden from the default (setuid root, but not setgid root).

Default: [ ]

Example: [ { group = "postdrop"; owner = "nobody"; program = "sendmail"; setgid = true; setuid = false; } ]

Declared by:

Defined by:

Only the programs from system path listed here will be made setuid root (through a wrapper program).

Default: [ ]

Declared by:

Defined by:

This string contains the contents of the sudoers file.

Default: "# Don't edit this file. Set nixos option security.sudo.configFile instead\n\n# \"root\" is allowed to do anything.\nroot ALL=(ALL) SETENV: ALL\n\n# Users in the \"wheel\" group can do anything.\n%wheel ALL=(ALL) SETENV: ALL\n"

Declared by:

Whether to enable the sudo command, which allows non-root users to execute commands as root.

Default: true

Declared by:

This option defines the path to the setuid wrappers. It should generally not be overriden.

Default: "/var/setuid-wrappers"

Declared by:

Whether to enable the ACPI daemon.

Default: false

Declared by:

Defined by:

Whether to make /var/spool/at{jobs,spool} writeable by everyone (and sticky). This is normally not needed since the `at' commands are setuid/setgid `atd'.

Default: false

Declared by:

Whether to enable the `at' daemon, a command scheduler.

Default: true

Declared by:

file contents of /etc/auto.master. See man auto.master See man 5 auto.master and man 5 autofs.

Default: none

Example: "autoMaster = let\n mapConf = pkgs.writeText \"auto\" ''\n kernel -ro,soft,intr ftp.kernel.org:/pub/linux\n boot -fstype=ext2 :/dev/hda1\n windoze -fstype=smbfs ://windoze/c\n removable -fstype=ext2 :/dev/hdd\n cd -fstype=iso9660,ro :/dev/hdc\n floppy -fstype=auto :/dev/fd0\n server -rw,hard,intr / -ro myserver.me.org:/ \\\n /usr myserver.me.org:/usr \\\n /home myserver.me.org:/home\n '';\nin ''\n /auto file:${mapConf}\n''\n"

Declared by:

pass -d and -7 to automount and write log to /var/log/autofs

Default: false

Declared by:

Mount filesystems on demand. Unmount them automatically. You may also be interested in afuese.

Default: false

Declared by:

kernel modules to load

Default: [ "fuse" ]

Declared by:

Set the global minimum timeout, in seconds, until directories are unmounted

Default: 600

Declared by:

List of non-local DNS domains to be browsed.

Default: [ "0pointer.de" "zeroconf.org" ]

Declared by:

Whether to run the Avahi daemon, which allows Avahi clients to use Avahi's service discovery facilities and also allows the local machine to advertise its presence and services (through the mDNS responder implemented by `avahi-daemon').

Default: false

Declared by:

Host name advertised on the LAN.

Default: "nixos"

Declared by:

Whether to use IPv4

Default: true

Declared by:

Whether to use IPv6

Default: false

Declared by:

Whether to enable the mDNS NSS (Name Service Switch) plug-in. Enabling it allows applications to resolve names in the `.local' domain by transparently querying the Avahi daemon. Warning: Currently, enabling this option breaks DNS lookups after a `nixos-rebuild'. This is because `/etc/nsswitch.conf' is updated to use `nss-mdns' but `libnss_mdns' is not in applications' `LD_LIBRARY_PATH'. The next time `/etc/profile' is sourced, it will set up an appropriate `LD_LIBRARY_PATH', though.

Default: false

Declared by:

Whether to allow publishing.

Default: true

Declared by:

Whether to enable wide-area service discovery.

Default: true

Declared by:

What networks are just blocked.

Default: [ ]

Declared by:

What networks are allowed to use us as a resolver.

Default: [ "127.0.0.0/24" ]

Declared by:

Whether to enable BIND domain name server.

Default: false

Declared by:

List of zones we claim authority over. master=false means slave server; slaves means addresses who may request zone transfer.

Default: [ ]

Example: [ { file = "/var/dns/example.com"; master = false; masters = [ "192.168.0.1" ] ; name = "example.com"; slaves = [ ] ; } ]

Declared by:

Whether to run the BitlBee IRC to other chat network gateway. Running it allows you to access the MSN, Jabber, Yahoo! and ICQ chat networks via an IRC client.

Default: false

Declared by:

The interface the BitlBee deamon will be listening to. If `127.0.0.1', only clients on the local host can connect to it; if `0.0.0.0', clients can access it from any network interface.

Default: "127.0.0.1"

Declared by:

Number of the port BitlBee will be listening to.

Default: 6667

Declared by:

The job output will be mailed to this email address.

Default: ""

Declared by:

A list of Cron jobs to be appended to the system-wide crontab. See the manual page for crontab for the expected format. If you want to get the results mailed you must setuid sendmail. See security.setuidOwners If neither /var/cron/cron.deny nor /var/cron/cron.allow exist only root will is allowed to have its own crontab file. The /var/cron/cron.deny file is created automatically for you. So every user can use a crontab.

Default: [ ]

Example: [ "* * * * * test ls -l / > /tmp/cronout 2>&1" "* * * * * eelco echo Hello World > /home/eelco/cronout" ]

Declared by:

Defined by:

Whether to start the D-Bus message bus daemon, which is required by many other system services and applications.

Default: true

Declared by:

Defined by:

Packages whose D-Bus configuration files should be included in the configuration of the D-Bus system-wide message bus. Specifically, every file in pkg/etc/dbus-1/system.d is included.

Default: [ ]

Declared by:

Defined by:

Domain name to synchronize.

Default: ""

Declared by:

Whether to synchronise your machine's IP address with a dynamic DNS provider (e.g. dyndns.org).

Default: false

Declared by:

Extra configuration. Contents will be added verbatim to the configuration file.

Default: ""

Declared by:

Password.

Default: ""

Declared by:

Protocol to use with dynamic DNS provider. (see also, http://sourceforge.net/apps/trac/ddclient/wiki/Protocols)

Default: "dyndns2"

Declared by:

Server

Default: "members.dyndns.org"

Declared by:

Username.

Default: ""

Declared by:

Default: "web, web=checkip.dyndns.com/, web-skip='IP Address'"

Declared by:

The path of the DHCP server configuration file. If no file is specified, a file is generated using the other options.

Default:

Declared by:

Whether to enable the DHCP server.

Default: false

Declared by:

Extra text to be appended to the DHCP server configuration file. Currently, you almost certainly need to specify something here, such as the options specifying the subnet mask, DNS servers, etc.

Default: ""

Example: "\n option subnet-mask 255.255.255.0;\n option broadcast-address 192.168.1.255;\n option routers 192.168.1.5;\n option domain-name-servers 130.161.158.4, 130.161.33.17, 130.161.180.1;\n option domain-name \"example.org\";\n subnet 192.168.1.0 netmask 255.255.255.0 {\n range 192.168.1.100 192.168.1.200;\n }\n "

Declared by:

The interfaces on which the DHCP server should listen.

Default: [ "eth0" ]

Declared by:

A list mapping ethernet addresses to IP addresses for the DHCP server.

Default: [ ]

Example: [ { ethernetAddress = "00:16:76:9a:32:1d"; hostName = "foo"; ipAddress = "192.168.1.10"; } { ethernetAddress = "00:19:d1:1d:c4:9a"; hostName = "bar"; ipAddress = "192.168.1.11"; } ]

Declared by:

Whether to enable Disnix

Default: false

Declared by:

Whether to enable the Dovecot POP3/IMAP server.

Default: false

Declared by:

Dovecot group name.

Default: "dovecot"

Declared by:

CA certificate used by the server certificate.

Default: ""

Declared by:

Server certificate

Default: ""

Declared by:

Server key.

Default: ""

Declared by:

Dovecot user name.

Default: "dovecot"

Declared by:

Location of the config directory of ejabberd

Default: "/var/ejabberd"

Declared by:

Whether to enable ejabberd server

Default: false

Declared by:

Configuration dump that should be loaded on the first startup

Default: [ ]

Example: [ ]

Declared by:

Location of the logfile directory of ejabberd

Default: "/var/log/ejabberd"

Declared by:

Location of the spooldir of ejabberd

Default: "/var/lib/ejabberd"

Declared by:

Virtualhosts that ejabberd should host. Hostnames are surrounded with doublequotes and separated by commas

Default: "\"localhost\""

Declared by:

Users allowed to use fcrontab and fcrondyn (one name per line, "all" for everyone).

Default: [ ]

Declared by:

Users forbidden from using fcron.

Default: [ ]

Declared by:

Whether to enable the `fcron' daemon.

Default: false

Declared by:

Maximum number of serial jobs which can run simultaneously.

Default: 1

Declared by:

Number of jobs the serial queue and the lavg queue can contain - empty to net set this number (-q)

Default: ""

Declared by:

The "system" crontab contents.

Default: ""

Declared by:

List of GNUnet applications supported by the daemon. Note that `fs', which means "file sharing", is probably the one you want.

Default: [ "advertising" "getoption" "fs" "stats" "traffic" ]

Example: [ "chat" "fs" ]

Declared by:

When true, run in debug mode; gnunetd will not daemonize and error messages will be written to stderr instead of a logfile.

Default: false

Declared by:

Whether to run the GNUnet daemon. GNUnet is GNU's anonymous peer-to-peer communication and file sharing framework.

Default: false

Declared by:

Additional options that will be copied verbatim in `gnunetd.conf'. See `gnunetd.conf(5)' for details.

Default: ""

Example: "[NETWORK]\nINTERFACE = eth3\n"

Declared by:

Whether to allow active migration of content originating from other nodes.

Default: false

Declared by:

Maximum file system usage (in MiB) for file sharing.

Default: 1024

Declared by:

Directory where the GNUnet daemon will store its data.

Default: "/var/lib/gnunet"

Declared by:

URLs of host lists.

Default: [ "http://gnunet.org/hostlist.php" "http://gnunet.mine.nu:8081/hostlist" "http://vserver1236.vserver-on.de/hostlist-074" ]

Declared by:

Hard bandwidth limit (in bits per second) when uploading data.

Default: 0

Declared by:

List of network interfaces to use.

Default: [ "eth0" ]

Example: [ "wlan0" "eth1" ]

Declared by:

Maximum CPU load (percentage) authorized for the GNUnet daemon.

Default: 100

Declared by:

Maximum bandwidth usage (in bits per second) for GNUnet when downloading data.

Default: 50000

Declared by:

Maximum bandwidth usage (in bits per second) for GNUnet when downloading data.

Default: 50000

Declared by:

Log level of the deamon (see `gnunetd(1)' for details).

Default: "ERROR"

Example: "INFO"

Declared by:

The TCP port for use by GNUnet.

Default: 2086

Declared by:

List of transport methods used by the server.

Default: [ "udp" "tcp" "http" "nat" ]

Example: [ "smtp" "http" ]

Declared by:

The UDP port for use by GNUnet.

Default: 2086

Declared by:

Whether to enable GPM, the General Purpose Mouse daemon, which enables mouse support in virtual consoles.

Default: false

Declared by:

Mouse protocol to use.

Default: "ps/2"

Declared by:

The debugging level.

Default: 0

Declared by:

A device may be a local serial device for GPS input, or a URL of the form: [{dgpsip|ntrip}://][user:passwd@]host[:port][/stream] in which case it specifies an input source for DGPS or ntrip data.

Default: "/dev/ttyUSB0"

Declared by:

Whether to enable `gpsd', a GPS service daemon.

Default: false

Declared by:

The port where to listen for TCP connections.

Default: 2947

Declared by:

Whether to enable the broken-device-safety, otherwise known as read-only mode. Some popular bluetooth and USB receivers lock up or become totally inaccessible when probed or reconfigured. This switch prevents gpsd from writing to a receiver. This means that gpsd cannot configure the receiver for optimal performance, but it also means that gpsd cannot break the receiver. A better solution would be for Bluetooth to not be so fragile. A platform independent method to identify serial-over-Bluetooth devices would also be nice.

Default: true

Declared by:

GVPE config file, if already present

Default:

Example: "/root/my-gvpe-conf"

Declared by:

GVPE config contents

Default:

Example: "tcp-port = 655\nudp-port = 655\nmtu = 1480\nifname = vpn0\n\nnode = alpha\nhostname = alpha.example.org\nconnect = always\nenable-udp = true\nenable-tcp = true\non alpha if-up = if-up-0\non alpha pid-file = /var/gvpe/gvpe.pid\n"

Declared by:

Additional commands to apply in ifup script

Default: ""

Declared by:

Whether to run gvpe

Default: false

Declared by:

IP address to assign to GVPE interface

Default:

Declared by:

GVPE node name

Default:

Declared by:

Condition to start GVPE

Default: "started network-interfaces"

Declared by:

Condition to stop GVPE

Default: "stopping network-interfaces"

Declared by:

IP subnet assigned to GVPE network

Default:

Example: "10.0.0.0/8"

Declared by:

Switch to false to create upstart-job and configuration, but not run it automatically

Default: true

Declared by:

Whether to enable Gateway6 client (IPv6 tunnel).

Default: false

Declared by:

Gateway6 manual ping period.

Default: "1000000"

Example: "2"

Declared by:

Gateway6 keep-alive period.

Default: "30"

Example: "2"

Declared by:

Your Gateway6 password, if any.

Default: ""

Declared by:

Used Gateway6 server.

Default: "anon.freenet6.net"

Example: "broker.freenet6.net"

Declared by:

Your Gateway6 login name, if any.

Default: ""

Declared by:

Whether to wait until tunnel broker returns ICMP echo.

Default: true

Example: false

Declared by:

Whether to start the HAL daemon.

Default: true

Declared by:

Defined by:

Packages containing additional HAL configuration data.

Default: [ ]

Declared by:

Defined by:

E-mail address of the server administrator.

Default: none

Example: "admin@example.org"

Declared by:

The path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root.

Default:

Example: "/data/webserver/docs"

Declared by:

Whether to enable the Apache httpd server.

Default: false

Declared by:

Whether to enable SSL (https) support.

Default: false

Declared by:

Whether to enable serving ~/public_html as /~username.

Default: false

Declared by:

These lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default.

Default: ""

Example: "<Directory /home>\n Options FollowSymlinks\n AllowOverride All\n</Directory>\n"

Declared by:

Defined by:

Specifies additional Apache modules. These can be specified as a string in the case of modules distributed with Apache, or as an attribute set specifying the name and path of the module.

Default: [ ]

Example: [ "proxy_connect" { name = "php5"; path = "/nix/store/kp93hvk0x6ld5f136l1ymnwyb3xwr2n7-php_configurable-5.2.11/modules/libphp5.so"; } ]

Declared by:

Extra subservices to enable in the webserver.

Default: [ ]

Declared by:

Defined by:

If set, all requests for this host are redirected permanently to the given URL.

Default: ""

Example: "http://newserver.example.org/"

Declared by:

Group under which httpd runs. The account is created automatically if it doesn't exist.

Default: "wwwrun"

Declared by:

Canonical hostname for the server.

Default: "localhost"

Declared by:

Directory for Apache's log files. It is created automatically.

Default: "/var/log/httpd"

Declared by:

Log format for Apache's log files. Possible values are: combined, common, referer, agent.

Default: "common"

Example: "combined"

Declared by:

If enabled, each virtual host gets its own access_log and error_log, namely suffixed by the hostName of the virtual host.

Default: false

Declared by:

Options appended to the PHP configuration file php.ini.

Default: ""

Example: "date.timezone = \"CET\"\n"

Declared by:

Defined by:

Port for the server. 0 means use the default port: 80 for http and 443 for https (i.e. when enableSSL is set).

Default: 0

Declared by:

This option provides a simple way to serve static directories.

Default: [ ]

Example: [ { dir = "/home/eelco/Dev/nix-homepage"; urlPath = "/nix"; } ]

Declared by:

This option provides a simple way to serve individual, static files.

Default: [ ]

Example: [ { dir = "/home/eelco/some-file.png"; urlPath = "/foo/bar.png"; } ]

Declared by:

Additional names of virtual hosts served by this virtual host configuration.

Default: [ ]

Example: [ "www.example.org" "www.example.org:8080" "example.org" ]

Declared by:

Path to server SSL certificate.

Default: ""

Example: "/var/host.cert"

Declared by:

Path to server SSL certificate key.

Default: ""

Example: "/var/host.key"

Declared by:

Directory for Apache's transient runtime state (such as PID files). It is created automatically. Note that the default, /var/run/httpd, is deleted at boot time.

Default: "/var/run/httpd"

Declared by:

User account under which httpd runs. The account is created automatically if it doesn't exist.

Default: "wwwrun"

Declared by:

Specification of the virtual hosts served by Apache. Each element should be an attribute set specifying the configuration of the virtual host. The available options are the non-global options permissible for the main host.

Default: [ ]

Example: [ { documentRoot = "/data/webroot-foo"; hostName = "foo"; } { documentRoot = "/data/webroot-bar"; hostName = "bar"; } ]

Declared by:

IRCD server administrator e-mail.

Default: "<bit-bucket@example.com>"

Example: "<name@domain.tld>"

Declared by:

IRCD server SSL certificate. There are some limitations - read manual.