Table of Contents
List of Examples
This manual describes NixOS, a Linux distribution based on the purely functional package management system Nix.
NixOS is rather bleeding edge, and this manual is
correspondingly sketchy and quite possibly out of date. It gives
basic information on how to get NixOS up and running, but since
NixOS is very much a work in progress, you are likely to encounter
problems here and there. Extensive familiarity with Linux is
recommended. If you encounter problems, please report them on the
nix-dev@lists.science.uu.nl
mailing list or on the
#nixos channel on Freenode..
Table of Contents
NixOS ISO images can be downloaded from the NixOS homepage. These can be burned onto a CD. It is also possible to copy them onto a USB stick and install NixOS from there. For details, see the NixOS Wiki.
Boot from the CD.
The CD contains a basic NixOS installation. (It also contains Memtest86+, useful if you want to test new hardware.) When it’s finished booting, it should have detected most of your hardware and brought up networking (check ifconfig). Networking is necessary for the installer, since it will download lots of stuff (such as source tarballs or Nixpkgs channel binaries). It’s best if you have a DHCP server on your network. Otherwise configure networking manually using ifconfig.
The NixOS manual is available on virtual console 8 (press Alt+F8 to access).
Login as
root, empty password.If you downloaded the graphical ISO image, you can run start display-manager to start KDE.
The NixOS installer doesn’t do any partitioning or formatting yet, so you need to that yourself. Use the following commands:
For partitioning: fdisk.
For initialising Ext4 partitions: mkfs.ext4. It is recommended that you assign a unique symbolic label to the file system using the option
-L. This will make the file system configuration independent from device changes.labelFor creating swap partitions: mkswap. Again it’s recommended to assign a label to the swap partition:
-L.labelFor creating LVM volumes, the LVM commands, e.g.,
$ pvcreate /dev/sda1 /dev/sdb1 $ vgcreate MyVolGroup /dev/sda1 /dev/sdb1 $ lvcreate --size 2G --name bigdisk MyVolGroup $ lvcreate --size 1G --name smalldisk MyVolGroup
For creating software RAID devices, use mdadm.
Mount the target file system on which NixOS should be installed on
/mnt.You now need to create a file
/mnt/etc/nixos/configuration.nixthat specifies the intended configuration of the system. This is because NixOS has a declarative configuration model: you create or edit a description of the configuration that you want to be built and activated, and then NixOS takes care of realising that configuration. The command nixos-option can generate an initial configuration file for you:$ nixos-option --install
It tries to figure out the kernel modules necessary for mounting the root device, as well as various other hardware characteristics. However, it doesn’t try to figure out the
fileSystemsoption yet.You should edit
/mnt/etc/nixos/configuration.nixto suit your needs. The text editors nano and vim are available.You need to specify a root file system in
fileSystemsand the target device for the Grub boot loader inboot.loader.grub.device. See Chapter 6, List of Options for a list of the available configuration options.Note
It is very important that you specify in the option
boot.initrd.kernelModulesall kernel modules that are necessary for mounting the root file system, otherwise the installed system will not be able to boot. (If this happens, boot from the CD again, mount the target file system on/mnt, fix/mnt/etc/nixos/configuration.nixand rerunnixos-install.) In most cases, nixos-option --install will figure out the required modules.Examples of real-world NixOS configuration files can be found at https://nixos.org/repos/nix/configurations/trunk/.
If your machine has a limited amount of memory, you may want to activate swap devices now (swapon
device). The installer (or rather, the build actions that it may spawn) may need quite a bit of RAM, depending on your configuration.Do the installation:
$ nixos-install
Cross fingers.
If everything went well:
$ reboot
You should now be able to boot into the installed NixOS. The Grub boot menu shows a list of available configurations (initially just one). Every time you change the NixOS configuration (see Section 1.3, “Changing the configuration”), a new item appears in the menu. This allows you to easily roll back to another configuration if something goes wrong.
You should log in and change the
rootpassword with passwd.You’ll probably want to create some user accounts as well, which can be done with useradd:
$ useradd -c 'Eelco Dolstra' -m eelco $ passwd eelco
You may also want to install some software. For instance,
$ nix-env -qa \*
shows what packages are available, and
$ nix-env -i w3m
install the
w3mbrowser.
Example 1.1, “Commands for installing NixOS on /dev/sda” shows a typical sequence
of commands for installing NixOS on an empty hard drive (here
/dev/sda). Example 1.2, “NixOS configuration” shows a
corresponding configuration Nix expression.
Example 1.1. Commands for installing NixOS on /dev/sda
$ fdisk /dev/sda (or whatever device you want to install on) $ mkfs.ext4 -L nixos /dev/sda1 (idem) $ mkswap -L swap /dev/sda2 (idem) $ mount LABEL=nixos /mnt $ nixos-option --install $ nano /mnt/etc/nixos/configuration.nix (in particular, set the fileSystems and swapDevices options) $ nixos-install $ reboot
Example 1.2. NixOS configuration
{
boot.loader.grub.device = "/dev/sda";
fileSystems."/".device = "/dev/disk/by-label/nixos";
swapDevices =
[ { device = "/dev/disk/by-label/swap"; } ];
services.sshd.enable = true;
}The file /etc/nixos/configuration.nix
contains the current configuration of your machine. Whenever you’ve
changed something to that file, you should do
$ nixos-rebuild switch
to build the new configuration, make it the default configuration for booting, and try to realise the configuration in the running system (e.g., by restarting system services).
You can also do
$ nixos-rebuild test
to build the configuration and switch the running system to it, but without making it the boot default. So if (say) the configuration locks up your machine, you can just reboot to get back to a working configuration.
There is also
$ nixos-rebuild boot
to build the configuration and make it the boot default, but not switch to it now (so it will only take effect after the next reboot).
Finally, you can do
$ nixos-rebuild build
to build the configuration but nothing more. This is useful to see whether everything compiles cleanly.
If you have a machine that supports hardware virtualisation, you can also test the new configuration in a sandbox by building and running a virtual machine that contains the desired configuration. Just do
$ nixos-rebuild build-vm $ ./result/bin/run-*-vm
The VM does not have use any data from your host system, so your existing user accounts and home directories will not be available.
The best way to keep your NixOS installation up to date is to
use the nixos-unstable channel. (A channel is a
Nix mechanism for distributing Nix expressions and associated
binaries.) The NixOS channel is updated automatically from NixOS’s
Subversion repository after running certain tests and building most
packages.
NixOS automatically subscribes you to the NixOS channel. If for some reason this is not the case, just do
$ nix-channel --add http://nixos.org/channels/nixos-unstable
You can then upgrade NixOS to the latest version in the channel by running
$ nix-channel --update nixos
and running the nixos-rebuild command as described in Section 1.3, “Changing the configuration”.
Table of Contents
This chapter describes how to configure various aspects of a
NixOS machine through the configuration file
/etc/nixos/configuration.nix. As described in
Section 1.3, “Changing the configuration”, changes to that file only take
effect after you run nixos-rebuild.
Secure shell (SSH) access to your machine can be enabled by setting:
services.openssh.enable = true;
By default, root logins using a password are disallowed. They can be
disabled entirely by setting
services.openssh.permitRootLogin to
"no".
You can declaratively specify authorised RSA/DSA public keys for a user as follows:
users.extraUsers.alice.openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3NzaC1kc3MAAACBAPIkGWVEt4..." ];
By default, NixOS uses DHCP (specifically, (dhcpcd)) to automatically configure network interfaces. However, you can configure an interface manually as follows:
networking.interfaces.eth0 = { ipAddress = "192.168.1.2"; prefixLength = 24; };
(The network prefix can also be specified using the option
subnetMask,
e.g. "255.255.255.0", but this is deprecated.)
Typically you’ll also want to set a default gateway and set of name
servers:
networking.defaultGateway = "192.168.1.1"; networking.nameservers = [ "8.8.8.8" ];
Note
Statically configured interfaces are set up by the systemd
service
interface-name-cfg.service.
The default gateway and name server configuration is performed by
network-setup.service.
The host name is set using networking.hostName:
networking.hostName = "cartman";
The default host name is nixos. Set it to the
empty string ("") to allow the DHCP server to
provide the host name.
IPv6 is enabled by default. Stateless address autoconfiguration is used to automatically assign IPv6 addresses to all interfaces. You can disable IPv6 support globally by setting:
networking.enableIPv6 = false;
NixOS has a simple stateful firewall that blocks incoming connections and other unexpected packets. The firewall applies to both IPv4 and IPv6 traffic. It can be enabled as follows:
networking.firewall.enable = true;
You can open specific TCP ports to the outside world:
networking.firewall.allowedTCPPorts = [ 80 443 ];
Note that TCP port 22 (ssh) is opened automatically if the SSH daemon
is enabled (services.openssh.enable = true). UDP
ports can be opened through
networking.firewall.allowedUDPPorts. Also of
interest is
networking.firewall.allowPing = true;
to allow the machine to respond to ping requests. (ICMPv6 pings are always allowed.)
You can use networking.localCommands to specify
shell commands to be run at the end of
network-setup.service. This is useful for doing
network configuration not covered by the existing NixOS modules. For
instance, to statically configure an IPv6 address:
networking.localCommands =
''
ip -6 addr add 2001:610:685:1::1/64 dev eth0
'';
Table of Contents
This chapter describes various aspects of managing a running NixOS system, such as how to use the systemd service manager.
In NixOS, all system services are started and monitored using
the systemd program. Systemd is the “init” process of the system
(i.e. PID 1), the parent of all other processes. It manages a set of
so-called “units”, which can be things like system services
(programs), but also mount points, swap files, devices, targets
(groups of units) and more. Units can have complex dependencies; for
instance, one unit can require that another unit must be succesfully
started before the first unit can be started. When the system boots,
it starts a unit named default.target; the
dependencies of this unit cause all system services to be started,
filesystems to be mounted, swap files to be activated, and so
on.
The command systemctl is the main way to interact with systemd. Without any arguments, it shows the status of active units:
$ systemctl
-.mount loaded active mounted /
swapfile.swap loaded active active /swapfile
sshd.service loaded active running SSH Daemon
graphical.target loaded active active Graphical Interface
...
You can ask for detailed status information about a unit, for instance, the PostgreSQL database service:
$ systemctl status postgresql.service
postgresql.service - PostgreSQL Server
Loaded: loaded (/nix/store/pn3q73mvh75gsrl8w7fdlfk3fq5qm5mw-unit/postgresql.service)
Active: active (running) since Mon, 2013-01-07 15:55:57 CET; 9h ago
Main PID: 2390 (postgres)
CGroup: name=systemd:/system/postgresql.service
├─2390 postgres
├─2418 postgres: writer process
├─2419 postgres: wal writer process
├─2420 postgres: autovacuum launcher process
├─2421 postgres: stats collector process
└─2498 postgres: zabbix zabbix [local] idle
Jan 07 15:55:55 hagbard postgres[2394]: [1-1] LOG: database system was shut down at 2013-01-07 15:55:05 CET
Jan 07 15:55:57 hagbard postgres[2390]: [1-1] LOG: database system is ready to accept connections
Jan 07 15:55:57 hagbard postgres[2420]: [1-1] LOG: autovacuum launcher started
Jan 07 15:55:57 hagbard systemd[1]: Started PostgreSQL Server.
Note that this shows the status of the unit (active and running), all the processes belonging to the service, as well as the most recent log messages from the service.
Units can be stopped, started or restarted:
$ systemctl stop postgresql.service $ systemctl start postgresql.service $ systemctl restart postgresql.service
These operations are synchronous: they wait until the service has finished starting or stopping (or has failed). Starting a unit will cause the dependencies of that unit to be started as well (if necessary).
The system can be shut down (and automatically powered off) by doing:
$ shutdown
This is equivalent to running systemctl poweroff. Likewise, reboot (a.k.a. systemctl reboot) will reboot the system.
The machine can be suspended to RAM (if supported) using systemctl suspend, and suspended to disk using systemctl hibernate.
These commands can be run by any user who is logged in locally, i.e. on a virtual console or in X11; otherwise, the user is asked for authentication.
Systemd keeps track of all users who are logged into the system (e.g. on a virtual console or remotely via SSH). The command loginctl allows quering and manipulating user sessions. For instance, to list all user sessions:
$ loginctl
SESSION UID USER SEAT
c1 500 eelco seat0
c3 0 root seat0
c4 500 alice
This shows that two users are logged in locally, while another is logged in remotely. (“Seats” are essentially the combinations of displays and input devices attached to the system; usually, there is only one seat.) To get information about a session:
$ loginctl session-status c3
c3 - root (0)
Since: Tue, 2013-01-08 01:17:56 CET; 4min 42s ago
Leader: 2536 (login)
Seat: seat0; vc3
TTY: /dev/tty3
Service: login; type tty; class user
State: online
CGroup: name=systemd:/user/root/c3
├─ 2536 /nix/store/10mn4xip9n7y9bxqwnsx7xwx2v2g34xn-shadow-4.1.5.1/bin/login --
├─10339 -bash
└─10355 w3m nixos.org
This shows that the user is logged in on virtual console 3. It also lists the processes belonging to this session. Since systemd keeps track of this, you can terminate a session in a way that ensures that all the session’s processes are gone:
$ loginctl terminate-session c3
To keep track of the processes in a running system, systemd uses control groups (cgroups). A control group is a set of processes used to allocate resources such as CPU, memory or I/O bandwidth. There can be multiple control group hierarchies, allowing each kind of resource to be managed independently.
The command systemd-cgls lists all control
groups in the systemd hierarchy, which is what
systemd uses to keep track of the processes belonging to each service
or user session:
$ systemd-cgls ├─user │ └─eelco │ └─c1 │ ├─ 2567 -:0 │ ├─ 2682 kdeinit4: kdeinit4 Running... │ ├─...│ └─10851 sh -c less -R └─system ├─httpd.service │ ├─2444 httpd -f /nix/store/3pyacby5cpr55a03qwbnndizpciwq161-httpd.conf -DNO_DETACH │ └─...├─dhcpcd.service │ └─2376 dhcpcd --config /nix/store/f8dif8dsi2yaa70n03xir8r653776ka6-dhcpcd.conf └─...
Similarly, systemd-cgls cpu shows the cgroups in
the CPU hierarchy, which allows per-cgroup CPU scheduling priorities.
By default, every systemd service gets its own CPU cgroup, while all
user sessions are in the top-level CPU cgroup. This ensures, for
instance, that a thousand run-away processes in the
httpd.service cgroup cannot starve the CPU for one
process in the postgresql.service cgroup. (By
contrast, it they were in the same cgroup, then the PostgreSQL process
would get 1/1001 of the cgroup’s CPU time.) You can limit a service’s
CPU share in configuration.nix:
systemd.services.httpd.serviceConfig.CPUShares = 512;
By default, every cgroup has 1024 CPU shares, so this will halve the
CPU allocation of the httpd.service cgroup.
There also is a memory hierarchy that
controls memory allocation limits; by default, all processes are in
the top-level cgroup, so any service or session can exhaust all
available memory. Per-cgroup memory limits can be specified in
configuration.nix; for instance, to limit
httpd.service to 512 MiB of RAM (excluding swap)
and 640 MiB of RAM (including swap):
systemd.services.httpd.serviceConfig.MemoryLimit = "512M"; systemd.services.httpd.serviceConfig.ControlGroupAttribute = [ "memory.memsw.limit_in_bytes 640M" ];
The command systemd-cgtop shows a continuously updated list of all cgroups with their CPU and memory usage.
System-wide logging is provided by systemd’s
journal, which subsumes traditional logging
daemons such as syslogd and klogd. Log entries are kept in binary
files in /var/log/journal/. The command
journalctl allows you to see the contents of the
journal. For example,
$ journalctl -b
shows all journal entries since the last reboot. (The output of journalctl is piped into less by default.) You can use various options and match operators to restrict output to messages of interest. For instance, to get all messages from PostgreSQL:
$ journalctl -u postgresql.service -- Logs begin at Mon, 2013-01-07 13:28:01 CET, end at Tue, 2013-01-08 01:09:57 CET. -- ... Jan 07 15:44:14 hagbard postgres[2681]: [2-1] LOG: database system is shut down -- Reboot -- Jan 07 15:45:10 hagbard postgres[2532]: [1-1] LOG: database system was shut down at 2013-01-07 15:44:14 CET Jan 07 15:45:13 hagbard postgres[2500]: [1-1] LOG: database system is ready to accept connections
Or to get all messages since the last reboot that have at least a “critical” severity level:
$ journalctl -b -p crit Dec 17 21:08:06 mandark sudo[3673]: pam_unix(sudo:auth): auth could not identify password for [alice] Dec 29 01:30:22 mandark kernel[6131]: [1053513.909444] CPU6: Core temperature above threshold, cpu clock throttled (total events = 1)
Table of Contents
If NixOS fails to boot, there are a number of kernel command
line parameters that may help you to identify or fix the issue. You
can add these parameters in the GRUB boot menu by pressing “e” to
modify the selected boot entry and editing the line starting with
linux. The following are some useful kernel command
line parameters that are recognised by the NixOS boot scripts or by
systemd:
boot.shell_on_failStart a root shell if something goes wrong in stage 1 of the boot process (the initial ramdisk). This is disabled by default because there is no authentication for the root shell.
boot.debug1Start an interactive shell in stage 1 before anything useful has been done. That is, no modules have been loaded and no file systems have been mounted, except for
/procand/sys.boot.tracePrint every shell command executed by the stage 1 and 2 boot scripts.
singleBoot into rescue mode (a.k.a. single user mode). This will cause systemd to start nothing but the unit
rescue.target, which runs sulogin to prompt for the root password and start a root login shell. Exiting the shell causes the system to continue with the normal boot process.systemd.log_level=debug systemd.log_target=consoleMake systemd very verbose and send log messages to the console instead of the journal.
For more parameters recognised by systemd, see systemd(1).
If no login prompts or X11 login screens appear (e.g. due to hanging dependencies), you can press Alt+ArrowUp. If you’re lucky, this will start rescue mode (described above). (Also note that since most units have a 90-second timeout before systemd gives up on them, the agetty login prompts should appear eventually unless something is very wrong.)
Table of Contents
This chapter has some random notes on hacking on NixOS.
By default, NixOS’s nixos-rebuild command
uses the NixOS and Nixpkgs sources provided by the
nixos-unstable channel (kept in
/nix/var/nix/profiles/per-user/root/channels/nixos).
To modify NixOS, however, you should check out the latest sources from
Subversion. This is done using the following command:
$ nixos-checkout /my/sources
This will check out the latest NixOS sources to
/my/sources/nixos/my/sources/nixpkgs-I flag:
$ nixos-rebuild switch -I /my/sources
NixOS is based on a modular system for declarative configuration.
This system combines multiple modules to produce one
configuration. One of the module which compose your computer
configuration is /etc/nixos/configuration.nix. Other
modules are available under NixOS modules
directory
A module is a file which handles one specific part of the configuration. This part of the configuration could correspond to an hardware, a service, network settings, or preferences. A module configuration does not have to handle everything from scratch, it can base its configuration on other configurations provided by other modules. Thus a module can define options to setup its configuration, and it can also declare options to be fed by other modules.
A module is a file which contains a Nix expression. This expression should be either an expression which gets evaluated into an attribute set or a function which returns an attribute set.
When the expression is a function, it should expect only one argument
which is an attribute set containing an attribute
named config and another attribute
named pkgs. The config attribute
contains the result of the merge of all modules. This attribute is
evaluated lazily, such as any Nix expression. For more details on how
options are merged, see the details in Section 5.2, “Extending NixOS”.
The pkgs attribute
contains nixpkgs attribute set of packages. This
attribute is necessary for declaring options.
{
imports =
[ 
];
options = {
};
config = {
};
}Example 5.1, “Usual module content” Illustrates a module skeleton.
| This line makes the current Nix expression a function. This
line can be omitted if there is no reference to |
| This list is used to enumerate path to other modules which are
declaring options used by the current module. In NixOS, default modules
are listed in the file |
| This attribute set contains an attribute set of option declaration. |
| This attribute set contains an attribute set of option
definitions. If the module does not have any imported
modules or any option declarations, then this attribute set can be used
in place of its parent attribute set. This is a common case for simple
modules such
as |
A module defines a configuration which would be interpreted by other modules. To define a configuration, a module needs to provide option definitions. An option definition is a simple attribute assignment.
Option definitions are made in a declarative manner. Without properties, options will always be defined with the same value. To introduce more flexibility in the system, option definitions are guarded by properties.
Properties are means to introduce conditional values inside option
definitions. This conditional values can be distinguished in two
categories. The condition which are local to the current configuration
and conditions which are dependent on others configurations. Local
properties are mkIf
and mkAssert. Global properties
are mkOverride, mkDefault
and mkOrder.
mkIf is used to remove the option definitions which
are below it if the condition is evaluated to
false. mkAssert expects the condition to be evaluated
to true otherwise it raises an error message.
mkOverride is used to mask previous definitions if
the current value has a lower mask number. The mask value is 100 (default)
for any option definition which does not use this property.
Thus, mkDefault is just a short-cut with a higher mask
(1000) than the default mask value. This means that a module can set an
option definition as a preference, and still let another module defining
it with a different value without using any property.
mkOrder is used to sort definitions based on the
rank number. The rank number will sort all options definitions before
giving the sorted list of option definition to the merge function defined
in the option declaration. A lower rank will move the definition to the
beginning and a higher rank will move the option toward the end. The
default rank is 100.
A module may declare options which are used by
other module to change the configuration provided by the current module.
Changes to the option definitions are made with properties which are using
values extracted from the result of the merge of all modules
(the config argument).
The config argument reproduce the same hierarchy of
all options declared in all modules. For each option, the result of the
option is available, it is either the default value or the merge of all
definitions of the option.
Options are declared with the
function pkgs.lib.mkOption. This function expects an
attribute set which at least provides a description. A default value, an
example, a type, a merge function and a post-process function can be
added.
Types are used to provide a merge strategy for options and to ensure
the type of each option definitions. They are defined
in pkgs.lib.types.
The merge function expects a list of option definitions and merge them to obtain one result of the same type.
The post-process function (named apply) takes the
result of the merge or of the default value, and produce an output which
could have a different type than the type expected by the option.
Example 5.2. Locate Module Example
{ config, pkgs, ... }:
with pkgs.lib;
let
cfg = config.services.locate;
locatedb = "/var/cache/locatedb";
logfile = "/var/log/updatedb";
cmd =''root updatedb --localuser=nobody --output=${locatedb} > ${logfile}'';
in
{
imports = [ /etc/nixos/nixos/modules/services/scheduling/cron.nix ];
options = {
services.locate = {
enable = mkOption {
default = false;
example = true;
type = with types; bool;
description = ''
If enabled, NixOS will periodically update the database of
files used by the locate command.
'';
};
period = mkOption {
default = "15 02 * * *";
type = with types; uniq string;
description = ''
This option defines (in the format used by cron) when the
locate database is updated.
The default is to update at 02:15 (at night) every day.
'';
};
};
};
config = mkIf cfg.enable {
services.cron = {
enable = true;
systemCronJobs = "${cfg.period} root ${cmd}";
};
};
}Example 5.2, “Locate Module Example” illustrates a module which handles the regular update of the database which index all files on the file system. This modules has option definitions to rely on the cron service to run the command at predefined dates. In addition, this modules provides option declarations to enable the indexing and to use different period of time to run the indexing. Properties are used to prevent ambiguous definitions of option (enable locate service and disable cron services) and to ensure that no options would be defined if the locate service is not enabled.
$ nix-build /etc/nixos/nixos -A attr
where attr is an attribute in
/etc/nixos/nixos/default.nix. Attributes of interest include:
configThe computer configuration generated from the
NIXOS_CONFIGenvironment variable (default is/etc/nixos/configuration.nix) with the NixOS default set of modules.systemThe derivation which build your computer system. It is built by the command nixos-rebuild build
vmThe derivation which build your computer system inside a virtual machine. It is built by the command nixos-rebuild build-vm
Most parts of NixOS can be build through the config
attribute set. This attribute set allows you to have a view of the merged
option definitions and all its derivations. Important derivations are store
inside the option system.build and can be listed with the
command nix-instantiate --xml --eval-only /etc/nixos/nixos -A
config.system.build
Building a NixOS CD is as easy as configuring your own computer. The
idea is to use another module which will replace
your configuration.nix to configure the system that
would be install on the CD.
Default CD/DVD configurations are available
inside nixos/modules/installer/cd-dvd. To build them
you have to set NIXOS_CONFIG before
running nix-build to build the ISO.
$ export NIXOS_CONFIG=/etc/nixos/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix $ nix-build /etc/nixos/nixos -A config.system.build.isoImage
Before burning your CD/DVD, you can check the content of the image by mounting anywhere like suggested by the following command:
$ mount -o loop -t iso9660 ./result/iso/cd.iso /mnt/iso
Building, burning, and booting from an installation CD is rather tedious, so here is a quick way to see if the installer works properly:
$ export NIXOS_CONFIG=/etc/nixos/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix $ nix-build /etc/nixos/nixos -A config.system.build.nixosInstall $ dd if=/dev/zero of=diskimage seek=2G count=0 bs=1 $ yes | mke2fs -j diskimage $ mount -o loop diskimage /mnt $ ./result/bin/nixos-install
A quick way to test whether the kernel and the initial ramdisk
boot correctly is to use QEMU’s -kernel and
-initrd options:
$ nix-build /etc/nixos/nixos -A config.system.build.initialRamdisk -o initrd $ nix-build /etc/nixos/nixos -A config.system.build.kernel -o kernel $ qemu-system-x86_64 -kernel ./kernel/bzImage -initrd ./initrd/initrd -hda /dev/null
Complete NixOS GNU/Linux systems can be tested in virtual machines (VMs). This makes it possible to test a system upgrade or configuration change before rebooting into it, using the nixos-rebuild build-vm or nixos-rebuild build-vm-with-bootloader command.
The tests/ directory in the NixOS source tree
contains several whole-system unit tests.
These tests can be run[1] from the NixOS
source tree as follows:
$ nix-build tests/ -A nfs.test
This performs an automated test of the NFS client and server
functionality in the Linux kernel, including file locking
semantics (e.g., whether locks are maintained across server
crashes). It will first build or download all the dependencies of
the test (e.g., all packages needed to run a NixOS VM). The test
is defined in
tests/nfs.nix. If the test succeeds,
nix-build will place a symlink
./result in the current directory pointing at
the location in the Nix store of the test results (e.g.,
screenshots, test reports, and so on). In particular, a
pretty-printed log of the test is written to
log.html, which can be viewed using a web
browser like this:
$ icecat result/log.html
It is also possible to run the test environment interactively, allowing you to experiment with the VMs. For example:
$ nix-build tests/ -A nfs.driver $ ./result/bin/nixos-run-vms
The script nixos-run-vms starts the three
virtual machines defined in the NFS test using QEMU/KVM. The root
file system of the VMs is created on the fly and kept across VM
restarts in
./hostname.qcow2.
Finally, the test itself can be run interactively. This is particularly useful when developing or debugging a test:
$ nix-build tests/ -A nfs.driver $ ./result/bin/nixos-test-driver starting VDE switch for network 1 >
Perl statements can now be typed in to start or manipulate the VMs:
> startAll;
(the VMs start booting)
> $server->waitForJob("nfs-kernel-nfsd");
> $client1->succeed("flock -x /data/lock -c 'sleep 100000' &");
> $client2->fail("flock -n -s /data/lock true");
> $client1->shutdown;
(this releases client1's lock)
> $client2->succeed("flock -n -s /data/lock true");
The function testScript executes the entire test script and drops you back into the test driver command line upon its completion. This allows you to inspect the state of the VMs after the test (e.g. to debug the test script).
This and other tests are continuously run on the
Hydra instance at nixos.org, which
allows developers to be notified of any regressions introduced by
a NixOS or Nixpkgs change.
The actual Nix programming interface to VM testing is in NixOS,
under
lib/testing.nix. This file defines a
function which takes an attribute set containing a
nixpkgs attribute (the path to a Nixpkgs
checkout), and a system attribute (the system
type). It returns an attribute set containing several utility
functions, among which the main entry point is
makeTest.
The makeTest function takes a function similar to
that found in
tests/nfs.nix (discussed above). It
returns an attribute set containing (among others):
testA derivation containing the test log as an HTML file, as seen above, suitable for presentation in the Hydra continuous build system.
reportA derivation containing a code coverage report, with meta-data suitable for Hydra.
driverA derivation containing scripts to run the VM test or interact with the VM network interactively, as seen above.
[1] NixOS tests can be run both from NixOS and from a non-NixOS GNU/Linux distribution, provided the Nix package manager is installed.
assertionsThis option allows modules to express conditions that must hold for the evaluation of the system configuration to succeed, along with associated error messages for the user.
Default:
[ ]Example:
[ { assertion = false; message = "you can't enable this for that reason"; } ]Declared by:
<nixos/modules/misc/assertions.nix>boot.blacklistedKernelModulesList of names of kernel modules that should not be loaded automatically by the hardware probing code.
Default:
[ ]Example:
[ "cirrusfb" "i2c_piix4" ]Declared by:
<nixos/modules/system/boot/modprobe.nix>boot.bootMountObsolete name of
boot.loader.grub.bootDevice.Default: none
Declared by:
<nixos/modules/rename.nix>boot.cleanTmpDirDelete all files in /tmp/ during boot.
Default:
falseExample:
trueDeclared by:
<nixos/modules/system/boot/stage-2.nix>boot.copyKernelsObsolete name of
boot.loader.grub.copyKernels.Default: none
Declared by:
<nixos/modules/rename.nix>boot.crashDump.enableIf enabled, NixOS will set up a kernel that will boot on crash, and leave the user to a stage1 debug1devices interactive shell to be able to save the crashed kernel dump. It also activates the NMI watchdog.
Default:
falseExample:
trueDeclared by:
<nixos/modules/misc/crashdump.nix>boot.crashDump.kernelPackagesThis will override the boot.kernelPackages, and will add some kernel configuration parameters for the crash dump to work.
Default:
"pkgs.linuxPackages"Example:
"pkgs.linuxPackages_2_6_25"Declared by:
<nixos/modules/misc/crashdump.nix>boot.crashDump.kernelParamsParameters that will be passed to the kernel kexec-ed on crash.
Default:
[ "debug1devices" ]Declared by:
<nixos/modules/misc/crashdump.nix>boot.devShmSizeSize limit for the /dev/shm tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.
Default:
"50%"Example:
"256m"Declared by:
<nixos/modules/system/boot/stage-2.nix>boot.devSizeSize limit for the /dev tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.
Default:
"5%"Example:
"32m"Declared by:
<nixos/modules/system/boot/stage-2.nix>boot.extraGrubEntriesObsolete name of
boot.loader.grub.extraEntries.Default: none
Declared by:
<nixos/modules/rename.nix>boot.extraGrubEntriesBeforeNixosObsolete name of
boot.loader.grub.extraEntriesBeforeNixOS.Default: none
Declared by:
<nixos/modules/rename.nix>boot.extraKernelParamsAdditional user-defined kernel parameters.
Default:
[ ]Example:
[ "boot.trace" ]Declared by:
<nixos/modules/system/boot/kernel.nix>boot.extraModprobeConfigAny additional configuration to be appended to the generated
modprobe.conf. This is typically used to specify module options. See modprobe.conf(5) for details.Default:
""Example:
"options parport_pc io=0x378 irq=7 dma=1\n"Declared by:
<nixos/modules/system/boot/modprobe.nix>boot.extraModulePackagesA list of additional packages supplying kernel modules.
Default:
[ ]Declared by:
<nixos/modules/system/boot/kernel.nix>boot.extraTTYsTty (virtual console) devices, in addition to the consoles on which mingetty and syslogd run, that must be initialised. Only useful if you have some program that you want to run on some fixed console. For example, the NixOS installation CD opens the manual in a web browser on console 7, so it sets
boot.extraTTYsto["tty7"].Default:
[ ]Example:
[ "tty8" "tty9" ]Declared by:
<nixos/modules/tasks/kbd.nix>boot.grubDeviceObsolete name of
boot.loader.grub.device.Default: none
Declared by:
<nixos/modules/rename.nix>boot.grubSplashImageObsolete name of
boot.loader.grub.splashImage.Default: none
Declared by:
<nixos/modules/rename.nix>boot.hardwareScanWhether to try to load kernel modules for all detected hardware. Usually this does a good job of providing you with the modules you need, but sometimes it can crash the system or cause other nasty effects.
Default:
trueDeclared by:
<nixos/modules/services/hardware/udev.nix>boot.initrd.availableKernelModulesThe set of kernel modules in the initial ramdisk used during the boot process. This set must include all modules necessary for mounting the root device. That is, it should include modules for the physical device (e.g., SCSI drivers) and for the file system (e.g., ext3). The set specified here is automatically closed under the module dependency relation, i.e., all dependencies of the modules list here are included automatically. The modules listed here are available in the initrd, but are only loaded on demand (e.g., the ext3 module is loaded automatically when an ext3 filesystem is mounted, and modules for PCI devices are loaded when they match the PCI ID of a device in your system). To force a module to be loaded, include it in
boot.initrd.kernelModules.Default:
[ ]Example:
[ "sata_nv" "ext3" ]Declared by:
<nixos/modules/system/boot/kernel.nix>boot.initrd.checkJournalingFSWhether to run fsck on journaling filesystems such as ext3.
Default:
trueDeclared by:
<nixos/modules/system/boot/stage-1.nix>boot.initrd.compressorThe compressor to use on the initrd
Default:
"gzip -9"Example:
"xz"Declared by:
<nixos/modules/system/boot/stage-1.nix>boot.initrd.enableSplashScreenWhether to show a nice splash screen while booting.
Default:
trueDeclared by:
<nixos/modules/system/boot/stage-1.nix>boot.initrd.extraKernelModulesObsolete name of
boot.initrd.kernelModules.Default: none
Declared by:
<nixos/modules/rename.nix>boot.initrd.extraUtilsCommandsShell commands to be executed in the builder of the extra-utils derivation. This can be used to provide additional utilities in the initial ramdisk.
Default:
""Declared by:
<nixos/modules/system/boot/stage-1.nix>boot.initrd.extraUtilsCommandsTestShell commands to be executed in the builder of the extra-utils derivation after patchelf has done its job. This can be used to test additional utilities copied in extraUtilsCommands.
Default:
""Declared by:
<nixos/modules/system/boot/stage-1.nix>boot.initrd.kernelModulesList of modules that are always loaded by the initrd.
Default:
[ ]Declared by:
<nixos/modules/system/boot/kernel.nix><nixos/modules/rename.nix>boot.initrd.luks.cryptoModulesA list of cryptographic kernel modules needed to decrypt the root device(s). The default includes all common modules.
Default:
[ "aes" "aes_generic" "aes_x86_64" "aes_i586" "blowfish" "twofish" "serpent" "cbc" "xts" "lrw" "sha256" "sha1" "sha2" ]Declared by:
<nixos/modules/system/boot/luksroot.nix>boot.initrd.luks.devicesThe list of devices that should be decrypted using LUKS before trying to mount the root partition. This works for both LVM-over-LUKS and LUKS-over-LVM setups. The devices are decrypted to the device mapper names defined. Make sure that initrd has the crypto modules needed for decryption.
Default:
[ ]Example:
[ { device = "/dev/sda3"; name = "luksroot"; preLVM = true; } ]Declared by:
<nixos/modules/system/boot/luksroot.nix>boot.initrd.luks.devices.*.allowDiscardsWhether to allow TRIM requests to the underlying device. This option has security implications, please read the LUKS documentation before activating in.
Default:
falseDeclared by:
<nixos/modules/system/boot/luksroot.nix>boot.initrd.luks.devices.*.devicePath of the underlying block device.
Default: none
Example:
"/dev/sda2"Declared by:
<nixos/modules/system/boot/luksroot.nix>boot.initrd.luks.devices.*.keyFileThe name of the file (can be a raw device or a partition) that should be used as the decryption key for the encrypted device. If not specified, you will be prompted for a passphrase instead.
Default:
Example:
"/dev/sdb1"Declared by:
<nixos/modules/system/boot/luksroot.nix>boot.initrd.luks.devices.*.keyFileSizeThe size of the key file. Use this if only the beginning of the key file should be used as a key (often the case if a raw device or partition is used as key file). If not specified, the whole
keyFilewill be used decryption, instead of just the firstkeyFileSizebytes.Default:
Example:
4096Declared by:
<nixos/modules/system/boot/luksroot.nix>boot.initrd.luks.devices.*.nameNamed to be used for the generated device in /dev/mapper.
Default: none
Example:
"luksroot"Declared by:
<nixos/modules/system/boot/luksroot.nix>boot.initrd.luks.devices.*.preLVMWhether the luksOpen will be attempted before LVM scan or after it.
Default:
trueDeclared by:
<nixos/modules/system/boot/luksroot.nix>boot.initrd.luks.enableObsolete.
Default:
falseDeclared by:
<nixos/modules/system/boot/luksroot.nix>boot.initrd.luks.mitigateDMAAttacksUnless enabled, encryption keys can be easily recovered by an attacker with physical access to any machine with PCMCIA, ExpressCard, ThunderBolt or FireWire port. More information: http://en.wikipedia.org/wiki/DMA_attack This option blacklists FireWire drivers, but doesn't remove them. You can manually load the drivers if you need to use a FireWire device, but don't forget to unload them!
Default:
trueDeclared by:
<nixos/modules/system/boot/luksroot.nix>boot.initrd.mdadmConfContents of /etc/mdadm.conf at initrd.
Default:
""Declared by:
<nixos/modules/system/boot/stage-1.nix>boot.initrd.postDeviceCommandsShell commands to be executed immediately after stage 1 of the boot has loaded kernel modules and created device nodes in /dev.
Default:
""Declared by:
<nixos/modules/system/boot/stage-1.nix>boot.initrd.postMountCommandsShell commands to be executed immediately after the stage 1 filesystems have been mounted.
Default:
""Declared by:
<nixos/modules/system/boot/stage-1.nix>boot.initrd.preLVMCommandsShell commands to be executed immediately before lvm discovery.
Default:
""Declared by:
<nixos/modules/system/boot/stage-1.nix>boot.initrd.supportedFilesystemsNames of supported filesystem types in the initial ramdisk.
Default:
[ ]Example:
[ "btrfs" ]Declared by:
<nixos/modules/tasks/filesystems.nix>boot.kernel.sysctlRuntime parameters of the Linux kernel, as set by sysctl(8). Note that sysctl parameters names must be enclosed in quotes (e.g.
"vm.swappiness"instead ofvm.swappiness). The value of each parameter may be a string, integer or Boolean.Default:
{ }Example:
{ net.ipv4.tcp_syncookies = false; vm.swappiness = 60; }Declared by:
<nixos/modules/config/sysctl.nix>boot.kernelModulesThe set of kernel modules to be loaded in the second stage of the boot process. Note that modules that are needed to mount the root file system should be added to
boot.initrd.availableKernelModulesorboot.initrd.kernelModules.Default:
[ ]Declared by:
<nixos/modules/system/boot/kernel.nix>boot.kernelPackagesThis option allows you to override the Linux kernel used by NixOS. Since things like external kernel module packages are tied to the kernel you're using, it also overrides those. This option is a function that takes Nixpkgs as an argument (as a convenience), and returns an attribute set containing at the very least an attribute
kernel. Additional attributes may be needed depending on your configuration. For instance, if you use the NVIDIA X driver, then it also needs to contain an attributenvidia_x11.Default:
"pkgs.linuxPackages"Example:
"pkgs.linuxPackages_2_6_25"Declared by:
<nixos/modules/system/boot/kernel.nix>boot.kernelParamsThe kernel parameters. If you want to add additional parameters, it's best to set
boot.extraKernelParams.Default:
[ ]Declared by:
<nixos/modules/system/boot/kernel.nix>boot.loader.efi.canTouchEfiVariablesWhether or not the installation process should modify efi boot variables.
Default:
falseDeclared by:
<nixos/modules/system/boot/loader/efi.nix><nixos/modules/rename.nix>boot.loader.efi.efiSysMountPointWhere the EFI System Partition is mounted.
Default:
"/boot"Declared by:
<nixos/modules/system/boot/loader/efi.nix><nixos/modules/rename.nix>boot.loader.efi.efibootmgr.efiDiskThe disk that contains the EFI system partition.
Default:
"/dev/sda"Declared by:
<nixos/modules/system/boot/loader/efi.nix><nixos/modules/rename.nix>boot.loader.efi.efibootmgr.efiPartitionThe partition number of the EFI system partition.
Default:
"1"Declared by:
<nixos/modules/system/boot/loader/efi.nix><nixos/modules/rename.nix>boot.loader.efi.efibootmgr.enableObsolete name of
boot.loader.efi.canTouchEfiVariables.Default: none
Declared by:
<nixos/modules/rename.nix>boot.loader.efi.efibootmgr.postEfiBootMgrCommandsShell commands to be executed immediately after efibootmgr has setup the system EFI. Some systems do not follow the EFI specifications properly and insert extra entries. Others will brick (fix by removing battery) on boot when it finds more than X entries. This hook allows for running a few extra efibootmgr commands to combat these issues.
Default:
""Declared by:
<nixos/modules/system/boot/loader/efi.nix><nixos/modules/rename.nix>boot.loader.efiBootStub.efiDiskObsolete name of
boot.loader.efi.efibootmgr.efiDisk.Default: none
Declared by:
<nixos/modules/rename.nix>boot.loader.efiBootStub.efiPartitionObsolete name of
boot.loader.efi.efibootmgr.efiPartition.Default: none
Declared by:
<nixos/modules/rename.nix>boot.loader.efiBootStub.efiSysMountPointObsolete name of
boot.loader.efi.efiSysMountPoint.Default: none
Declared by:
<nixos/modules/rename.nix>boot.loader.efiBootStub.enableWhether to use the linux kernel as an EFI bootloader. When enabled, the kernel, initrd, and an EFI shell script to boot the system are copied to the EFI system partition.
Default:
falseDeclared by:
<nixos/modules/system/boot/loader/efi-boot-stub/efi-boot-stub.nix>boot.loader.efiBootStub.installShellWhether to install an EFI shell in \EFI\BOOT. This _should_ only be needed for removable devices (CDs, usb sticks, etc.), but it may be an option for broken systems where efibootmgr doesn't work. Particularly useful in conjunction with installStartupNsh
Default:
falseDeclared by:
<nixos/modules/system/boot/loader/efi-boot-stub/efi-boot-stub.nix>boot.loader.efiBootStub.installStartupNshWhether to install a startup.nsh in the root of the EFI system partition. For now, it will just boot the latest version when run, the eventual goal is to have a basic menu-type interface.
Default:
falseDeclared by:
<nixos/modules/system/boot/loader/efi-boot-stub/efi-boot-stub.nix>boot.loader.efiBootStub.postEfiBootMgrCommandsObsolete name of
boot.loader.efi.efibootmgr.postEfiBootMgrCommands.Default: none
Declared by:
<nixos/modules/rename.nix>boot.loader.efiBootStub.runEfibootmgrObsolete name of
boot.loader.efi.canTouchEfiVariables.Default: none
Declared by:
<nixos/modules/rename.nix>boot.loader.generationsDir.copyKernelsWhether copy the necessary boot files into /boot, so /nix/store is not needed by the boot loadear.
Default:
falseDeclared by:
<nixos/modules/system/boot/loader/generations-dir/generations-dir.nix>boot.loader.generationsDir.enableWhether to create symlinks to the system generations under
/boot. When enabled,/boot/default/kernel,/boot/default/initrd, etc., are updated to point to the current generation's kernel image, initial RAM disk, and other bootstrap files. This optional is not necessary with boot loaders such as GNU GRUB for which the menu is updated to point to the latest bootstrap files. However, it is needed for U-Boot on platforms where the boot command line is stored in flash memory rather than in a menu file.Default:
falseDeclared by:
<nixos/modules/system/boot/loader/generations-dir/generations-dir.nix>boot.loader.grub.bootDeviceObsolete.
Default:
""Declared by:
<nixos/modules/system/boot/loader/grub/grub.nix><nixos/modules/rename.nix>boot.loader.grub.configurationLimitMaximum of configurations in boot menu. GRUB has problems when there are too many entries.
Default:
100Example:
120Declared by:
<nixos/modules/system/boot/loader/grub/grub.nix>boot.loader.grub.configurationNameGRUB entry name instead of default.
Default:
""Example:
"Stable 2.6.21"Declared by:
<nixos/modules/system/boot/loader/grub/grub.nix>boot.loader.grub.copyKernelsWhether the GRUB menu builder should copy kernels and initial ramdisks to /boot. This is done automatically if /boot is on a different partition than /.
Default:
falseDeclared by:
<nixos/modules/system/boot/loader/grub/grub.nix><nixos/modules/rename.nix>boot.loader.grub.defaultIndex of the default menu item to be booted.
Default:
0Declared by:
<nixos/modules/system/boot/loader/grub/grub.nix>boot.loader.grub.deviceThe device on which the GRUB boot loader will be installed. The special value
nodevmeans that a GRUB boot menu will be generated, but GRUB itself will not actually be installed. To install GRUB on multiple devices, useboot.loader.grub.devices.Default:
""Example:
"/dev/hda"Declared by:
<nixos/modules/system/boot/loader/grub/grub.nix><nixos/modules/rename.nix>boot.loader.grub.devicesThe devices on which the boot loader, GRUB, will be installed. Can be used instead of
deviceto install grub into multiple devices (e.g., if as softraid arrays holding /boot).Default:
[ ]Example:
[ "/dev/hda" ]Declared by:
<nixos/modules/system/boot/loader/grub/grub.nix>boot.loader.grub.enableWhether to enable the GNU GRUB boot loader.
Default:
trueDeclared by:
<nixos/modules/system/boot/loader/grub/grub.nix>boot.loader.grub.extraConfigAdditional GRUB commands inserted in the configuration file just before the menu entries.
Default:
""Example:
"serial; terminal_output.serial"Declared by:
<nixos/modules/system/boot/loader/grub/grub.nix>boot.loader.grub.extraEntriesAny additional entries you want added to the GRUB boot menu.
Default:
""Example:
"# GRUB 1 example (not GRUB 2 compatible)\ntitle Windows\n chainloader (hd0,1)+1\n\n# GRUB 2 example\nmenuentry \"Windows7\" {\n title Windows7\n insmod ntfs\n set root='(hd1,1)'\n chainloader +1\n}\n"Declared by:
<nixos/modules/system/boot/loader/grub/grub.nix><nixos/modules/rename.nix>boot.loader.grub.extraEntriesBeforeNixOSWhether extraEntries are included before the default option.
Default:
falseDeclared by:
<nixos/modules/system/boot/loader/grub/grub.nix><nixos/modules/rename.nix>boot.loader.grub.extraPerEntryConfigAdditional GRUB commands inserted in the configuration file at the start of each NixOS menu entry.
Default:
""Example:
"root (hd0)"Declared by:
<nixos/modules/system/boot/loader/grub/grub.nix>boot.loader.grub.extraPrepareConfigAdditional bash commands to be run at the script that prepares the grub menu entries.
Default:
""Declared by:
<nixos/modules/system/boot/loader/grub/grub.nix>boot.loader.grub.memtest86Make Memtest86+, a memory testing program, available from the GRUB menu.
Default:
falseDeclared by:
<nixos/modules/system/boot/loader/grub/memtest.nix>boot.loader.grub.splashImageBackground image used for GRUB. It must be a 640x480, 14-colour image in XPM format, optionally compressed with gzip or bzip2. Set to
nullto run GRUB in text mode.Default:
(build of 36909-soft-tux.xpm.gz)Example:
Declared by:
<nixos/modules/system/boot/loader/grub/grub.nix><nixos/modules/rename.nix>boot.loader.grub.timeoutTimeout (in seconds) until GRUB boots the default menu item.
Default:
5Declared by:
<nixos/modules/system/boot/loader/grub/grub.nix>boot.loader.grub.versionThe version of GRUB to use:
1for GRUB Legacy (versions 0.9x), or2for GRUB 2.Default:
1Example:
2Declared by:
<nixos/modules/system/boot/loader/grub/grub.nix>boot.loader.gummiboot.enableWhether to enable the gummiboot UEFI boot manager
Default:
falseDeclared by:
<nixos/modules/system/boot/loader/gummiboot/gummiboot.nix>boot.loader.gummiboot.timeoutTimeout (in seconds) for how long to show the menu (null if none). Note that even with no timeout the menu can be forced if the space key is pressed during bootup
Default:
Example:
4Declared by:
<nixos/modules/system/boot/loader/gummiboot/gummiboot.nix>boot.loader.initScript.enableSome systems require a /sbin/init script which is started. Or having it makes starting NixOS easier. This applies to some kind of hosting services and user mode linux. Additionaly this script will create /boot/init-other-configurations-contents.txt containing contents of remaining configurations. You can copy paste them into /sbin/init manually running a recue system or such.
Default:
falseDeclared by:
<nixos/modules/system/boot/loader/init-script/init-script.nix>boot.loader.raspberryPi.enableWhether to create files with the system generations in
/boot./boot/oldwill hold files from old generations.Default:
falseDeclared by:
<nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>boot.postBootCommandsShell commands to be executed just before systemd is started.
Default:
""Example:
"rm -f /var/log/messages"Declared by:
<nixos/modules/system/boot/stage-2.nix>boot.resumeDeviceDevice for manual resume attempt during boot. Looks like major:minor. ls -l /dev/SWAP_PARTION shows them.
Default:
""Example:
"0:0"Declared by:
<nixos/modules/system/boot/stage-1.nix>boot.runSizeSize limit for the /run tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.
Default:
"25%"Example:
"256m"Declared by:
<nixos/modules/system/boot/stage-2.nix>boot.spl.hostidZFS uses a system's hostid to determine if a storage pool (zpool) is native to this system, and should thus be imported automatically. Unfortunately, this hostid can change under linux from boot to boot (by changing network adapaters, for instance). Specify a unique 32 bit hostid in hex here for zfs to prevent getting a random hostid between boots and having to manually import pools.
Default:
""Example:
"0xdeadbeef"Declared by:
<nixos/modules/tasks/filesystems/zfs.nix>boot.supportedFilesystemsNames of supported filesystem types.
Default:
[ ]Example:
[ "btrfs" ]Declared by:
<nixos/modules/tasks/filesystems.nix>boot.systemd.servicesObsolete name of
systemd.services.Default: none
Declared by:
<nixos/modules/rename.nix>boot.systemd.socketsObsolete name of
systemd.sockets.Default: none
Declared by:
<nixos/modules/rename.nix>boot.systemd.targetsObsolete name of
systemd.targets.Default: none
Declared by:
<nixos/modules/rename.nix>boot.vesaWhether to activate VESA video mode on boot.
Default:
falseExample:
falseDeclared by:
<nixos/modules/system/boot/kernel.nix>environment.binshSelect the shell executable that is linked system-wide to
/bin/sh. Please note that NixOS assumes all over the place that shell to be Bash, so override the default setting only if you know exactly what you're doing.Default:
"/nix/store/985xf0pfq0dnv64gz2nj9zqycakq399f-bash-4.2-p42/bin/sh"Example:
"${pkgs.dash}/bin/dash"Declared by:
<nixos/modules/programs/bash/bash.nix>environment.blcr.enableWheter to enable support for the BLCR checkpointing tool.
Default:
falseDeclared by:
<nixos/modules/programs/blcr.nix>environment.checkConfigurationOptionsWhether to check the validity of the entire configuration.
Default:
trueExample:
falseDeclared by:
<nixos/modules/misc/check-config.nix>environment.enableBashCompletionEnable Bash completion for all interactive shells.
Default:
falseDeclared by:
<nixos/modules/programs/bash/bash.nix>environment.etcSet of files that have to be linked in
/etc.Default:
{ }Example:
{ default/useradd = { text = "GROUP=100 ..."; } ; hosts = { mode = "0440"; source = "/nix/store/.../etc/dir/file.conf.example"; } ; }Declared by:
<nixos/modules/system/etc/etc.nix>environment.etc.<name?>.enableWhether this /etc file should be generated. This option allows specific /etc files to be disabled.
Default:
trueDeclared by:
<nixos/modules/system/etc/etc.nix>environment.etc.<name?>.modeIf set to something else than
symlink, the file is copied instead of symlinked, with the given file mode.Default:
"symlink"Example:
"0600"Declared by:
<nixos/modules/system/etc/etc.nix>environment.etc.<name?>.sourcePath of the source file.
Default: none
Declared by:
<nixos/modules/system/etc/etc.nix>environment.etc.<name?>.targetName of symlink (relative to
/etc). Defaults to the attribute name.Default: none
Declared by:
<nixos/modules/system/etc/etc.nix>environment.etc.<name?>.textText of the file.
Default:
Declared by:
<nixos/modules/system/etc/etc.nix>environment.extraPackagesObsolete name of
environment.systemPackages.Default: none
Declared by:
<nixos/modules/rename.nix>environment.interactiveShellInitShell script code called during interactive shell initialisation.
Default:
""Example:
"export PATH=/godi/bin/:$PATH"Declared by:
<nixos/modules/programs/bash/bash.nix>environment.kdePackagesThis option is obsolete. Please use
environment.systemPackagesinstead.Default:
[ ]Example:
"[ pkgs.kde4.kdesdk ]"Declared by:
<nixos/modules/services/x11/desktop-managers/kde4.nix><nixos/modules/rename.nix>environment.nixThis option specifies the Nix package instance to use throughout the system.
Default:
(build of nix-1.5.2)Declared by:
<nixos/modules/services/misc/nix-daemon.nix>environment.noXlibsSwitch off the options in the default configuration that require X libraries. Currently this includes: ssh X11 forwarding, dbus, fonts.enableCoreFonts, fonts.enableFontConfig
Default:
falseExample:
trueDeclared by:
<nixos/modules/config/no-x-libs.nix>environment.pathsToLinkLists directories to be symlinked in `/run/current-system/sw'.
Default:
[ ]Example:
[ "/" ]Declared by:
<nixos/modules/config/system-path.nix>environment.promptInitShell script code used to initialise the shell prompt.
Default:
"# Provide a nice prompt.\nPROMPT_COLOR=\"1;31m\"\nlet $UID && PROMPT_COLOR=\"1;32m\"\nPS1=\"\\n\\[\\033[$PROMPT_COLOR\\][\\u@\\h:\\w]\\\\$\\[\\033[0m\\] \"\nif test \"$TERM\" = \"xterm\"; then\n PS1=\"\\[\\033]2;\\h:\\u:\\w\\007\\]$PS1\"\nfi\n"Declared by:
<nixos/modules/programs/bash/bash.nix>environment.shellAliasesAn attribute set that maps aliases (the top level attribute names in this option) to command strings or directly to build outputs. The aliases are added to all users' shells.
Default:
{ }Example:
{ ll = "ls -lh"; }Declared by:
<nixos/modules/programs/shell.nix>environment.shellInitShell script code called during login shell initialisation.
Default:
""Example:
"export PATH=/godi/bin/:$PATH"Declared by:
<nixos/modules/programs/bash/bash.nix>environment.systemPackagesThe set of packages that appear in /run/current-system/sw. These packages are automatically available to all users, and are automatically updated every time you rebuild the system configuration. (The latter is the main difference with installing them in the default profile,
/nix/var/nix/profiles/default.Default:
[ ]Example:
"[ pkgs.icecat3 pkgs.thunderbird ]"Declared by:
<nixos/modules/rename.nix><nixos/modules/config/system-path.nix>environment.unixODBCDriversspecifies unix odbc drivers to be registered at /etc/odbcinst.ini. Maybe you also want to add pkgs.unixODBC to the system path to get a command line client t connnect to odbc databases.
Default:
[ ]Example:
"map (x : x.ini) (with pkgs.unixODBCDrivers; [ mysql psql psqlng ] )"Declared by:
<nixos/modules/config/unix-odbc-drivers.nix>environment.wvdial.dialerDefaultsContents of the "Dialer Defaults" section of
/etc/wvdial.conf.Default:
""Example:
"Init1 = AT+CGDCONT=1,\"IP\",\"internet.t-mobile\""Declared by:
<nixos/modules/programs/wvdial.nix>environment.wvdial.pppDefaultsDefault ppp settings for wvdial.
Default:
"noipdefault\nusepeerdns\ndefaultroute\npersist\nnoauth\n"Declared by:
<nixos/modules/programs/wvdial.nix>environment.x11PackagesList of packages added to the system when the X server is activated (
services.xserver.enable).Default:
[ ]Declared by:
<nixos/modules/services/x11/xserver.nix>fileSystemsThe file systems to be mounted. It must include an entry for the root directory (
mountPoint = \"/\"). Each entry in the list is an attribute set with the following fields:mountPoint,device,fsType(a file system type recognised by mount; defaults to\"auto\"), andoptions(the mount options passed to mount using the-oflag; defaults to\"defaults\"). Instead of specifyingdevice, you can also specify a volume label (label) for file systems that support it, such as ext2/ext3 (see mke2fs -L).Default: none
Example:
{ / = { device = "/dev/hda1"; } ; /bigdisk = { label = "bigdisk"; } ; /data = { device = "/dev/hda2"; fsType = "ext3"; options = "data=journal"; } ; }Declared by:
<nixos/modules/tasks/filesystems.nix><nixos/modules/system/boot/stage-1.nix>fileSystems.<name?>.autoFormatIf the device does not currently contain a filesystem (as determined by blkid, then automatically format it with the filesystem type specified in
fsType. Use with caution.Default:
falseDeclared by:
<nixos/modules/tasks/filesystems.nix>fileSystems.<name?>.deviceLocation of the device.
Default:
Example:
"/dev/sda"Declared by:
<nixos/modules/tasks/filesystems.nix>fileSystems.<name?>.fsTypeType of the file system.
Default:
"auto"Example:
"ext3"Declared by:
<nixos/modules/tasks/filesystems.nix>fileSystems.<name?>.labelLabel of the device (if any).
Default:
Example:
"root-partition"Declared by:
<nixos/modules/tasks/filesystems.nix>fileSystems.<name?>.mountPointLocation of the mounted the file system.
Default: none
Example:
"/mnt/usb"Declared by:
<nixos/modules/tasks/filesystems.nix>fileSystems.<name?>.neededForBootIf set, this file system will be mounted in the initial ramdisk. By default, this applies to the root file system and to the file system containing
/nix/store.Default:
falseDeclared by:
<nixos/modules/system/boot/stage-1.nix>fileSystems.<name?>.noCheckDisable running fsck on this filesystem.
Default:
falseDeclared by:
<nixos/modules/tasks/filesystems.nix>fileSystems.<name?>.optionsOptions used to mount the file system.
Default:
"defaults,relatime"Example:
"data=journal"Declared by:
<nixos/modules/tasks/filesystems.nix>fonts.enableCoreFontsWhether to include Microsoft's proprietary Core Fonts. These fonts are redistributable, but only verbatim, among other restrictions. See http://corefonts.sourceforge.net/eula.htm for details.
Default:
falseDeclared by:
<nixos/modules/config/fonts.nix>fonts.enableFontConfigIf enabled, a Fontconfig configuration file will be built pointing to a set of default fonts. If you don't care about running X11 applications or any other program that uses Fontconfig, you can turn this option off and prevent a dependency on all those fonts.
Default:
trueDeclared by:
<nixos/modules/config/fonts.nix>fonts.enableFontDirWhether to create a directory with links to all fonts in share - so user can configure vncserver script one time (I mean per-user vncserver, so global service is not a good solution).
Default:
falseDeclared by:
<nixos/modules/config/fonts.nix>fonts.enableGhostscriptFontsWhether to add the fonts provided by Ghostscript (such as various URW fonts and the ``Base-14'' Postscript fonts) to the list of system fonts, making them available to X11 applications.
Default:
falseDeclared by:
<nixos/modules/config/fonts.nix>fonts.extraFontsList of packages with additional fonts.
Default:
[ ]Example:
[(build of dejavu-fonts-2.33)]Declared by:
<nixos/modules/config/fonts.nix>fonts.fontsList of primary font paths.
Default:
[ "~/.fonts" "~/.nix-profile/lib/X11/fonts" "~/.nix-profile/share/fonts" "/nix/var/nix/profiles/default/lib/X11/fonts" "/nix/var/nix/profiles/default/share/fonts" ]Declared by:
<nixos/modules/config/fonts.nix>gnuWhen enable, GNU software is chosent by default whenever a there is a choice between GNU and non-GNU software (e.g., GNU lsh vs. OpenSSH).
Default:
falseDeclared by:
<nixos/modules/config/gnu.nix>hardware.bluetooth.enableWhether to enable support for Bluetooth.
Default:
falseDeclared by:
<nixos/modules/services/hardware/bluetooth.nix>hardware.cpu.amd.updateMicrocodeUpdate the CPU microcode for Amd processors.
Default:
falseDeclared by:
<nixos/modules/hardware/cpu/amd-microcode.nix>hardware.cpu.intel.updateMicrocodeUpdate the CPU microcode for Intel processors.
Default:
falseDeclared by:
<nixos/modules/hardware/cpu/intel-microcode.nix>hardware.enableAllFirmwareTurn on this option if you want to enable all the firmware shipped with Debian/Ubuntu.
Default:
falseDeclared by:
<nixos/modules/hardware/all-firmware.nix>hardware.firmwareList of directories containing firmware files. Such files will be loaded automatically if the kernel asks for them (i.e., when it has detected specific hardware that requires firmware to function). If more than one path contains a firmware file with the same name, the first path in the list takes precedence. Note that you must rebuild your system if you add files to any of these directories. For quick testing, put firmware files in /root/test-firmware and add that directory to the list. Note that you can also add firmware packages to this list as these are directories in the nix store.
Default:
[ ]Example:
[ "/root/my-firmware" ]Declared by:
<nixos/modules/services/hardware/udev.nix>hardware.nvidiaOptimus.disablecompletely disable the nvidia gfx chip (saves power / heat) and just use IGP
Default:
falseDeclared by:
<nixos/modules/services/hardware/nvidia-optimus.nix>hardware.pcmcia.configPath to the configuration file which map the memory, irq and ports used by the PCMCIA hardware.
Default:
Declared by:
<nixos/modules/hardware/pcmcia.nix>hardware.pcmcia.enableEnable this option to support PCMCIA card.
Default:
falseDeclared by:
<nixos/modules/hardware/pcmcia.nix>hardware.pcmcia.firmwareList of firmware used to handle specific PCMCIA card.
Default:
[ ]Declared by:
<nixos/modules/hardware/pcmcia.nix>hardware.pulseaudio.configFileThe path to the configuration the PulseAudio server should use. By default, the "default.pa" configuration from the PulseAudio distribution is used.
Default:
"/nix/store/54gjhgib22a09kmdmkyah6v9ly270fsq-pulseaudio-2.1/etc/pulse/default.pa"Declared by:
<nixos/modules/config/pulseaudio.nix>hardware.pulseaudio.enableWhether to enable the PulseAudio sound server.
Default:
falseDeclared by:
<nixos/modules/config/pulseaudio.nix>hardware.pulseaudio.packageThe PulseAudio derivation to use. This can be used to enable features (such as JACK support) that are not enabled in the default PulseAudio in Nixpkgs.
Default:
(build of pulseaudio-2.1)Example:
"pulseaudio.override { jackaudioSupport = true; }"Declared by:
<nixos/modules/config/pulseaudio.nix>hardware.pulseaudio.systemWideIf false, a PulseAudio server is launched automatically for each user that tries to use the sound system. The server runs with user priviliges. This is the recommended and most secure way to use PulseAudio. If true, one system-wide PulseAudio server is launched on boot, running as the user "pulse". Please read the PulseAudio documentation for more details.
Default:
falseDeclared by:
<nixos/modules/config/pulseaudio.nix>hardware.sane.enableEnable support for SANE scanners.
Default:
falseDeclared by:
<nixos/modules/services/hardware/sane.nix>hardware.sane.snapshotUse a development snapshot of SANE scanner drivers.
Default:
falseDeclared by:
<nixos/modules/services/hardware/sane.nix>i18n.consoleFontThe font used for the virtual consoles. Leave empty to use whatever the setfont program considers the default font.
Default:
"lat9w-16"Example:
"LatArCyrHeb-16"Declared by:
<nixos/modules/config/i18n.nix>i18n.consoleKeyMapThe keyboard mapping table for the virtual consoles.
Default:
"us"Example:
"fr"Declared by:
<nixos/modules/config/i18n.nix>i18n.defaultLocaleThe default locale. It determines the language for program messages, the format for dates and times, sort order, and so on. It also determines the character set, such as UTF-8.
Default:
"en_US.UTF-8"Example:
"nl_NL.UTF-8"Declared by:
<nixos/modules/config/i18n.nix>i18n.supportedLocalesList of locales that the system should support. The value
"all"means that all locales supported by Glibc will be installed. A full list of supported locales can be found at http://sourceware.org/cgi-bin/cvsweb.cgi/libc/localedata/SUPPORTED?cvsroot=glibc.Default:
[ "all" ]Example:
[ "en_US.UTF-8/UTF-8" "nl_NL.UTF-8/UTF-8" "nl_NL/ISO-8859-1" ]Declared by:
<nixos/modules/config/i18n.nix>ids.gidsThe group IDs used in NixOS.
Default: none
Declared by:
<nixos/modules/misc/ids.nix>ids.uidsThe user IDs used in NixOS.
Default: none
Declared by:
<nixos/modules/misc/ids.nix>installer.enableGraphicalToolsEnable the installation of graphical tools.
Default:
falseExample:
trueDeclared by:
<nixos/modules/installer/tools/tools.nix>jobsThis option defines the system jobs started and managed by the Upstart daemon.
Default:
{ }Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Default:
[ ]Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Default:
[ ]Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Default:
[ ]Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.daemonTypeDetermines how Upstart detects when a daemon should be considered “running”. The value
nonemeans that the daemon is considered ready immediately. The valueforkmeans that the daemon will fork once. The valuedaemonmeans that the daemon will fork twice. The valuestopmeans that the daemon will raise the SIGSTOP signal to indicate readiness.Default:
"none"Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.descriptionDescription of this unit used in systemd messages and progress indicators.
Default:
""Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.enableIf set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g.
serial-getty@ttyS0) from being started.Default:
trueDeclared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.environmentEnvironment variables passed to the services's processes.
Default:
{ }Example:
{ LANG = "nl_NL.UTF-8"; PATH = "/foo/bar/bin"; }Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.execCommand to start the job's main process. If empty, the job has no main process, but can still have pre/post-start and pre/post-stop scripts, and is considered “running” until it is stopped.
Default:
""Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.nameName of the Upstart job.
Default: none
Example:
"sshd"Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Default:
[ ]Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.pathPackages added to the job's
PATHenvironment variable. Both thebinandsbinsubdirectories of each package are added.Default:
[ ]Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.postStartShell commands executed after the job is started (i.e. after the job's main process is started), but before the job is considered “running”.
Default:
""Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.postStopShell commands executed after the job has stopped (i.e. after the job's main process has terminated).
Default:
""Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.preStartShell commands executed before the service's main process is started.
Default:
""Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.preStopShell commands executed before the job is stopped (i.e. before Upstart kills the job's main process). This can be used to cleanly shut down a daemon.
Default:
""Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
Default:
[ ]Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Default:
[ ]Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.respawnWhether to restart the job automatically if its process ends unexpectedly.
Default:
trueDeclared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.restartIfChangedWhether the service should be restarted during a NixOS configuration switch if its definition has changed.
Default:
trueDeclared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Default:
[ ]Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.scriptShell commands executed as the service's main process.
Default:
""Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.scriptArgsArguments passed to the main process script.
Default:
""Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.serviceConfigEach attribute in this set specifies an option in the
[Service]section of the unit. See systemd.service(5) for details.Default:
{ }Example:
{ RestartSec = 5; StartLimitInterval = 10; }Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.setgidRun the daemon as a different group.
Default:
""Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.setuidRun the daemon as a different user.
Default:
""Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.startOnThe Upstart event that triggers this job to be started. If empty, the job will not start automatically.
Default:
""Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.stopIfChangedIf set, a changed unit is restarted by calling systemctl stop in the old configuration, then systemctl start in the new one. Otherwise, it is restarted in a single step using systemctl restart in the new configuration. The latter is less correct because it runs the
ExecStopcommands from the new configuration.Default:
trueDeclared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.stopOnThe Upstart event that triggers this job to be stopped.
Default:
"starting shutdown"Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.taskWhether this job is a task rather than a service. Tasks are executed only once, while services are restarted when they exit.
Default:
falseDeclared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.unitGenerated definition of the systemd unit corresponding to this job.
Default:
{ after = [ ] ; before = [ ] ; description = ""; environment = { } ; partOf = [ ] ; path = [ ] ; requires = [ ] ; restartIfChanged = true; serviceConfig = { RemainAfterExit = true; Restart = "always"; Type = "oneshot"; } ; unitConfig = { } ; wantedBy = [ ] ; wants = [ ] ; }Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.unitConfigEach attribute in this set specifies an option in the
[Unit]section of the unit. See systemd.unit(5) for details.Default:
{ }Example:
{ RequiresMountsFor = "/data"; }Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.wantedByUnits that want (i.e. depend on) this unit.
Default:
[ ]Declared by:
<nixos/modules/system/upstart/upstart.nix>jobs.<name?>.wantsStart the specified units when this unit is started.
Default:
[ ]Declared by:
<nixos/modules/system/upstart/upstart.nix>kde.extraPackagesDeprecated name of
environment.kdePackages.Default: none
Declared by:
<nixos/modules/rename.nix>krb5.defaultRealmDefault realm.
Default:
"ATENA.MIT.EDU"Declared by:
<nixos/modules/config/krb5.nix>krb5.domainRealmDefault domain realm.
Default:
"atena.mit.edu"Declared by:
<nixos/modules/config/krb5.nix>krb5.enableWhether to enable Kerberos V.
Default:
falseDeclared by:
<nixos/modules/config/krb5.nix>krb5.kdcKerberos Domain Controller
Default:
"kerberos.mit.edu"Declared by:
<nixos/modules/config/krb5.nix>krb5.kerberosAdminServerKerberos Admin Server
Default:
"kerberos.mit.edu"Declared by:
<nixos/modules/config/krb5.nix>libThis option allows modules to define helper functions, constants, etc.
Default:
{ }Declared by:
<nixos/modules/misc/lib.nix>nesting.childrenAdditional configurations to build.
Default:
[ ]Declared by:
<nixos/modules/system/activation/top-level.nix>nesting.cloneAdditional configurations to build based on the current configuration which is has a lower priority.
Default:
[ ]Declared by:
<nixos/modules/system/activation/top-level.nix>networking.WLANInterfaceObsolete. Use
networking.wireless.interfacesinstead.Default:
""Declared by:
<nixos/modules/services/networking/wpa_supplicant.nix>networking.bridgesThis option allows you to define Ethernet bridge devices that connect physical networks together. The value of this option is an attribute set. Each attribute specifies a bridge, with the attribute name specifying the name of the bridge's network interface.
Default:
{ }Example:
{ br0 = { interfaces = [ "eth0" "eth1" ] ; } ; br1 = { interfaces = [ "eth2" "wlan0" ] ; } ; }Declared by:
<nixos/modules/tasks/network-interfaces.nix>networking.bridges.<name>.interfacesThe physical network interfaces connected by the bridge.
Default: none
Example:
[ "eth0" "eth1" ]Declared by:
<nixos/modules/tasks/network-interfaces.nix>networking.defaultGatewayThe default gateway. It can be left empty if it is auto-detected through DHCP.
Default:
""Example:
"131.211.84.1"Declared by:
<nixos/modules/tasks/network-interfaces.nix>networking.defaultGatewayWindowSizeThe window size of the default gateway. It limits maximal data bursts that TCP peers are allowed to send to us.
Default:
Example:
524288Declared by:
<nixos/modules/tasks/network-interfaces.nix>networking.defaultMailServer.directDeliveryUse the trivial Mail Transfer Agent (MTA) ssmtp package to allow programs to send e-mail. If you don't want to run a ``real'' MTA like sendmail or postfix on your machine, set this option to
true, and set the optionnetworking.defaultMailServer.hostNameto the host name of your preferred mail server.Default:
falseExample:
trueDeclared by:
<nixos/modules/programs/ssmtp.nix>networking.defaultMailServer.domainThe domain from which mail will appear to be sent.
Default:
""Example:
"example.org"Declared by:
<nixos/modules/programs/ssmtp.nix>networking.defaultMailServer.hostNameThe host name of the default mail server to use to deliver e-mail.
Default: none
Example:
"mail.example.org"Declared by:
<nixos/modules/programs/ssmtp.nix>networking.defaultMailServer.useSTARTTLSWhether the STARTTLS should be used to connect to the default mail server. (This is needed for TLS-capable mail servers running on the default SMTP port 25.)
Default:
falseExample:
trueDeclared by:
<nixos/modules/programs/ssmtp.nix>networking.defaultMailServer.useTLSWhether TLS should be used to connect to the default mail server.
Default:
falseExample:
trueDeclared by:
<nixos/modules/programs/ssmtp.nix>networking.dhcpcd.denyInterfacesDisable the DHCP client for any interface which's name matches any of the shell glob patterns in this list. The purpose of this option is blacklist virtual interfaces such as those created by Xen, libvirt, LXC, etc.
Default:
[ ]Declared by:
<nixos/modules/services/networking/dhcpcd.nix>networking.dnsSingleRequestRecent versions of glibc will issue both ipv4 (A) and ipv6 (AAAA) address queries at the same time, from the same port. Sometimes upstream routers will systemically drop the ipv4 queries. The symptom of this problem is that 'getent hosts example.com' only returns ipv6 (or perhaps only ipv4) addresses. The workaround for this is to specify the option 'single-request' in /etc/resolv.conf. This option enables that.
Default:
falseDeclared by:
<nixos/modules/config/networking.nix>networking.domainThe domain. It can be left empty if it is auto-detected through DHCP.
Default:
""Example:
"home"Declared by:
<nixos/modules/tasks/network-interfaces.nix>networking.enableB43FirmwareTurn on this option if you want firmware for the NICs supported by the b43 module.
Default:
falseDeclared by:
<nixos/modules/hardware/network/b43.nix>networking.enableIPv6Whether to enable support for IPv6.
Default:
trueDeclared by:
<nixos/modules/tasks/network-interfaces.nix>networking.enableIntel2100BGFirmwareTurn on this option if you want firmware for the Intel PRO/Wireless 2100BG to be loaded automatically. This is required if you want to use this device. Intel requires you to accept the license for this firmware, see http://ipw2100.sourceforge.net/firmware.php?fid=2.
Default:
falseDeclared by:
<nixos/modules/hardware/network/intel-2100bg.nix>networking.enableIntel2200BGFirmwareTurn on this option if you want firmware for the Intel PRO/Wireless 2200BG to be loaded automatically. This is required if you want to use this device. Intel requires you to accept the license for this firmware, see http://ipw2200.sourceforge.net/firmware.php?fid=7.
Default:
falseDeclared by:
<nixos/modules/hardware/network/intel-2200bg.nix>networking.enableIntel3945ABGFirmwareThis option enables automatic loading of the firmware for the Intel PRO/Wireless 3945ABG.
Default:
falseDeclared by:
<nixos/modules/hardware/network/intel-3945abg.nix>networking.enableRT73FirmwareObsolete name of
networking.enableRalinkFirmware.Default: none
Declared by:
<nixos/modules/rename.nix>networking.enableRTL8192cFirmwareTurn on this option if you want firmware for the RTL8192c (and related) NICs.
Default:
falseDeclared by:
<nixos/modules/hardware/network/rtl8192c.nix>networking.enableRalinkFirmwareTurn on this option if you want firmware for the RT73 NIC
Default:
falseDeclared by:
<nixos/modules/rename.nix><nixos/modules/hardware/network/ralink.nix>networking.enableWLANObsolete name of
networking.wireless.enable.Default: none
Declared by:
<nixos/modules/rename.nix>networking.extraHostsAdditional entries to be appended to
/etc/hosts.Default:
""Example:
"192.168.0.1 lanlocalhost"Declared by:
<nixos/modules/config/networking.nix>networking.firewall.allowPingWhether to respond to incoming ICMPv4 echo requests ("pings"). ICMPv6 pings are always allowed because the larger address space of IPv6 makes network scanning much less effective.
Default:
falseDeclared by:
<nixos/modules/services/networking/firewall.nix>networking.firewall.allowedTCPPortsList of TCP ports on which incoming connections are accepted.
Default:
[ ]Example:
[ 22 80 ]Declared by:
<nixos/modules/services/networking/firewall.nix>networking.firewall.allowedUDPPortsList of open UDP ports.
Default:
[ ]Example:
[ 53 ]Declared by:
<nixos/modules/services/networking/firewall.nix>networking.firewall.autoLoadConntrackHelpersWhether to auto-load connection-tracking helpers. See the description at networking.firewall.connectionTrackingModules (needs kernel 3.5+)
Default:
trueDeclared by:
<nixos/modules/services/networking/firewall.nix>networking.firewall.checkReversePathPerforms a reverse path filter test on a packet. If a reply to the packet would not be sent via the same interface that the packet arrived on, it is refused. If using asymmetric routing or other complicated routing, disable this setting and setup your own counter-measures. (needs kernel 3.3+)
Default:
falseDeclared by:
<nixos/modules/services/networking/firewall.nix>networking.firewall.connectionTrackingModulesList of connection-tracking helpers that are auto-loaded. The complete list of possible values is given in the example. As helpers can pose as a security risk, it is adviced to set this to an empty list and disable the setting networking.firewall.autoLoadConntrackHelpers Loading of helpers is recommended to be done through the new CT target. More info: https://home.regit.org/netfilter-en/secure-use-of-helpers/
Default:
[ "ftp" ]Example:
[ "ftp" "irc" "sane" "sip" "tftp" "amanda" "h323" "netbios_sn" "pptp" "snmp" ]Declared by:
<nixos/modules/services/networking/firewall.nix>networking.firewall.enableWhether to enable the firewall. This is a simple stateful firewall that blocks connection attempts to unauthorised TCP or UDP ports on this machine. It does not affect packet forwarding.
Default:
falseDeclared by:
<nixos/modules/services/networking/firewall.nix>networking.firewall.extraCommandsAdditional shell commands executed as part of the firewall initialisation script. These are executed just before the final "reject" firewall rule is added, so they can be used to allow packets that would otherwise be refused.
Default:
""Example:
"iptables -A INPUT -p icmp -j ACCEPT"Declared by:
<nixos/modules/services/networking/firewall.nix>networking.firewall.logRefusedConnectionsWhether to log rejected or dropped incoming connections.
Default:
trueDeclared by:
<nixos/modules/services/networking/firewall.nix>networking.firewall.logRefusedPacketsWhether to log all rejected or dropped incoming packets. This tends to give a lot of log messages, so it's mostly useful for debugging.
Default:
falseDeclared by:
<nixos/modules/services/networking/firewall.nix>networking.firewall.logRefusedUnicastsOnlyIf
networking.firewall.logRefusedPacketsand this option are enabled, then only log packets specifically directed at this machine, i.e., not broadcasts or multicasts.Default:
trueDeclared by:
<nixos/modules/services/networking/firewall.nix>networking.firewall.rejectPacketsIf set, forbidden packets are rejected rather than dropped (ignored). This means that a ICMP "port unreachable" error message is sent back to the client. Rejecting packets makes port scanning somewhat easier.
Default:
falseDeclared by:
<nixos/modules/services/networking/firewall.nix>networking.firewall.trustedInterfacesTraffic coming in from these interfaces will be accepted unconditionally.
Default: none
Declared by:
<nixos/modules/services/networking/firewall.nix>networking.hostNameThe name of the machine. Leave it empty if you want to obtain it from a DHCP server (if using DHCP).
Default:
"nixos"Declared by:
<nixos/modules/tasks/network-interfaces.nix>networking.interfaceMonitor.beepIf
true, beep when an Ethernet cable is plugged in or unplugged.Default:
falseDeclared by:
<nixos/modules/services/networking/ifplugd.nix>networking.interfaceMonitor.commandsShell commands to be executed when the link status of an interface changes. On invocation, the shell variable
ifacecontains the name of the interface, while the variablestatuscontains eitherupordownto indicate the new status.Default:
""Declared by:
<nixos/modules/services/networking/ifplugd.nix>networking.interfaceMonitor.enableIf
true, monitor Ethernet interfaces for cables being plugged in or unplugged. When this occurs, the dhclient service is restarted to automatically obtain a new IP address. This is useful for roaming users (laptops).Default:
falseDeclared by:
<nixos/modules/services/networking/ifplugd.nix>networking.interfacesThe configuration for each network interface. If
networking.useDHCPis true, then every interface not listed here will be configured using DHCP.Default:
{ }Example:
{ eth0 = { ipAddress = "131.211.84.78"; subnetMask = "255.255.255.128"; } ; }Declared by:
<nixos/modules/tasks/network-interfaces.nix>networking.interfaces.<name?>.ipAddressIP address of the interface. Leave empty to configure the interface using DHCP.
Default:
Example:
"10.0.0.1"Declared by:
<nixos/modules/tasks/network-interfaces.nix>networking.interfaces.<name?>.macAddressMAC address of the interface. Leave empty to use the default.
Default:
Example:
"00:11:22:33:44:55"Declared by:
<nixos/modules/tasks/network-interfaces.nix>networking.interfaces.<name?>.nameName of the interface.
Default: none
Example:
"eth0"Declared by:
<nixos/modules/tasks/network-interfaces.nix>networking.interfaces.<name?>.prefixLengthSubnet mask of the interface, specified as the number of bits in the prefix (
24).Default:
Example:
24Declared by:
<nixos/modules/tasks/network-interfaces.nix>networking.interfaces.<name?>.proxyARPTurn on proxy_arp for this device (and proxy_ndp for ipv6). This is mainly useful for creating pseudo-bridges between a real interface and a virtual network such as VPN or a virtual machine for interfaces that don't support real bridging (most wlan interfaces). As ARP proxying acts slightly above the link-layer, below-ip traffic isn't bridged, so things like DHCP won't work. The advantage above using NAT lies in the fact that no IP addresses are shared, so all hosts are reachable/routeable. WARNING: turns on ip-routing, so if you have multiple interfaces, you should think of the consequence and setup firewall rules to limit this.
Default:
falseDeclared by:
<nixos/modules/tasks/network-interfaces.nix>networking.interfaces.<name?>.subnetMaskSubnet mask of the interface, specified as a bitmask. This is deprecated; use
prefixLengthinstead.Default:
""Example:
"255.255.255.0"Declared by:
<nixos/modules/tasks/network-interfaces.nix>networking.interfaces.<name?>.virtualWhether this interface is virtual and should be created by tunctl. This is mainly useful for creating bridges between a host a virtual network such as VPN or a virtual machine. Defaults to tap device, unless interface contains "tun" in its name.
Default:
falseDeclared by:
<nixos/modules/tasks/network-interfaces.nix>networking.interfaces.<name?>.virtualOwnerIn case of a virtual device, the user who owns it.
Default:
"root"Declared by:
<nixos/modules/tasks/network-interfaces.nix>networking.localCommandsShell commands to be executed at the end of the
network-setupsystemd service. Note that if you are using DHCP to obtain the network configuration, interfaces may not be fully configured yet.Default:
""Example:
"text=anything; echo You can put $text here."Declared by:
<nixos/modules/tasks/network-interfaces.nix>networking.nameserversThe list of nameservers. It can be left empty if it is auto-detected through DHCP.
Default:
[ ]Example:
[ "130.161.158.4" "130.161.33.17" ]Declared by:
<nixos/modules/tasks/network-interfaces.nix>networking.nat.enableWhether to enable Network Address Translation (NAT).
Default:
falseDeclared by:
<nixos/modules/services/networking/nat.nix>networking.nat.externalIPThe public IP address to which packets from the local network are to be rewritten. If this is left empty, the IP address associated with the external interface will be used.
Default:
""Example:
"203.0.113.123"Declared by:
<nixos/modules/services/networking/nat.nix>networking.nat.externalInterfaceThe name of the external network interface.
Default: none
Example:
"eth1"Declared by:
<nixos/modules/services/networking/nat.nix>networking.nat.internalIPsThe IP address ranges for which to perform NAT. Packets coming from these networks and destined for the external interface will be rewritten.
Default: none
Example:
[ "192.168.1.0/24" ]Declared by:
<nixos/modules/services/networking/nat.nix>networking.networkmanager.enableWhether to use NetworkManager to obtain an IP adress and other configuration for all network interfaces that are not manually configured. If enabled, a group
networkmanagerwill be created. Add all users that should have permission to change network settings to this group.Default:
falseDeclared by:
<nixos/modules/services/networking/networkmanager.nix>networking.networkmanager.packagesExtra packages that provide NetworkManager plugins.
Default:
[ ]Declared by:
<nixos/modules/services/networking/networkmanager.nix>networking.useDHCPWhether to use DHCP to obtain an IP adress and other configuration for all network interfaces that are not manually configured.
Default:
trueDeclared by:
<nixos/modules/tasks/network-interfaces.nix>networking.usePredictableInterfaceNamesWhether to assign predictable names to network interfaces. If enabled, interfaces are assigned names that contain topology information (e.g.
wlp3s0) and thus should be stable across reboots. If disabled, names depend on the order in which interfaces are discovered by the kernel, which may change randomly across reboots; for instance, you may findeth0andeth1flipping unpredictably.Default:
trueDeclared by:
<nixos/modules/services/hardware/udev.nix>networking.wicd.enableWhether to start wicd. Wired and wireless network configurations can then be managed by wicd-client.
Default:
falseDeclared by:
<nixos/modules/services/networking/wicd.nix>networking.wireless.driverForce a specific wpa_supplicant driver.
Default:
"nl80211,wext"Declared by:
<nixos/modules/services/networking/wpa_supplicant.nix>networking.wireless.enableWhether to start wpa_supplicant to scan for and associate with wireless networks. Note: NixOS currently does not generate wpa_supplicant's configuration file,
/etc/wpa_supplicant.conf. You should edit this file yourself to define wireless networks, WPA keys and so on (see wpa_supplicant.conf(5)).Default:
falseDeclared by:
<nixos/modules/services/networking/wpa_supplicant.nix><nixos/modules/rename.nix>networking.wireless.interfacesThe interfaces wpa_supplicant will use. If empty, it will automatically use all wireless interfaces. (Note that auto-detection is currently broken on Linux 3.4.x kernels. See http://github.com/NixOS/nixos/issues/10 for further details.)
Default:
[ ]Example:
[ "wlan0" "wlan1" ]Declared by:
<nixos/modules/services/networking/wpa_supplicant.nix>networking.wireless.userControlled.enableAllow normal users to control wpa_supplicant through wpa_gui or wpa_cli. This is useful for laptop users that switch networks a lot. When you want to use this, make sure /etc/wpa_supplicant.conf doesn't exist. It will be created for you. Currently it is also necessary to explicitly specify networking.wireless.interfaces.
Default:
falseDeclared by:
<nixos/modules/services/networking/wpa_supplicant.nix>networking.wireless.userControlled.groupMembers of this group can control wpa_supplicant.
Default:
"wheel"Example:
"network"Declared by:
<nixos/modules/services/networking/wpa_supplicant.nix>nix.binaryCachesList of binary cache URLs used to obtain pre-built binaries of Nix packages.
Default:
[ "http://nixos.org/binary-cache" ]Declared by:
<nixos/modules/services/misc/nix-daemon.nix>nix.buildMachinesThis option lists the machines to be used if distributed builds are enabled (see
nix.distributedBuilds). Nix will perform derivations on those machines via SSh by copying the inputs to the Nix store on the remote machine, starting the build, then copying the output back to the local Nix store. Each element of the list should be an attribute set containing the machine's host name (hostname), the user name to be used for the SSH connection (sshUser), the Nix system type (system, e.g.,"i686-linux"), the maximum number of jobs to be run in parallel on that machine (maxJobs), and the path to the SSH private key to be used to connect (sshKey). The SSH private key should not have a passphrase, and the corresponding public key should be added to~on the remote machine.sshUser/authorized_keysDefault: none
Example:
[ { hostName = "voila.labs.cs.uu.nl"; maxJobs = 1; sshKey = "/root/.ssh/id_buildfarm"; sshUser = "nix"; system = "powerpc-darwin"; } { hostName = "linux64.example.org"; maxJobs = 2; sshKey = "/root/.ssh/id_buildfarm"; sshUser = "buildfarm"; system = "x86_64-linux"; } ]Declared by:
<nixos/modules/services/misc/nix-daemon.nix>nix.chrootDirsDirectories from the host filesystem to be included in the chroot.
Default:
[ ]Example:
[ "/dev" "/proc" ]Declared by:
<nixos/modules/services/misc/nix-daemon.nix>nix.daemonIONiceLevelNix daemon process I/O priority. This priority propagates to build processes. 0 is the default Unix process I/O priority, 7 is the lowest.
Default:
7Declared by:
<nixos/modules/services/misc/nix-daemon.nix>nix.daemonNiceLevelNix daemon process priority. This priority propagates to build processes. 0 is the default Unix process priority, 20 is the lowest.
Default:
10Declared by:
<nixos/modules/services/misc/nix-daemon.nix>nix.distributedBuildsWhether to distribute builds to the machines listed in
nix.buildMachines. If you know that thebuildMachinesare not always available either use nixos nixos-rebuild --no-build-hook or consider managing/etc/nix.machinesmanually by settingmanualNixMachines. Then you can comment unavailable buildmachines.Default:
falseDeclared by:
<nixos/modules/services/misc/nix-daemon.nix>nix.envVarsEnvironment variables used by Nix.
Default:
{ }Declared by:
<nixos/modules/services/misc/nix-daemon.nix>nix.extraOptionsAdditional text appended to
nix.conf.Default:
""Example:
"\n gc-keep-outputs = true\n gc-keep-derivations = true\n "Declared by:
<nixos/modules/services/misc/nix-daemon.nix>nix.gc.automaticAutomatically run the garbage collector at a specific time.
Default:
falseDeclared by:
<nixos/modules/services/misc/nix-gc.nix>nix.gc.datesSpecification (in the format described by systemd.time(5)) of the time at which the garbage collector will run.
Default:
"03:15"Declared by:
<nixos/modules/services/misc/nix-gc.nix>nix.gc.optionsOptions given to
nix-collect-garbagewhen the garbage collector is run automatically.Default:
""Example:
"--max-freed $((64 * 1024**3))"Declared by:
<nixos/modules/services/misc/nix-gc.nix>nix.manualNixMachinesWhether to manually manage the list of buildmachines used in distributed builds in /etc/nix.machines.
Default:
falseDeclared by:
<nixos/modules/services/misc/nix-daemon.nix>nix.maxJobsThis option defines the maximum number of jobs that Nix will try to build in parallel. The default is 1. You should generally set it to the number of CPUs in your system (e.g., 2 on a Athlon 64 X2).
Default:
1Example:
2Declared by:
<nixos/modules/services/misc/nix-daemon.nix>nix.nrBuildUsersNumber of
nixblduser accounts created to perform secure concurrent builds. If you receive an error message saying that “all build users are currently in use”, you should increase this value.Default:
10Declared by:
<nixos/modules/services/misc/nix-daemon.nix>nix.proxyThis option specifies the proxy to use for fetchurl. The real effect is just exporting http_proxy, https_proxy and ftp_proxy with that value.
Default:
""Example:
"http://127.0.0.1:3128"Declared by:
<nixos/modules/services/misc/nix-daemon.nix>nix.readOnlyStoreIf set, NixOS will enforce the immutability of the Nix store by making
/nix/storea read-only bind mount. Nix will automatically make the store writable when needed.Default:
trueDeclared by:
<nixos/modules/services/misc/nix-daemon.nix>nix.trustedBinaryCachesList of binary cache URLs that non-root users can use (in addition to those specified using
nix.binaryCachesby passing--option binary-cachesto Nix commands.Default:
[ ]Example:
[ "http://hydra.nixos.org/" ]Declared by:
<nixos/modules/services/misc/nix-daemon.nix>nix.useChrootIf set, Nix will perform builds in a chroot-environment that it will set up automatically for each build. This prevents impurities in builds by disallowing access to dependencies outside of the Nix store.
Default:
falseExample:
trueDeclared by:
<nixos/modules/services/misc/nix-daemon.nix>nixpkgs.configThe configuration of the Nix Packages collection. (For details, see the Nixpkgs documentation.) It allows you to set package configuration options, and to override packages globally through the
packageOverridesoption. The latter is a function that takes as an argument the original Nixpkgs, and must evaluate to a set of new or overriden packages.Default:
{ }Example:
{ firefox.enableGeckoMediaPlayer = true; packageOverrides = pkgs: { firefox60Pkgs = pkgs.firefox60Pkgs.override { enableOfficialBranding = true; }; }; }Declared by:
<nixos/modules/misc/nixpkgs.nix>nixpkgs.systemSpecifies the Nix platform type for which NixOS should be built. If unset, it defaults to the platform type of your host system (
x86_64-linux). Specifying this option is useful when doing distributed multi-platform deployment, or when building virtual machines.Default:
"x86_64-linux"Declared by:
<nixos/modules/misc/nixpkgs.nix>passthruThis attribute set will be exported as a system attribute. You can put whatever you want here.
Default: none
Declared by:
<nixos/modules/misc/passthru.nix>power.ups.enableEnables support for Power Devices, such as Uninterruptible Power Supplies, Power Distribution Units and Solar Controllers.
Default:
falseDeclared by:
<nixos/modules/services/monitoring/ups.nix>power.ups.maxStartDelayThis can be set as a global variable above your first UPS definition and it can also be set in a UPS section. This value controls how long upsdrvctl will wait for the driver to finish starting. This keeps your system from getting stuck due to a broken driver or UPS.
Default:
45Declared by:
<nixos/modules/services/monitoring/ups.nix>power.ups.modeThe MODE determines which part of the NUT is to be started, and which configuration files must be modified. The values of MODE can be: - none: NUT is not configured, or use the Integrated Power Management, or use some external system to startup NUT components. So nothing is to be started. - standalone: This mode address a local only configuration, with 1 UPS protecting the local system. This implies to start the 3 NUT layers (driver, upsd and upsmon) and the matching configuration files. This mode can also address UPS redundancy. - netserver: same as for the standalone configuration, but also need some more ACLs and possibly a specific LISTEN directive in upsd.conf. Since this MODE is opened to the network, a special care should be applied to security concerns. - netclient: this mode only requires upsmon.
Default:
"standalone"Declared by:
<nixos/modules/services/monitoring/ups.nix>power.ups.schedulerRulesFile which contains the rules to handle UPS events.
Default: none
Example:
"/etc/nixos/upssched.conf"Declared by:
<nixos/modules/services/monitoring/ups.nix>power.ups.upsThis is where you configure all the UPSes that this system will be monitoring directly. These are usually attached to serial ports, but USB devices are also supported.
Default:
{ }Declared by:
<nixos/modules/services/monitoring/ups.nix>power.ups.ups.<name>.descriptionDescription of the UPS.
Default:
""Declared by:
<nixos/modules/services/monitoring/ups.nix>power.ups.ups.<name>.directivesList of configuration directives for this UPS.
Default:
[ ]Declared by:
<nixos/modules/services/monitoring/ups.nix>power.ups.ups.<name>.driverSpecify the program to run to talk to this UPS. apcsmart, bestups, and sec are some examples.
Default: none
Declared by:
<nixos/modules/services/monitoring/ups.nix>power.ups.ups.<name>.maxStartDelayThis can be set as a global variable above your first UPS definition and it can also be set in a UPS section. This value controls how long upsdrvctl will wait for the driver to finish starting. This keeps your system from getting stuck due to a broken driver or UPS.
Default:
Declared by:
<nixos/modules/services/monitoring/ups.nix>power.ups.ups.<name>.portThe serial port where your UPS is connected. /dev/ttyS0 is usually the first port on Linux boxes, for example.
Default: none
Declared by:
<nixos/modules/services/monitoring/ups.nix>power.ups.ups.<name>.shutdownOrderWhen you have multiple UPSes on your system, you usually need to turn them off in a certain order. upsdrvctl shuts down all the 0s, then the 1s, 2s, and so on. To exclude a UPS from the shutdown sequence, set this to -1.
Default:
0Declared by:
<nixos/modules/services/monitoring/ups.nix>power.ups.ups.<name>.summaryLines which would be added inside ups.conf for handling this UPS.
Default:
""Declared by:
<nixos/modules/services/monitoring/ups.nix>powerManagement.cpuFreqGovernorConfigure the governor used to regulate the frequence of the available CPUs. By default, the kernel configures the on-demand governor.
Default:
""Example:
"ondemand"Declared by:
<nixos/modules/tasks/cpu-freq.nix>powerManagement.enableWhether to enable power management. This includes support for suspend-to-RAM and powersave features on laptops.
Default:
trueDeclared by:
<nixos/modules/config/power-management.nix>powerManagement.powerDownCommandsCommands executed when the machine powers down. That is, they're executed both when the system shuts down and when it goes to suspend or hibernation.
Default:
""Example:
"/nix/store/hl2bngyv6ygn2qh5csrhc6mvs1nj2ck7-hdparm-9.39/sbin/hdparm -B 255 /dev/sda"Declared by:
<nixos/modules/config/power-management.nix>powerManagement.powerUpCommandsCommands executed when the machine powers up. That is, they're executed both when the system first boots and when it resumes from suspend or hibernation.
Default:
""Example:
"/nix/store/hl2bngyv6ygn2qh5csrhc6mvs1nj2ck7-hdparm-9.39/sbin/hdparm -B 255 /dev/sda"Declared by:
<nixos/modules/config/power-management.nix>powerManagement.resumeCommandsCommands executed after the system resumes from suspend-to-RAM.
Default:
""Declared by:
<nixos/modules/config/power-management.nix>powerManagement.scsiLinkPolicyConfigure the scsi link power management policy. By default, the kernel configures "max_performance".
Default:
""Example:
"min_power"Declared by:
<nixos/modules/tasks/scsi-link-power-management.nix>programs.ssh.forwardX11Whether to request X11 forwarding on outgoing connections by default. This is useful for running graphical programs on the remote machine and have them display to your local X11 server. Historically, this value has depended on the value used by the local sshd daemon, but there really isn't a relation between the two. Note: there are some security risks to forwarding an X11 connection. NixOS's X server is built with the SECURITY extension, which prevents some obvious attacks. To enable or disable forwarding on a per-connection basis, see the -X and -x options to ssh. The -Y option to ssh enables trusted forwarding, which bypasses the SECURITY extension.
Default:
falseDeclared by:
<nixos/modules/programs/ssh.nix>programs.ssh.setXAuthLocationWhether to set the path to xauth for X11-forwarded connections. Pulls in X11 dependency.
Default:
trueDeclared by:
<nixos/modules/programs/ssh.nix>requiredTTYsFIXME: find another place for this option. FIXME: find a good description.
Default:
[ ]Declared by:
<nixos/modules/tasks/kbd.nix>security.apparmor.confineSUIDApplicationsInstall AppArmor profiles for commonly-used SUID application to mitigate potential privilege escalation attacks due to bugs in such applications. Currently available profiles: ping
Default:
trueDeclared by:
<nixos/modules/security/apparmor-suid.nix>security.apparmor.enableEnable AppArmor application security system. Enable only if you want to further improve AppArmor.
Default:
falseDeclared by:
<nixos/modules/security/apparmor.nix>security.apparmor.profilesList of file names of AppArmor profiles.
Default:
[ ]Declared by:
<nixos/modules/security/apparmor.nix>security.extraSetuidProgramsObsolete name of
security.setuidPrograms.Default: none
Declared by:
<nixos/modules/rename.nix>security.pam.enableOTPWEnable the OTPW (one-time password) PAM module
Default:
falseDeclared by:
<nixos/modules/security/pam.nix>security.pam.enableSSHAgentAuthEnable sudo logins if the user's SSH agent provides a key present in
~/.ssh/authorized_keys. This allows machines to exclusively use SSH keys instead of passwords.Default:
falseDeclared by:
<nixos/modules/security/pam.nix>security.pam.loginLimitsDefine resource limits that should apply to users or groups. Each item in the list should be an attribute set with a
domain,type,item, andvalueattribute. The syntax and semantics of these attributes must be that described in the limits.conf(5) man page.Default:
[ ]Example:
[ { domain = "ftp"; item = "nproc"; type = "hard"; value = "0"; } { domain = "@student"; item = "maxlogins"; type = "-"; value = "4"; } ]Declared by:
<nixos/modules/security/pam.nix>security.pam.servicesThis option defines the PAM services. A service typically corresponds to a program that uses PAM, e.g. login or passwd. Each element of this list is an attribute set describing a service. The attribute
namespecifies the name of the service. The attributerootOKspecifies whether the root user is allowed to use this service without authentication. The attributestartSessionspecifies whether systemd's PAM connector module should be used to start a new session; for local sessions, this will give the user ownership of devices such as audio and CD-ROM drives. The attributeforwardXAuthspecifies whether X authentication keys should be passed from the calling user to the target user (e.g. for su). The attributelimitsdefines resource limits that should apply to users or groups for the service. Each item in the list should be an attribute set with adomain,type,item, andvalueattribute. The syntax and semantics of these attributes must be that described in the limits.conf(5) man page.Default:
[ ]Example:
[ { name = "chsh"; rootOK = true; } { allowNullPassword = true; limits = [ { domain = "ftp"; item = "nproc"; type = "hard"; value = "0"; } ] ; name = "login"; startSession = true; } ]Declared by:
<nixos/modules/security/pam.nix>security.pam.usb.enableEnable USB login for all login system unless the service disabled it. For more information, visit http://pamusb.org/doc/quickstart#setting_up.
Default:
falseDeclared by:
<nixos/modules/security/pam_usb.nix>security.polkit.adminIdentitiesSpecifies which users are considered “administrators”, for those actions that require the user to authenticate as an administrator (i.e. have a
auth_adminvalue). By default, this is therootuser and all users in thewheelgroup.Default:
"unix-user:0;unix-group:wheel"Example:
""Declared by:
<nixos/modules/security/polkit.nix>security.polkit.enableWhether to enable PolKit.
Default:
trueDeclared by:
<nixos/modules/security/polkit.nix>security.polkit.permissionsAllows the default permissions of privileged actions to be overriden.
Default:
""Example:
"[Disallow Users To Suspend]\nIdentity=unix-group:users\nAction=org.freedesktop.upower.*\nResultAny=no\nResultInactive=no\nResultActive=no\n\n[Allow Anybody To Eject Disks]\nIdentity=unix-user:*\nAction=org.freedesktop.udisks.drive-eject\nResultAny=yes\nResultInactive=yes\nResultActive=yes\n\n[Allow Alice To Mount Filesystems After Admin Authentication]\nIdentity=unix-user:alice\nAction=org.freedesktop.udisks.filesystem-mount\nResultAny=auth_admin\nResultInactive=auth_admin\nResultActive=auth_admin\n"Declared by:
<nixos/modules/security/polkit.nix>security.rngd.enableWhether to enable the rng daemon, which adds entropy from hardware sources of randomness to the kernel entropy pool when available.
Default:
trueDeclared by:
<nixos/modules/security/rngd.nix>security.rtkit.enableWhether to enable the RealtimeKit system service, which hands out realtime scheduling priority to user processes on demand. For example, the PulseAudio server uses this to acquire realtime priority.
Default:
falseDeclared by:
<nixos/modules/security/rtkit.nix>security.setuidOwnersThis option allows the ownership and permissions on the setuid wrappers for specific programs to be overriden from the default (setuid root, but not setgid root).
Default:
[ ]Example:
[ { group = "postdrop"; owner = "nobody"; program = "sendmail"; setgid = true; setuid = false; } ]Declared by:
<nixos/modules/security/setuid-wrappers.nix>security.setuidProgramsThe Nix store cannot contain setuid/setgid programs directly. For this reason, NixOS can automatically generate wrapper programs that have the necessary privileges. This option lists the names of programs in the system environment for which setuid root wrappers should be created.
Default:
[ ]Declared by:
<nixos/modules/security/setuid-wrappers.nix><nixos/modules/rename.nix>security.sudo.configFileThis string contains the contents of the
sudoersfile.Default: none
Declared by:
<nixos/modules/security/sudo.nix>security.sudo.enableWhether to enable the sudo command, which allows non-root users to execute commands as root.
Default:
trueDeclared by:
<nixos/modules/security/sudo.nix>security.sudo.wheelNeedsPasswordWhether users of the
wheelgroup can execute commands as super user without entering a password.Default:
trueDeclared by:
<nixos/modules/security/sudo.nix>security.wrapperDirThis option defines the path to the setuid wrappers. It should generally not be overriden. Some packages in Nixpkgs expect that
wrapperDiris/var/setuid-wrappers.Default:
"/var/setuid-wrappers"Declared by:
<nixos/modules/security/setuid-wrappers.nix>services.acpid.acEventCommandsShell commands to execute on a ac_adapter.* event.
Default:
""Declared by:
<nixos/modules/services/hardware/acpid.nix>services.acpid.enableWhether to enable the ACPI daemon.
Default:
falseDeclared by:
<nixos/modules/services/hardware/acpid.nix>services.acpid.lidEventCommandsShell commands to execute on a button/lid.* event.
Default:
""Declared by:
<nixos/modules/services/hardware/acpid.nix>services.acpid.powerEventCommandsShell commands to execute on a button/power.* event.
Default:
""Declared by:
<nixos/modules/services/hardware/acpid.nix>services.activemq.baseDirThe base directory where ActiveMQ stores its persistent data and logs. This will be overriden if you set "activemq.base" and "activemq.data" in the
javaPropertiesoption. You can also override this in activemq.xml.Default:
"/var/activemq"Declared by:
<nixos/modules/services/amqp/activemq/default.nix>services.activemq.configurationDirThe base directory for ActiveMQ's configuration. By default, this directory is searched for a file named activemq.xml, which should contain the configuration for the broker service.
Default:
"/nix/store/8ynbp17b6s8683dh68vbrcpdnamjx52h-apache-activemq-5.8.0/conf"Declared by:
<nixos/modules/services/amqp/activemq/default.nix>services.activemq.configurationURIThe URI that is passed along to the BrokerFactory to set up the configuration of the ActiveMQ broker service. You should not need to change this. For custom configuration, set the
configurationDirinstead, and create an activemq.xml configuration file in it.Default:
"xbean:activemq.xml"Declared by:
<nixos/modules/services/amqp/activemq/default.nix>services.activemq.enableEnable the Apache ActiveMQ message broker service.
Default:
falseDeclared by:
<nixos/modules/services/amqp/activemq/default.nix>services.activemq.extraJavaOptionsAdd extra options here that you want to be sent to the Java runtime when the broker service is started.
Default:
""Example:
"-Xmx2G -Xms2G -XX:MaxPermSize=512M"Declared by:
<nixos/modules/services/amqp/activemq/default.nix>services.activemq.javaPropertiesSpecifies Java properties that are sent to the ActiveMQ broker service with the "-D" option. You can set properties here to change the behaviour and configuration of the broker. All essential properties that are not set here are automatically given reasonable defaults.
Default:
{ }Example:
{ java.net.preferIPv4Stack = "true"; }Declared by:
<nixos/modules/services/amqp/activemq/default.nix>services.activemq.user.createIf true, the a system user with the specified name will be added to the system configuration. If false, a user with the specified name is expected to exist.
Default:
trueDeclared by:
<nixos/modules/services/amqp/activemq/default.nix>services.activemq.user.nameThe name of the user that should run the ActiveMQ process.
Default:
"activemq"Declared by:
<nixos/modules/services/amqp/activemq/default.nix>services.almir.director_addressIP/Hostname for Director to connect with bconsole.
Default:
"127.0.0.1"Declared by:
<nixos/modules/services/backup/almir.nix>services.almir.director_nameName of the Director to connect with bconsole.
Default: none
Declared by:
<nixos/modules/services/backup/almir.nix>services.almir.director_passwordPassword for Director to connect with bconsole.
Default: none
Declared by:
<nixos/modules/services/backup/almir.nix>services.almir.director_portPort for Director to connect with bconsole.
Default:
9101Declared by:
<nixos/modules/services/backup/almir.nix>services.almir.enableEnable Almir web server. Also configures postgresql database and installs bacula.
Default:
falseDeclared by:
<nixos/modules/services/backup/almir.nix>services.almir.portPort for Almir web server to listen on.
Default:
35000Declared by:
<nixos/modules/services/backup/almir.nix>services.almir.sqlalchemy_engine_urlDefine SQL database connection to bacula catalog as specified in http://docs.sqlalchemy.org/en/latest/core/engines.html#database-urls
Default: none
Example:
"postgresql://bacula:bacula@localhost:5432/bacula\nmysql+mysqlconnector://<user>:<password>@<hostname>/<database>'\nsqlite:////var/lib/bacula/bacula.db'\n"Declared by:
<nixos/modules/services/backup/almir.nix>services.almir.timezoneTimezone as specified in https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
Default: none
Example:
"Europe/Ljubljana"Declared by:
<nixos/modules/services/backup/almir.nix>services.amule.dataDirThe directory holding configuration, incoming and temporary files.
Default:
"/home/amule/"Declared by:
<nixos/modules/services/networking/amuled.nix>services.amule.enableWhether to run the AMule daemon. You need to manually run "amuled --ec-config" to configure the service for the first time.
Default:
falseDeclared by:
<nixos/modules/services/networking/amuled.nix>services.amule.userThe user the AMule daemon should run as.
Default:
Declared by:
<nixos/modules/services/networking/amuled.nix>services.atd.allowEveryoneWhether to make /var/spool/at{jobs,spool} writeable by everyone (and sticky). This is normally not needed since the `at' commands are setuid/setgid `atd'.
Default:
falseDeclared by:
<nixos/modules/services/scheduling/atd.nix>services.atd.enableWhether to enable the `at' daemon, a command scheduler.
Default:
trueDeclared by:
<nixos/modules/services/scheduling/atd.nix>services.autofs.autoMasterfile contents of /etc/auto.master. See man auto.master See man 5 auto.master and man 5 autofs.
Default: none
Example:
autoMaster = let mapConf = pkgs.writeText "auto" '' kernel -ro,soft,intr ftp.kernel.org:/pub/linux boot -fstype=ext2 :/dev/hda1 windoze -fstype=smbfs ://windoze/c removable -fstype=ext2 :/dev/hdd cd -fstype=iso9660,ro :/dev/hdc floppy -fstype=auto :/dev/fd0 server -rw,hard,intr / -ro myserver.me.org:/ \ /usr myserver.me.org:/usr \ /home myserver.me.org:/home ''; in '' /auto file:${mapConf} ''Declared by:
<nixos/modules/services/misc/autofs.nix>services.autofs.debugpass -d and -7 to automount and write log to /var/log/autofs
Default:
falseDeclared by:
<nixos/modules/services/misc/autofs.nix>services.autofs.enableMount filesystems on demand. Unmount them automatically. You may also be interested in afuese.
Default:
falseDeclared by:
<nixos/modules/services/misc/autofs.nix>services.autofs.timeoutSet the global minimum timeout, in seconds, until directories are unmounted
Default:
600Declared by:
<nixos/modules/services/misc/autofs.nix>services.avahi.browseDomainsList of non-local DNS domains to be browsed.
Default:
[ "0pointer.de" "zeroconf.org" ]Declared by:
<nixos/modules/services/networking/avahi-daemon.nix>services.avahi.enableWhether to run the Avahi daemon, which allows Avahi clients to use Avahi's service discovery facilities and also allows the local machine to advertise its presence and services (through the mDNS responder implemented by `avahi-daemon').
Default:
falseDeclared by:
<nixos/modules/services/networking/avahi-daemon.nix>services.avahi.hostNameHost name advertised on the LAN.
Default: none
Declared by:
<nixos/modules/services/networking/avahi-daemon.nix>services.avahi.ipv4Whether to use IPv4
Default:
trueDeclared by:
<nixos/modules/services/networking/avahi-daemon.nix>services.avahi.ipv6Whether to use IPv6
Default:
falseDeclared by:
<nixos/modules/services/networking/avahi-daemon.nix>services.avahi.nssmdnsWhether to enable the mDNS NSS (Name Service Switch) plug-in. Enabling it allows applications to resolve names in the `.local' domain by transparently querying the Avahi daemon.
Default:
falseDeclared by:
<nixos/modules/services/networking/avahi-daemon.nix>services.avahi.publishingWhether to allow publishing.
Default:
trueDeclared by:
<nixos/modules/services/networking/avahi-daemon.nix>services.avahi.wideAreaWhether to enable wide-area service discovery.
Default:
trueDeclared by:
<nixos/modules/services/networking/avahi-daemon.nix>services.bacula-dir.enableWhether to enable Bacula Director Daemon.
Default:
falseDeclared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-dir.extraConfigExtra configuration for Bacula Director Daemon.
Default:
""Example:
"TODO\n"Declared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-dir.extraDirectorConfigExtra configuration to be passed in Director directive.
Default:
""Example:
"Maximum Concurrent Jobs = 20;\nHeartbeat Interval = 30;\n"Declared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-dir.extraMessagesConfigExtra configuration to be passed in Messages directive.
Default:
""Example:
"console = all\n"Declared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-dir.nameThe director name used by the system administrator. This directive is required.
Default:
"nixos-dir"Declared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-dir.passwordSpecifies the password that must be supplied for a Director.
Default: none
Declared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-dir.portSpecify the port (a positive integer) on which the Director daemon will listen for Bacula Console connections. This same port number must be specified in the Director resource of the Console configuration file. The default is 9101, so normally this directive need not be specified. This directive should not be used if you specify DirAddresses (N.B plural) directive.
Default:
9101Declared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-fd.directorThis option defines director resources in Bacula File Daemon.
Default:
{ }Declared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-fd.director.<name>.monitorIf Monitor is set to no (default), this director will have full
Default:
"no"Example:
"yes"Declared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-fd.director.<name>.passwordSpecifies the password that must be supplied for a Director to b
Default: none
Declared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-fd.enableWhether to enable Bacula File Daemon.
Default:
falseDeclared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-fd.extraClientConfigExtra configuration to be passed in Client directive.
Default:
""Example:
"Maximum Concurrent Jobs = 20;\nHeartbeat Interval = 30;\n"Declared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-fd.extraMessagesConfigExtra configuration to be passed in Messages directive.
Default:
""Example:
"console = all\n"Declared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-fd.nameThe client name that must be used by the Director when connecting. Generally, it is a good idea to use a name related to the machine so that error messages can be easily identified if you have multiple Clients. This directive is required.
Default:
"nixos-fd"Declared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-fd.portThis specifies the port number on which the Client listens for Director connections. It must agree with the FDPort specified in the Client resource of the Director's configuration file. The default is 9102.
Default:
9102Declared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-sd.deviceThis option defines Device resources in Bacula Storage Daemon.
Default:
{ }Declared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-sd.device.<name>.archiveDeviceThe specified name-string gives the system file name of the storage device managed by this storage daemon. This will usually be the device file name of a removable storage device (tape drive), for example " /dev/nst0" or "/dev/rmt/0mbn". For a DVD-writer, it will be for example /dev/hdc. It may also be a directory name if you are archiving to disk storage.
Default: none
Declared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-sd.device.<name>.extraDeviceConfigExtra configuration to be passed in Device directive.
Default:
""Example:
"LabelMedia = yes\nRandom Access = no\nAutomaticMount = no\nRemovableMedia = no\nMaximumOpenWait = 60\nAlwaysOpen = no\n"Declared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-sd.device.<name>.mediaTypeThe specified name-string names the type of media supported by this device, for example, "DLT7000". Media type names are arbitrary in that you set them to anything you want, but they must be known to the volume database to keep track of which storage daemons can read which volumes. In general, each different storage type should have a unique Media Type associated with it. The same name-string must appear in the appropriate Storage resource definition in the Director's configuration file.
Default: none
Declared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-sd.directorThis option defines Director resources in Bacula Storage Daemon.
Default:
{ }Declared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-sd.director.<name>.monitorIf Monitor is set to no (default), this director will have full
Default:
"no"Example:
"yes"Declared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-sd.director.<name>.passwordSpecifies the password that must be supplied for a Director to b
Default: none
Declared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-sd.enableWhether to enable Bacula Storage Daemon.
Default:
falseDeclared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-sd.extraMessagesConfigExtra configuration to be passed in Messages directive.
Default:
""Example:
"console = all\n"Declared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-sd.extraStorageConfigExtra configuration to be passed in Storage directive.
Default:
""Example:
"Maximum Concurrent Jobs = 20;\nHeartbeat Interval = 30;\n"Declared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-sd.nameSpecifies the Name of the Storage daemon.
Default:
"nixos-sd"Declared by:
<nixos/modules/services/backup/bacula.nix>services.bacula-sd.portSpecifies port number on which the Storage daemon listens for Director connections. The default is 9103.
Default:
9103Declared by:
<nixos/modules/services/backup/bacula.nix>services.bind.blockedNetworksWhat networks are just blocked.
Default:
[ ]Declared by:
<nixos/modules/services/networking/bind.nix>services.bind.cacheNetworksWhat networks are allowed to use us as a resolver.
Default:
[ "127.0.0.0/24" ]Declared by:
<nixos/modules/services/networking/bind.nix>services.bind.configFileOverridable config file to use for named. By default, that generated by nixos.
Default:
(build of named.conf)Declared by:
<nixos/modules/services/networking/bind.nix>services.bind.enableWhether to enable BIND domain name server.
Default:
falseDeclared by:
<nixos/modules/services/networking/bind.nix>services.bind.ipv4OnlyOnly use ipv4, even if the host supports ipv6
Default:
falseDeclared by:
<nixos/modules/services/networking/bind.nix>services.bind.zonesList of zones we claim authority over. master=false means slave server; slaves means addresses who may request zone transfer.
Default:
[ ]Example:
[ { file = "/var/dns/example.com"; master = false; masters = [ "192.168.0.1" ] ; name = "example.com"; slaves = [ ] ; } ]Declared by:
<nixos/modules/services/networking/bind.nix>services.bitlbee.authModeThe following authentication modes are available: Open -- Accept connections from anyone, use NickServ for user authentication. Closed -- Require authorization (using the PASS command during login) before allowing the user to connect at all. Registered -- Only allow registered users to use this server; this disables the register- and the account command until the user identifies himself.
Default:
"Open"Declared by:
<nixos/modules/services/networking/bitlbee.nix>services.bitlbee.enableWhether to run the BitlBee IRC to other chat network gateway. Running it allows you to access the MSN, Jabber, Yahoo! and ICQ chat networks via an IRC client.
Default:
falseDeclared by:
<nixos/modules/services/networking/bitlbee.nix>services.bitlbee.extraDefaultsWill be inserted in the Default section of the config file.
Default:
""Declared by:
<nixos/modules/services/networking/bitlbee.nix>services.bitlbee.extraSettingsWill be inserted in the Settings section of the config file.
Default:
""Declared by:
<nixos/modules/services/networking/bitlbee.nix>services.bitlbee.interfaceThe interface the BitlBee deamon will be listening to. If `127.0.0.1', only clients on the local host can connect to it; if `0.0.0.0', clients can access it from any network interface.
Default:
"127.0.0.1"Declared by:
<nixos/modules/services/networking/bitlbee.nix>services.bitlbee.portNumberNumber of the port BitlBee will be listening to.
Default:
6667Declared by:
<nixos/modules/services/networking/bitlbee.nix>services.clamav.updater.configExtra configuration for freshclam. Contents will be added verbatim to the configuration file.
Default:
""Declared by:
<nixos/modules/services/security/clamav.nix>services.clamav.updater.enableWhether to enable automatic ClamAV virus definitions database updates.
Default:
falseDeclared by:
<nixos/modules/services/security/clamav.nix>services.clamav.updater.frequencyNumber of database checks per day.
Default:
12Declared by:
<nixos/modules/services/security/clamav.nix>services.cntlm.domainProxy account domain/workgroup name.
Default: none
Declared by:
<nixos/modules/services/networking/cntlm.nix>services.cntlm.enableWhether to enable the cntlm, which start a local proxy.
Default:
falseDeclared by:
<nixos/modules/services/networking/cntlm.nix>services.cntlm.extraConfigVerbatim contents of
cntlm.conf.Default:
""Declared by:
<nixos/modules/services/networking/cntlm.nix>services.cntlm.netbios_hostnameThe hostname of your machine.
Default: none
Declared by:
<nixos/modules/services/networking/cntlm.nix>services.cntlm.passwordProxy account password. Note: use chmod 0600 on /etc/cntlm.password for security.
Default:
"/etc/cntlm.password"Declared by:
<nixos/modules/services/networking/cntlm.nix>services.cntlm.portSpecifies on which ports the cntlm daemon listens.
Default:
[ 3128 ]Declared by:
<nixos/modules/services/networking/cntlm.nix>services.cntlm.proxyA list of NTLM/NTLMv2 authenticating HTTP proxies. Parent proxy, which requires authentication. The same as proxy on the command-line, can be used more than once to specify unlimited number of proxies. Should one proxy fail, cntlm automatically moves on to the next one. The connect request fails only if the whole list of proxies is scanned and (for each request) and found to be invalid. Command-line takes precedence over the configuration file.
Default: none
Declared by:
<nixos/modules/services/networking/cntlm.nix>services.cntlm.usernameProxy account name, without the possibility to include domain name ('at' sign is interpreted literally).
Default: none
Declared by:
<nixos/modules/services/networking/cntlm.nix>services.cron.enableWhether to enable the `vixie cron' daemon.
Default:
trueDeclared by:
<nixos/modules/services/scheduling/cron.nix>services.cron.mailtoThe job output will be mailed to this email address.
Default:
""Declared by:
<nixos/modules/services/scheduling/cron.nix>services.cron.systemCronJobsA list of Cron jobs to be appended to the system-wide crontab. See the manual page for crontab for the expected format. If you want to get the results mailed you must setuid sendmail. See
security.setuidOwnersIf neither /var/cron/cron.deny nor /var/cron/cron.allow exist only root will is allowed to have its own crontab file. The /var/cron/cron.deny file is created automatically for you. So every user can use a crontab. Many nixos modules set systemCronJobs, so if you decide to disable vixie cron and enable another cron daemon, you may want it to get its system crontab based on systemCronJobs.Default:
[ ]Example:
[ "* * * * * test ls -l / > /tmp/cronout 2>&1" "* * * * * eelco echo Hello World > /home/eelco/cronout" ]Declared by:
<nixos/modules/services/scheduling/cron.nix>services.dbus.enableWhether to start the D-Bus message bus daemon, which is required by many other system services and applications.
Default:
trueDeclared by:
<nixos/modules/services/system/dbus.nix>services.dbus.packagesPackages whose D-Bus configuration files should be included in the configuration of the D-Bus system-wide message bus. Specifically, every file in
pkg/etc/dbus-1/system.dDefault:
[ ]Declared by:
<nixos/modules/services/system/dbus.nix>services.dd-agent.api_keyThe Datadog API key to associate the agent with your account
Default: none
Example:
"ae0aa6a8f08efa988ba0a17578f009ab"Declared by:
<nixos/modules/services/monitoring/dd-agent.nix>services.dd-agent.enableWhether to enable the dd-agent montioring service
Default:
falseDeclared by:
<nixos/modules/services/monitoring/dd-agent.nix>services.dd-agent.hostnameThe hostname to show in the Datadog dashboard (optional)
Default:
Example:
"mymachine.mydomain"Declared by:
<nixos/modules/services/monitoring/dd-agent.nix>services.ddclient.domainDomain name to synchronize.
Default:
""Declared by:
<nixos/modules/services/networking/ddclient.nix>services.ddclient.enableWhether to synchronise your machine's IP address with a dynamic DNS provider (e.g. dyndns.org).
Default:
falseDeclared by:
<nixos/modules/services/networking/ddclient.nix>services.ddclient.extraConfigExtra configuration. Contents will be added verbatim to the configuration file.
Default:
""Declared by:
<nixos/modules/services/networking/ddclient.nix>services.ddclient.passwordPassword.
Default:
""Declared by:
<nixos/modules/services/networking/ddclient.nix>services.ddclient.protocolProtocol to use with dynamic DNS provider. (see also, http://sourceforge.net/apps/trac/ddclient/wiki/Protocols)
Default:
"dyndns2"Declared by:
<nixos/modules/services/networking/ddclient.nix>services.ddclient.serverServer
Default:
"members.dyndns.org"Declared by:
<nixos/modules/services/networking/ddclient.nix>services.ddclient.usernameUsername.
Default:
""Declared by:
<nixos/modules/services/networking/ddclient.nix>services.ddclient.webDefault:
"web, web=checkip.dyndns.com/, web-skip='IP Address'"Declared by:
<nixos/modules/services/networking/ddclient.nix>services.deluge.enableStart Deluge daemon.
Default:
falseExample:
trueDeclared by:
<nixos/modules/services/torrent/deluge.nix>services.deluge.web.enableStart Deluge Web daemon.
Default:
falseExample:
trueDeclared by:
<nixos/modules/services/torrent/deluge.nix>services.dhcpd.configFileThe path of the DHCP server configuration file. If no file is specified, a file is generated using the other options.
Default:
Declared by:
<nixos/modules/services/networking/dhcpd.nix>services.dhcpd.enableWhether to enable the DHCP server.
Default:
falseDeclared by:
<nixos/modules/services/networking/dhcpd.nix>services.dhcpd.extraConfigExtra text to be appended to the DHCP server configuration file. Currently, you almost certainly need to specify something here, such as the options specifying the subnet mask, DNS servers, etc.
Default:
""Example:
"\n option subnet-mask 255.255.255.0;\n option broadcast-address 192.168.1.255;\n option routers 192.168.1.5;\n option domain-name-servers 130.161.158.4, 130.161.33.17, 130.161.180.1;\n option domain-name \"example.org\";\n subnet 192.168.1.0 netmask 255.255.255.0 {\n range 192.168.1.100 192.168.1.200;\n }\n "Declared by:
<nixos/modules/services/networking/dhcpd.nix>services.dhcpd.interfacesThe interfaces on which the DHCP server should listen.
Default:
[ "eth0" ]Declared by:
<nixos/modules/services/networking/dhcpd.nix>services.dhcpd.machinesA list mapping ethernet addresses to IP addresses for the DHCP server.
Default:
[ ]Example:
[ { ethernetAddress = "00:16:76:9a:32:1d"; hostName = "foo"; ipAddress = "192.168.1.10"; } { ethernetAddress = "00:19:d1:1d:c4:9a"; hostName = "bar"; ipAddress = "192.168.1.11"; } ]Declared by:
<nixos/modules/services/networking/dhcpd.nix>services.disnix.enableWhether to enable Disnix
Default:
falseDeclared by:
<nixos/modules/services/misc/disnix.nix>services.disnix.infrastructureList of name value pairs containing properties for the infrastructure model
Default:
{ }Declared by:
<nixos/modules/services/misc/disnix.nix>services.disnix.publishAvahiWhether to publish capabilities/properties as a Disnix service through Avahi
Default:
falseDeclared by:
<nixos/modules/services/misc/disnix.nix>services.disnix.publishInfrastructure.enableWhether to publish capabilities/properties of this machine in as attributes in the infrastructure option
Default:
falseDeclared by:
<nixos/modules/services/misc/disnix.nix>services.disnix.publishInfrastructure.enableAuthenticationWhether to publish authentication credentials through the infrastructure attribute (not recommended in combination with Avahi)
Default:
falseDeclared by:
<nixos/modules/services/misc/disnix.nix>services.disnix.useWebServiceInterfaceWhether to enable the DisnixWebService interface running on Apache Tomcat
Default:
falseDeclared by:
<nixos/modules/services/misc/disnix.nix>services.dnsmasq.enableWhether to run dnsmasq.
Default:
falseDeclared by:
<nixos/modules/services/networking/dnsmasq.nix>services.dnsmasq.extraConfigExtra configuration directives that should be added to
dnsmasq.confDefault:
""Declared by:
<nixos/modules/services/networking/dnsmasq.nix>services.dnsmasq.serversThe parameter to dnsmasq -S.
Default:
[ ]Example:
[ "8.8.8.8" "8.8.4.4" ]Declared by:
<nixos/modules/services/networking/dnsmasq.nix>services.dovecot2.enableWhether to enable the Dovecot 2.x POP3/IMAP server.
Default:
falseDeclared by:
<nixos/modules/services/mail/dovecot.nix>services.dovecot2.enableImapStart the IMAP listener (when Dovecot is enabled).
Default:
trueDeclared by:
<nixos/modules/services/mail/dovecot.nix>services.dovecot2.enablePop3Start the POP3 listener (when Dovecot is enabled).
Default:
trueDeclared by:
<nixos/modules/services/mail/dovecot.nix>services.dovecot2.extraConfigAdditional entries to put verbatim into Dovecot's config file.
Default:
""Example:
"mail_debug = yes"Declared by:
<nixos/modules/services/mail/dovecot.nix>services.dovecot2.groupDovecot group name.
Default:
"dovecot2"Declared by:
<nixos/modules/services/mail/dovecot.nix>services.dovecot2.mailLocationLocation that dovecot will use for mail folders. Dovecot mail_location option.
Default:
"maildir:/var/spool/mail/%u"Example:
"maildir:~/mail:INBOX=/var/spool/mail/%u"Declared by:
<nixos/modules/services/mail/dovecot.nix>services.dovecot2.showPAMFailureShow the PAM failure message on authentication error (useful for OTPW).
Default:
falseDeclared by:
<nixos/modules/services/mail/dovecot.nix>services.dovecot2.sslCACertCA certificate used by the server certificate.
Default:
""Declared by:
<nixos/modules/services/mail/dovecot.nix>services.dovecot2.sslServerCertServer certificate
Default:
""Declared by:
<nixos/modules/services/mail/dovecot.nix>services.dovecot2.sslServerKeyServer key.
Default:
""Declared by:
<nixos/modules/services/mail/dovecot.nix>services.dovecot2.userDovecot user name.
Default:
"dovecot2"Declared by:
<nixos/modules/services/mail/dovecot.nix>services.drbd.configContents of the
drbd.confconfiguration file.Default:
""Declared by:
<nixos/modules/services/network-filesystems/drbd.nix>services.drbd.enableWhether to enable support for DRBD, the Distributed Replicated Block Device.
Default:
falseDeclared by:
<nixos/modules/services/network-filesystems/drbd.nix>services.ejabberd.confDirLocation of the config directory of ejabberd
Default:
"/var/ejabberd"Declared by:
<nixos/modules/services/networking/ejabberd.nix>services.ejabberd.enableWhether to enable ejabberd server
Default:
falseDeclared by:
<nixos/modules/services/networking/ejabberd.nix>services.ejabberd.loadDumpsConfiguration dump that should be loaded on the first startup
Default:
[ ]Example:
[ ]Declared by:
<nixos/modules/services/networking/ejabberd.nix>services.ejabberd.logsDirLocation of the logfile directory of ejabberd
Default:
"/var/log/ejabberd"Declared by:
<nixos/modules/services/networking/ejabberd.nix>services.ejabberd.spoolDirLocation of the spooldir of ejabberd
Default:
"/var/lib/ejabberd"Declared by:
<nixos/modules/services/networking/ejabberd.nix>services.ejabberd.virtualHostsVirtualhosts that ejabberd should host. Hostnames are surrounded with doublequotes and separated by commas
Default:
"\"localhost\""Declared by:
<nixos/modules/services/networking/ejabberd.nix>services.fcron.allowUsers allowed to use fcrontab and fcrondyn (one name per line, "all" for everyone).
Default:
[ "all" ]Declared by:
<nixos/modules/services/scheduling/fcron.nix>services.fcron.denyUsers forbidden from using fcron.
Default:
[ ]Declared by:
<nixos/modules/services/scheduling/fcron.nix>services.fcron.enableWhether to enable the `fcron' daemon.
Default:
falseDeclared by:
<nixos/modules/services/scheduling/fcron.nix>services.fcron.maxSerialJobsMaximum number of serial jobs which can run simultaneously.
Default:
1Declared by:
<nixos/modules/services/scheduling/fcron.nix>services.fcron.queuelenNumber of jobs the serial queue and the lavg queue can contain - empty to net set this number (-q)
Default:
""Declared by:
<nixos/modules/services/scheduling/fcron.nix>services.fcron.systabThe "system" crontab contents.
Default:
""Declared by:
<nixos/modules/services/scheduling/fcron.nix>services.felix.bundlesList of bundles that should be activated on startup
Default:
[(build of apache-felix-remoteshell-bundle-1.0.4)]Declared by:
<nixos/modules/services/misc/felix.nix>services.felix.enableWhether to enable the Apache Felix OSGi service
Default:
falseDeclared by:
<nixos/modules/services/misc/felix.nix>services.felix.groupGroup account under which Apache Felix runs.
Default:
"osgi"Declared by:
<nixos/modules/services/misc/felix.nix>services.felix.userUser account under which Apache Felix runs.
Default:
"osgi"Declared by:
<nixos/modules/services/misc/felix.nix>services.flashpolicyd.enableWhether to enable the Flash Policy server. This is necessary if you want Flash applications to make connections to your server.
Default:
falseDeclared by:
<nixos/modules/services/networking/flashpolicyd.nix>services.flashpolicyd.policyThe policy to be served. The default is to allow connections from any domain to any port.
Default:
"<?xml version=\"1.0\"?>\n<!DOCTYPE cross-domain-policy SYSTEM \"/xml/dtds/cross-domain-policy.dtd\">\n<cross-domain-policy> \n <site-control permitted-cross-domain-policies=\"master-only\"/>\n <allow-access-from domain=\"*\" to-ports=\"*\" />\n</cross-domain-policy>\n"Declared by:
<nixos/modules/services/networking/flashpolicyd.nix>services.foldingAtHome.configExtra configuration. Contents will be added verbatim to the configuration file.
Default:
""Declared by:
<nixos/modules/services/misc/folding-at-home.nix>services.foldingAtHome.enableWhether to enable the Folding@Home to use idle CPU time.
Default:
falseDeclared by:
<nixos/modules/services/misc/folding-at-home.nix>services.foldingAtHome.nicknameA unique handle for statistics.
Default:
"Anonymous"Declared by:
<nixos/modules/services/misc/folding-at-home.nix>services.fourStore.databaseRDF database name. If it doesn't exist, it will be created. Databases are stored in /var/lib/4store.
Default:
""Declared by:
<nixos/modules/services/databases/4store.nix>services.fourStore.enableWhether to enable 4Store RDF database server.
Default:
falseDeclared by:
<nixos/modules/services/databases/4store.nix>services.fourStore.optionsExtra CLI options to pass to 4Store.
Default:
""Declared by:
<nixos/modules/services/databases/4store.nix>services.fourStoreEndpoint.databaseRDF database name to expose via the endpoint. Defaults to local 4Store database name.
Default:
""Declared by:
<nixos/modules/services/databases/4store-endpoint.nix>services.fourStoreEndpoint.enableWhether to enable 4Store SPARQL endpoint.
Default:
falseDeclared by:
<nixos/modules/services/databases/4store-endpoint.nix>services.fourStoreEndpoint.listenAddressIP address to listen on.
Default:
Declared by:
<nixos/modules/services/databases/4store-endpoint.nix>services.fourStoreEndpoint.optionsExtra CLI options to pass to 4Store's 4s-httpd process.
Default:
""Declared by:
<nixos/modules/services/databases/4store-endpoint.nix>services.fourStoreEndpoint.portport to listen on.
Default:
8080Declared by:
<nixos/modules/services/databases/4store-endpoint.nix>services.fprot.updater.enableWhether to enable automatic F-Prot virus definitions database updates.
Default:
falseDeclared by:
<nixos/modules/services/security/fprot.nix>services.fprot.updater.frequencyUpdate virus definitions every X minutes.
Default:
30Declared by:
<nixos/modules/services/security/fprot.nix>services.fprot.updater.licenseKeyfileLicense keyfile. Defaults to the one supplied with installation package.
Default:
"/nix/store/yyb85vqjyymmffxzcnaiw7y1i3zbjjfq-f-prot-6.2.1/opt/f-prot/license.key"Declared by:
<nixos/modules/services/security/fprot.nix>services.fprot.updater.productDataproduct.data file. Defaults to the one supplied with installation package.
Default:
"/nix/store/yyb85vqjyymmffxzcnaiw7y1i3zbjjfq-f-prot-6.2.1/opt/f-prot/product.data"Declared by:
<nixos/modules/services/security/fprot.nix>services.frandom.enableenable the /dev/frandom device (a very fast random number generator)
Default:
falseDeclared by:
<nixos/modules/services/security/frandom.nix>services.freenet.enableEnable the Freenet daemon
Default:
falseDeclared by:
<nixos/modules/services/networking/freenet.nix>services.freenet.niceSet the nice level for the Freenet daemon
Default:
10Declared by:
<nixos/modules/services/networking/freenet.nix>services.fuppesd.configMutable configuration file which can be edited with the web interface. Due to possible modification, double quote the full path of the filename stored in your filesystem to avoid attempts to modify the content of the nix store.
Default: none
Example:
"/etc/fuppes/fuppes.cfg"Declared by:
<nixos/modules/services/audio/fuppes.nix>services.fuppesd.databaseDatabase file which index all shared files.
Default:
"/var/lib/fuppes/fuppes.db"Declared by:
<nixos/modules/services/audio/fuppes.nix>services.fuppesd.enableEnables Fuppes (UPnP A/V Media Server). Can be used to watch photos, video and listen to music from a phone/tv connected to the local network.
Default:
falseDeclared by:
<nixos/modules/services/audio/fuppes.nix>services.fuppesd.log.fileFile which will contains the log produced by the daemon.
Default:
"/var/log/fuppes.log"Declared by:
<nixos/modules/services/audio/fuppes.nix>services.fuppesd.log.levelLogging level of fuppes, An integer between 0 and 3.
Default:
0Example:
3Declared by:
<nixos/modules/services/audio/fuppes.nix>services.fuppesd.nameEnables Fuppes (UPnP A/V Media Server). Can be used to watch photos, video and listen to music from a phone/tv connected to the local network.
Default: none
Example:
"Media Center"Declared by:
<nixos/modules/services/audio/fuppes.nix>services.fuppesd.userName of the user which own the configuration files and under which the fuppes daemon will be executed.
Default:
"root"Example:
"fuppes"Declared by:
<nixos/modules/services/audio/fuppes.nix>services.fuppesd.vfolderXML file describing the layout of virtual folder visible by the client.
Default:
Example:
Declared by:
<nixos/modules/services/audio/fuppes.nix>services.ghostOne.configExtra configuration options.
Default:
""Declared by:
<nixos/modules/services/games/ghost-one.nix>services.ghostOne.enableEnable Ghost-One Warcraft3 game hosting server.
Default:
falseDeclared by:
<nixos/modules/services/games/ghost-one.nix>services.ghostOne.languageThe language of bot messages: English, Spanish, Russian, Serbian or Turkish.
Default:
"English"Declared by:
<nixos/modules/services/games/ghost-one.nix>services.ghostOne.mappathThe path to the directory where you keep your map files. GHost One doesn't require map files but if it has access to them it can send them to players and automatically calculate most map config values. GHost One will search [bot_mappath + map_localpath] for the map file (map_localpath is set in each map's config file).
Default:
""Declared by:
<nixos/modules/services/games/ghost-one.nix>services.ghostOne.war3pathThe path to your local Warcraft III directory, which must contain war3.exe, storm.dll, and game.dll.
Default:
""Declared by:
<nixos/modules/services/games/ghost-one.nix>services.gitDaemon.basePathRemap all the path requests as relative to the given path. For example, if you set base-path to /srv/git, then if you later try to pull git://example.com/hello.git, Git daemon will interpret the path as /srv/git/hello.git.
Default:
""Example:
"/srv/git/"Declared by:
<nixos/modules/services/networking/git-daemon.nix>services.gitDaemon.enableEnable Git daemon, which allows public hosting of git repositories without any access controls. This is mostly intended for read-only access. You can allow write access by setting daemon.receivepack configuration item of the repository to true. This is solely meant for a closed LAN setting where everybody is friendly. If you need any access controls, use something else.
Default:
falseDeclared by:
<nixos/modules/services/networking/git-daemon.nix>services.gitDaemon.exportAllPublish all directories that look like Git repositories (have the objects and refs subdirectories), even if they do not have the git-daemon-export-ok file. If disabled, you need to touch .git/git-daemon-export-ok in each repository you want the daemon to publish. Warning: enabling this without a repository whitelist or basePath publishes every git repository you have.
Default:
falseDeclared by:
<nixos/modules/services/networking/git-daemon.nix>services.gitDaemon.listenAddressListen on a specific IP address or hostname.
Default:
""Example:
"example.com"Declared by:
<nixos/modules/services/networking/git-daemon.nix>services.gitDaemon.optionsExtra configuration options to be passed to Git daemon.
Default:
""Declared by:
<nixos/modules/services/networking/git-daemon.nix>services.gitDaemon.portPort to listen on.
Default:
9418Declared by:
<nixos/modules/services/networking/git-daemon.nix>services.gitDaemon.repositoriesA whitelist of paths of git repositories, or directories containing repositories all of which would be published. Paths must not end in "/". Warning: leaving this empty and enabling exportAll publishes all repositories in your filesystem or basePath if specified.
Default:
[ ]Example:
[ "/srv/git" "/home/user/git/repo2" ]Declared by:
<nixos/modules/services/networking/git-daemon.nix>services.gnunet.enableWhether to run the GNUnet daemon. GNUnet is GNU's anonymous peer-to-peer communication and file sharing framework.
Default:
falseDeclared by:
<nixos/modules/services/networking/gnunet.nix>services.gnunet.extraOptionsAdditional options that will be copied verbatim in `gnunet.conf'. See `gnunet.conf(5)' for details.
Default:
""Declared by:
<nixos/modules/services/networking/gnunet.nix>services.gnunet.fileSharing.quotaMaximum file system usage (in MiB) for file sharing.
Default:
1024Declared by:
<nixos/modules/services/networking/gnunet.nix>services.gnunet.load.hardNetUpBandwidthHard bandwidth limit (in bits per second) when uploading data.
Default:
0Declared by:
<nixos/modules/services/networking/gnunet.nix>services.gnunet.load.maxNetDownBandwidthMaximum bandwidth usage (in bits per second) for GNUnet when downloading data.
Default:
50000Declared by:
<nixos/modules/services/networking/gnunet.nix>services.gnunet.load.maxNetUpBandwidthMaximum bandwidth usage (in bits per second) for GNUnet when downloading data.
Default:
50000Declared by:
<nixos/modules/services/networking/gnunet.nix>services.gnunet.tcp.portThe TCP port for use by GNUnet.
Default:
2086Declared by:
<nixos/modules/services/networking/gnunet.nix>services.gnunet.udp.portThe UDP port for use by GNUnet.
Default:
2086Declared by:
<nixos/modules/services/networking/gnunet.nix>services.gogoclient.autorunSwitch to false to create upstart-job and configuration, but not run it automatically
Default:
trueDeclared by:
<nixos/modules/services/networking/gogoclient.nix>services.gogoclient.enableEnable the gogoclient ipv6 tunnel.
Default:
falseDeclared by:
<nixos/modules/services/networking/gogoclient.nix>services.gogoclient.passwordPath to a file (as a string), containing your gogonet password, if any.
Default:
""Declared by:
<nixos/modules/services/networking/gogoclient.nix>services.gogoclient.serverUsed Gateway6 server.
Default:
"anonymous.freenet6.net"Example:
"broker.freenet6.net"Declared by:
<nixos/modules/services/networking/gogoclient.nix>services.gogoclient.usernameYour Gateway6 login name, if any.
Default:
""Declared by:
<nixos/modules/services/networking/gogoclient.nix>services.gpm.enableWhether to enable GPM, the General Purpose Mouse daemon, which enables mouse support in virtual consoles.
Default:
falseDeclared by:
<nixos/modules/services/ttys/gpm.nix>services.gpm.protocolMouse protocol to use.
Default:
"ps/2"Declared by:
<nixos/modules/services/ttys/gpm.nix>services.gpsd.debugLevelThe debugging level.
Default:
0Declared by:
<nixos/modules/services/misc/gpsd.nix>services.gpsd.deviceA device may be a local serial device for GPS input, or a URL of the form:
[{dgpsip|ntrip}://][user:passwd@]host[:port][/stream]in which case it specifies an input source for DGPS or ntrip data.Default:
"/dev/ttyUSB0"Declared by:
<nixos/modules/services/misc/gpsd.nix>services.gpsd.enableWhether to enable `gpsd', a GPS service daemon.
Default:
falseDeclared by:
<nixos/modules/services/misc/gpsd.nix>services.gpsd.portThe port where to listen for TCP connections.
Default:
2947Declared by:
<nixos/modules/services/misc/gpsd.nix>services.gpsd.readonlyWhether to enable the broken-device-safety, otherwise known as read-only mode. Some popular bluetooth and USB receivers lock up or become totally inaccessible when probed or reconfigured. This switch prevents gpsd from writing to a receiver. This means that gpsd cannot configure the receiver for optimal performance, but it also means that gpsd cannot break the receiver. A better solution would be for Bluetooth to not be so fragile. A platform independent method to identify serial-over-Bluetooth devices would also be nice.
Default:
trueDeclared by:
<nixos/modules/services/misc/gpsd.nix>services.gvpe.configFileGVPE config file, if already present
Default:
Example:
"/root/my-gvpe-conf"Declared by:
<nixos/modules/services/networking/gvpe.nix>services.gvpe.configTextGVPE config contents
Default:
Example:
"tcp-port = 655\nudp-port = 655\nmtu = 1480\nifname = vpn0\n\nnode = alpha\nhostname = alpha.example.org\nconnect = always\nenable-udp = true\nenable-tcp = true\non alpha if-up = if-up-0\non alpha pid-file = /var/gvpe/gvpe.pid\n"Declared by:
<nixos/modules/services/networking/gvpe.nix>services.gvpe.customIFSetupAdditional commands to apply in ifup script
Default:
""Declared by:
<nixos/modules/services/networking/gvpe.nix>services.gvpe.enableWhether to run gvpe
Default:
falseDeclared by:
<nixos/modules/services/networking/gvpe.nix>services.gvpe.ipAddressIP address to assign to GVPE interface
Default:
Declared by:
<nixos/modules/services/networking/gvpe.nix>services.gvpe.nodenameGVPE node name
Default:
Declared by:
<nixos/modules/services/networking/gvpe.nix>services.gvpe.startOnCondition to start GVPE
Default:
"started network-interfaces"Declared by:
<nixos/modules/services/networking/gvpe.nix>services.gvpe.stopOnCondition to stop GVPE
Default:
"stopping network-interfaces"Declared by:
<nixos/modules/services/networking/gvpe.nix>services.gvpe.subnetIP subnet assigned to GVPE network
Default:
Example:
"10.0.0.0/8"Declared by:
<nixos/modules/services/networking/gvpe.nix>services.hardware.pommed.configFileThe contents of the pommed.conf file.
Default:
"/nix/store/5f9frgbbd7r8pl1j7vhq509id0gsx8q6-pommed-1.39/etc/pommed.conf"Declared by:
<nixos/modules/services/hardware/pommed.nix>services.hardware.pommed.enableWhether to use the pommed tool to handle Apple laptop keyboard hotkeys.
Default:
falseDeclared by:
<nixos/modules/services/hardware/pommed.nix>services.hostapd.channelChannel number (IEEE 802.11) Please note that some drivers do not use this value from hostapd and the channel will need to be configured separately with iwconfig.
Default:
7Example:
11Declared by:
<nixos/modules/services/networking/hostapd.nix>services.hostapd.driverWhich driver hostapd will use. Most things will probably use the default.
Default:
"nl80211"Example:
"hostapd"Declared by:
<nixos/modules/services/networking/hostapd.nix>services.hostapd.enableEnable putting a wireless interface into infrastructure mode, allowing other wireless devices to associate with the wireless interface and do wireless networking. A simple access point will enable hostapd.wpa, and hostapd.wpa_passphrase, hostapd.ssid, dhcpd on the wireless interface to provide IP addresses to the associated stations, and nat (from the wireless interface to an upstream interface).
Default:
falseDeclared by:
<nixos/modules/services/networking/hostapd.nix>services.hostapd.extraCfgExtra configuration options to put in the hostapd.conf
Default:
""Example:
"auth_algo=0\nieee80211n=1\nht_capab=[HT40-][SHORT-GI-40][DSSS_CCK-40]\n"Declared by:
<nixos/modules/services/networking/hostapd.nix>services.hostapd.groupmembers of this group can control hostapd
Default:
"wheel"Example:
"network"Declared by:
<nixos/modules/services/networking/hostapd.nix>services.hostapd.hwModeOperation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g
Default:
"b"Example:
"g"Declared by:
<nixos/modules/services/networking/hostapd.nix>services.hostapd.interfaceThe interfaces hostapd will use.
Default:
""Example:
"wlan0"Declared by:
<nixos/modules/services/networking/hostapd.nix>services.hostapd.ssidSSID to be used in IEEE 802.11 management frames.
Default:
"nixos"Example:
"mySpecialSSID"Declared by:
<nixos/modules/services/networking/hostapd.nix>services.hostapd.wpaenable WPA (IEEE 802.11i/D3.0) to authenticate to the access point
Default:
trueDeclared by:
<nixos/modules/services/networking/hostapd.nix>services.hostapd.wpaPassphraseWPA-PSK (pre-shared-key) passphrase. Clients will need this passphrase to associate with this access point. Warning: This passphrase will get put into a world-readable file in the nix store.
Default:
"my_sekret"Example:
"any_64_char_string"Declared by:
<nixos/modules/services/networking/hostapd.nix>services.httpd.adminAddrE-mail address of the server administrator.
Default: none
Example:
"admin@example.org"Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.configFileOverridable config file to use for Apache. By default, use the file automatically generated by nixos.
Default:
(build of httpd.conf)Example:
"pkgs.writeText \"httpd.conf\" \"# my custom config file ...\";"Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.documentRootThe path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root.
Default:
Example:
"/data/webserver/docs"Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.enableWhether to enable the Apache httpd server.
Default:
falseDeclared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.enableSSLWhether to enable SSL (https) support.
Default:
falseDeclared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.enableUserDirWhether to enable serving
~/public_htmlas/~.usernameDefault:
falseDeclared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.extraConfigThese lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default.
Default:
""Example:
"<Directory /home>\n Options FollowSymlinks\n AllowOverride All\n</Directory>\n"Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.extraModulesSpecifies additional Apache modules. These can be specified as a string in the case of modules distributed with Apache, or as an attribute set specifying the
nameandpathof the module.Default:
[ ]Example:
[ "proxy_connect" { name = "php5"; path = "/nix/store/r0lacxzajsxafzxavn3bamdaakll5xh6-php-5.4.15/modules/libphp5.so"; } ]Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.extraSubservicesExtra subservices to enable in the webserver.
Default:
[ ]Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.globalRedirectIf set, all requests for this host are redirected permanently to the given URL.
Default:
""Example:
"http://newserver.example.org/"Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.groupGroup under which httpd runs. The account is created automatically if it doesn't exist.
Default:
"wwwrun"Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.hostNameCanonical hostname for the server.
Default:
"localhost"Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.logDirDirectory for Apache's log files. It is created automatically.
Default:
"/var/log/httpd"Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.logFormatLog format for Apache's log files. Possible values are: combined, common, referer, agent.
Default:
"common"Example:
"combined"Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.logPerVirtualHostIf enabled, each virtual host gets its own
access_loganderror_log, namely suffixed by thehostNameof the virtual host.Default:
falseDeclared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.maxClientsMaximum number of httpd processes (prefork)
Default:
150Example:
8Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.maxRequestsPerChildMaximum number of httpd requests answered per httpd child (prefork), 0 means unlimited
Default:
0Example:
500Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.multiProcessingModuleMulti-processing module to be used by Apache. Available modules are
prefork(the default; handles each request in a separate child process),worker(hybrid approach that starts a number of child processes each running a number of threads) andevent(a recent variant ofworkerthat handles persistent connections more efficiently).Default:
"prefork"Example:
"worker"Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.packageOverridable attribute of the Apache HTTP Server package to use.
Default:
(build of apache-httpd-2.2.24)Example:
"pkgs.apacheHttpd_2_4"Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.phpOptionsOptions appended to the PHP configuration file
php.ini.Default:
""Example:
"date.timezone = \"CET\"\n"Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.portPort for the server. 0 means use the default port: 80 for http and 443 for https (i.e. when enableSSL is set).
Default:
0Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.servedDirsThis option provides a simple way to serve static directories.
Default:
[ ]Example:
[ { dir = "/home/eelco/Dev/nix-homepage"; urlPath = "/nix"; } ]Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.servedFilesThis option provides a simple way to serve individual, static files.
Default:
[ ]Example:
[ { dir = "/home/eelco/some-file.png"; urlPath = "/foo/bar.png"; } ]Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.serverAliasesAdditional names of virtual hosts served by this virtual host configuration.
Default:
[ ]Example:
[ "www.example.org" "www.example.org:8080" "example.org" ]Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.sslServerCertPath to server SSL certificate.
Default:
""Example:
"/var/host.cert"Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.sslServerKeyPath to server SSL certificate key.
Default:
""Example:
"/var/host.key"Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.stateDirDirectory for Apache's transient runtime state (such as PID files). It is created automatically. Note that the default,
/var/run/httpd, is deleted at boot time.Default:
"/var/run/httpd"Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.userUser account under which httpd runs. The account is created automatically if it doesn't exist.
Default:
"wwwrun"Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.httpd.virtualHostsSpecification of the virtual hosts served by Apache. Each element should be an attribute set specifying the configuration of the virtual host. The available options are the non-global options permissible for the main host.
Default:
[ ]Example:
[ { documentRoot = "/data/webroot-foo"; hostName = "foo"; } { documentRoot = "/data/webroot-bar"; hostName = "bar"; } ]Declared by:
<nixos/modules/services/web-servers/apache-httpd/default.nix>services.ircdHybrid.adminEmailIRCD server administrator e-mail.
Default:
"<bit-bucket@example.com>"Example:
"<name@domain.tld>"Declared by:
<nixos/modules/services/networking/ircd-hybrid/default.nix>services.ircdHybrid.certificateIRCD server SSL certificate. There are some limitations - read manual.
Default:
Example:
Declared by:
<nixos/modules/services/networking/ircd-hybrid/default.nix>services.ircdHybrid.descriptionIRCD server description.
Default:
"Hybrid-7 IRC server."Declared by:
<nixos/modules/services/networking/ircd-hybrid/default.nix>services.ircdHybrid.enableEnable IRCD.
Default:
falseDeclared by:
<nixos/modules/services/networking/ircd-hybrid/default.nix>services.ircdHybrid.extraIPsExtra IP's to bind.
Default:
[ ]Example:
[ "127.0.0.1" ]Declared by:
<nixos/modules/services/networking/ircd-hybrid/default.nix>services.ircdHybrid.extraPortExtra port to avoid filtering.
Default:
"7117"Declared by:
<nixos/modules/services/networking/ircd-hybrid/default.nix>services.ircdHybrid.rsaKeyIRCD server RSA key.
Default:
Example:
Declared by:
<nixos/modules/services/networking/ircd-hybrid/default.nix>services.ircdHybrid.serverNameIRCD server name.
Default:
"hades.arpa"Declared by:
<nixos/modules/services/networking/ircd-hybrid/default.nix>services.ircdHybrid.sidIRCD server unique ID in a net of servers.
Default:
"0NL"Declared by:
<nixos/modules/services/networking/ircd-hybrid/default.nix>services.jboss.deployDirLocation of the deployment files
Default:
"/nix/var/nix/profiles/default/server/default/deploy/"Declared by:
<nixos/modules/services/web-servers/jboss/default.nix>services.jboss.enableWhether to enable jboss
Default:
falseDeclared by:
<nixos/modules/services/web-servers/jboss/default.nix>services.jboss.libUrlLocation where the shared library JARs are stored
Default:
"file:///nix/var/nix/profiles/default/server/default/lib"Declared by:
<nixos/modules/services/web-servers/jboss/default.nix>services.jboss.logDirLocation of the logfile directory of JBoss
Default:
"/var/log/jboss"Declared by:
<nixos/modules/services/web-servers/jboss/default.nix>services.jboss.serverDirLocation of the server instance files
Default:
"/var/jboss/server"Declared by:
<nixos/modules/services/web-servers/jboss/default.nix>services.jboss.tempDirLocation where JBoss stores its temp files
Default:
"/tmp"Declared by:
<nixos/modules/services/web-servers/jboss/default.nix>services.jboss.useJKWhether to use to connector to the Apache HTTP server
Default:
falseDeclared by:
<nixos/modules/services/web-servers/jboss/default.nix>services.jboss.userUser account under which jboss runs.
Default:
"nobody"Declared by:
<nixos/modules/services/web-servers/jboss/default.nix>services.journald.consoleIf non-empty, write log messages to the specified TTY device.
Default:
""Declared by:
<nixos/modules/system/boot/systemd.nix>services.journald.rateLimitBurstConfigures the rate limiting burst limit (number of messages per interval) that is applied to all messages generated on the system. This rate limiting is applied per-service, so that two services which log do not interfere with each other's limit.
Default:
100Declared by:
<nixos/modules/system/boot/systemd.nix>services.journald.rateLimitIntervalConfigures the rate limiting interval that is applied to all messages generated on the system. This rate limiting is applied per-service, so that two services which log do not interfere with each other's limit. The value may be specified in the following units: s, min, h, ms, us. To turn off any kind of rate limiting, set either value to 0.
Default:
"10s"Declared by:
<nixos/modules/system/boot/systemd.nix>services.kerberos_server.enableEnable the kerberos authentification server.
Default:
falseDeclared by:
<nixos/modules/services/system/kerberos.nix>services.klogd.enableWhether to enable klogd, the kernel log message processing daemon. Since systemd handles logging of kernel messages on Linux 3.5 and later, this is only useful if you're running an older kernel.
Default:
trueDeclared by:
<nixos/modules/services/logging/klogd.nix>services.lighttpd.configTextOverridable config file contents to use for lighttpd. By default, use the contents automatically generated by NixOS.
Default:
""Example:
"...verbatim config file contents..."Declared by:
<nixos/modules/services/web-servers/lighttpd/default.nix>services.lighttpd.document-rootDocument-root of the web server. Must be readable by the "lighttpd" user.
Default:
"/srv/www"Declared by:
<nixos/modules/services/web-servers/lighttpd/default.nix>services.lighttpd.enableEnable the lighttpd web server.
Default:
falseDeclared by:
<nixos/modules/services/web-servers/lighttpd/default.nix>services.lighttpd.extraConfigThese configuration lines will be appended to the generated lighttpd config file. Note that this mechanism does not work when the manual
configTextoption is used.Default:
""Declared by:
<nixos/modules/services/web-servers/lighttpd/default.nix>services.lighttpd.gitweb.enableIf true, enable gitweb in lighttpd. Access it at http://yourserver/gitweb
Default:
falseDeclared by:
<nixos/modules/services/web-servers/lighttpd/gitweb.nix>services.lighttpd.gitweb.projectrootPath to git projects (bare repositories) that should be served by gitweb. Must not end with a slash.
Default:
"/srv/git"Declared by:
<nixos/modules/services/web-servers/lighttpd/gitweb.nix>services.lighttpd.mod_statusShow server status overview at /server-status, statistics at /server-statistics and list of loaded modules at /server-config.
Default:
falseDeclared by:
<nixos/modules/services/web-servers/lighttpd/default.nix>services.lighttpd.mod_userdirIf true, requests in the form /~user/page.html are rewritten to take the file public_html/page.html from the home directory of the user.
Default:
falseDeclared by:
<nixos/modules/services/web-servers/lighttpd/default.nix>services.lighttpd.portTCP port number for lighttpd to bind to.
Default:
80Declared by:
<nixos/modules/services/web-servers/lighttpd/default.nix>services.locate.enableIf enabled, NixOS will periodically update the database of files used by the locate command.
Default:
falseExample:
trueDeclared by:
<nixos/modules/misc/locate.nix>services.locate.periodThis option defines (in the format used by cron) when the locate database is updated. The default is to update at 02:15 (at night) every day.
Default:
"15 02 * * *"Declared by:
<nixos/modules/misc/locate.nix>services.logcheck.configConfig options that you would like in logcheck.conf.
Default:
"FQDN=1"Declared by:
<nixos/modules/services/logging/logcheck.nix>services.logcheck.enableEnable the logcheck cron job.
Default:
falseDeclared by:
<nixos/modules/services/logging/logcheck.nix>services.logcheck.extraGroupsExtra groups for the logcheck user, for example to be able to use sendmail, or to access certain log files.
Default:
[ ]Example:
[ "postdrop" "mongodb" ]Declared by:
<nixos/modules/services/logging/logcheck.nix>services.logcheck.extraRulesDirsDirectories with extra rules.
Default:
[ ]Example:
"/etc/logcheck"Declared by:
<nixos/modules/services/logging/logcheck.nix>services.logcheck.filesWhich log files to check.
Default:
[ "/var/log/messages" ]Example:
[ "/var/log/messages" "/var/log/mail" ]Declared by:
<nixos/modules/services/logging/logcheck.nix>services.logcheck.ignoreThis option defines extra ignore rules.
Default:
{ }Declared by:
<nixos/modules/services/logging/logcheck.nix>services.logcheck.ignore.<name?>.levelSet the logcheck level. Either "workstation", "server", or "paranoid".
Default:
"server"Declared by:
<nixos/modules/services/logging/logcheck.nix>services.logcheck.ignore.<name?>.regexRegex specifying which log lines to ignore.
Default:
""Declared by:
<nixos/modules/services/logging/logcheck.nix>services.logcheck.ignoreCronThis option defines extra ignore rules for cronjobs.
Default:
{ }Declared by:
<nixos/modules/services/logging/logcheck.nix>services.logcheck.ignoreCron.<name?>.cmdlineCommand line for the cron job. Will be turned into a regex for the logcheck ignore rule.
Default:
""Declared by:
<nixos/modules/services/logging/logcheck.nix>services.logcheck.ignoreCron.<name?>.levelSet the logcheck level. Either "workstation", "server", or "paranoid".
Default:
"server"Declared by:
<nixos/modules/services/logging/logcheck.nix>services.logcheck.ignoreCron.<name?>.regexRegex specifying which log lines to ignore.
Default:
""Declared by:
<nixos/modules/services/logging/logcheck.nix>services.logcheck.ignoreCron.<name?>.timeArgs"min hr dom mon dow" crontab time args, to auto-create a cronjob too. Leave at null to not do this and just add a logcheck ignore rule.
Default:
Example:
"02 06 * * *"Declared by:
<nixos/modules/services/logging/logcheck.nix>services.logcheck.ignoreCron.<name?>.userUser that runs the cronjob.
Default:
"root"Declared by:
<nixos/modules/services/logging/logcheck.nix>services.logcheck.levelSet the logcheck level. Either "workstation", "server", or "paranoid".
Default:
"server"Declared by:
<nixos/modules/services/logging/logcheck.nix>services.logcheck.mailToEmail address to send reports to.
Default:
"root"Example:
"you@domain.com"Declared by:
<nixos/modules/services/logging/logcheck.nix>services.logcheck.timeOfDayTime of day to run logcheck. A logcheck will be scheduled at xx:02 each day. Leave default (*) to run every hour. Of course when nothing special was logged, logcheck will be silent.
Default:
"*"Example:
"6"Declared by:
<nixos/modules/services/logging/logcheck.nix>services.logcheck.userUsername for the logcheck user.
Default:
"logcheck"Declared by:
<nixos/modules/services/logging/logcheck.nix>services.logind.extraConfigExtra config options for systemd-logind. See man logind.conf for available options.
Default:
""Example:
"HandleLidSwitch=ignore"Declared by:
<nixos/modules/system/boot/systemd.nix>services.logrotate.configThe contents of the logrotate config file
Default:
""Declared by:
<nixos/modules/services/logging/logrotate.nix>services.logrotate.enableEnable the logrotate cron job
Default:
falseDeclared by:
<nixos/modules/services/logging/logrotate.nix>services.logstash.enableEnable logstash.
Default:
falseDeclared by:
<nixos/modules/services/logging/logstash.nix>services.logstash.filterConfigAn attribute set (or an expression generated by mkNameValuePairs) representing a logstash configuration's filter section. See inputConfig description for details.
Default:
{ }Declared by:
<nixos/modules/services/logging/logstash.nix>services.logstash.inputConfigAn attribute set (or an expression generated by mkNameValuePairs) representing a logstash configuration's input section. Logstash configs are name-value pairs, where values can be bools, strings, numbers, arrays, hashes, or other name-value pairs, and names are strings that can be repeated. Name-value pairs with no repeats are represented by attr sets. Bools, strings, ints, and arrays are mapped directly. Name-value pairs with repeats can be generated by the config.lib.logstash.mkNameValuePairs function, which takes a list of attrsets and combines them while preserving attribute name duplicates if they occur. Similarly, there are the mkFloat and mkHash functions, which take a string representation of a float and an attrset, respectively.
Default:
{ }Declared by:
<nixos/modules/services/logging/logstash.nix>services.logstash.outputConfigAn attribute set (or an expression generated by mkNameValuePairs) representing a logstash configuration's output section. See inputConfig description for details.
Default:
{ }Declared by:
<nixos/modules/services/logging/logstash.nix>services.lshd.enableWhether to enable the GNU lshd SSH2 daemon, which allows secure remote login.
Default:
falseDeclared by:
<nixos/modules/services/networking/ssh/lshd.nix>services.lshd.hostKeyPath to the server's private key. Note that this key must have been created, e.g., using "lsh-keygen --server | lsh-writekey --server", so that you can run lshd.
Default:
"/etc/lsh/host-key"Declared by:
<nixos/modules/services/networking/ssh/lshd.nix>services.lshd.interfacesList of network interfaces where listening for connections. When providing the empty list, `[]', lshd listens on all network interfaces.
Default:
[ ]Example:
[ "localhost" "1.2.3.4:443" ]Declared by:
<nixos/modules/services/networking/ssh/lshd.nix>services.lshd.loginShellIf non-null, override the default login shell with the specified value.
Default:
Example:
"/nix/store/xyz-bash-10.0/bin/bash10"Declared by:
<nixos/modules/services/networking/ssh/lshd.nix>services.lshd.passwordAuthenticationWhether to enable password authentication.
Default:
trueDeclared by:
<nixos/modules/services/networking/ssh/lshd.nix>services.lshd.portNumberThe port on which to listen for connections.
Default:
22Declared by:
<nixos/modules/services/networking/ssh/lshd.nix>services.lshd.publicKeyAuthenticationWhether to enable public key authentication.
Default:
trueDeclared by:
<nixos/modules/services/networking/ssh/lshd.nix>services.lshd.rootLoginWhether to enable remote root login.
Default:
falseDeclared by:
<nixos/modules/services/networking/ssh/lshd.nix>services.lshd.srpKeyExchangeWhether to enable SRP key exchange and user authentication.
Default:
falseDeclared by:
<nixos/modules/services/networking/ssh/lshd.nix>services.lshd.subsystemsList of subsystem-path pairs, where the head of the pair denotes the subsystem name, and the tail denotes the path to an executable implementing it.
Default:
[ [ "sftp" "/nix/store/9bnfiawz723dq7j5piyrh9inqzr2ippn-lsh-2.0.4/sbin/sftp-server" ] ]Declared by:
<nixos/modules/services/networking/ssh/lshd.nix>services.lshd.syslogWhether to enable syslog output.
Default:
trueDeclared by:
<nixos/modules/services/networking/ssh/lshd.nix>services.lshd.tcpForwardingWhether to enable TCP/IP forwarding.
Default:
trueDeclared by:
<nixos/modules/services/networking/ssh/lshd.nix>services.lshd.x11ForwardingWhether to enable X11 forwarding.
Default:
trueDeclared by:
<nixos/modules/services/networking/ssh/lshd.nix>services.mail.freepopsd.bindBind over an IPv4 address instead of any.
Default:
"0.0.0.0"Declared by:
<nixos/modules/services/mail/freepops.nix>services.mail.freepopsd.enableEnables Freepops, a POP3 webmail wrapper.
Default:
falseDeclared by:
<nixos/modules/services/mail/freepops.nix>services.mail.freepopsd.logFileFilename of the log file or syslog to rely on the logging daemon.
Default:
"/var/log/freepopsd"Example:
"syslog"Declared by:
<nixos/modules/services/mail/freepops.nix>services.mail.freepopsd.portPort on which the pop server will listen.
Default:
2000Declared by:
<nixos/modules/services/mail/freepops.nix>services.mail.freepopsd.suid.groupGroup under which freepopsd will be after binding the port.
Default:
"nogroup"Declared by:
<nixos/modules/services/mail/freepops.nix>services.mail.freepopsd.suid.userUser name under which freepopsd will be after binding the port.
Default:
"nobody"Declared by:
<nixos/modules/services/mail/freepops.nix>services.mail.freepopsd.threadsMax simultaneous connections.
Default:
5Declared by:
<nixos/modules/services/mail/freepops.nix>services.mail.sendmailSetuidWrapperConfiguration for the sendmail setuid wrwapper (like an element of security.setuidOwners)";
Default:
Declared by:
<nixos/modules/services/mail/mail.nix>services.mingetty.greetingLineWelcome line printed by mingetty.
Default:
"<<< Welcome to NixOS 0.2pre-git (\\m) - \\l >>>"Declared by:
<nixos/modules/services/ttys/agetty.nix>services.mingetty.helpLineHelp line printed by mingetty below the welcome line. Used by the installation CD to give some hints on how to proceed.
Default:
""Declared by:
<nixos/modules/services/ttys/agetty.nix>services.minidlna.configThe contents of MiniDLNA's configuration file.
Default: none
Declared by:
<nixos/modules/services/networking/minidlna.nix>services.minidlna.enableWhether to enable MiniDLNA, a simple DLNA server. It serves media files such as video and music to DLNA client devices such as televisions and media players.
Default:
falseDeclared by:
<nixos/modules/services/networking/minidlna.nix>services.minidlna.mediaDirsDirectories to be scanned for media files. The prefixes
A,,V,andP,restrict a directory to audio, video or image files. The directories must be accessible to theminidlnauser account.Default:
[ ]Declared by:
<nixos/modules/services/networking/minidlna.nix>services.mongodb.bind_ipIP to bind to
Default:
"127.0.0.1"Declared by:
<nixos/modules/services/databases/mongodb.nix>services.mongodb.dbpathLocation where MongoDB stores its files
Default:
"/var/db/mongodb"Declared by:
<nixos/modules/services/databases/mongodb.nix>services.mongodb.enableWhether to enable the MongoDB server.
Default:
falseDeclared by:
<nixos/modules/services/databases/mongodb.nix>services.mongodb.logappendAppend logfile instead over overwriting
Default:
trueDeclared by:
<nixos/modules/services/databases/mongodb.nix>services.mongodb.logpathLocation where MongoDB stores its logfile
Default:
"/var/log/mongodb/mongod.log"Declared by:
<nixos/modules/services/databases/mongodb.nix>services.mongodb.packageWhich MongoDB derivation to use.
Default:
(build of mongodb-2.4.3)Declared by:
<nixos/modules/services/databases/mongodb.nix>services.mongodb.quietquieter output
Default:
falseDeclared by:
<nixos/modules/services/databases/mongodb.nix>services.mongodb.replSetNameIf this instance is part of a replica set, set its name here. Otherwise, leave empty to run as single node.
Default:
""Declared by:
<nixos/modules/services/databases/mongodb.nix>services.mongodb.userUser account under which MongoDB runs
Default:
"mongodb"Declared by:
<nixos/modules/services/databases/mongodb.nix>services.monit.configmonit.conf content
Default:
""Declared by:
<nixos/modules/services/monitoring/monit.nix>services.monit.enableWhether to run Monit system watcher.
Default:
falseDeclared by:
<nixos/modules/services/monitoring/monit.nix>services.monit.startOnWhat Monit supposes to be already present
Default:
"started network-interfaces"Declared by:
<nixos/modules/services/monitoring/monit.nix>services.mpd.dataDirThe directory where MPD stores its state, tag cache, playlists etc.
Default:
"/var/lib/mpd/"Declared by:
<nixos/modules/services/audio/mpd.nix>services.mpd.enableWhether to enable MPD, the music player daemon.
Default:
falseDeclared by:
<nixos/modules/services/audio/mpd.nix>services.mpd.extraConfigExtra directives added to to the end of MPD's configuration file, mpd.conf. Basic configuration like file location and uid/gid is added automatically to the beginning of the file.
Default:
""Declared by:
<nixos/modules/services/audio/mpd.nix>services.mpd.musicDirectoryExtra configuration added to the end of MPD's configuration file, mpd.conf.
Default:
"/var/lib/mpd//music"Declared by:
<nixos/modules/services/audio/mpd.nix>services.mysql.dataDirLocation where MySQL stores its table files
Default:
"/var/mysql"Declared by:
<nixos/modules/services/databases/mysql.nix>services.mysql.enableWhether to enable the MySQL server.
Default:
falseDeclared by:
<nixos/modules/services/databases/mysql.nix>services.mysql.initialDatabasesList of database names and their initial schemas that should be used to create databases on the first startup of MySQL
Default:
[ ]Example:
[ { name = "foodatabase"; schema = ; } { name = "bardatabase"; schema = ; } ]Declared by:
<nixos/modules/services/databases/mysql.nix>services.mysql.initialScriptA file containing SQL statements to be executed on the first startup. Can be used for granting certain permissions on the database
Default:
Declared by:
<nixos/modules/services/databases/mysql.nix>services.mysql.logErrorLocation of the MySQL error logfile
Default:
"/var/log/mysql_err.log"Declared by:
<nixos/modules/services/databases/mysql.nix>services.mysql.packageWhich MySQL derivation to use.
Default:
(build of mysql-5.1.69)Declared by:
<nixos/modules/services/databases/mysql.nix>services.mysql.pidDirLocation of the file which stores the PID of the MySQL server
Default:
"/var/run/mysql"Declared by:
<nixos/modules/services/databases/mysql.nix>services.mysql.portPort of MySQL
Default:
"3306"Declared by:
<nixos/modules/services/databases/mysql.nix>services.mysql.replication.masterHostHostname of the MySQL master server
Default: none
Declared by:
<nixos/modules/services/databases/mysql.nix>services.mysql.replication.masterPasswordPassword of the MySQL replication user
Default: none
Declared by:
<nixos/modules/services/databases/mysql.nix>services.mysql.replication.masterPortPort number on which the MySQL master server runs
Default:
3306Declared by:
<nixos/modules/services/databases/mysql.nix>services.mysql.replication.masterUserUsername of the MySQL replication user
Default: none
Declared by:
<nixos/modules/services/databases/mysql.nix>services.mysql.replication.roleRole of the MySQL server instance. Can be either: master, slave or none
Default:
"none"Declared by:
<nixos/modules/services/databases/mysql.nix>services.mysql.replication.serverIdId of the MySQL server instance. This number must be unique for each instance
Default:
1Declared by:
<nixos/modules/services/databases/mysql.nix>services.mysql.rootPasswordPath to a file containing the root password, modified on the first startup. Not specifying a root password will leave the root password empty.
Default:
Declared by:
<nixos/modules/services/databases/mysql.nix>services.mysql.userUser account under which MySQL runs
Default:
"mysql"Declared by:
<nixos/modules/services/databases/mysql.nix>services.mysql55.dataDirLocation where MySQL stores its table files
Default:
"/var/mysql"Declared by:
<nixos/modules/services/databases/mysql55.nix>services.mysql55.enableWhether to enable the MySQL server.
Default:
falseDeclared by:
<nixos/modules/services/databases/mysql55.nix>services.mysql55.initialDatabasesList of database names and their initial schemas that should be used to create databases on the first startup of MySQL
Default:
[ ]Example:
[ { name = "foodatabase"; schema = ; } { name = "bardatabase"; schema = ; } ]Declared by:
<nixos/modules/services/databases/mysql55.nix>services.mysql55.initialScriptA file containing SQL statements to be executed on the first startup. Can be used for granting certain permissions on the database
Default:
Declared by:
<nixos/modules/services/databases/mysql55.nix>services.mysql55.logErrorLocation of the MySQL error logfile
Default:
"/var/log/mysql_err.log"Declared by:
<nixos/modules/services/databases/mysql55.nix>services.mysql55.packageWhich MySQL derivation to use.
Default:
(build of mysql-5.5.31)Declared by:
<nixos/modules/services/databases/mysql55.nix>services.mysql55.pidDirLocation of the file which stores the PID of the MySQL server
Default:
"/var/run/mysql"Declared by:
<nixos/modules/services/databases/mysql55.nix>services.mysql55.portPort of MySQL
Default:
"3306"Declared by:
<nixos/modules/services/databases/mysql55.nix>services.mysql55.replication.masterHostHostname of the MySQL master server
Default: none
Declared by:
<nixos/modules/services/databases/mysql55.nix>services.mysql55.replication.masterPasswordPassword of the MySQL replication user
Default: none
Declared by:
<nixos/modules/services/databases/mysql55.nix>services.mysql55.replication.masterPortPort number on which the MySQL master server runs
Default:
3306Declared by:
<nixos/modules/services/databases/mysql55.nix>services.mysql55.replication.masterUserUsername of the MySQL replication user
Default: none
Declared by:
<nixos/modules/services/databases/mysql55.nix>services.mysql55.replication.roleRole of the MySQL server instance. Can be either: master, slave or none
Default:
"none"Declared by:
<nixos/modules/services/databases/mysql55.nix>services.mysql55.replication.serverIdId of the MySQL server instance. This number must be unique for each instance
Default:
1Declared by:
<nixos/modules/services/databases/mysql55.nix>services.mysql55.rootPasswordPath to a file containing the root password, modified on the first startup. Not specifying a root password will leave the root password empty.
Default:
Declared by:
<nixos/modules/services/databases/mysql55.nix>services.mysql55.userUser account under which MySQL runs
Default:
"mysql"Declared by:
<nixos/modules/services/databases/mysql55.nix>services.mysqlBackup.databasesList of database names to dump.
Default:
[ ]Declared by:
<nixos/modules/services/backup/mysql-backup.nix>services.mysqlBackup.enableWhether to enable MySQL backups.
Default:
falseDeclared by:
<nixos/modules/services/backup/mysql-backup.nix>services.mysqlBackup.locationLocation to put the gzipped MySQL database dumps.
Default:
"/var/backup/mysql"Declared by:
<nixos/modules/services/backup/mysql-backup.nix>services.mysqlBackup.periodThis option defines (in the format used by cron) when the databases should be dumped. The default is to update at 01:15 (at night) every day.
Default:
"15 01 * * *"Declared by:
<nixos/modules/services/backup/mysql-backup.nix>services.mysqlBackup.singleTransactionWhether to create database dump in a single transaction
Default:
falseDeclared by:
<nixos/modules/services/backup/mysql-backup.nix>services.mysqlBackup.userUser to be used to perform backup.
Default:
"mysql"Declared by:
<nixos/modules/services/backup/mysql-backup.nix>services.nagios.enableWhether to use Nagios to monitor your system or network.
Default:
falseDeclared by:
<nixos/modules/services/monitoring/nagios/default.nix>services.nagios.enableWebInterfaceWhether to enable the Nagios web interface. You should also enable Apache (
services.httpd.enable).Default:
falseDeclared by:
<nixos/modules/services/monitoring/nagios/default.nix>services.nagios.objectDefsA list of Nagios object configuration files that must define the hosts, host groups, services and contacts for the network that you want Nagios to monitor.
Default: none
Declared by:
<nixos/modules/services/monitoring/nagios/default.nix>services.nagios.pluginsPackages to be added to the Nagios
PATH. Typically used to add plugins, but can be anything.Default:
[(build of nagios-plugins-1.4.10)(build of ssmtp-2.64)]Declared by:
<nixos/modules/services/monitoring/nagios/default.nix>services.nagios.urlPathThe URL path under which the Nagios web interface appears. That is, you can access the Nagios web interface through
http://.server/urlPathDefault:
"/nagios"Declared by:
<nixos/modules/services/monitoring/nagios/default.nix>services.networking.websockify.enableWhether to enable websockify to forward websocket connections to TCP connections.
Default:
falseDeclared by:
<nixos/modules/services/networking/websockify.nix>services.networking.websockify.portMapPorts to map by default.
Default:
{ }Declared by:
<nixos/modules/services/networking/websockify.nix>services.networking.websockify.sslCertPath to the SSL certificate.
Default: none
Declared by:
<nixos/modules/services/networking/websockify.nix>services.networking.websockify.sslKeyPath to the SSL key.
Default:
"config.services.networking.websockify.sslCert"Declared by:
<nixos/modules/services/networking/websockify.nix>services.nfs.server.createMountPointsWhether to create the mount points in the exports file at startup time.
Default:
falseDeclared by:
<nixos/modules/services/network-filesystems/nfsd.nix>services.nfs.server.enableWhether to enable the kernel's NFS server.
Default:
falseDeclared by:
<nixos/modules/services/network-filesystems/nfsd.nix>services.nfs.server.exportsContents of the /etc/exports file. See exports(5) for the format.
Default:
""Declared by:
<nixos/modules/services/network-filesystems/nfsd.nix>services.nfs.server.hostNameHostname or address on which NFS requests will be accepted. Default is all. See the
-Hoption in nfsd(8).Default:
Declared by:
<nixos/modules/services/network-filesystems/nfsd.nix>services.nfs.server.nprocNumber of NFS server threads. Defaults to the recommended value of 8.
Default:
8Declared by:
<nixos/modules/services/network-filesystems/nfsd.nix>services.nginx.configVerbatim nginx.conf configuration.
Default:
"events {}"Declared by:
<nixos/modules/services/web-servers/nginx/default.nix>services.nginx.enableEnable the nginx Web Server.
Default:
falseDeclared by:
<nixos/modules/services/web-servers/nginx/default.nix>services.nginx.fullWebDAVCompile in a third party module providing full WebDAV support
Default:
falseDeclared by:
<nixos/modules/services/web-servers/nginx/default.nix>services.nginx.groupGroup account under which nginx runs.
Default:
"nginx"Declared by:
<nixos/modules/services/web-servers/nginx/default.nix>services.nginx.stateDirDirectory holding all state for nginx to run.
Default:
"/var/spool/nginx"Declared by:
<nixos/modules/services/web-servers/nginx/default.nix>services.nginx.userUser account under which nginx runs.
Default:
"nginx"Declared by:
<nixos/modules/services/web-servers/nginx/default.nix>services.nixosManual.browserBrowser used to show the manual.
Default:
"/nix/store/w2rq9gixdlwf4lf98y5mh4knrngzxaan-w3m-0.5.3/bin/w3m"Declared by:
<nixos/modules/services/misc/nixos-manual.nix>services.nixosManual.enableWhether to build the NixOS manual pages.
Default:
trueDeclared by:
<nixos/modules/services/misc/nixos-manual.nix>services.nixosManual.revisionRevision of the targeted source file. This value can either be
"local","HEAD"or any revision number embedded in a string.Default:
"local"Declared by:
<nixos/modules/services/misc/nixos-manual.nix>services.nixosManual.showManualWhether to show the NixOS manual on one of the virtual consoles.
Default:
falseDeclared by:
<nixos/modules/services/misc/nixos-manual.nix>services.nixosManual.ttyNumberVirtual console on which to show the manual.
Default:
"8"Declared by:
<nixos/modules/services/misc/nixos-manual.nix>services.nscd.enableWhether to enable the Name Service Cache Daemon.
Default:
trueDeclared by:
<nixos/modules/services/system/nscd.nix>services.ntp.enableWhether to synchronise your machine's time using the NTP protocol.
Default:
trueDeclared by:
<nixos/modules/services/networking/ntpd.nix>services.ntp.serversThe set of NTP servers from which to synchronise.
Default:
[ "0.pool.ntp.org" "1.pool.ntp.org" "2.pool.ntp.org" ]Declared by:
<nixos/modules/services/networking/ntpd.nix>services.oidentd.enableWhether to enable ‘oidentd’, an implementation of the Ident protocol (RFC 1413). It allows remote systems to identify the name of the user associated with a TCP connection.
Default:
falseDeclared by:
<nixos/modules/services/networking/oidentd.nix>services.openafsClient.cacheDirectoryCache directory.
Default:
"/var/cache/openafs"Declared by:
<nixos/modules/services/network-filesystems/openafs-client/default.nix>services.openafsClient.cacheSizeCache size.
Default:
"100000"Declared by:
<nixos/modules/services/network-filesystems/openafs-client/default.nix>services.openafsClient.cellNameCell name.
Default:
"grand.central.org"Declared by:
<nixos/modules/services/network-filesystems/openafs-client/default.nix>services.openafsClient.enableWhether to enable the OpenAFS client.
Default:
falseDeclared by:
<nixos/modules/services/network-filesystems/openafs-client/default.nix>services.openfire.enableWhether to enable OpenFire XMPP server.
Default:
falseDeclared by:
<nixos/modules/services/networking/openfire.nix>services.openfire.usePostgreSQLWhether you use PostgreSQL service for your storage back-end.
Default:
trueDeclared by:
<nixos/modules/services/networking/openfire.nix>services.openldap.enableWhether to enable the ldap server.
Default:
falseDeclared by:
<nixos/modules/services/databases/openldap.nix>services.openldap.extraConfigsldapd.conf configuration
Default:
""Declared by:
<nixos/modules/services/databases/openldap.nix>services.openssh.allowSFTPWhether to enable the SFTP subsystem in the SSH daemon. This enables the use of commands such as sftp and sshfs.
Default:
trueDeclared by:
<nixos/modules/services/networking/ssh/sshd.nix><nixos/modules/rename.nix>services.openssh.authorizedKeysFilesFiles from with authorized keys are read.
Default:
[ ]Declared by:
<nixos/modules/services/networking/ssh/sshd.nix>services.openssh.challengeResponseAuthenticationSpecifies whether challenge/response authentication is allowed.
Default:
trueDeclared by:
<nixos/modules/services/networking/ssh/sshd.nix>services.openssh.enableWhether to enable the OpenSSH secure shell daemon, which allows secure remote logins.
Default:
falseDeclared by:
<nixos/modules/services/networking/ssh/sshd.nix><nixos/modules/rename.nix>services.openssh.extraConfigVerbatim contents of
sshd_config.Default:
""Declared by:
<nixos/modules/services/networking/ssh/sshd.nix>services.openssh.forwardX11Whether to allow X11 connections to be forwarded.
Default:
trueDeclared by:
<nixos/modules/services/networking/ssh/sshd.nix><nixos/modules/rename.nix>services.openssh.gatewayPortsSpecifies whether remote hosts are allowed to connect to ports forwarded for the client. See sshd_config(5).
Default:
"no"Declared by:
<nixos/modules/services/networking/ssh/sshd.nix><nixos/modules/rename.nix>services.openssh.hostKeyPathPath to the server's private key. If there is no key file on this path, it will be generated when the service is started for the first time. Otherwise, the ssh daemon will use the specified key directly in-place.
Default:
"/etc/ssh/ssh_host_dsa_key"Declared by:
<nixos/modules/services/networking/ssh/sshd.nix>services.openssh.hostKeyTypeType of host key to generate (dsa1024/rsa1024/ecdsa521), if the file specified by
hostKeyPathdoes not exist when the service starts.Default:
"dsa1024"Declared by:
<nixos/modules/services/networking/ssh/sshd.nix>services.openssh.knownHostsThe set of system-wide known SSH hosts.
Default:
{ }Example:
[ { hostNames = [ "myhost" "myhost.mydomain.com" "10.10.1.4" ] ; publicKeyFile = ; } { hostNames = [ "myhost2" ] ; publicKeyFile = ; } ]Declared by:
<nixos/modules/services/networking/ssh/sshd.nix>services.openssh.knownHosts.<name?>.hostNamesA list of host names and/or IP numbers used for accessing the host's ssh service.
Default:
[ ]Declared by:
<nixos/modules/services/networking/ssh/sshd.nix>services.openssh.knownHosts.<name?>.publicKeyFileThe path to the public key file for the host. The public key file is read at build time and saved in the Nix store. You can fetch a public key file from a running SSH server with the
ssh-keyscancommand.Default: none
Declared by:
<nixos/modules/services/networking/ssh/sshd.nix>services.openssh.passwordAuthenticationSpecifies whether password authentication is allowed. Note that setting this value to
falseis most probably not going to have the desired effect unlessusePAMis disabled as well.Default:
trueDeclared by:
<nixos/modules/services/networking/ssh/sshd.nix>services.openssh.permitRootLoginWhether the root user can login using ssh. Valid values are
yes,without-password,forced-commands-onlyorno.Default:
"without-password"Declared by:
<nixos/modules/services/networking/ssh/sshd.nix><nixos/modules/rename.nix>services.openssh.portsSpecifies on which ports the SSH daemon listens.
Default:
[ 22 ]Declared by:
<nixos/modules/services/networking/ssh/sshd.nix><nixos/modules/rename.nix>services.openssh.usePAMSpecifies whether the OpenSSH daemon uses PAM to authenticate login attempts.
Default:
trueDeclared by:
<nixos/modules/services/networking/ssh/sshd.nix>services.openvpn.enableWhether to enable OpenVPN.
Default:
trueDeclared by:
<nixos/modules/services/networking/openvpn.nix>services.openvpn.serversEach attribute of this option defines an Upstart job to run an OpenVPN instance. These can be OpenVPN servers or clients. The name of each Upstart job is
openvpn-name, wherenameis the corresponding attribute name.Default:
{ }Example:
{ client = { config = "client\nremote vpn.example.org\ndev tun\nproto tcp-client\nport 8080\nca /root/.vpn/ca.crt\ncert /root/.vpn/alice.crt\nkey /root/.vpn/alice.key\n"; down = "/nix/store/5isgbra7p64yb6r9ibvbrvq1k6xk6wwj-openresolv-3.5.4/sbin/resolvconf -d $dev"; up = "echo nameserver $nameserver | /nix/store/5isgbra7p64yb6r9ibvbrvq1k6xk6wwj-openresolv-3.5.4/sbin/resolvconf -m 0 -a $dev"; } ; server = { config = "# Simplest server configuration: http://openvpn.net/index.php/documentation/miscellaneous/static-key-mini-howto.html.\n# server :\ndev tun\nifconfig 10.8.0.1 10.8.0.2\nsecret /root/static.key\n"; down = "ip route del ..."; up = "ip route add ..."; } ; }Declared by:
<nixos/modules/services/networking/openvpn.nix>services.openvpn.servers.<name>.configConfiguration of this OpenVPN instance. See openvpn(8) for details.
Default: none
Declared by:
<nixos/modules/services/networking/openvpn.nix>services.openvpn.servers.<name>.downShell commands executed when the instance is shutting down.
Default:
""Declared by:
<nixos/modules/services/networking/openvpn.nix>services.openvpn.servers.<name>.upShell commands executed when the instance is starting.
Default:
""Declared by:
<nixos/modules/services/networking/openvpn.nix>services.pcscd.enableWhether to enable the PCSC-Lite daemon.
Default:
falseDeclared by:
<nixos/modules/services/hardware/pcscd.nix>services.portmap.chrootIf non-empty, a path to change root to.
Default:
"/var/empty"Declared by:
<nixos/modules/services/networking/portmap.nix>services.portmap.enableWhether to enable `portmap', an ONC RPC directory service notably used by NFS and NIS, and which can be queried using the rpcinfo(1) command.
Default:
falseDeclared by:
<nixos/modules/services/networking/portmap.nix>services.portmap.verboseWhether to enable verbose output.
Default:
falseDeclared by:
<nixos/modules/services/networking/portmap.nix>services.postfix.destinationFull (!) list of domains we deliver locally. Leave blank for acceptable Postfix default.
Default:
Example:
[ "localhost" ]Declared by:
<nixos/modules/services/mail/postfix.nix>services.postfix.domainDomain to use. Leave blank to use hostname minus first component.
Default:
""Declared by:
<nixos/modules/services/mail/postfix.nix>services.postfix.enableWhether to run the Postfix mail server.
Default:
falseDeclared by:
<nixos/modules/services/mail/postfix.nix>services.postfix.extraAliasesAdditional entries to put verbatim into aliases file.
Default:
""Declared by:
<nixos/modules/services/mail/postfix.nix>services.postfix.extraConfigExtra lines to be added verbatim to the main.cf configuration file.
Default:
""Declared by:
<nixos/modules/services/mail/postfix.nix>services.postfix.extraMasterConfExtra lines to append to the generated master.cf file.
Default:
""Example:
"submission inet n - n - - smtpd"Declared by:
<nixos/modules/services/mail/postfix.nix>services.postfix.groupWhat to call the Postfix group (must be used only for postfix).
Default:
"postfix"Declared by:
<nixos/modules/services/mail/postfix.nix>services.postfix.hostnameHostname to use. Leave blank to use just the hostname of machine. It should be FQDN.
Default:
""Declared by:
<nixos/modules/services/mail/postfix.nix>services.postfix.lookupMXWhether relay specified is just domain whose MX must be used.
Default:
falseDeclared by:
<nixos/modules/services/mail/postfix.nix>services.postfix.networksNet masks for trusted - allowed to relay mail to third parties - hosts. Leave empty to use mynetworks_style configuration or use default (localhost-only).
Default:
Example:
[ "192.168.0.1/24" ]Declared by:
<nixos/modules/services/mail/postfix.nix>services.postfix.networksStyleName of standard way of trusted network specification to use, leave blank if you specify it explicitly or if you want to use default (localhost-only).
Default:
""Declared by:
<nixos/modules/services/mail/postfix.nix>services.postfix.originOrigin to use in outgoing e-mail. Leave blank to use hostname.
Default:
""Declared by:
<nixos/modules/services/mail/postfix.nix>services.postfix.postmasterAliasWho should receive postmaster e-mail.
Default:
"root"Declared by:
<nixos/modules/services/mail/postfix.nix>services.postfix.recipientDelimiterDelimiter for address extension: so mail to user+test can be handled by ~user/.forward+test
Default:
""Example:
"+"Declared by:
<nixos/modules/services/mail/postfix.nix>services.postfix.relayDomainsList of domains we agree to relay to. Default is the same as destination.
Default:
Example:
[ "localdomain" ]Declared by:
<nixos/modules/services/mail/postfix.nix>services.postfix.relayHostMail relay for outbound mail.
Default:
""Declared by:
<nixos/modules/services/mail/postfix.nix>services.postfix.rootAliasWho should receive root e-mail. Blank for no redirection.
Default:
""Declared by:
<nixos/modules/services/mail/postfix.nix>services.postfix.setSendmailWhether to set the system sendmail to postfix's.
Default:
trueDeclared by:
<nixos/modules/services/mail/postfix.nix>services.postfix.setgidGroupHow to call postfix setgid group (for postdrop). Should be uniquely used group.
Default:
"postdrop"Declared by:
<nixos/modules/services/mail/postfix.nix>services.postfix.sslCACertSSL certificate of CA.
Default:
""Declared by:
<nixos/modules/services/mail/postfix.nix>services.postfix.sslCertSSL certificate to use.
Default:
""Declared by:
<nixos/modules/services/mail/postfix.nix>services.postfix.sslKeySSL key to use.
Default:
""Declared by:
<nixos/modules/services/mail/postfix.nix>services.postfix.userWhat to call the Postfix user (must be used only for postfix).
Default:
"postfix"Declared by:
<nixos/modules/services/mail/postfix.nix>services.postfix.virtualEntries for the virtual alias map.
Default:
""Declared by:
<nixos/modules/services/mail/postfix.nix>services.postgresql.authMethodHow to authorize users. Note: ident needs absolute trust to all allowed client hosts.
Default:
" ident sameuser "Declared by:
<nixos/modules/services/databases/postgresql.nix>services.postgresql.authenticationDefines how users authenticate themselves to the server.
Default:
""Declared by:
<nixos/modules/services/databases/postgresql.nix>services.postgresql.dataDirData directory for PostgreSQL.
Default:
"/var/db/postgresql"Declared by:
<nixos/modules/services/databases/postgresql.nix>services.postgresql.enableWhether to run PostgreSQL.
Default:
falseDeclared by:
<nixos/modules/services/databases/postgresql.nix>services.postgresql.enableTCPIPWhether to run PostgreSQL with -i flag to enable TCP/IP connections.
Default:
falseDeclared by:
<nixos/modules/services/databases/postgresql.nix>services.postgresql.extraConfigAdditional text to be appended to
postgresql.conf.Default:
""Declared by:
<nixos/modules/services/databases/postgresql.nix>services.postgresql.extraPluginsWhen this list contains elements a new store path is created. PostgreSQL and the elments are symlinked into it. Then pg_config, postgres and pc_ctl are copied to make them use the new $out/lib directory as pkglibdir. This makes it possible to use postgis without patching the .sql files which reference $libdir/postgis-1.5.
Default:
[ ]Example:
"pkgs.postgis"Declared by:
<nixos/modules/services/databases/postgresql.nix>services.postgresql.identMapDefines the mapping from system users to database users.
Default:
""Declared by:
<nixos/modules/services/databases/postgresql.nix>services.postgresql.logDirLog directory for PostgreSQL.
Default:
"/var/log/postgresql"Declared by:
<nixos/modules/services/databases/postgresql.nix>services.postgresql.packagePostgreSQL package to use.
Default: none
Example:
pkgs.postgresql92
Declared by:
<nixos/modules/services/databases/postgresql.nix>services.postgresql.portPort for PostgreSQL.
Default:
"5432"Declared by:
<nixos/modules/services/databases/postgresql.nix>services.postgresqlBackup.databasesList of database names to dump.
Default:
[ ]Declared by:
<nixos/modules/services/backup/postgresql-backup.nix>services.postgresqlBackup.enableWhether to enable PostgreSQL dumps.
Default:
falseDeclared by:
<nixos/modules/services/backup/postgresql-backup.nix>services.postgresqlBackup.locationLocation to put the gzipped PostgreSQL database dumps.
Default:
"/var/backup/postgresql"Declared by:
<nixos/modules/services/backup/postgresql-backup.nix>services.postgresqlBackup.periodThis option defines (in the format used by cron) when the databases should be dumped. The default is to update at 01:15 (at night) every day.
Default:
"15 01 * * *"Declared by:
<nixos/modules/services/backup/postgresql-backup.nix>services.prayer.enableWhether to run the prayer webmail http server.
Default:
falseDeclared by:
<nixos/modules/services/networking/prayer.nix>services.prayer.extraConfigExtra configuration. Contents will be added verbatim to the configuration file.
Default:
""Declared by:
<nixos/modules/services/networking/prayer.nix>services.prayer.portPort the prayer http server is listening to.
Default:
"2080"Declared by:
<nixos/modules/services/networking/prayer.nix>services.printing.bindirCmdsAdditional commands executed while creating the directory containing the CUPS server binaries.
Default:
""Declared by:
<nixos/modules/services/printing/cupsd.nix>services.printing.cupsdConfThe contents of the configuration file of the CUPS daemon (
cupsd.conf).Default:
""Example:
"BrowsePoll cups.example.com\nLogLevel debug\n"Declared by:
<nixos/modules/services/printing/cupsd.nix>services.printing.driversCUPS drivers (CUPS, gs and samba are added unconditionally).
Default: none
Example:
[(build of splix-2.0.0)]Declared by:
<nixos/modules/services/printing/cupsd.nix>services.printing.enableWhether to enable printing support through the CUPS daemon.
Default:
falseDeclared by:
<nixos/modules/services/printing/cupsd.nix>services.printing.tempDirCUPSd temporary directory.
Default:
"/tmp"Example:
"/tmp/cups"Declared by:
<nixos/modules/services/printing/cupsd.nix>services.privoxy.enableWhether to run the machine as a HTTP proxy server.
Default:
falseDeclared by:
<nixos/modules/services/networking/privoxy.nix>services.privoxy.extraConfigExtra configuration. Contents will be added verbatim to the configuration file.
Default:
""Declared by:
<nixos/modules/services/networking/privoxy.nix>services.privoxy.listenAddressAddress the proxy server is listening to.
Default:
"127.0.0.1:8118"Declared by:
<nixos/modules/services/networking/privoxy.nix>services.privoxy.logDirLocation for privoxy log files.
Default:
"/var/log/privoxy"Declared by:
<nixos/modules/services/networking/privoxy.nix>services.quassel.dataDirThe directory holding configuration files, the SQlite database and the SSL Cert.
Default:
"/home/quassel/.config/quassel-irc.org"Declared by:
<nixos/modules/services/networking/quassel.nix>services.quassel.enableWhether to run the Quassel IRC client daemon.
Default:
falseDeclared by:
<nixos/modules/services/networking/quassel.nix>services.quassel.interfaceThe interface the Quassel daemon will be listening to. If `127.0.0.1', only clients on the local host can connect to it; if `0.0.0.0', clients can access it from any network interface.
Default:
"127.0.0.1"Declared by:
<nixos/modules/services/networking/quassel.nix>services.quassel.portNumberThe port number the Quassel daemon will be listening to.
Default:
4242Declared by:
<nixos/modules/services/networking/quassel.nix>services.quassel.userThe existing user the Quassel daemon should run as. If left empty, a default "quassel" user will be created.
Default:
Declared by:
<nixos/modules/services/networking/quassel.nix>services.rabbitmq.enableWhether to enable the RabbitMQ server, an Advanced Message Queuing Protocol (AMQP) broker.
Default:
falseDeclared by:
<nixos/modules/services/amqp/rabbitmq.nix>services.rabbitmq.listenAddressIP address on which RabbitMQ will listen for AMQP connections. Set to the empty string to listen on all interfaces. Note that RabbitMQ creates a user named
guestwith passwordguestby default, so you should delete this user if you intend to allow external access.Default:
"127.0.0.1"Example:
""Declared by:
<nixos/modules/services/amqp/rabbitmq.nix>services.radvd.configThe contents of the radvd configuration file.
Default: none
Example:
"interface eth0 {\n AdvSendAdvert on;\n prefix 2001:db8:1234:5678::/64 { };\n};\n"Declared by:
<nixos/modules/services/networking/radvd.nix>services.radvd.enableWhether to enable the Router Advertisement Daemon (radvd), which provides link-local advertisements of IPv6 router addresses and prefixes using the Neighbor Discovery Protocol (NDP). This enables stateless address autoconfiguration in IPv6 clients on the network.
Default:
falseDeclared by:
<nixos/modules/services/networking/radvd.nix>services.rdnssd.enableWhether to enable the RDNSS daemon (rdnssd), which configures DNS servers in
/etc/resolv.conffrom RDNSS advertisements sent by IPv6 routers.Default:
falseDeclared by:
<nixos/modules/services/networking/rdnssd.nix>services.rogue.enableWhether to enable the Rogue game on one of the virtual consoles.
Default:
falseDeclared by:
<nixos/modules/services/misc/rogue.nix>services.rogue.ttyVirtual console on which to run Rogue.
Default:
"tty9"Declared by:
<nixos/modules/services/misc/rogue.nix>services.rpcbind.enableWhether to enable `rpcbind', an ONC RPC directory service notably used by NFS and NIS, and which can be queried using the rpcinfo(1) command. `rpcbind` is a replacement for `portmap`.
Default:
falseDeclared by:
<nixos/modules/services/networking/rpcbind.nix>services.rsyslogd.defaultConfigThe default
syslog.conffile configures a fairly standard setup of log files, which can be extended by means ofextraConfig.Default:
"# \"local1\" is used for dhcpd messages.\nlocal1.* -/var/log/dhcpd\n\nmail.* -/var/log/mail\n\n*.=warning;*.=err -/var/log/warn\n*.crit /var/log/warn\n\n*.*;mail.none;local1.none -/var/log/messages\n"Declared by:
<nixos/modules/services/logging/rsyslogd.nix>services.rsyslogd.enableWhether to enable syslogd. Note that systemd also logs syslog messages, so you normally don't need to run syslogd.
Default:
falseDeclared by:
<nixos/modules/services/logging/rsyslogd.nix>services.rsyslogd.extraConfigAdditional text appended to
syslog.conf, i.e. the contents ofdefaultConfig.Default:
""Example:
"news.* -/var/log/news"Declared by:
<nixos/modules/services/logging/rsyslogd.nix>services.rsyslogd.extraParamsAdditional parameters passed to rsyslogd.
Default:
[ ]Example:
[ "-m 0" ]Declared by:
<nixos/modules/services/logging/rsyslogd.nix>services.sabnzbd.configFilePath to config file. (You need to create this file yourself!)
Default:
"/var/sabnzbd/sabnzbd.ini"Declared by:
<nixos/modules/services/networking/sabnzbd.nix>services.sabnzbd.enableWhether to enable the sabnzbd FTP server.
Default:
falseDeclared by:
<nixos/modules/services/networking/sabnzbd.nix>services.samba.configFileinternal use to pass filepath to samba pam module
Default: none
Declared by:
<nixos/modules/services/network-filesystems/samba.nix>services.samba.defaultShare.enableWhether to share /home/smbd as 'default'.
Default:
falseDeclared by:
<nixos/modules/services/network-filesystems/samba.nix>services.samba.defaultShare.guestWhether to allow guest access to default share.
Default:
trueDeclared by:
<nixos/modules/services/network-filesystems/samba.nix>services.samba.defaultShare.writeableWhether to allow write access to default share.
Default:
falseDeclared by:
<nixos/modules/services/network-filesystems/samba.nix>services.samba.enableWhether to enable Samba, which provides file and print services to Windows clients through the SMB/CIFS protocol.
Default:
falseDeclared by:
<nixos/modules/services/network-filesystems/samba.nix>services.samba.extraConfigadditional global section and extra section lines go in here.
Default:
"# [global] continuing global section here, section is started by nix to set pids etc\n\n smb passwd file = /etc/samba/passwd\n\n # is this useful ?\n domain master = auto\n\n encrypt passwords = Yes\n client plaintext auth = No\n\n # yes: if you use this you probably also want to enable syncPasswordsByPam\n # no: You can still use the pam password database. However\n # passwords will be sent plain text on network (discouraged)\n\n workgroup = Users\n server string = %h\n comment = Samba\n log file = /var/log/samba/log.%m\n log level = 10\n max log size = 50000\n security = user\n\n client lanman auth = Yes\n dns proxy = no\n invalid users = root\n passdb backend = tdbsam\n passwd program = /usr/bin/passwd %u\n"Declared by:
<nixos/modules/services/network-filesystems/samba.nix>services.samba.securityTypeSamba security type
Default:
"user"Example:
"share"Declared by:
<nixos/modules/services/network-filesystems/samba.nix>services.samba.syncPasswordsByPamenabling this will add a line directly after pam_unix.so. Whenever a password is changed the samba password will be updated as well. However you still yave to add the samba password once using smbpasswd -a user If you don't want to maintain an extra pwd database you still can send plain text passwords which is not secure.
Default:
falseDeclared by:
<nixos/modules/services/network-filesystems/samba.nix>services.sitecopy.backupsList of attributesets describing the backups. Username/password are extracted from
/var/spool/sitecopy/sitecopy.secretsat activation time. The secrets file lines should have the following structure:server username password
Default:
[ ]Example:
[ { https = true; local = "/tmp/backup"; name = "test"; protocol = "webdav"; remote = "/staff-groups/ewi/st/strategoxt/backup/test"; server = "webdata.tudelft.nl"; symlinks = "maintain"; } ]Declared by:
<nixos/modules/services/backup/sitecopy-backup.nix>services.sitecopy.enableWhether to enable sitecopy backups of specified directories.
Default:
falseDeclared by:
<nixos/modules/services/backup/sitecopy-backup.nix>services.sitecopy.periodThis option defines (in the format used by cron) when the sitecopy backup are being run. The default is to update at 04:15 (at night) every day.
Default:
"15 04 * * *"Declared by:
<nixos/modules/services/backup/sitecopy-backup.nix>services.smartd.deviceOptsAdditional options for each device that is monitored. The example turns on SMART Automatic Offline Testing on startup, and schedules short self-tests daily, and long self-tests weekly.
Default:
""Example:
"-o on -s (S/../.././02|L/../../7/04)"Declared by:
<nixos/modules/services/monitoring/smartd.nix>services.smartd.devicesList of devices to monitor. By default -- if this list is empty --, smartd will monitor all devices connected to the machine at the time it's being run. Configuring this option has the added benefit of enabling e-mail notifications to "root" every time smartd detects an error.
Default:
[ ]Example:
[ { device = "/dev/sda"; } { device = "/dev/sdb"; options = "-d sat"; } ]Declared by:
<nixos/modules/services/monitoring/smartd.nix>services.smartd.devices.*.deviceLocation of the device.
Default: none
Example:
"/dev/sda"Declared by:
<nixos/modules/services/monitoring/smartd.nix>services.smartd.devices.*.optionsOptions that determine how smartd monitors the device
Default:
""Example:
"-d sat"Declared by:
<nixos/modules/services/monitoring/smartd.nix>services.smartd.enableRun smartd from the smartmontools package. Note that e-mail notifications will not be enabled unless you configure the list of devices with
services.smartd.devicesas well.Default:
falseExample:
"true"Declared by:
<nixos/modules/services/monitoring/smartd.nix>services.spamassassin.debugWhether to run the SpamAssassin daemon in debug mode.
Default:
falseDeclared by:
<nixos/modules/services/mail/spamassassin.nix>services.spamassassin.enableWhether to run the SpamAssassin daemon.
Default:
falseDeclared by:
<nixos/modules/services/mail/spamassassin.nix>services.sshd.allowSFTPObsolete name of
services.openssh.allowSFTP.Default: none
Declared by:
<nixos/modules/rename.nix>services.sshd.enableAlias of
services.openssh.enable.Default: none
Declared by:
<nixos/modules/rename.nix>services.sshd.forwardX11Obsolete name of
services.openssh.forwardX11.Default: none
Declared by:
<nixos/modules/rename.nix>services.sshd.gatewayPortsObsolete name of
services.openssh.gatewayPorts.Default: none
Declared by:
<nixos/modules/rename.nix>services.sshd.permitRootLoginObsolete name of
services.openssh.permitRootLogin.Default: none
Declared by:
<nixos/modules/rename.nix>services.sshd.portsObsolete name of
services.openssh.ports.Default: none
Declared by:
<nixos/modules/rename.nix>services.svnserve.enableWhether to enable svnserve to serve Subversion repositories through the SVN protocol.
Default:
falseDeclared by:
<nixos/modules/services/misc/svnserve.nix>services.svnserve.svnBaseDirBase directory from which Subversion repositories are accessed.
Default:
"/repos"Declared by:
<nixos/modules/services/misc/svnserve.nix>services.synergy.client.enableWhether to enable the synergy client (receive keyboard and mouse events from a synergy server)
Default:
falseDeclared by:
<nixos/modules/services/misc/synergy.nix>services.synergy.client.screenNameuse screen-name instead the hostname to identify ourselfs to the server.
Default:
""Declared by:
<nixos/modules/services/misc/synergy.nix>services.synergy.client.serverAddressThe server address is of the form: [hostname][:port]. The hostname must be the address or hostname of the server. The port overrides the default port, 24800.
Default: none
Declared by:
<nixos/modules/services/misc/synergy.nix>services.synergy.server.addresslisten for clients on the given address
Default:
""Declared by:
<nixos/modules/services/misc/synergy.nix>services.synergy.server.configFileThe synergy server configuration file. open upstart-jobs/synergy.nix to see an example
Default:
"/etc/synergy-server.conf"Declared by:
<nixos/modules/services/misc/synergy.nix>services.synergy.server.enableWhether to enable the synergy server (send keyboard and mouse events)
Default:
falseDeclared by:
<nixos/modules/services/misc/synergy.nix>services.synergy.server.screenNameuse screen-name instead the hostname to identify this screen in the configuration.
Default:
""Declared by:
<nixos/modules/services/misc/synergy.nix>services.syslogd.defaultConfigThe default
syslog.conffile configures a fairly standard setup of log files, which can be extended by means ofextraConfig.Default:
"# Send emergency messages to all users.\n*.emerg *\n\n# \"local1\" is used for dhcpd messages.\nlocal1.* -/var/log/dhcpd\n\nmail.* -/var/log/mail\n\n*.=warning;*.=err -/var/log/warn\n*.crit /var/log/warn\n\n*.*;mail.none;local1.none -/var/log/messages\n"Declared by:
<nixos/modules/services/logging/syslogd.nix>services.syslogd.enableWhether to enable syslogd. Note that systemd also logs syslog messages, so you normally don't need to run syslogd.
Default:
falseDeclared by:
<nixos/modules/services/logging/syslogd.nix>services.syslogd.enableNetworkInputAccept logging through UDP. Option -r of syslogd(8).
Default:
falseDeclared by:
<nixos/modules/services/logging/syslogd.nix>services.syslogd.extraConfigAdditional text appended to
syslog.conf, i.e. the contents ofdefaultConfig.Default:
""Example:
"news.* -/var/log/news"Declared by:
<nixos/modules/services/logging/syslogd.nix>services.syslogd.extraParamsAdditional parameters passed to syslogd.
Default:
[ ]Example:
[ "-m 0" ]Declared by:
<nixos/modules/services/logging/syslogd.nix>services.syslogd.ttyThe tty device on which syslogd will print important log messages. Leave this option blank to disable tty logging.
Default:
"tty10"Declared by:
<nixos/modules/services/logging/syslogd.nix>services.systemhealth.drivesDrives to monitor.
Default:
[ ]Example:
[ { name = "root"; path = "/"; } ]Declared by:
<nixos/modules/services/monitoring/systemhealth.nix>services.systemhealth.enableEnable the system health monitor and its generation of graphs.
Default:
falseDeclared by:
<nixos/modules/services/monitoring/systemhealth.nix>services.systemhealth.interfacesInterfaces to monitor (minimum one).
Default:
[ "lo" ]Example:
[ "lo" "eth0" "eth1" ]Declared by:
<nixos/modules/services/monitoring/systemhealth.nix>services.systemhealth.urlPrefixThe URL prefix under which the System Health web pages appear in httpd.
Default:
"/health"Declared by:
<nixos/modules/services/monitoring/systemhealth.nix>services.tftpd.enableWhether to enable the anonymous FTP user.
Default:
falseDeclared by:
<nixos/modules/services/networking/tftpd.nix>services.tftpd.pathWhere the tftp server files are stored
Default:
"/home/tftp"Declared by:
<nixos/modules/services/networking/tftpd.nix>services.thinkfan.enableWhether to enable thinkfan, fan controller for ibm/lenovo thinkpads.
Default:
falseDeclared by:
<nixos/modules/services/hardware/thinkfan.nix>services.thinkfan.sensorSensor used by thinkfan
Default:
"/proc/acpi/ibm/thermal"Declared by:
<nixos/modules/services/hardware/thinkfan.nix>services.tomcat.axis2.enableWhether to enable an Apache Axis2 container
Default:
falseDeclared by:
<nixos/modules/services/web-servers/tomcat.nix>services.tomcat.axis2.servicesList containing AAR files or directories with AAR files which are web services to be deployed on Axis2
Default:
[ ]Declared by:
<nixos/modules/services/web-servers/tomcat.nix>services.tomcat.baseDirLocation where Tomcat stores configuration files, webapplications and logfiles
Default:
"/var/tomcat"Declared by:
<nixos/modules/services/web-servers/tomcat.nix>services.tomcat.catalinaOptsParameters to pass to the Java Virtual Machine which spawns the Catalina servlet container
Default:
""Declared by:
<nixos/modules/services/web-servers/tomcat.nix>services.tomcat.commonLibsList containing JAR files or directories with JAR files which are libraries shared by the web applications and the servlet container
Default:
[ ]Declared by:
<nixos/modules/services/web-servers/tomcat.nix>services.tomcat.enableWhether to enable Apache Tomcat
Default:
falseDeclared by:
<nixos/modules/services/web-servers/tomcat.nix>services.tomcat.extraGroupsDefines extra groups to which the tomcat user belongs.
Default:
[ ]Example:
[ "users" ]Declared by:
<nixos/modules/services/web-servers/tomcat.nix>services.tomcat.groupGroup account under which Apache Tomcat runs.
Default:
"tomcat"Declared by:
<nixos/modules/services/web-servers/tomcat.nix>services.tomcat.javaOptsParameters to pass to the Java Virtual Machine which spawns Apache Tomcat
Default:
""Declared by:
<nixos/modules/services/web-servers/tomcat.nix>services.tomcat.logPerVirtualHostWhether to enable logging per virtual host.
Default:
falseDeclared by:
<nixos/modules/services/web-servers/tomcat.nix>services.tomcat.sharedLibsList containing JAR files or directories with JAR files which are libraries shared by the web applications
Default:
[ ]Declared by:
<nixos/modules/services/web-servers/tomcat.nix>services.tomcat.userUser account under which Apache Tomcat runs.
Default:
"tomcat"Declared by:
<nixos/modules/services/web-servers/tomcat.nix>services.tomcat.virtualHostsList consisting of a virtual host name and a list of web applications to deploy on each virtual host
Default:
[ ]Declared by:
<nixos/modules/services/web-servers/tomcat.nix>services.tomcat.webappsList containing WAR files or directories with WAR files which are web applications to be deployed on Tomcat
Default:
[(build of apache-tomcat-6.0.32)]Declared by:
<nixos/modules/services/web-servers/tomcat.nix>services.tor.client.enableWhether to enable Tor daemon to route application connections. You might want to disable this if you plan running a dedicated Tor relay.
Default:
falseDeclared by:
<nixos/modules/services/security/tor.nix>services.tor.client.privoxy.configExtra configuration for Tor's instance of privoxy. Contents will be added verbatim to the configuration file. *This does not configure the standard NixOS instance of privoxy.* This is for Tor connections only! See services.privoxy.extraConfig to configure the standard NixOS instace of privoxy.
Default:
""Declared by:
<nixos/modules/services/security/tor.nix>services.tor.client.privoxy.enableWhether to enable a special instance of privoxy dedicated to Tor. To have anonymity, protocols need to be scrubbed of identifying information. Most people using Tor want to anonymize their web traffic, so by default we enable an special instance of privoxy specifically for Tor. However, if you are only going to use Tor only for other kinds of traffic then you can disable this option.
Default:
trueDeclared by:
<nixos/modules/services/security/tor.nix>services.tor.client.privoxy.listenAddressAddress that Tor's instance of privoxy is listening to. *This does not configure the standard NixOS instance of privoxy.* This is for Tor connections only! See services.privoxy.listenAddress to configure the standard NixOS instace of privoxy.
Default:
"127.0.0.1:8118"Declared by:
<nixos/modules/services/security/tor.nix>services.tor.client.socksListenAddressBind to this address to listen for connections from Socks-speaking applications.
Default:
"127.0.0.1:9050"Example:
"192.168.0.1:9100"Declared by:
<nixos/modules/services/security/tor.nix>services.tor.client.socksListenAddressFasterSame as socksListenAddress but uses weaker circuit isolation to provide performance suitable for a web browser.
Default:
"127.0.0.1:9063"Declared by:
<nixos/modules/services/security/tor.nix>services.tor.client.socksPolicyEntry policies to allow/deny SOCKS requests based on IP address. First entry that matches wins. If no SocksPolicy is set, we accept all (and only) requests from SocksListenAddress.
Default:
""Example:
"accept 192.168.0.0/16, reject *"Declared by:
<nixos/modules/services/security/tor.nix>services.tor.configExtra configuration. Contents will be added verbatim to the configuration file.
Default:
""Declared by:
<nixos/modules/services/security/tor.nix>services.tor.relay.bandwidthBurstSpecify this to allow bursts of the bandwidth usage of relayed (server) traffic. The average usage will still be as specified in relayBandwidthRate. Your own traffic is still unthrottled. Units: bytes/second.
Default:
0Example:
200Declared by:
<nixos/modules/services/security/tor.nix>services.tor.relay.bandwidthRateSpecify this to limit the bandwidth usage of relayed (server) traffic. Your own traffic is still unthrottled. Units: bytes/second.
Default:
0Example:
100Declared by:
<nixos/modules/services/security/tor.nix>services.tor.relay.enableWhether to enable relaying TOR traffic for others. See https://www.torproject.org/docs/tor-doc-relay for details.
Default:
falseDeclared by:
<nixos/modules/services/security/tor.nix>services.tor.relay.exitPolicyA comma-separated list of exit policies. They're considered first to last, and the first match wins. If you want to _replace_ the default exit policy, end this with either a reject *:* or an accept *:*. Otherwise, you're _augmenting_ (prepending to) the default exit policy. Leave commented to just use the default, which is available in the man page or at https://www.torproject.org/documentation.html Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses for issues you might encounter if you use the default exit policy. If certain IPs and ports are blocked externally, e.g. by your firewall, you should update your exit policy to reflect this -- otherwise Tor users will be told that those destinations are down.
Default:
""Example:
"accept *:6660-6667,reject *:*"Declared by:
<nixos/modules/services/security/tor.nix>services.tor.relay.isBridgeBridge relays (or "bridges" ) are Tor relays that aren't listed in the main directory. Since there is no complete public list of them, even if an ISP is filtering connections to all the known Tor relays, they probably won't be able to block all the bridges. A bridge relay can't be an exit relay. You need to set enableRelay to true for this option to take effect. See https://www.torproject.org/bridges.html.en for more info.
Default:
falseDeclared by:
<nixos/modules/services/security/tor.nix>services.tor.relay.isExitAn exit relay allows Tor users to access regular Internet services. Unlike running a non-exit relay, running an exit relay may expose you to abuse complaints. See https://www.torproject.org/faq.html.en#ExitPolicies for more info. You can specify which services Tor users may access via your exit relay using exitPolicy option.
Default:
falseDeclared by:
<nixos/modules/services/security/tor.nix>services.tor.relay.listenAddressSet this if you need to listen on a port other than the one advertised in relayPort (e.g. to advertise 443 but bind to 9090). You'll need to do ipchains or other port forwsarding yourself to make this work.
Default:
""Example:
"0.0.0.0:9090"Declared by:
<nixos/modules/services/security/tor.nix>services.tor.relay.nicknameA unique handle for your TOR relay.
Default:
"anonymous"Declared by:
<nixos/modules/services/security/tor.nix>services.tor.relay.portWhat port to advertise for Tor connections.
Default:
9001Declared by:
<nixos/modules/services/security/tor.nix>services.tor.torify.configExtra configuration. Contents will be added verbatim to TSocks configuration file.
Default:
""Declared by:
<nixos/modules/services/security/torify.nix>services.tor.torify.enableWhether to build torify scipt to relay application traffic via TOR.
Default:
falseDeclared by:
<nixos/modules/services/security/torify.nix>services.tor.torify.serverIP address of TOR client to use.
Default:
"localhost:9050"Example:
"192.168.0.20"Declared by:
<nixos/modules/services/security/torify.nix>services.tor.torsocks.configExtra configuration. Contents will be added verbatim to torsocks configuration file.
Default:
""Declared by:
<nixos/modules/services/security/torsocks.nix>services.tor.torsocks.enableWhether to build torsocks scipt to relay application traffic via TOR.
Default:
falseDeclared by:
<nixos/modules/services/security/torsocks.nix>services.tor.torsocks.serverIP address of TOR client to use.
Default:
"127.0.0.1:9050"Example:
"192.168.0.20:9050"Declared by:
<nixos/modules/services/security/torsocks.nix>services.tor.torsocks.serverFasterIP address of TOR client to use for applications like web browsers which need less circuit isolation to achive satisfactory performance.
Default:
"127.0.0.1:9063"Example:
"192.168.0.20:9063"Declared by:
<nixos/modules/services/security/torsocks.nix>services.transmission.enableWhether or not to enable the headless Transmission BitTorrent daemon. Transmission daemon can be controlled via the RPC interface using transmission-remote or the WebUI (http://localhost:9091/ by default). Torrents are downloaded to /var/lib/transmission/Downloads/ by default and are accessible to users in the "transmission" group.
Default:
falseDeclared by:
<nixos/modules/services/torrent/transmission.nix>services.transmission.rpc_portTCP port number to run the RPC/web interface.
Default:
9091Declared by:
<nixos/modules/services/torrent/transmission.nix>services.transmission.settingsAttribute set whos fields overwrites fields in settings.json (each time the service starts). String values must be quoted, integer and boolean values must not. See https://trac.transmissionbt.com/wiki/EditConfigFiles for documentation and/or look at /var/lib/transmission/.config/transmission-daemon/settings.json."
Default:
{ umask = 2; }Example:
{ download-dir = "/srv/torrents/"; incomplete-dir = "/srv/torrents/.incomplete/"; incomplete-dir-enabled = true; rpc-whitelist = "127.0.0.1,192.168.*.*"; umask = 2; }Declared by:
<nixos/modules/services/torrent/transmission.nix>services.ttyBackgrounds.defaultThemeThe default theme for the virtual consoles. Themes can be found at http://www.bootsplash.de/.
Default:
(build of Theme-BabyTux.tar.bz2)Declared by:
<nixos/modules/tasks/tty-backgrounds.nix>services.ttyBackgrounds.enableWhether to enable graphical backgrounds for the virtual consoles.
Default:
trueDeclared by:
<nixos/modules/tasks/tty-backgrounds.nix>services.ttyBackgrounds.specificThemesThis option overrides the theme for specific virtual consoles.
Default:
[ ]Declared by:
<nixos/modules/tasks/tty-backgrounds.nix>services.udev.extraRulesAdditional udev rules. They'll be written into file
10-local.rules. Thus they are read before all other rules.Default:
""Example:
"KERNEL==\"eth*\", ATTR{address}==\"00:1D:60:B9:6D:4F\", NAME=\"my_fast_network_card\"\n"Declared by:
<nixos/modules/services/hardware/udev.nix>services.udev.packagesList of packages containing udev rules. All files found in
pkg/etc/udev/rules.dpkg/lib/udev/rules.dDefault:
[ ]Declared by:
<nixos/modules/services/hardware/udev.nix>services.udev.pathPackages added to the
PATHenvironment variable when executing programs from Udev rules.Default:
[ ]Declared by:
<nixos/modules/services/hardware/udev.nix>services.udisks.enableWhether to enable Udisks, a DBus service that allows applications to query and manipulate storage devices.
Default:
falseDeclared by:
<nixos/modules/services/hardware/udisks.nix>services.udisks2.enableWhether to enable Udisks, a DBus service that allows applications to query and manipulate storage devices.
Default:
falseDeclared by:
<nixos/modules/services/hardware/udisks2.nix>services.unbound.allowedAccessWhat networks are allowed to use us as a resolver.
Default:
[ "127.0.0.0/24" ]Declared by:
<nixos/modules/services/networking/unbound.nix>services.unbound.enableWhether to enable the Unbound domain name server.
Default:
falseDeclared by:
<nixos/modules/services/networking/unbound.nix>services.unbound.extraConfigExtra unbound config
Default:
""Declared by:
<nixos/modules/services/networking/unbound.nix>services.unbound.forwardAddressesWhat servers to forward the queries to.
Default:
[ ]Declared by:
<nixos/modules/services/networking/unbound.nix>services.unbound.interfacesWhat addresses the server should listen to.
Default:
[ "127.0.0.0" "::1" ]Declared by:
<nixos/modules/services/networking/unbound.nix>services.upower.enableWhether to enable Upower, a DBus service that provides power management support to applications.
Default:
falseDeclared by:
<nixos/modules/services/hardware/upower.nix>services.uptimed.enableUptimed allows you to track your highest uptimes.
Default:
falseDeclared by:
<nixos/modules/services/system/uptimed.nix>services.varnish.configVerbatim default.vcl configuration.
Default: none
Declared by:
<nixos/modules/services/web-servers/varnish/default.nix>services.varnish.enableEnable the Varnish Server.
Default:
falseDeclared by:
<nixos/modules/services/web-servers/varnish/default.nix>services.varnish.stateDirDirectory holding all state for Varnish to run.
Default:
"/var/spool/varnish"Declared by:
<nixos/modules/services/web-servers/varnish/default.nix>services.virtualbox.enableWhether to enable the VirtualBox service and other guest additions.
Default:
falseDeclared by:
<nixos/modules/virtualisation/virtualbox-guest.nix>services.virtuoso.configExtra options to put into Virtuoso configuration file.
Default:
""Declared by:
<nixos/modules/services/databases/virtuoso.nix>services.virtuoso.dirsAllowedA list of directories Virtuoso is allowed to access
Default:
Example:
"/www, /home/"Declared by:
<nixos/modules/services/databases/virtuoso.nix>services.virtuoso.enableWhether to enable Virtuoso Opensource database server.
Default:
falseDeclared by:
<nixos/modules/services/databases/virtuoso.nix>services.virtuoso.httpListenAddressip:port or port for Virtuoso HTTP server to listen on.
Default:
Example:
"myserver:8080"Declared by:
<nixos/modules/services/databases/virtuoso.nix>services.virtuoso.listenAddressip:port or port to listen on.
Default:
"1111"Example:
"myserver:1323"Declared by:
<nixos/modules/services/databases/virtuoso.nix>services.virtuoso.parametersExtra options to put into [Parameters] section of Virtuoso configuration file.
Default:
""Declared by:
<nixos/modules/services/databases/virtuoso.nix>services.vsftpd.anonymousMkdirEnableWhether mkdir is permitted to anonymous users.
Default:
falseDeclared by:
<nixos/modules/services/networking/vsftpd.nix>services.vsftpd.anonymousUploadEnableWhether any uploads are permitted to anonymous users.
Default:
falseDeclared by:
<nixos/modules/services/networking/vsftpd.nix>services.vsftpd.anonymousUserWhether to enable the anonymous FTP user.
Default:
falseDeclared by:
<nixos/modules/services/networking/vsftpd.nix>services.vsftpd.anonymousUserHomePath to anonymous user data.
Default:
"/home/ftp"Declared by:
<nixos/modules/services/networking/vsftpd.nix>services.vsftpd.chrootlocalUserWhether local users are confined to their home directory.
Default:
falseDeclared by:
<nixos/modules/services/networking/vsftpd.nix>services.vsftpd.enableWhether to enable the vsftpd FTP server.
Default:
falseDeclared by:
<nixos/modules/services/networking/vsftpd.nix>services.vsftpd.localUsersWhether to enable FTP for local users.
Default:
falseDeclared by:
<nixos/modules/services/networking/vsftpd.nix>services.vsftpd.userlistDenyWhether users are excluded.
Default:
falseDeclared by:
<nixos/modules/services/networking/vsftpd.nix>services.vsftpd.userlistEnableWhether users are included.
Default:
falseDeclared by:
<nixos/modules/services/networking/vsftpd.nix>services.vsftpd.writeEnableWhether any write activity is permitted to users.
Default:
falseDeclared by:
<nixos/modules/services/networking/vsftpd.nix>services.wakeonlan.interfacesInterfaces where to enable Wake-On-LAN, and how. Two methods available: "magickey" and "password". The password has the shape of six bytes in hexadecimal separated by a colon each. For more information, check the ethtool manual.
Default:
[ ]Example:
[ { interface = "eth0"; method = "password"; password = "00:11:22:33:44:55"; } ]Declared by:
<nixos/modules/services/networking/wakeonlan.nix>services.xfs.enableWhether to enable the X Font Server.
Default:
falseDeclared by:
<nixos/modules/services/x11/xfs.nix>services.xinetd.enableWhether to enable the xinetd super-server daemon.
Default:
falseDeclared by:
<nixos/modules/services/networking/xinetd.nix>services.xinetd.extraDefaultsAdditional configuration lines added to the default section of xinetd's configuration.
Default:
""Declared by:
<nixos/modules/services/networking/xinetd.nix>services.xinetd.servicesA list of services provided by xinetd.
Default:
[ ]Declared by:
<nixos/modules/services/networking/xinetd.nix>services.xinetd.services.*.extraConfigExtra configuration-lines added to the section of the service.
Default:
""Declared by:
<nixos/modules/services/networking/xinetd.nix>services.xinetd.services.*.flagsDefault:
""Declared by:
<nixos/modules/services/networking/xinetd.nix>services.xinetd.services.*.nameName of the service.
Default: none
Example:
"login"Declared by:
<nixos/modules/services/networking/xinetd.nix>services.xinetd.services.*.portPort number of the service.
Default:
0Example:
123Declared by:
<nixos/modules/services/networking/xinetd.nix>services.xinetd.services.*.protocolProtocol of the service. Usually
tcporudp.Default:
"tcp"Declared by:
<nixos/modules/services/networking/xinetd.nix>services.xinetd.services.*.serverPath of the program that implements the service.
Default: none
Example:
"/foo/bin/ftpd"Declared by:
<nixos/modules/services/networking/xinetd.nix>services.xinetd.services.*.serverArgsCommand-line arguments for the server program.
Default:
""Declared by:
<nixos/modules/services/networking/xinetd.nix>services.xinetd.services.*.unlistedWhether this server is listed in
/etc/services. If so, the port number can be omitted.Default:
falseDeclared by:
<nixos/modules/services/networking/xinetd.nix>services.xinetd.services.*.userUser account for the service
Default:
"nobody"Declared by:
<nixos/modules/services/networking/xinetd.nix>services.xserver.autorunWhether to start the X server automatically.
Default:
trueDeclared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.configThe contents of the configuration file of the X server (
xorg.conf).Default: none
Declared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.defaultDepthDefault colour depth.
Default:
0Example:
8Declared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.desktopManager.defaultDefault desktop manager loaded if none have been chosen.
Default:
""Example:
"none"Declared by:
<nixos/modules/services/x11/desktop-managers/default.nix>services.xserver.desktopManager.e17.enableEnable support for the E17 desktop environment.
Default:
falseExample:
trueDeclared by:
<nixos/modules/services/x11/desktop-managers/e17.nix>services.xserver.desktopManager.gnome.enableEnable a gnome terminal as a desktop manager.
Default:
falseExample:
trueDeclared by:
<nixos/modules/services/x11/desktop-managers/gnome.nix>services.xserver.desktopManager.kde4.enableEnable the KDE 4 desktop environment.
Default:
falseExample:
trueDeclared by:
<nixos/modules/services/x11/desktop-managers/kde4.nix>services.xserver.desktopManager.kde4.phononBackendsWhich phonon multimedia backend kde should use
Default:
[ "gstreamer" ]Example:
[ "gstreamer" "vlc" ]Declared by:
<nixos/modules/services/x11/desktop-managers/kde4.nix>services.xserver.desktopManager.sessionInternal option used to add some common line to desktop manager scripts before forwarding the value to the
displayManager.Default:
[ ]Example:
[ { bgSupport = true; name = "kde"; start = "..."; } ]Declared by:
<nixos/modules/services/x11/desktop-managers/default.nix>services.xserver.desktopManager.xfce.enableEnable the Xfce desktop environment.
Default:
falseExample:
trueDeclared by:
<nixos/modules/services/x11/desktop-managers/xfce.nix>services.xserver.desktopManager.xterm.enableEnable a xterm terminal as a desktop manager.
Default:
trueExample:
falseDeclared by:
<nixos/modules/services/x11/desktop-managers/xterm.nix>services.xserver.deviceSectionContents of the first Device section of the X server configuration file.
Default:
""Example:
"VideoRAM 131072"Declared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.displayDisplay number for the X server.
Default:
0Example:
1Declared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.displayManager.auto.enableWhether to enable the fake "auto" display manager, which automatically logs in the user specified in the
useroption. This is mostly useful for automated tests.Default:
falseDeclared by:
<nixos/modules/services/x11/display-managers/auto.nix>services.xserver.displayManager.auto.userThe user account to login automatically.
Default:
"root"Declared by:
<nixos/modules/services/x11/display-managers/auto.nix>services.xserver.displayManager.desktopManagerHandlesLidAndPowerWhether the display manager should prevent systemd from handling lid and power events. This is normally handled by the desktop environment's power manager. Turn this off when using a minimal X11 setup without a full power manager.
Default:
trueDeclared by:
<nixos/modules/services/x11/display-managers/default.nix>services.xserver.displayManager.jobThis option defines how to start the display manager.
Default:
{ }Declared by:
<nixos/modules/services/x11/display-managers/default.nix>services.xserver.displayManager.job.environmentAdditional environment variables needed by the display manager.
Default:
{ }Example:
{ SLIM_CFGFILE = ; }Declared by:
<nixos/modules/services/x11/display-managers/default.nix>services.xserver.displayManager.job.execCmdCommand to start the display manager.
Default: none
Example:
"/nix/store/ipzp7xggwfxa5f164z5dx0v1dd7nr39g-slim-1.3.4/bin/slim"Declared by:
<nixos/modules/services/x11/display-managers/default.nix>services.xserver.displayManager.job.logsXsessionWhether the display manager redirects the output of the session script to
~/.xsession-errors.Default:
falseDeclared by:
<nixos/modules/services/x11/display-managers/default.nix>services.xserver.displayManager.job.preStartScript executed before the display manager is started.
Default:
""Example:
"rm -f /var/log/my-display-manager.log"Declared by:
<nixos/modules/services/x11/display-managers/default.nix>services.xserver.displayManager.kdm.enableWhether to enable the KDE display manager.
Default:
falseDeclared by:
<nixos/modules/services/x11/display-managers/kdm.nix>services.xserver.displayManager.kdm.enableXDMCPWhether to enable XDMCP, which allows remote logins.
Default:
falseDeclared by:
<nixos/modules/services/x11/display-managers/kdm.nix>services.xserver.displayManager.kdm.extraConfigOptions appended to
kdmrc, the configuration file of KDM.Default:
""Declared by:
<nixos/modules/services/x11/display-managers/kdm.nix>services.xserver.displayManager.kdm.setupScriptThe path to a KDM setup script. This script is run as root just before KDM starts. Can be used for setting up monitors with xrandr, for example.
Default:
""Declared by:
<nixos/modules/services/x11/display-managers/kdm.nix>services.xserver.displayManager.kdm.themeDirectoryThe path to a KDM theme directory. This theme will be used by the KDM greeter.
Default:
""Declared by:
<nixos/modules/services/x11/display-managers/kdm.nix>services.xserver.displayManager.lightdm.enableWhether to enable lightdm as the display manager.
Default:
falseDeclared by:
<nixos/modules/services/x11/display-managers/lightdm.nix>services.xserver.displayManager.lightdm.greeterThe LightDM greeter to login via. The package should be a directory containing a .desktop file matching the name in the 'name' option.
Default:
{ name = "lightdm-gtk-greeter"; package =(build of lightdm-gtk-greeter); }Declared by:
<nixos/modules/services/x11/display-managers/lightdm.nix>services.xserver.displayManager.sessionList of sessions supported with the command used to start each session. Each session script can set the
waitPIDshell variable to make this script wait until the end of the user session. Each script is used to define either a windows manager or a desktop manager. These can be differentiated by setting the attributemanageeither to"window"or"desktop". The list of desktop manager and window manager should appear inside the display manager with the desktop manager name followed by the window manager name.Default:
[ ]Example:
[ { manage = "desktop"; name = "xterm"; start = "\n /nix/store/f60a17pnhwpqlbgfnhljphvmfj9yrzzz-xterm-281/bin/xterm -ls &\n waitPID=$!\n "; } ]Declared by:
<nixos/modules/services/x11/display-managers/default.nix>services.xserver.displayManager.sessionCommandsShell commands executed just before the window or desktop manager is started.
Default:
""Example:
"xmessage \"Hello World!\" &\n"Declared by:
<nixos/modules/services/x11/display-managers/default.nix>services.xserver.displayManager.slim.autoLoginAutomatically log in as the default user.
Default:
falseExample:
trueDeclared by:
<nixos/modules/services/x11/display-managers/slim.nix>services.xserver.displayManager.slim.defaultUserThe default user to load. If you put a username here you get it automatically loaded into the username field, and the focus is placed on the password.
Default:
""Example:
"login"Declared by:
<nixos/modules/services/x11/display-managers/slim.nix>services.xserver.displayManager.slim.enableWhether to enable SLiM as the display manager.
Default:
trueDeclared by:
<nixos/modules/services/x11/display-managers/slim.nix>services.xserver.displayManager.slim.themeThe theme for the SLiM login manager. If not specified, SLiM's default theme is used. See http://slim.berlios.de/themes01.php for a collection of themes.
Default:
Example:
(build of slim-wave.tar.gz)Declared by:
<nixos/modules/services/x11/display-managers/slim.nix>services.xserver.displayManager.xauthBinPath to the xauth program used by display managers.
Default:
"/nix/store/xph2kk7r8ca8m62i1yhrdlh1gmrx4v8b-xauth-1.0.7/bin/xauth"Declared by:
<nixos/modules/services/x11/display-managers/default.nix>services.xserver.displayManager.xserverArgsList of arguments for the X server.
Default:
[ ]Example:
[ "-ac" "-logverbose" "-nolisten tcp" ]Declared by:
<nixos/modules/services/x11/display-managers/default.nix>services.xserver.displayManager.xserverBinPath to the X server used by display managers.
Default:
"/nix/store/alnj2avayikjq4rxgvkslmm6ihd9qi5h-xorg-server-1.12.4/bin/X"Declared by:
<nixos/modules/services/x11/display-managers/default.nix>services.xserver.driSupportWhether to enable accelerated OpenGL rendering through the Direct Rendering Interface (DRI).
Default:
trueDeclared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.driSupport32BitOn 64-bit systems, whether to support Direct Rendering for 32-bit applications (such as Wine). This is currently only supported for the
nvidiadriver and formesa.Default:
falseDeclared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.enableWhether to enable the X server.
Default:
falseDeclared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.enableTCPWhether to allow the X server to accept TCP connections.
Default:
falseDeclared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.exportConfigurationWhether to symlink the X server configuration under
/etc/X11/xorg.conf.Default:
falseDeclared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.extraDisplaySettingsLines to be added to every Display subsection of the Screen section.
Default:
""Example:
"Virtual 2048 2048"Declared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.layoutKeyboard layout.
Default:
"us"Declared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.moduleSectionContents of the Module section of the X server configuration file.
Default:
""Example:
"SubSection \"extmod\"\nEndSubsection\n"Declared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.modulesPackages to be added to the module search path of the X server.
Default:
[ ]Example:
[(build of xf86-input-wacom-0.19.0)]Declared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.monitorSectionContents of the first Monitor section of the X server configuration file.
Default:
""Example:
"HorizSync 28-49"Declared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.multitouch.enableWhether to enable multitouch touchpad support.
Default:
falseExample:
trueDeclared by:
<nixos/modules/services/x11/hardware/multitouch.nix>services.xserver.multitouch.ignorePalmWhether to ignore touches detected as being the palm (i.e when typing)
Default:
falseExample:
trueDeclared by:
<nixos/modules/services/x11/hardware/multitouch.nix>services.xserver.multitouch.invertScrollWhether to invert scrolling direction à la OSX Lion
Default:
falseExample:
trueDeclared by:
<nixos/modules/services/x11/hardware/multitouch.nix>services.xserver.resolutionsThe screen resolutions for the X server. The first element is the default resolution. If this list is empty, the X server will automatically configure the resolution.
Default:
[ ]Example:
[ { x = 1600; y = 1200; } { x = 1024; y = 786; } ]Declared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.screenSectionContents of the first Screen section of the X server configuration file.
Default:
""Example:
"Option \"RandRRotation\" \"on\"\n"Declared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.serverLayoutSectionContents of the ServerLayout section of the X server configuration file.
Default:
""Example:
"Option \"AIGLX\" \"true\"\n"Declared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.startGnuPGAgentWhether to start the GnuPG agent when you log in. The GnuPG agent remembers private keys for you so that you don't have to type in passphrases every time you make an SSH connection or sign/encrypt data. Use ssh-add to add a key to the agent.
Default:
falseDeclared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.startOpenSSHAgentWhether to start the OpenSSH agent when you log in. The OpenSSH agent remembers private keys for you so that you don't have to type in passphrases every time you make an SSH connection. Use ssh-add to add a key to the agent.
Default:
trueDeclared by:
<nixos/modules/services/x11/xserver.nix><nixos/modules/rename.nix>services.xserver.startSSHAgentObsolete name of
services.xserver.startOpenSSHAgent.Default: none
Declared by:
<nixos/modules/rename.nix>services.xserver.synaptics.accelFactorCursor acceleration (how fast speed increases from minSpeed to maxSpeed).
Default:
"0.001"Declared by:
<nixos/modules/services/x11/hardware/synaptics.nix>services.xserver.synaptics.additionalOptionsAdditional options for synaptics touchpad driver.
Default:
""Example:
" Option \"RTCornerButton\" \"2\"\n Option \"RBCornerButton\" \"3\"\n "Declared by:
<nixos/modules/services/x11/hardware/synaptics.nix>services.xserver.synaptics.devPath for touchpad device. Set to null to apply to any auto-detected touchpad.
Default:
Example:
"/dev/input/event0"Declared by:
<nixos/modules/services/x11/hardware/synaptics.nix>services.xserver.synaptics.enableWhether to enable touchpad support.
Default:
falseExample:
trueDeclared by:
<nixos/modules/services/x11/hardware/synaptics.nix>services.xserver.synaptics.horizontalScrollWhether to enable horizontal scrolling (on touchpad)
Default:
trueExample:
falseDeclared by:
<nixos/modules/services/x11/hardware/synaptics.nix>services.xserver.synaptics.maxSpeedCursor speed factor for highest-speed finger motion.
Default:
"1.0"Declared by:
<nixos/modules/services/x11/hardware/synaptics.nix>services.xserver.synaptics.minSpeedCursor speed factor for precision finger motion.
Default:
"0.6"Declared by:
<nixos/modules/services/x11/hardware/synaptics.nix>services.xserver.synaptics.palmDetectWhether to enable palm detection (hardware support required)
Default:
falseExample:
trueDeclared by:
<nixos/modules/services/x11/hardware/synaptics.nix>services.xserver.synaptics.tapButtonsWhether to enable tap buttons.
Default:
trueExample:
falseDeclared by:
<nixos/modules/services/x11/hardware/synaptics.nix>services.xserver.synaptics.twoFingerScrollWhether to enable two-finger drag-scrolling.
Default:
falseDeclared by:
<nixos/modules/services/x11/hardware/synaptics.nix>services.xserver.synaptics.vertEdgeScrollWhether to enable vertical edge drag-scrolling.
Default:
trueDeclared by:
<nixos/modules/services/x11/hardware/synaptics.nix>services.xserver.ttyVirtual console for the X server.
Default:
7Example:
9Declared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.useXFSDetermines how to connect to the X Font Server.
Default:
falseExample:
"unix/:7100"Declared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.vaapiDriversPackages providing libva acceleration drivers.
Default:
"[ pkgs.vaapiIntel pkgs.vaapiVdpau ]"Example:
"[ pkgs.vaapiIntel pkgs.vaapiVdpau ]"Declared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.videoDriverThe name of the video driver for your graphics card. This option is obsolete; please set the
videoDriversinstead.Default:
Example:
"i810"Declared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.videoDriversThe names of the video drivers that the X server should support. The X server will try all of the drivers listed here until it finds one that supports your video card.
Default:
[ "ati" "cirrus" "intel" "vesa" "vmware" ]Example:
[ "vesa" ]Declared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.virtualScreenVirtual screen size for Xrandr.
Default:
Example:
{ x = 2048; y = 2048; }Declared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.wacom.cursorExtraConfigLines to be added to Wacom_cursor InputDevice section.
Default:
""Example:
""Declared by:
<nixos/modules/services/x11/hardware/wacom.nix>services.xserver.wacom.deviceDevice to use. Set to null for autodetect (think USB tablet).
Default:
Example:
"/dev/ttyS0"Declared by:
<nixos/modules/services/x11/hardware/wacom.nix>services.xserver.wacom.enableWhether to enable the Wacom touchscreen/digitizer/tablet.
Default:
falseDeclared by:
<nixos/modules/services/x11/hardware/wacom.nix>services.xserver.wacom.eraserExtraConfigLines to be added to Wacom_eraser InputDevice section.
Default:
""Example:
"Option \"Button2\" \"3\"\n"Declared by:
<nixos/modules/services/x11/hardware/wacom.nix>services.xserver.wacom.forceDeviceTypeSome models (think touchscreen) require the device type to be specified. Set to null for autodetect (think USB tablet).
Default:
Example:
"ISDV4"Declared by:
<nixos/modules/services/x11/hardware/wacom.nix>services.xserver.wacom.stylusExtraConfigLines to be added to Wacom_stylus InputDevice section.
Default:
""Example:
"Option \"Button1\" \"2\"\n"Declared by:
<nixos/modules/services/x11/hardware/wacom.nix>services.xserver.windowManager.awesome.enableEnable the Awesome window manager.
Default:
falseDeclared by:
<nixos/modules/services/x11/window-managers/awesome.nix>services.xserver.windowManager.compiz.enableEnable the Compiz window manager.
Default:
falseDeclared by:
<nixos/modules/services/x11/window-managers/compiz.nix>services.xserver.windowManager.compiz.renderingFlagPass the
--indirect-renderingflag to Compiz.Default:
""Example:
"--indirect-rendering"Declared by:
<nixos/modules/services/x11/window-managers/compiz.nix>services.xserver.windowManager.defaultDefault window manager loaded if none have been chosen.
Default:
"none"Example:
"wmii"Declared by:
<nixos/modules/services/x11/window-managers/default.nix>services.xserver.windowManager.i3.enableEnable the i3 tiling window manager.
Default:
falseExample:
trueDeclared by:
<nixos/modules/services/x11/window-managers/i3.nix>services.xserver.windowManager.icewm.enableEnable the IceWM window manager.
Default:
falseDeclared by:
<nixos/modules/services/x11/window-managers/icewm.nix>services.xserver.windowManager.kwm.enableEnable the kwm window manager.
Default:
falseExample:
trueDeclared by:
<nixos/modules/services/x11/window-managers/kwm.nix>services.xserver.windowManager.metacity.enableEnable the metacity window manager.
Default:
falseExample:
trueDeclared by:
<nixos/modules/services/x11/window-managers/metacity.nix>services.xserver.windowManager.sessionInternal option used to add some common line to window manager scripts before forwarding the value to the
displayManager.Default:
[ ]Example:
[ { name = "wmii"; start = "..."; } ]Declared by:
<nixos/modules/services/x11/window-managers/default.nix>services.xserver.windowManager.twm.enableEnable the twm window manager.
Default:
falseDeclared by:
<nixos/modules/services/x11/window-managers/twm.nix>services.xserver.windowManager.wmii.enableEnable the wmii window manager.
Default:
falseExample:
trueDeclared by:
<nixos/modules/services/x11/window-managers/wmii.nix>services.xserver.windowManager.xbmc.enableEnable the xbmc multimedia center.
Default:
falseExample:
trueDeclared by:
<nixos/modules/services/x11/window-managers/xbmc.nix>services.xserver.windowManager.xmonad.enableEnable the xmonad window manager.
Default:
falseExample:
trueDeclared by:
<nixos/modules/services/x11/window-managers/xmonad.nix>services.xserver.xkbModelKeyboard model.
Default:
"pc104"Example:
"presario"Declared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.xkbOptionsX keyboard options; layout switching goes here.
Default:
"terminate:ctrl_alt_bksp"Example:
"grp:caps_toggle, grp_led:scroll"Declared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.xkbVariantX keyboard variant.
Default:
""Example:
"colemak"Declared by:
<nixos/modules/services/x11/xserver.nix>services.xserver.xrandrHeadsSimple multiple monitor configuration, just specify a list of XRandR outputs which will be mapped from left to right in the order of the list. Be careful using this option with multiple graphic adapters or with drivers that have poor support for XRandR, unexpected things might happen with those.
Default:
[ ]Example:
[ "HDMI-0" "DVI-0" ]Declared by:
<nixos/modules/services/x11/xserver.nix>services.zabbixAgent.enableWhether to run the Zabbix monitoring agent on this machine. It will send monitoring data to a Zabbix server.
Default:
falseDeclared by:
<nixos/modules/services/monitoring/zabbix-agent.nix>services.zabbixAgent.extraConfigConfiguration that is injected verbatim into the configuration file.
Default:
""Declared by:
<nixos/modules/services/monitoring/zabbix-agent.nix>services.zabbixAgent.serverThe IP address or hostname of the Zabbix server to connect to.
Default:
"127.0.0.1"Declared by:
<nixos/modules/services/monitoring/zabbix-agent.nix>services.zabbixServer.dbPasswordPassword used to connect to the database server.
Default:
""Declared by:
<nixos/modules/services/monitoring/zabbix-server.nix>services.zabbixServer.dbServerHostname or IP address of the database server.
Default:
"localhost"Declared by:
<nixos/modules/services/monitoring/zabbix-server.nix>services.zabbixServer.enableWhether to run the Zabbix server on this machine.
Default:
falseDeclared by:
<nixos/modules/services/monitoring/zabbix-server.nix>sound.enableWhether to enable ALSA sound.
Default:
trueDeclared by:
<nixos/modules/services/audio/alsa.nix>sound.enableOSSEmulationWhether to enable ALSA OSS emulation (with certain cards sound mixing may not work!).
Default:
trueDeclared by:
<nixos/modules/services/audio/alsa.nix>swapDevicesThe swap devices and swap files. These must have been initialised using mkswap. Each element should be an attribute set specifying either the path of the swap device or file (
device) or the label of the swap device (label, see mkswap -L). Using a label is recommended.Default:
[ ]Example:
[ { device = "/dev/hda7"; } { device = "/var/swapfile"; } { label = "bigswap"; } ]Declared by:
<nixos/modules/config/swap.nix>swapDevices.*.devicePath of the device.
Default: none
Example:
"/dev/sda3"Declared by:
<nixos/modules/config/swap.nix>swapDevices.*.labelLabel of the device. Can be used instead of
device.Default: none
Example:
"swap"Declared by:
<nixos/modules/config/swap.nix>swapDevices.*.prioritySpecify the priority of the swap device. Priority is a value between 0 and 32767. Higher numbers indicate higher priority. null lets the kernel choose a priority, which will show up as a negative value.
Default:
Example:
2048Declared by:
<nixos/modules/config/swap.nix>swapDevices.*.sizeIf this option is set, ‘device’ is interpreted as the path of a swapfile that will be created automatically with the indicated size (in megabytes) if it doesn't exist.
Default:
Example:
2048Declared by:
<nixos/modules/config/swap.nix>system.activationScriptsActivate the new configuration (i.e., update /etc, make accounts, and so on).
Default:
{ }Example:
{ stdio = { deps = [ ] ; text = "# Needed by some programs.\nln -sfn /proc/self/fd /dev/fd\nln -sfn /proc/self/fd/0 /dev/stdin\nln -sfn /proc/self/fd/1 /dev/stdout\nln -sfn /proc/self/fd/2 /dev/stderr\n"; } ; }Declared by:
<nixos/modules/system/activation/activation-script.nix>system.boot.loader.idId string of the used bootloader.
Default:
""Declared by:
<nixos/modules/system/activation/top-level.nix>system.boot.loader.kernelFileName of the kernel file to be passed to the bootloader.
Default:
"bzImage"Declared by:
<nixos/modules/system/activation/top-level.nix>system.buildAttribute set of derivations used to setup the system.
Default:
{ }Declared by:
<nixos/modules/system/activation/top-level.nix>system.copySystemConfigurationIf enabled, copies the NixOS configuration file
$NIXOS_CONFIG(usually/etc/nixos/configuration.nix) to the system store path.Default:
falseDeclared by:
<nixos/modules/system/activation/top-level.nix>system.extraSystemBuilderCmdsThis code will be added to the builder creating the system store path.
Default:
""Declared by:
<nixos/modules/system/activation/top-level.nix>system.fsPackagesPackages supplying file system mounters and checkers.
Default:
[ ]Declared by:
<nixos/modules/tasks/filesystems.nix>system.modulesTreeTree of kernel modules. This includes the kernel, plus modules built outside of the kernel. Combine these into a single tree of symlinks because modprobe only supports one directory.
Default:
[ ]Declared by:
<nixos/modules/system/boot/kernel.nix>system.nixosVersionNixOS version.
Default: none
Declared by:
<nixos/modules/misc/version.nix>system.nixosVersionSuffixNixOS version suffix.
Default: none
Declared by:
<nixos/modules/misc/version.nix>system.nssModulesSearch path for NSS (Name Service Switch) modules. This allows several DNS resolution methods to be specified via
/etc/nsswitch.conf.Default:
[ ]Declared by:
<nixos/modules/config/nsswitch.nix>system.requiredKernelConfigThis option allows modules to specify the kernel config options that must be set (or unset) for the module to work. Please use the lib.kernelConfig functions to build list elements.
Default:
[ ]Example:
with config.lib.kernelConfig; [ (isYes "MODULES") (isEnabled "FB_CON_DECOR") (isEnabled "BLK_DEV_INITRD") ]
Declared by:
<nixos/modules/system/boot/kernel.nix>system.sbin.modprobeWrapper around modprobe that sets the path to the modules tree.
Default:
(build of modprobe)Declared by:
<nixos/modules/system/boot/modprobe.nix>systemd.defaultUnitDefault unit started when the system boots.
Default:
"multi-user.target"Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.enableEmergencyModeWhether to enable emergency mode, which is an sulogin shell started on the console if mounting a filesystem fails. Since some machines (like EC2 instances) have no console of any kind, emergency mode doesn't make sense, and it's better to continue with the boot insofar as possible.
Default:
trueDeclared by:
<nixos/modules/system/boot/systemd.nix>systemd.globalEnvironmentEnvironment variables passed to all systemd units.
Default:
{ }Example:
{ TZ = "CET"; }Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.mountsDefinition of systemd mount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from the 'where' attribute.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.mounts.*.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.mounts.*.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.mounts.*.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.mounts.*.descriptionDescription of this unit used in systemd messages and progress indicators.
Default:
""Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.mounts.*.enableIf set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g.
serial-getty@ttyS0) from being started.Default:
trueDeclared by:
<nixos/modules/system/boot/systemd.nix>systemd.mounts.*.mountConfigEach attribute in this set specifies an option in the
[Mount]section of the unit. See systemd.mount(5) for details.Default:
{ }Example:
{ DirectoryMode = "0775"; }Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.mounts.*.optionsOptions used to mount the file system.
Default:
""Example:
"noatime"Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.mounts.*.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.mounts.*.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.mounts.*.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.mounts.*.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.mounts.*.typeFile system type.
Default:
""Example:
"ext4"Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.mounts.*.unitConfigEach attribute in this set specifies an option in the
[Unit]section of the unit. See systemd.unit(5) for details.Default:
{ }Example:
{ RequiresMountsFor = "/data"; }Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.mounts.*.wantedByUnits that want (i.e. depend on) this unit.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.mounts.*.wantsStart the specified units when this unit is started.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.mounts.*.whatAbsolute path of device node, file or other resource. (Mandatory)
Default: none
Example:
"/dev/sda1"Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.mounts.*.whereAbsolute path of a directory of the mount point. Will be created if it doesn't exist. (Mandatory)
Default: none
Example:
"/mnt"Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.packageThe systemd package.
Default:
(build of systemd-203)Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.packagesPackages providing systemd units.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.servicesDefinition of systemd service units.
Default:
{ }Declared by:
<nixos/modules/system/boot/systemd.nix><nixos/modules/rename.nix>systemd.services.<name>.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.services.<name>.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.services.<name>.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.services.<name>.descriptionDescription of this unit used in systemd messages and progress indicators.
Default:
""Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.services.<name>.enableIf set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g.
serial-getty@ttyS0) from being started.Default:
trueDeclared by:
<nixos/modules/system/boot/systemd.nix>systemd.services.<name>.environmentEnvironment variables passed to the services's processes.
Default:
{ }Example:
{ LANG = "nl_NL.UTF-8"; PATH = "/foo/bar/bin"; }Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.services.<name>.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.services.<name>.pathPackages added to the service's
PATHenvironment variable. Both thebinandsbinsubdirectories of each package are added.Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.services.<name>.postStartShell commands executed after the service's main process is started.
Default:
""Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.services.<name>.postStopShell commands executed after the service's main process has exited.
Default:
""Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.services.<name>.preStartShell commands executed before the service's main process is started.
Default:
""Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.services.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.services.<name>.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.services.<name>.restartIfChangedWhether the service should be restarted during a NixOS configuration switch if its definition has changed.
Default:
trueDeclared by:
<nixos/modules/system/boot/systemd.nix>systemd.services.<name>.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.services.<name>.scriptShell commands executed as the service's main process.
Default:
""Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.services.<name>.scriptArgsArguments passed to the main process script.
Default:
""Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.services.<name>.serviceConfigEach attribute in this set specifies an option in the
[Service]section of the unit. See systemd.service(5) for details.Default:
{ }Example:
{ RestartSec = 5; StartLimitInterval = 10; }Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.services.<name>.stopIfChangedIf set, a changed unit is restarted by calling systemctl stop in the old configuration, then systemctl start in the new one. Otherwise, it is restarted in a single step using systemctl restart in the new configuration. The latter is less correct because it runs the
ExecStopcommands from the new configuration.Default:
trueDeclared by:
<nixos/modules/system/boot/systemd.nix>systemd.services.<name>.unitConfigEach attribute in this set specifies an option in the
[Unit]section of the unit. See systemd.unit(5) for details.Default:
{ }Example:
{ RequiresMountsFor = "/data"; }Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.services.<name>.wantedByUnits that want (i.e. depend on) this unit.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.services.<name>.wantsStart the specified units when this unit is started.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.socketsDefinition of systemd socket units.
Default:
{ }Declared by:
<nixos/modules/system/boot/systemd.nix><nixos/modules/rename.nix>systemd.sockets.<name>.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.sockets.<name>.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.sockets.<name>.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.sockets.<name>.descriptionDescription of this unit used in systemd messages and progress indicators.
Default:
""Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.sockets.<name>.enableIf set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g.
serial-getty@ttyS0) from being started.Default:
trueDeclared by:
<nixos/modules/system/boot/systemd.nix>systemd.sockets.<name>.listenStreamsFor each item in this list, a
ListenStreamoption in the[Socket]section will be created.Default:
[ ]Example:
[ "0.0.0.0:993" "/run/my-socket" ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.sockets.<name>.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.sockets.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.sockets.<name>.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.sockets.<name>.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.sockets.<name>.socketConfigEach attribute in this set specifies an option in the
[Socket]section of the unit. See systemd.socket(5) for details.Default:
{ }Example:
{ ListenStream = "/run/my-socket"; }Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.sockets.<name>.unitConfigEach attribute in this set specifies an option in the
[Unit]section of the unit. See systemd.unit(5) for details.Default:
{ }Example:
{ RequiresMountsFor = "/data"; }Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.sockets.<name>.wantedByUnits that want (i.e. depend on) this unit.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.sockets.<name>.wantsStart the specified units when this unit is started.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.targetsDefinition of systemd target units.
Default:
{ }Declared by:
<nixos/modules/system/boot/systemd.nix><nixos/modules/rename.nix>systemd.targets.<name>.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.targets.<name>.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.targets.<name>.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.targets.<name>.descriptionDescription of this unit used in systemd messages and progress indicators.
Default:
""Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.targets.<name>.enableIf set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g.
serial-getty@ttyS0) from being started.Default:
trueDeclared by:
<nixos/modules/system/boot/systemd.nix>systemd.targets.<name>.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.targets.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.targets.<name>.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.targets.<name>.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.targets.<name>.unitConfigEach attribute in this set specifies an option in the
[Unit]section of the unit. See systemd.unit(5) for details.Default:
{ }Example:
{ RequiresMountsFor = "/data"; }Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.targets.<name>.wantedByUnits that want (i.e. depend on) this unit.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.targets.<name>.wantsStart the specified units when this unit is started.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.timersDefinition of systemd timer units.
Default:
{ }Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.timers.<name>.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.timers.<name>.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.timers.<name>.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.timers.<name>.descriptionDescription of this unit used in systemd messages and progress indicators.
Default:
""Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.timers.<name>.enableIf set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g.
serial-getty@ttyS0) from being started.Default:
trueDeclared by:
<nixos/modules/system/boot/systemd.nix>systemd.timers.<name>.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.timers.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.timers.<name>.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.timers.<name>.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.timers.<name>.timerConfigEach attribute in this set specifies an option in the
[Timer]section of the unit. See systemd.timer(5) and systemd.time(5) for details.Default:
{ }Example:
{ OnCalendar = "Sun 14:00:00"; Unit = "foo.service"; }Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.timers.<name>.unitConfigEach attribute in this set specifies an option in the
[Unit]section of the unit. See systemd.unit(5) for details.Default:
{ }Example:
{ RequiresMountsFor = "/data"; }Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.timers.<name>.wantedByUnits that want (i.e. depend on) this unit.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.timers.<name>.wantsStart the specified units when this unit is started.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.unitsDefinition of systemd units.
Default:
{ }Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.units.<name>.enableIf set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g.
serial-getty@ttyS0) from being started.Default:
trueDeclared by:
<nixos/modules/system/boot/systemd.nix>systemd.units.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.units.<name>.textText of this systemd unit.
Default: none
Declared by:
<nixos/modules/system/boot/systemd.nix>systemd.units.<name>.wantedByUnits that want (i.e. depend on) this unit.
Default:
[ ]Declared by:
<nixos/modules/system/boot/systemd.nix>time.hardwareClockInLocalTimeIf set, keep the hardware clock in local time instead of UTC.
Default:
falseDeclared by:
<nixos/modules/config/timezone.nix>time.timeZoneThe time zone used when displaying times and dates.
Default:
"CET"Example:
"America/New_York"Declared by:
<nixos/modules/config/timezone.nix>users.defaultUserShellThis option defines the default shell assigned to user accounts. This must not be a store path, since the path is used outside the store (in particular in /etc/passwd). Rather, it should be the path of a symlink that points to the actual shell in the Nix store.
Default:
"/run/current-system/sw/bin/bash"Declared by:
<nixos/modules/programs/shadow.nix>users.extraGroupsAdditional groups to be created automatically by the system.
Default:
{ }Example:
{ hackers = { } ; students = { gid = 1001; } ; }Declared by:
<nixos/modules/config/users-groups.nix>users.extraGroups.<name?>.gidThe GID of the group. If undefined, NixOS will select a free GID.
Default:
Declared by:
<nixos/modules/config/users-groups.nix>users.extraGroups.<name?>.nameThe name of the group. If undefined, the name of the attribute set will be used.
Default: none
Declared by:
<nixos/modules/config/users-groups.nix>users.extraUsersAdditional user accounts to be created automatically by the system.
Default:
{ }Example:
{ alice = { createHome = true; description = "Alice"; extraGroups = [ "wheel" ] ; group = "users"; home = "/home/alice"; password = "foobar"; shell = "/bin/sh"; uid = 1234; } ; }Declared by:
<nixos/modules/services/networking/ssh/sshd.nix><nixos/modules/config/users-groups.nix>users.extraUsers.<name?>.createHomeIf true, the home directory will be created automatically.
Default:
falseDeclared by:
<nixos/modules/config/users-groups.nix>users.extraUsers.<name?>.createUserIndicates if the user should be created automatically as a local user. Set this to false if the user for instance is an LDAP user. NixOS will then not modify any of the basic properties for the user account.
Default:
trueDeclared by:
<nixos/modules/config/users-groups.nix>users.extraUsers.<name?>.descriptionA short description of the user account.
Default:
""Declared by:
<nixos/modules/config/users-groups.nix>users.extraUsers.<name?>.extraGroupsThe user's auxiliary groups.
Default:
[ ]Declared by:
<nixos/modules/config/users-groups.nix>users.extraUsers.<name?>.groupThe user's primary group.
Default:
"nogroup"Declared by:
<nixos/modules/config/users-groups.nix>users.extraUsers.<name?>.homeThe user's home directory.
Default:
"/var/empty"Declared by:
<nixos/modules/config/users-groups.nix>users.extraUsers.<name?>.isAliasIf true, the UID of this user is not required to be unique and can thus alias another user.
Default:
falseDeclared by:
<nixos/modules/config/users-groups.nix>users.extraUsers.<name?>.isSystemUserIndicates if the user is a system user or not.
Default:
trueDeclared by:
<nixos/modules/config/users-groups.nix>users.extraUsers.<name?>.nameThe name of the user account. If undefined, the name of the attribute set will be used.
Default: none
Declared by:
<nixos/modules/config/users-groups.nix>users.extraUsers.<name?>.openssh.authorizedKeys.keyFilesA list of files each containing one OpenSSH public key that should be added to the user's authorized keys. The contents of the files are read at build time and added to a file that the SSH daemon reads in addition to the the user's authorized_keys file. You can combine the
keyFilesandkeysoptions.Default:
[ ]Declared by:
<nixos/modules/services/networking/ssh/sshd.nix>users.extraUsers.<name?>.openssh.authorizedKeys.keysA list of verbatim OpenSSH public keys that should be added to the user's authorized keys. The keys are added to a file that the SSH daemon reads in addition to the the user's authorized_keys file. You can combine the
keysandkeyFilesoptions.Default:
[ ]Declared by:
<nixos/modules/services/networking/ssh/sshd.nix>users.extraUsers.<name?>.passwordThe user's password. If undefined, no password is set for the user. Warning: do not set confidential information here because this data would be readable by all. This option should only be used for public account such as guest.
Default:
Declared by:
<nixos/modules/config/users-groups.nix>users.extraUsers.<name?>.shellThe path to the user's shell.
Default:
"/run/current-system/sw/sbin/nologin"Declared by:
<nixos/modules/config/users-groups.nix>users.extraUsers.<name?>.uidThe account UID. If undefined, NixOS will select a free UID.
Default:
Declared by:
<nixos/modules/config/users-groups.nix>users.extraUsers.<name?>.useDefaultShellIf true, the user's shell will be set to
users.defaultUserShell.Default:
falseDeclared by:
<nixos/modules/config/users-groups.nix>users.ldap.baseThe distinguished name of the search base.
Default: none
Example:
"dc=example,dc=org"Declared by:
<nixos/modules/config/ldap.nix>users.ldap.bind.distinguishedNameThe distinguished name to bind to the LDAP server with. If this is not specified, an anonymous bind will be done.
Default:
""Example:
"cn=admin,dc=example,dc=com"Declared by:
<nixos/modules/config/ldap.nix>users.ldap.bind.passwordThe path to a file containing the credentials to use when binding to the LDAP server (if not binding anonymously).
Default:
"/etc/ldap/bind.password"Declared by:
<nixos/modules/config/ldap.nix>users.ldap.bind.policySpecifies the policy to use for reconnecting to an unavailable LDAP server. The default is
hard_open, which reconnects if opening the connection to the directory server failed. By contrast,hard_initreconnects if initializing the connection failed. Initializing may not actually contact the directory server, and it is possible that a malformed configuration file will trigger reconnection. Ifsoftis specified, thennss_ldapwill return immediately on server failure. All hard reconnect policies block with exponential backoff before retrying.Default:
"hard_open"Declared by:
<nixos/modules/config/ldap.nix>users.ldap.bind.timeLimitSpecifies the time limit (in seconds) to use when connecting to the directory server. This is distinct from the time limit specified in
users.ldap.timeLimitand affects the initial server connection only.Default:
30Declared by:
<nixos/modules/config/ldap.nix>users.ldap.daemon.enableWhether to let the nslcd daemon (nss-pam-ldapd) handle the LDAP lookups for NSS and PAM. This can improve performance, and if you need to bind to the LDAP server with a password, it increases security, since only the nslcd user needs to have access to the bindpw file, not everyone that uses NSS and/or PAM. If this option is enabled, a local nscd user is created automatically, and the nslcd service is started automatically when the network get up.
Default:
falseDeclared by:
<nixos/modules/config/ldap.nix>users.ldap.daemon.extraConfigExtra configuration options that will be added verbatim at the end of the nslcd configuration file (nslcd.conf).
Default:
""Declared by:
<nixos/modules/config/ldap.nix>users.ldap.enableWhether to enable authentication against an LDAP server.
Default:
falseDeclared by:
<nixos/modules/config/ldap.nix>users.ldap.extraConfigExtra configuration options that will be added verbatim at the end of the ldap configuration file (ldap.conf). If
users.ldap.daemonis enabled, this configuration will not be used. In that case, useusers.ldap.daemon.extraConfiginstead.Default:
""Declared by:
<nixos/modules/config/ldap.nix>users.ldap.serverThe URL of the LDAP server.
Default: none
Example:
"ldap://ldap.example.org/"Declared by:
<nixos/modules/config/ldap.nix>users.ldap.timeLimitSpecifies the time limit (in seconds) to use when performing searches. A value of zero (0), which is the default, is to wait indefinitely for searches to be completed.
Default:
0Declared by:
<nixos/modules/config/ldap.nix>users.ldap.useTLSIf enabled, use TLS (encryption) over an LDAP (port 389) connection. The alternative is to specify an LDAPS server (port 636) in
users.ldap.serveror to forego security.Default:
falseDeclared by:
<nixos/modules/config/ldap.nix>users.motdMessage of the day shown to users when they log in.
Default:
Example:
"Today is Sweetmorn, the 4th day of The Aftermath in the YOLD 3178."Declared by:
<nixos/modules/security/pam.nix>virtualisation.libvirtd.enableThis option enables libvirtd, a daemon that manages virtual machines. You can interact with the daemon (e.g. to start or stop VMs) using the virsh command line tool, among others.
Default:
falseDeclared by:
<nixos/modules/virtualisation/libvirtd.nix>virtualisation.libvirtd.enableKVMThis option enables support for QEMU/KVM in libvirtd.
Default:
trueDeclared by:
<nixos/modules/virtualisation/libvirtd.nix>virtualisation.nova.enableSingleNodeThis option enables Nova, also known as OpenStack Compute, a cloud computing system, as a single-machine installation. That is, all of Nova's components are enabled on this machine, using SQLite as Nova's database. This is useful for evaluating and experimenting with Nova. However, for a real cloud computing environment, you'll want to enable some of Nova's services on other machines, and use a database such as MySQL.
Default:
falseDeclared by:
<nixos/modules/virtualisation/nova.nix>virtualisation.nova.extraConfigAdditional text appended to
nova.conf, the main Nova configuration file.Default:
""Declared by:
<nixos/modules/virtualisation/nova.nix>virtualisation.xen.bootParamsParameters passed to the Xen hypervisor at boot time.
Default:
""Declared by:
<nixos/modules/virtualisation/xen-dom0.nix>virtualisation.xen.domain0MemorySizeAmount of memory (in MiB) allocated to Domain 0 on boot. If set to 0, all memory is assigned to Domain 0.
Default:
0Example:
512Declared by:
<nixos/modules/virtualisation/xen-dom0.nix>virtualisation.xen.enableSetting this option enables the Xen hypervisor, a virtualisation technology that allows multiple virtual machines, known as domains, to run concurrently on the physical machine. NixOS runs as the privileged Domain 0. This option requires a reboot to take effect.
Default:
falseDeclared by:
<nixos/modules/virtualisation/xen-dom0.nix>