boot.enableContainers
Whether to enable support for nixos containers.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
boot.binfmtMiscRegistrations
Extra binary formats to register with the kernel. See https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html for more details.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmtMiscRegistrations.<name>.fixBinary
Whether to open the interpreter file as soon as the registration is loaded, rather than waiting for a relevant file to be invoked.
See the description of the 'F' flag in the kernel docs for more details.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmtMiscRegistrations.<name>.interpreter
The interpreter to invoke to run the program.
Note that the actual registration will point to /run/binfmt/${name}, so the kernel interpreter length limit doesn't apply.
Type: path
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmtMiscRegistrations.<name>.magicOrExtension
The magic number or extension to match on.
Type: string
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmtMiscRegistrations.<name>.mask
A mask to be ANDed with the byte sequence of the file before matching
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmtMiscRegistrations.<name>.matchCredentials
Whether to launch with the credentials and security token of the binary, not the interpreter (e.g. setuid bit).
See the description of the 'C' flag in the kernel docs for more details.
Implies/requires openBinary = true.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmtMiscRegistrations.<name>.offset
The byte offset of the magic number used for recognition.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmtMiscRegistrations.<name>.openBinary
Whether to pass the binary to the interpreter as an open file descriptor, instead of a path.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmtMiscRegistrations.<name>.preserveArgvZero
Whether to pass the original argv[0] to the interpreter.
See the description of the 'P' flag in the kernel docs for more details;
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmtMiscRegistrations.<name>.recognitionType
Whether to recognize executables by magic number or extension.
Type: one of "magic", "extension"
Default:
"magic"
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.blacklistedKernelModules
List of names of kernel modules that should not be loaded automatically by the hardware probing code.
Type: list of strings
Default:
[
]
Example:
[
"cirrusfb" "i2c_piix4"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/modprobe.nix>
|
boot.cleanTmpDir
Whether to delete all files in /tmp
during boot.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/tmp.nix>
|
boot.consoleLogLevel
The kernel console loglevel
. All Kernel Messages with a log level smaller
than this setting will be printed to the console.
Type: signed integer
Default:
4
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.crashDump.enable
If enabled, NixOS will set up a kernel that will boot on crash, and leave the user in systemd rescue to be able to save the crashed kernel dump at /proc/vmcore. It also activates the NMI watchdog.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/misc/crashdump.nix>
|
boot.crashDump.kernelParams
Parameters that will be passed to the kernel kexec-ed on crash.
Type: list of strings
Default:
[
"1" "boot.shell_on_fail"
]
Declared by:
<nixpkgs/nixos/modules/misc/crashdump.nix>
|
boot.crashDump.reservedMemory
The amount of memory reserved for the crashdump kernel. If you choose a too high value, dmesg will mention "crashkernel reservation failed".
Type: unspecified
Default:
"128M"
Declared by:
<nixpkgs/nixos/modules/misc/crashdump.nix>
|
boot.devShmSize
Size limit for the /dev/shm tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.
Type: string
Default:
"50%"
Example:
"256m"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-2.nix>
|
boot.devSize
Size limit for the /dev tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.
Type: string
Default:
"5%"
Example:
"32m"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-2.nix>
|
boot.earlyVconsoleSetup
Enable setting font as early as possible (in initrd).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/kbd.nix>
|
boot.extraModprobeConfig
Any additional configuration to be appended to the generated
modprobe.conf
. This is typically used to
specify module options. See
modprobe.conf(5) for details.
Type: string
Default:
""
Example:
'' options parport_pc io=0x378 irq=7 dma=1 ''
Declared by:
<nixpkgs/nixos/modules/system/boot/modprobe.nix>
|
boot.extraModulePackages
A list of additional packages supplying kernel modules.
Type: list of packages
Default:
[
]
Example:
[ pkgs.linuxPackages.nvidia_x11 ]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.extraTTYs
Tty (virtual console) devices, in addition to the consoles on
which mingetty and syslogd run, that must be initialised.
Only useful if you have some program that you want to run on
some fixed console. For example, the NixOS installation CD
opens the manual in a web browser on console 7, so it sets
boot.extraTTYs
to ["tty7"]
.
Type: list of strings
Default:
[
]
Example:
[
"tty8" "tty9"
]
Declared by:
<nixpkgs/nixos/modules/tasks/kbd.nix>
|
boot.growPartition
Whether to enable grow the root partition on boot.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/grow-partition.nix>
|
boot.hardwareScan
Whether to try to load kernel modules for all detected hardware. Usually this does a good job of providing you with the modules you need, but sometimes it can crash the system or cause other nasty effects.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
boot.initrd.availableKernelModules
The set of kernel modules in the initial ramdisk used during the
boot process. This set must include all modules necessary for
mounting the root device. That is, it should include modules
for the physical device (e.g., SCSI drivers) and for the file
system (e.g., ext3). The set specified here is automatically
closed under the module dependency relation, i.e., all
dependencies of the modules list here are included
automatically. The modules listed here are available in the
initrd, but are only loaded on demand (e.g., the ext3 module is
loaded automatically when an ext3 filesystem is mounted, and
modules for PCI devices are loaded when they match the PCI ID
of a device in your system). To force a module to be loaded,
include it in boot.initrd.kernelModules
.
Type: list of strings
Default:
[
]
Example:
[
"sata_nv" "ext3"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.initrd.checkJournalingFS
Whether to run fsck on journaling filesystems such as ext3.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.kernelModules
List of modules that are always loaded by the initrd.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.initrd.luks.cryptoModules
A list of cryptographic kernel modules needed to decrypt the root device(s). The default includes all common modules.
Type: list of strings
Default:
[
"aes" "aes_generic" "blowfish" "twofish" "serpent" "cbc" "xts" "lrw" "sha1" "sha256" "sha512" "aes_x86_64"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices
The encrypted disk that should be opened before the root
filesystem is mounted. Both LVM-over-LUKS and LUKS-over-LVM
setups are supported. The unencrypted devices can be accessed as
/dev/mapper/
.
name
Type: list or attribute set of submodules
Default:
{
}
Example:
{
luksroot =
{
device = "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08";
}
;
}
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name?>.allowDiscards
Whether to allow TRIM requests to the underlying device. This option has security implications; please read the LUKS documentation before activating it.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name?>.device
Path of the underlying encrypted block device.
Type: string
Example:
"/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name?>.fallbackToPassword
Whether to fallback to interactive passphrase prompt if the keyfile cannot be found. This will prevent unattended boot should the keyfile go missing.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name?>.header
The name of the file or block device that should be used as header for the encrypted device.
Type: null or string
Default:
null
Example:
"/root/header.img"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name?>.keyFile
The name of the file (can be a raw device or a partition) that should be used as the decryption key for the encrypted device. If not specified, you will be prompted for a passphrase instead.
Type: null or string
Default:
null
Example:
"/dev/sdb1"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name?>.keyFileOffset
The offset of the key file. Use this in combination with
keyFileSize
to use part of a file as key file
(often the case if a raw device or partition is used as a key file).
If not specified, the key begins at the first byte of
keyFile
.
Type: null or signed integer
Default:
null
Example:
4096
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name?>.keyFileSize
The size of the key file. Use this if only the beginning of the
key file should be used as a key (often the case if a raw device
or partition is used as key file). If not specified, the whole
keyFile
will be used decryption, instead of just
the first keyFileSize
bytes.
Type: null or signed integer
Default:
null
Example:
4096
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name?>.preLVM
Whether the luksOpen will be attempted before LVM scan or after it.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name?>.yubikey
The options to use for this LUKS device in Yubikey-PBA. If null (the default), Yubikey-PBA will be disabled for this device.
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name?>.yubikey.gracePeriod
Time in seconds to wait for the Yubikey.
Type: signed integer
Default:
10
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name?>.yubikey.iterationStep
How much the iteration count for PBKDF2 is increased at each successful authentication.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name?>.yubikey.keyLength
Length of the LUKS slot key derived with PBKDF2 in byte.
Type: signed integer
Default:
64
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name?>.yubikey.saltLength
Length of the new salt in byte (64 is the effective maximum).
Type: signed integer
Default:
16
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name?>.yubikey.slot
Which slot on the Yubikey to challenge.
Type: signed integer
Default:
2
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name?>.yubikey.storage.device
An unencrypted device that will temporarily be mounted in stage-1. Must contain the current salt to create the challenge for this LUKS device.
Type: path
Default:
"/dev/sda1"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name?>.yubikey.storage.fsType
The filesystem of the unencrypted device.
Type: string
Default:
"vfat"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name?>.yubikey.storage.path
Absolute path of the salt on the unencrypted device with that device's root directory as "/".
Type: string
Default:
"/crypt-storage/default"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name?>.yubikey.twoFactor
Whether to use a passphrase and a Yubikey (true), or only a Yubikey (false).
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.mitigateDMAAttacks
Unless enabled, encryption keys can be easily recovered by an attacker with physical access to any machine with PCMCIA, ExpressCard, ThunderBolt or FireWire port. More information is available at http://en.wikipedia.org/wiki/DMA_attack.
This option blacklists FireWire drivers, but doesn't remove them. You can manually load the drivers if you need to use a FireWire device, but don't forget to unload them!
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.reusePassphrases
When opening a new LUKS device try reusing last successful passphrase.
Useful for mounting a number of devices that use the same passphrase without retyping it several times.
Such setup can be useful if you use cryptsetup luksSuspend. Different LUKS devices will still have different master keys even when using the same passphrase.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.yubikeySupport
Enables support for authenticating with a Yubikey on LUKS devices. See the NixOS wiki for information on how to properly setup a LUKS device and a Yubikey to work with this feature.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.mdadmConf
Contents of /etc/mdadm.conf
in stage 1.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.network.enable
Add network connectivity support to initrd. The network may be
configured using the ip
kernel parameter,
as described in the
kernel documentation. Otherwise, if
networking.useDHCP
is enabled, an IP address
is acquired using DHCP.
You should add the module(s) required for your network card to boot.initrd.availableKernelModules. lspci -v -s <ethernet controller> will tell you which.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-network.nix>
|
boot.initrd.network.postCommands
Shell commands to be executed after stage 1 of the boot has initialised the network.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-network.nix>
|
boot.initrd.network.ssh.enable
Start SSH service during initrd boot. It can be used to debug failing boot on a remote server, enter pasphrase for an encrypted partition etc. Service is killed when stage-1 boot is finished.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
|
boot.initrd.network.ssh.authorizedKeys
Authorized keys for the root user on initrd.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
|
boot.initrd.network.ssh.hostDSSKey
DSS SSH private key file in the Dropbear format.
WARNING: Unless your bootloader supports initrd secrets, this key is contained insecurely in the global Nix store. Do NOT use your regular SSH host private keys for this purpose or you'll expose them to regular users!
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
|
boot.initrd.network.ssh.hostECDSAKey
ECDSA SSH private key file in the Dropbear format.
WARNING: Unless your bootloader supports initrd secrets, this key is contained insecurely in the global Nix store. Do NOT use your regular SSH host private keys for this purpose or you'll expose them to regular users!
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
|
boot.initrd.network.ssh.hostRSAKey
RSA SSH private key file in the Dropbear format.
WARNING: Unless your bootloader supports initrd secrets, this key is contained insecurely in the global Nix store. Do NOT use your regular SSH host private keys for this purpose or you'll expose them to regular users!
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
|
boot.initrd.network.ssh.port
Port on which SSH initrd service should listen.
Type: signed integer
Default:
22
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
|
boot.initrd.network.ssh.shell
Login shell of the remote user. Can be used to limit actions user can do.
Type: string
Default:
"/bin/ash"
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
|
boot.initrd.network.udhcpc.extraArgs
Additional command-line arguments passed verbatim to udhcpc if
boot.initrd.network.enable
and networking.useDHCP
are enabled.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-network.nix>
|
boot.initrd.postDeviceCommands
Shell commands to be executed immediately after stage 1 of the
boot has loaded kernel modules and created device nodes in
/dev
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.postMountCommands
Shell commands to be executed immediately after the stage 1 filesystems have been mounted.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.preDeviceCommands
Shell commands to be executed before udev is started to create device nodes.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.preFailCommands
Shell commands to be executed before the failure prompt is shown.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.preLVMCommands
Shell commands to be executed immediately before LVM discovery.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.prepend
Other initrd files to prepend to the final initrd we are building.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.supportedFilesystems
Names of supported filesystem types in the initial ramdisk.
Type: list of strings
Default:
[
]
Example:
[
"btrfs"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.isContainer
Whether this NixOS machine is a lightweight container running in another NixOS system.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
boot.kernel.sysctl
Runtime parameters of the Linux kernel, as set by
sysctl(8). Note that sysctl
parameters names must be enclosed in quotes
(e.g. "vm.swappiness"
instead of
vm.swappiness
). The value of each
parameter may be a string, integer, boolean, or null
(signifying the option will not appear at all).
Type: attribute set of sysctl option values
Default:
{
}
Example:
{ "net.ipv4.tcp_syncookies" = false; "vm.swappiness" = 60; }
Declared by:
<nixpkgs/nixos/modules/config/sysctl.nix>
|
boot.kernelModules
The set of kernel modules to be loaded in the second stage of
the boot process. Note that modules that are needed to
mount the root file system should be added to
boot.initrd.availableKernelModules
or
boot.initrd.kernelModules
.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.kernelPackages
This option allows you to override the Linux kernel used by
NixOS. Since things like external kernel module packages are
tied to the kernel you're using, it also overrides those.
This option is a function that takes Nixpkgs as an argument
(as a convenience), and returns an attribute set containing at
the very least an attribute kernel
.
Additional attributes may be needed depending on your
configuration. For instance, if you use the NVIDIA X driver,
then it also needs to contain an attribute
nvidia_x11
.
Type: unspecified
Default:
"pkgs.linuxPackages"
Example:
pkgs.linuxPackages_2_6_25
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.kernelParams
Parameters added to the kernel command line.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.kernelPatches
A list of additional patches to apply to the kernel.
Type: list of attribute sets
Default:
[
]
Example:
[ pkgs.kernelPatches.ubuntu_fan_4_4 ]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.loader.efi.canTouchEfiVariables
Whether the installation process is allowed to modify EFI boot variables.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/efi.nix>
|
boot.loader.efi.efiSysMountPoint
Where the EFI System Partition is mounted.
Type: string
Default:
"/boot"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/efi.nix>
|
boot.loader.generationsDir.enable
Whether to create symlinks to the system generations under
/boot
. When enabled,
/boot/default/kernel
,
/boot/default/initrd
, etc., are updated to
point to the current generation's kernel image, initial RAM
disk, and other bootstrap files.
This optional is not necessary with boot loaders such as GNU GRUB for which the menu is updated to point to the latest bootstrap files. However, it is needed for U-Boot on platforms where the boot command line is stored in flash memory rather than in a menu file.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix>
|
boot.loader.generationsDir.copyKernels
Whether copy the necessary boot files into /boot, so /nix/store is not needed by the boot loader.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix>
|
boot.loader.generic-extlinux-compatible.enable
Whether to generate an extlinux-compatible configuration file
under /boot/extlinux.conf
. For instance,
U-Boot's generic distro boot support uses this file format.
See U-boot's documentation for more information.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible>
|
boot.loader.generic-extlinux-compatible.configurationLimit
Maximum number of configurations in the boot menu.
Type: signed integer
Default:
20
Example:
10
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible>
|
boot.loader.grub.enable
Whether to enable the GNU GRUB boot loader.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.enableCryptodisk
Enable support for encrypted partitions. GRUB should automatically unlock the correct encrypted partition and look for filesystems.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.backgroundColor
Background color to be used for GRUB to fill the areas the image isn't filling.
This options has no effect for GRUB 1.
Type: null or string
Default:
null
Example:
"#7EBAE4"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.configurationLimit
Maximum of configurations in boot menu. GRUB has problems when there are too many entries.
Type: signed integer
Default:
100
Example:
120
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.configurationName
GRUB entry name instead of default.
Type: string
Default:
""
Example:
"Stable 2.6.21"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.copyKernels
Whether the GRUB menu builder should copy kernels and initial ramdisks to /boot. This is done automatically if /boot is on a different partition than /.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.default
Index of the default menu item to be booted.
Type: signed integer or string
Default:
"0"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.device
The device on which the GRUB boot loader will be installed.
The special value nodev
means that a GRUB
boot menu will be generated, but GRUB itself will not
actually be installed. To install GRUB on multiple devices,
use boot.loader.grub.devices
.
Type: string
Default:
""
Example:
"/dev/disk/by-id/wwn-0x500001234567890a"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.devices
The devices on which the boot loader, GRUB, will be
installed. Can be used instead of device
to
install GRUB onto multiple devices.
Type: list of strings
Default:
[
]
Example:
[
"/dev/disk/by-id/wwn-0x500001234567890a"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.efiInstallAsRemovable
Whether to invoke grub-install
with
--removable
.
Unless you turn this on, GRUB will install itself somewhere in
boot.loader.efi.efiSysMountPoint
(exactly where
depends on other config variables). If you've set
boot.loader.efi.canTouchEfiVariables
*AND* you
are currently booted in UEFI mode, then GRUB will use
efibootmgr
to modify the boot order in the
EFI variables of your firmware to include this location. If you are
*not* booted in UEFI mode at the time GRUB is being installed, the
NVRAM will not be modified, and your system will not find GRUB at
boot time. However, GRUB will still return success so you may miss
the warning that gets printed ("efibootmgr: EFI variables
are not supported on this system.
").
If you turn this feature on, GRUB will install itself in a
special location within efiSysMountPoint
(namely
EFI/boot/boot$arch.efi
) which the firmwares
are hardcoded to try first, regardless of NVRAM EFI variables.
To summarize, turn this on if:
You are installing NixOS and want it to boot in UEFI mode, but you are currently booted in legacy mode
You want to make a drive that will boot regardless of the NVRAM state of the computer (like a USB "removable" drive)
You simply dislike the idea of depending on NVRAM state to make your drive bootable
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.efiSupport
Whether GRUB should be built with EFI support. EFI support is only available for GRUB v2. This option is ignored for GRUB v1.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraConfig
Additional GRUB commands inserted in the configuration file just before the menu entries.
Type: string
Default:
""
Example:
"serial; terminal_output.serial"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraEntries
Any additional entries you want added to the GRUB boot menu.
Type: string
Default:
""
Example:
'' # GRUB 1 example (not GRUB 2 compatible) title Windows chainloader (hd0,1)+1 # GRUB 2 example menuentry "Windows 7" { chainloader (hd0,4)+1 } # GRUB 2 with UEFI example, chainloading another distro menuentry "Fedora" { set root=(hd1,1) chainloader /efi/fedora/grubx64.efi } ''
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraEntriesBeforeNixOS
Whether extraEntries are included before the default option.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraFiles
A set of files to be copied to /boot
.
Each attribute name denotes the destination file name in
/boot
, while the corresponding
attribute value specifies the source file.
Type: attribute set of paths
Default:
{
}
Example:
{ "memtest.bin" = "${pkgs.memtest86plus}/memtest.bin"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraInitrd
The path to a second initramfs to be supplied to the kernel. This ramfs will not be copied to the store, so that it can contain secrets such as LUKS keyfiles or ssh keys. This implies that rolling back to a previous configuration won't rollback the state of this file.
Type: null or path
Default:
null
Example:
"/boot/extra_initramfs.gz"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraPerEntryConfig
Additional GRUB commands inserted in the configuration file at the start of each NixOS menu entry.
Type: string
Default:
""
Example:
"root (hd0)"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraPrepareConfig
Additional bash commands to be run at the script that prepares the GRUB menu entries.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.font
Path to a TrueType, OpenType, or pf2 font to be used by Grub.
Type: null or path
Default:
"\${pkgs.grub2}/share/grub/unicode.pf2"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.fontSize
Font size for the grub menu. Ignored unless font
is set to a ttf or otf font.
Type: null or signed integer
Default:
null
Example:
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.forceInstall
Whether to try and forcibly install GRUB even if problems are detected. It is not recommended to enable this unless you know what you are doing.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.fsIdentifier
Determines how GRUB will identify devices when generating the configuration file. A value of uuid / label signifies that grub will always resolve the uuid or label of the device before using it in the configuration. A value of provided means that GRUB will use the device name as show in df or mount. Note, zfs zpools / datasets are ignored and will always be mounted using their labels.
Type: one of "uuid", "label", "provided"
Default:
"uuid"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.gfxmodeBios
The gfxmode to pass to GRUB when loading a graphical boot interface under BIOS.
Type: string
Default:
"1024x768"
Example:
"auto"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.gfxmodeEfi
The gfxmode to pass to GRUB when loading a graphical boot interface under EFI.
Type: string
Default:
"auto"
Example:
"1024x768"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.ipxe
Set of iPXE scripts available for booting from the GRUB boot menu.
Type: attribute set of path or strings
Default:
{
}
Example:
{ demo = '' #!ipxe dhcp chain http://boot.ipxe.org/demo/boot.php ''; }
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/ipxe.nix>
|
boot.loader.grub.memtest86.enable
Make Memtest86+, a memory testing program, available from the GRUB boot menu.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/memtest.nix>
|
boot.loader.grub.memtest86.params
Parameters added to the Memtest86+ command line. As of memtest86+ 5.01 the following list of (apparently undocumented) parameters are accepted:
console=...
, set up a serial console.
Examples:
console=ttyS0
,
console=ttyS0,9600
or
console=ttyS0,115200n8
.
btrace
, enable boot trace.
maxcpus=N
, limit number of CPUs.
onepass
, run one pass and exit if there
are no errors.
tstlist=...
, list of tests to run.
Example: 0,1,2
.
cpumask=...
, set a CPU mask, to select CPUs
to use for testing.
This list of command line options was obtained by reading the Memtest86+ source code.
Type: list of strings
Default:
[
]
Example:
[
"console=ttyS0,115200"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/memtest.nix>
|
boot.loader.grub.mirroredBoots
Mirror the boot configuration to multiple partitions and install grub to the respective devices corresponding to those partitions.
Type: list of submodules
Default:
[
]
Example:
[
{
devices =
[
"/dev/disk/by-id/wwn-0x500001234567890a"
]
; path = "/boot1";
}
{
devices =
[
"/dev/disk/by-id/wwn-0x500009876543210a"
]
; path = "/boot2";
}
]
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.mirroredBoots.*.devices
The path to the devices which will have the GRUB MBR written. Note these are typically device paths and not paths to partitions.
Type: list of strings
Default:
[
]
Example:
[
"/dev/disk/by-id/wwn-0x500001234567890a" "/dev/disk/by-id/wwn-0x500009876543210a"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.mirroredBoots.*.efiBootloaderId
The id of the bootloader to store in efi nvram.
The default is to name it NixOS and append the path or efiSysMountPoint.
This is only used if boot.loader.efi.canTouchEfiVariables
is true.
Type: null or string
Default:
null
Example:
"NixOS-fsid"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.mirroredBoots.*.efiSysMountPoint
The path to the efi system mount point. Usually this is the same partition as the above path and can be left as null.
Type: null or string
Default:
null
Example:
"/boot1/efi"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.mirroredBoots.*.path
The path to the boot directory where GRUB will be written. Generally this boot path should double as an EFI path.
Type: string
Example:
"/boot1"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.splashImage
Background image used for GRUB.
Set to null
to run GRUB in text mode.
For grub 1: It must be a 640x480, 14-colour image in XPM format, optionally compressed with gzip or bzip2.
For grub 2: File must be one of .png, .tga, .jpg, or .jpeg. JPEG images must not be progressive. The image will be scaled if necessary to fit the screen.
Type: null or path
Example:
./my-background.png
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.splashMode
Whether to stretch the image or show the image in the top-left corner unstretched.
This options has no effect for GRUB 1.
Type: one of "normal", "stretch"
Default:
"stretch"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.storePath
Path to the Nix store when looking for kernels at boot. Only makes sense when copyKernels is false.
Type: string
Default:
"/nix/store"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.trustedBoot.enable
Enable trusted boot. GRUB will measure all critical components during the boot process to offer TCG (TPM) support.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.trustedBoot.isHPLaptop
Use a special version of TrustedGRUB that is needed by some HP laptops and works only for the HP laptops.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.trustedBoot.systemHasTPM
Assertion that the target system has an activated TPM. It is a safety check before allowing the activation of 'trustedBoot.enable'. TrustedBoot WILL FAIL TO BOOT YOUR SYSTEM if no TPM is available.
Type: string
Default:
""
Example:
"YES_TPM_is_activated"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.useOSProber
If set to true, append entries for other OSs detected by os-prober.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.version
The version of GRUB to use: 1
for GRUB
Legacy (versions 0.9x), or 2
(the
default) for GRUB 2.
Type: signed integer
Default:
2
Example:
1
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.zfsSupport
Whether GRUB should be built against libzfs. ZFS support is only available for GRUB v2. This option is ignored for GRUB v1.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.initScript.enable
Some systems require a /sbin/init script which is started. Or having it makes starting NixOS easier. This applies to some kind of hosting services and user mode linux.
Additionally this script will create /boot/init-other-configurations-contents.txt containing contents of remaining configurations. You can copy paste them into /sbin/init manually running a rescue system or such.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/init-script/init-script.nix>
|
boot.loader.raspberryPi.enable
Whether to create files with the system generations in
/boot
.
/boot/old
will hold files from old generations.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>
|
boot.loader.raspberryPi.firmwareConfig
Extra options that will be appended to /boot/config.txt
file.
For possible values, see: https://www.raspberrypi.org/documentation/configuration/config-txt/
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>
|
boot.loader.raspberryPi.uboot.enable
Enable using uboot as bootmanager for the raspberry pi.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>
|
boot.loader.raspberryPi.uboot.configurationLimit
Maximum number of configurations in the boot menu.
Type: signed integer
Default:
20
Example:
10
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>
|
boot.loader.raspberryPi.version
Type: one of 1, 2, 3
Default:
2
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>
|
boot.loader.systemd-boot.enable
Whether to enable the systemd-boot (formerly gummiboot) EFI boot manager
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.consoleMode
The resolution of the console. The following values are valid:
"0"
: Standard UEFI 80x25 mode
"1"
: 80x50 mode, not supported by all devices
"2"
: The first non-standard mode provided by the device firmware, if any
"auto"
: Pick a suitable mode automatically using heuristics
"max"
: Pick the highest-numbered available mode
"keep"
: Keep the mode selected by firmware (the default)
Type: one of "0", "1", "2", "auto", "max", "keep"
Default:
"keep"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.editor
Whether to allow editing the kernel command-line before boot. It is recommended to set this to false, as it allows gaining root access by passing init=/bin/sh as a kernel parameter. However, it is enabled by default for backwards compatibility.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.timeout
Timeout (in seconds) until loader boots the default menu item. Use null if the loader menu should be displayed indefinitely.
Type: null or signed integer
Default:
5
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/loader.nix>
|
boot.plymouth.enable
Whether to enable Plymouth boot splash screen.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/plymouth.nix>
|
boot.plymouth.logo
Logo which is displayed on the splash screen.
Type: path
Default:
'' pkgs.fetchurl { url = "https://nixos.org/logo/nixos-hires.png"; sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si"; }''
Declared by:
<nixpkgs/nixos/modules/system/boot/plymouth.nix>
|
boot.plymouth.theme
Splash screen theme.
Type: string
Default:
"breeze"
Declared by:
<nixpkgs/nixos/modules/system/boot/plymouth.nix>
|
boot.plymouth.themePackages
Extra theme packages for plymouth.
Type: list of packages
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/plymouth.nix>
|
boot.postBootCommands
Shell commands to be executed just before systemd is started.
Type: string
Default:
""
Example:
"rm -f /var/log/messages"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-2.nix>
|
boot.resumeDevice
Device for manual resume attempt during boot. This should be used primarily
if you want to resume from file. If left empty, the swap partitions are used.
Specify here the device where the file resides.
You should also use boot.kernelParams
to specify
.
resume_offset
Type: string
Default:
""
Example:
"/dev/sda3"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.runSize
Size limit for the /run tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.
Type: string
Default:
"25%"
Example:
"256m"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-2.nix>
|
boot.specialFileSystems.<name?>.device
Location of the device.
Type: null or string (with check: non-empty)
Default:
null
Example:
"/dev/sda"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.specialFileSystems.<name?>.fsType
Type of the file system.
Type: string (with check: non-empty)
Default:
"auto"
Example:
"ext3"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.specialFileSystems.<name?>.mountPoint
Location of the mounted the file system.
Type: string (with check: non-empty)
Example:
"/mnt/usb"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.specialFileSystems.<name?>.options
Options used to mount the file system.
Type: list of string (with check: non-empty)s
Default:
[
"defaults"
]
Example:
[
"data=journal"
]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.supportedFilesystems
Names of supported filesystem types.
Type: list of strings
Default:
[
]
Example:
[
"btrfs"
]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.tmpOnTmpfs
Whether to mount a tmpfs on /tmp
during boot.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/tmp.nix>
|
boot.vesa
Whether to activate VESA video mode on boot.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.zfs.enableUnstable
Use the unstable zfs package. This might be an option, if the latest kernel is not yet supported by a published release of ZFS. Enabling this option will install a development version of ZFS on Linux. The version will have already passed an extensive test suite, but it is more likely to hit an undiscovered bug compared to running a released version of ZFS on Linux.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.zfs.devNodes
Name of directory from which to import ZFS devices.
This should be a path under /dev containing stable names for all devices needed, as import may fail if device nodes are renamed concurrently with a device failing.
Type: path
Default:
"/dev/disk/by-id"
Example:
"/dev/disk/by-id"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.zfs.extraPools
Name or GUID of extra ZFS pools that you wish to import during boot.
Usually this is not necessary. Instead, you should set the mountpoint property
of ZFS filesystems to legacy
and add the ZFS filesystems to
NixOS's fileSystems
option, which makes NixOS automatically
import the associated pool.
However, in some cases (e.g. if you have many filesystems) it may be preferable to exclusively use ZFS commands to manage filesystems. If so, since NixOS/systemd will not be managing those filesystems, you will need to specify the ZFS pool here so that NixOS automatically imports it on every boot.
Type: list of strings
Default:
[
]
Example:
[
"tank" "data"
]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.zfs.forceImportAll
Forcibly import all ZFS pool(s).
This is enabled by default for backwards compatibility purposes, but it is highly recommended to disable this option, as it bypasses some of the safeguards ZFS uses to protect your ZFS pools.
If you set this option to false
and NixOS subsequently fails to
import your non-root ZFS pool(s), you should manually import each pool with
"zpool import -f <pool-name>", and then reboot. You should only need to do
this once.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.zfs.forceImportRoot
Forcibly import the ZFS root pool(s) during early boot.
This is enabled by default for backwards compatibility purposes, but it is highly recommended to disable this option, as it bypasses some of the safeguards ZFS uses to protect your ZFS pools.
If you set this option to false
and NixOS subsequently fails to
boot because it cannot import the root pool, you should boot with the
zfs_force=1
option as a kernel parameter (e.g. by manually
editing the kernel params in grub during boot). You should only need to do this
once.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.zfs.requestEncryptionCredentials
Request encryption keys or passwords for all encrypted datasets on import. Dataset encryption is only supported in zfsUnstable at the moment. For root pools the encryption key can be supplied via both an interactive prompt (keylocation=prompt) and from a file (keylocation=file://). Note that for data pools the encryption key can be only loaded from a file and not via interactive prompt since the import is processed in a background systemd service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
containers
A set of NixOS system configurations to be run as lightweight
containers. Each container appears as a service
container-
on the host system, allowing it to be started and stopped via
systemctl.
name
Type: attribute set of submodules
Default:
{
}
Example:
{ webserver = { path = "/nix/var/nix/profiles/webserver"; }; database = { config = { config, pkgs, ... }: { services.postgresql.enable = true; services.postgresql.package = pkgs.postgresql96; system.stateVersion = "17.03"; }; }; }
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.enableTun
Allows the container to create and setup tunnel interfaces
by granting the NET_ADMIN
capability and
enabling access to /dev/net/tun
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.additionalCapabilities
Grant additional capabilities to the container. See the capabilities(7) and systemd-nspawn(1) man pages for more information.
Type: list of strings
Default:
[
]
Example:
[
"CAP_NET_ADMIN" "CAP_MKNOD"
]
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.allowedDevices
A list of device nodes to which the containers has access to.
Type: list of submodules
Default:
[
]
Example:
[
{
modifier = "rw"; node = "/dev/net/tun";
}
]
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.allowedDevices.*.modifier
Device node access modifier. Takes a combination
r
(read), w
(write), and
m
(mknod). See the
systemd.resource-control(5)
man page for more
information.
Type: string
Example:
"rw"
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.allowedDevices.*.node
Path to device node
Type: string
Example:
"/dev/net/tun"
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.autoStart
Whether the container is automatically started at boot-time.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.bindMounts
An extra list of directories that is bound to the container.
Type: list or attribute set of submodules
Default:
{
}
Example:
{
/home =
{
hostPath = "/home/alice"; isReadOnly = false;
}
;
}
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.bindMounts.<name?>.hostPath
Location of the host path to be mounted.
Type: null or string
Default:
null
Example:
"/home/alice"
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.bindMounts.<name?>.isReadOnly
Determine whether the mounted path will be accessed in read-only mode.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.bindMounts.<name?>.mountPoint
Mount point on the container file system.
Type: string
Example:
"/mnt/usb"
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.config
A specification of the desired configuration of this container, as a NixOS module.
Type: Toplevel NixOS config
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.extraFlags
Extra flags passed to the systemd-nspawn command. See systemd-nspawn(1) for details.
Type: list of strings
Default:
[
]
Example:
[
"--drop-capability=CAP_SYS_CHROOT"
]
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.extraVeths
Extra veth-pairs to be created for the container
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.extraVeths.<name>.forwardPorts
List of forwarded ports from host to container. Each forwarded port is specified by protocol, hostPort and containerPort. By default, protocol is tcp and hostPort and containerPort are assumed to be the same if containerPort is not explicitly given.
Type: list of submodules
Default:
[
]
Example:
[
{
containerPort = 80; hostPort = 8080; protocol = "tcp";
}
]
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.extraVeths.<name>.forwardPorts.*.containerPort
Target port of container
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.extraVeths.<name>.forwardPorts.*.hostPort
Source port of the external interface on host
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.extraVeths.<name>.forwardPorts.*.protocol
The protocol specifier for port forwarding between host and container
Type: string
Default:
"tcp"
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.extraVeths.<name>.hostAddress
The IPv4 address assigned to the host interface. (Not used when hostBridge is set.)
Type: null or string
Default:
null
Example:
"10.231.136.1"
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.extraVeths.<name>.hostAddress6
The IPv6 address assigned to the host interface. (Not used when hostBridge is set.)
Type: null or string
Default:
null
Example:
"fc00::1"
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.extraVeths.<name>.hostBridge
Put the host-side of the veth-pair into the named bridge. Only one of hostAddress* or hostBridge can be given.
Type: null or string
Default:
null
Example:
"br0"
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.extraVeths.<name>.localAddress
The IPv4 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /32 and routing is set up from localAddress to hostAddress and back.
Type: null or string
Default:
null
Example:
"10.231.136.2"
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.extraVeths.<name>.localAddress6
The IPv6 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /128 and routing is set up from localAddress6 to hostAddress6 and back.
Type: null or string
Default:
null
Example:
"fc00::2"
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.forwardPorts
List of forwarded ports from host to container. Each forwarded port is specified by protocol, hostPort and containerPort. By default, protocol is tcp and hostPort and containerPort are assumed to be the same if containerPort is not explicitly given.
Type: list of submodules
Default:
[
]
Example:
[
{
containerPort = 80; hostPort = 8080; protocol = "tcp";
}
]
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.forwardPorts.*.containerPort
Target port of container
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.forwardPorts.*.hostPort
Source port of the external interface on host
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.forwardPorts.*.protocol
The protocol specifier for port forwarding between host and container
Type: string
Default:
"tcp"
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.hostAddress
The IPv4 address assigned to the host interface. (Not used when hostBridge is set.)
Type: null or string
Default:
null
Example:
"10.231.136.1"
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.hostAddress6
The IPv6 address assigned to the host interface. (Not used when hostBridge is set.)
Type: null or string
Default:
null
Example:
"fc00::1"
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.hostBridge
Put the host-side of the veth-pair into the named bridge. Only one of hostAddress* or hostBridge can be given.
Type: null or string
Default:
null
Example:
"br0"
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.interfaces
The list of interfaces to be moved into the container.
Type: list of strings
Default:
[
]
Example:
[
"eth1" "eth2"
]
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.localAddress
The IPv4 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /32 and routing is set up from localAddress to hostAddress and back.
Type: null or string
Default:
null
Example:
"10.231.136.2"
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.localAddress6
The IPv6 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /128 and routing is set up from localAddress6 to hostAddress6 and back.
Type: null or string
Default:
null
Example:
"fc00::2"
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.macvlans
The list of host interfaces from which macvlans will be created. For each interface specified, a macvlan interface will be created and moved to the container.
Type: list of strings
Default:
[
]
Example:
[
"eth1" "eth2"
]
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.path
As an alternative to specifying
config
, you can specify the path to
the evaluated NixOS system configuration, typically a
symlink to a system profile.
Type: path
Example:
"/nix/var/nix/profiles/containers/webserver"
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.privateNetwork
Whether to give the container its own private virtual
Ethernet interface. The interface is called
eth0
, and is hooked up to the interface
ve-
on the host. If this option is not set, then the
container shares the network interfaces of the host,
and can bind to any port on any interface.
container-name
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
containers.<name>.tmpfs
Mounts a set of tmpfs file systems into the container. Multiple paths can be specified. Valid items must conform to the --tmpfs argument of systemd-nspawn. See systemd-nspawn(1) for details.
Type: list of strings
Default:
[
]
Example:
[
"/var"
]
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
documentation.enable
Whether to install documentation of packages from
environment.systemPackages
into the generated system path.
See "Multiple-output packages" chapter in the nixpkgs manual for more info.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.dev.enable
Whether to install documentation targeted at developers.
This includes man pages targeted at developers if man.enable
is
set (this also includes "devman" outputs).
This includes info pages targeted at developers if info.enable
is set (this also includes "devinfo" outputs).
This includes other pages targeted at developers if doc.enable
is set (this also includes "devdoc" outputs).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.doc.enable
Whether to install documentation distributed in packages' /share/doc
.
Usually plain text and/or HTML.
This also includes "doc" outputs.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.info.enable
Whether to install info pages and the info command. This also includes "info" outputs.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.man.enable
Whether to install manual pages and the man command. This also includes "man" outputs.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.nixos.enable
Whether to install NixOS's own documentation.
This includes man pages like
configuration.nix(5) if man.enable
is
set.
This includes the HTML manual and the nixos-help command if
doc.enable
is set.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
dysnomia.enable
Whether to enable Dysnomia
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
|
dysnomia.enableAuthentication
Whether to publish privacy-sensitive authentication credentials
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
|
dysnomia.package
The Dysnomia package
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
|
dysnomia.components
An atttribute set in which each key represents a container and each value an attribute set in which each key represents a component and each value a derivation constructing its initial state
Type: unspecified
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
|
dysnomia.containers
An attribute set in which each key represents a container and each value an attribute set providing its configuration properties
Type: unspecified
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
|
dysnomia.extraContainerPaths
A list of paths containing additional container configurations that are added to the search folders
Type: unspecified
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
|
dysnomia.extraContainerProperties
An attribute set providing additional container settings in addition to the default properties
Type: unspecified
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
|
dysnomia.extraModulePaths
A list of paths containing additional modules that are added to the search folders
Type: unspecified
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
|
dysnomia.properties
An attribute set in which each attribute represents a machine property. Optionally, these values can be shell substitutions.
Type: unspecified
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
|
environment.enableDebugInfo
Some NixOS packages provide debug symbols. However, these are
not included in the system closure by default to save disk
space. Enabling this option causes the debug symbols to appear
in /run/current-system/sw/lib/debug/.build-id
,
where tools such as gdb can find them.
If you need debug symbols for a package that doesn't
provide them by default, you can enable them as follows:
nixpkgs.config.packageOverrides = pkgs: { hello = pkgs.hello.overrideAttrs (oldAttrs: { separateDebugInfo = true; }); };
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/debug-info.nix>
|
environment.blcr.enable
Whether to enable support for the BLCR checkpointing tool.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/blcr.nix>
|
environment.checkConfigurationOptions
Alias of _module.check
.
Type: unspecified
Declared by:
<nixpkgs/nixos/modules/rename.nix>
|
environment.etc
Set of files that have to be linked in /etc
.
Type: list or attribute set of submodules
Default:
{
}
Example:
{ example-configuration-file = { source = "/nix/store/.../etc/dir/file.conf.example"; mode = "0440"; }; "default/useradd".text = "GROUP=100 ..."; }
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name?>.enable
Whether this /etc file should be generated. This option allows specific /etc files to be disabled.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name?>.gid
GID of created file. Only takes affect when the file is copied (that is, the mode is not 'symlink').
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name?>.group
Group name of created file.
Only takes affect when the file is copied (that is, the mode is not 'symlink').
Changing this option takes precedence over gid
.
Type: string
Default:
"+0"
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name?>.mode
If set to something else than symlink
,
the file is copied instead of symlinked, with the given
file mode.
Type: string
Default:
"symlink"
Example:
"0600"
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name?>.source
Path of the source file.
Type: path
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name?>.target
Name of symlink (relative to
/etc
). Defaults to the attribute
name.
Type: string
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name?>.text
Text of the file.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name?>.uid
UID of created file. Only takes affect when the file is copied (that is, the mode is not 'symlink').
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name?>.user
User name of created file.
Only takes affect when the file is copied (that is, the mode is not 'symlink').
Changing this option takes precedence over uid
.
Type: string
Default:
"+0"
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.extraInit
Shell script code called during global environment initialisation after all variables and profileVariables have been set. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.extraOutputsToInstall
List of additional package outputs to be symlinked into /run/current-system/sw
.
Type: list of strings
Default:
[
]
Example:
[
"doc" "info" "devdoc"
]
Declared by:
<nixpkgs/nixos/modules/config/system-path.nix>
|
environment.extraSetup
Shell fragments to be run after the system environment has been created. This should only be used for things that need to modify the internals of the environment, e.g. generating MIME caches. The environment being built can be accessed at $out.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/system-path.nix>
|
environment.freetds
Configure freetds database entries. Each attribute denotes a section within freetds.conf, and the value (a string) is the config content for that section. When at least one entry is configured the global environment variables FREETDSCONF, FREETDS and SYBASE will be configured to allow the programs that use freetds to find the library and config.
Type: attribute set of strings
Default:
{
}
Example:
{ MYDATABASE = '' host = 10.0.2.100 port = 1433 tds version = 7.2 ''; }
Declared by:
<nixpkgs/nixos/modules/programs/freetds.nix>
|
environment.gnome3.excludePackages
Which packages gnome should exclude from the default environment
Type: list of packages
Default:
[
]
Example:
[ pkgs.gnome3.totem ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix>
|
environment.interactiveShellInit
Shell script code called during interactive shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.loginShellInit
Shell script code called during login shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.lxqt.excludePackages
Which LXQt packages to exclude from the default environment
Type: list of packages
Default:
[
]
Example:
[ pkgs.lxqt.qterminal ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/lxqt.nix>
|
environment.mate.excludePackages
Which MATE packages to exclude from the default environment
Type: list of packages
Default:
[
]
Example:
[ pkgs.mate.mate-terminal pkgs.mate.pluma ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix>
|
environment.noXlibs
Switch off the options in the default configuration that require X11 libraries. This includes client-side font configuration and SSH forwarding of X11 authentication in. Thus, you probably do not want to enable this option if you want to run X11 programs on this machine via SSH.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/no-x-libs.nix>
|
environment.pathsToLink
List of directories to be symlinked in /run/current-system/sw
.
Type: list of strings
Default:
[
]
Example:
[
"/"
]
Declared by:
<nixpkgs/nixos/modules/config/system-path.nix>
|
environment.profileRelativeEnvVars
Attribute set of environment variable. Each attribute maps to a list
of relative paths. Each relative path is appended to the each profile
of environment.profiles
to form the content of the
corresponding environment variable.
Type: attribute set of list of stringss
Example:
{
MANPATH =
[
"/man" "/share/man"
]
; PATH =
[
"/bin"
]
;
}
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.profiles
A list of profiles used to setup the global environment.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.sessionVariables
A set of environment variables used in the global environment. These variables will be set by PAM. The value of each variable can be either a string or a list of strings. The latter is concatenated, interspersed with colon characters.
Type: attribute set of string or list of stringss
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/config/system-environment.nix>
|
environment.shellAliases
An attribute set that maps aliases (the top level attribute names in this option) to command strings or directly to build outputs. The aliases are added to all users' shells.
Type: attribute set
Default:
{
}
Example:
{
ll = "ls -l";
}
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.shellInit
Shell script code called during shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.shells
A list of permissible login shells for user accounts.
No need to mention /bin/sh
here, it is placed into this list implicitly.
Type: list of package or paths
Default:
[
]
Example:
[ pkgs.bashInteractive pkgs.zsh ]
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.systemPackages
The set of packages that appear in
/run/current-system/sw. These packages are
automatically available to all users, and are
automatically updated every time you rebuild the system
configuration. (The latter is the main difference with
installing them in the default profile,
/nix/var/nix/profiles/default
.
Type: list of packages
Default:
[
]
Example:
[ pkgs.firefox pkgs.thunderbird ]
Declared by:
<nixpkgs/nixos/modules/config/system-path.nix>
|
environment.unixODBCDrivers
Specifies Unix ODBC drivers to be registered in
/etc/odbcinst.ini
. You may also want to
add pkgs.unixODBC
to the system path to get
a command line client to connnect to ODBC databases.
Type: list of packages
Default:
[
]
Example:
with pkgs.unixODBCDrivers; [ sqlite psql ]
Declared by:
<nixpkgs/nixos/modules/config/unix-odbc-drivers.nix>
|
environment.variables
A set of environment variables used in the global environment. These variables will be set on shell initialisation (e.g. in /etc/profile). The value of each variable can be either a string or a list of strings. The latter is concatenated, interspersed with colon characters.
Type: attribute set of string or list of stringss
Default:
{
}
Example:
{
EDITOR = "nvim"; VISUAL = "nvim";
}
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
fileSystems
The file systems to be mounted. It must include an entry for
the root directory (mountPoint = "/"
). Each
entry in the list is an attribute set with the following fields:
mountPoint
, device
,
fsType
(a file system type recognised by
mount; defaults to
"auto"
), and options
(the mount options passed to mount using the
-o
flag; defaults to [ "defaults" ]
).
Instead of specifying device
, you can also
specify a volume label (label
) for file
systems that support it, such as ext2/ext3 (see mke2fs
-L).
Type: list or attribute set of submodules
Default:
{
}
Example:
{ "/".device = "/dev/hda1"; "/data" = { device = "/dev/hda2"; fsType = "ext3"; options = [ "data=journal" ]; }; "/bigdisk".label = "bigdisk"; }
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
fileSystems.<name?>.autoFormat
If the device does not currently contain a filesystem (as
determined by blkid, then automatically
format it with the filesystem type specified in
fsType
. Use with caution.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name?>.autoResize
If set, the filesystem is grown to its maximum size before being mounted. (This is typically the size of the containing partition.) This is currently only supported for ext2/3/4 filesystems that are mounted during early boot.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name?>.device
Location of the device.
Type: null or string (with check: non-empty)
Default:
null
Example:
"/dev/sda"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name?>.encrypted.enable
The block device is backed by an encrypted one, adds this device as a initrd luks entry.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
fileSystems.<name?>.encrypted.blkDev
Location of the backing encrypted device.
Type: null or string
Default:
null
Example:
"/dev/sda1"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
fileSystems.<name?>.encrypted.keyFile
File system location of keyfile. This unlocks the drive after the root has been mounted to /mnt-root
.
Type: null or string
Default:
null
Example:
"/mnt-root/root/.swapkey"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
fileSystems.<name?>.encrypted.label
Label of the unlocked encrypted device. Set fileSystems.<name?>.device
to /dev/mapper/<label>
to mount the unlocked device.
Type: null or string
Default:
null
Example:
"rootfs"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
fileSystems.<name?>.formatOptions
If autoFormat
option is set specifies
extra options passed to mkfs.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name?>.fsType
Type of the file system.
Type: string (with check: non-empty)
Default:
"auto"
Example:
"ext3"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name?>.label
Label of the device (if any).
Type: null or string (with check: non-empty)
Default:
null
Example:
"root-partition"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name?>.mountPoint
Location of the mounted the file system.
Type: string (with check: non-empty)
Example:
"/mnt/usb"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name?>.neededForBoot
If set, this file system will be mounted in the initial
ramdisk. By default, this applies to the root file system
and to the file system containing
/nix/store
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
fileSystems.<name?>.noCheck
Disable running fsck on this filesystem.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name?>.options
Options used to mount the file system.
Type: list of string (with check: non-empty)s
Default:
[
"defaults"
]
Example:
[
"data=journal"
]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fonts.enableDefaultFonts
Enable a basic set of fonts providing several font styles and families and reasonable coverage of Unicode.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fonts.nix>
|
fonts.enableFontDir
Whether to create a directory with links to all fonts in
/run/current-system/sw/share/X11-fonts
.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontdir.nix>
|
fonts.enableGhostscriptFonts
Whether to add the fonts provided by Ghostscript (such as various URW fonts and the “Base-14” Postscript fonts) to the list of system fonts, making them available to X11 applications.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/fonts/ghostscript.nix>
|
fonts.fontconfig.enable
If enabled, a Fontconfig configuration file will be built pointing to a set of default fonts. If you don't care about running X11 applications or any other program that uses Fontconfig, you can turn this option off and prevent a dependency on all those fonts.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.allowBitmaps
Allow bitmap fonts. Set to false
to ban all
bitmap fonts.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.allowType1
Allow Type-1 fonts. Default is false
because of
poor rendering.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.antialias
Enable font antialiasing. At high resolution (> 200 DPI), antialiasing has no visible effect; users of such displays may want to disable this option.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.cache32Bit
Generate system fonts cache for 32-bit applications.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.defaultFonts.monospace
System-wide default monospace font(s). Multiple fonts may be listed in case multiple languages must be supported.
Type: list of strings
Default:
[
"DejaVu Sans Mono"
]
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.defaultFonts.sansSerif
System-wide default sans serif font(s). Multiple fonts may be listed in case multiple languages must be supported.
Type: list of strings
Default:
[
"DejaVu Sans"
]
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.defaultFonts.serif
System-wide default serif font(s). Multiple fonts may be listed in case multiple languages must be supported.
Type: list of strings
Default:
[
"DejaVu Serif"
]
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.dpi
Force DPI setting. Setting to 0
disables DPI
forcing; the DPI detected for the display will be used.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.hinting.enable
Enable font hinting. Hinting aligns glyphs to pixel boundaries to improve rendering sharpness at low resolution. At high resolution (> 200 dpi) hinting will do nothing (at best); users of such displays may want to disable this option.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.hinting.autohint
Enable the autohinter in place of the default interpreter. The results are usually lower quality than correctly-hinted fonts, but better than unhinted fonts.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.includeUserConf
Include the user configuration from
~/.config/fontconfig/fonts.conf
or
~/.config/fontconfig/conf.d
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.localConf
System-wide customization file contents, has higher priority than
defaultFonts
settings.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.penultimate.enable
Enable fontconfig-penultimate settings to supplement the NixOS defaults by providing per-font rendering defaults and metric aliases.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig-penultimate.nix>
|
fonts.fontconfig.subpixel.lcdfilter
FreeType LCD filter. At high resolution (> 200 DPI), LCD filtering
has no visible effect; users of such displays may want to select
none
.
Type: one of "none", "default", "light", "legacy"
Default:
"default"
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.subpixel.rgba
Subpixel order. The overwhelming majority of displays are
rgb
in their normal orientation. Select
vrgb
for mounting such a display 90 degrees
clockwise from its normal orientation or vbgr
for mounting 90 degrees counter-clockwise. Select
bgr
in the unlikely event of mounting 180
degrees from the normal orientation. Reverse these directions in
the improbable event that the display's native subpixel order is
bgr
.
Type: one of "rgb", "bgr", "vrgb", "vbgr", "none"
Default:
"rgb"
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.ultimate.enable
Enable fontconfig-ultimate settings (formerly known as Infinality). Besides the customizable settings in this NixOS module, fontconfig-ultimate also provides many font-specific rendering tweaks.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig-ultimate.nix>
|
fonts.fontconfig.ultimate.preset
FreeType rendering settings preset. Any of the presets may be customized by setting environment variables.
Type: one of "ultimate1", "ultimate2", "ultimate3", "ultimate4", "ultimate5", "osx", "windowsxp"
Default:
"ultimate3"
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig-ultimate.nix>
|
fonts.fontconfig.ultimate.substitutions
Font substitutions to replace common Type 1 fonts with nicer
TrueType fonts. free
uses free fonts,
ms
uses Microsoft fonts,
combi
uses a combination, and
none
disables the substitutions.
Type: one of "free", "combi", "ms", "none"
Default:
"free"
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig-ultimate.nix>
|
fonts.fontconfig.useEmbeddedBitmaps
Use embedded bitmaps in fonts like Calibri.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fonts
List of primary font paths.
Type: list of paths
Default:
[
]
Example:
[ pkgs.dejavu_fonts ]
Declared by:
<nixpkgs/nixos/modules/config/fonts/fonts.nix>
|
gnu
When enabled, GNU software is chosen by default whenever a there is a choice between GNU and non-GNU software (e.g., GNU lsh vs. OpenSSH).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/gnu.nix>
|
hardware.enableAllFirmware
Turn on this option if you want to enable all the firmware.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/all-firmware.nix>
|
hardware.enableKSM
Whether to enable Kernel Same-Page Merging.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/ksm.nix>
|
hardware.enableRedistributableFirmware
Turn on this option if you want to enable all the firmware with a license allowing redistribution.
(i.e. free firmware and firmware-linux-nonfree
)
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/all-firmware.nix>
|
hardware.bluetooth.enable
Whether to enable support for Bluetooth..
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
|
hardware.bluetooth.package
Which BlueZ package to use.
Type: package
Default:
"pkgs.bluez"
Example:
"pkgs.bluez.override { enableMidi = true; }"
Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
|
hardware.bluetooth.extraConfig
Set additional configuration for system-wide bluetooth (/etc/bluetooth/main.conf).
NOTE: We already include [Policy], so any configuration under the Policy group should come first.
Type: string
Default:
""
Example:
'' [General] ControllerMode = bredr ''
Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
|
hardware.bluetooth.powerOnBoot
Whether to power up the default Bluetooth controller on boot.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
|
hardware.brightnessctl.enable
Enable brightnessctl in userspace. This will allow brightness control from users in the video group.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/brightnessctl.nix>
|
hardware.bumblebee.enable
Enable the bumblebee daemon to manage Optimus hybrid video cards. This should power off secondary GPU until its use is requested by running an application with optirun.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
|
hardware.bumblebee.connectDisplay
Set to true if you intend to connect your discrete card to a monitor. This option will set up your Nvidia card for EDID discovery and to turn on the monitor signal.
Only nvidia driver is supported so far.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
|
hardware.bumblebee.driver
Set driver used by bumblebeed. Supported are nouveau and nvidia.
Type: one of "nvidia", "nouveau"
Default:
"nvidia"
Declared by:
<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
|
hardware.bumblebee.group
Group for bumblebee socket
Type: string
Default:
"wheel"
Example:
"video"
Declared by:
<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
|
hardware.bumblebee.pmMethod
Set preferred power management method for unused card.
Type: one of "auto", "bbswitch", "switcheroo", "none"
Default:
"auto"
Declared by:
<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
|
hardware.ckb.enable
Whether to enable the Corsair keyboard/mouse driver.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/ckb.nix>
|
hardware.ckb.package
The package implementing the Corsair keyboard/mouse driver.
Type: package
Default:
"pkgs.ckb"
Declared by:
<nixpkgs/nixos/modules/hardware/ckb.nix>
|
hardware.cpu.amd.updateMicrocode
Update the CPU microcode for AMD processors.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/amd-microcode.nix>
|
hardware.cpu.intel.updateMicrocode
Update the CPU microcode for Intel processors.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/intel-microcode.nix>
|
hardware.digitalbitbox.enable
Enables udev rules for Digital Bitbox devices.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/digitalbitbox.nix>
|
hardware.digitalbitbox.package
The Digital Bitbox package to use. This can be used to install a package with udev rules that differ from the defaults.
Type: package
Default:
"pkgs.digitalbitbox"
Declared by:
<nixpkgs/nixos/modules/hardware/digitalbitbox.nix>
|
hardware.facetimehd.enable
Whether to enable facetimehd kernel module.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/video/webcam/facetimehd.nix>
|
hardware.firmware
List of packages containing firmware files. Such files will be loaded automatically if the kernel asks for them (i.e., when it has detected specific hardware that requires firmware to function). If multiple packages contain firmware files with the same name, the first package in the list takes precedence. Note that you must rebuild your system if you add files to any of these directories.
Type: list of packages
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
hardware.mcelog.enable
Enable the Machine Check Exception logger.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/mcelog.nix>
|
hardware.mwProCapture.enable
Whether to enable Magewell Pro Capture family kernel module.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/video/capture/mwprocapture.nix>
|
hardware.nitrokey.enable
Enables udev rules for Nitrokey devices. By default grants access to users in the "nitrokey" group. You may want to install the nitrokey-app package, depending on your device and needs.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/nitrokey.nix>
|
hardware.nitrokey.group
Grant access to Nitrokey devices to users in this group.
Type: string
Default:
"nitrokey"
Example:
"wheel"
Declared by:
<nixpkgs/nixos/modules/hardware/nitrokey.nix>
|
hardware.nvidia.modesetting.enable
Enable kernel modesetting when using the NVIDIA proprietary driver.
Enabling this fixes screen tearing when using Optimus via PRIME (see
hardware.nvidia.optimus_prime.enable
. This is not enabled
by default because it is not officially supported by NVIDIA and would not
work with SLI.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.optimus_prime.enable
Enable NVIDIA Optimus support using the NVIDIA proprietary driver via PRIME. If enabled, the NVIDIA GPU will be always on and used for all rendering, while enabling output to displays attached only to the integrated Intel GPU without a multiplexer.
Note that this option only has any effect if the "nvidia" driver is specified
in services.xserver.videoDrivers
, and it should preferably
be the only driver there.
If this is enabled, then the bus IDs of the NVIDIA and Intel GPUs have to be
specified (hardware.nvidia.optimus_prime.nvidiaBusId
and
hardware.nvidia.optimus_prime.intelBusId
).
If you enable this, you may want to also enable kernel modesetting for the
NVIDIA driver (hardware.nvidia.modesetting.enable
) in order
to prevent tearing.
Note that this configuration will only be successful when a display manager
for which the services.xserver.displayManager.setupCommands
option is supported is used; notably, SLiM is not supported.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.optimus_prime.intelBusId
Bus ID of the Intel GPU. You can find it using lspci; for example if lspci shows the Intel GPU at "00:02.0", set this option to "PCI:0:2:0".
Type: string
Default:
""
Example:
"PCI:0:2:0"
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.optimus_prime.nvidiaBusId
Bus ID of the NVIDIA GPU. You can find it using lspci; for example if lspci shows the NVIDIA GPU at "01:00.0", set this option to "PCI:1:0:0".
Type: string
Default:
""
Example:
"PCI:1:0:0"
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidiaOptimus.disable
Completely disable the NVIDIA graphics card and use the integrated graphics processor instead.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/nvidia-optimus.nix>
|
hardware.onlykey.enable
Enable OnlyKey device (https://crp.to/p/) support.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/onlykey.nix>
|
hardware.opengl.enable
Whether to enable OpenGL drivers. This is needed to enable OpenGL support in X11 systems, as well as for Wayland compositors like sway, way-cooler and Weston. It is enabled by default by the corresponding modules, so you do not usually have to set it yourself, only if there is no module for your wayland compositor of choice. See services.xserver.enable, programs.sway.enable, and programs.way-cooler.enable.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/opengl.nix>
|
hardware.opengl.driSupport
Whether to enable accelerated OpenGL rendering through the Direct Rendering Interface (DRI).
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/hardware/opengl.nix>
|
hardware.opengl.driSupport32Bit
On 64-bit systems, whether to support Direct Rendering for
32-bit applications (such as Wine). This is currently only
supported for the nvidia
and
ati_unfree
drivers, as well as
Mesa
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/opengl.nix>
|
hardware.opengl.extraPackages
Additional packages to add to OpenGL drivers. This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc.
Type: list of packages
Default:
[
]
Example:
with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ]
Declared by:
<nixpkgs/nixos/modules/hardware/opengl.nix>
|
hardware.opengl.extraPackages32
Additional packages to add to 32-bit OpenGL drivers on
64-bit systems. Used when driSupport32Bit
is
set. This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc.
Type: list of packages
Default:
[
]
Example:
with pkgs.pkgsi686Linux; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]
Declared by:
<nixpkgs/nixos/modules/hardware/opengl.nix>
|
hardware.opengl.s3tcSupport
Make S3TC(S3 Texture Compression) via libtxc_dxtn available to OpenGL drivers instead of the patent-free S2TC replacement.
Using this library may require a patent license depending on your location.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/opengl.nix>
|
hardware.parallels.enable
This enables Parallels Tools for Linux guests, along with provided video, mouse and other hardware drivers.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/parallels-guest.nix>
|
hardware.parallels.package
Defines which package to use for prl-tools. Override to change the version.
Type: package
Default:
"config.boot.kernelPackages.prl-tools"
Example:
config.boot.kernelPackages.prl-tools
Declared by:
<nixpkgs/nixos/modules/virtualisation/parallels-guest.nix>
|
hardware.parallels.autoMountShares
Control prlfsmountd service. When this service is running, shares can not be manually mounted through `mount -t prl_fs ...` as this service will remount and trample any set options. Recommended to enable for simple file sharing, but extended share use such as for code should disable this to manually mount shares.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/virtualisation/parallels-guest.nix>
|
hardware.pcmcia.enable
Enable this option to support PCMCIA card.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/pcmcia.nix>
|
hardware.pcmcia.config
Path to the configuration file which maps the memory, IRQs and ports used by the PCMCIA hardware.
Type: unspecified
Default:
null
Declared by:
<nixpkgs/nixos/modules/hardware/pcmcia.nix>
|
hardware.pcmcia.firmware
List of firmware used to handle specific PCMCIA card.
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/hardware/pcmcia.nix>
|
hardware.pulseaudio.enable
Whether to enable the PulseAudio sound server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.package
The PulseAudio derivation to use. This can be used to enable
features (such as JACK support, Bluetooth) via the
pulseaudioFull
package.
Type: package
Default:
"pkgs.pulseaudio"
Example:
pkgs.pulseaudioFull
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.configFile
The path to the default configuration options the PulseAudio server should use. By default, the "default.pa" configuration from the PulseAudio distribution is used.
Type: null or path
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.daemon.config
Config of the pulse daemon. See man pulse-daemon.conf
.
Type: attribute set of unspecifieds
Default:
{
}
Example:
{ flat-volumes = "no"; }
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.daemon.logLevel
The log level that the system-wide pulseaudio daemon should use, if activated.
Type: string
Default:
"notice"
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.extraClientConf
Extra configuration appended to pulse/client.conf file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.extraConfig
Literal string to append to configFile
and the config file generated by the pulseaudio module.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.support32Bit
Whether to include the 32-bit pulseaudio libraries in the system or not. This is only useful on 64-bit systems and currently limited to x86_64-linux.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.systemWide
If false, a PulseAudio server is launched automatically for each user that tries to use the sound system. The server runs with user privileges. This is the recommended and most secure way to use PulseAudio. If true, one system-wide PulseAudio server is launched on boot, running as the user "pulse", and only users in the "audio" group will have access to the server. Please read the PulseAudio documentation for more details.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.tcp.enable
Whether to enable tcp streaming support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.tcp.anonymousClients.allowAll
Whether to enable all anonymous clients to stream to the server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges
A list of IP subnets that are allowed to stream to the server.
Type: list of strings
Default:
[
]
Example:
[ "127.0.0.1" "192.168.1.0/24" ]
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.zeroconf.discovery.enable
Whether to enable discovery of pulseaudio sinks in the local network.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.zeroconf.publish.enable
Whether to enable publishing the pulseaudio sink in the local network.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.raid.HPSmartArray.enable
Whether to enable HP Smart Array kernel modules and CLI utility.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/raid/hpsa.nix>
|
hardware.sane.enable
Enable support for SANE scanners.
Users in the "scanner" group will gain access to the scanner, or the "lp" group if it's also a printer.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
hardware.sane.brscan4.enable
When enabled, will automatically register the "brscan4" sane backend and bring configuration files to their expected location.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
|
hardware.sane.brscan4.netDevices
The list of network devices that will be registered against the brscan4 sane backend.
Type: list or attribute set of submodules
Default:
{
}
Example:
{
office1 =
{
ip = "192.168.1.2"; model = "MFC-7860DW";
}
; office2 =
{
model = "MFC-7860DW"; nodename = "BRW0080927AFBCE";
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
|
hardware.sane.brscan4.netDevices.<name?>.ip
The ip address of the device. If undefined, you will have to provide a nodename.
Type: null or string
Default:
null
Example:
192.168.1.2
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
|
hardware.sane.brscan4.netDevices.<name?>.model
The model of the network device.
Type: string
Example:
MFC-7860DW
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
|
hardware.sane.brscan4.netDevices.<name?>.name
The friendly name you give to the network device. If undefined, the name of attribute will be used.
Type: string
Example:
office1
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
|
hardware.sane.brscan4.netDevices.<name?>.nodename
The node name of the device. If undefined, you will have to provide an ip.
Type: null or string
Default:
null
Example:
BRW0080927AFBCE
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
|
hardware.sane.extraBackends
Packages providing extra SANE backends to enable.
The example contains the package for HP scanners.
Type: list of paths
Default:
[
]
Example:
[ pkgs.hplipWithPlugin ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
hardware.sane.netConf
Network hosts that should be probed for remote scanners.
Type: string
Default:
""
Example:
"192.168.0.16"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
hardware.sane.snapshot
Use a development snapshot of SANE scanner drivers.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
hardware.sensor.iio.enable
Enable this option to support IIO sensors.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/sensor/iio.nix>
|
hardware.steam-hardware.enable
Enable udev rules for Steam hardware such as the Steam Controller, other supported controllers and the HTC Vive
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/steam-hardware.nix>
|
hardware.trackpoint.enable
Enable sensitivity and speed configuration for trackpoints.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/trackpoint.nix>
|
hardware.trackpoint.device
The device name of the trackpoint. You can check with xinput. Some newer devices (example x1c6) use "TPPS/2 Elan TrackPoint".
Type: string
Default:
"TPPS/2 IBM TrackPoint"
Declared by:
<nixpkgs/nixos/modules/tasks/trackpoint.nix>
|
hardware.trackpoint.emulateWheel
Enable scrolling while holding the middle mouse button.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/trackpoint.nix>
|
hardware.trackpoint.fakeButtons
Switch to "bare" PS/2 mouse support in case Trackpoint buttons are not recognized properly. This can happen for example on models like the L430, T450, T450s, on which the Trackpoint buttons are actually a part of the Synaptics touchpad.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/trackpoint.nix>
|
hardware.trackpoint.sensitivity
Configure the trackpoint sensitivity. By default, the kernel configures 128.
Type: signed integer
Default:
128
Example:
255
Declared by:
<nixpkgs/nixos/modules/tasks/trackpoint.nix>
|
hardware.trackpoint.speed
Configure the trackpoint speed. By default, the kernel configures 97.
Type: signed integer
Default:
97
Example:
255
Declared by:
<nixpkgs/nixos/modules/tasks/trackpoint.nix>
|
hardware.u2f.enable
Enable U2F hardware support.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/u2f.nix>
|
hardware.usbWwan.enable
Enable this option to support USB WWAN adapters.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/usb-wwan.nix>
|
i18n.consoleColors
The 16 colors palette used by the virtual consoles. Leave empty to use the default colors. Colors must be in hexadecimal format and listed in order from color 0 to color 15.
Type: list of strings
Default:
[
]
Example:
[
"002b36" "dc322f" "859900" "b58900" "268bd2" "d33682" "2aa198" "eee8d5" "002b36" "cb4b16" "586e75" "657b83" "839496" "6c71c4" "93a1a1" "fdf6e3"
]
Declared by:
<nixpkgs/nixos/modules/config/i18n.nix>
|
i18n.consoleFont
The font used for the virtual consoles. Leave empty to use whatever the setfont program considers the default font.
Type: string
Default:
"Lat2-Terminus16"
Example:
"LatArCyrHeb-16"
Declared by:
<nixpkgs/nixos/modules/config/i18n.nix>
|
i18n.consoleKeyMap
The keyboard mapping table for the virtual consoles.
Type: string or path
Default:
"us"
Example:
"fr"
Declared by:
<nixpkgs/nixos/modules/config/i18n.nix>
|
i18n.consolePackages
List of additional packages that provide console fonts, keymaps and other resources.
Type: list of packages
Default:
"with pkgs.kbdKeymaps; [ dvp neo ]"
Declared by:
<nixpkgs/nixos/modules/config/i18n.nix>
|
i18n.consoleUseXkbConfig
If set, configure the console keymap from the xserver keyboard settings.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/i18n.nix>
|
i18n.defaultLocale
The default locale. It determines the language for program messages, the format for dates and times, sort order, and so on. It also determines the character set, such as UTF-8.
Type: string
Default:
"en_US.UTF-8"
Example:
"nl_NL.UTF-8"
Declared by:
<nixpkgs/nixos/modules/config/i18n.nix>
|
i18n.glibcLocales
Customized pkg.glibcLocales package.
Changing this option can disable handling of i18n.defaultLocale and supportedLocale.
Type: path
Default:
(build of glibc-locales-2.27)
Example:
pkgs.glibcLocales
Declared by:
<nixpkgs/nixos/modules/config/i18n.nix>
|
i18n.inputMethod.enabled
Select the enabled input method. Input methods is a software to input symbols that are not available on standard input devices.
Input methods are specially used to input Chinese, Japanese and Korean characters.
Currently the following input methods are available in NixOS:
ibus: The intelligent input bus, extra input engines can be added using i18n.inputMethod.ibus.engines
.
fcitx: A customizable lightweight input method, extra input engines can be added using i18n.inputMethod.fcitx.engines
.
nabi: A Korean input method based on XIM. Nabi doesn't support Qt 5.
uim: The universal input method, is a library with a XIM bridge. uim mainly support Chinese, Japanese and Korean.
Type: null or one of "ibus", "fcitx", "nabi", "uim"
Default:
null
Example:
"fcitx"
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/default.nix>
|
i18n.inputMethod.fcitx.engines
Enabled Fcitx engines. Available engines are: anthy
, chewing
, cloudpinyin
, hangul
, libpinyin
, m17n
, mozc
, rime
, skk
, table-extra
, table-other
, unikey
.
Type: list of packages
Default:
[
]
Example:
with pkgs.fcitx-engines; [ mozc hangul ]
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/fcitx.nix>
|
i18n.inputMethod.ibus.engines
Enabled IBus engines. Available engines are: anthy
, hangul
, kkc
, libpinyin
, m17n
, mozc
, table
, table-others
, typing-booster
, typing-booster-unwrapped
, uniemoji
.
Type: list of packages
Default:
[
]
Example:
with pkgs.ibus-engines; [ mozc hangul ]
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/ibus.nix>
|
i18n.inputMethod.ibus.panel
Replace the IBus panel with another panel.
Type: null or path
Default:
null
Example:
''${pkgs.plasma5.plasma-desktop}/lib/libexec/kimpanel-ibus-panel
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/ibus.nix>
|
i18n.inputMethod.uim.toolbar
selected UIM toolbar.
Type: one of "gtk", "gtk3", "gtk-systray", "gtk3-systray", "qt4"
Default:
"gtk"
Example:
"gtk-systray"
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/uim.nix>
|
i18n.supportedLocales
List of locales that the system should support. The value
"all"
means that all locales supported by
Glibc will be installed. A full list of supported locales
can be found at https://sourceware.org/git/?p=glibc.git;a=blob;f=localedata/SUPPORTED.
Type: list of strings
Default:
[
"all"
]
Example:
[
"en_US.UTF-8/UTF-8" "nl_NL.UTF-8/UTF-8" "nl_NL/ISO-8859-1"
]
Declared by:
<nixpkgs/nixos/modules/config/i18n.nix>
|
krb5.enable
Whether to enable Whether to enable Kerberos V..
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.appdefaults
Settings used by some Kerberos V5 applications.
Type: attribute set or string
Default:
{
}
Example:
{ pam = { debug = false; ticket_lifetime = 36000; renew_lifetime = 36000; max_timeout = 30; timeout_shift = 2; initial_timeout = 1; }; };
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.capaths
Authentication paths for non-hierarchical cross-realm authentication.
Type: attribute set or string
Default:
{
}
Example:
{ "ATHENA.MIT.EDU" = { "EXAMPLE.COM" = "."; }; "EXAMPLE.COM" = { "ATHENA.MIT.EDU" = "."; }; };
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.config
Verbatim krb5.conf
configuration. Note that this
is mutually exclusive with configuration via
libdefaults
, realms
,
domain_realm
, capaths
,
appdefaults
, plugins
and
extraConfig
configuration options. Consult
man krb5.conf
for documentation.
Type: null or string
Default:
null
Example:
'' [libdefaults] default_realm = EXAMPLE.COM [realms] EXAMPLE.COM = { admin_server = kerberos.example.com kdc = kerberos.example.com default_principal_flags = +preauth } [domain_realm] example.com = EXAMPLE.COM .example.com = EXAMPLE.COM [logging] kdc = SYSLOG:NOTICE admin_server = SYSLOG:NOTICE default = SYSLOG:NOTICE ''
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.defaultRealm
DEPRECATED, please use
krb5.libdefaults.default_realm
.
Type: null or string
Default:
null
Example:
"ATHENA.MIT.EDU"
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.domainRealm
DEPRECATED, please create a map of server hostnames to Kerberos realms
in krb5.domain_realm
.
Type: null or string
Default:
null
Example:
"athena.mit.edu"
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.domain_realm
Map of server hostnames to Kerberos realms.
Type: attribute set or string
Default:
{
}
Example:
{ "example.com" = "EXAMPLE.COM"; ".example.com" = "EXAMPLE.COM"; };
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.extraConfig
These lines go to the end of krb5.conf
verbatim.
krb5.conf
may include any of the relations that are
valid for kdc.conf
(see man
kdc.conf
), but it is not a recommended practice.
Type: null or string
Default:
null
Example:
'' [logging] kdc = SYSLOG:NOTICE admin_server = SYSLOG:NOTICE default = SYSLOG:NOTICE ''
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.kdc
DEPRECATED, please pass a kdc
attribute to a realm
in krb5.realms
.
Type: null or string
Default:
null
Example:
"kerberos.mit.edu"
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.kerberos
The Kerberos implementation that will be present in
environment.systemPackages
after enabling this
service.
Type: package
Default:
"pkgs.krb5Full"
Example:
pkgs.heimdalFull
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.kerberosAdminServer
DEPRECATED, please pass an admin_server
attribute
to a realm in krb5.realms
.
Type: null or string
Default:
null
Example:
"kerberos.mit.edu"
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.libdefaults
Settings used by the Kerberos V5 library.
Type: attribute set or string
Default:
{
}
Example:
{ default_realm = "ATHENA.MIT.EDU"; };
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.plugins
Controls plugin module registration.
Type: attribute set or string
Default:
{
}
Example:
{ ccselect = { disable = "k5identity"; }; };
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.realms
Realm-specific contact information and settings.
Type: attribute set or string
Default:
{
}
Example:
{ "ATHENA.MIT.EDU" = { admin_server = "athena.mit.edu"; kdc = "athena.mit.edu"; }; };
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
lib
This option allows modules to define helper functions, constants, etc.
Type: attribute set of attribute sets
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/misc/lib.nix>
|
nesting.children
Additional configurations to build.
Type: unspecified
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
|
nesting.clone
Additional configurations to build based on the current configuration which then has a lower priority.
To switch to a cloned configuration (e.g. child-1
)
at runtime, run
# sudo /run/current-system/fine-tune/child-1/bin/switch-to-configuration test
Type: unspecified
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
|
networking.enableB43Firmware
Turn on this option if you want firmware for the NICs supported by the b43 module.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/network/b43.nix>
|
networking.enableIPv6
Whether to enable support for IPv6.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bonds
This option allows you to define bond devices that aggregate multiple, underlying networking interfaces together. The value of this option is an attribute set. Each attribute specifies a bond, with the attribute name specifying the name of the bond's network interface
Type: attribute set of submodules
Default:
{
}
Example:
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bonds.<name>.driverOptions
Options for the bonding driver. Documentation can be found in https://www.kernel.org/doc/Documentation/networking/bonding.txt
Type: attribute set of strings
Default:
{
}
Example:
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bonds.<name>.interfaces
The interfaces to bond together
Type: list of strings
Example:
[
"enp4s0f0" "enp4s0f1" "wlan0"
]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bonds.<name>.lacp_rate
DEPRECATED, use `driverOptions`. Option specifying the rate in which we'll ask our link partner to transmit LACPDU packets in 802.3ad mode.
Type: null or string
Default:
null
Example:
"fast"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bonds.<name>.miimon
DEPRECATED, use `driverOptions`. Miimon is the number of millisecond in between each round of polling by the device driver for failed links. By default polling is not enabled and the driver is trusted to properly detect and handle failure scenarios.
Type: null or signed integer
Default:
null
Example:
100
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bonds.<name>.mode
DEPRECATED, use `driverOptions`. The mode which the bond will be running. The default mode for the bonding driver is balance-rr, optimizing for throughput. More information about valid modes can be found at https://www.kernel.org/doc/Documentation/networking/bonding.txt
Type: null or string
Default:
null
Example:
"active-backup"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bonds.<name>.xmit_hash_policy
DEPRECATED, use `driverOptions`. Selects the transmit hash policy to use for slave selection in balance-xor, 802.3ad, and tlb modes.
Type: null or string
Default:
null
Example:
"layer2+3"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bridges
This option allows you to define Ethernet bridge devices that connect physical networks together. The value of this option is an attribute set. Each attribute specifies a bridge, with the attribute name specifying the name of the bridge's network interface.
Type: attribute set of submodules
Default:
{
}
Example:
{
br0 =
{
interfaces =
[
"eth0" "eth1"
]
;
}
; br1 =
{
interfaces =
[
"eth2" "wlan0"
]
;
}
;
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bridges.<name>.interfaces
The physical network interfaces connected by the bridge.
Type: list of strings
Example:
[
"eth0" "eth1"
]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bridges.<name>.rstp
Whether the bridge interface should enable rstp.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.connman.enable
Whether to use ConnMan for managing your network connections.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
|
networking.connman.enableVPN
Whether to enable ConnMan VPN service.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
|
networking.connman.extraConfig
Configuration lines appended to the generated connman configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
|
networking.connman.extraFlags
Extra flags to pass to connmand
Type: list of strings
Default:
[
]
Example:
[
"--nodnsproxy"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
|
networking.connman.networkInterfaceBlacklist
Default blacklisted interfaces, this includes NixOS containers interfaces (ve).
Type: list of strings
Default:
[
"vmnet" "vboxnet" "virbr" "ifb" "ve"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
|
networking.defaultGateway
The default gateway. It can be left empty if it is auto-detected through DHCP. It can be specified as a string or an option set along with a network interface.
Type: null or submodule or string convertible to it
Default:
null
Example:
{
address = "131.211.84.1"; interface = "enp3s0";
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGateway.address
The default gateway address.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGateway.interface
The default gateway interface.
Type: null or string
Default:
null
Example:
"enp0s3"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGateway.metric
The default gateway metric/preference.
Type: null or signed integer
Default:
null
Example:
42
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGateway6
The default ipv6 gateway. It can be left empty if it is auto-detected through DHCP. It can be specified as a string or an option set along with a network interface.
Type: null or submodule or string convertible to it
Default:
null
Example:
{
address = "2001:4d0:1e04:895::1"; interface = "enp3s0";
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGateway6.address
The default gateway address.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGateway6.interface
The default gateway interface.
Type: null or string
Default:
null
Example:
"enp0s3"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGateway6.metric
The default gateway metric/preference.
Type: null or signed integer
Default:
null
Example:
42
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGatewayWindowSize
The window size of the default gateway. It limits maximal data bursts that TCP peers are allowed to send to us.
Type: null or signed integer
Default:
null
Example:
524288
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultMailServer.authPass
Password used for SMTP auth. (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
It's recommended to use authPassFile
which takes precedence over authPass
.
Type: string
Default:
""
Example:
"correctHorseBatteryStaple"
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
|
networking.defaultMailServer.authPassFile
Path to a file that contains the password used for SMTP auth. The file should not contain a trailing newline, if the password does not contain one. This file should be readable by the users that need to execute ssmtp.
authPassFile
takes precedence over authPass
.
Warning: when authPass
is non-empty authPassFile
defaults to a file in the WORLD-READABLE Nix store containing that password.
Type: null or string
Default:
null
Example:
"/run/keys/ssmtp-authpass"
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
|
networking.defaultMailServer.authUser
Username used for SMTP auth. Leave blank to disable.
Type: string
Default:
""
Example:
"foo@example.org"
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
|
networking.defaultMailServer.directDelivery
Use the trivial Mail Transfer Agent (MTA)
ssmtp package to allow programs to send
e-mail. If you don't want to run a “real” MTA like
sendmail or postfix on
your machine, set this option to true
, and
set the option
networking.defaultMailServer.hostName
to the
host name of your preferred mail server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
|
networking.defaultMailServer.domain
The domain from which mail will appear to be sent.
Type: string
Default:
""
Example:
"example.org"
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
|
networking.defaultMailServer.hostName
The host name of the default mail server to use to deliver e-mail. Can also contain a port number (ex: mail.example.org:587), defaults to port 25 if no port is given.
Type: string
Example:
"mail.example.org"
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
|
networking.defaultMailServer.root
The e-mail to which mail for users with UID < 1000 is forwarded.
Type: string
Default:
""
Example:
"root@example.org"
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
|
networking.defaultMailServer.setSendmail
Whether to set the system sendmail to ssmtp's.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
|
networking.defaultMailServer.useSTARTTLS
Whether the STARTTLS should be used to connect to the default mail server. (This is needed for TLS-capable mail servers running on the default SMTP port 25.)
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
|
networking.defaultMailServer.useTLS
Whether TLS should be used to connect to the default mail server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
|
networking.dhcpcd.enable
Whether to enable dhcpcd for device configuration. This is mainly to explicitly disable dhcpcd (for example when using networkd).
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
|
networking.dhcpcd.allowInterfaces
Enable the DHCP client for any interface whose name matches any of the shell glob patterns in this list. Any interface not explicitly matched by this pattern will be denied. This pattern only applies when non-null.
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
|
networking.dhcpcd.denyInterfaces
Disable the DHCP client for any interface whose name matches any of the shell glob patterns in this list. The purpose of this option is to blacklist virtual interfaces such as those created by Xen, libvirt, LXC, etc.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
|
networking.dhcpcd.extraConfig
Literal string to append to the config file generated for dhcpcd.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
|
networking.dhcpcd.persistent
Whenever to leave interfaces configured on dhcpcd daemon shutdown. Set to true if you have your root or store mounted over the network or this machine accepts SSH connections through DHCP interfaces and clients should be notified when it shuts down.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
|
networking.dhcpcd.runHook
Shell code that will be run after all other hooks. See `man dhcpcd-run-hooks` for details on what is possible.
Type: string
Default:
""
Example:
"if [[ \$reason =~ BOUND ]]; then echo \$interface: Routers are \$new_routers - were \$old_routers; fi"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
|
networking.dnsExtensionMechanism
Enable the edns0
option in resolv.conf
. With
that option set, glibc
supports use of the extension mechanisms for
DNS (EDNS) specified in RFC 2671. The most popular user of that feature is DNSSEC,
which does not work without it.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.dnsSingleRequest
Recent versions of glibc will issue both ipv4 (A) and ipv6 (AAAA) address queries at the same time, from the same port. Sometimes upstream routers will systemically drop the ipv4 queries. The symptom of this problem is that 'getent hosts example.com' only returns ipv6 (or perhaps only ipv4) addresses. The workaround for this is to specify the option 'single-request' in /etc/resolv.conf. This option enables that.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.domain
The domain. It can be left empty if it is auto-detected through DHCP.
Type: null or string
Default:
null
Example:
"home"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.extraHosts
Additional verbatim entries to be appended to /etc/hosts
.
Type: string
Default:
""
Example:
"192.168.0.1 lanlocalhost"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.extraResolvconfConf
Extra configuration to append to resolvconf.conf
.
Type: string
Default:
""
Example:
"libc=NO"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.firewall.enable
Whether to enable the firewall. This is a simple stateful firewall that blocks connection attempts to unauthorised TCP or UDP ports on this machine. It does not affect packet forwarding.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.allowPing
Whether to respond to incoming ICMPv4 echo requests ("pings"). ICMPv6 pings are always allowed because the larger address space of IPv6 makes network scanning much less effective.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.allowedTCPPortRanges
A range of TCP ports on which incoming connections are accepted.
Type: list of attribute set of signed integerss
Default:
[
]
Example:
[
{
from = 8999; to = 9003;
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.allowedTCPPorts
List of TCP ports on which incoming connections are accepted.
Type: list of signed integers
Default:
[
]
Example:
[
22 80
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.allowedUDPPortRanges
Range of open UDP ports.
Type: list of attribute set of signed integerss
Default:
[
]
Example:
[
{
from = 60000; to = 61000;
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.allowedUDPPorts
List of open UDP ports.
Type: list of signed integers
Default:
[
]
Example:
[
53
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.autoLoadConntrackHelpers
Whether to auto-load connection-tracking helpers. See the description at networking.firewall.connectionTrackingModules
(needs kernel 3.5+)
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.checkReversePath
Performs a reverse path filter test on a packet. If a reply to the packet would not be sent via the same interface that the packet arrived on, it is refused.
If using asymmetric routing or other complicated routing, set this option to loose mode or disable it and setup your own counter-measures.
This option can be either true (or "strict"), "loose" (only drop the packet if the source address is not reachable via any interface) or false. Defaults to the value of kernelHasRPFilter.
(needs kernel 3.3+)
Type: boolean or one of "strict", "loose"
Default:
true
Example:
"loose"
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.connectionTrackingModules
List of connection-tracking helpers that are auto-loaded. The complete list of possible values is given in the example.
As helpers can pose as a security risk, it is advised to set this to an empty list and disable the setting networking.firewall.autoLoadConntrackHelpers unless you know what you are doing. Connection tracking is disabled by default.
Loading of helpers is recommended to be done through the CT target. More info: https://home.regit.org/netfilter-en/secure-use-of-helpers/
Type: list of strings
Default:
[
]
Example:
[
"ftp" "irc" "sane" "sip" "tftp" "amanda" "h323" "netbios_sn" "pptp" "snmp"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.extraCommands
Additional shell commands executed as part of the firewall initialisation script. These are executed just before the final "reject" firewall rule is added, so they can be used to allow packets that would otherwise be refused.
Type: string
Default:
""
Example:
"iptables -A INPUT -p icmp -j ACCEPT"
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.extraPackages
Additional packages to be included in the environment of the system as well as the path of networking.firewall.extraCommands.
Type: list of packages
Default:
[
]
Example:
[ pkgs.ipset ]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.extraStopCommands
Additional shell commands executed as part of the firewall shutdown script. These are executed just after the removal of the NixOS input rule, or if the service enters a failed state.
Type: string
Default:
""
Example:
"iptables -P INPUT ACCEPT"
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.interfaces
Interface-specific open ports. Setting this value will override
all values of the networking.firewall.allowed*
options.
Type: attribute set of submodules
Default:
{
default =
{
allowedTCPPortRanges =
[
]
; allowedTCPPorts =
[
]
; allowedUDPPortRanges =
[
]
; allowedUDPPorts =
[
]
;
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.interfaces.<name>.allowedTCPPortRanges
A range of TCP ports on which incoming connections are accepted.
Type: list of attribute set of signed integerss
Default:
[
]
Example:
[
{
from = 8999; to = 9003;
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.interfaces.<name>.allowedTCPPorts
List of TCP ports on which incoming connections are accepted.
Type: list of signed integers
Default:
[
]
Example:
[
22 80
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.interfaces.<name>.allowedUDPPortRanges
Range of open UDP ports.
Type: list of attribute set of signed integerss
Default:
[
]
Example:
[
{
from = 60000; to = 61000;
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.interfaces.<name>.allowedUDPPorts
List of open UDP ports.
Type: list of signed integers
Default:
[
]
Example:
[
53
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.logRefusedConnections
Whether to log rejected or dropped incoming connections.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.logRefusedPackets
Whether to log all rejected or dropped incoming packets. This tends to give a lot of log messages, so it's mostly useful for debugging.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.logRefusedUnicastsOnly
If networking.firewall.logRefusedPackets
and this option are enabled, then only log packets
specifically directed at this machine, i.e., not broadcasts
or multicasts.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.logReversePathDrops
Logs dropped packets failing the reverse path filter test if the option networking.firewall.checkReversePath is enabled.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.pingLimit
If pings are allowed, this allows setting rate limits on them. If non-null, this option should be in the form of flags like "--limit 1/minute --limit-burst 5"
Type: null or string
Default:
null
Example:
"--limit 1/minute --limit-burst 5"
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.rejectPackets
If set, refused packets are rejected rather than dropped (ignored). This means that an ICMP "port unreachable" error message is sent back to the client (or a TCP RST packet in case of an existing connection). Rejecting packets makes port scanning somewhat easier.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.trustedInterfaces
Traffic coming in from these interfaces will be accepted unconditionally. Traffic from the loopback (lo) interface will always be accepted.
Type: list of strings
Default:
[
]
Example:
[
"enp0s2"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.hostConf
The contents of /etc/host.conf
. See also host.conf(5).
Type: string
Default:
"multi on"
Example:
'' multi on reorder on trim lan ''
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.hostId
The 32-bit host ID of the machine, formatted as 8 hexadecimal characters.
You should try to make this ID unique among your machines. You can generate a random 32-bit ID using the following commands:
head -c 8 /etc/machine-id
(this derives it from the machine-id that systemd generates) or
head -c4 /dev/urandom | od -A none -t x4
Type: null or string
Default:
null
Example:
"4e98920d"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.hostName
The name of the machine. Leave it empty if you want to obtain it from a DHCP server (if using DHCP).
Type: string
Default:
"nixos"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.hosts
Locally defined maps of hostnames to IP addresses.
Type: attribute set of list of stringss
Default:
{
}
Example:
{ "127.0.0.1" = [ "foo.bar.baz" ]; "192.168.0.2" = [ "fileserver.local" "nameserver.local" ]; };
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.interfaces
The configuration for each network interface. If
networking.useDHCP
is true, then every
interface not listed here will be configured using DHCP.
Type: list or attribute set of submodules
Default:
{
}
Example:
{
eth0 =
{
ipv4 =
{
addresses =
[
{
address = "131.211.84.78"; prefixLength = 25;
}
]
;
}
;
}
;
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.ipv4.addresses
List of IPv4 addresses that will be statically assigned to the interface.
Type: list of submodules
Default:
[
]
Example:
[
{
address = "10.0.0.1"; prefixLength = 16;
}
{
address = "192.168.1.1"; prefixLength = 24;
}
]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.ipv4.addresses.*.address
IPv4 address of the interface. Leave empty to configure the interface using DHCP.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.ipv4.addresses.*.prefixLength
Subnet mask of the interface, specified as the number of
bits in the prefix (24
).
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.ipv4.routes
List of extra IPv4 static routes that will be assigned to the interface.
Type: list of submodules
Default:
[
]
Example:
[
{
address = "10.0.0.0"; prefixLength = 16;
}
{
address = "192.168.2.0"; prefixLength = 24; via = "192.168.1.1";
}
]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.ipv4.routes.*.address
IPv4 address of the network.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.ipv4.routes.*.options
Other route options. See the symbol OPTIONS
in the ip-route(8)
manual page for the details.
Type: attribute set of strings
Default:
{
}
Example:
{
mtu = "1492"; window = "524288";
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.ipv4.routes.*.prefixLength
Subnet mask of the network, specified as the number of
bits in the prefix (24
).
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.ipv4.routes.*.via
IPv4 address of the next hop.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.ipv6.addresses
List of IPv6 addresses that will be statically assigned to the interface.
Type: list of submodules
Default:
[
]
Example:
[
{
address = "fdfd:b3f0:482::1"; prefixLength = 48;
}
{
address = "2001:1470:fffd:2098::e006"; prefixLength = 64;
}
]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.ipv6.addresses.*.address
IPv6 address of the interface. Leave empty to configure the interface using DHCP.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.ipv6.addresses.*.prefixLength
Subnet mask of the interface, specified as the number of
bits in the prefix (64
).
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.ipv6.routes
List of extra IPv6 static routes that will be assigned to the interface.
Type: list of submodules
Default:
[
]
Example:
[
{
address = "fdfd:b3f0::"; prefixLength = 48;
}
{
address = "2001:1470:fffd:2098::"; prefixLength = 64; via = "fdfd:b3f0::1";
}
]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.ipv6.routes.*.address
IPv6 address of the network.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.ipv6.routes.*.options
Other route options. See the symbol OPTIONS
in the ip-route(8)
manual page for the details.
Type: attribute set of strings
Default:
{
}
Example:
{
mtu = "1492"; window = "524288";
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.ipv6.routes.*.prefixLength
Subnet mask of the network, specified as the number of
bits in the prefix (64
).
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.ipv6.routes.*.via
IPv6 address of the next hop.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.macAddress
MAC address of the interface. Leave empty to use the default.
Type: null or string
Default:
null
Example:
"00:11:22:33:44:55"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.mtu
MTU size for packets leaving the interface. Leave empty to use the default.
Type: null or signed integer
Default:
null
Example:
9000
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.name
Name of the interface.
Type: string
Example:
"eth0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.preferTempAddress
When using SLAAC prefer a temporary (IPv6) address over the EUI-64 address for originating connections. This is used to reduce tracking.
Type: boolean
Default:
config.networking.enableIPv6
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.proxyARP
Turn on proxy_arp for this device (and proxy_ndp for ipv6). This is mainly useful for creating pseudo-bridges between a real interface and a virtual network such as VPN or a virtual machine for interfaces that don't support real bridging (most wlan interfaces). As ARP proxying acts slightly above the link-layer, below-ip traffic isn't bridged, so things like DHCP won't work. The advantage above using NAT lies in the fact that no IP addresses are shared, so all hosts are reachable/routeable.
WARNING: turns on ip-routing, so if you have multiple interfaces, you should think of the consequence and setup firewall rules to limit this.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.useDHCP
Whether this interface should be configured with dhcp. Null implies the old behavior which depends on whether ip addresses are specified or not.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.virtual
Whether this interface is virtual and should be created by tunctl. This is mainly useful for creating bridges between a host and a virtual network such as VPN or a virtual machine.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.virtualOwner
In case of a virtual device, the user who owns it.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name?>.virtualType
The type of interface to create. The default is TUN for an interface name starting with "tun", otherwise TAP.
Type: one of "tun", "tap"
Default:
if hasPrefix "tun" name then "tun" else "tap"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.iproute2.enable
Whether to enable copy IP route configuration files.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/config/iproute2.nix>
|
networking.iproute2.rttablesExtraConfig
Verbatim lines to add to /etc/iproute2/rt_tables
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/iproute2.nix>
|
networking.localCommands
Shell commands to be executed at the end of the
network-setup
systemd service. Note that if
you are using DHCP to obtain the network configuration,
interfaces may not be fully configured yet.
Type: string
Default:
""
Example:
"text=anything; echo You can put \$text here."
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.macvlans
This option allows you to define macvlan interfaces which should be automatically created.
Type: attribute set of submodules
Default:
{
}
Example:
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.macvlans.<name>.interface
The interface the macvlan will transmit packets through.
Type: string
Example:
"enp4s0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.macvlans.<name>.mode
The mode of the macvlan device.
Type: null or string
Default:
null
Example:
"vepa"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.nameservers
The list of nameservers. It can be left empty if it is auto-detected through DHCP.
Type: list of strings
Default:
[
]
Example:
[
"130.161.158.4" "130.161.33.17"
]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.nat.enable
Whether to enable Network Address Translation (NAT).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.dmzHost
The local IP address to which all traffic that does not match any forwarding rule is forwarded.
Type: null or string
Default:
null
Example:
"10.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.externalIP
The public IP address to which packets from the local network are to be rewritten. If this is left empty, the IP address associated with the external interface will be used.
Type: null or string
Default:
null
Example:
"203.0.113.123"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.externalInterface
The name of the external network interface.
Type: null or string
Default:
null
Example:
"eth1"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.extraCommands
Additional shell commands executed as part of the nat initialisation script.
Type: string
Default:
""
Example:
"iptables -A INPUT -p icmp -j ACCEPT"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.extraStopCommands
Additional shell commands executed as part of the nat teardown script.
Type: string
Default:
""
Example:
"iptables -D INPUT -p icmp -j ACCEPT || true"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.forwardPorts
List of forwarded ports from the external interface to internal destinations by using DNAT.
Type: list of submodules
Default:
[
]
Example:
[
{
destination = "10.0.0.1:80"; proto = "tcp"; sourcePort = 8080;
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.forwardPorts.*.destination
Forward connection to destination ip:port; to specify a port range, use ip:start-end
Type: string
Example:
"10.0.0.1:80"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.forwardPorts.*.loopbackIPs
Public IPs for NAT reflection; for connections to `loopbackip:sourcePort' from the host itself and from other hosts behind NAT
Type: list of strings
Default:
[
]
Example:
[ "55.1.2.3" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.forwardPorts.*.proto
Protocol of forwarded connection
Type: string
Default:
"tcp"
Example:
"udp"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.forwardPorts.*.sourcePort
Source port of the external interface; to specify a port range, use a string with a colon (e.g. "60000:61000")
Type: signed integer or string matching the pattern [[:digit:]]+:[[:digit:]]+
Example:
8080
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.internalIPs
The IP address ranges for which to perform NAT. Packets coming from these addresses (on any interface) and destined for the external interface will be rewritten.
Type: list of strings
Default:
[
]
Example:
[
"192.168.1.0/24"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.internalInterfaces
The interfaces for which to perform NAT. Packets coming from these interface and destined for the external interface will be rewritten.
Type: list of strings
Default:
[
]
Example:
[
"eth0"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.networkmanager.enable
Whether to use NetworkManager to obtain an IP address and other
configuration for all network interfaces that are not manually
configured. If enabled, a group networkmanager
will be created. Add all users that should have permission
to change network settings to this group.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.enableStrongSwan
Enable the StrongSwan plugin.
If you enable this option the
networkmanager_strongswan
plugin will be added to
the networking.networkmanager.packages
option
so you don't need to to that yourself.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.packages
Extra packages that provide NetworkManager plugins.
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.appendNameservers
A list of name servers that should be appended to the ones configured in NetworkManager or received by DHCP.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.dhcp
Which program (or internal library) should be used for DHCP.
Type: one of "dhclient", "dhcpcd", "internal"
Default:
"dhclient"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.dispatcherScripts
A list of scripts which will be executed in response to network events.
Type: list of submodules
Default:
[
]
Example:
[ { source = pkgs.writeText "upHook" '' if [ "$2" != "up" ]; then logger "exit: event $2 != up" fi # coreutils and iproute are in PATH too logger "Device $DEVICE_IFACE coming up" ''; type = "basic"; } ]
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.dispatcherScripts.*.source
Path to the hook script.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.dispatcherScripts.*.type
Dispatcher hook type. Look up the hooks described at https://developer.gnome.org/NetworkManager/stable/NetworkManager.html and choose the type depending on the output folder. You should then filter the event type (e.g., "up"/"down") from within your script.
Type: one of "basic", "pre-down", "pre-up"
Default:
"basic"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.dns
Set the DNS (resolv.conf
) processing mode.
Options:
"default"
NetworkManager will update /etc/resolv.conf
to
reflect the nameservers provided by currently active connections.
"dnsmasq"
Enable NetworkManager's dnsmasq integration. NetworkManager will
run dnsmasq as a local caching nameserver, using a "split DNS"
configuration if you are connected to a VPN, and then update
resolv.conf
to point to the local nameserver.
It is possible to pass custom options to the dnsmasq instance by
adding them to files in the
/etc/NetworkManager/dnsmasq.d/
directory.
When multiple upstream servers are available, dnsmasq will
initially contact them in parallel and then use the fastest to
respond, probing again other servers after some time. This
behavior can be modified passing the
all-servers
or strict-order
options to dnsmasq (see the manual page for more details).
Note that this option causes NetworkManager to launch and manage
its own instance of the dnsmasq daemon, which is
not the same as setting
services.dnsmasq.enable = true;
.
"unbound"
NetworkManager will talk to unbound and dnssec-triggerd,
providing a "split DNS" configuration with DNSSEC support.
/etc/resolv.conf
will be managed by
dnssec-trigger daemon.
"systemd-resolved"
NetworkManager will push the DNS configuration to systemd-resolved.
"none"
NetworkManager will not modify resolv.conf.
Type: one of "default", "dnsmasq", "unbound", "systemd-resolved", "none"
Default:
"default"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.dynamicHosts.enable
Enabling this option requires the
networking.networkmanager.dns
option to be
set to dnsmasq
. If enabled, the directories
defined by the
networking.networkmanager.dynamicHosts.hostsDirs
option will be set up when the service starts. The dnsmasq instance
managed by NetworkManager will then watch those directories for
hosts files (see the --hostsdir
option of
dnsmasq). This way a non-privileged user can add or override DNS
entries on the local system (depending on what hosts directories
that are configured)..
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.dynamicHosts.hostsDirs
Defines a set of directories (relative to
/run/NetworkManager/hostdirs
) that dnsmasq will
watch for hosts files.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.dynamicHosts.hostsDirs.<name>.group
The group that will own the hosts directory.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.dynamicHosts.hostsDirs.<name>.user
The user that will own the hosts directory.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.ethernet.macAddress
"XX:XX:XX:XX:XX:XX": MAC address of the interface.
permanent
: use the permanent MAC address of the device.
preserve
: don’t change the MAC address of the device upon activation.
random
: generate a randomized value upon each connect.
stable
: generate a stable, hashed MAC address.
Type: string or one of "permanent", "preserve", "random", "stable"
Default:
"preserve"
Example:
"00:11:22:33:44:55"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.extraConfig
Configuration appended to the generated NetworkManager.conf.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.insertNameservers
A list of name servers that should be inserted before the ones configured in NetworkManager or received by DHCP.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.logLevel
Set the default logging verbosity level.
Type: one of "OFF", "ERR", "WARN", "INFO", "DEBUG", "TRACE"
Default:
"WARN"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.unmanaged
List of interfaces that will not be managed by NetworkManager. Interface name can be specified here, but if you need more fidelity see "Device List Format" in NetworkManager.conf man page.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.wifi.macAddress
"XX:XX:XX:XX:XX:XX": MAC address of the interface.
permanent
: use the permanent MAC address of the device.
preserve
: don’t change the MAC address of the device upon activation.
random
: generate a randomized value upon each connect.
stable
: generate a stable, hashed MAC address.
Type: string or one of "permanent", "preserve", "random", "stable"
Default:
"preserve"
Example:
"00:11:22:33:44:55"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.wifi.powersave
Whether to enable Wi-Fi power saving.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.wifi.scanRandMacAddress
Whether to enable MAC address randomization of a Wi-Fi device during scanning.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.nftables.enable
Whether to enable nftables. nftables is a Linux-based packet filtering framework intended to replace frameworks like iptables.
This conflicts with the standard networking firewall, so make sure to disable it before using nftables.
Note that if you have Docker enabled you will not be able to use nftables without intervention. Docker uses iptables internally to setup NAT for containers. This module disables the ip_tables kernel module, however Docker automatically loads the module. Please see [1] for more information.
There are other programs that use iptables internally too, such as libvirt.
[1]: https://github.com/NixOS/nixpkgs/issues/24318#issuecomment-289216273
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/nftables.nix>
|
networking.nftables.ruleset
The ruleset to be used with nftables. Should be in a format that can be loaded using "/bin/nft -f". The ruleset is updated atomically.
Type: string
Example:
'' # Check out https://wiki.nftables.org/ for better documentation. # Table for both IPv4 and IPv6. table inet filter { # Block all incomming connections traffic except SSH and "ping". chain input { type filter hook input priority 0; # accept any localhost traffic iifname lo accept # accept traffic originated from us ct state {established, related} accept # ICMP # routers may also want: mld-listener-query, nd-router-solicit ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept ip protocol icmp icmp type { destination-unreachable, router-advertisement, time-exceeded, parameter-problem } accept # allow "ping" ip6 nexthdr icmp icmpv6 type echo-request accept ip protocol icmp icmp type echo-request accept # accept SSH connections (required for a server) tcp dport 22 accept # count and drop any other traffic counter drop } # Allow all outgoing connections. chain output { type filter hook output priority 0; accept } chain forward { type filter hook forward priority 0; accept } } ''
Declared by:
<nixpkgs/nixos/modules/services/networking/nftables.nix>
|
networking.nftables.rulesetFile
The ruleset file to be used with nftables. Should be in a format that can be loaded using "nft -f". The ruleset is updated atomically.
Type: path
Default:
(build of nftables-rules)
Declared by:
<nixpkgs/nixos/modules/services/networking/nftables.nix>
|
networking.proxy.allProxy
This option specifies the all_proxy environment variable.
Type: null or string
Default:
null
Example:
"http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.proxy.default
This option specifies the default value for httpProxy, httpsProxy, ftpProxy and rsyncProxy.
Type: null or string
Default:
null
Example:
"http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.proxy.ftpProxy
This option specifies the ftp_proxy environment variable.
Type: null or string
Default:
null
Example:
"http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.proxy.httpProxy
This option specifies the http_proxy environment variable.
Type: null or string
Default:
null
Example:
"http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.proxy.httpsProxy
This option specifies the https_proxy environment variable.
Type: null or string
Default:
null
Example:
"http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.proxy.noProxy
This option specifies the no_proxy environment variable. If a default proxy is used and noProxy is null, then noProxy will be set to 127.0.0.1,localhost.
Type: null or string
Default:
null
Example:
"127.0.0.1,localhost,.localdomain"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.proxy.rsyncProxy
This option specifies the rsync_proxy environment variable.
Type: null or string
Default:
null
Example:
"http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.resolvconfOptions
Set the options in /etc/resolv.conf
.
Type: list of strings
Default:
[
]
Example:
[
"ndots:1" "rotate"
]
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.rxe.enable
Whether to enable RDMA over converged ethernet.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/rxe.nix>
|
networking.rxe.interfaces
Enable RDMA on the listed interfaces. The corresponding virtual RDMA interfaces will be named rxe0 ... rxeN where the ordering will be as they are named in the list. UDP port 4791 must be open on the respective ethernet interfaces.
Type: list of strings
Default:
[
]
Example:
[
"eth0"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/rxe.nix>
|
networking.search
The list of search paths used when resolving domain names.
Type: list of strings
Default:
[
]
Example:
[
"example.com" "local.domain"
]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.sits
This option allows you to define 6-to-4 interfaces which should be automatically created.
Type: attribute set of submodules
Default:
{
}
Example:
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.sits.<name>.dev
The underlying network device on which the tunnel resides.
Type: null or string
Default:
null
Example:
"enp4s0f0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.sits.<name>.local
The address of the local endpoint which the remote side should send packets to.
Type: null or string
Default:
null
Example:
"10.0.0.22"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.sits.<name>.remote
The address of the remote endpoint to forward traffic over.
Type: null or string
Default:
null
Example:
"10.0.0.1"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.sits.<name>.ttl
The time-to-live of the connection to the remote tunnel endpoint.
Type: null or signed integer
Default:
null
Example:
255
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.supplicant
Interfaces for which to start wpa_supplicant. The supplicant is used to scan for and associate with wireless networks, or to authenticate with 802.1x capable network switches.
The value of this option is an attribute set. Each attribute configures a
wpa_supplicant service, where the attribute name specifies
the name of the interface that wpa_supplicant operates on.
The attribute name can be a space separated list of interfaces.
The attribute names WLAN
, LAN
and DBUS
have a special meaning. WLAN
and LAN
are
configurations for universal wpa_supplicant service that is
started for each WLAN interface or for each LAN interface, respectively.
DBUS
defines a device-unrelated wpa_supplicant
service that can be accessed through D-Bus
.
Type: attribute set of submodules
Default:
{
}
Example:
{ "wlan0 wlan1" = { configFile.path = "/etc/wpa_supplicant.conf"; userControlled.group = "network"; extraConf = '' ap_scan=1 p2p_disabled=1 ''; extraCmdArgs = "-u -W"; bridge = "br0"; }; }
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.bridge
Name of the bridge interface that wpa_supplicant should listen at.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.configFile.path
External wpa_supplicant.conf
configuration file.
The configuration options defined declaratively within networking.supplicant
have
precedence over options defined in configFile
.
Type: null or path
Default:
null
Example:
/etc/wpa_supplicant.conf
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.configFile.writable
Whether the configuration file at configFile.path
should be written to by
wpa_supplicant
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.driver
Force a specific wpa_supplicant driver.
Type: null or string
Default:
"nl80211,wext"
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.extraCmdArgs
Command line arguments to add when executing wpa_supplicant
.
Type: string
Default:
""
Example:
"-e/var/run/wpa_supplicant/entropy.bin"
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.extraConf
Configuration options for wpa_supplicant.conf
.
Options defined here have precedence over options in configFile
.
NOTE: Do not write sensitive data into extraConf
as it will
be world-readable in the nix-store
. For sensitive information
use the configFile
instead.
Type: string
Default:
""
Example:
'' ap_scan=1 device_name=My-NixOS-Device device_type=1-0050F204-1 driver_param=use_p2p_group_interface=1 disable_scan_offload=1 p2p_listen_reg_class=81 p2p_listen_channel=1 p2p_oper_reg_class=81 p2p_oper_channel=1 manufacturer=NixOS model_name=NixOS_Unstable model_number=2015 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.userControlled.enable
Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli. This is useful for laptop users that switch networks a lot and don't want to depend on a large package such as NetworkManager just to pick nearby access points.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.userControlled.group
Members of this group can control wpa_supplicant.
Type: string
Default:
"wheel"
Example:
"network"
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.userControlled.socketDir
Directory of sockets for controlling wpa_supplicant.
Type: string
Default:
"/var/run/wpa_supplicant"
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.tcpcrypt.enable
Whether to enable opportunistic TCP encryption. If the other end speaks Tcpcrypt, then your traffic will be encrypted; otherwise it will be sent in clear text. Thus, Tcpcrypt alone provides no guarantees -- it is best effort. If, however, a Tcpcrypt connection is successful and any attackers that exist are passive, then Tcpcrypt guarantees privacy.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/tcpcrypt.nix>
|
networking.timeServers
The set of NTP servers from which to synchronise.
Type: unspecified
Default:
[
"0.nixos.pool.ntp.org" "1.nixos.pool.ntp.org" "2.nixos.pool.ntp.org" "3.nixos.pool.ntp.org"
]
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.useDHCP
Whether to use DHCP to obtain an IP address and other configuration for all network interfaces that are not manually configured.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.useHostResolvConf
In containers, whether to use the
resolv.conf
supplied by the host.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.useNetworkd
Whether we should use networkd as the network configuration backend or the legacy script based system. Note that this option is experimental, enable at your own risk.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.usePredictableInterfaceNames
Whether to assign predictable
names to network interfaces. If enabled, interfaces
are assigned names that contain topology information
(e.g. wlp3s0
) and thus should be stable
across reboots. If disabled, names depend on the order in
which interfaces are discovered by the kernel, which may
change randomly across reboots; for instance, you may find
eth0
and eth1
flipping
unpredictably.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
networking.vlans
This option allows you to define vlan devices that tag packets on top of a physical interface. The value of this option is an attribute set. Each attribute specifies a vlan, with the name specifying the name of the vlan interface.
Type: attribute set of submodules
Default:
{
}
Example:
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vlans.<name>.id
The vlan identifier
Type: signed integer
Example:
1
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vlans.<name>.interface
The interface the vlan will transmit packets through.
Type: string
Example:
"enp4s0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vpnc.services
The names of cisco VPNs and their associated definitions
Type: attribute set of strings
Default:
{
}
Example:
{ test = '' IPSec gateway 192.168.1.1 IPSec ID someID IPSec secret secretKey Xauth username name Xauth password pass ''; }
Declared by:
<nixpkgs/nixos/modules/config/vpnc.nix>
|
networking.vswitches
This option allows you to define Open vSwitches that connect physical networks together. The value of this option is an attribute set. Each attribute specifies a vswitch, with the attribute name specifying the name of the vswitch's network interface.
Type: attribute set of submodules
Default:
{
}
Example:
{
vs0 =
{
interfaces =
[
"eth0" "eth1"
]
;
}
; vs1 =
{
interfaces =
[
"eth2" "wlan0"
]
;
}
;
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vswitches.<name>.controllers
Specify the controller targets. For the allowed options see man 8 ovs-vsctl
.
Type: list of strings
Default:
[
]
Example:
[
"ptcp:6653:[::1]"
]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vswitches.<name>.extraOvsctlCmds
Commands to manipulate the Open vSwitch database. Every line executed with ovs-vsctl
.
All commands are bundled together with the operations for adding the interfaces
into one atomic operation.
Type: string
Default:
""
Example:
'' set-fail-mode <switch_name> secure set Bridge <switch_name> stp_enable=true ''
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vswitches.<name>.interfaces
The physical network interfaces connected by the vSwitch.
Type: list of strings
Example:
[
"eth0" "eth1"
]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vswitches.<name>.openFlowRules
OpenFlow rules to insert into the Open vSwitch. All openFlowRules
are
loaded with ovs-ofctl
within one atomic operation.
Type: string
Default:
""
Example:
'' actions=normal ''
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.wicd.enable
Whether to start wicd. Wired and wireless network configurations can then be managed by wicd-client.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/wicd.nix>
|
networking.wireguard.interfaces
Wireguard interfaces.
Type: attribute set of submodules
Default:
{
}
Example:
{
wg0 =
{
ips =
[
"192.168.20.4/24"
]
; peers =
[
{
allowedIPs =
[
"192.168.20.1/32"
]
; endpoint = "demo.wireguard.io:12913"; publicKey = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=";
}
]
; privateKey = "yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk=";
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.allowedIPsAsRoutes
Determines whether to add allowed IPs as routes or not.
Type: boolean
Default:
true
Example:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.ips
The IP addresses of the interface.
Type: list of strings
Default:
[
]
Example:
[
"192.168.2.1/24"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.listenPort
16-bit port for listening. Optional; if not specified, automatically generated based on interface name.
Type: null or signed integer
Default:
null
Example:
51820
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers
Peers linked to the interface.
Type: list of submodules
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers.*.allowedIPs
List of IP (v4 or v6) addresses with CIDR masks from which this peer is allowed to send incoming traffic and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
Type: list of strings
Example:
[
"10.192.122.3/32" "10.192.124.1/24"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers.*.endpoint
Endpoint IP or hostname of the peer, followed by a colon, and then a port number of the peer.
Type: null or string
Default:
null
Example:
"demo.wireguard.io:12913"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers.*.persistentKeepalive
This is optional and is by default off, because most users will not need it. It represents, in seconds, between 1 and 65535 inclusive, how often to send an authenticated empty packet to the peer, for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds; however, most users will not need this.
Type: null or signed integer
Default:
null
Example:
25
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers.*.presharedKey
Base64 preshared key generated by wg genpsk. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
Warning: Consider using presharedKeyFile instead if you do not want to store the key in the world-readable Nix store.
Type: null or string
Default:
null
Example:
"rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I="
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers.*.presharedKeyFile
File pointing to preshared key as generated by wg pensk. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
Type: null or string
Default:
null
Example:
"/private/wireguard_psk"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers.*.publicKey
The base64 public key the peer.
Type: string
Example:
"xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg="
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.postSetup
Commands called at the end of the interface setup.
Type: string or list of strings convertible to it
Default:
""
Example:
printf "nameserver 10.200.100.1" | ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.postShutdown
Commands called after shutting down the interface.
Type: string or list of strings convertible to it
Default:
""
Example:
${pkgs.openresolv}/bin/resolvconf -d wg0
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.preSetup
Commands called at the start of the interface setup.
Type: string or list of strings convertible to it
Default:
""
Example:
${pkgs.iproute}/bin/ip netns add foo
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.privateKey
Base64 private key generated by wg genkey.
Warning: Consider using privateKeyFile instead if you do not want to store the key in the world-readable Nix store.
Type: null or string
Default:
null
Example:
"yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk="
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.privateKeyFile
Private key file as generated by wg genkey.
Type: null or string
Default:
null
Example:
"/private/wireguard_key"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.table
The kernel routing table to add this interface's associated routes to. Setting this is useful for e.g. policy routing ("ip rule") or virtual routing and forwarding ("ip vrf"). Both numeric table IDs and table names (/etc/rt_tables) can be used. Defaults to "main".
Type: string
Default:
"main"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireless.enable
Whether to enable wpa_supplicant.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.driver
Force a specific wpa_supplicant driver.
Type: string
Default:
"nl80211,wext"
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.extraConfig
Extra lines appended to the configuration file. See wpa_supplicant.conf(5) for available options.
Type: string
Default:
""
Example:
'' p2p_disabled=1 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.interfaces
The interfaces wpa_supplicant will use. If empty, it will automatically use all wireless interfaces.
Type: list of strings
Default:
[
]
Example:
[
"wlan0" "wlan1"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.iwd.enable
Whether to enable iwd.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/iwd.nix>
|
networking.wireless.networks
The network definitions to automatically connect to when wpa_supplicant is running. If this parameter is left empty wpa_supplicant will use /etc/wpa_supplicant.conf as the configuration file.
Type: attribute set of submodules
Default:
{
}
Example:
{ echelon = { psk = "abcdefgh"; }; "free.wifi" = {}; }
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.networks.<name>.auth
Use this option to configure advanced authentication methods like EAP. See wpa_supplicant.conf(5) for example configurations.
Mutually exclusive with psk
and pskRaw
.
Type: null or string
Default:
null
Example:
'' key_mgmt=WPA-EAP eap=PEAP identity="user@example.com" password="secret" ''
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.networks.<name>.extraConfig
Extra configuration lines appended to the network block. See wpa_supplicant.conf(5) for available options.
Type: string
Default:
""
Example:
'' bssid_blacklist=02:11:22:33:44:55 02:22:aa:44:55:66 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.networks.<name>.hidden
Set this to true
if the SSID of the network is hidden.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.networks.<name>.priority
By default, all networks will get same priority group (0). If some of the networks are more desirable, this field can be used to change the order in which wpa_supplicant goes through the networks when selecting a BSS. The priority groups will be iterated in decreasing priority (i.e., the larger the priority value, the sooner the network is matched against the scan results). Within each priority group, networks will be selected based on security policy, signal strength, etc.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.networks.<name>.psk
The network's pre-shared key in plaintext defaulting to being a network without any authentication.
Be aware that these will be written to the nix store in plaintext!
Mutually exclusive with pskRaw
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.networks.<name>.pskRaw
The network's pre-shared key in hex defaulting to being a network without any authentication.
Mutually exclusive with psk
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.userControlled.enable
Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli. This is useful for laptop users that switch networks a lot and don't want to depend on a large package such as NetworkManager just to pick nearby access points.
When using a declarative network specification you cannot persist any settings via wpa_gui or wpa_cli.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.userControlled.group
Members of this group can control wpa_supplicant.
Type: string
Default:
"wheel"
Example:
"network"
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wlanInterfaces
Creating multiple WLAN interfaces on top of one physical WLAN device (NIC).
The name of the WLAN interface corresponds to the name of the attribute.
A NIC is referenced by the persistent device name of the WLAN interface that
udev
assigns to a NIC by default.
If a NIC supports multiple WLAN interfaces, then the one NIC can be used as
device
for multiple WLAN interfaces.
If a NIC is used for creating WLAN interfaces, then the default WLAN interface
with a persistent device name form udev
is not created.
A WLAN interface with the persistent name assigned from udev
would have to be created explicitly.
Type: attribute set of submodules
Default:
{
}
Example:
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.wlanInterfaces.<name>.device
The name of the underlying hardware WLAN device as assigned by udev
.
Type: string
Example:
"wlp6s0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.wlanInterfaces.<name>.flags
Flags for interface of type monitor
.
Type: null or one of "none", "fcsfail", "control", "otherbss", "cook", "active"
Default:
null
Example:
"control"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.wlanInterfaces.<name>.fourAddr
Whether to enable 4-address mode
with type managed
.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.wlanInterfaces.<name>.mac
MAC address to use for the device. If null
, then the MAC of the
underlying hardware WLAN device is used.
INFO: Locally administered MAC addresses are of the form:
x2:xx:xx:xx:xx:xx
x6:xx:xx:xx:xx:xx
xA:xx:xx:xx:xx:xx
xE:xx:xx:xx:xx:xx
Type: null or string
Default:
null
Example:
"02:00:00:00:00:01"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.wlanInterfaces.<name>.meshID
MeshID of interface with type mesh
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.wlanInterfaces.<name>.type
The type of the WLAN interface. The type has to be supported by the underlying hardware of the device.
Type: one of "managed", "ibss", "monitor", "mesh", "wds"
Default:
"managed"
Example:
"ibss"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
nix.package
This option specifies the Nix package instance to use throughout the system.
Type: package
Default:
"pkgs.nix"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.allowedUsers
A list of names of users (separated by whitespace) that are
allowed to connect to the Nix daemon. As with
nix.trustedUsers
, you can specify groups by
prefixing them with @
. Also, you can
allow all users by specifying *
. The
default is *
. Note that trusted users are
always allowed to connect.
Type: list of strings
Default:
[
"*"
]
Example:
[
"@wheel" "@builders" "alice" "bob"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.autoOptimiseStore
If set to true, Nix automatically detects files in the store that have identical contents, and replaces them with hard links to a single copy. This saves disk space. If set to false (the default), you can still run nix-store --optimise to get rid of duplicate files.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.binaryCachePublicKeys
List of public keys used to sign binary caches. If
nix.requireSignedBinaryCaches
is enabled,
then Nix will use a binary from a binary cache if and only
if it is signed by any of the keys
listed here. By default, only the key for
cache.nixos.org
is included.
Type: list of strings
Example:
[
"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.binaryCaches
List of binary cache URLs used to obtain pre-built binaries of Nix packages.
Type: list of strings
Default:
[
"https://cache.nixos.org/"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.buildCores
This option defines the maximum number of concurrent tasks during one build. It affects, e.g., -j option for make. The default is 1. The special value 0 means that the builder should use all available CPU cores in the system. Some builds may become non-deterministic with this option; use with care! Packages will only be affected if enableParallelBuilding is set for them.
Type: signed integer
Default:
1
Example:
64
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.buildMachines
This option lists the machines to be used if distributed
builds are enabled (see
nix.distributedBuilds
). Nix will perform
derivations on those machines via SSH by copying the inputs
to the Nix store on the remote machine, starting the build,
then copying the output back to the local Nix store. Each
element of the list should be an attribute set containing
the machine's host name (hostname
), the
user name to be used for the SSH connection
(sshUser
), the Nix system type
(system
, e.g.,
"i686-linux"
), the maximum number of
jobs to be run in parallel on that machine
(maxJobs
), the path to the SSH private
key to be used to connect (sshKey
), a
list of supported features of the machine
(supportedFeatures
) and a list of
mandatory features of the machine
(mandatoryFeatures
). The SSH private key
should not have a passphrase, and the corresponding public
key should be added to
~
on the remote machine.
sshUser
/authorized_keys
Type: list of attribute sets
Default:
[
]
Example:
[ { hostName = "voila.labs.cs.uu.nl"; sshUser = "nix"; sshKey = "/root/.ssh/id_buildfarm"; system = "powerpc-darwin"; maxJobs = 1; } { hostName = "linux64.example.org"; sshUser = "buildfarm"; sshKey = "/root/.ssh/id_buildfarm"; system = "x86_64-linux"; maxJobs = 2; speedFactor = 2; supportedFeatures = [ "kvm" ]; mandatoryFeatures = [ "perf" ]; } ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.checkConfig
If enabled (the default), checks that Nix can parse the generated nix.conf.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.daemonIONiceLevel
Nix daemon process I/O priority. This priority propagates to build processes. 0 is the default Unix process I/O priority, 7 is the lowest.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.daemonNiceLevel
Nix daemon process priority. This priority propagates to build processes. 0 is the default Unix process priority, 19 is the lowest.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.distributedBuilds
Whether to distribute builds to the machines listed in
nix.buildMachines
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.extraOptions
Additional text appended to nix.conf
.
Type: string
Default:
""
Example:
'' gc-keep-outputs = true gc-keep-derivations = true ''
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.gc.automatic
Automatically run the garbage collector at a specific time.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
|
nix.gc.dates
Specification (in the format described by systemd.time(7)) of the time at which the garbage collector will run.
Type: string
Default:
"03:15"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
|
nix.gc.options
Options given to nix-collect-garbage
when the
garbage collector is run automatically.
Type: string
Default:
""
Example:
"--max-freed \$((64 * 1024**3))"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
|
nix.maxJobs
This option defines the maximum number of jobs that Nix will try to build in parallel. The default is 1. You should generally set it to the total number of logical cores in your system (e.g., 16 for two CPUs with 4 cores each and hyper-threading).
Type: signed integer or one of "auto"
Default:
1
Example:
64
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.nixPath
The default Nix expression search path, used by the Nix
evaluator to look up paths enclosed in angle brackets
(e.g. <nixpkgs>
).
Type: list of strings
Default:
[
"nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos" "nixos-config=/etc/nixos/configuration.nix" "/nix/var/nix/profiles/per-user/root/channels"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.nrBuildUsers
Number of nixbld
user accounts created to
perform secure concurrent builds. If you receive an error
message saying that “all build users are currently in use”,
you should increase this value.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.optimise.automatic
Automatically run the nix store optimiser at a specific time.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-optimise.nix>
|
nix.optimise.dates
Specification (in the format described by systemd.time(7)) of the time at which the optimiser will run.
Type: list of strings
Default:
[
"03:45"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-optimise.nix>
|
nix.readOnlyStore
If set, NixOS will enforce the immutability of the Nix store
by making /nix/store
a read-only bind
mount. Nix will automatically make the store writable when
needed.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.requireSignedBinaryCaches
If enabled (the default), Nix will only download binaries from binary caches if
they are cryptographically signed with any of the keys listed in
nix.binaryCachePublicKeys
. If disabled, signatures are neither
required nor checked, so it's strongly recommended that you use only
trustworthy caches and https to prevent man-in-the-middle attacks.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.sandboxPaths
Directories from the host filesystem to be included in the sandbox.
Type: list of strings
Default:
[
]
Example:
[
"/dev" "/proc"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.sshServe.enable
Whether to enable serving the Nix store as a remote store via SSH.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-ssh-serve.nix>
|
nix.sshServe.keys
A list of SSH public keys allowed to access the binary cache via SSH.
Type: list of strings
Default:
[
]
Example:
[
"ssh-dss AAAAB3NzaC1k... alice@example.org"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-ssh-serve.nix>
|
nix.sshServe.protocol
The specific Nix-over-SSH protocol to use.
Type: one of "ssh", "ssh-ng"
Default:
"ssh"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-ssh-serve.nix>
|
nix.trustedBinaryCaches
List of binary cache URLs that non-root users can use (in
addition to those specified using
nix.binaryCaches
) by passing
--option binary-caches
to Nix commands.
Type: list of strings
Default:
[
]
Example:
[
"http://hydra.nixos.org/"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.trustedUsers
A list of names of users that have additional rights when
connecting to the Nix daemon, such as the ability to specify
additional binary caches, or to import unsigned NARs. You
can also specify groups by prefixing them with
@
; for instance,
@wheel
means all users in the wheel
group.
Type: list of strings
Default:
[
"root"
]
Example:
[
"root" "alice" "@wheel"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.useSandbox
If set, Nix will perform builds in a sandboxed environment that it will set up automatically for each build. This prevents impurities in builds by disallowing access to dependencies outside of the Nix store by using network and mount namespaces in a chroot environment. This is enabled by default even though it has a possible performance impact due to the initial setup time of a sandbox for each build. It doesn't affect derivation hashes, so changing this option will not trigger a rebuild of packages.
Type: boolean or one of "relaxed"
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nixpkgs.config
The configuration of the Nix Packages collection. (For details, see the Nixpkgs documentation.) It allows you to set package configuration options.
Ignored when nixpkgs.pkgs
is set.
Type: nixpkgs config
Default:
{
}
Example:
{ allowBroken = true; allowUnfree = true; }
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
|
nixpkgs.crossSystem
Specifies the platform for which NixOS should be
built. Specify this only if it is different from
nixpkgs.localSystem
, the platform
on which NixOS should be built. In other
words, specify this to cross-compile NixOS. Otherwise it
should be set as null, the default. See its description in the
Nixpkgs manual for more details.
Ignored when nixpkgs.pkgs
is set.
Type: null or attribute set
Default:
(import "${nixos}/../lib").lib.systems.examples.aarch64-multiplatform
Example:
{
config = "aarch64-unknown-linux-gnu"; system = "aarch64-linux";
}
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
|
nixpkgs.localSystem
Specifies the platform on which NixOS should be built. When
nixpkgs.crossSystem
is unset, it also specifies
the platform for which NixOS should be
built. If this option is unset, it defaults to the platform
type of the machine where evaluation happens. Specifying this
option is useful when doing distributed multi-platform
deployment, or when building virtual machines. See its
description in the Nixpkgs manual for more details.
Ignored when nixpkgs.pkgs
is set.
Type: attribute set
Default:
(import "${nixos}/../lib").lib.systems.examples.aarch64-multiplatform
Example:
{
config = "aarch64-unknown-linux-gnu"; system = "aarch64-linux";
}
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
|
nixpkgs.overlays
List of overlays to use with the Nix Packages collection. (For details, see the Nixpkgs documentation.) It allows you to override packages globally. This is a function that takes as an argument the original Nixpkgs. The first argument should be used for finding dependencies, and the second should be used for overriding recipes.
Ignored when nixpkgs.pkgs
is set.
Type: list of nixpkgs overlays
Default:
[
]
Example:
[ (self: super: { openssh = super.openssh.override { hpnSupport = true; kerberos = self.libkrb5; }; }; ) ]
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
|
nixpkgs.pkgs
This is the evaluation of Nixpkgs that will be provided to
all NixOS modules. Defining this option has the effect of
ignoring the other options that would otherwise be used to
evaluate Nixpkgs, because those are arguments to the default
value. The default value imports the Nixpkgs source files
relative to the location of this NixOS module, because
NixOS and Nixpkgs are distributed together for consistency,
so the nixos
in the default value is in fact a
relative path. The config
, overlays
,
localSystem
, and crossSystem
come
from this option's siblings.
This option can be used by applications like NixOps to increase
the performance of evaluation, or to create packages that depend
on a container that should be built with the exact same evaluation
of Nixpkgs, for example. Applications like this should set
their default value using lib.mkDefault
, so
user-provided configuration can override it without using
lib
.
Note that using a distinct version of Nixpkgs with NixOS may be an unexpected source of problems. Use this option with care.
Type: An evaluation of Nixpkgs; the top level attribute set of packages
Default:
import "${nixos}/.." {
inherit (cfg) config overlays localSystem crossSystem;
}
Example:
import <nixpkgs> {}
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
|
nixpkgs.system
Specifies the Nix platform type on which NixOS should be built.
It is better to specify nixpkgs.localSystem
instead.
{ nixpkgs.system = ..; }
is the same as
{ nixpkgs.localSystem.system = ..; }
See nixpkgs.localSystem
for more information.
Ignored when nixpkgs.localSystem
is set.
Ignored when nixpkgs.pkgs
is set.
Type: string
Default:
{
system = "x86_64-linux";
}
Example:
"i686-linux"
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
|
power.ups.enable
Enables support for Power Devices, such as Uninterruptible Power Supplies, Power Distribution Units and Solar Controllers.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.maxStartDelay
This can be set as a global variable above your first UPS definition and it can also be set in a UPS section. This value controls how long upsdrvctl will wait for the driver to finish starting. This keeps your system from getting stuck due to a broken driver or UPS.
Type: signed integer
Default:
45
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.mode
The MODE determines which part of the NUT is to be started, and which configuration files must be modified.
The values of MODE can be:
- none: NUT is not configured, or use the Integrated Power Management, or use some external system to startup NUT components. So nothing is to be started.
- standalone: This mode address a local only configuration, with 1 UPS protecting the local system. This implies to start the 3 NUT layers (driver, upsd and upsmon) and the matching configuration files. This mode can also address UPS redundancy.
- netserver: same as for the standalone configuration, but also need some more ACLs and possibly a specific LISTEN directive in upsd.conf. Since this MODE is opened to the network, a special care should be applied to security concerns.
- netclient: this mode only requires upsmon.
Type: string
Default:
"standalone"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.schedulerRules
File which contains the rules to handle UPS events.
Type: string
Example:
"/etc/nixos/upssched.conf"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.ups
This is where you configure all the UPSes that this system will be monitoring directly. These are usually attached to serial ports, but USB devices are also supported.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.ups.<name>.description
Description of the UPS.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.ups.<name>.directives
List of configuration directives for this UPS.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.ups.<name>.driver
Specify the program to run to talk to this UPS. apcsmart, bestups, and sec are some examples.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.ups.<name>.maxStartDelay
This can be set as a global variable above your first UPS definition and it can also be set in a UPS section. This value controls how long upsdrvctl will wait for the driver to finish starting. This keeps your system from getting stuck due to a broken driver or UPS.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.ups.<name>.port
The serial port to which your UPS is connected. /dev/ttyS0 is usually the first port on Linux boxes, for example.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.ups.<name>.shutdownOrder
When you have multiple UPSes on your system, you usually need to turn them off in a certain order. upsdrvctl shuts down all the 0s, then the 1s, 2s, and so on. To exclude a UPS from the shutdown sequence, set this to -1.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.ups.<name>.summary
Lines which would be added inside ups.conf for handling this UPS.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
powerManagement.enable
Whether to enable power management. This includes support for suspend-to-RAM and powersave features on laptops.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/power-management.nix>
|
powerManagement.cpuFreqGovernor
Configure the governor used to regulate the frequence of the available CPUs. By default, the kernel configures the performance governor.
Type: null or string
Default:
null
Example:
"ondemand"
Declared by:
<nixpkgs/nixos/modules/tasks/cpu-freq.nix>
|
powerManagement.powerDownCommands
Commands executed when the machine powers down. That is, they're executed both when the system shuts down and when it goes to suspend or hibernation.
Type: string
Default:
""
Example:
"${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda"
Declared by:
<nixpkgs/nixos/modules/config/power-management.nix>
|
powerManagement.powerUpCommands
Commands executed when the machine powers up. That is, they're executed both when the system first boots and when it resumes from suspend or hibernation.
Type: string
Default:
""
Example:
"${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda"
Declared by:
<nixpkgs/nixos/modules/config/power-management.nix>
|
powerManagement.powertop.enable
Whether to enable powertop auto tuning on startup.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/tasks/powertop.nix>
|
powerManagement.resumeCommands
Commands executed after the system resumes from suspend-to-RAM.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/power-management.nix>
|
powerManagement.scsiLinkPolicy
SCSI link power management policy. The kernel default is "max_performance".
"med_power_with_dipm" is supported by kernel versions 4.15 and newer.
Type: null or one of "min_power", "max_performance", "medium_power", "med_power_with_dipm"
Default:
null
Declared by:
<nixpkgs/nixos/modules/tasks/scsi-link-power-management.nix>
|
programs.adb.enable
Whether to configure system to use Android Debug Bridge (adb).
To grant access to a user, it must be part of adbusers group:
users.users.alice.extraGroups = ["adbusers"];
Type: boolean
Default:
false
Related packages:
pkgs.androidenv.platformTools (android-platform-tools-r28.0.1)
: ???.
Declared by:
<nixpkgs/nixos/modules/programs/adb.nix>
|
programs.atop.settings
Parameters to be written to /etc/atoprc
.
Type: attribute set
Default:
{
}
Example:
{
flags = "a1f"; interval = 5;
}
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
|
programs.bash.enableCompletion
Enable Bash completion for all interactive bash shells.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
|
programs.bash.interactiveShellInit
Shell script code called during interactive bash shell initialisation.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
|
programs.bash.loginShellInit
Shell script code called during login bash shell initialisation.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
|
programs.bash.promptInit
Shell script code used to initialise the bash prompt.
Type: string
Default:
'' # Provide a nice prompt if the terminal supports it. if [ "$TERM" != "dumb" -o -n "$INSIDE_EMACS" ]; then PROMPT_COLOR="1;31m" let $UID && PROMPT_COLOR="1;32m" PS1="\n\[\033[$PROMPT_COLOR\][\u@\h:\w]\\$\[\033[0m\] " if test "$TERM" = "xterm"; then PS1="\[\033]2;\h:\u:\w\007\]$PS1" fi fi ''
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
|
programs.bash.shellAliases
Set of aliases for bash shell. See environment.shellAliases
for an option format description.
Type: attribute set
Default:
{
l = "ls -alh"; ll = "ls -l"; ls = "ls --color=tty";
}
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
|
programs.bash.shellInit
Shell script code called during bash shell initialisation.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
|
programs.bcc.enable
Whether to enable bcc.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/bcc.nix>
|
programs.browserpass.enable
Whether to enable the NativeMessaging configuration for Chromium, Chrome, and Vivaldi..
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/browserpass.nix>
|
programs.ccache.enable
Whether to enable CCache.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/ccache.nix>
|
programs.ccache.packageNames
Nix top-level packages to be compiled using CCache
Type: list of strings
Default:
[
]
Example:
[
"wxGTK30" "qt48" "ffmpeg_3_3" "libav_all"
]
Declared by:
<nixpkgs/nixos/modules/programs/ccache.nix>
|
programs.ccache.cacheDir
CCache directory
Type: path
Default:
"/var/cache/ccache"
Declared by:
<nixpkgs/nixos/modules/programs/ccache.nix>
|
programs.cdemu.enable
cdemu for members of
programs.cdemu.group
.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/cdemu.nix>
|
programs.cdemu.group
Group that users must be in to use cdemu.
Type: unspecified
Default:
"cdrom"
Declared by:
<nixpkgs/nixos/modules/programs/cdemu.nix>
|
programs.cdemu.gui
Whether to install the cdemu GUI (gCDEmu).
Type: unspecified
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/cdemu.nix>
|
programs.cdemu.image-analyzer
Whether to install the image analyzer.
Type: unspecified
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/cdemu.nix>
|
programs.chromium.enable
Whether to enable chromium policies.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
|
programs.chromium.defaultSearchProviderSearchURL
Chromium default search provider url.
Type: null or string
Default:
null
Example:
"https://encrypted.google.com/search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}"
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
|
programs.chromium.defaultSearchProviderSuggestURL
Chromium default search provider url for suggestions.
Type: null or string
Default:
null
Example:
"https://encrypted.google.com/complete/search?output=chrome&q={searchTerms}"
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
|
programs.chromium.extensions
List of chromium extensions to install. For list of plugins ids see id in url of extensions on chrome web store page.
Type: list of strings
Default:
[
]
Example:
[ "chlffgpmiacpedhhbkiomidkjlcfhogd" # pushbullet "mbniclmhobmnbdlbpiphghaielnnpgdp" # lightshot "gcbommkclmclpchllfjekcdonpmejbdp" # https everywhere "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin ]
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
|
programs.chromium.extraOpts
Extra chromium policy options, see https://www.chromium.org/administrators/policy-list-3 for a list of avalible options
Type: attribute set
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
|
programs.chromium.homepageLocation
Chromium default homepage
Type: null or string
Default:
null
Example:
"https://nixos.org"
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
|
programs.command-not-found.enable
Whether interactive shells should show which Nix package (if any) provides a missing command.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/command-not-found/command-not-found.nix>
|
programs.command-not-found.dbPath
Absolute path to programs.sqlite.
By default this file will be provided by your channel (nixexprs.tar.xz).
Type: path
Default:
"/nix/var/nix/profiles/per-user/root/channels/nixos/programs.sqlite"
Declared by:
<nixpkgs/nixos/modules/programs/command-not-found/command-not-found.nix>
|
programs.criu.enable
Install criu along with necessary kernel options.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/criu.nix>
|
programs.dconf.enable
Whether to enable dconf.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/dconf.nix>
|
programs.digitalbitbox.enable
Installs the Digital Bitbox application and enables the complementary hardware module.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/digitalbitbox/default.nix>
|
programs.digitalbitbox.package
The Digital Bitbox package to use. This can be used to install a package with udev rules that differ from the defaults.
Type: package
Default:
"pkgs.digitalbitbox"
Declared by:
<nixpkgs/nixos/modules/programs/digitalbitbox/default.nix>
|
programs.firejail.enable
Whether to enable firejail.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/firejail.nix>
|
programs.firejail.wrappedBinaries
Wrap the binaries in firejail and place them in the global path.
You will get file collisions if you put the actual application binary in the global environment and applications started via .desktop files are not wrapped if they specify the absolute path to the binary.
Type: attribute set
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/programs/firejail.nix>
|
programs.fish.enable
Whether to configure fish as an interactive shell.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.interactiveShellInit
Shell script code called during interactive fish shell initialisation.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.loginShellInit
Shell script code called during fish login shell initialisation.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.promptInit
Shell script code used to initialise fish prompt.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.shellAliases
Set of aliases for fish shell. See environment.shellAliases
for an option format description.
Type: attribute set
Default:
{
l = "ls -alh"; ll = "ls -l"; ls = "ls --color=tty";
}
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.shellInit
Shell script code called during fish shell initialisation.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.vendor.completions.enable
Whether fish should use completion files provided by other packages.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.vendor.config.enable
Whether fish should source configuration snippets provided by other packages.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.vendor.functions.enable
Whether fish should autoload fish functions provided by other packages.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.gnupg.agent.enable
Enables GnuPG agent with socket-activation for every user session.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
|
programs.gnupg.agent.enableBrowserSocket
Enable browser socket for GnuPG agent.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
|
programs.gnupg.agent.enableExtraSocket
Enable extra socket for GnuPG agent.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
|
programs.gnupg.agent.enableSSHSupport
Enable SSH agent support in GnuPG agent. Also sets SSH_AUTH_SOCK environment variable correctly. This will disable socket-activation and thus always start a GnuPG agent per user session.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
|
programs.gnupg.dirmngr.enable
Enables GnuPG network certificate management daemon with socket-activation for every user session.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
|
programs.gphoto2.enable
Whether to configure system to use gphoto2.
To grant digital camera access to a user, the user must
be part of the camera group:
users.users.alice.extraGroups = ["camera"];
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/gphoto2.nix>
|
programs.iftop.enable
Whether to enable iftop + setcap wrapper.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/iftop.nix>
|
programs.java.enable
Install and setup the Java development kit.
This adds JAVA_HOME to the global environment, by sourcing the jdk's setup-hook on shell init. It is equivalent to starting a shell through 'nix-shell -p jdk', or roughly the following system-wide configuration:
environment.variables.JAVA_HOME = ${pkgs.jdk.home}/lib/openjdk; environment.systemPackages = [ pkgs.jdk ];
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/java.nix>
|
programs.java.package
Java package to install. Typical values are pkgs.jdk or pkgs.jre.
Type: package
Default:
"pkgs.jdk"
Declared by:
<nixpkgs/nixos/modules/programs/java.nix>
|
programs.kbdlight.enable
Whether to enable kbdlight.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/kbdlight.nix>
|
programs.less.enable
Whether to enable less.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.less.clearDefaultCommands
Clear all default commands. You should remember to set the quit key. Otherwise you will not be able to leave less without killing it.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.less.commands
Defines new command keys.
Type: attribute set of strings
Default:
{
}
Example:
{
h = "noaction 5e("; l = "noaction 5e)";
}
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.less.configFile
Path to lesskey configuration file.
configFile
takes precedence over commands
,
clearDefaultCommands
, lineEditingKeys
, and
envVariables
.
Type: null or path
Default:
null
Example:
$${pkgs.my-configs}/lesskey
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.less.envVariables
Defines environment variables.
Type: attribute set of strings
Default:
{
}
Example:
{
LESS = "--quit-if-one-screen";
}
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.less.lessclose
When less closes a file opened in such a way, it will call another program, called the input postprocessor, which may perform any desired clean-up action (such as deleting the replacement file created by LESSOPEN).
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.less.lessopen
Before less opens a file, it first gives your input preprocessor a chance to modify the way the contents of the file are displayed.
Type: null or string
Default:
"|\${pkgs.lesspipe}/bin/lesspipe.sh %s"
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.less.lineEditingKeys
Defines new line-editing keys.
Type: attribute set of strings
Default:
{
}
Example:
{
e = "abort";
}
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.light.enable
Whether to install Light backlight control command and udev rules granting access to members of the "video" group.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/light.nix>
|
programs.mosh.enable
Whether to enable mosh. Note, this will open ports in your firewall!
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/mosh.nix>
|
programs.mosh.withUtempter
Whether to enable libutempter for mosh. This is required so that mosh can write to /var/run/utmp (which can be queried with `who` to display currently connected user sessions). Note, this will add a guid wrapper for the group utmp!
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/mosh.nix>
|
programs.mtr.enable
Whether to add mtr to the global environment and configure a setcap wrapper for it.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/mtr.nix>
|
programs.nano.nanorc
The system-wide nano configuration. See nanorc(5).
Type: string
Default:
""
Example:
'' set nowrap set tabstospaces set tabsize 2 ''
Declared by:
<nixpkgs/nixos/modules/programs/nano.nix>
|
programs.nano.syntaxHighlight
Whether to enable syntax highlight for various languages.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/nano.nix>
|
programs.npm.enable
Whether to enable npm global config.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/npm.nix>
|
programs.npm.npmrc
The system-wide npm configuration. See https://docs.npmjs.com/misc/config.
Type: string
Default:
'' prefix = ''${HOME}/.npm ''
Example:
'' prefix = ''${HOME}/.npm https-proxy=proxy.example.com init-license=MIT init-author-url=http://npmjs.org color=true ''
Declared by:
<nixpkgs/nixos/modules/programs/npm.nix>
|
programs.oblogout.enable
Whether to install OBLogout and create /etc/oblogout.conf
.
See ${pkgs.oblogout}/share/doc/README
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/oblogout.nix>
|
programs.oblogout.bgcolor
Colour name or hex code (#ffffff) of the background color.
Type: string
Default:
"black"
Declared by:
<nixpkgs/nixos/modules/programs/oblogout.nix>
|
programs.oblogout.buttons
List and order of buttons to show.
Type: string
Default:
"cancel, logout, restart, shutdown, suspend, hibernate"
Declared by:
<nixpkgs/nixos/modules/programs/oblogout.nix>
|
programs.oblogout.buttontheme
Icon theme for the buttons, must be in the themes folder of
the package, or in
~/.themes/<name>/oblogout/
.
Type: string
Default:
"simplistic"
Declared by:
<nixpkgs/nixos/modules/programs/oblogout.nix>
|
programs.oblogout.cancel
Cancel logout/shutdown shortcut.
Type: string
Default:
"Escape"
Declared by:
<nixpkgs/nixos/modules/programs/oblogout.nix>
|
programs.oblogout.clock
Command to lock screen.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/oblogout.nix>
|
programs.oblogout.clogout
Command to logout.
Type: string
Default:
"openbox --exit"
Declared by:
<nixpkgs/nixos/modules/programs/oblogout.nix>
|
programs.oblogout.cswitchuser
Command to switch user.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/oblogout.nix>
|
programs.oblogout.hibernate
Hibernate shortcut.
Type: string
Default:
"H"
Declared by:
<nixpkgs/nixos/modules/programs/oblogout.nix>
|
programs.oblogout.lock
Lock session shortcut.
Type: string
Default:
"K"
Declared by:
<nixpkgs/nixos/modules/programs/oblogout.nix>
|
programs.oblogout.logout
Logout shortcut.
Type: string
Default:
"L"
Declared by:
<nixpkgs/nixos/modules/programs/oblogout.nix>
|
programs.oblogout.opacity
Opacity percentage of Cairo rendered backgrounds.
Type: signed integer
Default:
70
Declared by:
<nixpkgs/nixos/modules/programs/oblogout.nix>
|
programs.oblogout.restart
Restart shortcut.
Type: string
Default:
"R"
Declared by:
<nixpkgs/nixos/modules/programs/oblogout.nix>
|
programs.oblogout.shutdown
Shutdown shortcut.
Type: string
Default:
"S"
Declared by:
<nixpkgs/nixos/modules/programs/oblogout.nix>
|
programs.oblogout.suspend
Suspend shortcut.
Type: string
Default:
"U"
Declared by:
<nixpkgs/nixos/modules/programs/oblogout.nix>
|
programs.plotinus.enable
Whether to enable the Plotinus GTK+3 plugin. Plotinus provides a popup (triggered by Ctrl-Shift-P) to search the menus of a compatible application.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/plotinus.nix>
|
programs.qt5ct.enable
Whether to enable the Qt5 Configuration Tool (qt5ct), a program that allows users to configure Qt5 settings (theme, font, icons, etc.) under desktop environments or window manager without Qt integration.
Official home page: https://sourceforge.net/projects/qt5ct/
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/qt5ct.nix>
|
programs.rootston.enable
Whether to enable rootston, the reference compositor for wlroots. The purpose of rootston is to test and demonstrate the features of wlroots (if you want a real Wayland compositor you should e.g. use Sway instead). You can manually start the compositor by running "rootston" from a terminal.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/rootston.nix>
|
programs.rootston.config
Default configuration for rootston (used when called without any parameters).
Type: string
Default:
'' [keyboard] meta-key = Logo # Sway/i3 like Keybindings # Maps key combinations with commands to execute # Commands include: # - "exit" to stop the compositor # - "exec" to execute a shell command # - "close" to close the current view # - "next_window" to cycle through windows [bindings] Logo+Shift+e = exit Logo+q = close Logo+m = maximize Alt+Tab = next_window Logo+Return = exec weston-terminal Logo+d = exec rofi -show run ''
Declared by:
<nixpkgs/nixos/modules/programs/rootston.nix>
|
programs.rootston.configFile
Path to the default rootston configuration file (the "config" option will have no effect if you change the path).
Type: path
Default:
"/etc/rootston.ini"
Example:
${pkgs.rootston}/etc/rootston.ini
Declared by:
<nixpkgs/nixos/modules/programs/rootston.nix>
|
programs.rootston.extraPackages
Extra packages to be installed system wide.
Type: list of packages
Default:
with pkgs; [
westonLite xwayland rofi
]
Example:
[ ]
Declared by:
<nixpkgs/nixos/modules/programs/rootston.nix>
|
programs.rootston.extraSessionCommands
Shell commands executed just before rootston is started.
Type: string
Default:
""
Example:
'' # Define a keymap (US QWERTY is the default) export XKB_DEFAULT_LAYOUT=de,us export XKB_DEFAULT_VARIANT=nodeadkeys export XKB_DEFAULT_OPTIONS=grp:alt_shift_toggle,caps:escape ''
Declared by:
<nixpkgs/nixos/modules/programs/rootston.nix>
|
programs.screen.screenrc
The contents of /etc/screenrc file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/screen.nix>
|
programs.sedutil.enable
Whether to enable sedutil.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/sedutil.nix>
|
programs.singularity.enable
Whether to enable Singularity.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/singularity.nix>
|
programs.slock.enable
Whether to install slock screen locker with setuid wrapper.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/slock.nix>
|
programs.spacefm.enable
Whether to install SpaceFM and create /etc/spacefm/spacefm.conf
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/spacefm.nix>
|
programs.spacefm.settings
The system-wide spacefm configuration.
Parameters to be written to /etc/spacefm/spacefm.conf
.
Refer to the relevant entry in the SpaceFM manual.
Type: attribute set
Default:
{
graphical_su = "\${pkgs.gksu}/bin/gksu"; terminal_su = "\${pkgs.sudo}/bin/sudo"; tmp_dir = "/tmp";
}
Example:
{ tmp_dir = "/tmp"; terminal_su = "${pkgs.sudo}/bin/sudo"; graphical_su = "${pkgs.gksu}/bin/gksu"; }
Declared by:
<nixpkgs/nixos/modules/programs/spacefm.nix>
|
programs.ssh.package
The package used for the openssh client and daemon.
Type: package
Default:
"pkgs.openssh"
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.agentTimeout
How long to keep the private keys in memory. Use null to keep them forever.
Type: null or string
Default:
null
Example:
"1h"
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.askPassword
Program used by SSH to ask for passwords.
Type: string
Default:
"\${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass"
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.extraConfig
Extra configuration text appended to ssh_config
.
See ssh_config(5)
for help.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.forwardX11
Whether to request X11 forwarding on outgoing connections by default. This is useful for running graphical programs on the remote machine and have them display to your local X11 server. Historically, this value has depended on the value used by the local sshd daemon, but there really isn't a relation between the two. Note: there are some security risks to forwarding an X11 connection. NixOS's X server is built with the SECURITY extension, which prevents some obvious attacks. To enable or disable forwarding on a per-connection basis, see the -X and -x options to ssh. The -Y option to ssh enables trusted forwarding, which bypasses the SECURITY extension.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.hostKeyAlgorithms
Specifies the host key algorithms that the client wants to use in order of preference.
Type: list of strings
Default:
[
"+ssh-dss"
]
Example:
[
"ssh-ed25519" "ssh-rsa"
]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.knownHosts
The set of system-wide known SSH hosts.
Type: list or attribute set of submodules
Default:
{
}
Example:
[ { hostNames = [ "myhost" "myhost.mydomain.com" "10.10.1.4" ]; publicKeyFile = ./pubkeys/myhost_ssh_host_dsa_key.pub; } { hostNames = [ "myhost2" ]; publicKeyFile = ./pubkeys/myhost2_ssh_host_dsa_key.pub; } ]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.knownHosts.<name?>.hostNames
A list of host names and/or IP numbers used for accessing the host's ssh service.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.knownHosts.<name?>.publicKey
The public key data for the host. You can fetch a public key from a running SSH server with the ssh-keyscan command. The public key should not include any host names, only the key type and the key itself.
Type: null or string
Default:
null
Example:
"ecdsa-sha2-nistp521 AAAAE2VjZHN...UEPg=="
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.knownHosts.<name?>.publicKeyFile
The path to the public key file for the host. The public
key file is read at build time and saved in the Nix store.
You can fetch a public key file from a running SSH server
with the ssh-keyscan command. The content
of the file should follow the same format as described for
the publicKey
option.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.pubkeyAcceptedKeyTypes
Specifies the key types that will be used for public key authentication.
Type: list of strings
Default:
[
"+ssh-dss"
]
Example:
[
"ssh-ed25519" "ssh-rsa"
]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.setXAuthLocation
Whether to set the path to xauth for X11-forwarded connections. This causes a dependency on X11 packages.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.startAgent
Whether to start the OpenSSH agent when you log in. The OpenSSH agent remembers private keys for you so that you don't have to type in passphrases every time you make an SSH connection. Use ssh-add to add a key to the agent.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.sway.enable
Whether to enable the tiling Wayland compositor Sway. After adding yourself to the "sway" group you can manually launch Sway by executing "sway" from a terminal. If you call "sway" with any parameters the extraSessionCommands won't be executed and Sway won't be launched with dbus-launch.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/sway.nix>
|
programs.sway.extraPackages
Extra packages to be installed system wide.
Type: list of packages
Default:
with pkgs; [ i3status xwayland rxvt_unicode dmenu ];
Example:
with pkgs; [ i3lock light termite ]
Declared by:
<nixpkgs/nixos/modules/programs/sway.nix>
|
programs.sway.extraSessionCommands
Shell commands executed just before Sway is started.
Type: string
Default:
""
Example:
'' # Define a keymap (US QWERTY is the default) export XKB_DEFAULT_LAYOUT=de,us export XKB_DEFAULT_VARIANT=nodeadkeys export XKB_DEFAULT_OPTIONS=grp:alt_shift_toggle,caps:escape # Change the Keyboard repeat delay and rate export WLC_REPEAT_DELAY=660 export WLC_REPEAT_RATE=25 ''
Declared by:
<nixpkgs/nixos/modules/programs/sway.nix>
|
programs.sysdig.enable
Whether to enable sysdig.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/sysdig.nix>
|
programs.systemtap.enable
Install systemtap along with necessary kernel options.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/systemtap.nix>
|
programs.thefuck.enable
Whether to enable thefuck.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/thefuck.nix>
|
programs.thefuck.alias
`thefuck` needs an alias to be configured. The default value is `fuck`, but you can use anything else as well.
Type: string
Default:
"fuck"
Declared by:
<nixpkgs/nixos/modules/programs/thefuck.nix>
|
programs.tmux.enable
Whenever to configure tmux system-wide.
Type: boolean
Default:
false
Related packages:
pkgs.tmux (tmux-2.7)
: Terminal multiplexer.
tmux is intended to be a modern, BSD-licensed alternative to programs such as GNU screen. Major features include: * A powerful, consistent, well-documented and easily scriptable command interface. * A window may be split horizontally and vertically into panes. * Panes can be freely moved and resized, or arranged into preset layouts. * Support for UTF-8 and 256-colour terminals. * Copy and paste with multiple buffers. * Interactive menus to select windows, sessions or clients. * Change the current window by searching for text in the target. * Terminal locking, manually or after a timeout. * A clean, easily extended, BSD-licensed codebase, under active development.
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.aggressiveResize
Resize the window to the size of the smallest session for which it is the current window.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.baseIndex
Base index for windows and panes.
Type: signed integer
Default:
0
Example:
1
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.clock24
Use 24 hour clock.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.customPaneNavigationAndResize
Override the hjkl and HJKL bindings for pane navigation and resizing in VI mode.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.escapeTime
Time in milliseconds for which tmux waits after an escape is input.
Type: signed integer
Default:
500
Example:
0
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.extraTmuxConf
Additional contents of /etc/tmux.conf
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.historyLimit
Maximum number of lines held in window history.
Type: signed integer
Default:
2000
Example:
5000
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.keyMode
VI or Emacs style shortcuts.
Type: one of "emacs", "vi"
Default:
"emacs"
Example:
"vi"
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.newSession
Automatically spawn a session if trying to attach and none are running.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.resizeAmount
Number of lines/columns when resizing.
Type: signed integer
Default:
5
Example:
10
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.reverseSplit
Reverse the window split shortcuts.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.secureSocket
Store tmux socket under /run, which is more secure than /tmp, but as a downside it doesn't survive user logout.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.shortcut
Ctrl following by this key is used as the main shortcut.
Type: string
Default:
"b"
Example:
"a"
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.terminal
Set the $TERM variable.
Type: string
Default:
"screen"
Example:
"screen-256color"
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.udevil.enable
Whether to enable udevil.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/udevil.nix>
|
programs.vim.defaultEditor
When enabled, installs vim and configures vim to be the default editor using the EDITOR environment variable.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/vim.nix>
|
programs.way-cooler.enable
Whether to enable way-cooler.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/way-cooler.nix>
|
programs.way-cooler.enableBar
Whether to enable an unofficial bar.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/way-cooler.nix>
|
programs.way-cooler.extraPackages
Extra packages to be installed system wide.
Type: list of packages
Default:
[
(build of weston-5.0.0)
(build of xwayland-1.19.6)
(build of dmenu-4.8)
]
Example:
with pkgs; [ westonLite xwayland dmenu ]
Declared by:
<nixpkgs/nixos/modules/programs/way-cooler.nix>
|
programs.way-cooler.extraSessionCommands
Shell commands executed just before way-cooler is started.
Type: string
Default:
""
Example:
'' export XKB_DEFAULT_LAYOUT=us,de export XKB_DEFAULT_VARIANT=,nodeadkeys export XKB_DEFAULT_OPTIONS=grp:caps_toggle, ''
Declared by:
<nixpkgs/nixos/modules/programs/way-cooler.nix>
|
programs.wireshark.enable
Whether to add Wireshark to the global environment and configure a setcap wrapper for 'dumpcap' for users in the 'wireshark' group.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/wireshark.nix>
|
programs.wireshark.package
Which Wireshark package to install in the global environment.
Type: package
Default:
"pkgs.wireshark-cli"
Declared by:
<nixpkgs/nixos/modules/programs/wireshark.nix>
|
programs.xfs_quota.projects
Setup of xfs_quota projects. Make sure the filesystem is mounted with the pquota option.
Type: attribute set of submodules
Default:
{
}
Example:
{
projname =
{
id = 50; path = "/xfsprojects/projname"; sizeHardLimit = "50g";
}
;
}
Declared by:
<nixpkgs/nixos/modules/programs/xfs_quota.nix>
|
programs.xfs_quota.projects.<name>.fileSystem
XFS filesystem hosting the xfs_quota project.
Type: string
Default:
"/"
Declared by:
<nixpkgs/nixos/modules/programs/xfs_quota.nix>
|
programs.xfs_quota.projects.<name>.id
Project ID.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/programs/xfs_quota.nix>
|
programs.xfs_quota.projects.<name>.path
Project directory.
Type: string
Declared by:
<nixpkgs/nixos/modules/programs/xfs_quota.nix>
|
programs.xfs_quota.projects.<name>.sizeHardLimit
Hard limit of the project size.
Type: null or string
Default:
null
Example:
"50g"
Declared by:
<nixpkgs/nixos/modules/programs/xfs_quota.nix>
|
programs.xfs_quota.projects.<name>.sizeSoftLimit
Soft limit of the project size
Type: null or string
Default:
null
Example:
"30g"
Declared by:
<nixpkgs/nixos/modules/programs/xfs_quota.nix>
|
programs.xonsh.enable
Whether to configure xonsh as an interactive shell.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/xonsh.nix>
|
programs.xonsh.package
xonsh package to use.
Type: package
Example:
pkgs.xonsh.override { configFile = "/path/to/xonshrc"; }
Declared by:
<nixpkgs/nixos/modules/programs/xonsh.nix>
|
programs.xonsh.config
Control file to customize your shell behavior.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/xonsh.nix>
|
programs.xss-lock.enable
Whether to enable xss-lock.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/xss-lock.nix>
|
programs.xss-lock.lockerCommand
Locker to be used with xsslock
Type: string
Example:
"xlock"
Declared by:
<nixpkgs/nixos/modules/programs/xss-lock.nix>
|
programs.yabar.enable
Whether to enable yabar.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.package
The package which contains the `yabar` binary.
Nixpkgs provides the `yabar` and `yabar-unstable` derivations since 18.03, so it's possible to choose.
Type: package
Default:
(build of yabar-unstable-2018-01-18)
Example:
pkgs.yabar
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.bars
List of bars that should be rendered by yabar.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.bars.<name>.extra
An attribute set which contains further attributes of a bar.
Type: attribute set of strings
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.bars.<name>.font
The font that will be used to draw the status bar.
Type: string
Default:
"sans bold 9"
Example:
"Droid Sans, FontAwesome Bold 9"
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.bars.<name>.indicators
Indicators that should be rendered by yabar.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.bars.<name>.indicators.<name>.align
Whether to align the indicator at the left or right of the bar.
Type: one of "left", "center", "right"
Default:
"left"
Example:
"right"
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.bars.<name>.indicators.<name>.exec
The type of the indicator to be executed.
Type: string
Example:
"YABAR_DATE"
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.bars.<name>.indicators.<name>.extra
An attribute set which contains further attributes of a indicator.
Type: attribute set of string or signed integers
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.bars.<name>.position
The position where the bar will be rendered.
Type: one of "top", "bottom"
Default:
"top"
Example:
"bottom"
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.zsh.enable
Whether to configure zsh as an interactive shell. To enable zsh for
a particular user, use the users.users.<name?>.shell
option for that user. To enable zsh system-wide use the
users.defaultUserShell
option.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.enableCompletion
Enable zsh completion for all interactive zsh shells.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.enableGlobalCompInit
Enable execution of compinit call for all interactive zsh shells.
This option can be disabled if the user wants to extend its
fpath
and a custom compinit
call in the local config is required.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.autosuggestions.enable
Whether to enable zsh-autosuggestions.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix>
|
programs.zsh.autosuggestions.extraConfig
Attribute set with additional configuration values
Type: attribute set of strings
Default:
{
}
Example:
{ "ZSH_AUTOSUGGEST_BUFFER_MAX_SIZE" = "20"; }
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix>
|
programs.zsh.autosuggestions.highlightStyle
Highlight style for suggestions ({fore,back}ground color)
Type: string
Default:
"fg=8"
Example:
"fg=cyan"
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix>
|
programs.zsh.autosuggestions.strategy
Set ZSH_AUTOSUGGEST_STRATEGY to choose the strategy for generating suggestions. There are currently two to choose from:
* default: Chooses the most recent match. * match_prev_cmd: Chooses the most recent match whose preceding history item matches the most recently executed command (more info). Note that this strategy won't work as expected with ZSH options that don't preserve the history order such as HIST_IGNORE_ALL_DUPS or HIST_EXPIRE_DUPS_FIRST.
Type: one of "default", "match_prev_cmd"
Default:
"default"
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix>
|
programs.zsh.interactiveShellInit
Shell script code called during interactive zsh shell initialisation.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.loginShellInit
Shell script code called during zsh login shell initialisation.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.ohMyZsh.enable
Enable oh-my-zsh.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
|
programs.zsh.ohMyZsh.package
Package to install for `oh-my-zsh` usage.
Type: package
Default:
"pkgs.oh-my-zsh"
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
|
programs.zsh.ohMyZsh.cacheDir
Cache directory to be used by `oh-my-zsh`. Without this option it would default to the read-only nix store.
Type: string
Default:
"\$HOME/.cache/oh-my-zsh"
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
|
programs.zsh.ohMyZsh.custom
Path to a custom oh-my-zsh package to override config of oh-my-zsh. (Can't be used along with `customPkgs`).
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
|
programs.zsh.ohMyZsh.customPkgs
List of custom packages that should be loaded into `oh-my-zsh`.
Type: list of packages
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
|
programs.zsh.ohMyZsh.plugins
List of oh-my-zsh plugins
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
|
programs.zsh.ohMyZsh.theme
Name of the theme to be used by oh-my-zsh.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
|
programs.zsh.promptInit
Shell script code used to initialise the zsh prompt.
Type: string
Default:
'' if [ "$TERM" != dumb ]; then autoload -U promptinit && promptinit && prompt walters fi ''
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.shellAliases
Set of aliases for zsh shell. Overrides the default value taken from
environment.shellAliases
.
See environment.shellAliases
for an option format description.
Type: attribute set
Default:
{
l = "ls -alh"; ll = "ls -l"; ls = "ls --color=tty";
}
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.shellInit
Shell script code called during zsh shell initialisation.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.syntaxHighlighting.enable
Whether to enable zsh-syntax-highlighting.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix>
|
programs.zsh.syntaxHighlighting.highlighters
Specifies the highlighters to be used by zsh-syntax-highlighting.
The following defined options can be found here: https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters.md
Type: list of one of "main", "brackets", "pattern", "cursor", "root", "line"s
Default:
[
"main"
]
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix>
|
programs.zsh.syntaxHighlighting.patterns
Specifies custom patterns to be highlighted by zsh-syntax-highlighting.
Please refer to the docs for more information about the usage: https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters/pattern.md
Type: attribute set of strings
Default:
{
}
Example:
{ "rm -rf *" = "fg=white,bold,bg=red"; }
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix>
|
programs.zsh.zsh-autoenv.enable
Whether to enable zsh-autoenv.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autoenv.nix>
|
programs.zsh.zsh-autoenv.package
Package to install for `zsh-autoenv` usage.
Type: package
Default:
"pkgs.zsh-autoenv"
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autoenv.nix>
|
security.acme.certs
Attribute set of certificates to get signed and renewed.
Type: attribute set of submodules
Default:
{
}
Example:
{ "example.com" = { webroot = "/var/www/challenges/"; email = "foo@example.com"; extraDomains = { "www.example.com" = null; "foo.example.com" = "/var/www/foo/"; }; }; "bar.example.com" = { webroot = "/var/www/challenges/"; email = "bar@example.com"; }; }
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
|
security.acme.certs.<name>.activationDelay
Systemd time span expression to delay copying new certificates to main state directory. See systemd.time(7).
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
|
security.acme.certs.<name>.allowKeysForGroup
Give read permissions to the specified group
(security.acme.cert.<name>.group
) to read SSL private certificates.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
|
security.acme.certs.<name>.domain
Domain to fetch certificate for (defaults to the entry name)
Type: string
Default:
"‹name›"
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
|
security.acme.certs.<name>.email
Contact email address for the CA to be able to reach you.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
|
security.acme.certs.<name>.extraDomains
A list of extra domain names, which are included in the one certificate to be issued, with their own server roots if needed.
Type: attribute set of null or strings
Default:
{
}
Example:
{ "example.org" = "/srv/http/nginx"; "mydomain.org" = null; }
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
|
security.acme.certs.<name>.group
Group running the ACME client.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
|
security.acme.certs.<name>.plugins
Plugins to enable. With default settings simp_le will
store public certificate bundle in fullchain.pem
,
private key in key.pem
and those two previous
files combined in full.pem
in its state directory.
Type: list of one of "cert.der", "cert.pem", "chain.pem", "external.sh", "fullchain.pem", "full.pem", "key.der", "key.pem", "account_key.json"s
Default:
[
"fullchain.pem" "full.pem" "key.pem" "account_key.json"
]
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
|
security.acme.certs.<name>.postRun
Commands to run after new certificates go live. Typically the web server and other servers using certificates need to be reloaded.
Executed in the same directory with the new certificate.
Type: string
Default:
""
Example:
"systemctl reload nginx.service"
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
|
security.acme.certs.<name>.preDelay
Commands to run after certificates are re-issued but before they are activated. Typically the new certificate is published to DNS.
Executed in the same directory with the new certificate.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
|
security.acme.certs.<name>.user
User running the ACME client.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
|
security.acme.certs.<name>.webroot
Where the webroot of the HTTP vhost is located.
.well-known/acme-challenge/
directory
will be created below the webroot if it doesn't exist.
http://example.org/.well-known/acme-challenge/
must also
be available (notice unencrypted HTTP).
Type: string
Example:
"/var/lib/acme/acme-challenges"
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
|
security.acme.directory
Directory where certs and other state will be stored by default.
Type: string
Default:
"/var/lib/acme"
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
|
security.acme.preliminarySelfsigned
Whether a preliminary self-signed certificate should be generated before doing ACME requests. This can be useful when certificates are required in a webserver, but ACME needs the webserver to make its requests.
With preliminary self-signed certificate the webserver can be started and can later reload the correct ACME certificates.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
|
security.acme.production
If set to true, use Let's Encrypt's production environment instead of the staging environment. The main benefit of the staging environment is to get much higher rate limits.
See
https://letsencrypt.org/docs/staging-environment
for more detail.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
|
security.acme.renewInterval
Systemd calendar expression when to check for renewal. See systemd.time(7).
Type: string
Default:
"weekly"
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
|
security.acme.validMin
Minimum remaining validity before renewal in seconds.
Type: signed integer
Default:
2592000
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
|
security.apparmor.enable
Enable the AppArmor Mandatory Access Control system.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
|
security.apparmor.packages
List of packages to be added to apparmor's include path
Type: list of packages
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
|
security.apparmor.confineSUIDApplications
Install AppArmor profiles for commonly-used SUID application to mitigate potential privilege escalation attacks due to bugs in such applications.
Currently available profiles: ping
Type: unspecified
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/apparmor-suid.nix>
|
security.apparmor.profiles
List of files containing AppArmor profiles.
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
|
security.audit.enable
Whether to enable the Linux audit system. The special `lock' value can be used to enable auditing and prevent disabling it until a restart. Be careful about locking this, as it will prevent you from changing your audit configuration until you restart. If possible, test your configuration using build-vm beforehand.
Type: one of <bool>, <bool>, "lock"
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/audit.nix>
|
security.audit.backlogLimit
The maximum number of outstanding audit buffers allowed; exceeding this is considered a failure and handled in a manner specified by failureMode.
Type: signed integer
Default:
64
Declared by:
<nixpkgs/nixos/modules/security/audit.nix>
|
security.audit.failureMode
How to handle critical errors in the auditing system
Type: one of "silent", "printk", "panic"
Default:
"printk"
Declared by:
<nixpkgs/nixos/modules/security/audit.nix>
|
security.audit.rateLimit
The maximum messages per second permitted before triggering a failure as specified by failureMode. Setting it to zero disables the limit.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/security/audit.nix>
|
security.audit.rules
The ordered audit rules, with each string appearing as one line of the audit.rules file.
Type: list of strings
Default:
[
]
Example:
[
"-a exit,always -F arch=b64 -S execve"
]
Declared by:
<nixpkgs/nixos/modules/security/audit.nix>
|
security.auditd.enable
Whether to enable the Linux Audit daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/auditd.nix>
|
security.chromiumSuidSandbox.enable
Whether to install the Chromium SUID sandbox which is an executable that Chromium may use in order to achieve sandboxing.
If you get the error "The SUID sandbox helper binary was found, but is not configured correctly.", turning this on might help.
Also, if the URL chrome://sandbox tells you that "You are not adequately sandboxed!", turning this on might resolve the issue.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/chromium-suid-sandbox.nix>
|
security.dhparams.enable
Whether to generate new DH params and clean up old DH params.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
|
security.dhparams.defaultBitSize
This allows to override the default bit size for all of the
Diffie-Hellman parameters set in
security.dhparams.params
.
Type: integer of at least 16 bits
Default:
2048
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
|
security.dhparams.params
Diffie-Hellman parameters to generate.
The value is the size (in bits) of the DH params to generate. The
generated DH params path can be found in
config.security.dhparams.params.
.name
.path
The name of the DH params is taken as being the name of the service it serves and the params will be generated before the said service is started.
If you are removing all dhparams from this list, you
have to leave security.dhparams.enable
for at
least one activation in order to have them be cleaned up. This also
means if you rollback to a version without any dhparams the
existing ones won't be cleaned up. Of course this only applies if
security.dhparams.stateful
is
true
.
It's recommended
to not set a specific bit size here, so that users can easily
override this by setting
security.dhparams.defaultBitSize
.
Type: attribute set of submodule or signed integer convertible to its
Default:
{
}
Example:
{ nginx.bits = 3072; }
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
|
security.dhparams.params.<name>.bits
The bit size for the prime that is used during a Diffie-Hellman key exchange.
Type: integer of at least 16 bits
Default:
2048
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
|
security.dhparams.params.<name>.path
The resulting path of the generated Diffie-Hellman parameters
file for other services to reference. This could be either a
store path or a file inside the directory specified by
security.dhparams.path
.
Type: path (read only)
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
|
security.dhparams.path
Path to the directory in which Diffie-Hellman parameters will be
stored. This only is relevant if
security.dhparams.stateful
is
true
.
Type: string
Default:
"/var/lib/dhparams"
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
|
security.dhparams.stateful
Whether generation of Diffie-Hellman parameters should be stateful or
not. If this is enabled, PEM-encoded files for Diffie-Hellman
parameters are placed in the directory specified by
security.dhparams.path
. Otherwise the files are
created within the Nix store.
If this is false
the resulting store
path will be non-deterministic and will be rebuilt every time the
openssl package changes.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
|
security.duosec.acceptEnvFactor
Look for factor selection or passcode in the
$DUO_PASSCODE
environment variable before
prompting the user for input.
When $DUO_PASSCODE is non-empty, it will override autopush. The SSH client will need SendEnv DUO_PASSCODE in its configuration, and the SSH server will similarly need AcceptEnv DUO_PASSCODE.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.allowTcpForwarding
By default, when SSH forwarding, enabling Duo Security will disable TCP forwarding. By enabling this, you potentially undermine some of the SSH based login security. Note this is not needed if you use PAM.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.autopush
If true
, Duo Unix will automatically send
a push login request to the user’s phone, falling back on a
phone call if push is unavailable. If
false
, the user will be prompted to
choose an authentication method. When configured with
autopush = yes
, we recommend setting
prompts = 1
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.failmode
On service or configuration errors that prevent Duo authentication, fail "safe" (allow access) or "secure" (deny access). The default is "safe".
Type: one of "safe", "enum"
Default:
"safe"
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.fallbackLocalIP
Duo Unix reports the IP address of the authorizing user, for
the purposes of authorization and whitelisting. If Duo Unix
cannot detect the IP address of the client, setting
fallbackLocalIP = yes
will cause Duo Unix
to send the IP address of the server it is running on.
If you are using IP whitelisting, enabling this option could cause unauthorized logins if the local IP is listed in the whitelist.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.group
Use Duo authentication for users only in this group.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.host
Duo API hostname.
Type: string
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.ikey
Integration key.
Type: string
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.motd
Print the contents of /etc/motd
to screen
after a successful login.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.pam.enable
If enabled, protect logins with Duo Security using PAM support.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.prompts
If a user fails to authenticate with a second factor, Duo Unix will prompt the user to authenticate again. This option sets the maximum number of prompts that Duo Unix will display before denying access. Must be 1, 2, or 3. Default is 3.
For example, when prompts = 1
, the user
will have to successfully authenticate on the first prompt,
whereas if prompts = 2
, if the user
enters incorrect information at the initial prompt, he/she
will be prompted to authenticate again.
When configured with autopush = true
, we
recommend setting prompts = 1
.
Type: one of 1, 2, 3
Default:
3
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.pushinfo
Include information such as the command to be executed in the Duo Push message.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.skey
Secret key.
Type: string
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.ssh.enable
If enabled, protect SSH logins with Duo Security.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.hideProcessInformation
Restrict process information to the owning user.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/hidepid.nix>
|
security.lockKernelModules
Disable kernel module loading once the system is fully initialised.
Module loading is disabled until the next reboot. Problems caused
by delayed module loading can be fixed by adding the module(s) in
question to boot.kernelModules
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/lock-kernel-modules.nix>
|
security.pam.enableEcryptfs
Enable eCryptfs PAM module (mounting ecryptfs home directory on login).
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.enableOTPW
Enable the OTPW (one-time password) PAM module.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.enableSSHAgentAuth
Enable sudo logins if the user's SSH agent provides a key
present in ~/.ssh/authorized_keys
.
This allows machines to exclusively use SSH keys instead of
passwords.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.enableU2F
Enable the U2F PAM module.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.loginLimits
Define resource limits that should apply to users or groups.
Each item in the list should be an attribute set with a
domain
, type
,
item
, and value
attribute. The syntax and semantics of these attributes
must be that described in the limits.conf(5) man page.
Note that these limits do not apply to systemd services,
whose limits can be changed via systemd.extraConfig
instead.
Type: unspecified
Default:
[
]
Example:
[
{
domain = "ftp"; item = "nproc"; type = "hard"; value = "0";
}
{
domain = "@student"; item = "maxlogins"; type = "-"; value = "4";
}
]
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.makeHomeDir.skelDirectory
Path to skeleton directory whose contents are copied to home
directories newly created by pam_mkhomedir
.
Type: string
Default:
"/var/empty"
Example:
"/etc/skel"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.mount.enable
Enable PAM mount system to mount fileystems on user login.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.mount.extraVolumes
List of volume definitions for pam_mount. For more information, visit http://pam-mount.sourceforge.net/pam_mount.conf.5.html.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.oath.enable
Enable the OATH (one-time password) PAM module.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/oath.nix>
|
security.pam.oath.digits
Specify the length of the one-time password in number of digits.
Type: one of 6, 7, 8
Default:
6
Declared by:
<nixpkgs/nixos/modules/security/oath.nix>
|
security.pam.oath.usersFile
Set the path to file where the user's credentials are stored. This file must not be world readable!
Type: path
Default:
"/etc/users.oath"
Declared by:
<nixpkgs/nixos/modules/security/oath.nix>
|
security.pam.oath.window
Specify the number of one-time passwords to check in order to accommodate for situations where the system and the client are slightly out of sync (iteration for HOTP or time steps for TOTP).
Type: signed integer
Default:
5
Declared by:
<nixpkgs/nixos/modules/security/oath.nix>
|
security.pam.services
This option defines the PAM services. A service typically corresponds to a program that uses PAM, e.g. login or passwd. Each attribute of this set defines a PAM service, with the attribute name defining the name of the service.
Type: list or attribute set of submodules
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.enableAppArmor
Enable support for attaching AppArmor profiles at the user/group level, e.g., as part of a role based access control scheme.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.enableGnomeKeyring
If enabled, pam_gnome_keyring will attempt to automatically unlock the user's default Gnome keyring upon login. If the user login password does not match their keyring password, Gnome Keyring will prompt separately after login.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.enableKwallet
If enabled, pam_wallet will attempt to automatically unlock the user's default KDE wallet upon login. If the user has no wallet named "kdewallet", or the login password does not match their wallet password, KDE will prompt separately after login.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.allowNullPassword
Whether to allow logging into accounts that have no password
set (i.e., have an empty password field in
/etc/passwd
or
/etc/group
). This does not enable
logging into disabled accounts (i.e., that have the password
field set to !
). Note that regardless of
what the pam_unix documentation says, accounts with hashed
empty passwords are always allowed to log in.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.forwardXAuth
Whether X authentication keys should be passed from the calling user to the target user (e.g. for su)
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.fprintAuth
If set, fingerprint reader will be used (if exists and your fingerprints are enrolled).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.googleAuthenticator.enable
If set, users with enabled Google Authenticator (created
~/.google_authenticator
) will be required
to provide Google Authenticator token to log in.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.limits
Attribute set describing resource limits. Defaults to the
value of security.pam.loginLimits
.
Type: unspecified
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.logFailures
Whether to log authentication failures in /var/log/faillog
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.makeHomeDir
Whether to try to create home directories for users
with $HOME
s pointing to nonexistent
locations on session login.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.name
Name of the PAM service.
Type: string
Example:
"sshd"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.oathAuth
If set, the OATH Toolkit will be used.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.otpwAuth
If set, the OTPW system will be used (if
~/.otpw
exists).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.pamMount
Enable PAM mount (pam_mount) system to mount fileystems on user login.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.requireWheel
Whether to permit root access only to members of group wheel.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.rootOK
If set, root doesn't need to authenticate (e.g. for the useradd service).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.setEnvironment
Whether the service should set the environment variables
listed in environment.sessionVariables
using pam_env.so
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.setLoginUid
Set the login uid of the process
(/proc/self/loginuid
) for auditing
purposes. The login uid is only set by ‘entry points’ like
login and sshd, not by
commands like sudo.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.showMotd
Whether to show the message of the day.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.sshAgentAuth
If set, the calling user's SSH agent is used to authenticate
against the keys in the calling user's
~/.ssh/authorized_keys
. This is useful
for sudo on password-less remote systems.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.sssdStrictAccess
enforce sssd access control
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.startSession
If set, the service will register a new session with systemd's login manager. For local sessions, this will give the user access to audio devices, CD-ROM drives. In the default PolicyKit configuration, it also allows the user to reboot the system.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.text
Contents of the PAM service file.
Type: null or string
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.u2fAuth
If set, users listed in
~/.config/Yubico/u2f_keys
are able to log in
with the associated U2F key.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.unixAuth
Whether users can log in with passwords defined in
/etc/shadow
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.updateWtmp
Whether to update /var/log/wtmp
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name?>.usbAuth
If set, users listed in
/etc/pamusb.conf
are able to log in
with the associated USB key.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.usb.enable
Enable USB login for all login systems that support it. For more information, visit https://github.com/aluzzardi/pam_usb/wiki/Getting-Started#setting-up-devices-and-users.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam_usb.nix>
|
security.pki.caCertificateBlacklist
A list of blacklisted CA certificate names that won't be imported from
the Mozilla Trust Store into
/etc/ssl/certs/ca-certificates.crt
. Use the
names from that file.
Type: list of strings
Default:
[
]
Example:
[
"WoSign" "WoSign China" "CA WoSign ECC Root" "Certification Authority of WoSign G2"
]
Declared by:
<nixpkgs/nixos/modules/security/ca.nix>
|
security.pki.certificateFiles
A list of files containing trusted root certificates in PEM
format. These are concatenated to form
/etc/ssl/certs/ca-certificates.crt
, which is
used by many programs that use OpenSSL, such as
curl and git.
Type: list of paths
Default:
[
]
Example:
[ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]
Declared by:
<nixpkgs/nixos/modules/security/ca.nix>
|
security.pki.certificates
A list of trusted root certificates in PEM format.
Type: list of strings
Default:
[
]
Example:
[ '' NixOS.org ========= -----BEGIN CERTIFICATE----- MIIGUDCCBTigAwIBAgIDD8KWMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0 ... -----END CERTIFICATE----- '' ]
Declared by:
<nixpkgs/nixos/modules/security/ca.nix>
|
security.polkit.enable
Whether to enable PolKit.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/polkit.nix>
|
security.polkit.adminIdentities
Specifies which users are considered “administrators”, for those
actions that require the user to authenticate as an
administrator (i.e. have an auth_admin
value). By default, this is the root
user and all users in the wheel
group.
Type: list of strings
Default:
[
"unix-user:0" "unix-group:wheel"
]
Example:
[
"unix-user:alice" "unix-group:admin"
]
Declared by:
<nixpkgs/nixos/modules/security/polkit.nix>
|
security.polkit.extraConfig
Any polkit rules to be added to config (in JavaScript ;-). See: http://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html#polkit-rules
Type: string
Default:
""
Example:
'' /* Log authorization checks. */ polkit.addRule(function(action, subject) { polkit.log("user " + subject.user + " is attempting action " + action.id + " from PID " + subject.pid); }); /* Allow any local user to do anything (dangerous!). */ polkit.addRule(function(action, subject) { if (subject.local) return "yes"; }); ''
Declared by:
<nixpkgs/nixos/modules/security/polkit.nix>
|
security.rngd.enable
Whether to enable the rng daemon, which adds entropy from hardware sources of randomness to the kernel entropy pool when available.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/rngd.nix>
|
security.rtkit.enable
Whether to enable the RealtimeKit system service, which hands out realtime scheduling priority to user processes on demand. For example, the PulseAudio server uses this to acquire realtime priority.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/rtkit.nix>
|
security.sudo.enable
Whether to enable the sudo command, which allows non-root users to execute commands as root.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.configFile
This string contains the contents of the
sudoers
file.
Type: string
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.extraConfig
Extra configuration text appended to sudoers
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.extraRules
Define specific rules to be in the sudoers
file.
More specific rules should come after more general ones in order to
yield the expected behavior. You can use mkBefore/mkAfter to ensure
this is the case when configuration options are merged.
Type: list of submodules
Default:
[
]
Example:
[
{
commands =
[
"ALL"
]
; groups =
[
"sudo"
]
;
}
{
commands =
[
{
command = "/home/root/secret.sh"; options =
[
"SETENV" "NOPASSWD"
]
;
}
]
; groups =
[
1006
]
; users =
[
"backup" "database"
]
;
}
{
commands =
[
"/home/baz/cmd1.sh hello-sudo"
{
command = ''/home/baz/cmd2.sh ""''; options =
[
"SETENV"
]
;
}
]
; groups =
[
"bar"
]
; runAs = "foo";
}
]
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.extraRules.*.commands
The commands for which the rule should apply.
Type: list of string or submodules
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.extraRules.*.groups
The groups / GIDs this rule should apply for.
Type: list of string or signed integers
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.extraRules.*.host
For what host this rule should apply.
Type: string
Default:
"ALL"
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.extraRules.*.runAs
Under which user/group the specified command is allowed to run.
A user can be specified using just the username: "foo"
.
It is also possible to specify a user/group combination using "foo:bar"
or to only allow running as a specific group with ":bar"
.
Type: string
Default:
"ALL:ALL"
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.extraRules.*.users
The usernames / UIDs this rule should apply for.
Type: list of string or signed integers
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.wheelNeedsPassword
Whether users of the wheel
group must
provide a password to run commands as super user via sudo.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.wrappers
This option allows the ownership and permissions on the setuid wrappers for specific programs to be overridden from the default (setuid root, but not setgid root).
The sub-attribute source
is mandatory,
it must be the absolute path to the program to be wrapped.
The sub-attribute program
is optional and
can give the wrapper program a new name. The default name is the same
as the attribute name itself.
Additionally, this option can set capabilities on a wrapper program that propagates those capabilities down to the wrapped, real program.
NOTE: cap_setpcap, which is required for the wrapper program to be able to raise caps into the Ambient set is NOT raised to the Ambient set so that the real program cannot modify its own capabilities!! This may be too restrictive for cases in which the real program needs cap_setpcap but it at least leans on the side security paranoid vs. too relaxed.
Type: attribute set
Default:
{
}
Example:
{ sendmail.source = "/nix/store/.../bin/sendmail"; ping = { source = "${pkgs.iputils.out}/bin/ping"; owner = "nobody"; group = "nogroup"; capabilities = "cap_net_raw+ep"; }; }
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
services.packagekit.enable
Whether to enable PackageKit provides a cross-platform D-Bus abstraction layer for installing software. Software utilizing PackageKit can install software regardless of the package manager. .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/packagekit.nix>
|
services.SystemdJournal2Gelf.enable
Whether to enable SystemdJournal2Gelf.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/logging/SystemdJournal2Gelf.nix>
|
services.SystemdJournal2Gelf.package
SystemdJournal2Gelf package to use.
Type: package
Default:
(build of SystemdJournal2Gelf-20170413)
Declared by:
<nixpkgs/nixos/modules/services/logging/SystemdJournal2Gelf.nix>
|
services.SystemdJournal2Gelf.extraOptions
Any extra flags to pass to SystemdJournal2Gelf. Note that
these are basically journalctl
flags.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/logging/SystemdJournal2Gelf.nix>
|
services.SystemdJournal2Gelf.graylogServer
Host and port of your graylog2 input. This should be a GELF UDP input.
Type: string
Example:
"graylog2.example.com:11201"
Declared by:
<nixpkgs/nixos/modules/services/logging/SystemdJournal2Gelf.nix>
|
services.accounts-daemon.enable
Whether to enable AccountsService, a DBus service for accessing the list of user accounts and information attached to those accounts.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/accountsservice.nix>
|
services.acpid.enable
Whether to enable the ACPI daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.acpid.acEventCommands
Shell commands to execute on an ac_adapter.* event.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.acpid.handlers
Event handlers.
Handler can be a single command.
Type: attribute set of submodules
Default:
{
}
Example:
{
ac-power =
{
action = "vals=(\$1) # space separated string to array of multiple values\ncase \${vals[3]} in\n 00000000)\n echo unplugged >> /tmp/acpi.log\n ;;\n 00000001)\n echo plugged in >> /tmp/acpi.log\n ;;\n *)\n echo unknown >> /tmp/acpi.log\n ;;\nesac\n"; event = "ac_adapter/*";
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.acpid.handlers.<name>.action
Shell commands to execute when the event is triggered.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.acpid.handlers.<name>.event
Event type.
Type: string
Example:
[
"button/power.*" "button/lid.*" "ac_adapter.*" "button/mute.*" "button/volumedown.*" "cd/play.*" "cd/next.*"
]
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.acpid.lidEventCommands
Shell commands to execute on a button/lid.* event.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.acpid.logEvents
Log all event activity.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.acpid.powerEventCommands
Shell commands to execute on a button/power.* event.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.activemq.enable
Enable the Apache ActiveMQ message broker service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
|
services.activemq.baseDir
The base directory where ActiveMQ stores its persistent data and logs.
This will be overridden if you set "activemq.base" and "activemq.data"
in the javaProperties
option. You can also override
this in activemq.xml.
Type: string
Default:
"/var/activemq"
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
|
services.activemq.configurationDir
The base directory for ActiveMQ's configuration. By default, this directory is searched for a file named activemq.xml, which should contain the configuration for the broker service.
Type: unspecified
Default:
"\${pkgs.activemq}/conf"
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
|
services.activemq.configurationURI
The URI that is passed along to the BrokerFactory to
set up the configuration of the ActiveMQ broker service.
You should not need to change this. For custom configuration,
set the configurationDir
instead, and create
an activemq.xml configuration file in it.
Type: string
Default:
"xbean:activemq.xml"
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
|
services.activemq.extraJavaOptions
Add extra options here that you want to be sent to the Java runtime when the broker service is started.
Type: string
Default:
""
Example:
"-Xmx2G -Xms2G -XX:MaxPermSize=512M"
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
|
services.activemq.javaProperties
Specifies Java properties that are sent to the ActiveMQ broker service with the "-D" option. You can set properties here to change the behaviour and configuration of the broker. All essential properties that are not set here are automatically given reasonable defaults.
Type: attribute set
Default:
{
}
Example:
{
java.net.preferIPv4Stack = "true";
}
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
|
services.actkbd.enable
Whether to enable the actkbd key mapping daemon.
Turning this on will start an actkbd instance for every evdev input that has at least one key (which is okay even for systems with tiny memory footprint, since actkbd normally uses <100 bytes of memory per instance).
This allows binding keys globally without the need for e.g. X11.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
|
services.actkbd.bindings
Key bindings for actkbd.
See actkbd README
for documentation.
The example shows a piece of what sound.enableMediaKeys
does when enabled.
Type: list of submodules
Default:
[
]
Example:
[ { keys = [ 113 ]; events = [ "key" ]; command = "${pkgs.alsaUtils}/bin/amixer -q set Master toggle"; } ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
|
services.actkbd.bindings.*.attributes
List of attributes.
Type: list of strings
Default:
[
"exec"
]
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
|
services.actkbd.bindings.*.command
What to run.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
|
services.actkbd.bindings.*.events
List of events to match.
Type: list of one of "key", "rep", "rel"s
Default:
[
"key"
]
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
|
services.actkbd.bindings.*.keys
List of keycodes to match.
Type: list of signed integers
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
|
services.actkbd.extraConfig
Literal contents to append to the end of actkbd configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
|
services.aerospike.enable
Whether to enable Aerospike server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/aerospike.nix>
|
services.aerospike.package
Which Aerospike derivation to use
Type: package
Default:
(build of aerospike-server-4.2.0.4)
Declared by:
<nixpkgs/nixos/modules/services/databases/aerospike.nix>
|
services.aerospike.extraConfig
Extra configuration
Type: string
Default:
""
Example:
'' namespace test { replication-factor 2 memory-size 4G default-ttl 30d storage-engine memory } ''
Declared by:
<nixpkgs/nixos/modules/services/databases/aerospike.nix>
|
services.aerospike.networkConfig
network section of configuration file
Type: string
Default:
'' service { address any port 3000 } heartbeat { address any mode mesh port 3002 interval 150 timeout 10 } fabric { address any port 3001 } info { address any port 3003 } ''
Declared by:
<nixpkgs/nixos/modules/services/databases/aerospike.nix>
|
services.aerospike.workDir
Location where Aerospike stores its files
Type: string
Default:
"/var/lib/aerospike"
Declared by:
<nixpkgs/nixos/modules/services/databases/aerospike.nix>
|
services.airsonic.enable
Whether to enable Airsonic, the Free and Open Source media streaming server (fork of Subsonic and Libresonic).
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.contextPath
The context path, i.e., the last part of the Airsonic URL. Typically '/' or '/airsonic'. Default '/'
Type: path
Default:
"/"
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.home
The directory where Airsonic will create files. Make sure it is writable.
Type: path
Default:
"/var/lib/airsonic"
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.jvmOptions
Extra command line options for the JVM running AirSonic. Useful for sending jukebox output to non-default alsa devices.
Type: list of strings
Default:
[
]
Example:
[
"-Djavax.sound.sampled.Clip='#CODEC [plughw:1,0]'" "-Djavax.sound.sampled.Port='#Port CODEC [hw:1]'" "-Djavax.sound.sampled.SourceDataLine='#CODEC [plughw:1,0]'" "-Djavax.sound.sampled.TargetDataLine='#CODEC [plughw:1,0]'"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.listenAddress
The host name or IP address on which to bind Airsonic. Only relevant if you have multiple network interfaces and want to make Airsonic available on only one of them. The default value will bind Airsonic to all available network interfaces.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.maxMemory
The memory limit (max Java heap size) in megabytes. Default: 100
Type: signed integer
Default:
100
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.port
The port on which Airsonic will listen for incoming HTTP traffic. Set to 0 to disable.
Type: signed integer
Default:
4040
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.transcoders
List of paths to transcoder executables that should be accessible from Airsonic. Symlinks will be created to each executable inside /var/lib/airsonic/transcoders.
Type: list of paths
Default:
[
"\${pkgs.ffmpeg.bin}/bin/ffmpeg"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.user
User account under which airsonic runs.
Type: string
Default:
"airsonic"
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.amule.enable
Whether to run the AMule daemon. You need to manually run "amuled --ec-config" to configure the service for the first time.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/amuled.nix>
|
services.amule.dataDir
The directory holding configuration, incoming and temporary files.
Type: unspecified
Default:
"/home/amule/"
Declared by:
<nixpkgs/nixos/modules/services/networking/amuled.nix>
|
services.amule.user
The user the AMule daemon should run as.
Type: unspecified
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/amuled.nix>
|
services.apache-kafka.enable
Whether to enable Apache Kafka.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.package
The kafka package to use
Type: package
Default:
"pkgs.apacheKafka"
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.brokerId
Broker ID.
Type: signed integer
Default:
-1
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.extraProperties
Extra properties for server.properties.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.hostname
Hostname the broker should bind to.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.jvmOptions
Extra command line options for the JVM running Kafka.
Type: list of strings
Default:
[
"-server" "-Xmx1G" "-Xms1G" "-XX:+UseCompressedOops" "-XX:+UseParNewGC" "-XX:+UseConcMarkSweepGC" "-XX:+CMSClassUnloadingEnabled" "-XX:+CMSScavengeBeforeRemark" "-XX:+DisableExplicitGC" "-Djava.awt.headless=true" "-Djava.net.preferIPv4Stack=true"
]
Example:
[
"-Djava.net.preferIPv4Stack=true" "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.local.only=true"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.log4jProperties
Kafka log4j property configuration.
Type: string
Default:
'' log4j.rootLogger=INFO, stdout log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.layout=org.apache.log4j.PatternLayout log4j.appender.stdout.layout.ConversionPattern=[%d] %p %m (%c)%n ''
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.logDirs
Log file directories
Type: list of paths
Default:
[
"/tmp/kafka-logs"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.port
Port number the broker should listen on.
Type: signed integer
Default:
9092
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.serverProperties
Complete server.properties content. Other server.properties config options will be ignored if this option is used.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.zookeeper
Zookeeper connection string
Type: string
Default:
"localhost:2181"
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apcupsd.enable
Whether to enable the APC UPS daemon. apcupsd monitors your UPS and permits orderly shutdown of your computer in the event of a power failure. User manual: http://www.apcupsd.com/manual/manual.html. Note that apcupsd runs as root (to allow shutdown of computer). You can check the status of your UPS with the "apcaccess" command.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/apcupsd.nix>
|
services.apcupsd.configText
Contents of the runtime configuration file, apcupsd.conf. The default settings makes apcupsd autodetect USB UPSes, limit network access to localhost and shutdown the system when the battery level is below 50 percent, or when the UPS has calculated that it has 5 minutes or less of remaining power-on time. See man apcupsd.conf for details.
Type: string
Default:
'' UPSTYPE usb NISIP 127.0.0.1 BATTERYLEVEL 50 MINUTES 5 ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/apcupsd.nix>
|
services.apcupsd.hooks
Each attribute in this option names an apcupsd event and the string value it contains will be executed in a shell, in response to that event (prior to the default action). See "man apccontrol" for the list of events and what they represent.
A hook script can stop apccontrol from doing its default action by exiting with value 99. Do not do this unless you know what you're doing.
Type: attribute set of strings
Default:
{
}
Example:
{
doshutdown = "# shell commands to notify that the computer is shutting down";
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/apcupsd.nix>
|
services.arbtt.enable
Enable the arbtt statistics capture service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/arbtt.nix>
|
services.arbtt.package
The package to use for the arbtt binaries.
Type: package
Default:
"pkgs.haskellPackages.arbtt"
Example:
pkgs.haskellPackages.arbtt
Declared by:
<nixpkgs/nixos/modules/services/monitoring/arbtt.nix>
|
services.arbtt.logFile
The log file for captured samples.
Type: string
Default:
"%h/.arbtt/capture.log"
Example:
"/home/username/.arbtt-capture.log"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/arbtt.nix>
|
services.arbtt.sampleRate
The sampling interval in seconds.
Type: signed integer
Default:
60
Example:
120
Declared by:
<nixpkgs/nixos/modules/services/monitoring/arbtt.nix>
|
services.aria2.enable
Whether or not to enable the headless Aria2 daemon service.
Aria2 daemon can be controlled via the RPC interface using one of many WebUI (http://localhost:6800/ by default).
Targets are downloaded to /var/lib/aria2/Downloads by default and are accessible to users in the "aria2" group.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.aria2.downloadDir
Directory to store downloaded files.
Type: string
Default:
"/var/lib/aria2/Downloads"
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.aria2.extraArguments
Additional arguments to be passed to Aria2.
Type: string
Default:
""
Example:
"--rpc-listen-all --remote-time=true"
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.aria2.listenPortRange
Set UDP listening port range used by DHT(IPv4, IPv6) and UDP tracker.
Type: list of attribute sets
Default:
[
{
from = 6881; to = 6999;
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.aria2.openPorts
Open listen and RPC ports found in listenPortRange and rpcListenPort options in the firewall.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.aria2.rpcListenPort
Specify a port number for JSON-RPC/XML-RPC server to listen to. Possible Values: 1024-65535
Type: signed integer
Default:
6800
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.aria2.rpcSecret
Set RPC secret authorization token. Read https://aria2.github.io/manual/en/html/aria2c.html#rpc-auth to know how this option value is used.
Type: string
Default:
"aria2rpc"
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.asterisk.enable
Whether to enable the Asterisk PBX server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/asterisk.nix>
|
services.asterisk.package
The Asterisk package to use.
Type: package
Default:
"pkgs.asterisk"
Declared by:
<nixpkgs/nixos/modules/services/networking/asterisk.nix>
|
services.asterisk.confFiles
Sets the content of config files (typically ending with
.conf
) in the Asterisk configuration directory.
Note that if you want to change asterisk.conf
, it
is preferable to use the services.asterisk.extraConfig
option over this option. If "asterisk.conf"
is
specified with the confFiles
option (not recommended),
you must be prepared to set your own astetcdir
path.
See http://www.asterisk.org/community/documentation for more examples of what is possible here.
Type: attribute set of strings
Default:
{
}
Example:
{ "extensions.conf" = '' [tests] ; Dial 100 for "hello, world" exten => 100,1,Answer() same => n,Wait(1) same => n,Playback(hello-world) same => n,Hangup() [softphones] include => tests [unauthorized] ''; "sip.conf" = '' [general] allowguest=no ; Require authentication context=unauthorized ; Send unauthorized users to /dev/null srvlookup=no ; Don't do DNS lookup udpbindaddr=0.0.0.0 ; Listen on all interfaces nat=force_rport,comedia ; Assume device is behind NAT [softphone](!) type=friend ; Match on username first, IP second context=softphones ; Send to softphones context in ; extensions.conf file host=dynamic ; Device will register with asterisk disallow=all ; Manually specify codecs to allow allow=g722 allow=ulaw allow=alaw [myphone](softphone) secret=GhoshevFew ; Change this password! ''; "logger.conf" = '' [general] [logfiles] ; Add debug output to log syslog.local0 => notice,warning,error,debug ''; }
Declared by:
<nixpkgs/nixos/modules/services/networking/asterisk.nix>
|
services.asterisk.extraArguments
Additional command line arguments to pass to Asterisk.
Type: list of strings
Default:
[
]
Example:
[
"-vvvddd" "-e" "1024"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/asterisk.nix>
|
services.asterisk.extraConfig
Extra configuration options appended to the default
asterisk.conf
file.
Type: string
Default:
""
Example:
'' [options] verbose=3 debug=3 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/asterisk.nix>
|
services.asterisk.useTheseDefaultConfFiles
Sets these config files to the default content. The default value for
this option contains all necesscary files to avoid errors at startup.
This does not override settings via services.asterisk.confFiles
.
Type: list of strings
Default:
[
"ari.conf" "acl.conf" "agents.conf" "amd.conf" "calendar.conf" "cdr.conf" "cdr_syslog.conf" "cdr_custom.conf" "cel.conf" "cel_custom.conf" "cli_aliases.conf" "confbridge.conf" "dundi.conf" "features.conf" "hep.conf" "iax.conf" "pjsip.conf" "pjsip_wizard.conf" "phone.conf" "phoneprov.conf" "queues.conf" "res_config_sqlite3.conf" "res_parking.conf" "statsd.conf" "udptl.conf" "unistim.conf"
]
Example:
[
"sip.conf" "dundi.conf"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/asterisk.nix>
|
services.atd.enable
Whether to enable the at daemon, a command scheduler.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/scheduling/atd.nix>
|
services.atd.allowEveryone
Whether to make /var/spool/at{jobs,spool}
writeable by everyone (and sticky). This is normally not
needed since the at commands are
setuid/setgid atd
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/scheduling/atd.nix>
|
services.atftpd.enable
Whether to enable the atftpd TFTP server. By default, the server binds to address 0.0.0.0.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/atftpd.nix>
|
services.atftpd.extraOptions
Extra command line arguments to pass to atftp.
Type: list of strings
Default:
[
]
Example:
[ "--bind-address 192.168.9.1" "--verbose=7" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/atftpd.nix>
|
services.atftpd.root
Document root directory for the atftpd.
Type: path
Default:
"/srv/tftp"
Declared by:
<nixpkgs/nixos/modules/services/networking/atftpd.nix>
|
services.autofs.enable
Mount filesystems on demand. Unmount them automatically. You may also be interested in afuse.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/autofs.nix>
|
services.autofs.autoMaster
Contents of /etc/auto.master
file. See auto.master(5) and autofs(5).
Type: string
Example:
let mapConf = pkgs.writeText "auto" '' kernel -ro,soft,intr ftp.kernel.org:/pub/linux boot -fstype=ext2 :/dev/hda1 windoze -fstype=smbfs ://windoze/c removable -fstype=ext2 :/dev/hdd cd -fstype=iso9660,ro :/dev/hdc floppy -fstype=auto :/dev/fd0 server -rw,hard,intr / -ro myserver.me.org:/ \ /usr myserver.me.org:/usr \ /home myserver.me.org:/home ''; in '' /auto file:${mapConf} ''
Declared by:
<nixpkgs/nixos/modules/services/misc/autofs.nix>
|
services.autofs.debug
Pass -d and -7 to automount and write log to the system journal.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/autofs.nix>
|
services.autofs.timeout
Set the global minimum timeout, in seconds, until directories are unmounted
Type: unspecified
Default:
600
Declared by:
<nixpkgs/nixos/modules/services/misc/autofs.nix>
|
services.autorandr.enable
Whether to enable handling of hotplug and sleep events by autorandr.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.defaultTarget
Fallback if no monitor layout can be detected. See the docs (https://github.com/phillipberndt/autorandr/blob/v1.0/README.md#how-to-use) for further reference.
Type: string
Default:
"default"
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autossh.sessions
List of AutoSSH sessions to start as systemd services. Each service is named 'autossh-{session.name}'.
Type: list of submodules
Default:
[
]
Example:
[
{
extraArguments = "-N -D4343 billremote@socks.host.net"; monitoringPort = 20000; name = "socks-peer"; user = "bill";
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/autossh.nix>
|
services.autossh.sessions.*.extraArguments
Arguments to be passed to AutoSSH and retransmitted to SSH process. Some meaningful options include -N (don't run remote command), -D (open SOCKS proxy on local port), -R (forward remote port), -L (forward local port), -v (Enable debug). Check ssh manual for the complete list.
Type: string
Example:
"-N -D4343 bill@socks.example.net"
Declared by:
<nixpkgs/nixos/modules/services/networking/autossh.nix>
|
services.autossh.sessions.*.monitoringPort
Port to be used by AutoSSH for peer monitoring. Note, that AutoSSH also uses mport+1. Value of 0 disables the keep-alive style monitoring
Type: signed integer
Default:
0
Example:
20000
Declared by:
<nixpkgs/nixos/modules/services/networking/autossh.nix>
|
services.autossh.sessions.*.name
Name of the local AutoSSH session
Type: string
Example:
"socks-peer"
Declared by:
<nixpkgs/nixos/modules/services/networking/autossh.nix>
|
services.autossh.sessions.*.user
Name of the user the AutoSSH session should run as
Type: string
Example:
"bill"
Declared by:
<nixpkgs/nixos/modules/services/networking/autossh.nix>
|
services.avahi.enable
Whether to run the Avahi daemon, which allows Avahi clients to use Avahi's service discovery facilities and also allows the local machine to advertise its presence and services (through the mDNS responder implemented by `avahi-daemon').
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.allowPointToPoint
Whether to use POINTTOPOINT interfaces. Might make mDNS unreliable due to usually large latencies with such links and opens a potential security hole by allowing mDNS access from Internet connections. Use with care and YMMV!
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.browseDomains
List of non-local DNS domains to be browsed.
Type: unspecified
Default:
[
]
Example:
[
"0pointer.de" "zeroconf.org"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.cacheEntriesMax
Number of resource records to be cached per interface. Use 0 to disable caching. Avahi daemon defaults to 4096 if not set.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.domainName
Domain name for all advertisements.
Type: string
Default:
"local"
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.extraConfig
Extra config to append to avahi-daemon.conf.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.hostName
Host name advertised on the LAN. If not set, avahi will use the value of config.networking.hostName.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.interfaces
List of network interfaces that should be used by the avahi-daemon.
Other interfaces will be ignored. If null
all local interfaces
except loopback and point-to-point will be used.
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.ipv4
Whether to use IPv4
Type: unspecified
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.ipv6
Whether to use IPv6
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.nssmdns
Whether to enable the mDNS NSS (Name Service Switch) plug-in. Enabling it allows applications to resolve names in the `.local' domain by transparently querying the Avahi daemon.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.publish.enable
Whether to allow publishing in general.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.publish.addresses
Whether to register mDNS address records for all local IP addresses.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.publish.domain
Whether to announce the locally used domain name for browsing by other hosts.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.publish.hinfo
Whether to register an mDNS HINFO record which contains information about the local operating system and CPU.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.publish.userServices
Whether to publish user services. Will set addresses=true
.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.publish.workstation
Whether to register a service of type "_workstation._tcp" on the local LAN.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.reflector
Reflect incoming mDNS requests to all allowed network interfaces.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.wideArea
Whether to enable wide-area service discovery.
Type: unspecified
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.awstats.enable
Enable the awstats program (but not service). Currently only simple httpd (Apache) configs are supported, and awstats plugins may not work correctly.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.extraConfig
Extra configuration to be appendend to awstats.conf.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.service.enable
Enable the awstats web service. This switches on httpd.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.service.urlPrefix
The URL prefix under which the awstats service appears.
Type: string
Default:
"/awstats"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.updateAt
Specification of the time at which awstats will get updated. (in the format described by systemd.time(7))
Type: null or string
Default:
null
Example:
"hourly"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.vardir
The directory where variable awstats data will be stored.
Type: path
Default:
"/var/lib/awstats"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.babeld.enable
Whether to run the babeld network routing daemon.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/babeld.nix>
|
services.babeld.extraConfig
Options that will be copied to babeld.conf. See babeld(8) for details.
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/babeld.nix>
|
services.babeld.interfaceDefaults
A set describing default parameters for babeld interfaces. See babeld(8) for options.
Type: null or attribute set of unspecifieds
Default:
null
Example:
{
split-horizon = true; type = "tunnel";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/babeld.nix>
|
services.babeld.interfaces
A set describing babeld interfaces. See babeld(8) for options.
Type: attribute set of attribute set of unspecifiedss
Default:
{
}
Example:
{
enp0s2 =
{
hello-interval = 5; split-horizon = "auto"; type = "wired";
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/babeld.nix>
|
services.bacula-dir.enable
Whether to enable Bacula Director Daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.extraConfig
Extra configuration for Bacula Director Daemon.
Type: string
Default:
""
Example:
'' TODO ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.extraDirectorConfig
Extra configuration to be passed in Director directive.
Type: unspecified
Default:
""
Example:
'' Maximum Concurrent Jobs = 20; Heartbeat Interval = 30; ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.extraMessagesConfig
Extra configuration to be passed in Messages directive.
Type: unspecified
Default:
""
Example:
'' console = all ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.name
The director name used by the system administrator. This directive is required.
Type: unspecified
Default:
"nixos-dir"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.password
Specifies the password that must be supplied for a Director.
Type: unspecified
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.port
Specify the port (a positive integer) on which the Director daemon will listen for Bacula Console connections. This same port number must be specified in the Director resource of the Console configuration file. The default is 9101, so normally this directive need not be specified. This directive should not be used if you specify DirAddresses (N.B plural) directive.
Type: signed integer
Default:
9101
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.enable
Whether to enable the Bacula File Daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.director
This option defines director resources in Bacula File Daemon.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.director.<name>.monitor
If Monitor is set to no (default), this director will have full
Type: unspecified
Default:
"no"
Example:
"yes"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.director.<name>.password
Specifies the password that must be supplied for a Director to b
Type: unspecified
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.extraClientConfig
Extra configuration to be passed in Client directive.
Type: unspecified
Default:
""
Example:
'' Maximum Concurrent Jobs = 20; Heartbeat Interval = 30; ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.extraMessagesConfig
Extra configuration to be passed in Messages directive.
Type: unspecified
Default:
""
Example:
'' console = all ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.name
The client name that must be used by the Director when connecting. Generally, it is a good idea to use a name related to the machine so that error messages can be easily identified if you have multiple Clients. This directive is required.
Type: unspecified
Default:
"nixos-fd"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.port
This specifies the port number on which the Client listens for Director connections. It must agree with the FDPort specified in the Client resource of the Director's configuration file.
Type: signed integer
Default:
9102
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.enable
Whether to enable Bacula Storage Daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.device
This option defines Device resources in Bacula Storage Daemon.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.device.<name>.archiveDevice
The specified name-string gives the system file name of the storage device managed by this storage daemon. This will usually be the device file name of a removable storage device (tape drive), for example " /dev/nst0" or "/dev/rmt/0mbn". For a DVD-writer, it will be for example /dev/hdc. It may also be a directory name if you are archiving to disk storage.
Type: unspecified
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.device.<name>.extraDeviceConfig
Extra configuration to be passed in Device directive.
Type: unspecified
Default:
""
Example:
'' LabelMedia = yes Random Access = no AutomaticMount = no RemovableMedia = no MaximumOpenWait = 60 AlwaysOpen = no ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.device.<name>.mediaType
The specified name-string names the type of media supported by this device, for example, "DLT7000". Media type names are arbitrary in that you set them to anything you want, but they must be known to the volume database to keep track of which storage daemons can read which volumes. In general, each different storage type should have a unique Media Type associated with it. The same name-string must appear in the appropriate Storage resource definition in the Director's configuration file.
Type: unspecified
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.director
This option defines Director resources in Bacula Storage Daemon.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.director.<name>.monitor
If Monitor is set to no (default), this director will have full
Type: unspecified
Default:
"no"
Example:
"yes"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.director.<name>.password
Specifies the password that must be supplied for a Director to b
Type: unspecified
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.extraMessagesConfig
Extra configuration to be passed in Messages directive.
Type: unspecified
Default:
""
Example:
'' console = all ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.extraStorageConfig
Extra configuration to be passed in Storage directive.
Type: unspecified
Default:
""
Example:
'' Maximum Concurrent Jobs = 20; Heartbeat Interval = 30; ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.name
Specifies the Name of the Storage daemon.
Type: unspecified
Default:
"nixos-sd"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.port
Specifies port number on which the Storage daemon listens for Director connections. The default is 9103.
Type: signed integer
Default:
9103
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bamf.enable
Whether to enable bamf.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/desktops/bamf.nix>
|
services.beegfs
BeeGFS configurations. Every mount point requires a separate configuration.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/beegfs.nix>
|
services.beegfs.<name>.admon.enable
Whether to enable BeeGFS admon daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/beegfs.nix>
|
services.beegfs.<name>.admon.extraConfig
Additional lines for beegfs-admon.conf. See documentation for further details.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/beegfs.nix>
|
services.beegfs.<name>.client.enable
Whether to enable BeeGFS client.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/beegfs.nix>
|
services.beegfs.<name>.client.extraConfig
Additional lines for beegfs-client.conf. See documentation for further details.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/beegfs.nix>
|
services.beegfs.<name>.client.mount
Create fstab entry automatically
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/beegfs.nix>
|
services.beegfs.<name>.client.mountPoint
Mount point under which the beegfs filesytem should be mounted. If mounted manually the mount option specifing the config file is needed: cfgFile=/etc/beegfs/beegfs-client-<name>.conf
Type: string
Default:
"/run/beegfs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/beegfs.nix>
|
services.beegfs.<name>.connAuthFile
File containing shared secret authentication.
Type: string
Default:
""
Example:
"/etc/my.key"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/beegfs.nix>
|
services.beegfs.<name>.connPortShift
For each additional beegfs configuration shift all service TCP/UDP ports by at least 5.
Type: signed integer
Default:
0
Example:
5
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/beegfs.nix>
|
services.beegfs.<name>.helperd.enable
Enable the BeeGFS helperd.
The helpered is need for logging purposes on the client.
Disabling helperd
allows for runing the client
with allowUnfree = false
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/beegfs.nix>
|
services.beegfs.<name>.helperd.extraConfig
Additional lines for beegfs-helperd.conf. See documentation for further details.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/beegfs.nix>
|
services.beegfs.<name>.meta.enable
Whether to enable BeeGFS meta data daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/beegfs.nix>
|
services.beegfs.<name>.meta.extraConfig
Additional lines for beegfs-meta.conf. See documentation for further details.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/beegfs.nix>
|
services.beegfs.<name>.meta.storeDir
Data directory for meta data service. Must not be shared with other beegfs daemons. The underlying filesystem must be mounted with xattr turned on. This directory must exist and it must be initialized with beegfs-setup-meta, e.g. "beegfs-setup-meta -C -s <serviceID> -p <storeDir>"
Type: path
Default:
null
Example:
"/data/beegfs-meta"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/beegfs.nix>
|
services.beegfs.<name>.mgmtd.enable
Whether to enable BeeGFS mgmtd daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/beegfs.nix>
|
services.beegfs.<name>.mgmtd.extraConfig
Additional lines for beegfs-mgmtd.conf. See documentation for further details.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/beegfs.nix>
|
services.beegfs.<name>.mgmtd.storeDir
Data directory for mgmtd. Must not be shared with other beegfs daemons. This directory must exist and it must be initialized with beegfs-setup-mgmtd, e.g. "beegfs-setup-mgmtd -C -p <storeDir>"
Type: path
Default:
null
Example:
"/data/beegfs-mgmtd"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/beegfs.nix>
|
services.beegfs.<name>.mgmtdHost
Hostname of managament host.
Type: string
Default:
null
Example:
"master"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/beegfs.nix>
|
services.beegfs.<name>.storage.enable
Whether to enable BeeGFS storage daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/beegfs.nix>
|
services.beegfs.<name>.storage.extraConfig
Addional lines for beegfs-storage.conf. See documentation for further details.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/beegfs.nix>
|
services.beegfs.<name>.storage.storeDir
Data directories for storage service. Must not be shared with other beegfs daemons. The underlying filesystem must be mounted with xattr turned on. This directory must exist and it must be initialized with beegfs-setup-storage, e.g. "beegfs-setup-storage -C -s <serviceID> -i <storageTargetID> -p <storeDir>"
Type: path
Default:
null
Example:
"/data/beegfs-storage"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/beegfs.nix>
|
services.beegfsEnable
Whether to enable BeeGFS.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/beegfs.nix>
|
services.bepasty.enable
Whether to enable Bepasty servers.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bepasty.servers
configure a number of bepasty servers which will be started with gunicorn.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bepasty.servers.<name>.bind
Bind address to be used for this server.
Type: string
Default:
"127.0.0.1:8000"
Example:
"0.0.0.0:8000"
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bepasty.servers.<name>.dataDir
Path to the directory where the pastes will be saved to
Type: string
Default:
"/var/lib/bepasty/data"
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bepasty.servers.<name>.defaultPermissions
default permissions for all unauthenticated accesses.
Type: string
Default:
"read"
Example:
"read,create,delete"
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bepasty.servers.<name>.extraConfig
Extra configuration for bepasty server to be appended on the configuration. see https://bepasty-server.readthedocs.org/en/latest/quickstart.html#configuring-bepasty for all options.
Type: string
Default:
""
Example:
'' PERMISSIONS = { 'myadminsecret': 'admin,list,create,read,delete', } MAX_ALLOWED_FILE_SIZE = 5 * 1000 * 1000 ''
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bepasty.servers.<name>.secretKey
server secret for safe session cookies, must be set.
Warning: this secret is stored in the WORLD-READABLE Nix store!
It's recommended to use secretKeyFile
which takes precedence over secretKey
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bepasty.servers.<name>.secretKeyFile
A file that contains the server secret for safe session cookies, must be set.
secretKeyFile
takes precedence over secretKey
.
Warning: when secretKey
is non-empty secretKeyFile
defaults to a file in the WORLD-READABLE Nix store containing that secret.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bepasty.servers.<name>.workDir
Path to the working directory (used for config and pidfile). Defaults to the users home directory.
Type: string
Default:
"/var/lib/bepasty"
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bind.enable
Whether to enable BIND domain name server.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.blockedNetworks
What networks are just blocked.
Type: unspecified
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.cacheNetworks
What networks are allowed to use us as a resolver.
Type: unspecified
Default:
[
"127.0.0.0/24"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.configFile
Overridable config file to use for named. By default, that generated by nixos.
Type: path
Default:
"confFile"
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.extraConfig
Extra lines to be added verbatim to the generated named configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.extraOptions
Extra lines to be added verbatim to the options section of the generated named configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.forwarders
List of servers we should forward requests to.
Type: unspecified
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.ipv4Only
Only use ipv4, even if the host supports ipv6.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.listenOn
Interfaces to listen on.
Type: list of strings
Default:
[
"any"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.listenOnIpv6
Ipv6 interfaces to listen on.
Type: list of strings
Default:
[
"any"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.zones
List of zones we claim authority over. master=false means slave server; slaves means addresses who may request zone transfer.
Type: unspecified
Default:
[
]
Example:
[
{
file = "/var/dns/example.com"; master = false; masters =
[
"192.168.0.1"
]
; name = "example.com"; slaves =
[
]
;
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bird.enable
Whether to enable BIRD Internet Routing Daemon (1.9.x with IPv4 suport).
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
|
services.bird.config
BIRD Internet Routing Daemon configuration file. http://bird.network.cz/
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
|
services.bird2.enable
Whether to enable BIRD Internet Routing Daemon (2.x).
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
|
services.bird2.config
BIRD Internet Routing Daemon configuration file. http://bird.network.cz/
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
|
services.bird6.enable
Whether to enable BIRD Internet Routing Daemon (1.9.x with IPv6 suport).
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
|
services.bird6.config
BIRD Internet Routing Daemon configuration file. http://bird.network.cz/
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
|
services.bitlbee.enable
Whether to run the BitlBee IRC to other chat network gateway. Running it allows you to access the MSN, Jabber, Yahoo! and ICQ chat networks via an IRC client.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.authBackend
How users are authenticated storage -- save passwords internally pam -- Linux PAM authentication
Type: one of "storage", "pam"
Default:
"storage"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.authMode
The following authentication modes are available: Open -- Accept connections from anyone, use NickServ for user authentication. Closed -- Require authorization (using the PASS command during login) before allowing the user to connect at all. Registered -- Only allow registered users to use this server; this disables the register- and the account command until the user identifies himself.
Type: one of "Open", "Closed", "Registered"
Default:
"Open"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.configDir
Specify an alternative directory to store all the per-user configuration files.
Type: path
Default:
"/var/lib/bitlbee"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.extraDefaults
Will be inserted in the Default section of the config file.
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.extraSettings
Will be inserted in the Settings section of the config file.
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.hostName
Normally, BitlBee gets a hostname using getsockname(). If you have a nicer alias for your BitlBee daemon, you can set it here and BitlBee will identify itself with that name instead.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.interface
The interface the BitlBee deamon will be listening to. If `127.0.0.1', only clients on the local host can connect to it; if `0.0.0.0', clients can access it from any network interface.
Type: unspecified
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.libpurple_plugins
The list of libpurple plugins to install.
Type: list of packages
Default:
[
]
Example:
[ pkgs.purple-matrix ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.plugins
The list of bitlbee plugins to install.
Type: list of packages
Default:
[
]
Example:
[ pkgs.bitlbee-facebook ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.portNumber
Number of the port BitlBee will be listening to.
Type: unspecified
Default:
6667
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.protocols
This option allows to remove the support of protocol, even if compiled in. If nothing is given, there are no restrictions.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bloop.install
Whether to install a user service for the Bloop server.
The service must be manually started for each user with "systemctl --user start bloop".
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/development/bloop.nix>
|
services.boinc.enable
Whether to enable the BOINC distributed computing client. If this option is set to true, the boinc_client daemon will be run as a background service. The boinccmd command can be used to control the daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/computing/boinc/client.nix>
|
services.boinc.package
Which BOINC package to use.
Type: package
Default:
"pkgs.boinc"
Declared by:
<nixpkgs/nixos/modules/services/computing/boinc/client.nix>
|
services.boinc.allowRemoteGuiRpc
If set to true, any remote host can connect to and control this BOINC
client (subject to password authentication). If instead set to false,
only the hosts listed in dataDir
/remote_hosts.cfg will be allowed to
connect.
See also: http://boinc.berkeley.edu/wiki/Controlling_BOINC_remotely#Remote_access
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/computing/boinc/client.nix>
|
services.boinc.dataDir
The directory in which to store BOINC's configuration and data files.
Type: path
Default:
"/var/lib/boinc"
Declared by:
<nixpkgs/nixos/modules/services/computing/boinc/client.nix>
|
services.boinc.extraEnvPackages
Additional packages to make available in the environment in which BOINC will run. Common choices are:
pkgs.virtualbox
The VirtualBox virtual machine framework. Required by some BOINC projects, such as ATLAS@home.
pkgs.ocl-icd
OpenCL infrastructure library. Required by BOINC projects that use OpenCL, in addition to a device-specific OpenCL driver.
pkgs.linuxPackages.nvidia_x11
Provides CUDA libraries. Required by BOINC projects that use CUDA. Note that this requires an NVIDIA graphics device to be present on the system.
Also provides OpenCL drivers for NVIDIA GPUs;
pkgs.ocl-icd
is also needed in this case.
Type: list of packages
Default:
[
]
Example:
"[ pkgs.virtualbox ]"
Declared by:
<nixpkgs/nixos/modules/services/computing/boinc/client.nix>
|
services.borgbackup.jobs
Deduplicating backups using BorgBackup.
Type: attribute set of submodules
Default:
{
}
Example:
{ rootBackup = { paths = "/"; exclude = [ "/nix" ]; repo = "/path/to/local/repo"; encryption = { mode = "repokey"; passphrase = "secret"; }; compression = "auto,lzma"; startAt = "weekly"; }; }
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.appendFailedSuffix
Append a .failed
suffix
to the archive name, which is only removed if
borg create has a zero exit status.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.archiveBaseName
How to name the created archives. A timestamp, whose format is
determined by dateFormat
, will be appended. The full
name can be modified at runtime ($archiveName
).
Placeholders like {hostname}
must not be used.
Type: string matching the pattern [^/{}]+
Default:
"\${config.networking.hostName}-<name>"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.compression
Compression method to use. Refer to borg help compression for all available options.
Type: string matching the pattern none|(auto,)?(lz4|zstd|zlib|lzma)(,[[:digit:]]{1,2})?
Default:
"lz4"
Example:
"auto,lzma"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.dateFormat
Arguments passed to date to create a timestamp suffix for the archive name.
Type: string
Default:
"+%Y-%m-%dT%H:%M:%S"
Example:
"-u +%s"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.doInit
Run borg init if the
specified repo
does not exist.
You should set this to false
if the repository is located on an external drive
that might not always be mounted.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.encryption.mode
Encryption mode to use. Setting a mode
other than "none"
requires
you to specify a passCommand
or a passphrase
.
Type: one of "repokey", "keyfile", "repokey-blake2", "keyfile-blake2", "authenticated", "authenticated-blake2", "none"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.encryption.passCommand
A command which prints the passphrase to stdout.
Mutually exclusive with passphrase
.
Type: null or string
Default:
null
Example:
"cat /path/to/passphrase_file"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.encryption.passphrase
The passphrase the backups are encrypted with.
Mutually exclusive with passCommand
.
If you do not want the passphrase to be stored in the
world-readable Nix store, use passCommand
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.environment
Environment variables passed to the backup script. You can for example specify which SSH key to use.
Type: attribute set of strings
Default:
{
}
Example:
{
BORG_RSH = "ssh -i /path/to/key";
}
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.exclude
Exclude paths matching any of the given patterns. See borg help patterns for pattern syntax.
Type: list of strings
Default:
[
]
Example:
[
"/home/*/.cache" "/nix"
]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.extraArgs
Additional arguments for all borg calls the service has. Handle with care.
Type: string
Default:
""
Example:
"--remote-path=/path/to/borg"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.extraCreateArgs
Additional arguments for borg create.
Can also be set at runtime using $extraCreateArgs
.
Type: string
Default:
""
Example:
"--stats --checkpoint-interval 600"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.extraInitArgs
Additional arguments for borg init.
Can also be set at runtime using $extraInitArgs
.
Type: string
Default:
""
Example:
"--append-only"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.extraPruneArgs
Additional arguments for borg prune.
Can also be set at runtime using $extraPruneArgs
.
Type: string
Default:
""
Example:
"--save-space"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.group
The group borg is run as. User or group needs read permission
for the specified paths
.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.paths
Path(s) to back up.
Type: path or non-empty list of paths
Example:
"/home/user"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.postCreate
Shell commands to run after borg create. The name
of the created archive is stored in $archiveName
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.postHook
Shell commands to run just before exit. They are executed
even if a previous command exits with a non-zero exit code.
The latter is available as $exitStatus
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.postInit
Shell commands to run after borg init.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.postPrune
Shell commands to run after borg prune.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.preHook
Shell commands to run before the backup. This can for example be used to mount file systems.
Type: string
Default:
""
Example:
'' # To add excluded paths at runtime extraCreateArgs="$extraCreateArgs --exclude /some/path" ''
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.privateTmp
Set the PrivateTmp
option for
the systemd-service. Set to false if you need sockets
or other files from global /tmp.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.prune.keep
Prune a repository by deleting all archives not matching any of the specified retention options. See borg help prune for the available options.
Type: attribute set of signed integer or string matching the pattern [[:digit:]]+[Hdwmy]s
Default:
{
}
Example:
{ within = "1d"; # Keep all archives from the last day daily = 7; weekly = 4; monthly = -1; # Keep at least one archive for each month }
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.prune.prefix
Only consider archive names starting with this prefix for pruning.
By default, only archives created by this job are considered.
Use ""
to consider all archives.
Type: string
Default:
"\${archiveBaseName}"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.readWritePaths
By default, borg cannot write anywhere on the system but
$HOME/.config/borg
and $HOME/.cache/borg
.
If, for example, your preHook script needs to dump files
somewhere, put those directories here.
Type: list of paths
Default:
[
]
Example:
[
"/var/backup/mysqldump"
]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.repo
Remote or local repository to back up to.
Type: string
Example:
"user@machine:/path/to/repo"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.startAt
When or how often the backup should run.
Must be in the format described in
systemd.time(7).
If you do not want the backup to start
automatically, use [ ]
.
Type: string or list of strings
Default:
"daily"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.user
The user borg is run as.
User or group need read permission
for the specified paths
.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.repos
Serve BorgBackup repositories to given public SSH keys,
restricting their access to the repository only.
Also, clients do not need to specify the absolute path when accessing the repository,
i.e. user@machine:.
is enough. (Note colon and dot.)
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.repos.<name>.allowSubRepos
Allow clients to create repositories in subdirectories of the
specified path
. These can be accessed using
user@machine:path/to/subrepo
. Note that a
quota
applies to repositories independently.
Therefore, if this is enabled, clients can create multiple
repositories and upload an arbitrary amount of data.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.repos.<name>.authorizedKeys
Public SSH keys that are given full write access to this repository. You should use a different SSH key for each repository you write to, because the specified keys are restricted to running borg serve and can only access this single repository.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.repos.<name>.authorizedKeysAppendOnly
Public SSH keys that can only be used to append new data (archives) to the repository. Note that archives can still be marked as deleted and are subsequently removed from disk upon accessing the repo with full write access, e.g. when pruning.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.repos.<name>.group
The group borg serve is run as.
User or group needs write permission
for the specified path
.
Type: string
Default:
"borg"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.repos.<name>.path
Where to store the backups. Note that the directory is created automatically, with correct permissions.
Type: path
Default:
"/var/lib/borgbackup"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.repos.<name>.quota
Storage quota for the repository. This quota is ensured for all
sub-repositories if allowSubRepos
is enabled
but not for the overall storage space used.
Type: null or string matching the pattern [[:digit:].]+[KMGTP]?
Default:
null
Example:
"100G"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.repos.<name>.user
The user borg serve is run as.
User or group needs write permission
for the specified path
.
Type: string
Default:
"borg"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.bosun.enable
Whether to run bosun.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.package
bosun binary to use.
Type: package
Default:
"pkgs.bosun"
Example:
pkgs.bosun
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.checkFrequency
Bosun's check frequency
Type: string
Default:
"5m"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.extraConfig
Extra configuration options for Bosun. You should describe your desired templates, alerts, macros, etc through this configuration option.
A detailed description of the supported syntax can be found at-spi2-atk http://bosun.org/configuration.html
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.group
Group account under which bosun runs.
Type: string
Default:
"bosun"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.influxHost
Host and port of the influxdb database.
Type: null or string
Default:
null
Example:
"localhost:8086"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.ledisDir
Path to bosun's ledis data dir
Type: path
Default:
"/var/lib/bosun/ledis_data"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.listenAddress
The host address and port that bosun's web interface will listen on.
Type: string
Default:
":8070"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.opentsdbHost
Host and port of the OpenTSDB database that stores bosun data. To disable opentsdb you can pass null as parameter.
Type: null or string
Default:
"localhost:4242"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.stateFile
Path to bosun's state file.
Type: path
Default:
"/var/lib/bosun/bosun.state"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.user
User account under which bosun runs.
Type: string
Default:
"bosun"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.brltty.enable
Whether to enable the BRLTTY daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/brltty.nix>
|
services.btrfs.autoScrub.enable
Whether to enable Enable regular btrfs scrub.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/btrfs.nix>
|
services.btrfs.autoScrub.fileSystems
List of paths to btrfs filesystems to regularily call btrfs scrub on. Defaults to all mount points with btrfs filesystems. If you mount a filesystem multiple times or additionally mount subvolumes, you need to manually specify this list to avoid scrubbing multiple times.
Type: list of paths
Example:
[
"/"
]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/btrfs.nix>
|
services.btrfs.autoScrub.interval
Systemd calendar expression for when to scrub btrfs filesystems. The recommended period is a month but could be less (btrfs-scrub(8)). See systemd.time(7) for more information on the syntax.
Type: string
Default:
"monthly"
Example:
"weekly"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/btrfs.nix>
|
services.btsync.enable
If enabled, start the Bittorrent Sync daemon. Once enabled, you can
interact with the service through the Web UI, or configure it in your
NixOS configuration. Enabling the btsync
service
also installs a systemd user unit which can be used to start
user-specific copies of the daemon. Once installed, you can use
systemctl --user start btsync
as your user to start
the daemon using the configuration file located at
$HOME/.config/btsync.conf
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.enableWebUI
Enable Web UI for administration. Bound to the specified
httpListenAddress
and
httpListenPort
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.package
Branch of bittorrent sync to use.
Type: package
Example:
pkgs.bittorrentSync20
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.apiKey
API key, which enables the developer API.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.checkForUpdates
Determines whether to check for updates and alert the user about them in the UI.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.deviceName
Name of the Bittorrent Sync device.
Type: string
Example:
"Voltron"
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.directoryRoot
Default directory to add folders in the web UI.
Type: string
Default:
""
Example:
"/media"
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.downloadLimit
Download speed limit. 0 is unlimited (default).
Type: signed integer
Default:
0
Example:
1024
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.encryptLAN
Encrypt LAN data.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.httpListenAddr
HTTP address to bind to.
Type: string
Default:
"0.0.0.0"
Example:
"1.2.3.4"
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.httpListenPort
HTTP port to bind on.
Type: signed integer
Default:
9000
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.httpLogin
HTTP web login username.
Type: string
Default:
""
Example:
"allyourbase"
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.httpPass
HTTP web login password.
Type: string
Default:
""
Example:
"arebelongtous"
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.listeningPort
Listening port. Defaults to 0 which randomizes the port.
Type: signed integer
Default:
0
Example:
44444
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.sharedFolders
Shared folder list. If enabled, web UI must be
disabled. Secrets can be generated using btsync
--generate-secret
. Note that this secret will be
put inside the Nix store, so it is realistically not very
secret.
If you would like to be able to modify the contents of this
directories, it is recommended that you make your user a
member of the btsync
group.
Directories in this list should be in the
btsync
group, and that group must have
write access to the directory. It is also recommended that
chmod g+s
is applied to the directory
so that any sub directories created will also belong to
the btsync
group. Also,
setfacl -d -m group:btsync:rwx
and
setfacl -m group:btsync:rwx
should also
be applied so that the sub directories are writable by
the group.
Type: unspecified
Default:
[
]
Example:
[
{
directory = "/home/user/sync_test"; knownHosts =
[
"192.168.1.2:4444" "192.168.1.3:4444"
]
; searchLAN = true; secret = "AHMYFPCQAHBM7LQPFXQ7WV6Y42IGUXJ5Y"; useDHT = false; useRelayServer = true; useSyncTrash = true; useTracker = true;
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.storagePath
Where BitTorrent Sync will store it's database files (containing things like username info and licenses). Generally, you should not need to ever change this.
Type: path
Default:
"/var/lib/btsync/"
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.uploadLimit
Upload speed limit. 0 is unlimited (default).
Type: signed integer
Default:
0
Example:
1024
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.btsync.useUpnp
Use Universal Plug-n-Play (UPnP)
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/btsync.nix>
|
services.buildbot-master.enable
Whether to enable the Buildbot continuous integration server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.package
Package to use for buildbot.
Type: package
Default:
"pkgs.buildbot-full"
Example:
pkgs.buildbot-full
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.packages
Packages to add to PATH for the buildbot process.
Type: list of packages
Default:
[
(build of python2.7-Twisted-18.7.0)
(build of git-minimal-2.19.1)
]
Example:
[ pkgs.git ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.bpPort
Port where the master will listen to Buildbot Worker.
Type: signed integer
Default:
9989
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.buildbotDir
Specifies the Buildbot directory.
Type: path
Default:
"/home/buildbot/master"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.buildbotUrl
Specifies the Buildbot URL.
Type: string
Default:
"http://localhost:8010/"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.builders
List of Builders.
Type: list of strings
Default:
[
"util.BuilderConfig(name='runtests',workernames=['example-worker'],factory=factory)"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.changeSource
List of Change Sources.
Type: list of strings
Default:
[
]
Example:
[
"changes.GitPoller('git://github.com/buildbot/pyflakes.git', workdir='gitpoller-workdir', branch='master', pollinterval=300)"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.dbUrl
Specifies the database connection string.
Type: string
Default:
"sqlite:///state.sqlite"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.extraConfig
Extra configuration to append to master.cfg
Type: string
Default:
"c['buildbotNetUsageData'] = None"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.extraGroups
List of extra groups that the buildbot user should be a part of.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.factorySteps
Factory Steps
Type: list of strings
Default:
[
]
Example:
[
"steps.Git(repourl='git://github.com/buildbot/pyflakes.git', mode='incremental')" "steps.ShellCommand(command=['trial', 'pyflakes'])"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.group
Primary group of buildbot user.
Type: string
Default:
"buildbot"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.home
Buildbot home directory.
Type: path
Default:
"/home/buildbot"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.listenAddress
Specifies the bind address on which the buildbot HTTP interface listens.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.masterCfg
Optionally pass master.cfg path. Other options in this configuration will be ignored.
Type: null or path
Default:
null
Example:
"/etc/nixos/buildbot/master.cfg"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.port
Specifies port number on which the buildbot HTTP interface listens.
Type: signed integer
Default:
8010
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.schedulers
List of Schedulers.
Type: list of strings
Default:
[
"schedulers.SingleBranchScheduler(name='all', change_filter=util.ChangeFilter(branch='master'), treeStableTimer=None, builderNames=['runtests'])" "schedulers.ForceScheduler(name='force',builderNames=['runtests'])"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.status
List of status notification endpoints.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.title
Specifies the Buildbot Title.
Type: string
Default:
"Buildbot"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.titleUrl
Specifies the Buildbot TitleURL.
Type: string
Default:
"Buildbot"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.user
User the buildbot server should execute under.
Type: string
Default:
"buildbot"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.workers
List of Workers.
Type: list of strings
Default:
[
"worker.Worker('example-worker', 'pass')"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-worker.enable
Whether to enable the Buildbot Worker.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.package
Package to use for buildbot worker.
Type: package
Default:
"pkgs.buildbot-worker"
Example:
pkgs.buildbot-worker
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.packages
Packages to add to PATH for the buildbot process.
Type: list of packages
Default:
[
(build of )
(build of )
]
Example:
[ pkgs.git ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.buildbotDir
Specifies the Buildbot directory.
Type: path
Default:
"/home/bbworker/worker"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.extraGroups
List of extra groups that the Buildbot Worker user should be a part of.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.group
Primary group of buildbot Worker user.
Type: string
Default:
"bbworker"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.home
Buildbot home directory.
Type: path
Default:
"/home/bbworker"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.masterUrl
Specifies the Buildbot Worker connection string.
Type: string
Default:
"localhost:9989"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.user
User the buildbot Worker should execute under.
Type: string
Default:
"bbworker"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.workerPass
Specifies the Buildbot Worker password.
Type: string
Default:
"pass"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.workerUser
Specifies the Buildbot Worker user.
Type: string
Default:
"example-worker"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildkite-agent.enable
Whether to enable buildkite-agent.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
|
services.buildkite-agent.package
Which buildkite-agent derivation to use
Type: package
Default:
"pkgs.buildkite-agent"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
|
services.buildkite-agent.dataDir
The workdir for the agent
Type: string
Default:
"/var/lib/buildkite-agent"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
|
services.buildkite-agent.extraConfig
Extra lines to be added verbatim to the configuration file.
Type: string
Default:
""
Example:
"debug=true"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
|
services.buildkite-agent.hooks.checkout
The `checkout` hook script will replace the default checkout routine of the bootstrap.sh script. You can use this hook to do your own SCM checkout behaviour
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
|
services.buildkite-agent.hooks.command
The `command` hook script will replace the default implementation of running the build command.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
|
services.buildkite-agent.hooks.environment
The `environment` hook will run before all other commands, and can be used to set up secrets, data, etc. Anything exported in hooks will be available to the build script.
Note: the contents of this file will be copied to the world-readable Nix store.
Type: null or string
Default:
null
Example:
'' export SECRET_VAR=`head -1 /run/keys/secret` ''
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
|
services.buildkite-agent.hooks.post-artifact
The `post-artifact` hook will run just after artifacts are uploaded
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
|
services.buildkite-agent.hooks.post-checkout
The `post-checkout` hook will run after the bootstrap script has checked out your projects source code.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
|
services.buildkite-agent.hooks.post-command
The `post-command` hook will run after the bootstrap script has run your build commands
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
|
services.buildkite-agent.hooks.pre-artifact
The `pre-artifact` hook will run just before artifacts are uploaded
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
|
services.buildkite-agent.hooks.pre-checkout
The `pre-checkout` hook will run just before your projects source code is checked out from your SCM provider
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
|
services.buildkite-agent.hooks.pre-command
The `pre-command` hook will run just before your build command runs
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
|
services.buildkite-agent.hooks.pre-exit
The `pre-exit` hook will run just before your build job finishes
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
|
services.buildkite-agent.hooksPath
Path to the directory storing the hooks.
Consider using services.buildkite-agent.hooks.<name>
instead.
Type: path
Default:
"generated from services.buildkite-agent.hooks"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
|
services.buildkite-agent.meta-data
Meta data for the agent. This is a comma-separated list of
key=value
pairs.
Type: string
Default:
""
Example:
"queue=default,docker=true,ruby2=true"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
|
services.buildkite-agent.name
The name of the agent.
Type: string
Default:
"%hostname-%n"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
|
services.buildkite-agent.openssh.privateKeyPath
Private agent key.
A run-time path to the key file, which is supposed to be provisioned outside of Nix store.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
|
services.buildkite-agent.openssh.publicKeyPath
Public agent key.
A run-time path to the key file, which is supposed to be provisioned outside of Nix store.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
|
services.buildkite-agent.runtimePackages
Add programs to the buildkite-agent environment
Type: list of packages
Default:
"[ pkgs.bash pkgs.nix ]"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
|
services.buildkite-agent.tokenPath
The token from your Buildkite "Agents" page.
A run-time path to the token file, which is supposed to be provisioned outside of Nix store.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
|
services.cachefilesd.enable
Whether to enable cachefilesd network filesystems caching daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/cachefilesd.nix>
|
services.cachefilesd.cacheDir
Directory to contain filesystem cache.
Type: string
Default:
"/var/cache/fscache"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/cachefilesd.nix>
|
services.cachefilesd.extraConfig
Additional configuration file entries. See cachefilesd.conf(5) for more information.
Type: string
Default:
""
Example:
"brun 10%"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/cachefilesd.nix>
|
services.caddy.enable
Whether to enable Caddy web server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy.nix>
|
services.caddy.package
Caddy package to use.
Type: package
Default:
"pkgs.caddy"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy.nix>
|
services.caddy.agree
Agree to Let's Encrypt Subscriber Agreement
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy.nix>
|
services.caddy.ca
Certificate authority ACME server. The default (Let's Encrypt production server) should be fine for most people.
Type: string
Default:
"https://acme-v02.api.letsencrypt.org/directory"
Example:
"https://acme-staging-v02.api.letsencrypt.org/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy.nix>
|
services.caddy.config
Verbatim Caddyfile to use
Type: string
Default:
""
Example:
'' example.com { gzip minify log syslog root /srv/http } ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy.nix>
|
services.caddy.dataDir
The data directory, for storing certificates. Before 17.09, this would create a .caddy directory. With 17.09 the contents of the .caddy directory are in the specified data directory instead.
Type: path
Default:
"/var/lib/caddy"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy.nix>
|
services.caddy.email
Email address (for Let's Encrypt certificate)
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy.nix>
|
services.cadvisor.enable
Whether to enable cadvisor service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.listenAddress
Cadvisor listening host
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.port
Cadvisor listening port
Type: signed integer
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.storageDriver
Cadvisor storage driver.
Type: null or string
Default:
null
Example:
"influxdb"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.storageDriverDb
Cadvisord storage driver database name.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.storageDriverHost
Cadvisor storage driver host.
Type: string
Default:
"localhost:8086"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.storageDriverPassword
Cadvisor storage driver password.
Warning: this password is stored in the world-readable Nix store. It's
recommended to use the storageDriverPasswordFile
option
since that gives you control over the security of the password.
storageDriverPasswordFile
also takes precedence over storageDriverPassword
.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.storageDriverPasswordFile
File that contains the cadvisor storage driver password.
storageDriverPasswordFile
takes precedence over storageDriverPassword
Warning: when storageDriverPassword
is non-empty this defaults to a file in the
world-readable Nix store that contains the value of storageDriverPassword
.
It's recommended to override this with a path not in the Nix store. Tip: use nixops key management
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.storageDriverSecure
Cadvisor storage driver, enable secure communication.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.storageDriverUser
Cadvisor storage driver username.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.calibre-server.enable
Whether to enable calibre-server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/calibre-server.nix>
|
services.calibre-server.libraryDir
The directory where the Calibre library to serve is.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/calibre-server.nix>
|
services.canto-daemon.enable
Whether to enable the canto RSS daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/canto-daemon.nix>
|
services.cassandra.enable
Whether to enable Apache Cassandra – Scalable and highly available database. .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.package
The Apache Cassandra package to use.
Type: package
Default:
"pkgs.cassandra"
Example:
pkgs.cassandra_3_11
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.extraConfig
Extra options to be merged into cassandra.yaml as nix attribute set.
Type: attribute set
Default:
{
}
Example:
{
commitlog_sync_batch_window_in_ms = 3;
}
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.fullRepairInterval
Set the interval how often full repairs are run, i.e. `nodetool repair --full` is executed. See https://cassandra.apache.org/doc/latest/operating/repair.html for more information.
Set to `null` to disable full repairs.
Type: null or string
Default:
"3w"
Example:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.fullRepairOptions
Options passed through to the full repair command.
Type: list of strings
Default:
[
]
Example:
[
"--partitioner-range"
]
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.group
Run Apache Cassandra under this group.
Type: string
Default:
"cassandra"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.homeDir
Home directory for Apache Cassandra.
Type: path
Default:
"/var/lib/cassandra"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.incrementalRepairInterval
Set the interval how often incremental repairs are run, i.e. `nodetool repair` is executed. See https://cassandra.apache.org/doc/latest/operating/repair.html for more information.
Set to `null` to disable incremental repairs.
Type: null or string
Default:
"3d"
Example:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.incrementalRepairOptions
Options passed through to the incremental repair command.
Type: list of strings
Default:
[
]
Example:
[
"--partitioner-range"
]
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.jvmOpts
Populate the JVM_OPT environment variable.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.listenAddress
Address or interface to bind to and tell other Cassandra nodes to connect to. You _must_ change this if you want multiple nodes to be able to communicate!
Set listenAddress OR listenInterface, not both.
Leaving it blank leaves it up to InetAddress.getLocalHost(). This will always do the Right Thing _if_ the node is properly configured (hostname, name resolution, etc), and the Right Thing is to use the address associated with the hostname (it might not be).
Setting listen_address to 0.0.0.0 is always wrong.
Type: null or string
Default:
"127.0.0.1"
Example:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.listenInterface
Set listenAddress OR listenInterface, not both. Interfaces must correspond to a single address, IP aliasing is not supported.
Type: null or string
Default:
null
Example:
"eth1"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.rpcAddress
The address or interface to bind the native transport server to.
Set rpcAddress OR rpcInterface, not both.
Leaving rpcAddress blank has the same effect as on listenAddress (i.e. it will be based on the configured hostname of the node).
Note that unlike listenAddress, you can specify 0.0.0.0, but you must also set extraConfig.broadcast_rpc_address to a value other than 0.0.0.0.
For security reasons, you should not expose this port to the internet. Firewall it if needed.
Type: null or string
Default:
"127.0.0.1"
Example:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.rpcInterface
Set rpcAddress OR rpcInterface, not both. Interfaces must correspond to a single address, IP aliasing is not supported.
Type: null or string
Default:
null
Example:
"eth1"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.user
Run Apache Cassandra under this user.
Type: string
Default:
"cassandra"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.ceph.enable
Whether to enable Ceph global configuration.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.client.enable
Whether to enable Ceph client configuration.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.client.extraConfig
Extra configuration to add to the client section. Configuration for rados gateways would be added here, with their own sections, see example.
Type: attribute set of strings
Default:
{
}
Example:
'' { # This would create a section for a radosgw daemon named node0 and related # configuration for it "client.radosgw.node0" = { "some config option" = "true"; }; }; ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.authClientRequired
Enables requiring the cluster to authenticate itself to the client.
Type: one of "cephx", "none"
Default:
"cephx"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.authClusterRequired
Enables requiring daemons to authenticate with eachother in the cluster.
Type: one of "cephx", "none"
Default:
"cephx"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.authServiceRequired
Enables requiring clients to authenticate with the cluster to access services in the cluster (e.g. radosgw, mds or osd).
Type: one of "cephx", "none"
Default:
"cephx"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.clusterName
Name of cluster
Type: string
Default:
"ceph"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.clusterNetwork
A comma-separated list of subnets that will be used as cluster networks in the cluster.
Type: null or string
Default:
null
Example:
'' 10.10.0.0/24, 192.168.0.0/24 ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.fsid
Filesystem ID, a generated uuid, its must be generated and set before attempting to start a cluster
Type: string
Example:
'' 433a2193-4f8a-47a0-95d2-209d7ca2cca5 ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.maxOpenFiles
Max open files for each OSD daemon.
Type: signed integer
Default:
131072
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.monHost
List of hostname shortnames/IP addresses of the initial monitors.
Type: null or string
Default:
null
Example:
'' 10.10.0.1, 10.10.0.2, 10.10.0.3 ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.monInitialMembers
List of hosts that will be used as monitors at startup.
Type: null or string
Default:
null
Example:
'' node0, node1, node2 ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.publicNetwork
A comma-separated list of subnets that will be used as public networks in the cluster.
Type: null or string
Default:
null
Example:
'' 10.20.0.0/24, 192.168.1.0/24 ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mds.enable
Whether to enable Ceph MDS daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mds.daemons
A list of metadata service daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in mds.name1
Type: list of strings
Default:
[
]
Example:
'' [ "name1" "name2" ]; ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mds.extraConfig
Extra configuration to add to the MDS section.
Type: attribute set of strings
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mgr.enable
Whether to enable Ceph MGR daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mgr.daemons
A list of names for manager daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in mgr.name1
Type: list of strings
Default:
[
]
Example:
'' [ "name1" "name2" ]; ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mgr.extraConfig
Extra configuration to add to the global section for manager daemons.
Type: attribute set of strings
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mon.enable
Whether to enable Ceph MON daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mon.daemons
A list of monitor daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in mon.name1
Type: list of strings
Default:
[
]
Example:
'' [ "name1" "name2" ]; ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mon.extraConfig
Extra configuration to add to the monitor section.
Type: attribute set of strings
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.osd.enable
Whether to enable Ceph OSD daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.osd.daemons
A list of OSD daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in osd.name1
Type: list of strings
Default:
[
]
Example:
'' [ "name1" "name2" ]; ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.osd.extraConfig
Extra configuration to add to the OSD section.
Type: attribute set of strings
Default:
{
osd crush chooseleaf type = "1"; osd journal size = "10000"; osd pool default min size = "2"; osd pool default pg num = "200"; osd pool default pgp num = "200"; osd pool default size = "3";
}
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.rgw.enable
Whether to enable Ceph RadosGW daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.rgw.daemons
A list of rados gateway daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in client.name1, radosgw daemons aren't daemons to cluster in the sense that OSD, MGR or MON daemons are. They are simply daemons, from ceph, that uses the cluster as a backend.
Type: list of strings
Default:
[
]
Example:
'' [ "name1" "name2" ]; ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.certmgr.enable
Whether to enable certmgr.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.certmgr.defaultRemote
The default CA host:port to use.
Type: string
Default:
"127.0.0.1:8888"
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.certmgr.metricsAddress
The address for the Prometheus HTTP endpoint.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.certmgr.metricsPort
The port for the Prometheus HTTP endpoint.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
9488
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.certmgr.renewInterval
How often to check certificate expirations and how often to update the cert_next_expires metric.
Type: string
Default:
"30m"
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.certmgr.specs
Certificate specs as described by: https://github.com/cloudflare/certmgr#certificate-specs These will be added to the Nix store, so they will be world readable.
Type: attribute set of submodule or paths
Default:
{
}
Example:
{ exampleCert = let domain = "example.com"; secret = name: "/var/lib/secrets/${name}.pem"; in { service = "nginx"; action = "reload"; authority = { file.path = secret "ca"; }; certificate = { path = secret domain; }; private_key = { owner = "root"; group = "root"; mode = "0600"; path = secret "${domain}-key"; }; request = { CN = domain; hosts = [ "mail.${domain}" "www.${domain}" ]; key = { algo = "rsa"; size = 2048; }; names = { O = "Example Organization"; C = "USA"; }; }; }; otherCert = "/var/certmgr/specs/other-cert.json"; }
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.certmgr.svcManager
This specifies the service manager to use for restarting or reloading services. See: https://github.com/cloudflare/certmgr#certmgryaml. For how to use the "command" service manager in particular, see: https://github.com/cloudflare/certmgr#command-svcmgr-and-how-to-use-it.
Type: one of "circus", "command", "dummy", "openrc", "systemd", "sysv"
Default:
"systemd"
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.certmgr.validMin
The interval before a certificate expires to start attempting to renew it.
Type: string
Default:
"72h"
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.cfdyndns.enable
Whether to enable Cloudflare Dynamic DNS Client.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/cfdyndns.nix>
|
services.cfdyndns.apikey
The API Key to use to authenticate to CloudFlare.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/cfdyndns.nix>
|
services.cfdyndns.email
The email address to use to authenticate to CloudFlare.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/cfdyndns.nix>
|
services.cfdyndns.records
The records to update in CloudFlare.
Type: list of strings
Default:
[
]
Example:
[
"host.tld"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/cfdyndns.nix>
|
services.cfssl.enable
Whether to enable the CFSSL CA api-server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.address
Address to bind.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.ca
CA used to sign the new certificate -- accepts '[file:]fname' or 'env:varname'.
Type: string
Default:
"\${cfg.dataDir}/ca.pem"
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.caBundle
Path to root certificate store.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.caKey
CA private key -- accepts '[file:]fname' or 'env:varname'.
Type: string
Default:
"file:\${cfg.dataDir}/ca-key.pem"
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.configFile
Path to configuration file. Do not put this in nix-store as it might contain secrets.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.dataDir
Cfssl work directory.
Type: path
Default:
"/var/lib/cfssl"
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.dbConfig
Certificate db configuration file. Path must be writeable.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.intBundle
Path to intermediate certificate store.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.intDir
Intermediates directory.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.logLevel
Log level (0 = DEBUG, 5 = FATAL).
Type: one of 0, 1, 2, 3, 4, 5
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.metadata
Metadata file for root certificate presence. The content of the file is a json dictionary (k,v): each key k is a SHA-1 digest of a root certificate while value v is a list of key store filenames.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.mutualTlsCa
Mutual TLS - require clients be signed by this CA.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.mutualTlsClientCert
Mutual TLS - client certificate to call remote instance requiring client certs.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.mutualTlsClientKey
Mutual TLS - client key to call remote instance requiring client certs. Do not put this in nix-store.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.mutualTlsCn
Mutual TLS - regex for whitelist of allowed client CNs.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.port
Port to bind.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8888
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.remote
Remote CFSSL server.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.responder
Certificate for OCSP responder.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.responderKey
Private key for OCSP responder certificate. Do not put this in nix-store.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.tlsCert
Other endpoint's CA to set up TLS protocol.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.tlsKey
Other endpoint's CA private key. Do not put this in nix-store.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.tlsRemoteCa
CAs to trust for remote TLS requests.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cgmanager.enable
Whether to enable cgmanager.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/system/cgmanager.nix>
|
services.cgminer.enable
Whether to enable cgminer, an ASIC/FPGA/GPU miner for bitcoin and litecoin.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
|
services.cgminer.package
Which cgminer derivation to use.
Type: package
Default:
"pkgs.cgminer"
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
|
services.cgminer.config
Additional config
Type: unspecified
Default:
{
}
Example:
{
auto-fan = true; auto-gpu = true; expiry = 120; failover-only = true; gpu-threads = 2; log = 5; queue = 1; scan-time = 60; temp-histeresys = 3;
}
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
|
services.cgminer.hardware
List of config options for every GPU
Type: unspecified
Default:
[
]
Example:
[
{
gpu-engine = "0-985"; gpu-fan = "0-85"; gpu-memclock = 860; gpu-powertune = 20; intensity = 9; temp-cutoff = 95; temp-overheat = 85; temp-target = 75;
}
{
gpu-engine = "0-950"; gpu-fan = "0-85"; gpu-memclock = 825; gpu-powertune = 20; intensity = 9; temp-cutoff = 95; temp-overheat = 85; temp-target = 75;
}
]
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
|
services.cgminer.pools
List of pools where to mine
Type: unspecified
Default:
[
]
Example:
[
{
password = "X"; url = "http://p2pool.org:9332"; username = "17EUZxTvs9uRmPsjPZSYUU3zCz9iwstudk";
}
]
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
|
services.cgminer.user
User account under which cgminer runs
Type: unspecified
Default:
"cgminer"
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
|
services.charybdis.enable
Whether to enable Charybdis IRC daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/charybdis.nix>
|
services.charybdis.config
Charybdis IRC daemon configuration file.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/charybdis.nix>
|
services.charybdis.group
Charybdis IRC daemon group.
Type: string
Default:
"ircd"
Declared by:
<nixpkgs/nixos/modules/services/networking/charybdis.nix>
|
services.charybdis.motd
Charybdis MOTD text.
Charybdis will read its MOTD from /etc/charybdis/ircd.motd . If set, the value of this option will be written to this path.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/charybdis.nix>
|
services.charybdis.statedir
Location of the state directory of charybdis.
Type: string
Default:
"/var/lib/charybdis"
Declared by:
<nixpkgs/nixos/modules/services/networking/charybdis.nix>
|
services.charybdis.user
Charybdis IRC daemon user.
Type: string
Default:
"ircd"
Declared by:
<nixpkgs/nixos/modules/services/networking/charybdis.nix>
|
services.chronos.enable
Whether to enable graphite web frontend.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/scheduling/chronos.nix>
|
services.chronos.httpPort
Chronos listening port
Type: signed integer
Default:
4400
Declared by:
<nixpkgs/nixos/modules/services/scheduling/chronos.nix>
|
services.chronos.master
Chronos mesos master zookeeper address
Type: string
Default:
"zk://localhost:2181/mesos"
Declared by:
<nixpkgs/nixos/modules/services/scheduling/chronos.nix>
|
services.chronos.zookeeperHosts
Chronos mesos zookepper addresses
Type: list of strings
Default:
[
"localhost:2181"
]
Declared by:
<nixpkgs/nixos/modules/services/scheduling/chronos.nix>
|
services.chrony.enable
Whether to synchronise your machine's time using chrony. Make sure you disable NTP if you enable this service.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/chrony.nix>
|
services.chrony.extraConfig
Extra configuration directives that should be added to
chrony.conf
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/chrony.nix>
|
services.chrony.extraFlags
Extra flags passed to the chronyd command.
Type: list of strings
Default:
[
]
Example:
[
"-s"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/chrony.nix>
|
services.chrony.initstepslew
Allow chronyd to make a rapid measurement of the system clock error at boot time, and to correct the system clock by stepping before normal operation begins.
Type: unspecified
Default:
{
enabled = true; servers =
[
"0.nixos.pool.ntp.org" "1.nixos.pool.ntp.org" "2.nixos.pool.ntp.org" "3.nixos.pool.ntp.org"
]
; threshold = 1000;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/chrony.nix>
|
services.chrony.servers
The set of NTP servers from which to synchronise.
Type: unspecified
Default:
[
"0.nixos.pool.ntp.org" "1.nixos.pool.ntp.org" "2.nixos.pool.ntp.org" "3.nixos.pool.ntp.org"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/chrony.nix>
|
services.cjdns.enable
Whether to enable the cjdns network encryption and routing engine. A file at /etc/cjdns.keys will be created if it does not exist to contain a random secret key that your IPv6 address will be derived from.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.ETHInterface.beacon
Auto-connect to other cjdns nodes on the same network. Options: 0: Disabled. 1: Accept beacons, this will cause cjdns to accept incoming beacon messages and try connecting to the sender. 2: Accept and send beacons, this will cause cjdns to broadcast messages on the local network which contain a randomly generated per-session password, other nodes which have this set to 1 or 2 will hear the beacon messages and connect automatically.
Type: signed integer
Default:
2
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.ETHInterface.bind
Bind to this device for native ethernet operation.
all
is a pseudo-name which will try to connect to all devices.
Type: string
Default:
""
Example:
"eth0"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.ETHInterface.connectTo
Credentials for connecting look similar to UDP credientials except they begin with the mac address.
Type: attribute set of submodules
Default:
{
}
Example:
{
01:02:03:04:05:06 =
{
hostname = "homer.hype"; password = "5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM"; publicKey = "371zpkgs8ss387tmr81q04mp0hg1skb51hw34vk1cq644mjqhup0.k";
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.ETHInterface.connectTo.<name>.hostname
Optional hostname to add to /etc/hosts; prevents reverse lookup failures.
Type: string
Default:
""
Example:
"foobar.hype"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.ETHInterface.connectTo.<name>.password
Authorized password to the opposite end of the tunnel.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.ETHInterface.connectTo.<name>.publicKey
Public key at the opposite end of the tunnel.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.UDPInterface.bind
Address and port to bind UDP tunnels to.
Type: string
Default:
""
Example:
"192.168.1.32:43211"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.UDPInterface.connectTo
Credentials for making UDP tunnels.
Type: attribute set of submodules
Default:
{
}
Example:
{
192.168.1.1:27313 =
{
hostname = "homer.hype"; password = "5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM"; publicKey = "371zpkgs8ss387tmr81q04mp0hg1skb51hw34vk1cq644mjqhup0.k";
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.UDPInterface.connectTo.<name>.hostname
Optional hostname to add to /etc/hosts; prevents reverse lookup failures.
Type: string
Default:
""
Example:
"foobar.hype"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.UDPInterface.connectTo.<name>.password
Authorized password to the opposite end of the tunnel.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.UDPInterface.connectTo.<name>.publicKey
Public key at the opposite end of the tunnel.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.addExtraHosts
Whether to add cjdns peers with an associated hostname to
/etc/hosts
. Beware that enabling this
incurs heavy eval-time costs.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.admin.bind
Bind the administration port to this address and port.
Type: string
Default:
"127.0.0.1:11234"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.authorizedPasswords
Any remote cjdns nodes that offer these passwords on connection will be allowed to route through this node.
Type: list of strings
Default:
[
]
Example:
[
"snyrfgkqsc98qh1y4s5hbu0j57xw5s0" "z9md3t4p45mfrjzdjurxn4wuj0d8swv" "49275fut6tmzu354pq70sr5b95qq0vj"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.confFile
Ignore all other cjdns options and load configuration from this file.
Type: null or path
Default:
null
Example:
"/etc/cjdroute.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.clamav.daemon.enable
Whether to enable ClamAV clamd daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamav.daemon.extraConfig
Extra configuration for clamd. Contents will be added verbatim to the configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamav.updater.enable
Whether to enable ClamAV freshclam updater.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamav.updater.extraConfig
Extra configuration for freshclam. Contents will be added verbatim to the configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamav.updater.frequency
Number of database checks per day.
Type: signed integer
Default:
12
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamav.updater.interval
How often freshclam is invoked. See systemd.time(7) for more information about the format.
Type: string
Default:
"hourly"
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamsmtp.enable
Whether to enable clamsmtp.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances
Instances of clamsmtp to run.
Type: list of submodules
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.action
Action to take when a virus is detected.
Note that viruses often spoof sender addresses, so bouncing is in most cases not a good idea.
Type: one of "bounce", "drop", "pass"
Default:
"drop"
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.header
A header to add to scanned messages. See clamsmtpd.conf(5) for more details. Empty means no header.
Type: string
Default:
""
Example:
"X-Virus-Scanned: ClamAV using ClamSMTP"
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.keepAlives
Number of seconds to wait between each NOOP sent to the sending server. 0 to disable.
This is meant for slow servers where the sending MTA times out waiting for clamd to scan the file.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.listen
Address to wait for incoming SMTP connections on. See clamsmtpd.conf(5) for more details.
Type: string
Example:
"127.0.0.1:10025"
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.maxConnections
Maximum number of connections to accept at once.
Type: signed integer
Default:
64
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.outAddress
Address of the SMTP server to send email to once it has been scanned.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.quarantine
Whether to quarantine files that contain viruses by leaving them in the temporary directory.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.tempDirectory
Temporary directory that needs to be accessible to both clamd and clamsmtpd.
Type: string
Default:
"/tmp"
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.timeout
Time-out for network connections.
Type: signed integer
Default:
180
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.transparentProxy
Enable clamsmtp's transparent proxy support.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.virusAction
Command to run when a virus is found. Please see VIRUS ACTION in clamsmtpd(8) for a discussion of this option and its safe use.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.xClient
Send the XCLIENT command to the receiving server, for forwarding client addresses and connection information if the receiving server supports this feature.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clickhouse.enable
Whether to enable ClickHouse database server.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/clickhouse.nix>
|
services.clipmenu.enable
Whether to enable clipmenu, the clipboard management daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/clipmenu.nix>
|
services.clipmenu.package
clipmenu derivation to use.
Type: package
Default:
"pkgs.clipmenu"
Declared by:
<nixpkgs/nixos/modules/services/misc/clipmenu.nix>
|
services.cloud-init.enable
Enable the cloud-init service. This services reads configuration metadata in a cloud environment and configures the machine according to this metadata.
This configuration is not completely compatible with the NixOS way of doing configuration, as configuration done by cloud-init might be overriden by a subsequent nixos-rebuild call. However, some parts of cloud-init fall outside of NixOS's responsibility, like filesystem resizing and ssh public key provisioning, and cloud-init is useful for that parts. Thus, be wary that using cloud-init in NixOS might come as some cost.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/system/cloud-init.nix>
|
services.cloud-init.config
cloud-init configuration.
Type: string
Default:
'' system_info: distro: nixos users: - root disable_root: false preserve_hostname: false cloud_init_modules: - migrator - seed_random - bootcmd - write-files - growpart - resizefs - update_etc_hosts - ca-certs - rsyslog - users-groups cloud_config_modules: - disk_setup - mounts - ssh-import-id - set-passwords - timezone - disable-ec2-metadata - runcmd - ssh cloud_final_modules: - rightscale_userdata - scripts-vendor - scripts-per-once - scripts-per-boot - scripts-per-instance - scripts-user - ssh-authkey-fingerprints - keys-to-console - phone-home - final-message - power-state-change ''
Declared by:
<nixpkgs/nixos/modules/services/system/cloud-init.nix>
|
services.cntlm.enable
Whether to enable the cntlm, which start a local proxy.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.configText
Verbatim contents of cntlm.conf
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.domain
Proxy account domain/workgroup name.
Type: unspecified
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.extraConfig
Additional config appended to the end of the generated cntlm.conf
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.netbios_hostname
The hostname of your machine.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.noproxy
A list of domains where the proxy is skipped.
Type: unspecified
Default:
[
]
Example:
[
"*.example.com" "example.com"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.password
Proxy account password. Note: use chmod 0600 on /etc/cntlm.password for security.
Type: string
Default:
"/etc/cntlm.password"
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.port
Specifies on which ports the cntlm daemon listens.
Type: unspecified
Default:
[
3128
]
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.proxy
A list of NTLM/NTLMv2 authenticating HTTP proxies.
Parent proxy, which requires authentication. The same as proxy on the command-line, can be used more than once to specify unlimited number of proxies. Should one proxy fail, cntlm automatically moves on to the next one. The connect request fails only if the whole list of proxies is scanned and (for each request) and found to be invalid. Command-line takes precedence over the configuration file.
Type: unspecified
Example:
[
"proxy.example.com:81"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.username
Proxy account name, without the possibility to include domain name ('at' sign is interpreted literally).
Type: unspecified
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.codimd.enable
Whether to enable the CodiMD Markdown Editor.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.allowAnonymous
Whether to allow anonymous usage.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.allowAnonymousEdits
Whether to allow guests to edit existing notes with the `freely' permission,
when allowAnonymous
is enabled.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.allowEmailRegister
Wether to enable email registration.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.allowFreeURL
Whether to allow note creation by accessing a nonexistent note URL.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.allowGravatar
Whether to use gravatar as profile picture source.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.allowOrigin
List of domains to whitelist.
Type: list of strings
Default:
[
]
Example:
[
"localhost" "codimd.org"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.allowPDFExport
Whether to enable PDF exports.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.azure
Configure the azure third-party integration.
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.azure.connectionString
Azure Blob Storage connection string.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.azure.container
Azure Blob Storage container name. It will be created if non-existent.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.csp
Specify the Content Security Policy which is passed to Helmet. For configuration details see https://helmetjs.github.io/docs/csp/.
Type: null or attribute set
Default:
null
Example:
{ enable = true; directives = { scriptSrc = "trustworthy.scripts.example.com"; }; upgradeInsecureRequest = "auto"; addDefaults = true; }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.db
Specify the configuration for sequelize.
CodiMD supports mysql, postgres, sqlite and mssql.
See
https://sequelize.readthedocs.io/en/v3/ for more information.
Note: This option overrides db
.
Type: attribute set
Default:
{
}
Example:
{ dialect = "sqlite"; storage = "/var/lib/codimd/db.codimd.sqlite"; }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.dbURL
Specify which database to use.
CodiMD supports mysql, postgres, sqlite and mssql.
See
https://sequelize.readthedocs.io/en/v3/ for more information.
Note: This option overrides db
.
Type: null or string
Default:
null
Example:
'' postgres://user:pass@host:5432/dbname ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.debug
Whether to enable debug mode.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.defaultNotePath
Path to the default Note file. (Non-canonical paths are relative to CodiMD's base directory)
Type: null or string
Default:
"./public/default.md"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.defaultPermission
Default permissions for notes. This only applies for signed-in users.
Type: one of "freely", "editable", "limited", "locked", "private"
Default:
"editable"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.dhParamPath
Path to the SSL dh params. Needed when useSSL
is enabled.
Type: null or string
Default:
null
Example:
"/var/lib/codimd/dhparam.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.docsPath
Path to the docs directory. (Non-canonical paths are relative to CodiMD's base directory)
Type: null or string
Default:
"./public/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.documentMaxLength
Specify the maximum document length.
Type: signed integer
Default:
100000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.domain
Domain name for the CodiMD instance.
Type: null or string
Default:
null
Example:
"codimd.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.dropbox
Configure the Dropbox third-party integration.
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.dropbox.appKey
Dropbox app key.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.dropbox.clientID
Dropbox API client ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.dropbox.clientSecret
Dropbox API client secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.email
Whether to enable email sign-in.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.errorPath
Path to the error template file. (Non-canonical paths are relative to CodiMD's base directory)
Type: null or string
Default:
"./public/views/error.ejs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.facebook
Configure the facebook third-party integration
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.facebook.clientID
Facebook API client ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.facebook.clientSecret
Facebook API client secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.github
Configure the GitHub third-party integration.
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.github.clientID
GitHub API client ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.github.clientSecret
Github API client secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.gitlab
Configure the GitLab third-party integration.
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.gitlab.baseURL
GitLab API authentication endpoint. Only needed for other endpoints than gitlab.com.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.gitlab.clientID
GitLab API client ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.gitlab.clientSecret
GitLab API client secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.gitlab.scope
GitLab API requested scope. GitLab snippet import/export requires api scope.
Type: one of "api", "read_user"
Default:
"api"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.google
Configure the Google third-party integration.
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.google.clientID
Google API client ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.google.clientSecret
Google API client secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.hackmdPath
Path to the hackmd template file. (Non-canonical paths are relative to CodiMD's base directory)
Type: null or string
Default:
"./public/views/hackmd.ejs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.heartbeatInterval
Specify the socket.io heartbeat interval.
Type: signed integer
Default:
5000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.heartbeatTimeout
Specify the socket.io heartbeat timeout.
Type: signed integer
Default:
10000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.host
Address to listen on.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.hsts.enable
Wheter to enable HSTS if HTTPS is also enabled.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.hsts.includeSubdomains
Whether to include subdomains in HSTS.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.hsts.maxAgeSeconds
Max duration for clients to keep the HSTS status.
Type: signed integer
Default:
31536000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.hsts.preload
Whether to allow preloading of the site's HSTS status.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.imageUploadType
Specify where to upload images.
Type: one of "imgur", "s3", "minio", "filesystem"
Default:
"filesystem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.imgur.clientId
Imgur API client ID.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.indexPath
Path to the index template file. (Non-canonical paths are relative to CodiMD's base directory)
Type: null or string
Default:
"./public/views/index.ejs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.ldap
Configure the LDAP integration.
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.ldap.bindCredentials
Bind credentials for LDAP access.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.ldap.bindDn
Bind DN for LDAP access.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.ldap.providerName
Optional name to be displayed at login form, indicating the LDAP provider.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.ldap.searchAttributes
LDAP attributes to search with.
Type: list of strings
Example:
[
"displayName" "mail"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.ldap.searchBase
LDAP directory to begin search from.
Type: string
Example:
"o=users,dc=example,dc=com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.ldap.searchFilter
LDAP filter to search with.
Type: string
Example:
"(uid={{username}})"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.ldap.tlsca
Root CA for LDAP TLS in PEM format.
Type: string
Example:
"server-cert.pem,root.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.ldap.url
URL of LDAP server.
Type: string
Example:
"ldap://localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.ldap.userNameField
LDAP field which is used as the username on CodiMD.
By default useridField
is used.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.ldap.useridField
LDAP field which is a unique identifier for users on CodiMD.
Type: string
Example:
"uid"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.mattermost
Configure the Mattermost third-party integration.
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.mattermost.baseURL
Mattermost authentication endpoint.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.mattermost.clientID
Mattermost API client ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.mattermost.clientSecret
Mattermost API client secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.minio
Configure the minio third-party integration.
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.minio.accessKey
Minio access key.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.minio.endpoint
Minio endpoint.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.minio.port
Minio listen port.
Type: signed integer
Default:
9000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.minio.secretKey
Minio secret key.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.minio.secure
Whether to use HTTPS for Minio.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.oauth2
Configure the OAuth integration.
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.oauth2.authorizationURL
Specify the OAuth authorization URL.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.oauth2.clientID
Specify the OAuth client ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.oauth2.clientSecret
Specify the OAuth client secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.oauth2.tokenURL
Specify the OAuth token URL.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.path
Specify where a UNIX domain socket should be placed.
Type: null or string
Default:
null
Example:
"/var/run/codimd.sock"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.port
Port to listen on.
Type: signed integer
Default:
3000
Example:
"80"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.prettyPath
Path to the pretty template file. (Non-canonical paths are relative to CodiMD's base directory)
Type: null or string
Default:
"./public/views/pretty.ejs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.protocolUseSSL
Enable to use TLS for resource paths.
This only applies when domain
is set.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.s3
Configure the s3 third-party integration.
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.s3.accessKeyId
AWS access key id.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.s3.region
AWS S3 region.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.s3.secretAccessKey
AWS access key.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.s3bucket
Specify the bucket name for upload types s3
and minio
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.saml
Configure the SAML integration.
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.saml.attribute.email
Attribute map for `email'.
Defaults to `NameID' of SAML response if
identifierFormat
has
the default value.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.saml.attribute.id
Attribute map for `id'. Defaults to `NameID' of SAML response.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.saml.attribute.username
Attribute map for `username'. Defaults to `NameID' of SAML response.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.saml.externalGroups
Excluded group names.
Type: list of strings
Default:
[
]
Example:
[
"Temporary-staff" "External-users"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.saml.groupAttribute
Optional attribute name for group list.
Type: string
Default:
""
Example:
"memberOf"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.saml.identifierFormat
Optional name identifier format.
Type: string
Default:
"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.saml.idpCert
Path to IdP certificate file in PEM format.
Type: path
Example:
"/path/to/cert.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.saml.idpSsoUrl
IdP authentication endpoint.
Type: string
Example:
"https://idp.example.com/sso"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.saml.issuer
Optional identity of the service provider. This defaults to the server URL.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.saml.requiredGroups
Required group names.
Type: list of strings
Default:
[
]
Example:
[
"Hackmd-users" "Codimd-users"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.sessionLife
Session life time in milliseconds.
Type: signed integer
Default:
1209600000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.sessionName
Specify the name of the session cookie.
Type: string
Default:
"connect.sid"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.sessionSecret
Specify the secret used to sign the session cookie. If unset, one will be generated on startup.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.slidePath
Path to the slide template file. (Non-canonical paths are relative to CodiMD's base directory)
Type: null or string
Default:
"./public/views/slide.hbs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.sslCAPath
SSL ca chain. Needed when useSSL
is enabled.
Type: list of strings
Default:
[
]
Example:
[
"/var/lib/codimd/ca.crt"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.sslCertPath
Path to the SSL cert. Needed when useSSL
is enabled.
Type: null or string
Default:
null
Example:
"/var/lib/codimd/codimd.crt"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.sslKeyPath
Path to the SSL key. Needed when useSSL
is enabled.
Type: null or string
Default:
null
Example:
"/var/lib/codimd/codimd.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.tmpPath
Path to the temp directory CodiMD should use.
Note that serviceConfig.PrivateTmp
is enabled for
the CodiMD systemd service by default.
(Non-canonical paths are relative to CodiMD's base directory)
Type: string
Default:
"/tmp"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.twitter
Configure the Twitter third-party integration.
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.twitter.consumerKey
Twitter API consumer key.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.twitter.consumerSecret
Twitter API consumer secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.uploadsPath
Path under which uploaded files are saved.
Type: string
Default:
"/var/lib/codimd/uploads"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.urlAddPort
Enable to add the port to callback URLs.
This only applies when domain
is set
and only for ports other than 80 and 443.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.urlPath
Path under which CodiMD is accessible.
Type: null or string
Default:
null
Example:
"/url/path/to/codimd"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.useCDN
Whether to use CDN resources or not.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.configuration.useSSL
Enable to use SSL server. This will also enable
protocolUseSSL
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.groups
Groups to which the codimd user should be added.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.codimd.workDir
Working directory for the CodiMD service.
Type: path
Default:
"/var/lib/codimd"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/codimd.nix>
|
services.collectd.enable
Whether to enable collectd agent.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.collectd.package
Which collectd package to use.
Type: package
Default:
"pkgs.collectd"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.collectd.autoLoadPlugin
Enable plugin autoloading.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.collectd.dataDir
Data directory for collectd agent.
Type: path
Default:
"/var/lib/collectd"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.collectd.extraConfig
Extra configuration for collectd.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.collectd.include
Additional paths to load config from.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.collectd.user
User under which to run collectd.
Type: null or string
Default:
"collectd"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.colord.enable
Whether to enable colord, the color management daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/colord.nix>
|
services.compton.enable
Whether of not to enable Compton as the X.org composite manager.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/compton.nix>
|
services.compton.package
Compton derivation to use.
Type: package
Default:
"pkgs.compton"
Example:
pkgs.compton
Declared by:
<nixpkgs/nixos/modules/services/x11/compton.nix>
|
services.compton.activeOpacity
Opacity of active windows (number in range 0.0 - 1.0).
Type: string
Default:
"1.0"
Example:
"0.8"
Declared by:
<nixpkgs/nixos/modules/services/x11/compton.nix>
|
services.compton.backend
Backend to use: glx
, xrender
or xr_glx_hybrid
.
Type: one of "glx", "xrender", "xr_glx_hybrid"
Default:
"xrender"
Declared by:
<nixpkgs/nixos/modules/services/x11/compton.nix>
|
services.compton.extraOptions
Additional Compton configuration.
Type: string
Default:
""
Example:
'' unredir-if-possible = true; dbe = true; ''
Declared by:
<nixpkgs/nixos/modules/services/x11/compton.nix>
|
services.compton.fade
Fade windows in and out.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/compton.nix>
|
services.compton.fadeDelta
Time between fade animation step (in ms).
Type: signed integer
Default:
10
Example:
5
Declared by:
<nixpkgs/nixos/modules/services/x11/compton.nix>
|
services.compton.fadeExclude
List of conditions of windows that should not be faded.
See compton(1)
man page for more examples.
Type: list of strings
Default:
[
]
Example:
[
"window_type *= 'menu'" "name ~= 'Firefox\$'" "focused = 1"
]
Declared by:
<nixpkgs/nixos/modules/services/x11/compton.nix>
|
services.compton.fadeSteps
Opacity change between fade steps (in and out). (numbers in range 0.01 - 1.0)
Type: list of strings
Default:
[
"0.028" "0.03"
]
Example:
[
"0.04" "0.04"
]
Declared by:
<nixpkgs/nixos/modules/services/x11/compton.nix>
|
services.compton.inactiveOpacity
Opacity of inactive windows (number in range 0.1 - 1.0).
Type: string
Default:
"1.0"
Example:
"0.8"
Declared by:
<nixpkgs/nixos/modules/services/x11/compton.nix>
|
services.compton.menuOpacity
Opacity of dropdown and popup menu (number in range 0.0 - 1.0).
Type: string
Default:
"1.0"
Example:
"0.8"
Declared by:
<nixpkgs/nixos/modules/services/x11/compton.nix>
|
services.compton.opacityRules
Rules that control the opacity of windows, in format PERCENT:PATTERN.
Type: list of strings
Default:
[
]
Example:
[
"95:class_g = 'URxvt' && !_NET_WM_STATE@:32a" "0:_NET_WM_STATE@:32a *= '_NET_WM_STATE_HIDDEN'"
]
Declared by:
<nixpkgs/nixos/modules/services/x11/compton.nix>
|
services.compton.refreshRate
Screen refresh rate (0 = automatically detect).
Type: signed integer
Default:
0
Example:
60
Declared by:
<nixpkgs/nixos/modules/services/x11/compton.nix>
|
services.compton.shadow
Draw window shadows.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/compton.nix>
|
services.compton.shadowExclude
List of conditions of windows that should have no shadow.
See compton(1)
man page for more examples.
Type: list of strings
Default:
[
]
Example:
[
"window_type *= 'menu'" "name ~= 'Firefox\$'" "focused = 1"
]
Declared by:
<nixpkgs/nixos/modules/services/x11/compton.nix>
|
services.compton.shadowOffsets
Left and right offset for shadows (in pixels).
Type: list of signed integers
Default:
[
-15 -15
]
Example:
[
-10 -15
]
Declared by:
<nixpkgs/nixos/modules/services/x11/compton.nix>
|
services.compton.shadowOpacity
Window shadows opacity (number in range 0.0 - 1.0).
Type: string
Default:
"0.75"
Example:
"0.8"
Declared by:
<nixpkgs/nixos/modules/services/x11/compton.nix>
|
services.compton.vSync
Enable vertical synchronization using the specified method.
See compton(1)
man page an explanation.
Type: one of "none", "drm", "opengl", "opengl-oml", "opengl-swc", "opengl-mswc"
Default:
"none"
Example:
"opengl-swc"
Declared by:
<nixpkgs/nixos/modules/services/x11/compton.nix>
|
services.confd.enable
Whether to enable confd service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confd.package
Confd package to use.
Type: package
Default:
"pkgs.confd"
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confd.backend
Confd config storage backend to use.
Type: one of "etcd", "consul", "redis", "zookeeper"
Default:
"etcd"
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confd.confDir
The path to the confd configs.
Type: path
Default:
"/etc/confd"
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confd.interval
Confd check interval.
Type: signed integer
Default:
10
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confd.logLevel
Confd log level.
Type: one of "info", "debug"
Default:
"info"
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confd.nodes
Confd list of nodes to connect to.
Type: list of strings
Default:
[
"http://127.0.0.1:2379"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confd.prefix
The string to prefix to keys.
Type: path
Default:
"/"
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confd.watch
Confd, whether to watch etcd config for changes.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confluence.enable
Whether to enable Atlassian Confluence service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.catalinaOptions
Java options to pass to catalina/tomcat.
Type: list of strings
Default:
[
]
Example:
[
"-Xms1024m" "-Xmx2048m" "-Dconfluence.disable.peopledirectory.all=true"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.group
Group which runs confluence.
Type: string
Default:
"confluence"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.home
Home directory of the confluence instance.
Type: string
Default:
"/var/lib/confluence"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.jrePackage
Note that Atlassian only support the Oracle JRE (JRASERVER-46152).
Type: package
Default:
"pkgs.oraclejre8"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.listenAddress
Address to listen on.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.listenPort
Port to listen on.
Type: signed integer
Default:
8090
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.proxy.enable
Whether to enable proxy support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.proxy.name
Virtual hostname at the proxy
Type: string
Example:
"confluence.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.proxy.port
Port used at the proxy
Type: signed integer
Default:
443
Example:
80
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.proxy.scheme
Protocol used at the proxy.
Type: string
Default:
"https"
Example:
"http"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.sso.enable
Whether to enable SSO with Atlassian Crowd.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.sso.applicationName
Exact name of this Confluence instance in Crowd
Type: string
Example:
"jira"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.sso.applicationPassword
Application password of this Confluence instance in Crowd
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.sso.crowd
Crowd Base URL without trailing slash
Type: string
Example:
"http://localhost:8095/crowd"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.sso.validationInterval
Set to 0, if you want authentication checks to occur on each request. Otherwise set to the number of minutes between request to validate if the user is logged in or out of the Crowd SSO server. Setting this value to 1 or higher will increase the performance of Crowd's integration.
Type: signed integer
Default:
2
Example:
0
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.user
User which runs confluence.
Type: string
Default:
"confluence"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.consul.enable
Enables the consul daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.package
The package used for the Consul agent and CLI.
Type: package
Default:
"pkgs.consul"
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.alerts.enable
Whether to enable consul-alerts.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.alerts.package
Package to use for consul-alerts.
Type: package
Default:
"pkgs.consul-alerts"
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.alerts.consulAddr
Consul api listening adddress
Type: string
Default:
"localhost:8500"
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.alerts.listenAddr
Api listening address.
Type: string
Default:
"localhost:9000"
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.alerts.watchChecks
Whether to enable check watcher.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.alerts.watchEvents
Whether to enable event watcher.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.dropPrivileges
Whether the consul agent should be run as a non-root consul user.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.extraConfig
Extra configuration options which are serialized to json and added to the config.json file.
Type: unspecified
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.extraConfigFiles
Additional configuration files to pass to consul NOTE: These will not trigger the service to be restarted when altered.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.forceIpv4
Whether we should force the interfaces to only pull ipv4 addresses.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.interface.advertise
The name of the interface to pull the advertise_addr from.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.interface.bind
The name of the interface to pull the bind_addr from.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.leaveOnStop
If enabled, causes a leave action to be sent when closing consul. This allows a clean termination of the node, but permanently removes it from the cluster. You probably don't want this option unless you are running a node which going offline in a permanent / semi-permanent fashion.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.webUi
Enables the web interface on the consul http port.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.coturn.enable
Whether to enable coturn TURN server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.alt-listening-port
Alternative listening port for UDP and TCP listeners; default (or zero) value means "listening port plus one". This is needed for RFC 5780 support (STUN extension specs, NAT behavior discovery). The TURN Server supports RFC 5780 only if it is started with more than one listening IP address of the same family (IPv4 or IPv6). RFC 5780 is supported only by UDP protocol, other protocols are listening to that endpoint only for "symmetry".
Type: signed integer
Default:
"listening-port + 1"
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.alt-tls-listening-port
Alternative listening port for TLS and DTLS protocols.
Type: signed integer
Default:
"tls-listening-port + 1"
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.cert
Certificate file in PEM format.
Type: null or string
Default:
null
Example:
"/var/lib/acme/example.com/fullchain.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.cli-ip
Local system IP address to be used for CLI server endpoint.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.cli-password
CLI access password. For the security reasons, it is recommended to use the encrypted for of the password (see the -P command in the turnadmin utility).
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.cli-port
CLI server port.
Type: signed integer
Default:
5766
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.dh-file
Use custom DH TLS key, stored in PEM format in the file.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.extraConfig
Additional configuration options
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.listening-ips
Listener IP addresses of relay server. If no IP(s) specified in the config file or in the command line options, then all IPv4 and IPv6 system IPs will be used for listening.
Type: list of strings
Default:
[
]
Example:
[
"203.0.113.42" "2001:DB8::42"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.listening-port
TURN listener port for UDP and TCP. Note: actually, TLS and DTLS sessions can connect to the "plain" TCP and UDP port(s), too - if allowed by configuration.
Type: signed integer
Default:
3478
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.lt-cred-mech
Use long-term credential mechanism.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.max-port
Upper bound of UDP relay endpoints
Type: signed integer
Default:
65535
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.min-port
Lower bound of UDP relay endpoints
Type: signed integer
Default:
49152
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.no-auth
This option is opposite to lt-cred-mech. (TURN Server with no-auth option allows anonymous access). If neither option is defined, and no users are defined, then no-auth is default. If at least one user is defined, in this file or in command line or in usersdb file, then lt-cred-mech is default.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.no-cli
Turn OFF the CLI support.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.no-dtls
Disable DTLS client listener
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.no-tcp
Disable TCP client listener
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.no-tcp-relay
Disable TCP relay endpoints
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.no-tls
Disable TLS client listener
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.no-udp
Disable UDP client listener
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.no-udp-relay
Disable UDP relay endpoints
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.pkey
Private key file in PEM format.
Type: null or string
Default:
null
Example:
"/var/lib/acme/example.com/key.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.realm
The default realm to be used for the users when no explicit origin/realm relationship was found in the database, or if the TURN server is not using any database (just the commands-line settings and the userdb file). Must be used with long-term credentials mechanism or with TURN REST API.
Type: string
Default:
"nixos"
Example:
"example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.relay-ips
Relay address (the local IP address that will be used to relay the packets to the peer). Multiple relay addresses may be used. The same IP(s) can be used as both listening IP(s) and relay IP(s).
If no relay IP(s) specified, then the turnserver will apply the default policy: it will decide itself which relay addresses to be used, and it will always be using the client socket IP address as the relay IP address of the TURN session (if the requested relay address family is the same as the family of the client socket).
Type: list of strings
Default:
[
]
Example:
[
"203.0.113.42" "2001:DB8::42"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.secure-stun
Require authentication of the STUN Binding request. By default, the clients are allowed anonymous access to the STUN Binding functionality.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.static-auth-secret
'Static' authentication secret value (a string) for TURN REST API only. If not set, then the turn server will try to use the 'dynamic' value in turn_secret table in user database (if present). The database-stored value can be changed on-the-fly by a separate program, so this is why that other mode is 'dynamic'.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.tls-listening-port
TURN listener port for TLS. Note: actually, "plain" TCP and UDP sessions can connect to the TLS and DTLS port(s), too - if allowed by configuration. The TURN server "automatically" recognizes the type of traffic. Actually, two listening endpoints (the "plain" one and the "tls" one) are equivalent in terms of functionality; but we keep both endpoints to satisfy the RFC 5766 specs. For secure TCP connections, we currently support SSL version 3 and TLS version 1.0, 1.1 and 1.2. For secure UDP connections, we support DTLS version 1.
Type: signed integer
Default:
5349
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.use-auth-secret
TURN REST API flag. Flag that sets a special authorization option that is based upon authentication secret. This feature can be used with the long-term authentication mechanism, only. This feature purpose is to support "TURN Server REST API", see "TURN REST API" link in the project's page https://github.com/coturn/coturn/
This option is used with timestamp:
usercombo -> "timestamp:userid" turn user -> usercombo turn password -> base64(hmac(secret key, usercombo))
This allows TURN credentials to be accounted for a specific user id. If you don't have a suitable id, the timestamp alone can be used. This option is just turning on secret-based authentication. The actual value of the secret is defined either by option static-auth-secret, or can be found in the turn_secret table in the database.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.couchdb.enable
Whether to run CouchDB Server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.package
CouchDB package to use.
Type: package
Default:
"pkgs.couchdb"
Example:
pkgs.couchdb
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.bindAddress
Defines the IP address by which CouchDB will be accessible.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.configFile
Configuration file for persisting runtime changes. File needs to be readable and writable from couchdb user/group.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.databaseDir
Specifies location of CouchDB database files (*.couch named). This location should be writable and readable for the user the CouchDB service runs as (couchdb by default).
Type: path
Default:
"/var/lib/couchdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.extraConfig
Extra configuration. Overrides any other cofiguration.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.group
Group account under which couchdb runs.
Type: string
Default:
"couchdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.logFile
Specifies the location of file for logging output.
Type: path
Default:
"/var/log/couchdb.log"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.port
Defined the port number to listen.
Type: signed integer
Default:
5984
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.uriFile
This file contains the full URI that can be used to access this instance of CouchDB. It is used to help discover the port CouchDB is running on (if it was set to 0 (e.g. automatically assigned any free one). This file should be writable and readable for the user that runs the CouchDB service (couchdb by default).
Type: path
Default:
"/var/run/couchdb/couchdb.uri"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.user
User account under which couchdb runs.
Type: string
Default:
"couchdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.viewIndexDir
Specifies location of CouchDB view index files. This location should be writable and readable for the user that runs the CouchDB service (couchdb by default).
Type: path
Default:
"/var/lib/couchdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchpotato.enable
Whether to enable CouchPotato Server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/couchpotato.nix>
|
services.cpuminer-cryptonight.enable
Whether to enable the cpuminer cryptonight miner.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
|
services.cpuminer-cryptonight.pass
Password for mining server
Type: string
Default:
"x"
Declared by:
<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
|
services.cpuminer-cryptonight.threads
Number of miner threads, defaults to available processors
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
|
services.cpuminer-cryptonight.url
URL of mining server
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
|
services.cpuminer-cryptonight.user
Username for mining server
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
|
services.crashplan.enable
Starts crashplan background service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/crashplan.nix>
|
services.crashplansb.enable
Starts crashplan for small business background service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/crashplan-small-business.nix>
|
services.crashplansb.maxRam
Maximum amount of ram that the crashplan engine should use.
Type: string
Default:
"1024m"
Example:
"2G"
Declared by:
<nixpkgs/nixos/modules/services/backup/crashplan-small-business.nix>
|
services.crashplansb.openPorts
Open ports in the firewall for crashplan.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/backup/crashplan-small-business.nix>
|
services.crashplansb.ports
which ports to open.
Type: list of signed integers
Default:
[
4242 4243 4244 4247
]
Declared by:
<nixpkgs/nixos/modules/services/backup/crashplan-small-business.nix>
|
services.cron.enable
Whether to enable the Vixie cron daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/scheduling/cron.nix>
|
services.cron.cronFiles
A list of extra crontab files that will be read and appended to the main crontab file when the cron service starts.
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/scheduling/cron.nix>
|
services.cron.mailto
Email address to which job output will be mailed.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/scheduling/cron.nix>
|
services.cron.systemCronJobs
A list of Cron jobs to be appended to the system-wide
crontab. See the manual page for crontab for the expected
format. If you want to get the results mailed you must setuid
sendmail. See security.wrappers
If neither /var/cron/cron.deny nor /var/cron/cron.allow exist only root will is allowed to have its own crontab file. The /var/cron/cron.deny file is created automatically for you. So every user can use a crontab.
Many nixos modules set systemCronJobs, so if you decide to disable vixie cron and enable another cron daemon, you may want it to get its system crontab based on systemCronJobs.
Type: list of strings
Default:
[
]
Example:
[ "* * * * * test ls -l / > /tmp/cronout 2>&1" "* * * * * eelco echo Hello World > /home/eelco/cronout" ]
Declared by:
<nixpkgs/nixos/modules/services/scheduling/cron.nix>
|
services.crowd.enable
Whether to enable Atlassian Crowd service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.catalinaOptions
Java options to pass to catalina/tomcat.
Type: list of strings
Default:
[
]
Example:
[
"-Xms1024m" "-Xmx2048m"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.group
Group which runs Crowd.
Type: string
Default:
"crowd"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.home
Home directory of the Crowd instance.
Type: string
Default:
"/var/lib/crowd"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.jrePackage
Note that Atlassian only support the Oracle JRE (JRASERVER-46152).
Type: package
Default:
"pkgs.oraclejre8"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.listenAddress
Address to listen on.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.listenPort
Port to listen on.
Type: signed integer
Default:
8092
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.openidPassword
Application password for OpenID server.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.proxy.enable
Whether to enable reverse proxy support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.proxy.name
Virtual hostname at the proxy
Type: string
Example:
"crowd.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.proxy.port
Port used at the proxy
Type: signed integer
Default:
443
Example:
80
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.proxy.scheme
Protocol used at the proxy.
Type: string
Default:
"https"
Example:
"http"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.proxy.secure
Whether the connections to the proxy should be considered secure.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.user
User which runs Crowd.
Type: string
Default:
"crowd"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.dante.enable
Whether to enable Dante SOCKS proxy.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/dante.nix>
|
services.dante.config
Contents of Dante's configuration file. NOTE: user.privileged, user.unprivileged and logoutput are set by the service.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/dante.nix>
|
services.das_watchdog.enable
Whether to enable realtime watchdog.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/das_watchdog.nix>
|
services.datadog-agent.enable
Whether to enable the datadog-agent v6 monitoring service
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.enableLiveProcessCollection
Whether to enable the live process collection agent.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.package
Which DataDog v6 agent package to use. Note that the provided package is expected to have an overridable `python`-attribute which configures the Python environment with the Datadog checks.
Type: package
Default:
"pkgs.datadog-agent"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.apiKeyFile
Path to a file containing the Datadog API key to associate the agent with your account.
Type: path
Example:
"/run/keys/datadog_api_key"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.checks
Configuration for all Datadog checks. Keys of this attribute set will be used as the name of the check to create the appropriate configuration in `conf.d/$check.d/conf.yaml`.
The configuration is converted into JSON from the plain Nix language configuration, meaning that you should write configuration adhering to Datadog's documentation - but in Nix language.
Refer to the implementation of this module (specifically the definition of `defaultChecks`) for an example.
Note: The 'disk' and 'network' check are configured in separate options because they exist by default. Attempting to override their configuration here will have no effect.
Type: attribute set of attribute sets
Default:
{
}
Example:
{
http_check =
{
init_config = null; instances =
[
{
name = "some-service"; tags =
[
"some-service"
]
; url = "http://localhost:1337/healthz";
}
]
;
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.diskCheck
Disk check config
Type: attribute set
Default:
{
init_config =
{
}
; instances =
[
{
use-mount = "no";
}
]
;
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.extraConfig
Extra configuration options that will be merged into the
main config file datadog.yaml
.
Type: attribute set
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.extraIntegrations
Extra integrations from the Datadog core-integrations repository that should be built and included.
By default the included integrations are disk, mongo, network, nginx and postgres.
To include additional integrations the name of the derivation and a function to filter its dependencies from the Python package set must be provided.
Type: attribute set
Default:
{
}
Example:
{
ntp = "<function>";
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.hostname
The hostname to show in the Datadog dashboard (optional)
Type: null or string
Default:
null
Example:
"mymachine.mydomain"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.logLevel
Logging verbosity.
Type: null or one of "DEBUG", "INFO", "WARN", "ERROR"
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.networkCheck
Network check config
Type: attribute set
Default:
{
init_config =
{
}
; instances =
[
{
collect_connection_state = false; excluded_interfaces =
[
"lo" "lo0"
]
;
}
]
;
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.tags
The tags to mark this Datadog agent
Type: null or list of strings
Default:
null
Example:
[
"test" "service"
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.davfs2.enable
Whether to enable davfs2.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/davfs2.nix>
|
services.davfs2.davGroup
The group of the running mount.davfs daemon. Ordinary users must be member of this group in order to mount a davfs2 file system. Value must be given as name, not as numerical id.
Type: string
Default:
"davfs2"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/davfs2.nix>
|
services.davfs2.davUser
When invoked by root the mount.davfs daemon will run as this user. Value must be given as name, not as numerical id.
Type: string
Default:
"davfs2"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/davfs2.nix>
|
services.davfs2.extraConfig
Extra lines appended to the configuration of davfs2.
Type: string
Default:
""
Example:
'' kernel_fs coda proxy foo.bar:8080 use_locks 0 ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/davfs2.nix>
|
services.dbus.packages
Packages whose D-Bus configuration files should be included in
the configuration of the D-Bus system-wide or session-wide
message bus. Specifically, files in the following directories
will be included into their respective DBus configuration paths:
pkg
/etc/dbus-1/system.dpkg
/share/dbus-1/system-servicespkg
/etc/dbus-1/session.dpkg
/share/dbus-1/services
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/system/dbus.nix>
|
services.dbus.socketActivated
Make the user instance socket activated.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/system/dbus.nix>
|
services.dd-agent.enable
Whether to enable the dd-agent v5 monitoring service.
For datadog-agent v6, see services.datadog-agent.enable
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/dd-agent/dd-agent.nix>
|
services.dd-agent.api_key
The Datadog API key to associate the agent with your account.
Warning: this key is stored in cleartext within the world-readable
Nix store! Consider using the new v6
services.datadog-agent
module instead.
Type: string
Example:
"ae0aa6a8f08efa988ba0a17578f009ab"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/dd-agent/dd-agent.nix>
|
services.dd-agent.hostname
The hostname to show in the Datadog dashboard (optional)
Type: null or string
Default:
null
Example:
"mymachine.mydomain"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/dd-agent/dd-agent.nix>
|
services.dd-agent.jmxConfig
JMX integration configuration
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/dd-agent/dd-agent.nix>
|
services.dd-agent.mongoConfig
MongoDB integration configuration
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/dd-agent/dd-agent.nix>
|
services.dd-agent.nginxConfig
Datadog nginx integration configuration
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/dd-agent/dd-agent.nix>
|
services.dd-agent.postgresqlConfig
Datadog PostgreSQL integration configuration
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/dd-agent/dd-agent.nix>
|
services.dd-agent.processConfig
Process integration configuration
See http://docs.datadoghq.com/integrations/process/
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/dd-agent/dd-agent.nix>
|
services.dd-agent.tags
The tags to mark this Datadog agent
Type: null or list of strings
Default:
null
Example:
[
"test" "service"
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/dd-agent/dd-agent.nix>
|
services.ddclient.enable
Whether to synchronise your machine's IP address with a dynamic DNS provider (e.g. dyndns.org).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.configFile
Path to configuration file. When set to the default '/etc/ddclient.conf' it will be populated with the various other options in this module. When it is changed (for example: '/root/nixos/secrets/ddclient.conf') the file read directly to configure ddclient. This is a source of impurity. The purpose of this is to avoid placing secrets into the store.
Type: path
Default:
"/etc/ddclient.conf"
Example:
"/root/nixos/secrets/ddclient.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.domains
Domain name(s) to synchronize.
Type: list of strings
Default:
[
""
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.extraConfig
Extra configuration. Contents will be added verbatim to the configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.interval
The interval at which to run the check and update. See man 7 systemd.time for the format.
Type: string
Default:
"10min"
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.password
Password. WARNING: The password becomes world readable in the Nix store.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.protocol
Protocol to use with dynamic DNS provider (see https://sourceforge.net/p/ddclient/wiki/protocols).
Type: string
Default:
"dyndns2"
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.quiet
Print no messages for unnecessary updates.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.script
script as required by some providers.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.server
Server address.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.ssl
Whether to use to use SSL/TLS to connect to dynamic DNS provider.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.use
Method to determine the IP address to send to the dynamic DNS provider.
Type: string
Default:
"web, web=checkip.dyndns.com/, web-skip='Current IP Address: '"
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.username
User name.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.verbose
Print verbose information.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.zone
zone as required by some providers.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.deluge.enable
Whether to enable Deluge daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.openFilesLimit
Number of files to allow deluged to open.
Type: unspecified
Default:
4096
Example:
8192
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.web.enable
Whether to enable Deluge Web daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.devmon.enable
Whether to enable devmon, an automatic device mounting daemon.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/devmon.nix>
|
services.dhcpd4.enable
Whether to enable the DHCPv4 server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd4.configFile
The path of the DHCP server configuration file. If no file is specified, a file is generated using the other options.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd4.extraConfig
Extra text to be appended to the DHCP server configuration file. Currently, you almost certainly need to specify something there, such as the options specifying the subnet mask, DNS servers, etc.
Type: string
Default:
""
Example:
'' option subnet-mask 255.255.255.0; option broadcast-address 192.168.1.255; option routers 192.168.1.5; option domain-name-servers 130.161.158.4, 130.161.33.17, 130.161.180.1; option domain-name "example.org"; subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.100 192.168.1.200; } ''
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd4.extraFlags
Additional command line flags to be passed to the dhcpd daemon.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd4.interfaces
The interfaces on which the DHCP server should listen.
Type: list of strings
Default:
[
"eth0"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd4.machines
A list mapping Ethernet addresses to IPv4 addresses for the DHCP server.
Type: list of submodules
Default:
[
]
Example:
[
{
ethernetAddress = "00:16:76:9a:32:1d"; hostName = "foo"; ipAddress = "192.168.1.10";
}
{
ethernetAddress = "00:19:d1:1d:c4:9a"; hostName = "bar"; ipAddress = "192.168.1.11";
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd4.machines.*.ethernetAddress
MAC address of the machine.
Type: string
Example:
"00:16:76:9a:32:1d"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd4.machines.*.hostName
Hostname which is assigned statically to the machine.
Type: string
Example:
"foo"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd4.machines.*.ipAddress
IP address of the machine.
Type: string
Example:
"192.168.1.10"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd4.stateDir
State directory for the DHCP server.
Type: path
Default:
"/var/lib/dhcp"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd6.enable
Whether to enable the DHCPv6 server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd6.configFile
The path of the DHCP server configuration file. If no file is specified, a file is generated using the other options.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd6.extraConfig
Extra text to be appended to the DHCP server configuration file. Currently, you almost certainly need to specify something there, such as the options specifying the subnet mask, DNS servers, etc.
Type: string
Default:
""
Example:
'' option subnet-mask 255.255.255.0; option broadcast-address 192.168.1.255; option routers 192.168.1.5; option domain-name-servers 130.161.158.4, 130.161.33.17, 130.161.180.1; option domain-name "example.org"; subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.100 192.168.1.200; } ''
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd6.extraFlags
Additional command line flags to be passed to the dhcpd daemon.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd6.interfaces
The interfaces on which the DHCP server should listen.
Type: list of strings
Default:
[
"eth0"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd6.machines
A list mapping Ethernet addresses to IPv6 addresses for the DHCP server.
Type: list of submodules
Default:
[
]
Example:
[
{
ethernetAddress = "00:16:76:9a:32:1d"; hostName = "foo"; ipAddress = "192.168.1.10";
}
{
ethernetAddress = "00:19:d1:1d:c4:9a"; hostName = "bar"; ipAddress = "192.168.1.11";
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd6.machines.*.ethernetAddress
MAC address of the machine.
Type: string
Example:
"00:16:76:9a:32:1d"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd6.machines.*.hostName
Hostname which is assigned statically to the machine.
Type: string
Example:
"foo"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd6.machines.*.ipAddress
IP address of the machine.
Type: string
Example:
"192.168.1.10"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd6.stateDir
State directory for the DHCP server.
Type: path
Default:
"/var/lib/dhcp6"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dictd.enable
Whether to enable the DICT.org dictionary server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/dictd.nix>
|
services.dictd.DBs
List of databases to make available.
Type: list of packages
Default:
"with pkgs.dictdDBs; [ wiktionary wordnet ]"
Example:
[ pkgs.dictdDBs.nld2eng ]
Declared by:
<nixpkgs/nixos/modules/services/misc/dictd.nix>
|
services.diod.enable
Whether to enable the diod 9P file server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.allsquash
Remap all users to "nobody". The attaching user need not be present in the password file.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.authRequired
Allow clients to connect without authentication, i.e. without a valid MUNGE credential.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.exportall
Export all file systems listed in /proc/mounts. If new file systems are mounted after diod has started, they will become immediately mountable. If there is a duplicate entry for a file system in the exports list, any options listed in the exports entry will apply.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.exportopts
Establish a default set of export options. These are overridden, not appended to, by opts attributes in an "exports" entry.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.exports
List the file systems that clients will be allowed to mount. All paths should be fully qualified. The exports table can include two types of element: a string element (as above), or an alternate table element form { path="/path", opts="ro" }. In the alternate form, the (optional) opts attribute is a comma-separated list of export options. The two table element forms can be mixed in the exports table. Note that although diod will not traverse file system boundaries for a given mount due to inode uniqueness constraints, subdirectories of a file system can be separately exported.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.extraConfig
Extra configuration options for diod.conf.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.listen
[ "IP:PORT" [,"IP:PORT",...] ] List the interfaces and ports that diod should listen on.
Type: list of strings
Default:
[
"0.0.0.0:564"
]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.logdest
Set the destination for logging. The value has the form of "syslog:facility:level" or "filename".
Type: string
Default:
"syslog:daemon:err"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.nwthreads
Sets the (fixed) number of worker threads created to handle 9P requests for a unique aname.
Type: signed integer
Default:
16
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.squashuser
Change the squash user. The squash user must be present in the password file.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.statfsPassthru
This option configures statfs to return the host file system's type rather than V9FS_MAGIC.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.userdb
This option disables password/group lookups. It allows any uid to attach and assumes gid=uid, and supplementary groups contain only the primary gid.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.disnix.enable
Whether to enable Disnix
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
|
services.disnix.enableMultiUser
Whether to support multi-user mode by enabling the Disnix D-Bus service
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
|
services.disnix.package
The Disnix package
Type: path
Default:
"pkgs.disnix"
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
|
services.disnix.useWebServiceInterface
Whether to enable the DisnixWebService interface running on Apache Tomcat
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
|
services.dkimproxy-out.enable
Whether to enable dkimproxy_out.
Note that a key will be auto-generated, and can be found in /var/lib/dkimproxy-out.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix>
|
services.dkimproxy-out.domains
List of domains DKIMproxy can sign for.
Type: list of strings
Example:
[
"example.org" "example.com"
]
Declared by:
<nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix>
|
services.dkimproxy-out.keySize
Size of the RSA key to use to sign outgoing emails. Note that the maximum mandatorily verified as per RFC6376 is 2048.
Type: signed integer
Default:
2048
Declared by:
<nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix>
|
services.dkimproxy-out.listen
Address:port DKIMproxy should listen on.
Type: string
Example:
"127.0.0.1:10027"
Declared by:
<nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix>
|
services.dkimproxy-out.relay
Address:port DKIMproxy should forward mail to.
Type: string
Example:
"127.0.0.1:10028"
Declared by:
<nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix>
|
services.dkimproxy-out.selector
The selector to use for DKIM key identification.
For example, if 'selector1' is used here, then for each domain 'example.org' given in `domain`, 'selector1._domainkey.example.org' should contain the TXT record indicating the public key is the one in /var/lib/dkimproxy-out/public.key: "v=DKIM1; t=s; p=[THE PUBLIC KEY]".
Type: string
Example:
"selector1"
Declared by:
<nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix>
|
services.dleyna-renderer.enable
Whether to enable dleyna-renderer service, a DBus service for handling DLNA renderers.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/dleyna-renderer.nix>
|
services.dleyna-server.enable
Whether to enable dleyna-server service, a DBus service for handling DLNA servers.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/dleyna-server.nix>
|
services.dnscache.enable
Whether to run the dnscache caching dns server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscache.nix>
|
services.dnscache.clientIps
Client IP addresses (or prefixes) from which to accept connections.
Type: list of strings
Default:
[
"127.0.0.1"
]
Example:
[
"192.168" "172.23.75.82"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscache.nix>
|
services.dnscache.domainServers
Table of {hostname: server} pairs to use as authoritative servers for hosts (and subhosts). If entry for @ is not specified predefined list of root servers is used.
Type: attribute set of list of stringss
Default:
{
}
Example:
{
@ =
[
"8.8.8.8" "8.8.4.4"
]
; example.com =
[
"192.168.100.100"
]
;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscache.nix>
|
services.dnscache.forwardOnly
Whether to treat root servers (for @) as caching servers, requesting addresses the same way a client does. This is needed if you want to use e.g. Google DNS as your upstream DNS.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscache.nix>
|
services.dnscache.ip
IP address on which to listen for connections.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscache.nix>
|
services.dnschain.enable
Whether to enable DNSChain, a blockchain based DNS + HTTP server.
To resolve .bit domains set services.namecoind.enable = true;
and an RPC username/password.
.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/dnschain.nix>
|
services.dnschain.api.hostname
The hostname (or IP address) the DNSChain API server will bind to.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnschain.nix>
|
services.dnschain.api.port
The port the DNSChain API server (HTTP) will bind to.
Type: signed integer
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/networking/dnschain.nix>
|
services.dnschain.api.tlsPort
The port the DNSChain API server (HTTPS) will bind to.
Type: signed integer
Default:
4433
Declared by:
<nixpkgs/nixos/modules/services/networking/dnschain.nix>
|
services.dnschain.dns.address
The IP address the DNSChain resolver will bind to. Leave this unchanged if you do not wish to directly expose the resolver.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnschain.nix>
|
services.dnschain.dns.externalAddress
The IP address used by clients to reach the resolver and the value of
the namecoin.dns
record. Set this in case the bind address
is not the actual IP address (e.g. the machine is behind a NAT).
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnschain.nix>
|
services.dnschain.dns.port
The port the DNSChain resolver will bind to.
Type: signed integer
Default:
5333
Declared by:
<nixpkgs/nixos/modules/services/networking/dnschain.nix>
|
services.dnschain.extraConfig
Additional options that will be appended to the configuration file.
Type: string
Default:
""
Example:
'' [log] level = debug ''
Declared by:
<nixpkgs/nixos/modules/services/networking/dnschain.nix>
|
services.dnscrypt-proxy.enable
Whether to enable the DNSCrypt client proxy
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy.nix>
|
services.dnscrypt-proxy.customResolver
Use an unlisted resolver (e.g., a private DNSCrypt provider). For advanced users only. If specified, this option takes precedence.
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy.nix>
|
services.dnscrypt-proxy.customResolver.address
IP address
Type: string
Example:
"208.67.220.220"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy.nix>
|
services.dnscrypt-proxy.customResolver.key
Public key
Type: string
Example:
"B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy.nix>
|
services.dnscrypt-proxy.customResolver.name
Fully qualified domain name
Type: string
Example:
"2.dnscrypt-cert.example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy.nix>
|
services.dnscrypt-proxy.customResolver.port
Port
Type: signed integer
Default:
443
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy.nix>
|
services.dnscrypt-proxy.extraArgs
Additional command-line arguments passed verbatim to the daemon. See dnscrypt-proxy(8) for details.
Type: list of strings
Default:
[
]
Example:
[
"-X libdcplugin_example_cache.so,--min-ttl=60"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy.nix>
|
services.dnscrypt-proxy.localAddress
Listen for DNS queries to relay on this address. The only reason to change this from its default value is to proxy queries on behalf of other machines (typically on the local network).
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy.nix>
|
services.dnscrypt-proxy.localPort
Listen for DNS queries to relay on this port. The default value assumes that the DNSCrypt proxy should relay DNS queries directly. When running as a forwarder for another DNS client, set this option to a different value; otherwise leave the default.
Type: signed integer
Default:
53
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy.nix>
|
services.dnscrypt-proxy.resolverName
The name of the DNSCrypt resolver to use, taken from
/var/lib/dnscrypt-proxy/dnscrypt-resolvers.csv
. The default is to
pick a random non-logging resolver that supports DNSSEC.
Type: null or string
Default:
"random"
Example:
"dnscrypt.eu-nl"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy.nix>
|
services.dnscrypt-wrapper.enable
Whether to enable DNSCrypt wrapper.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
|
services.dnscrypt-wrapper.address
The DNSCrypt wrapper will bind to this IP address.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
|
services.dnscrypt-wrapper.keys.checkInterval
The time interval (in minutes) between key expiration checks.
Type: signed integer
Default:
1440
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
|
services.dnscrypt-wrapper.keys.expiration
The duration (in days) of the time-limited secret key. This will be automatically rotated before expiration.
Type: signed integer
Default:
30
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
|
services.dnscrypt-wrapper.port
The DNSCrypt wrapper will listen for DNS queries on this port.
Type: signed integer
Default:
5353
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
|
services.dnscrypt-wrapper.providerName
The name that will be given to this DNSCrypt resolver.
Note: the resolver name must start with 2.dnscrypt-cert.
.
Type: string
Default:
"2.dnscrypt-cert.nixos"
Example:
"2.dnscrypt-cert.myresolver"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
|
services.dnscrypt-wrapper.upstream.address
The IP address of the upstream DNS server DNSCrypt will "wrap".
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
|
services.dnscrypt-wrapper.upstream.port
The port of the upstream DNS server DNSCrypt will "wrap".
Type: signed integer
Default:
53
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
|
services.dnsdist.enable
Whether to enable dnsdist domain name server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsdist.nix>
|
services.dnsdist.extraConfig
Extra lines to be added verbatim to dnsdist.conf.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsdist.nix>
|
services.dnsdist.listenAddress
Listen IP Address
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsdist.nix>
|
services.dnsdist.listenPort
Listen port
Type: signed integer
Default:
53
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsdist.nix>
|
services.dnsmasq.enable
Whether to run dnsmasq.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
|
services.dnsmasq.alwaysKeepRunning
If enabled, systemd will always respawn dnsmasq even if shut down manually. The default, disabled, will only restart it on error.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
|
services.dnsmasq.extraConfig
Extra configuration directives that should be added to
dnsmasq.conf
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
|
services.dnsmasq.resolveDNSChainQueries
Resolve .bit
top-level domains using DNSChain and namecoin.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/dnschain.nix>
|
services.dnsmasq.resolveLocalQueries
Whether dnsmasq should resolve local queries (i.e. add 127.0.0.1 to /etc/resolv.conf).
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
|
services.dnsmasq.servers
The DNS servers which dnsmasq should query.
Type: list of strings
Default:
[
]
Example:
[
"8.8.8.8" "8.8.4.4"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
|
services.dockerRegistry.enable
Whether to enable Docker Registry.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.enableDelete
Enable delete for manifests and blobs.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.enableGarbageCollect
Whether to enable garbage collect.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.enableRedisCache
Whether to enable redis as blob cache.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.extraConfig
Docker extra registry configuration via environment variables.
Type: attribute set
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.garbageCollectDates
Specification (in the format described by systemd.time(7)) of the time at which the garbage collect will occur.
Type: string
Default:
"daily"
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.listenAddress
Docker registry host or ip to bind to.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.port
Docker registry port to bind to.
Type: signed integer
Default:
5000
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.redisPassword
Set redis password.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.redisUrl
Set redis host and port.
Type: string
Default:
"localhost:6379"
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.storagePath
Docker registry storage path.
Type: path
Default:
"/var/lib/docker-registry"
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dovecot2.enable
Whether to enable Dovecot 2.x POP3/IMAP server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.enableImap
Start the IMAP listener (when Dovecot is enabled).
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.enableLmtp
Start the LMTP listener (when Dovecot is enabled).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.enablePAM
Whether to create a own Dovecot PAM service and configure PAM user logins.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.enablePop3
Start the POP3 listener (when Dovecot is enabled).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.enableQuota
Whether to enable the dovecot quota service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.configFile
Config file used for the whole dovecot configuration.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.createMailUser
Whether to automatically create the user
given in services.dovecot.user
and the group
given in services.dovecot.group
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.extraConfig
Additional entries to put verbatim into Dovecot's config file.
Type: string
Default:
""
Example:
"mail_debug = yes"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.group
Dovecot group name.
Type: string
Default:
"dovecot2"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.mailGroup
Default group to store mail for virtual users.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.mailLocation
Location that dovecot will use for mail folders. Dovecot mail_location option.
Type: string
Default:
"maildir:/var/spool/mail/%u"
Example:
"maildir:~/mail:INBOX=/var/spool/mail/%u"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.mailUser
Default user to store mail for virtual users.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.mailboxes
Configure mailboxes and auto create or subscribe them.
Type: list of submodules
Default:
[
]
Example:
[
{
auto = "create"; name = "Spam"; specialUse = "Junk";
}
]
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.mailboxes.*.auto
Whether to automatically create or create and subscribe to the mailbox or not.
Type: one of "no", "create", "subscribe"
Default:
"no"
Example:
"subscribe"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.mailboxes.*.name
The name of the mailbox.
Type: string matching the pattern [^"]+
Example:
"Spam"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.mailboxes.*.specialUse
Null if no special use flag is set. Other than that every use flag mentioned in the RFC is valid.
Type: null or one of "All", "Archive", "Drafts", "Flagged", "Junk", "Sent", "Trash"
Default:
null
Example:
"Junk"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.modules
Symlinks the contents of lib/dovecot of every given package into /etc/dovecot/modules. This will make the given modules available if a dovecot package with the module_dir patch applied is being used.
Type: list of packages
Default:
[
]
Example:
[ pkgs.dovecot_pigeonhole ]
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.protocols
Additional listeners to start when Dovecot is enabled.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.quotaGlobalPerUser
Quota limit for the user in bytes. Supports suffixes b, k, M, G, T and %.
Type: string
Default:
"100G"
Example:
"10G"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.quotaPort
The Port the dovecot quota service binds to. If using postfix, add check_policy_service inet:localhost:12340 to your smtpd_recipient_restrictions in your postfix config.
Type: string
Default:
"12340"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.showPAMFailure
Show the PAM failure message on authentication error (useful for OTPW).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.sieveScripts
Sieve scripts to be executed. Key is a sequence, e.g. 'before2', 'after' etc.
Type: attribute set of paths
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.sslCACert
Path to the server's CA certificate key.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.sslServerCert
Path to the server's public key.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.sslServerKey
Path to the server's private key.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.user
Dovecot user name.
Type: string
Default:
"dovecot2"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.drbd.enable
Whether to enable support for DRBD, the Distributed Replicated Block Device.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/drbd.nix>
|
services.drbd.config
Contents of the drbd.conf
configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/drbd.nix>
|
services.dspam.enable
Whether to enable the dspam spam filter.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/dspam.nix>
|
services.dspam.domainSocket
Path to local domain socket which is used for communication with the daemon. Set to null to disable UNIX socket.
Type: null or path
Default:
"/run/dspam/dspam.sock"
Declared by:
<nixpkgs/nixos/modules/services/mail/dspam.nix>
|
services.dspam.extraConfig
Additional dspam configuration.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/dspam.nix>
|
services.dspam.group
Group for the dspam daemon.
Type: string
Default:
"dspam"
Declared by:
<nixpkgs/nixos/modules/services/mail/dspam.nix>
|
services.dspam.maintenanceInterval
If set, maintenance script will be run at specified (in systemd.timer format) interval
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/dspam.nix>
|
services.dspam.storageDriver
Storage driver backend to use for dspam.
Type: string
Default:
"hash"
Declared by:
<nixpkgs/nixos/modules/services/mail/dspam.nix>
|
services.dspam.user
User for the dspam daemon.
Type: string
Default:
"dspam"
Declared by:
<nixpkgs/nixos/modules/services/mail/dspam.nix>
|
services.duplicati.enable
Whether to enable Duplicati.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicati.nix>
|
services.duplicati.interface
Listening interface for the web UI Set it to "any" to listen on all available interfaces
Type: string
Default:
"lo"
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicati.nix>
|
services.duplicati.port
Port serving the web interface
Type: signed integer
Default:
8200
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicati.nix>
|
services.earlyoom.enable
Enable early out of memory killing.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/system/earlyoom.nix>
|
services.earlyoom.enableDebugInfo
Enable debugging messages.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/system/earlyoom.nix>
|
services.earlyoom.freeMemThreshold
Minimum of availabe memory (in percent).
If the free memory falls below this threshold and the analog is true for
services.earlyoom.freeSwapThreshold
the killing begins.
Type: signed integer
Default:
10
Declared by:
<nixpkgs/nixos/modules/services/system/earlyoom.nix>
|
services.earlyoom.freeSwapThreshold
Minimum of availabe swap space (in percent).
If the available swap space falls below this threshold and the analog
is true for services.earlyoom.freeMemThreshold
the killing begins.
Type: signed integer
Default:
10
Declared by:
<nixpkgs/nixos/modules/services/system/earlyoom.nix>
|
services.earlyoom.ignoreOOMScoreAdjust
Ignore oom_score_adjust values of processes. User-space implementation only.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/system/earlyoom.nix>
|
services.earlyoom.useKernelOOMKiller
Use kernel OOM killer instead of own user-space implementation.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/system/earlyoom.nix>
|
services.ecs-agent.enable
Whether to enable Amazon ECS agent.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/virtualisation/ecs-agent.nix>
|
services.ecs-agent.package
The ECS agent package to use
Type: path
Default:
"pkgs.ecs-agent"
Declared by:
<nixpkgs/nixos/modules/virtualisation/ecs-agent.nix>
|
services.ecs-agent.extra-environment
The environment the ECS agent should run with. See the ECS agent documentation for keys that work here.
Type: attribute set of strings
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/virtualisation/ecs-agent.nix>
|
services.ejabberd.enable
Whether to enable ejabberd server
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.ejabberd.package
ejabberd server package to use
Type: package
Default:
"pkgs.ejabberd"
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.ejabberd.configFile
Configuration file for ejabberd in YAML format
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.ejabberd.ctlConfig
Configuration of ejabberdctl
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.ejabberd.group
Group under which ejabberd is ran
Type: string
Default:
"ejabberd"
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.ejabberd.imagemagick
Add ImageMagick to server's path; allows for image thumbnailing
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.ejabberd.loadDumps
Configuration dumps that should be loaded on the first startup
Type: list of paths
Default:
[
]
Example:
[ ./myejabberd.dump ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.ejabberd.logsDir
Location of the logfile directory of ejabberd
Type: path
Default:
"/var/log/ejabberd"
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.ejabberd.spoolDir
Location of the spooldir of ejabberd
Type: path
Default:
"/var/lib/ejabberd"
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.ejabberd.user
User under which ejabberd is ran
Type: string
Default:
"ejabberd"
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.elasticsearch.enable
Whether to enable elasticsearch.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.package
Elasticsearch package to use.
Type: package
Default:
"pkgs.elasticsearch"
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.cluster_name
Elasticsearch name that identifies your cluster for auto-discovery.
Type: string
Default:
"elasticsearch"
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.dataDir
Data directory for elasticsearch.
Type: path
Default:
"/var/lib/elasticsearch"
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.extraCmdLineOptions
Extra command line options for the elasticsearch launcher.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.extraConf
Extra configuration for elasticsearch.
Type: string
Default:
""
Example:
'' node.name: "elasticsearch" node.master: true node.data: false ''
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.extraJavaOptions
Extra command line options for Java.
Type: list of strings
Default:
[
]
Example:
[
"-Djava.net.preferIPv4Stack=true"
]
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.listenAddress
Elasticsearch listen address.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.logging
Elasticsearch logging configuration.
Type: string
Default:
'' logger.action.name = org.elasticsearch.action logger.action.level = info appender.console.type = Console appender.console.name = console appender.console.layout.type = PatternLayout appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n rootLogger.level = info rootLogger.appenderRef.console.ref = console ''
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.plugins
Extra elasticsearch plugins
Type: list of packages
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.port
Elasticsearch port to listen for HTTP traffic.
Type: signed integer
Default:
9200
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.tcp_port
Elasticsearch port for the node to node communication.
Type: signed integer
Default:
9300
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch-curator.enable
Whether to enable elasticsearch curator.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch-curator.nix>
|
services.elasticsearch-curator.actionYAML
curator action.yaml file contents, alternatively use curator-cli which takes a simple action command
Type: unspecified
Example:
'' --- actions: 1: action: delete_indices description: >- Delete indices older than 45 days (based on index name), for logstash- prefixed indices. Ignore the error if the filter does not result in an actionable list of indices (ignore_empty_list) and exit cleanly. options: ignore_empty_list: True disable_action: False filters: - filtertype: pattern kind: prefix value: logstash- - filtertype: age source: name direction: older timestring: '%Y.%m.%d' unit: days unit_count: 45 ''
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch-curator.nix>
|
services.elasticsearch-curator.hosts
a list of elasticsearch hosts to connect to
Type: list of strings
Default:
[
"localhost"
]
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch-curator.nix>
|
services.elasticsearch-curator.interval
The frequency to run curator, a systemd.time such as 'hourly'
Type: string
Default:
"hourly"
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch-curator.nix>
|
services.elasticsearch-curator.port
the port that elasticsearch is listening on
Type: signed integer
Default:
9200
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch-curator.nix>
|
services.emacs.enable
Whether to enable a user service for the Emacs daemon. Use emacsclient
to connect to the
daemon. If true
, services.emacs.install
is
considered true
, whatever its value.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/editors/emacs.nix>
|
services.emacs.package
emacs derivation to use.
Type: package
Default:
"pkgs.emacs"
Declared by:
<nixpkgs/nixos/modules/services/editors/emacs.nix>
|
services.emacs.defaultEditor
When enabled, configures emacsclient to be the default editor using the EDITOR environment variable.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/editors/emacs.nix>
|
services.emacs.install
Whether to install a user service for the Emacs daemon. Once the service is started, use emacsclient to connect to the daemon.
The service must be manually started for each user with
"systemctl --user start emacs" or globally through
services.emacs.enable
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/editors/emacs.nix>
|
services.emby.enable
Whether to enable Emby Media Server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/emby.nix>
|
services.emby.dataDir
Location where Emby stores its data.
Type: path
Default:
"/var/lib/emby/ProgramData-Server"
Declared by:
<nixpkgs/nixos/modules/services/misc/emby.nix>
|
services.emby.group
Group under which emby runs.
Type: string
Default:
"emby"
Declared by:
<nixpkgs/nixos/modules/services/misc/emby.nix>
|
services.emby.user
User account under which Emby runs.
Type: string
Default:
"emby"
Declared by:
<nixpkgs/nixos/modules/services/misc/emby.nix>
|
services.epmd.enable
Whether to enable socket activation for Erlang Port Mapper Daemon (epmd), which acts as a name server on all hosts involved in distributed Erlang computations.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/epmd.nix>
|
services.epmd.package
The Erlang package to use to get epmd binary. That way you can re-use an Erlang runtime that is already installed for other purposes.
Type: package
Default:
(build of erlang-20.3.8.9)
Declared by:
<nixpkgs/nixos/modules/services/networking/epmd.nix>
|
services.errbot.instances
Errbot instance configs
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/misc/errbot.nix>
|
services.errbot.instances.<name>.admins
List of identifiers of errbot admins.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/misc/errbot.nix>
|
services.errbot.instances.<name>.backend
Errbot backend name.
Type: string
Default:
"XMPP"
Declared by:
<nixpkgs/nixos/modules/services/misc/errbot.nix>
|
services.errbot.instances.<name>.dataDir
Data directory for errbot instance.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/errbot.nix>
|
services.errbot.instances.<name>.extraConfig
String to be appended to the config verbatim
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/errbot.nix>
|
services.errbot.instances.<name>.identity
Errbot identity configuration
Type: attribute set
Declared by:
<nixpkgs/nixos/modules/services/misc/errbot.nix>
|
services.errbot.instances.<name>.logLevel
Errbot log level
Type: string
Default:
"INFO"
Declared by:
<nixpkgs/nixos/modules/services/misc/errbot.nix>
|
services.errbot.instances.<name>.plugins
List of errbot plugin derivations.
Type: list of packages
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/misc/errbot.nix>
|
services.etcd.enable
Whether to enable etcd.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.advertiseClientUrls
Etcd list of this member's client URLs to advertise to the rest of the cluster.
Type: list of strings
Default:
[
"http://127.0.0.1:2379"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.certFile
Cert file to use for clients
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.clientCertAuth
Whether to use certs for client authentication
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.dataDir
Etcd data directory.
Type: path
Default:
"/var/lib/etcd"
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.discovery
Etcd discovery url
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.extraConf
Etcd extra configuration. See https://github.com/coreos/etcd/blob/master/Documentation/op-guide/configuration.md#configuration-flags
Type: attribute set of strings
Default:
{
}
Example:
{ "CORS" = "*"; "NAME" = "default-name"; "MAX_RESULT_BUFFER" = "1024"; "MAX_CLUSTER_SIZE" = "9"; "MAX_RETRY_ATTEMPTS" = "3"; }
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.initialAdvertisePeerUrls
Etcd list of this member's peer URLs to advertise to rest of the cluster.
Type: list of strings
Default:
[
"http://127.0.0.1:2380"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.initialCluster
Etcd initial cluster configuration for bootstrapping.
Type: list of strings
Default:
[
"nixos=http://127.0.0.1:2380"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.initialClusterState
Etcd initial cluster configuration for bootstrapping.
Type: one of "new", "existing"
Default:
"new"
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.initialClusterToken
Etcd initial cluster token for etcd cluster during bootstrap.
Type: string
Default:
"etcd-cluster"
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.keyFile
Key file to use for clients
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.listenClientUrls
Etcd list of URLs to listen on for client traffic.
Type: list of strings
Default:
[
"http://127.0.0.1:2379"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.listenPeerUrls
Etcd list of URLs to listen on for peer traffic.
Type: list of strings
Default:
[
"http://127.0.0.1:2380"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.name
Etcd unique node name.
Type: string
Default:
"nixos"
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.peerCertFile
Cert file to use for peer to peer communication
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.peerClientCertAuth
Whether to check all incoming peer requests from the cluster for valid client certificates signed by the supplied CA
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.peerKeyFile
Key file to use for peer to peer communication
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.peerTrustedCaFile
Certificate authority file to use for peer to peer communication
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.trustedCaFile
Certificate authority file to use for clients
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.exhibitor.enable
Whether to enable the exhibitor server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.autoManageInstances
Automatically manage ZooKeeper instances in the ensemble
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.baseDir
Baseline directory for exhibitor runtime config.
Type: string
Default:
"/var/exhibitor"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.configCheckMs
Period (ms) to check for shared config updates.
Type: signed integer
Default:
30000
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.configType
Which configuration type you want to use. Additional config will be required depending on which type you are using.
Type: one of "file", "s3", "zookeeper", "none"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.extraConf
Extra Exhibitor configuration to put in the ZooKeeper config file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.fileSystemBackup
Enables file system backup of ZooKeeper log files
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.fsConfigDir
Directory to store Exhibitor properties (cannot be used with s3config). Exhibitor uses file system locks so you can specify a shared location so as to enable complete ensemble management.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.fsConfigLockPrefix
A prefix for a locking mechanism used in conjunction with fsconfigdir
Type: string
Default:
"exhibitor-lock-"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.fsConfigName
The name of the file to store config in
Type: string
Default:
"exhibitor.properties"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.headingText
Extra text to display in UI header
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.hostname
Hostname to use and advertise
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.jqueryStyle
Styling used for the JQuery-based UI.
Type: one of "red", "black", "custom"
Default:
"red"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.logLines
Max lines of logging to keep in memory for display.
Type: signed integer
Default:
1000
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.nodeModification
Whether the Explorer UI will allow nodes to be modified (use with caution).
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.port
The port for exhibitor to listen on and communicate with other exhibitors.
Type: signed integer
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.s3Backup
Whether to enable backups to S3
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.s3Config.bucketName
Bucket name to store config
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.s3Config.configPrefix
When using AWS S3 shared config files, the prefix to use for values such as locks
Type: string
Default:
"exhibitor-"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.s3Config.objectKey
S3 key name to store the config
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.s3Credentials
Optional credentials to use for s3backup or s3config. Argument is the path to an AWS credential properties file with two properties: com.netflix.exhibitor.s3.access-key-id and com.netflix.exhibitor.s3.access-secret-key
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.s3Region
Optional region for S3 calls
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.servo
ZooKeeper will be queried once a minute for its state via the 'mntr' four letter word (this requires ZooKeeper 3.4.x+). Servo will be used to publish this data via JMX.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.timeout
Connection timeout (ms) for ZK connections.
Type: signed integer
Default:
30000
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkCleanupPeriod
How often (in milliseconds) to run the Zookeeper log cleanup task.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkClientPort
Zookeeper client port
Type: signed integer
Default:
2181
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkConfigConnect
The initial connection string for ZooKeeper shared config storage
Type: list of strings
Example:
[
"host1:2181" "host2:2181"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkConfigExhibitorPath
If the ZooKeeper shared config is also running Exhibitor, the URI path for the REST call
Type: string
Default:
"/"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkConfigExhibitorPort
If the ZooKeeper shared config is also running Exhibitor, the port that Exhibitor is listening on. IMPORTANT: if this value is not set it implies that Exhibitor is not being used on the ZooKeeper shared config.
Type: null or signed integer
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkConfigPollMs
The period in ms to check for changes in the config ensemble
Type: signed integer
Default:
10000
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkConfigRetry.retryQuantity
Retries connecting to the ZooKeeper config
Type: signed integer
Default:
3
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkConfigRetry.sleepMs
Retry sleep time connecting to the ZooKeeper config
Type: signed integer
Default:
1000
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkConfigZPath
The base ZPath that Exhibitor should use
Type: string
Example:
"/exhibitor/config"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkConnectPort
The port to use for followers to talk to each other.
Type: signed integer
Default:
2888
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkDataDir
The Zookeeper data directory
Type: string
Default:
"/var/exhibitor/zkData"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkElectionPort
The port for Zookeepers to use for leader election.
Type: signed integer
Default:
3888
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkExtraCfg
Extra options to pass into Zookeeper
Type: string
Default:
"initLimit=5&syncLimit=2&tickTime=2000"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkLogDir
The Zookeeper logs directory
Type: path
Default:
"/var/exhibitor/zkLogs"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkServersSpec
Zookeeper server spec for all servers in the ensemble.
Type: list of strings
Default:
[
]
Example:
[
"S:1:zk1.example.com" "S:2:zk2.example.com" "S:3:zk3.example.com" "O:4:zk-observer.example.com"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exim.enable
Whether to enable the Exim mail transfer agent.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/exim.nix>
|
services.exim.package
The Exim derivation to use. This can be used to enable features such as LDAP or PAM support.
Type: package
Default:
"pkgs.exim"
Declared by:
<nixpkgs/nixos/modules/services/mail/exim.nix>
|
services.exim.config
Verbatim Exim configuration. This should not contain exim_user, exim_group, exim_path, or spool_directory.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/exim.nix>
|
services.exim.group
Group to use when no root privileges are required.
Type: string
Default:
"exim"
Declared by:
<nixpkgs/nixos/modules/services/mail/exim.nix>
|
services.exim.spoolDir
Location of the spool directory of exim.
Type: string
Default:
"/var/spool/exim"
Declared by:
<nixpkgs/nixos/modules/services/mail/exim.nix>
|
services.exim.user
User to use when no root privileges are required. In particular, this applies when receiving messages and when doing remote deliveries. (Local deliveries run as various non-root users, typically as the owner of a local mailbox.) Specifying this value as root is not supported.
Type: string
Default:
"exim"
Declared by:
<nixpkgs/nixos/modules/services/mail/exim.nix>
|
services.factorio.enable
Whether to enable Factorio.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.autosave-interval
Autosave interval in minutes.
Type: null or signed integer
Default:
null
Example:
10
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.configFile
The server's configuration file.
The default file generated by this module contains lines essential to the server's operation. Use its contents as a basis for any customizations.
Type: path
Default:
"configFile"
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.description
Description of the game that will appear in the listing.
Type: null or string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.game-name
Name of the game as it will appear in the game listing.
Type: null or string
Default:
"Factorio Game"
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.game-password
Game password.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.lan
Game will be broadcast on LAN.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.mods
Mods the server should install and activate.
The derivations in this list must "build" the mod by simply copying the .zip, named correctly, into the output directory. Eventually, there will be a way to pull in the most up-to-date list of derivations via nixos-channel. Until then, this is for experts only.
Type: list of packages
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.password
Your factorio.com login credentials. Required for games with visibility public.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.port
The port to which the service should bind.
This option will also open up the UDP port in the firewall configuration.
Type: signed integer
Default:
34197
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.public
Game will be published on the official Factorio matching server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.requireUserVerification
When set to true, the server will only allow clients that have a valid factorio.com account.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.saveName
The name of the savegame that will be used by the server.
When not present in /var/lib/factorio/saves, a new map with default settings will be generated before starting the service.
Type: string
Default:
"default"
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.stateDir
The server's data directory.
The configuration and map will be stored here.
Type: path
Default:
"/var/lib/factorio"
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.token
Authentication token. May be used instead of 'password' above.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.username
Your factorio.com login credentials. Required for games with visibility public.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.fail2ban.enable
Whether to enable the fail2ban service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
|
services.fail2ban.daemonConfig
The contents of Fail2ban's main configuration file. It's generally not necessary to change it.
Type: string
Default:
'' [Definition] loglevel = INFO logtarget = SYSLOG socket = /run/fail2ban/fail2ban.sock pidfile = /run/fail2ban/fail2ban.pid ''
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
|
services.fail2ban.jails
The configuration of each Fail2ban “jail”. A jail
consists of an action (such as blocking a port using
iptables) that is triggered when a
filter applied to a log file triggers more than a certain
number of times in a certain time period. Actions are
defined in /etc/fail2ban/action.d
,
while filters are defined in
/etc/fail2ban/filter.d
.
Type: attribute set of strings
Default:
{
}
Example:
{ apache-nohome-iptables = '' # Block an IP address if it accesses a non-existent # home directory more than 5 times in 10 minutes, # since that indicates that it's scanning. filter = apache-nohome action = iptables-multiport[name=HTTP, port="http,https"] logpath = /var/log/httpd/error_log* findtime = 600 bantime = 600 maxretry = 5 ''; }
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
|
services.fakeroute.enable
Whether to enable the fakeroute service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/fakeroute.nix>
|
services.fakeroute.route
Fake route that will appear after the real one to any host running a traceroute.
Type: list of strings
Default:
[
]
Example:
[
"216.102.187.130" "4.0.1.122" "198.116.142.34" "63.199.8.242"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/fakeroute.nix>
|
services.fcgiwrap.enable
Whether to enable fcgiwrap, a server for running CGI applications over FastCGI.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix>
|
services.fcgiwrap.group
Group permissions for the socket.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix>
|
services.fcgiwrap.preforkProcesses
Number of processes to prefork.
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix>
|
services.fcgiwrap.socketAddress
Socket address. In case of a UNIX socket, this should be its filesystem path.
Type: string
Default:
"/run/fcgiwrap.sock"
Example:
"1.2.3.4:5678"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix>
|
services.fcgiwrap.socketType
Socket type: 'unix', 'tcp' or 'tcp6'.
Type: one of "unix", "tcp", "tcp6"
Default:
"unix"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix>
|
services.fcgiwrap.user
User permissions for the socket.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix>
|
services.fcron.enable
Whether to enable the fcron daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
|
services.fcron.allow
Users allowed to use fcrontab and fcrondyn (one name per
line, all
for everyone).
Type: list of strings
Default:
[
"all"
]
Declared by:
<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
|
services.fcron.deny
Users forbidden from using fcron.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
|
services.fcron.maxSerialJobs
Maximum number of serial jobs which can run simultaneously.
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
|
services.fcron.queuelen
Number of jobs the serial queue and the lavg queue can contain.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
|
services.fcron.systab
The "system" crontab contents.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
|
services.felix.enable
Whether to enable the Apache Felix OSGi service
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/felix.nix>
|
services.felix.bundles
List of bundles that should be activated on startup
Type: list of packages
Default:
"[ pkgs.felix_remoteshell ]"
Declared by:
<nixpkgs/nixos/modules/services/misc/felix.nix>
|
services.felix.group
Group account under which Apache Felix runs.
Type: unspecified
Default:
"osgi"
Declared by:
<nixpkgs/nixos/modules/services/misc/felix.nix>
|
services.felix.user
User account under which Apache Felix runs.
Type: unspecified
Default:
"osgi"
Declared by:
<nixpkgs/nixos/modules/services/misc/felix.nix>
|
services.ferm.enable
Whether to enable Ferm Firewall. *Warning*: Enabling this service WILL disable the existing NixOS firewall! Default firewall rules provided by packages are not considered at the moment.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ferm.nix>
|
services.ferm.package
The ferm package.
Type: package
Default:
"pkgs.ferm"
Declared by:
<nixpkgs/nixos/modules/services/networking/ferm.nix>
|
services.ferm.config
Verbatim ferm.conf configuration.
Type: string
Default:
"empty firewall, allows any traffic"
Declared by:
<nixpkgs/nixos/modules/services/networking/ferm.nix>
|
services.firebird.enable
Whether to enable the Firebird super server.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/firebird.nix>
|
services.firebird.package
Which firebird derivation to use.
Type: package
Default:
"pkgs.firebirdSuper"
Declared by:
<nixpkgs/nixos/modules/services/databases/firebird.nix>
|
services.firebird.baseDir
Location containing data/ and system/ directories. data/ stores the databases, system/ stores the password database security2.fdb.
Type: unspecified
Default:
"/var/db/firebird"
Declared by:
<nixpkgs/nixos/modules/services/databases/firebird.nix>
|
services.firebird.port
Port Firebird uses.
Type: unspecified
Default:
"3050"
Declared by:
<nixpkgs/nixos/modules/services/databases/firebird.nix>
|
services.firebird.user
User account under which firebird runs.
Type: unspecified
Default:
"firebird"
Declared by:
<nixpkgs/nixos/modules/services/databases/firebird.nix>
|
services.firefox.syncserver.enable
Whether to enable a Firefox Sync Server, this give the opportunity to
Firefox users to store all synchronized data on their own server. To use this
server, Firefox users should visit the about:config
, and
replicate the following change
services.sync.tokenServerURI: http://localhost:5000/token/1.0/sync/1.5
where http://localhost:5000/
corresponds to the
public url of the server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox/sync-server.nix>
|
services.firefox.syncserver.allowNewUsers
Whether to allow new-user signups on the server. Only request by existing accounts will be honored.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox/sync-server.nix>
|
services.firefox.syncserver.listen.address
Address on which the sync server listen to.
Type: string
Default:
"127.0.0.1"
Example:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox/sync-server.nix>
|
services.firefox.syncserver.listen.port
Port on which the sync server listen to.
Type: signed integer
Default:
5000
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox/sync-server.nix>
|
services.firefox.syncserver.privateConfig
The private config file is used to extend the generated config with confidential
information, such as the syncserver.sqlUri
setting if it contains a
password, and the syncserver.secret
setting is used by the server to
generate cryptographically-signed authentication tokens.
If this file does not exists, then it is created with a generated
syncserver.secret
settings.
Type: string
Default:
"/etc/firefox/syncserver-secret.ini"
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox/sync-server.nix>
|
services.firefox.syncserver.publicUrl
Public URL with which firefox users can use to access the sync server.
Type: string
Default:
"http://localhost:5000/"
Example:
"http://sync.example.com/"
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox/sync-server.nix>
|
services.firefox.syncserver.sqlUri
The location of the database. This URL is composed of
dialect[+driver]://user:password@host/dbname[?key=value..]
,
where dialect
is a database name such as
mysql
, oracle
, postgresql
,
etc., and driver
the name of a DBAPI, such as
psycopg2
, pyodbc
, cx_oracle
,
etc. The
SQLAlchemy documentation provides more examples and describe the syntax of
the expected URL.
Type: string
Default:
"sqlite:////var/db/firefox-sync-server/firefox-sync-server.db"
Example:
"postgresql://scott:tiger@localhost/test"
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox/sync-server.nix>
|
services.fireqos.enable
If enabled, FireQOS will be launched with the specified configuration given in `config`.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/fireqos.nix>
|
services.fireqos.config
The FireQOS configuration goes here.
Type: string
Default:
""
Example:
'' interface wlp3s0 world-in input rate 10mbit ethernet class web commit 50kbit match tcp ports 80,443 interface wlp3s0 world-out input rate 10mbit ethernet class web commit 50kbit match tcp ports 80,443 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/fireqos.nix>
|
services.flannel.enable
Whether to enable flannel.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.package
Package to use for flannel
Type: package
Default:
"pkgs.flannel.bin"
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.backend
Type of backend to use and specific configurations for that backend.
Type: attribute set
Default:
{
Type = "vxlan";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.etcd.caFile
Etcd certificate authority file
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.etcd.certFile
Etcd cert file
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.etcd.endpoints
Etcd endpoints
Type: list of strings
Default:
[
"http://127.0.0.1:2379"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.etcd.keyFile
Etcd key file
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.etcd.prefix
Etcd key prefix
Type: string
Default:
"/coreos.com/network"
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.iface
Interface to use (IP or name) for inter-host communication. Defaults to the interface for the default route on the machine.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.network
IPv4 network in CIDR format to use for the entire flannel network.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.publicIp
IP accessible by other nodes for inter-host communication. Defaults to the IP of the interface being used for communication.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.subnetLen
The size of the subnet allocated to each host. Defaults to 24 (i.e. /24) unless the Network was configured to be smaller than a /24 in which case it is one less than the network.
Type: signed integer
Default:
24
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.subnetMax
The end of IP range which the subnet allocation should start with. Defaults to the last subnet of Network.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.subnetMin
The beginning of IP range which the subnet allocation should start with. Defaults to the first subnet of Network.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flashpolicyd.enable
Whether to enable the Flash Policy server. This is necessary if you want Flash applications to make connections to your server.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/flashpolicyd.nix>
|
services.flashpolicyd.policy
The policy to be served. The default is to allow connections from any domain to any port.
Type: unspecified
Default:
'' <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="master-only"/> <allow-access-from domain="*" to-ports="*" /> </cross-domain-policy> ''
Declared by:
<nixpkgs/nixos/modules/services/networking/flashpolicyd.nix>
|
services.flatpak.enable
Whether to enable flatpak.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/desktops/flatpak.nix>
|
services.flatpak.extraPortals
List of additional portals to add to path. Portals allow interaction with system, like choosing files or taking screenshots. At minimum, a desktop portal implementation should be listed. GNOME already adds xdg-desktop-portal-gtk; for KDE, there is xdg-desktop-portal-kde. Other desktop environments will probably want to do the same.
Type: list of packages
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/desktops/flatpak.nix>
|
services.flexget.enable
Whether to enable Run FlexGet Daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/torrent/flexget.nix>
|
services.flexget.config
The YAML configuration for FlexGet.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/torrent/flexget.nix>
|
services.flexget.homeDir
Where files live.
Type: path
Default:
"/var/lib/deluge"
Example:
"/home/flexget"
Declared by:
<nixpkgs/nixos/modules/services/torrent/flexget.nix>
|
services.flexget.interval
When to perform a flexget run. See man 7 systemd.time for the format.
Type: string
Default:
"10m"
Example:
"1h"
Declared by:
<nixpkgs/nixos/modules/services/torrent/flexget.nix>
|
services.flexget.systemScheduler
When true, execute the runs via the flexget-runner.timer. If false, you have to specify the settings yourself in the YML file.
Type: boolean
Default:
true
Example:
"false"
Declared by:
<nixpkgs/nixos/modules/services/torrent/flexget.nix>
|
services.flexget.user
The user under which to run flexget.
Type: string
Default:
"deluge"
Example:
"some_user"
Declared by:
<nixpkgs/nixos/modules/services/torrent/flexget.nix>
|
services.fluentd.enable
Whether to enable fluentd.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/logging/fluentd.nix>
|
services.fluentd.package
The fluentd package to use.
Type: path
Default:
"pkgs.fluentd"
Declared by:
<nixpkgs/nixos/modules/services/logging/fluentd.nix>
|
services.fluentd.config
Fluentd config.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/logging/fluentd.nix>
|
services.fluentd.plugins
A list of plugin paths to pass into fluentd. It will make plugins defined in ruby files there available in your config.
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/logging/fluentd.nix>
|
services.foldingAtHome.enable
Whether to enable the Folding@Home to use idle CPU time.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/folding-at-home.nix>
|
services.foldingAtHome.config
Extra configuration. Contents will be added verbatim to the configuration file.
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/folding-at-home.nix>
|
services.foldingAtHome.nickname
A unique handle for statistics.
Type: unspecified
Default:
"Anonymous"
Declared by:
<nixpkgs/nixos/modules/services/misc/folding-at-home.nix>
|
services.foundationdb.enable
Whether to enable FoundationDB Server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.package
The FoundationDB package to use for this server. This must be specified by the user in order to ensure migrations and upgrades are controlled appropriately.
Type: package
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.backupProcesses
Number of backup_agent processes to run for snapshots.
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.class
Process class
Type: null or one of "storage", "transaction", "stateless"
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.dataDir
Data directory. All cluster data will be put under here.
Type: path
Default:
"/var/lib/foundationdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.extraReadWritePaths
An extra set of filesystem paths that FoundationDB can read to and write from. By default, FoundationDB runs under a heavily namespaced systemd environment without write access to most of the filesystem outside of its data and log directories. By adding paths to this list, the set of writeable paths will be expanded. This is useful for allowing e.g. backups to local files, which must be performed on behalf of the foundationdb service.
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.group
Group account under which FoundationDB runs.
Type: string
Default:
"foundationdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.listenAddress
Publicly visible IP address of the process. Port is determined by process ID
Type: string
Default:
"public"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.listenPortStart
Starting port number for database listening sockets. Every FDB process binds to a subsequent port, to this number reflects the start of the overall range. e.g. having 8 server processes will use all ports between 4500 and 4507.
Type: signed integer
Default:
4500
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.locality
FoundationDB locality settings.
Type: submodule
Default:
{
dataHall = null; datacenterId = null; machineId = null; zoneId = null;
}
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.locality.dataHall
Data hall identifier key. All processes physically located in a data hall should share the id. If you are depending on data hall based replication this must be set on all processes.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.locality.datacenterId
Data center identifier key. All processes physically located in a data center should share the id. If you are depending on data center based replication this must be set on all processes.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.locality.machineId
Machine identifier key. All processes on a machine should share a unique id. By default, processes on a machine determine a unique id to share. This does not generally need to be set.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.locality.zoneId
Zone identifier key. Processes that share a zone id are considered non-unique for the purposes of data replication. If unset, defaults to machine id.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.logDir
Log directory.
Type: path
Default:
"/var/log/foundationdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.logSize
Roll over to a new log file after the current log file reaches the specified size.
Type: string
Default:
"10MiB"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.maxLogSize
Delete the oldest log file when the total size of all log files exceeds the specified size. If set to 0, old log files will not be deleted.
Type: string
Default:
"100MiB"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.memory
Maximum memory used by the process. The default value is
8GiB
. When specified without a unit,
MiB
is assumed. This parameter does not
change the memory allocation of the program. Rather, it sets
a hard limit beyond which the process will kill itself and
be restarted. The default value of 8GiB
is double the intended memory usage in the default
configuration (providing an emergency buffer to deal with
memory leaks or similar problems). It is not recommended to
decrease the value of this parameter below its default
value. It may be increased if you wish to allocate a very
large amount of storage engine memory or cache. In
particular, when the storageMemory
parameter is increased, the memory
parameter should be increased by an equal amount.
Type: string
Default:
"8GiB"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.openFirewall
Open the firewall ports corresponding to FoundationDB processes and coordinators
using config.networking.firewall.*
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.pidfile
Path to pidfile for fdbmonitor.
Type: path
Default:
"/run/foundationdb.pid"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.publicAddress
Publicly visible IP address of the process. Port is determined by process ID
Type: string
Default:
"auto"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.restartDelay
Number of seconds to wait before restarting servers.
Type: signed integer
Default:
10
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.serverProcesses
Number of fdbserver processes to run.
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.storageMemory
Maximum memory used for data storage. The default value is
1GiB
. When specified without a unit,
MB
is assumed. Clusters using the memory
storage engine will be restricted to using this amount of
memory per process for purposes of data storage. Memory
overhead associated with storing the data is counted against
this total. If you increase the
storageMemory
, you should also increase
the memory
parameter by the same amount.
Type: string
Default:
"1GiB"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.tls
FoundationDB Transport Security Layer (TLS) settings.
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.tls.allowedPeers
"Peer verification string". This may be used to adjust which TLS client certificates a server will accept, as a form of user authorization; for example, it may only accept TLS clients who offer a certificate abiding by some locality or organization name.
For more information, please see the FoundationDB documentation.
Type: string
Default:
"Check.Valid=1,Check.Unexpired=1"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.tls.certificate
Path to the TLS certificate file. This certificate will be offered to, and may be verified by, clients.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.tls.key
Private key file for the certificate.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.user
User account under which FoundationDB runs.
Type: string
Default:
"foundationdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.fourStore.enable
Whether to enable 4Store RDF database server.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/4store.nix>
|
services.fourStore.database
RDF database name. If it doesn't exist, it will be created. Databases are stored in /var/lib/4store.
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/4store.nix>
|
services.fourStore.options
Extra CLI options to pass to 4Store.
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/4store.nix>
|
services.fourStoreEndpoint.enable
Whether to enable 4Store SPARQL endpoint.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/4store-endpoint.nix>
|
services.fourStoreEndpoint.database
RDF database name to expose via the endpoint. Defaults to local 4Store database name.
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/4store-endpoint.nix>
|
services.fourStoreEndpoint.listenAddress
IP address to listen on.
Type: unspecified
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/4store-endpoint.nix>
|
services.fourStoreEndpoint.options
Extra CLI options to pass to 4Store's 4s-httpd process.
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/4store-endpoint.nix>
|
services.fourStoreEndpoint.port
port to listen on.
Type: unspecified
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/databases/4store-endpoint.nix>
|
services.fprintd.enable
Whether to enable fprintd daemon and PAM module for fingerprint readers handling.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/fprintd.nix>
|
services.fprot.updater.enable
Whether to enable automatic F-Prot virus definitions database updates.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/fprot.nix>
|
services.fprot.updater.frequency
Update virus definitions every X minutes.
Type: unspecified
Default:
30
Declared by:
<nixpkgs/nixos/modules/services/security/fprot.nix>
|
services.fprot.updater.licenseKeyfile
License keyfile. Defaults to the one supplied with installation package.
Type: unspecified
Declared by:
<nixpkgs/nixos/modules/services/security/fprot.nix>
|
services.fprot.updater.productData
product.data file. Defaults to the one supplied with installation package.
Type: unspecified
Declared by:
<nixpkgs/nixos/modules/services/security/fprot.nix>
|
services.frab.enable
Enable the frab service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/frab.nix>
|
services.frab.database
Rails database configuration for Frab as Nix attribute set.
Type: attribute set
Default:
{
adapter = "sqlite3"; database = "/var/lib/frab/db.sqlite3"; pool = 5; timeout = 5000;
}
Example:
{
adapter = "postgresql"; database = "frab"; encoding = "utf8"; host = "localhost"; password = "supersecret"; pool = 5; username = "frabuser";
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/frab.nix>
|
services.frab.extraEnvironment
Additional environment variables to set for frab for further configuration. See the frab documentation for more information.
Type: attribute set
Default:
{
}
Example:
{
EXCEPTION_EMAIL = "frab-owner@example.com"; FRAB_CURRENCY_FORMAT = "%n%u"; FRAB_CURRENCY_UNIT = "€"; SMTP_ADDRESS = "localhost"; SMTP_AUTHENTICATION = "1"; SMTP_DOMAIN = "localdomain"; SMTP_NOTLS = "1"; SMTP_PASSWORD = "toor"; SMTP_PORT = "587"; SMTP_USER_NAME = "root";
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/frab.nix>
|
services.frab.fromEmail
Email address used by frab.
Type: string
Default:
"frab@localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/frab.nix>
|
services.frab.group
Group to run frab.
Type: string
Default:
"frab"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/frab.nix>
|
services.frab.host
Hostname under which this frab instance can be reached.
Type: string
Example:
"frab.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/frab.nix>
|
services.frab.listenAddress
Address or hostname frab should listen on.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/frab.nix>
|
services.frab.listenPort
Port frab should listen on.
Type: signed integer
Default:
3000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/frab.nix>
|
services.frab.protocol
Either http or https, depending on how your Frab instance will be exposed to the public.
Type: string
Default:
"https"
Example:
"http"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/frab.nix>
|
services.frab.secretKeyBase
Your secret key is used for verifying the integrity of signed cookies. If you change this key, all old signed cookies will become invalid!
Make sure the secret is at least 30 characters and all random, no regular words or you'll be exposed to dictionary attacks.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/frab.nix>
|
services.frab.statePath
Directory where frab keeps its state.
Type: string
Default:
"/var/lib/frab"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/frab.nix>
|
services.frab.user
User to run frab.
Type: string
Default:
"frab"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/frab.nix>
|
services.fractalart.enable
Enable FractalArt for generating colorful wallpapers on login
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/fractalart.nix>
|
services.fractalart.height
Screen height
Type: null or signed integer
Default:
null
Example:
1080
Declared by:
<nixpkgs/nixos/modules/services/x11/fractalart.nix>
|
services.fractalart.width
Screen width
Type: null or signed integer
Default:
null
Example:
1920
Declared by:
<nixpkgs/nixos/modules/services/x11/fractalart.nix>
|
services.freefall.enable
Whether to protect HP/Dell laptop hard drives (not SSDs) in free fall.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/freefall.nix>
|
services.freefall.package
freefall derivation to use.
Type: package
Default:
"pkgs.freefall"
Declared by:
<nixpkgs/nixos/modules/services/hardware/freefall.nix>
|
services.freefall.devices
Device paths to all internal spinning hard drives.
Type: list of strings
Default:
[
"/dev/sda"
]
Declared by:
<nixpkgs/nixos/modules/services/hardware/freefall.nix>
|
services.freenet.enable
Enable the Freenet daemon
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/freenet.nix>
|
services.freenet.nice
Set the nice level for the Freenet daemon
Type: signed integer
Default:
10
Declared by:
<nixpkgs/nixos/modules/services/networking/freenet.nix>
|
services.freeradius.enable
Whether to enable the freeradius server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/freeradius.nix>
|
services.freeradius.configDir
The path of the freeradius server configuration directory.
Type: path
Default:
"/etc/raddb"
Declared by:
<nixpkgs/nixos/modules/services/networking/freeradius.nix>
|
services.fstrim.enable
Whether to enable periodic SSD TRIM of mounted partitions in background.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/fstrim.nix>
|
services.fstrim.interval
How often we run fstrim. For most desktop and server systems a sufficient trimming frequency is once a week.
The format is described in systemd.time(7).
Type: string
Default:
"weekly"
Declared by:
<nixpkgs/nixos/modules/services/misc/fstrim.nix>
|
services.fusionInventory.enable
Whether to enable Fusion Inventory Agent.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/fusion-inventory.nix>
|
services.fusionInventory.extraConfig
Configuration that is injected verbatim into the configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/fusion-inventory.nix>
|
services.fusionInventory.servers
The urls of the OCS/GLPI servers to connect to.
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/monitoring/fusion-inventory.nix>
|
services.fwupd.enable
Whether to enable fwupd, a DBus service that allows applications to update firmware.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/fwupd.nix>
|
services.fwupd.blacklistDevices
Allow blacklisting specific devices by their GUID
Type: list of strings
Default:
[
]
Example:
[
"2082b5e0-7a64-478a-b1b2-e3404fab6dad"
]
Declared by:
<nixpkgs/nixos/modules/services/hardware/fwupd.nix>
|
services.fwupd.blacklistPlugins
Allow blacklisting specific plugins
Type: list of strings
Default:
[
]
Example:
[
"udev"
]
Declared by:
<nixpkgs/nixos/modules/services/hardware/fwupd.nix>
|
services.fwupd.extraTrustedKeys
Installing a public key allows firmware signed with a matching private key to be recognized as trusted, which may require less authentication to install than for untrusted files. By default trusted firmware can be upgraded (but not downgraded) without the user or administrator password. Only very few keys are installed by default.
Type: list of paths
Default:
[
]
Example:
[ /etc/nixos/fwupd/myfirmware.pem ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/fwupd.nix>
|
services.gale.enable
Whether to enable the Gale messaging daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/gale.nix>
|
services.gale.domain
Domain name for the Gale system.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/gale.nix>
|
services.gale.extraConfig
Additional text to be added to /etc/gale/conf
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/gale.nix>
|
services.gale.group
Group name for the Gale daemon.
Type: string
Default:
"gale"
Declared by:
<nixpkgs/nixos/modules/services/networking/gale.nix>
|
services.gale.keyPath
Directory containing the key pair for this Gale domain. The expected filename will be taken from the domain option with ".gpri" and ".gpub" appended.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/gale.nix>
|
services.gale.setuidWrapper
Configuration for the Gale gksign setuid wrapper.
Type: unspecified
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/gale.nix>
|
services.gale.user
Username for the Gale daemon.
Type: string
Default:
"gale"
Declared by:
<nixpkgs/nixos/modules/services/networking/gale.nix>
|
services.gammu-smsd.enable
Whether to enable gammu-smsd daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.backend.files.errorSMSPath
Where SMSes with error in transmission is placed
Type: path
Default:
"/var/spool/sms/error/"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.backend.files.inboxPath
Where the received SMSes are stored
Type: path
Default:
"/var/spool/sms/inbox/"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.backend.files.outboxPath
Where SMSes to be sent should be placed
Type: path
Default:
"/var/spool/sms/outbox/"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.backend.files.sentSMSPath
Where the transmitted SMSes are placed
Type: path
Default:
"/var/spool/sms/sent/"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.backend.service
Service to use to store sms data.
Type: one of "null", "files", "sql"
Default:
"null"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.backend.sql.database
Database name to store sms data
Type: string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.backend.sql.driver
DB driver to use
Type: one of "native_mysql", "native_pgsql", "odbc", "dbi"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.backend.sql.host
Database server address
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.backend.sql.password
User password used for connetion to the database
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.backend.sql.sqlDialect
SQL dialect to use (odbc driver only)
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.backend.sql.user
User name used for connection to the database
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.device.connection
Protocol which will be used to talk to the phone
Type: string
Default:
"at"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.device.group
Owner group of the device
Type: string
Default:
"root"
Example:
"dialout"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.device.path
Device node or address of the phone
Type: path
Example:
"/dev/ttyUSB2"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.device.pin
PIN code for the simcard
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.device.synchronizeTime
Whether to set time from computer to the phone during starting connection
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.extraConfig.gammu
Extra config lines to be added into [gammu] section
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.extraConfig.smsd
Extra config lines to be added into [smsd] section
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.log.file
Path to file where information about communication will be stored
Type: string
Default:
"syslog"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.log.format
Determines what will be logged to the LogFile
Type: one of "nothing", "text", "textall", "textalldate", "errors", "errorsdate", "binary"
Default:
"errors"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.user
User that has access to the device
Type: string
Default:
"smsd"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gateone.enable
Whether to enable GateOne server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/gateone.nix>
|
services.gateone.pidDir
Path of pid files for GateOne.
Type: path
Default:
"/run/gateone"
Declared by:
<nixpkgs/nixos/modules/services/networking/gateone.nix>
|
services.gateone.settingsDir
Path of configuration files for GateOne.
Type: path
Default:
"/var/lib/gateone"
Declared by:
<nixpkgs/nixos/modules/services/networking/gateone.nix>
|
services.gdomap.enable
Whether to enable GNUstep Distributed Objects name server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/gdomap.nix>
|
services.geoclue2.enable
Whether to enable GeoClue 2 daemon, a DBus service that provides location information for accessing.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
|
services.geoclue2.enableDemoAgent
Whether to use the GeoClue demo agent. This should be overridden by desktop environments that provide their own agent.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
|
services.geoip-updater.enable
Whether to enable periodic downloading of GeoIP databases from maxmind.com. You might want to enable this if you, for instance, use ntopng or Wireshark.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/geoip-updater.nix>
|
services.geoip-updater.databaseDir
Directory that will contain GeoIP databases.
Type: path
Default:
"/var/lib/geoip-databases"
Declared by:
<nixpkgs/nixos/modules/services/misc/geoip-updater.nix>
|
services.geoip-updater.databases
Which GeoIP databases to update. The full URL is https://geolite.maxmind.com/download/geoip/database/ +
the_database
.
Type: list of strings
Default:
[
"GeoLiteCountry/GeoIP.dat.gz" "GeoIPv6.dat.gz" "GeoLiteCity.dat.xz" "GeoLiteCityv6-beta/GeoLiteCityv6.dat.gz" "asnum/GeoIPASNum.dat.gz" "asnum/GeoIPASNumv6.dat.gz" "GeoLite2-Country.mmdb.gz" "GeoLite2-City.mmdb.gz"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/geoip-updater.nix>
|
services.geoip-updater.interval
Update the GeoIP databases at this time / interval. The format is described in systemd.time(7). To prevent load spikes on maxmind.com, the timer interval is randomized by an additional delay of 3600 seconds. Setting a shorter interval than this is not recommended.
Type: string
Default:
"weekly"
Declared by:
<nixpkgs/nixos/modules/services/misc/geoip-updater.nix>
|
services.gitDaemon.enable
Enable Git daemon, which allows public hosting of git repositories without any access controls. This is mostly intended for read-only access.
You can allow write access by setting daemon.receivepack configuration item of the repository to true. This is solely meant for a closed LAN setting where everybody is friendly.
If you need any access controls, use something else.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gitDaemon.basePath
Remap all the path requests as relative to the given path. For example, if you set base-path to /srv/git, then if you later try to pull git://example.com/hello.git, Git daemon will interpret the path as /srv/git/hello.git.
Type: string
Default:
""
Example:
"/srv/git/"
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gitDaemon.exportAll
Publish all directories that look like Git repositories (have the objects and refs subdirectories), even if they do not have the git-daemon-export-ok file.
If disabled, you need to touch .git/git-daemon-export-ok in each repository you want the daemon to publish.
Warning: enabling this without a repository whitelist or basePath publishes every git repository you have.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gitDaemon.group
Group under which Git daemon would be running.
Type: string
Default:
"git"
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gitDaemon.listenAddress
Listen on a specific IP address or hostname.
Type: string
Default:
""
Example:
"example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gitDaemon.options
Extra configuration options to be passed to Git daemon.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gitDaemon.port
Port to listen on.
Type: signed integer
Default:
9418
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gitDaemon.repositories
A whitelist of paths of git repositories, or directories containing repositories all of which would be published. Paths must not end in "/".
Warning: leaving this empty and enabling exportAll publishes all repositories in your filesystem or basePath if specified.
Type: list of strings
Default:
[
]
Example:
[
"/srv/git" "/home/user/git/repo2"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gitDaemon.user
User under which Git daemon would be running.
Type: string
Default:
"git"
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gitea.enable
Enable Gitea Service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.package
gitea derivation to use
Type: package
Default:
"pkgs.gitea"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.appName
Application name.
Type: string
Default:
"gitea: Gitea Service"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.cookieSecure
Marks session cookies as "secure" as a hint for browsers to only send them via HTTPS. This option is recommend, if gitea is being served over HTTPS.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.database.createDatabase
Whether to create a local postgresql database automatically. This only applies if database type "postgres" is selected.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.database.host
Database host address.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.database.name
Database name.
Type: string
Default:
"gitea"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.database.password
The password corresponding to database.user
.
Warning: this is stored in cleartext in the Nix store!
Use database.passwordFile
instead.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.database.passwordFile
A file containing the password corresponding to
database.user
.
Type: null or path
Default:
null
Example:
"/run/keys/gitea-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.database.path
Path to the sqlite3 database file.
Type: string
Default:
"/var/lib/gitea/data/gitea.db"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.database.port
Database host port.
Type: signed integer
Default:
3306
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.database.type
Database engine to use.
Type: one of "sqlite3", "mysql", "postgres"
Default:
"sqlite3"
Example:
"mysql"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.database.user
Database user.
Type: string
Default:
"gitea"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.domain
Domain name of your server.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.dump.enable
Enable a timer that runs gitea dump to generate backup-files of the current gitea database and repositories.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.dump.interval
Run a gitea dump at this interval. Runs by default at 04:31 every day.
The format is described in systemd.time(7).
Type: string
Default:
"04:31"
Example:
"hourly"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.extraConfig
Configuration lines appended to the generated gitea configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.httpAddress
HTTP listen address.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.httpPort
HTTP listen port.
Type: signed integer
Default:
3000
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.log.level
General log level.
Type: one of "Trace", "Debug", "Info", "Warn", "Error", "Critical"
Default:
"Trace"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.log.rootPath
Root path for log files.
Type: string
Default:
"/var/lib/gitea/log"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.repositoryRoot
Path to the git repositories.
Type: string
Default:
"/var/lib/gitea/repositories"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.rootUrl
Full public URL of gitea server.
Type: string
Default:
"http://localhost:3000/"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.stateDir
gitea data directory.
Type: string
Default:
"/var/lib/gitea"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.staticRootPath
Upper level of template and static files path.
Type: string
Default:
"\${pkgs.gitea.data}"
Example:
"/var/lib/gitea/data"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.useWizard
Do not generate a configuration and use gitea' installation wizard instead. The first registered user will be administrator.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.user
User account under which gitea runs.
Type: string
Default:
"gitea"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitlab.enable
Enable the gitlab service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.packages.gitaly
Reference to the gitaly package
Type: package
Default:
"pkgs.gitaly"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.packages.gitlab
Reference to the gitlab package
Type: package
Default:
"pkgs.gitlab"
Example:
"pkgs.gitlab-ee"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.packages.gitlab-shell
Reference to the gitlab-shell package
Type: package
Default:
"pkgs.gitlab-shell"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.packages.gitlab-workhorse
Reference to the gitlab-workhorse package
Type: package
Default:
"pkgs.gitlab-workhorse"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.backupPath
Gitlab path for backups.
Type: string
Default:
"/var/gitlab/state/backup"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.databaseHost
Gitlab database hostname.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.databaseName
Gitlab database name.
Type: string
Default:
"gitlab"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.databasePassword
Gitlab database user password.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.databaseUsername
Gitlab database user.
Type: string
Default:
"gitlab"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.extraConfig
Extra options to be merged into config/gitlab.yml as nix attribute set.
Type: attribute set
Default:
{
}
Example:
{
gitlab =
{
default_projects_features =
{
builds = false;
}
;
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.group
Group to run gitlab and all related services.
Type: string
Default:
"gitlab"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.host
Gitlab host name. Used e.g. for copy-paste URLs.
Type: string
Default:
"nixos"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.https
Whether gitlab prints URLs with https as scheme.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.initialRootEmail
Initial email address of the root account if this is a new install.
Type: string
Default:
"admin@local.host"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.initialRootPassword
Initial password of the root account if this is a new install.
Type: string
Default:
"UseNixOS!"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.port
Gitlab server port for copy-paste URLs, e.g. 80 or 443 if you're service over https.
Type: signed integer
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.secrets.db
The secret is used to encrypt variables in the DB. If you change or lose this key you will be unable to access variables stored in database.
Make sure the secret is at least 30 characters and all random, no regular words or you'll be exposed to dictionary attacks.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.secrets.jws
The secret is used to encrypt session keys. If you change or lose this key, users will be disconnected.
Make sure the secret is an RSA private key in PEM format. You can generate one with
openssl genrsa 2048
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.secrets.otp
The secret is used to encrypt secrets for OTP tokens. If you change or lose this key, users which have 2FA enabled for login won't be able to login anymore.
Make sure the secret is at least 30 characters and all random, no regular words or you'll be exposed to dictionary attacks.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.secrets.secret
The secret is used to encrypt variables in the DB. If you change or lose this key you will be unable to access variables stored in database.
Make sure the secret is at least 30 characters and all random, no regular words or you'll be exposed to dictionary attacks.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.smtp.enable
Enable gitlab mail delivery over SMTP.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.smtp.enableStartTLSAuto
Whether to try to use StartTLS.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.smtp.address
Address of the SMTP server for Gitlab.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.smtp.authentication
Authentitcation type to use, see http://api.rubyonrails.org/classes/ActionMailer/Base.html
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.smtp.domain
HELO domain to use for outgoing mail.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.smtp.opensslVerifyMode
How OpenSSL checks the certificate, see http://api.rubyonrails.org/classes/ActionMailer/Base.html
Type: string
Default:
"peer"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.smtp.password
Password of the SMTP server for Gitlab.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.smtp.port
Port of the SMTP server for Gitlab.
Type: signed integer
Default:
465
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.smtp.username
Username of the SMTP server for Gitlab.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.statePath
Gitlab state directory, logs are stored here.
Type: string
Default:
"/var/gitlab/state"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.user
User to run gitlab and all related services.
Type: string
Default:
"gitlab"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab-runner.enable
Whether to enable Gitlab Runner.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.package
Gitlab Runner package to use
Type: package
Default:
"pkgs.gitlab-runner"
Example:
pkgs.gitlab-runner_1_11
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.packages
Packages to add to PATH for the gitlab-runner process.
Type: list of packages
Default:
"[ pkgs.bash pkgs.docker-machine ]"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.configFile
Configuration file for gitlab-runner. Use this option in favor of configOptions to avoid placing CI tokens in the nix store.
configFile
takes precedence over configOptions
.
Warning: Not using configFile
will potentially result in secrets
leaking into the WORLD-READABLE nix store.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.configOptions
Configuration for gitlab-runner
configFile
will take precedence over this option.
Warning: all Configuration, especially CI token, will be stored in a WORLD-READABLE file in the Nix Store.
If you want to protect your CI token use configFile
instead.
Type: attribute set
Example:
{
concurrent = 2; runners =
[
{
builds_dir = ""; docker =
{
cache_dir = ""; disable_cache = true; host = ""; image = "nixos/nix:1.11"; privileged = true;
}
; executor = "docker"; name = "docker-nix-1.11"; token = "TOKEN"; url = "https://CI/";
}
]
;
}
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.gracefulTermination
Finish all remaining jobs before stopping, restarting or reconfiguring. If not set gitlab-runner will stop immediatly without waiting for jobs to finish, which will lead to failed builds.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.gracefulTimeout
Time to wait until a graceful shutdown is turned into a forceful one.
Type: string
Default:
"infinity"
Example:
"5min 20s"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.workDir
The working directory used
Type: path
Default:
"/var/lib/gitlab-runner"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitolite.enable
Enable gitolite management under the
gitolite
user. After
switching to a configuration with Gitolite enabled, you can
then run git clone
gitolite@host:gitolite-admin.git
to manage it further.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
|
services.gitolite.enableGitAnnex
Enable git-annex support. Uses the extraGitoliteRc
option
to apply the necessary configuration.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
|
services.gitolite.adminPubkey
Initial administrative public key for Gitolite. This should be an SSH Public Key. Note that this key will only be used once, upon the first initialization of the Gitolite user. The key string cannot have any line breaks in it.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
|
services.gitolite.commonHooks
A list of custom git hooks that get copied to ~/.gitolite/hooks/common
.
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
|
services.gitolite.dataDir
Gitolite home directory (used to store all the repositories).
Type: string
Default:
"/var/lib/gitolite"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
|
services.gitolite.extraGitoliteRc
Extra configuration to append to the default ~/.gitolite.rc
.
This should be Perl code that modifies the %RC
configuration variable. The default ~/.gitolite.rc
content is generated by invoking gitolite print-default-rc
,
and extra configuration from this option is appended to it. The result
is placed to Nix store, and the ~/.gitolite.rc
file
becomes a symlink to it.
If you already have a customized (or otherwise changed)
~/.gitolite.rc
file, NixOS will refuse to replace
it with a symlink, and the `gitolite-init` initialization service
will fail. In this situation, in order to use this option, you
will need to take any customizations you may have in
~/.gitolite.rc
, convert them to appropriate Perl
statements, add them to this option, and remove the file.
See also the enableGitAnnex
option.
Type: string
Default:
""
Example:
$RC{UMASK} = 0027; $RC{SITE_INFO} = 'This is our private repository host'; push( @{$RC{ENABLE}}, 'Kindergarten' ); # enable the command/feature @{$RC{ENABLE}} = grep { $_ ne 'desc' } @{$RC{ENABLE}}; # disable the command/feature
Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
|
services.gitolite.group
Primary group of the Gitolite user account.
Type: string
Default:
"gitolite"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
|
services.gitolite.user
Gitolite user account. This is the username of the gitolite endpoint.
Type: string
Default:
"gitolite"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
|
services.gitweb.extraConfig
Verbatim configuration text appended to the generated gitweb.conf file.
Type: string
Default:
""
Example:
'' $feature{'highlight'}{'default'} = [1]; $feature{'ctags'}{'default'} = [1]; $feature{'avatar'}{'default'} = ['gravatar']; ''
Declared by:
<nixpkgs/nixos/modules/services/misc/gitweb.nix>
|
services.gitweb.gitwebTheme
Use an alternative theme for gitweb, strongly inspired by GitHub.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitweb.nix>
|
services.gitweb.projectroot
Path to git projects (bare repositories) that should be served by gitweb. Must not end with a slash.
Type: path
Default:
"/srv/git"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitweb.nix>
|
services.glusterfs.enable
Whether to enable GlusterFS Daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
|
services.glusterfs.enableGlustereventsd
Whether to enable the GlusterFS Events Daemon
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
|
services.glusterfs.extraFlags
Extra flags passed to the GlusterFS daemon
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
|
services.glusterfs.killMode
The systemd KillMode to use for glusterd.
glusterd spawns other daemons like gsyncd. If you want these to stop when glusterd is stopped (e.g. to ensure that NixOS config changes are reflected even for these sub-daemons), set this to 'control-group'. If however you want running volume processes (glusterfsd) and thus gluster mounts not be interrupted when glusterd is restarted (for example, when you want to restart them manually at a later time), set this to 'process'.
Type: one of "control-group", "process", "mixed", "none"
Default:
"control-group"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
|
services.glusterfs.logLevel
Log level used by the GlusterFS daemon
Type: one of "DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL", "TRACE", "NONE"
Default:
"INFO"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
|
services.glusterfs.stopKillTimeout
The systemd TimeoutStopSec to use.
After this time after having been asked to shut down, glusterd (and depending on the killMode setting also its child processes) are killed by systemd.
The default is set low because GlusterFS (as of 3.10) is known to not tell its children (like gsyncd) to terminate at all.
Type: string
Default:
"5s"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
|
services.glusterfs.tlsSettings
Make the server communicate via TLS. This means it will only connect to other gluster servers having certificates signed by the same CA.
Enabling this will create a file /var/lib/glusterd/secure-access
.
Disabling will delete this file again.
See also: https://gluster.readthedocs.io/en/latest/Administrator%20Guide/SSL/
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
|
services.glusterfs.tlsSettings.caCert
Path certificate authority used to sign the cluster certificates.
Type: path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
|
services.glusterfs.tlsSettings.tlsKeyPath
Path to the private key used for TLS.
Type: string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
|
services.glusterfs.tlsSettings.tlsPem
Path to the certificate used for TLS.
Type: path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
|
services.glusterfs.useRpcbind
Enable use of rpcbind. This is required for Gluster's NFS functionality.
You may want to turn it off to reduce the attack surface for DDoS reflection attacks.
See https://davelozier.com/glusterfs-and-rpcbind-portmap-ddos-reflection-attacks/ and https://bugzilla.redhat.com/show_bug.cgi?id=1426842 for details.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
|
services.gnome3.at-spi2-core.enable
Whether to enable at-spi2-core, a service for the Assistive Technologies available on the GNOME platform.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/at-spi2-core.nix>
|
services.gnome3.chrome-gnome-shell.enable
Whether to enable Chrome GNOME Shell native host connector, a DBus service allowing to install GNOME Shell extensions from a web browser. .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/chrome-gnome-shell.nix>
|
services.gnome3.evolution-data-server.enable
Whether to enable Evolution Data Server, a collection of services for storing addressbooks and calendars.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/evolution-data-server.nix>
|
services.gnome3.gnome-disks.enable
Whether to enable GNOME Disks daemon, a service designed to be a UDisks2 graphical front-end.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/gnome-disks.nix>
|
services.gnome3.gnome-documents.enable
Whether to enable GNOME Documents services, a document manager application for GNOME.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/gnome-documents.nix>
|
services.gnome3.gnome-keyring.enable
Whether to enable GNOME Keyring daemon, a service designed to take care of the user's security credentials, such as user names and passwords.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/gnome-keyring.nix>
|
services.gnome3.gnome-online-accounts.enable
Whether to enable GNOME Online Accounts daemon, a service that provides a single sign-on framework for the GNOME desktop.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/gnome-online-accounts.nix>
|
services.gnome3.gnome-online-miners.enable
Whether to enable GNOME Online Miners, a service that crawls through your online content.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/gnome-online-miners.nix>
|
services.gnome3.gnome-terminal-server.enable
Whether to enable GNOME Terminal server service, needed for gnome-terminal.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/gnome-terminal-server.nix>
|
services.gnome3.gnome-user-share.enable
Whether to enable GNOME User Share, a service that exports the contents of the Public folder in your home directory on the local network.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/gnome-user-share.nix>
|
services.gnome3.gpaste.enable
Whether to enable GPaste, a clipboard manager.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/gpaste.nix>
|
services.gnome3.gvfs.enable
Whether to enable gvfs backends, userspace virtual filesystem used by GNOME components via D-Bus.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/gvfs.nix>
|
services.gnome3.rygel.enable
Whether to enable Rygel UPnP Mediaserver.
You will need to also allow UPnP connections in firewall, see the following comment.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/rygel.nix>
|
services.gnome3.seahorse.enable
Whether to enable Seahorse search provider for the GNOME Shell activity search.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/seahorse.nix>
|
services.gnome3.sushi.enable
Whether to enable Sushi, a quick previewer for nautilus.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/sushi.nix>
|
services.gnome3.tracker.enable
Whether to enable Tracker services, a search engine, search tool and metadata storage system.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/tracker.nix>
|
services.gnome3.tracker-miners.enable
Whether to enable Tracker miners, indexing services for Tracker search engine and metadata storage system.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome3/tracker-miners.nix>
|
services.gnunet.enable
Whether to run the GNUnet daemon. GNUnet is GNU's anonymous peer-to-peer communication and file sharing framework.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gnunet.package
Overridable attribute of the gnunet package to use.
Type: package
Default:
"pkgs.gnunet"
Example:
pkgs.gnunet_git
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gnunet.extraOptions
Additional options that will be copied verbatim in `gnunet.conf'. See `gnunet.conf(5)' for details.
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gnunet.fileSharing.quota
Maximum file system usage (in MiB) for file sharing.
Type: unspecified
Default:
1024
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gnunet.load.hardNetUpBandwidth
Hard bandwidth limit (in bits per second) when uploading data.
Type: unspecified
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gnunet.load.maxNetDownBandwidth
Maximum bandwidth usage (in bits per second) for GNUnet when downloading data.
Type: unspecified
Default:
50000
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gnunet.load.maxNetUpBandwidth
Maximum bandwidth usage (in bits per second) for GNUnet when downloading data.
Type: unspecified
Default:
50000
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gnunet.tcp.port
The TCP port for use by GNUnet.
Type: unspecified
Default:
2086
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gnunet.udp.port
The UDP port for use by GNUnet.
Type: unspecified
Default:
2086
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gocd-agent.enable
Whether to enable gocd-agent.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-agent.packages
Packages to add to PATH for the Go.CD agent process.
Type: list of packages
Default:
"[ pkgs.stdenv pkgs.jre pkgs.git config.programs.ssh.package pkgs.nix ]"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-agent.agentConfig
Agent registration configuration.
Type: string
Default:
""
Example:
'' agent.auto.register.resources=ant,java agent.auto.register.environments=QA,Performance agent.auto.register.hostname=Agent01 ''
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-agent.environment
Additional environment variables to be passed to the Go.CD agent process.
As a base environment, Go.CD agent receives NIX_PATH from
environment.sessionVariables
, NIX_REMOTE is set to
"daemon".
Type: attribute set of strings
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-agent.extraGroups
List of extra groups that the "gocd-agent" user should be a part of.
Type: list of strings
Default:
[
]
Example:
[
"wheel" "docker"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-agent.extraOptions
Specifies additional command line arguments to pass to Go.CD agent java process. Example contains debug and gcLog arguments.
Type: unspecified
Default:
[
]
Example:
[
"-X debug" "-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5006" "-verbose:gc" "-Xloggc:go-agent-gc.log" "-XX:+PrintGCTimeStamps" "-XX:+PrintTenuringDistribution" "-XX:+PrintGCDetails" "-XX:+PrintGC"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-agent.goServer
URL of the GoCD Server to attach the Go.CD Agent to.
Type: string
Default:
"https://127.0.0.1:8154/go"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-agent.group
If the default user "gocd-agent" is configured then this is the primary group of that user.
Type: string
Default:
"gocd-agent"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-agent.initialJavaHeapSize
Specifies the initial java heap memory size for the Go.CD agent java process.
Type: string
Default:
"128m"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-agent.maxJavaHeapMemory
Specifies the java maximum heap memory size for the Go.CD agent java process.
Type: string
Default:
"256m"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-agent.startupOptions
Specifies startup command line arguments to pass to Go.CD agent java process.
Type: unspecified
Default:
[
"-Xms128m" "-Xmx256m" "-Djava.io.tmpdir=/tmp" "-Dcruise.console.publish.interval=10" "-Djava.security.egd=file:/dev/./urandom"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-agent.user
User the Go.CD agent should execute under.
Type: string
Default:
"gocd-agent"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-agent.workDir
Specifies the working directory in which the Go.CD agent java archive resides.
Type: string
Default:
"/var/lib/go-agent"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-server.enable
Whether to enable gocd-server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.packages
Packages to add to PATH for the Go.CD server's process.
Type: list of packages
Default:
"[ pkgs.stdenv pkgs.jre pkgs.git config.programs.ssh.package pkgs.nix ]"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.environment
Additional environment variables to be passed to the gocd-server process.
As a base environment, gocd-server receives NIX_PATH from
environment.sessionVariables
, NIX_REMOTE is set to
"daemon".
Type: attribute set of strings
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.extraGroups
List of extra groups that the "gocd-server" user should be a part of.
Type: unspecified
Default:
[
]
Example:
[
"wheel" "docker"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.extraOptions
Specifies additional command line arguments to pass to Go.CD server's java process. Example contains debug and gcLog arguments.
Type: unspecified
Default:
[
]
Example:
[
"-X debug" "-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005" "-verbose:gc" "-Xloggc:go-server-gc.log" "-XX:+PrintGCTimeStamps" "-XX:+PrintTenuringDistribution" "-XX:+PrintGCDetails" "-XX:+PrintGC"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.group
If the default user "gocd-server" is configured then this is the primary group of that user.
Type: string
Default:
"gocd-server"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.initialJavaHeapSize
Specifies the initial java heap memory size for the Go.CD server's java process.
Type: string
Default:
"512m"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.listenAddress
Specifies the bind address on which the Go.CD server HTTP interface listens.
Type: string
Default:
"0.0.0.0"
Example:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.maxJavaHeapMemory
Specifies the java maximum heap memory size for the Go.CD server's java process.
Type: string
Default:
"1024m"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.port
Specifies port number on which the Go.CD server HTTP interface listens.
Type: signed integer
Default:
8153
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.sslPort
Specifies port number on which the Go.CD server HTTPS interface listens.
Type: signed integer
Default:
8154
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.startupOptions
Specifies startup command line arguments to pass to Go.CD server java process.
Type: unspecified
Default:
[
"-Xms512m" "-Xmx1024m" "-Dcruise.listen.host=0.0.0.0" "-Duser.language=en" "-Djruby.rack.request.size.threshold.bytes=30000000" "-Duser.country=US" "-Dcruise.config.dir=/var/lib/go-server/conf" "-Dcruise.config.file=/var/lib/go-server/conf/cruise-config.xml" "-Dcruise.server.port=8153" "-Dcruise.server.ssl.port=8154"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.user
User the Go.CD server should execute under.
Type: string
Default:
"gocd-server"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.workDir
Specifies the working directory in which the Go.CD server java archive resides.
Type: string
Default:
"/var/lib/go-server"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gogoclient.enable
Enable the gogoCLIENT IPv6 tunnel.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/gogoclient.nix>
|
services.gogoclient.autorun
Whether to automatically start the tunnel.
Type: unspecified
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/gogoclient.nix>
|
services.gogoclient.password
Path to a file (as a string), containing your gogoNET password, if any.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/gogoclient.nix>
|
services.gogoclient.server
The Gateway6 server to be used.
Type: unspecified
Default:
"anonymous.freenet6.net"
Example:
"broker.freenet6.net"
Declared by:
<nixpkgs/nixos/modules/services/networking/gogoclient.nix>
|
services.gogoclient.username
Your Gateway6 login name, if any.
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/gogoclient.nix>
|
services.gogs.enable
Enable Go Git Service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.appName
Application name.
Type: string
Default:
"Gogs: Go Git Service"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.cookieSecure
Marks session cookies as "secure" as a hint for browsers to only send them via HTTPS. This option is recommend, if Gogs is being served over HTTPS.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.database.host
Database host address.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.database.name
Database name.
Type: string
Default:
"gogs"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.database.password
The password corresponding to database.user
.
Warning: this is stored in cleartext in the Nix store!
Use database.passwordFile
instead.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.database.passwordFile
A file containing the password corresponding to
database.user
.
Type: null or path
Default:
null
Example:
"/run/keys/gogs-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.database.path
Path to the sqlite3 database file.
Type: string
Default:
"/var/lib/gogs/data/gogs.db"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.database.port
Database host port.
Type: signed integer
Default:
3306
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.database.type
Database engine to use.
Type: one of "sqlite3", "mysql", "postgres"
Default:
"sqlite3"
Example:
"mysql"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.database.user
Database user.
Type: string
Default:
"gogs"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.domain
Domain name of your server.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.extraConfig
Configuration lines appended to the generated Gogs configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.group
Group account under which Gogs runs.
Type: string
Default:
"gogs"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.httpAddress
HTTP listen address.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.httpPort
HTTP listen port.
Type: signed integer
Default:
3000
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.repositoryRoot
Path to the git repositories.
Type: string
Default:
"/var/lib/gogs/repositories"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.rootUrl
Full public URL of Gogs server.
Type: string
Default:
"http://localhost:3000/"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.stateDir
Gogs data directory.
Type: string
Default:
"/var/lib/gogs"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.staticRootPath
Upper level of template and static files path.
Type: string
Default:
"\${pkgs.gogs.data}"
Example:
"/var/lib/gogs/data"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.useWizard
Do not generate a configuration and use Gogs' installation wizard instead. The first registered user will be administrator.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.user
User account under which Gogs runs.
Type: string
Default:
"gogs"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gollum.enable
Enable the Gollum service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
|
services.gollum.address
IP address on which the web server will listen.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
|
services.gollum.allowUploads
Enable uploads of external files
Type: null or one of "dir", "page"
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
|
services.gollum.branch
Git branch to serve
Type: string
Default:
"master"
Example:
"develop"
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
|
services.gollum.emoji
Parse and interpret emoji tags
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
|
services.gollum.extraConfig
Content of the configuration file
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
|
services.gollum.mathjax
Enable support for math rendering using MathJax
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
|
services.gollum.port
Port on which the web server will run.
Type: signed integer
Default:
4567
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
|
services.gollum.stateDir
Specifies the path of the repository directory. If it does not exist, Gollum will create it on startup.
Type: path
Default:
"/var/lib/gollum"
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
|
services.gpm.enable
Whether to enable GPM, the General Purpose Mouse daemon, which enables mouse support in virtual consoles.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/ttys/gpm.nix>
|
services.gpm.protocol
Mouse protocol to use.
Type: string
Default:
"ps/2"
Declared by:
<nixpkgs/nixos/modules/services/ttys/gpm.nix>
|
services.gpsd.enable
Whether to enable `gpsd', a GPS service daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/gpsd.nix>
|
services.gpsd.debugLevel
The debugging level.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/misc/gpsd.nix>
|
services.gpsd.device
A device may be a local serial device for GPS input, or a URL of the form:
[{dgpsip|ntrip}://][user:passwd@]host[:port][/stream]
in which case it specifies an input source for DGPS or ntrip data.
Type: string
Default:
"/dev/ttyUSB0"
Declared by:
<nixpkgs/nixos/modules/services/misc/gpsd.nix>
|
services.gpsd.nowait
don't wait for client connects to poll GPS
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/gpsd.nix>
|
services.gpsd.port
The port where to listen for TCP connections.
Type: signed integer
Default:
2947
Declared by:
<nixpkgs/nixos/modules/services/misc/gpsd.nix>
|
services.gpsd.readonly
Whether to enable the broken-device-safety, otherwise known as read-only mode. Some popular bluetooth and USB receivers lock up or become totally inaccessible when probed or reconfigured. This switch prevents gpsd from writing to a receiver. This means that gpsd cannot configure the receiver for optimal performance, but it also means that gpsd cannot break the receiver. A better solution would be for Bluetooth to not be so fragile. A platform independent method to identify serial-over-Bluetooth devices would also be nice.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/gpsd.nix>
|
services.grafana.enable
Whether to enable grafana.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.package
Package to use.
Type: package
Default:
"pkgs.grafana"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.addr
Listening address.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.analytics.reporting.enable
Whether to allow anonymous usage reporting to stats.grafana.net
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.auth.anonymous.enable
Whether to allow anonymous access
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.auth.anonymous.org_name
Which organization to allow anonymous access to
Type: string
Default:
"Main Org."
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.auth.anonymous.org_role
Which role anonymous users have in the organization
Type: string
Default:
"Viewer"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.certFile
Cert file for ssl.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.certKey
Cert key for ssl.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.dataDir
Data directory.
Type: path
Default:
"/var/lib/grafana"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.database.connMaxLifetime
Sets the maximum amount of time (in seconds) a connection may be reused. For MySQL this setting should be shorter than the `wait_timeout' variable.
Type: signed integer
Default:
14400
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.database.host
Database host.
Type: string
Default:
"127.0.0.1:3306"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.database.name
Database name.
Type: string
Default:
"grafana"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.database.password
Database password.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.database.path
Database path.
Type: path
Default:
"/var/lib/grafana/data/grafana.db"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.database.type
Database type.
Type: one of "mysql", "sqlite3", "postgres"
Default:
"sqlite3"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.database.user
Database user.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.domain
The public facing domain name used to access grafana from a browser.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.extraOptions
Extra configuration options passed as env variables as specified in documentation, but without GF_ prefix
Type: attribute set of string or paths
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.port
Listening port.
Type: signed integer
Default:
3000
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.protocol
Which protocol to listen.
Type: one of "http", "https", "socket"
Default:
"http"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.rootUrl
Full public facing url.
Type: string
Default:
"%(protocol)s://%(domain)s:%(http_port)s/"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.security.adminPassword
Default admin password.
Type: string
Default:
"admin"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.security.adminUser
Default admin username.
Type: string
Default:
"admin"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.security.secretKey
Secret key used for signing.
Type: string
Default:
"SW2YcwTIb9zpOOhoPsMm"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.staticRootPath
Root path for static assets.
Type: string
Default:
"\${pkgs.grafana}/share/grafana/public"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.users.allowOrgCreate
Whether user is allowed to create organizations.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.users.allowSignUp
Disable user signup / registration
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.users.autoAssignOrg
Whether to automatically assign new users to default org.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.users.autoAssignOrgRole
Default role new users will be auto assigned.
Type: one of "Viewer", "Editor"
Default:
"Viewer"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.graphite.api.enable
Whether to enable graphite api. Graphite api is lightweight alternative to graphite web, with api and without dashboard. It's advised to use grafana as alternative dashboard and influxdb as alternative to graphite carbon.
For more information visit http://graphite-api.readthedocs.org/en/latest/
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.api.package
Package to use for graphite api.
Type: package
Default:
"pkgs.python27Packages.graphite_api"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.api.extraConfig
Extra configuration for graphite api.
Type: string
Default:
'' whisper: directories: - /var/db/graphite/whisper ''
Example:
'' allowed_origins: - dashboard.example.com cheat_times: true influxdb: host: localhost port: 8086 user: influxdb pass: influxdb db: metrics cache: CACHE_TYPE: 'filesystem' CACHE_DIR: '/tmp/graphite-api-cache' ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.api.finders
List of finder plugins to load.
Type: list of packages
Default:
[
]
Example:
[ pkgs.python27Packages.influxgraph ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.api.functions
List of functions to load.
Type: list of strings
Default:
[
"graphite_api.functions.SeriesFunctions" "graphite_api.functions.PieFunctions"
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.api.listenAddress
Graphite web service listen address.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.api.port
Graphite api service port.
Type: signed integer
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.beacon.enable
Whether to enable graphite beacon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.beacon.config
Graphite beacon configuration.
Type: attribute set
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.enableAggregator
Whether to enable carbon aggregator, the carbon buffering service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.enableCache
Whether to enable carbon cache, the graphite storage daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.enableRelay
Whether to enable carbon relay, the carbon replication and sharding service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.aggregationRules
Defines if and how received metrics will be aggregated.
Type: null or string
Default:
null
Example:
'' <env>.applications.<app>.all.requests (60) = sum <env>.applications.<app>.*.requests <env>.applications.<app>.all.latency (60) = avg <env>.applications.<app>.*.latency ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.blacklist
Any metrics received which match one of the experssions will be dropped.
Type: null or string
Default:
null
Example:
"^some.noisy.metric.prefix..*"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.config
Content of carbon configuration file.
Type: string
Default:
'' [cache] # Listen on localhost by default for security reasons UDP_RECEIVER_INTERFACE = 127.0.0.1 PICKLE_RECEIVER_INTERFACE = 127.0.0.1 LINE_RECEIVER_INTERFACE = 127.0.0.1 CACHE_QUERY_INTERFACE = 127.0.0.1 # Do not log every update LOG_UPDATES = False LOG_CACHE_HITS = False ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.relayRules
Relay rules are used to send certain metrics to a certain backend.
Type: null or string
Default:
null
Example:
'' [example] pattern = ^mydata\.foo\..+ servers = 10.1.2.3, 10.1.2.4:2004, myserver.mydomain.com ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.rewriteRules
Regular expression patterns that can be used to rewrite metric names in a search and replace fashion.
Type: null or string
Default:
null
Example:
'' [post] _sum$ = _avg$ = ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.storageAggregation
Defines how to aggregate data to lower-precision retentions.
Type: null or string
Default:
null
Example:
'' [all_min] pattern = \.min$ xFilesFactor = 0.1 aggregationMethod = min ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.storageSchemas
Defines retention rates for storing metrics.
Type: null or string
Default:
""
Example:
'' [apache_busyWorkers] pattern = ^servers\.www.*\.workers\.busyWorkers$ retentions = 15s:7d,1m:21d,15m:5y ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.whitelist
Only metrics received which match one of the experssions will be persisted.
Type: null or string
Default:
null
Example:
".*"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.dataDir
Data directory for graphite.
Type: path
Default:
"/var/db/graphite"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.pager.enable
Whether to enable graphite-pager service. For more information visit https://github.com/seatgeek/graphite-pager
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.pager.alerts
Alerts configuration for graphite-pager.
Type: string
Default:
'' alerts: - target: constantLine(100) warning: 90 critical: 200 name: Test ''
Example:
'' pushbullet_key: pushbullet_api_key alerts: - target: stats.seatgeek.app.deal_quality.venue_info_cache.hit warning: .5 critical: 1 name: Deal quality venue cache hits ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.pager.graphiteUrl
URL to your graphite service.
Type: string
Default:
"http://127.0.0.1:8080"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.pager.redisUrl
Redis connection string.
Type: string
Default:
"redis://localhost:6379/"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.seyren.enable
Whether to enable seyren service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.seyren.extraConfig
Extra seyren configuration. See https://github.com/scobal/seyren#config
Type: attribute set of strings
Default:
{
}
Example:
{ GRAPHITE_USERNAME = "user"; GRAPHITE_PASSWORD = "pass"; }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.seyren.graphiteUrl
Host where graphite service runs.
Type: string
Default:
"http://127.0.0.1:8080"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.seyren.mongoUrl
Mongodb connection string.
Type: string
Default:
"mongodb://127.0.0.1:27017/seyren"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.seyren.port
Seyren listening port.
Type: signed integer
Default:
8081
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.seyren.seyrenUrl
Host where seyren is accessible.
Type: string
Default:
"http://localhost:8081/"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.web.enable
Whether to enable graphite web frontend.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.web.extraConfig
Graphite webapp settings. See: http://graphite.readthedocs.io/en/latest/config-local-settings.html
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.web.listenAddress
Graphite web frontend listen address.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.web.port
Graphite web frontend port.
Type: signed integer
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graylog.enable
Whether to enable Graylog.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.graylog.package
Graylog package to use.
Type: package
Default:
"pkgs.graylog"
Example:
pkgs.graylog
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.graylog.elasticsearchHosts
List of valid URIs of the http ports of your elastic nodes. If one or more of your elasticsearch hosts require authentication, include the credentials in each node URI that requires authentication
Type: list of strings
Example:
[ "http://node1:9200" "http://user:password@node2:19200" ]
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.graylog.extraConfig
Any other configuration options you might want to add
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.graylog.isMaster
Whether this is the master instance of your Graylog cluster
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.graylog.messageJournalDir
The directory which will be used to store the message journal. The directory must be exclusively used by Graylog and must not contain any other files than the ones created by Graylog itself
Type: string
Default:
"/var/lib/graylog/data/journal"
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.graylog.mongodbUri
MongoDB connection string. See http://docs.mongodb.org/manual/reference/connection-string/ for details
Type: string
Default:
"mongodb://localhost/graylog"
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.graylog.nodeIdFile
Path of the file containing the graylog node-id
Type: string
Default:
"/var/lib/graylog/server/node-id"
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.graylog.passwordSecret
You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters. Generate one by using for example: pwgen -N 1 -s 96
Type: string
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.graylog.plugins
Extra graylog plugins
Type: list of packages
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.graylog.rootPasswordSha2
You MUST specify a hash password for the root user (which you only need to initially set up the system and in case you lose connectivity to your authentication backend) This password cannot be changed using the API or via the web interface. If you need to change it, modify it here. Create one by using for example: echo -n yourpassword | shasum -a 256 and use the resulting hash value as string for the option
Type: string
Example:
"e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e952"
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.graylog.rootUsername
Name of the default administrator user
Type: string
Default:
"admin"
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.graylog.user
User account under which graylog runs
Type: string
Default:
"graylog"
Example:
graylog
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.gvpe.enable
Whether to run gvpe
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
|
services.gvpe.configFile
GVPE config file, if already present
Type: unspecified
Default:
null
Example:
"/root/my-gvpe-conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
|
services.gvpe.configText
GVPE config contents
Type: unspecified
Default:
null
Example:
'' tcp-port = 655 udp-port = 655 mtu = 1480 ifname = vpn0 node = alpha hostname = alpha.example.org connect = always enable-udp = true enable-tcp = true on alpha if-up = if-up-0 on alpha pid-file = /var/gvpe/gvpe.pid ''
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
|
services.gvpe.customIFSetup
Additional commands to apply in ifup script
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
|
services.gvpe.ipAddress
IP address to assign to GVPE interface
Type: unspecified
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
|
services.gvpe.nodename
GVPE node name
Type: unspecified
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
|
services.gvpe.subnet
IP subnet assigned to GVPE network
Type: unspecified
Default:
null
Example:
"10.0.0.0/8"
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
|
services.hadoop.package
Type: package
Default:
"pkgs.hadoop"
Example:
pkgs.hadoop
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
|
services.hadoop.coreSite
Hadoop core-site.xml definition
Type: unspecified
Default:
{
}
Example:
{
fs.defaultFS = "hdfs://localhost";
}
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
|
services.hadoop.hdfs.datanode.enabled
Whether to run the Hadoop YARN DataNode
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.namenode.enabled
Whether to run the Hadoop YARN NameNode
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfsSite
Hadoop hdfs-site.xml definition
Type: unspecified
Default:
{
}
Example:
{
dfs.nameservices = "namenode1";
}
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
|
services.hadoop.mapredSite
Hadoop mapred-site.xml definition
Type: unspecified
Default:
{
}
Example:
{
mapreduce.map.cpu.vcores = "1";
}
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
|
services.hadoop.yarn.nodemanager.enabled
Whether to run the Hadoop YARN NodeManager
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
|
services.hadoop.yarn.resourcemanager.enabled
Whether to run the Hadoop YARN ResourceManager
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
|
services.hadoop.yarnSite
Hadoop yarn-site.xml definition
Type: unspecified
Default:
{
}
Example:
{
yarn.resourcemanager.ha.id = "resourcemanager1";
}
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
|
services.hail.enable
Enables the Hail Auto Update Service. Hail can automatically deploy artifacts built by a Hydra Continous Integration server. A common use case is to provide continous deployment for single services or a full NixOS configuration.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hail.nix>
|
services.hail.package
Hail package to use.
Type: package
Default:
"pkgs.haskellPackages.hail"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hail.nix>
|
services.hail.hydraJobUri
The URI of the Hydra Job.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hail.nix>
|
services.hail.netrc
The netrc file to use when fetching data from Hydra.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hail.nix>
|
services.hail.profile
The name of the Nix profile used by Hail.
Type: string
Default:
"hail-profile"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hail.nix>
|
services.haka.enable
Whether to enable Haka.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
|
services.haka.package
Which Haka derivation to use.
Type: package
Default:
"pkgs.haka"
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
|
services.haka.configFile
Specify which configuration file Haka uses. It can be absolute path or a path relative to the sample directory of the haka git repo.
Type: string
Default:
"empty.lua"
Example:
"/srv/haka/myfilter.lua"
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
|
services.haka.dump.enable
Whether to enable dump.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
|
services.haka.dump.input
Path to file where incoming packets are dumped
Type: path
Default:
"/tmp/input.pcap"
Example:
"/path/to/file.pcap"
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
|
services.haka.dump.output
Path to file where outgoing packets are dumped
Type: path
Default:
"/tmp/output.pcap"
Example:
"/path/to/file.pcap"
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
|
services.haka.interfaces
Specify which interface(s) Haka listens to. Use 'any' to listen to all interfaces.
Type: list of strings
Default:
[
"eth0"
]
Example:
[
"any"
]
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
|
services.haka.nfqueue
Whether to enable nfqueue.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
|
services.haka.pcap
Whether to enable pcap
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
|
services.haka.threads
The number of threads that will be used. All system threads are used by default.
Type: signed integer
Default:
0
Example:
4
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
|
services.hans.clients
Each attribute of this option defines a systemd service that
runs hans. Many or none may be defined.
The name of each service is
hans-
where name
name
is the name of the
corresponding attribute name.
Type: attribute set of submodules
Default:
{
}
Example:
{ foo = { server = "192.0.2.1"; extraConfig = "-v"; } }
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
|
services.hans.clients.<name>.extraConfig
Additional command line parameters
Type: string
Default:
""
Example:
"-v"
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
|
services.hans.clients.<name>.passwordFile
File that containts password
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
|
services.hans.clients.<name>.server
IP address of server running hans
Type: string
Default:
""
Example:
"192.0.2.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
|
services.hans.server.enable
enable hans server
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
|
services.hans.server.extraConfig
Additional command line parameters
Type: string
Default:
""
Example:
"-v"
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
|
services.hans.server.ip
The assigned ip range
Type: string
Default:
""
Example:
"198.51.100.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
|
services.hans.server.passwordFile
File that containts password
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
|
services.hans.server.respondToSystemPings
Force hans respond to ordinary pings
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
|
services.haproxy.enable
Whether to enable HAProxy, the reliable, high performance TCP/HTTP load balancer.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/haproxy.nix>
|
services.haproxy.config
Contents of the HAProxy configuration file,
haproxy.conf
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/haproxy.nix>
|
services.hardware.lcd.client.enable
Enable the LCD panel client (LCDproc)
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
|
services.hardware.lcd.client.extraConfig
Additional configuration added verbatim to the client config.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
|
services.hardware.lcd.client.restartForever
Try restarting the client forever.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
|
services.hardware.lcd.server.enable
Enable the LCD panel server (LCDd)
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
|
services.hardware.lcd.server.extraConfig
Additional configuration added verbatim to the server config.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
|
services.hardware.lcd.server.openPorts
Open the ports in the firewall
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
|
services.hardware.lcd.server.usbGroup
The group to use for settings permissions. This group must exist or you will have to create it.
Type: string
Default:
"dialout"
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
|
services.hardware.lcd.server.usbPermissions
Set group-write permissions on a USB device.
A USB connected LCD panel will most likely require having its
permissions modified for lcdd to write to it. Enabling this option
sets group-write permissions on the device identified by
services.hardware.lcd.usbVid
and
services.hardware.lcd.usbPid
. In order to find the
values, you can run the lsusb command. Example
output:
Bus 005 Device 002: ID 0403:c630 Future Technology Devices International, Ltd lcd2usb interface
In this case the vendor id is 0403 and the product id is c630.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
|
services.hardware.lcd.server.usbPid
The product ID of the USB device to claim.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
|
services.hardware.lcd.server.usbVid
The vendor ID of the USB device to claim.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
|
services.hardware.lcd.serverHost
Host on which LCDd is listening.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
|
services.hardware.lcd.serverPort
Port on which LCDd is listening.
Type: signed integer
Default:
13666
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
|
services.hardware.pommed.enable
Whether to use the pommed tool to handle Apple laptop keyboard hotkeys.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/pommed.nix>
|
services.hardware.pommed.configFile
The path to the pommed.conf
file. Leave
to null to use the default config file
(/etc/pommed.conf.mactel
). See the
files /etc/pommed.conf.mactel
and
/etc/pommed.conf.pmac
for examples to
build on.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/pommed.nix>
|
services.haveged.enable
Whether to enable to haveged entropy daemon, which refills /dev/random when low.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/haveged.nix>
|
services.haveged.refill_threshold
The number of bits of available entropy beneath which haveged should refill the entropy pool.
Type: signed integer
Default:
1024
Declared by:
<nixpkgs/nixos/modules/services/security/haveged.nix>
|
services.hbase.enable
Whether to run HBase.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/hbase.nix>
|
services.hbase.package
HBase package to use.
Type: package
Default:
"pkgs.hbase"
Example:
pkgs.hbase
Declared by:
<nixpkgs/nixos/modules/services/databases/hbase.nix>
|
services.hbase.dataDir
Specifies location of HBase database files. This location should be writable and readable for the user the HBase service runs as (hbase by default).
Type: path
Default:
"/var/lib/hbase"
Declared by:
<nixpkgs/nixos/modules/services/databases/hbase.nix>
|
services.hbase.group
Group account under which HBase runs.
Type: string
Default:
"hbase"
Declared by:
<nixpkgs/nixos/modules/services/databases/hbase.nix>
|
services.hbase.logDir
Specifies the location of HBase log files.
Type: path
Default:
"/var/log/hbase"
Declared by:
<nixpkgs/nixos/modules/services/databases/hbase.nix>
|
services.hbase.user
User account under which HBase runs.
Type: string
Default:
"hbase"
Declared by:
<nixpkgs/nixos/modules/services/databases/hbase.nix>
|
services.hdapsd.enable
Whether to enable Hard Drive Active Protection System Daemon, devices are detected and managed automatically by udev and systemd .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/hdaps.nix>
|
services.heapster.enable
Whether to enable heapster monitoring
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/heapster.nix>
|
services.heapster.package
Package to use by heapster
Type: package
Default:
"pkgs.heapster"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/heapster.nix>
|
services.heapster.extraOpts
Heapster extra options
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/heapster.nix>
|
services.heapster.sink
Heapster metic sink
Type: string
Example:
"influxdb:http://localhost:8086"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/heapster.nix>
|
services.heapster.source
Heapster metric source
Type: string
Example:
"kubernetes:https://kubernetes.default"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/heapster.nix>
|
services.heartbeat.enable
Whether to enable heartbeat.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/logging/heartbeat.nix>
|
services.heartbeat.extraConfig
Any other configuration options you want to add
Type: string
Default:
'' heartbeat.monitors: - type: http urls: ["http://localhost:9200"] schedule: '@every 10s' ''
Declared by:
<nixpkgs/nixos/modules/services/logging/heartbeat.nix>
|
services.heartbeat.name
Name of the beat
Type: string
Default:
"heartbeat"
Declared by:
<nixpkgs/nixos/modules/services/logging/heartbeat.nix>
|
services.heartbeat.stateDir
The state directory. heartbeat's own logs and other data are stored here.
Type: string
Default:
"/var/lib/heartbeat"
Declared by:
<nixpkgs/nixos/modules/services/logging/heartbeat.nix>
|
services.heartbeat.tags
Tags to place on the shipped log messages
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/logging/heartbeat.nix>
|
services.heyefi.enable
Whether to enable heyefi.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/heyefi.nix>
|
services.heyefi.cardMacaddress
An Eye-Fi card MAC address.
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/heyefi.nix>
|
services.heyefi.uploadDir
The directory to upload the files to.
Type: unspecified
Example:
"/home/username/pictures"
Declared by:
<nixpkgs/nixos/modules/services/networking/heyefi.nix>
|
services.heyefi.uploadKey
An Eye-Fi card's upload key.
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/heyefi.nix>
|
services.heyefi.user
heyefi will be run under this user (user must exist, this can be your user name).
Type: unspecified
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/networking/heyefi.nix>
|
services.hitch.enable
Whether to enable Hitch Server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
|
services.hitch.backend
The host and port Hitch connects to when receiving a connection in the form [HOST]:PORT
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
|
services.hitch.ciphers
The list of ciphers to use
Type: string
Default:
"EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
|
services.hitch.extraConfig
Additional configuration lines
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
|
services.hitch.frontend
The port and interface of the listen endpoint in the + form [HOST]:PORT[+CERT].
Type: string or list of strings
Default:
"[127.0.0.1]:443"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
|
services.hitch.group
The group to run as
Type: string
Default:
"hitch"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
|
services.hitch.ocsp-stapling.enabled
Whether to enable OCSP Stapling
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
|
services.hitch.pem-files
PEM files to use
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
|
services.hitch.user
The user to run as
Type: string
Default:
"hitch"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
|
services.hologram-agent.enable
Whether to enable the Hologram agent for AWS instance credentials
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-agent.nix>
|
services.hologram-agent.dialAddress
Hologram server and port.
Type: string
Default:
"localhost:3100"
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-agent.nix>
|
services.hologram-agent.httpPort
Port for metadata service to listen on.
Type: string
Default:
"80"
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-agent.nix>
|
services.hologram-server.enable
Whether to enable the Hologram server for AWS instance credentials
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.enableLdapRoles
Whether to assign user roles based on the user's LDAP group memberships
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.awsAccount
AWS account number
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.awsDefaultRole
AWS default role
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.cacheTimeoutSeconds
How often (in seconds) to refresh the LDAP cache
Type: signed integer
Default:
3600
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.groupClassAttr
The objectclass attribute to search for groups when enableLdapRoles is true
Type: string
Default:
"groupOfNames"
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.ldapBaseDN
The base DN for your Hologram users
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.ldapBindDN
DN of account to use to query the LDAP server
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.ldapBindPassword
Password of account to use to query the LDAP server
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.ldapHost
Address of the LDAP server to use
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.ldapInsecure
Whether to connect to LDAP over SSL or not
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.ldapUserAttr
The LDAP attribute for usernames
Type: string
Default:
"cn"
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.listenAddress
Address and port to listen on
Type: string
Default:
"0.0.0.0:3100"
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.roleAttr
Which LDAP group attribute to search for authorized role ARNs
Type: string
Default:
"businessCategory"
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.statsAddress
Address of statsd server
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.home-assistant.enable
Whether to enable Home Assistant.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/home-assistant.nix>
|
services.home-assistant.package
Home Assistant package to use.
Override extraPackages
or extraComponents
in order to add additional dependencies.
If you specify config
and do not set autoExtraComponents
to false
, overriding extraComponents
will have no effect.
Type: package
Default:
"pkgs.home-assistant"
Example:
pkgs.home-assistant.override { extraPackages = ps: with ps; [ colorlog ]; }
Declared by:
<nixpkgs/nixos/modules/services/misc/home-assistant.nix>
|
services.home-assistant.applyDefaultConfig
Setting this option enables a few configuration options for HA based on NixOS configuration (such as time zone) to avoid having to manually specify configuration we already have.
Currently one side effect of enabling this is that the http
component will be enabled.
This only takes effect if config != null
in order to ensure that a manually managed configuration.yaml
is not overwritten.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/home-assistant.nix>
|
services.home-assistant.autoExtraComponents
If set to true
, the components used in config
are set as the specified package's extraComponents
.
This in turn adds all packaged dependencies to the derivation.
You might still see import errors in your log.
In this case, you will need to package the necessary dependencies yourself
or ask for someone else to package them.
If a dependency is packaged but not automatically added to this list,
you might need to specify it in extraPackages
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/home-assistant.nix>
|
services.home-assistant.config
Your configuration.yaml
as a Nix attribute set.
Beware that setting this option will delete your previous configuration.yaml
.
Type: null or attribute set
Default:
null
Example:
{ homeassistant = { name = "Home"; time_zone = "UTC"; }; frontend = { }; http = { }; feedreader.urls = [ "https://nixos.org/blogs.xml" ]; }
Declared by:
<nixpkgs/nixos/modules/services/misc/home-assistant.nix>
|
services.home-assistant.configDir
The config directory, where your configuration.yaml
is located.
Type: path
Default:
"/var/lib/hass"
Declared by:
<nixpkgs/nixos/modules/services/misc/home-assistant.nix>
|
services.home-assistant.openFirewall
Whether to open the firewall for the specified port.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/home-assistant.nix>
|
services.home-assistant.port
The port on which to listen.
Type: signed integer
Default:
8123
Declared by:
<nixpkgs/nixos/modules/services/misc/home-assistant.nix>
|
services.hoogle.enable
Whether to enable Haskell documentation server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/development/hoogle.nix>
|
services.hoogle.packages
The Haskell packages to generate documentation for.
The option value is a function that takes the package set specified in
the haskellPackages
option as its sole parameter and
returns a list of packages.
Type: unspecified
Default:
"hp: []"
Example:
"hp: with hp; [ text lens ]"
Declared by:
<nixpkgs/nixos/modules/services/development/hoogle.nix>
|
services.hoogle.haskellPackages
Which haskell package set to use.
Type: unspecified
Default:
"pkgs.haskellPackages"
Declared by:
<nixpkgs/nixos/modules/services/development/hoogle.nix>
|
services.hoogle.home
Url for hoogle logo
Type: string
Default:
"https://hoogle.haskell.org"
Declared by:
<nixpkgs/nixos/modules/services/development/hoogle.nix>
|
services.hoogle.port
Port number Hoogle will be listening to.
Type: signed integer
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/development/hoogle.nix>
|
services.hostapd.enable
Enable putting a wireless interface into infrastructure mode,
allowing other wireless devices to associate with the wireless
interface and do wireless networking. A simple access point will
enable hostapd.wpa
,
hostapd.wpaPassphrase
, and
hostapd.ssid
, as well as DHCP on the wireless
interface to provide IP addresses to the associated stations, and
NAT (from the wireless interface to an upstream interface).
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.channel
Channel number (IEEE 802.11) Please note that some drivers do not use this value from hostapd and the channel will need to be configured separately with iwconfig.
Type: signed integer
Default:
7
Example:
11
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.driver
Which driver hostapd will use. Most applications will probably use the default.
Type: string
Default:
"nl80211"
Example:
"hostapd"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.extraConfig
Extra configuration options to put in hostapd.conf.
Type: string
Default:
""
Example:
'' auth_algo=0 ieee80211n=1 ht_capab=[HT40-][SHORT-GI-40][DSSS_CCK-40] ''
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.group
Members of this group can control hostapd.
Type: string
Default:
"wheel"
Example:
"network"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.hwMode
Operation mode. (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g).
Type: one of "a", "b", "g"
Default:
"g"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.interface
The interfaces hostapd will use.
Type: unspecified
Default:
""
Example:
"wlp2s0"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.ssid
SSID to be used in IEEE 802.11 management frames.
Type: string
Default:
"nixos"
Example:
"mySpecialSSID"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.wpa
Enable WPA (IEEE 802.11i/D3.0) to authenticate with the access point.
Type: unspecified
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.wpaPassphrase
WPA-PSK (pre-shared-key) passphrase. Clients will need this passphrase to associate with this access point. Warning: This passphrase will get put into a world-readable file in the Nix store!
Type: string
Default:
"my_sekret"
Example:
"any_64_char_string"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hound.enable
Whether to enable the hound code search daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/search/hound.nix>
|
services.hound.package
Package for running hound.
Type: package
Default:
"pkgs.hound"
Declared by:
<nixpkgs/nixos/modules/services/search/hound.nix>
|
services.hound.config
The full configuration of the Hound daemon. Note the dbpath should be an absolute path to a writable location on disk.
Type: string
Example:
'' { "max-concurrent-indexers" : 2, "dbpath" : "''${services.hound.home}/data", "repos" : { "nixpkgs": { "url" : "https://www.github.com/NixOS/nixpkgs.git" } } } ''
Declared by:
<nixpkgs/nixos/modules/services/search/hound.nix>
|
services.hound.extraGroups
List of extra groups that the "hound" user should be a part of.
Type: list of strings
Default:
[
]
Example:
[
"dialout"
]
Declared by:
<nixpkgs/nixos/modules/services/search/hound.nix>
|
services.hound.group
Group the hound daemon should execute under.
Type: string
Default:
"hound"
Declared by:
<nixpkgs/nixos/modules/services/search/hound.nix>
|
services.hound.home
The path to use as hound's $HOME. If the default user "hound" is configured then this is the home of the "hound" user.
Type: path
Default:
"/var/lib/hound"
Declared by:
<nixpkgs/nixos/modules/services/search/hound.nix>
|
services.hound.listen
Listen on this IP:port / :port
Type: string
Default:
"0.0.0.0:6080"
Example:
"127.0.0.1:6080 or just :6080"
Declared by:
<nixpkgs/nixos/modules/services/search/hound.nix>
|
services.hound.user
User the hound daemon should execute under.
Type: string
Default:
"hound"
Declared by:
<nixpkgs/nixos/modules/services/search/hound.nix>
|
services.htpdate.enable
Enable htpdate daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/htpdate.nix>
|
services.htpdate.extraOptions
Additional command line arguments to pass to htpdate.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/htpdate.nix>
|
services.htpdate.proxy
HTTP proxy used for requests.
Type: string
Default:
""
Example:
"127.0.0.1:8118"
Declared by:
<nixpkgs/nixos/modules/services/networking/htpdate.nix>
|
services.htpdate.servers
HTTP servers to use for time synchronization.
Type: list of strings
Default:
[
"www.google.com"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/htpdate.nix>
|
services.httpd.enable
Whether to enable the Apache HTTP Server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.enableMellon
Whether to enable the mod_auth_mellon module.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.enablePHP
Whether to enable the PHP module.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.enablePerl
Whether to enable the Perl module (mod_perl).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.enableSSL
Whether to enable SSL (https) support.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.enableUserDir
Whether to enable serving ~/public_html
as
/~
.
username
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.package
Overridable attribute of the Apache HTTP Server package to use.
Type: package
Default:
"pkgs.apacheHttpd"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.adminAddr
E-mail address of the server administrator.
Type: null or string
Example:
"admin@example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.configFile
Override the configuration file used by Apache. By default, NixOS generates one automatically.
Type: path
Default:
"confFile"
Example:
pkgs.writeText "httpd.conf" "# my custom config file ..."
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.documentRoot
The path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root.
Type: null or path
Default:
null
Example:
"/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.extraConfig
These lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default.
Type: string
Default:
""
Example:
'' <Directory /home> Options FollowSymlinks AllowOverride All </Directory> ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.extraModules
Additional Apache modules to be used. These can be
specified as a string in the case of modules distributed
with Apache, or as an attribute set specifying the
name
and path
of the
module.
Type: list of unspecifieds
Default:
[
]
Example:
[ "proxy_connect" { name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; } ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.extraSubservices
Extra subservices to enable in the webserver.
Type: list of unspecifieds
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.globalRedirect
If set, all requests for this host are redirected permanently to the given URL.
Type: null or string
Default:
null
Example:
"http://newserver.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.group
Group under which httpd runs. The account is created automatically if it doesn't exist.
Type: string
Default:
"wwwrun"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.hostName
Canonical hostname for the server.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.listen
List of { /* ip: "*"; */ port = 80;} to listen on
Type: list of submodules
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.listen.*.ip
Ip to listen on. 0.0.0.0 for ipv4 only, * for all.
Type: string
Default:
"*"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.listen.*.port
port to listen on
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.logDir
Directory for Apache's log files. It is created automatically.
Type: path
Default:
"/var/log/httpd"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.logFormat
Log format for Apache's log files. Possible values are: combined, common, referer, agent.
Type: string
Default:
"common"
Example:
"combined"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.logPerVirtualHost
If enabled, each virtual host gets its own
access_log
and
error_log
, namely suffixed by the
hostName
of the virtual host.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.maxClients
Maximum number of httpd processes (prefork)
Type: signed integer
Default:
150
Example:
8
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.maxRequestsPerChild
Maximum number of httpd requests answered per httpd child (prefork), 0 means unlimited
Type: signed integer
Default:
0
Example:
500
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.multiProcessingModule
Multi-processing module to be used by Apache. Available
modules are prefork
(the default;
handles each request in a separate child process),
worker
(hybrid approach that starts a
number of child processes each running a number of
threads) and event
(a recent variant of
worker
that handles persistent
connections more efficiently).
Type: string
Default:
"prefork"
Example:
"worker"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.phpOptions
Options appended to the PHP configuration file php.ini
.
Type: string
Default:
""
Example:
'' date.timezone = "CET" ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.phpPackage
Overridable attribute of the PHP package to use.
Type: package
Default:
"pkgs.php"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.port
Port for the server. Option will be removed, use listen
instead.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.robotsEntries
Specification of pages to be ignored by web crawlers. See http://www.robotstxt.org/ for details.
Type: string
Default:
""
Example:
"Disallow: /foo/"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.servedDirs
This option provides a simple way to serve static directories.
Type: list of attribute sets
Default:
[
]
Example:
[
{
dir = "/home/eelco/Dev/nix-homepage"; urlPath = "/nix";
}
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.servedFiles
This option provides a simple way to serve individual, static files.
Type: list of attribute sets
Default:
[
]
Example:
[
{
file = "/home/eelco/some-file.png"; urlPath = "/foo/bar.png";
}
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of strings
Default:
[
]
Example:
[
"www.example.org" "www.example.org:8080" "example.org"
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.sslServerCert
Path to server SSL certificate.
Type: null or path
Default:
null
Example:
"/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.sslServerChain
Path to server SSL chain file.
Type: null or path
Default:
null
Example:
"/var/ca.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.sslServerKey
Path to server SSL certificate key.
Type: path
Example:
"/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.stateDir
Directory for Apache's transient runtime state (such as PID
files). It is created automatically. Note that the default,
/run/httpd
, is deleted at boot time.
Type: path
Default:
"/run/httpd"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.user
User account under which httpd runs. The account is created automatically if it doesn't exist.
Type: string
Default:
"wwwrun"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts
Specification of the virtual hosts served by Apache. Each element should be an attribute set specifying the configuration of the virtual host. The available options are the non-global options permissible for the main host.
Type: list of submodules
Default:
[
]
Example:
[
{
documentRoot = "/data/webroot-foo"; hostName = "foo";
}
{
documentRoot = "/data/webroot-bar"; hostName = "bar";
}
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.*.enableSSL
Whether to enable SSL (https) support.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.*.enableUserDir
Whether to enable serving ~/public_html
as
/~
.
username
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.*.adminAddr
E-mail address of the server administrator.
Type: null or string
Default:
null
Example:
"admin@example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.*.documentRoot
The path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root.
Type: null or path
Default:
null
Example:
"/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.*.extraConfig
These lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default.
Type: string
Default:
""
Example:
'' <Directory /home> Options FollowSymlinks AllowOverride All </Directory> ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.*.extraSubservices
Extra subservices to enable in the webserver.
Type: list of unspecifieds
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.*.globalRedirect
If set, all requests for this host are redirected permanently to the given URL.
Type: null or string
Default:
null
Example:
"http://newserver.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.*.hostName
Canonical hostname for the server.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.*.listen
List of { /* ip: "*"; */ port = 80;} to listen on
Type: list of submodules
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.*.listen.*.ip
Ip to listen on. 0.0.0.0 for ipv4 only, * for all.
Type: string
Default:
"*"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.*.listen.*.port
port to listen on
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.*.logFormat
Log format for Apache's log files. Possible values are: combined, common, referer, agent.
Type: string
Default:
"common"
Example:
"combined"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.*.port
Port for the server. Option will be removed, use listen
instead.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.*.robotsEntries
Specification of pages to be ignored by web crawlers. See http://www.robotstxt.org/ for details.
Type: string
Default:
""
Example:
"Disallow: /foo/"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.*.servedDirs
This option provides a simple way to serve static directories.
Type: list of attribute sets
Default:
[
]
Example:
[
{
dir = "/home/eelco/Dev/nix-homepage"; urlPath = "/nix";
}
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.*.servedFiles
This option provides a simple way to serve individual, static files.
Type: list of attribute sets
Default:
[
]
Example:
[
{
file = "/home/eelco/some-file.png"; urlPath = "/foo/bar.png";
}
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.*.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of strings
Default:
[
]
Example:
[
"www.example.org" "www.example.org:8080" "example.org"
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.*.sslServerCert
Path to server SSL certificate.
Type: null or path
Default:
null
Example:
"/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.*.sslServerChain
Path to server SSL chain file.
Type: null or path
Default:
null
Example:
"/var/ca.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.*.sslServerKey
Path to server SSL certificate key.
Type: path
Example:
"/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.hydra.enable
Whether to run Hydra services.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.package
The Hydra package.
Type: path
Default:
"pkgs.hydra"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.buildMachinesFiles
List of files containing build machines.
Type: list of paths
Default:
[
"/etc/nix/machines"
]
Example:
[
"/etc/nix/machines" "/var/lib/hydra/provisioner/machines"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.dbi
The DBI string for Hydra database connection.
Type: string
Default:
"dbi:Pg:dbname=hydra;user=hydra;"
Example:
"dbi:Pg:dbname=hydra;host=postgres.example.org;user=foo;"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.debugServer
Whether to run the server in debug mode.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.extraConfig
Extra lines for the Hydra configuration.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.extraEnv
Extra environment variables for Hydra.
Type: attribute set of strings
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.gcRootsDir
Directory that holds Hydra garbage collector roots.
Type: path
Default:
"/nix/var/nix/gcroots/hydra"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.hydraURL
The base URL for the Hydra webserver instance. Used for links in emails.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.listenHost
The hostname or address to listen on or *
to listen
on all interfaces.
Type: string
Default:
"*"
Example:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.logo
Path to a file containing the logo of your Hydra instance.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.minimumDiskFree
Threshold of minimum disk space (GiB) to determine if the queue runner should run or not.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.minimumDiskFreeEvaluator
Threshold of minimum disk space (GiB) to determine if the evaluator should run or not.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.notificationSender
Sender email address used for email notifications.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.port
TCP port the web server should listen to.
Type: signed integer
Default:
3000
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.smtpHost
Hostname of the SMTP server to use to send email.
Type: null or string
Default:
null
Example:
[
"localhost"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.tracker
Piece of HTML that is included on all pages.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.useSubstitutes
Whether to use binary caches for downloading store paths. Note that binary substitutions trigger (a potentially large number of) additional HTTP requests that slow down the queue monitor thread significantly. Also, this Hydra instance will serve those downloaded store paths to its users with its own signature attached as if it had built them itself, so don't enable this feature unless your active binary caches are absolute trustworthy.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydron.enable
Whether to enable hydron.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
|
services.hydron.dataDir
Location where hydron runs and stores data.
Type: path
Default:
"/var/lib/hydron"
Example:
"/home/okina/hydron"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
|
services.hydron.fetchTags
Fetch tags for imported images and webm from gelbooru.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
|
services.hydron.importPaths
Paths that hydron will recursively import.
Type: list of paths
Default:
[
]
Example:
[
"/home/okina/Pictures"
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
|
services.hydron.interval
How often we run hydron import and possibly fetch tags. Runs by default every week.
The format is described in systemd.time(7).
Type: string
Default:
"weekly"
Example:
"06:00"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
|
services.hydron.listenAddress
Listen on a specific IP address and port.
Type: null or string
Default:
null
Example:
"127.0.0.1:8010"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
|
services.hydron.password
Password for the hydron database.
Type: string
Default:
"hydron"
Example:
"dumbpass"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
|
services.hydron.passwordFile
Password file for the hydron database.
Type: path
Default:
"/run/keys/hydron-password-file"
Example:
"/home/okina/hydron/keys/pass"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
|
services.hydron.postgresArgs
Postgresql connection arguments.
Type: string
Example:
'' { "driver": "postgres", "connection": "user=hydron password=dumbpass dbname=hydron sslmode=disable" } ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
|
services.hydron.postgresArgsFile
Postgresql connection arguments file.
Type: path
Default:
"/run/keys/hydron-postgres-args"
Example:
"/home/okina/hydron/keys/postgres"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
|
services.hylafax.enable
Whether to enable HylaFAX server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.areaCode
Area code for server and all modems.
Type: null or string
Default:
null
Example:
"30"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.autostart
Autostart the HylaFAX queue manager at system start.
If this is false
, the queue manager
will still be started if there are pending
jobs or if a user tries to connect to it.
Type: boolean
Default:
true
Example:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.commonModemConfig
Attribute set of default values for
modem config files etc/config.*
.
Values can be either strings or integers
(which will be added to the config file verbatimly)
or lists thereof
(which will be translated to multiple
lines with the same configuration key).
Boolean values are translated to "Yes" or "No".
The default contains some reasonable
configuration to yield an operational system.
Think twice before changing paths of fax-processing scripts.
Type: attribute set of list of string or signed integer convertible to it or boolean convertible to its or string or signed integer convertible to it or boolean convertible to it convertible to its
Example:
{
InternationalPrefix = "00"; LongDistancePrefix = "0";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.countryCode
Country code for server and all modems.
Type: null or string
Default:
null
Example:
"49"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.faxcron.enable.frequency
Purge old files from the spooling area with
faxcron
with the given frequency
(see systemd.time(7)).
Type: null or string
Default:
null
Example:
"daily"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.faxcron.enable.spoolInit
Whether to enable Purge old files from the spooling area with
faxcron
each time the spooling area is initialized.
.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.faxcron.infoDays
Set the expiration time for data in the remote machine information directory in days.
Type: signed integer
Default:
30
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.faxcron.logDays
Set the expiration time for session trace log files in days.
Type: signed integer
Default:
30
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.faxcron.rcvDays
Set the expiration time for files in the received facsimile queue in days.
Type: signed integer
Default:
7
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.faxqConfig
Attribute set of lines for the global
faxq config file etc/config
.
Values can be either strings or integers
(which will be added to the config file verbatimly)
or lists thereof
(which will be translated to multiple
lines with the same configuration key).
Boolean values are translated to "Yes" or "No".
The default contains some reasonable
configuration to yield an operational system.
Type: attribute set of list of string or signed integer convertible to it or boolean convertible to its or string or signed integer convertible to it or boolean convertible to it convertible to its
Example:
{
InternationalPrefix = "00"; LongDistancePrefix = "0";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.faxqclean.enable.frequency
Purge old files from the spooling area with
faxcron
with the given frequency
(see systemd.time(7)).
Type: null or string
Default:
null
Example:
"daily"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.faxqclean.enable.spoolInit
Whether to enable Purge old files from the spooling area with
faxqclean
each time the spooling area is initialized.
.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.faxqclean.archiving
Enable or suppress job archiving:
never
disables job archiving,
as-flagged
archives jobs that
have been flagged for archiving by sendfax,
always
forces archiving of all jobs.
See also sendfax(1) and faxqclean(8).
Type: one of "never", "as-flagged", "always"
Default:
"as-flagged"
Example:
"always"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.faxqclean.docqMinutes
Set the document age threshold (in minutes) that controls how long unreferenced files may reside in the docq directory.
Type: signed integer
Default:
60
Example:
24*60
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.faxqclean.doneqMinutes
Set the job age threshold (in minutes) that controls how long jobs may reside in the doneq directory.
Type: signed integer
Default:
15
Example:
24*60
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.hfaxdConfig
Attribute set of lines for the global
hfaxd config file etc/hfaxd.conf
.
Values can be either strings or integers
(which will be added to the config file verbatimly)
or lists thereof
(which will be translated to multiple
lines with the same configuration key).
Boolean values are translated to "Yes" or "No".
The default contains some reasonable
configuration to yield an operational system.
Type: attribute set of list of string or signed integer convertible to it or boolean convertible to its or string or signed integer convertible to it or boolean convertible to it convertible to its
Example:
{
RecvqProtection = "0400";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.internationalPrefix
International prefix for server and all modems.
Type: null or string
Default:
null
Example:
"00"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.longDistancePrefix
Long distance prefix for server and all modems.
Type: null or string
Default:
null
Example:
"0"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.modems
Description of installed modems. At least on modem must be defined to enable the HylaFAX server.
Type: list or attribute set of submodules
Default:
{
}
Example:
{
ttyS1 =
{
config =
{
FAXNumber = "123456"; LocalIdentifier = "Smith";
}
; type = "cirrus";
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.modems.<name?>.config
Attribute set of values for the given modem. Values can be either strings or integers (which will be added to the config file verbatimly) or lists thereof (which will be translated to multiple lines with the same configuration key). Boolean values are translated to "Yes" or "No". The default contains some reasonable configuration to yield an operational system.
Options defined here override options in
commonModemConfig
for this modem.
Type: attribute set of list of string or signed integer convertible to it or boolean convertible to its or string or signed integer convertible to it or boolean convertible to it convertible to its
Example:
{
AreaCode = "49"; FAXNumber = "123456"; LocalCode = "30"; LocalIdentifier = "LostInBerlin";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.modems.<name?>.name
Name of modem device,
will be searched for in /dev
.
Type: string
Example:
"ttyS1"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.modems.<name?>.type
Name of modem configuration file,
will be searched for in config
in the spooling area directory.
Type: string
Example:
"cirrus"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.sendmailPath
Path to sendmail
program.
The default uses the local sendmail wrapper
(see config.services.mail.sendmailSetuidWrapper
),
otherwise the false
binary to cause an error if used.
Type: path
Example:
''${pkgs.postfix}/bin/sendmail
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.spoolAreaPath
The spooling area will be created/maintained at the location given here.
Type: path
Default:
"/var/spool/fax"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.spoolExtraInit
Additional shell code that is executed within the spooling area directory right after its setup.
Type: string
Default:
""
Example:
"chmod 0755 . # everyone may read my faxes"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.userAccessFile
The hosts.hfaxd
file entry in the spooling area
will be symlinked to the location given here.
This file must exist and be
readable only by the uucp
user.
See hosts.hfaxd(5) for details.
This configuration permits access for all users:
environment.etc."hosts.hfaxd" = {
mode = "0600";
user = "uucp";
text = ".*";
};
Note that host-based access can be controlled with
config.systemd.sockets.hylafax-hfaxd.listenStreams
;
by default, only 127.0.0.1 is permitted to connect.
Type: path
Default:
"/etc/hosts.hfaxd"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.i2p.enable
Whether to enable I2P router.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2p.nix>
|
services.i2pd.enable
Enables I2Pd as a running service upon activation. Please read http://i2pd.readthedocs.io/en/latest/ for further configuration help.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.enableIPv4
Whether to enable IPv4 connectivity.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.enableIPv6
Whether to enable IPv6 connectivity.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.address
Your external IP or hostname.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.addressbook.defaulturl
AddressBook subscription URL for initial setup
Type: string
Default:
"http://joajgazyztfssty4w2on5oaqksz6tqoxbduy553y34mf4byv6gpq.b32.i2p/export/alive-hosts.txt"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.addressbook.subscriptions
AddressBook subscription URLs
Type: list of strings
Default:
[
"http://inr.i2p/export/alive-hosts.txt" "http://i2p-projekt.i2p/hosts.txt" "http://stats.i2p/cgi-bin/newhosts.txt"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.bandwidth
Set a router bandwidth limit integer in KBps. If not set, i2pd defaults to 32KBps.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.dataDir
Alternative path to storage of i2pd data (RI, keys, peer profiles, ...)
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.exploratory.inbound.length
Guaranteed minimum hops for exploratory tunnels.
Type: signed integer
Default:
3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.exploratory.inbound.quantity
Number of simultaneous exploratory tunnels.
Type: signed integer
Default:
5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.exploratory.outbound.length
Guaranteed minimum hops for exploratory tunnels.
Type: signed integer
Default:
3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.exploratory.outbound.quantity
Number of simultaneous exploratory tunnels.
Type: signed integer
Default:
5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.family
Specify a family the router belongs to.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.floodfill
If the router is declared to be unreachable and needs introduction nodes.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.ifname
Network interface to bind to.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.ifname4
IPv4 interface to bind to.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.ifname6
IPv6 interface to bind to.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels
Serve something on I2P network at port and delegate requests to address inPort.
Type: list or attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name?>.enable
Whether to enable ‹name›.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name?>.accessList
I2P nodes that are allowed to connect to this service.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name?>.address
Bind address for ‹name› endpoint.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name?>.crypto.tagsToSend
Number of ElGamal/AES tags to send.
Type: signed integer
Default:
40
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name?>.destination
Remote endpoint, I2P hostname or b32.i2p address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name?>.inPort
Service port. Default to the tunnel's listen port.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name?>.inbound.length
Guaranteed minimum hops for ‹name› tunnels.
Type: signed integer
Default:
3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name?>.inbound.quantity
Number of simultaneous ‹name› tunnels.
Type: signed integer
Default:
5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name?>.keys
Keyset used for tunnel identity.
Type: string
Default:
"‹name›-keys.dat"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name?>.name
The endpoint name.
Type: string
Default:
"‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name?>.outbound.length
Guaranteed minimum hops for ‹name› tunnels.
Type: signed integer
Default:
3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name?>.outbound.quantity
Number of simultaneous ‹name› tunnels.
Type: signed integer
Default:
5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name?>.port
Bind port for ‹name› endoint.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.limits.coreSize
Maximum size of corefile in Kb (0 - use system limit).
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.limits.ntcpHard
Maximum number of active transit sessions.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.limits.ntcpSoft
Threshold to start probabalistic backoff with ntcp sessions (default: use system limit).
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.limits.ntcpThreads
Maximum number of threads used by NTCP DH worker.
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.limits.openFiles
Maximum number of open files (0 - use system default).
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.limits.transittunnels
Maximum number of active transit sessions.
Type: signed integer
Default:
2500
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.logCLFTime
Whether to enable Full CLF-formatted date and time to log.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.logLevel
The log level. i2pd defaults to "info" but that generates copious amounts of log messages.
We default to "error" which is similar to the default log level of tor.
Type: one of "debug", "info", "warn", "error"
Default:
"error"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.nat
Whether to enable NAT bypass.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.netid
I2P overlay netid.
Type: signed integer
Default:
2
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.notransit
Tells the router to not accept transit tunnels during startup.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.ntcp
Whether to enable ntcp.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.ntcp2.enable
Whether to enable NTCP2..
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.ntcp2.port
Port to listen for incoming NTCP2 connections (0=auto).
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.ntcp2.published
Whether to enable NTCP2 publication..
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.ntcpProxy
Proxy URL for NTCP transport.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels
Connect to someone as a client and establish a local accept endpoint
Type: list or attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels.<name?>.enable
Whether to enable ‹name›.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels.<name?>.address
Bind address for ‹name› endpoint.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels.<name?>.crypto.tagsToSend
Number of ElGamal/AES tags to send.
Type: signed integer
Default:
40
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels.<name?>.destination
Remote endpoint, I2P hostname or b32.i2p address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels.<name?>.destinationPort
Connect to particular port at destination.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels.<name?>.inbound.length
Guaranteed minimum hops for ‹name› tunnels.
Type: signed integer
Default:
3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels.<name?>.inbound.quantity
Number of simultaneous ‹name› tunnels.
Type: signed integer
Default:
5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels.<name?>.keys
Keyset used for tunnel identity.
Type: string
Default:
"‹name›-keys.dat"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels.<name?>.name
The endpoint name.
Type: string
Default:
"‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels.<name?>.outbound.length
Guaranteed minimum hops for ‹name› tunnels.
Type: signed integer
Default:
3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels.<name?>.outbound.quantity
Number of simultaneous ‹name› tunnels.
Type: signed integer
Default:
5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels.<name?>.port
Bind port for ‹name› endoint.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.port
I2P listen port. If no one is given the router will pick between 9111 and 30777.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.precomputation.elgamal
Whenever to use precomputated tables for ElGamal.
i2pd defaults to false
to save 64M of memory (and looses some performance).
We default to true
as that is what most
users want anyway.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.bob.enable
Whether to enable bob.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.bob.address
Bind address for bob endpoint.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.bob.name
The endpoint name.
Type: string
Default:
"bob"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.bob.port
Bind port for bob endoint.
Type: signed integer
Default:
2827
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.http.enable
Whether to enable http.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.http.address
Bind address for http endpoint.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.http.auth
Whether to enable Webconsole authentication.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.http.hostname
Expected hostname for WebUI.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.http.name
The endpoint name.
Type: string
Default:
"http"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.http.pass
Password for webconsole access.
Type: string
Default:
"i2pd"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.http.port
Bind port for http endoint.
Type: signed integer
Default:
7070
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.http.strictHeaders
Enable strict host checking on WebUI.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.http.user
Username for webconsole access
Type: string
Default:
"i2pd"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.httpProxy.enable
Whether to enable httpproxy.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.httpProxy.address
Bind address for httpproxy endpoint.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.httpProxy.inbound.length
Guaranteed minimum hops for httpproxy tunnels.
Type: signed integer
Default:
3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.httpProxy.inbound.quantity
Number of simultaneous httpproxy tunnels.
Type: signed integer
Default:
5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.httpProxy.keys
File to persist HTTPPROXY keys.
Type: null or string
Default:
"httpproxy-keys.dat"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.httpProxy.latency.max
Max latency for tunnels.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.httpProxy.latency.min
Min latency for tunnels.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.httpProxy.name
The endpoint name.
Type: string
Default:
"httpproxy"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.httpProxy.outbound.length
Guaranteed minimum hops for httpproxy tunnels.
Type: signed integer
Default:
3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.httpProxy.outbound.quantity
Number of simultaneous httpproxy tunnels.
Type: signed integer
Default:
5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.httpProxy.outproxy
Upstream outproxy bind address.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.httpProxy.port
Bind port for httpproxy endoint.
Type: signed integer
Default:
4444
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.i2cp.enable
Whether to enable i2cp.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.i2cp.address
Bind address for i2cp endpoint.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.i2cp.name
The endpoint name.
Type: string
Default:
"i2cp"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.i2cp.port
Bind port for i2cp endoint.
Type: signed integer
Default:
7654
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.i2pControl.enable
Whether to enable i2pcontrol.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.i2pControl.address
Bind address for i2pcontrol endpoint.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.i2pControl.name
The endpoint name.
Type: string
Default:
"i2pcontrol"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.i2pControl.port
Bind port for i2pcontrol endoint.
Type: signed integer
Default:
7650
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.sam.enable
Whether to enable sam.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.sam.address
Bind address for sam endpoint.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.sam.name
The endpoint name.
Type: string
Default:
"sam"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.sam.port
Bind port for sam endoint.
Type: signed integer
Default:
7656
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.enable
Whether to enable socksproxy.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.address
Bind address for socksproxy endpoint.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.inbound.length
Guaranteed minimum hops for socksproxy tunnels.
Type: signed integer
Default:
3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.inbound.quantity
Number of simultaneous socksproxy tunnels.
Type: signed integer
Default:
5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.keys
File to persist SOCKSPROXY keys.
Type: null or string
Default:
"socksproxy-keys.dat"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.latency.max
Max latency for tunnels.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.latency.min
Min latency for tunnels.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.name
The endpoint name.
Type: string
Default:
"socksproxy"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.outbound.length
Guaranteed minimum hops for socksproxy tunnels.
Type: signed integer
Default:
3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.outbound.quantity
Number of simultaneous socksproxy tunnels.
Type: signed integer
Default:
5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.outproxy
Upstream outproxy bind address.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.outproxyEnable
Whether to enable SOCKS outproxy.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.outproxyPort
Upstream outproxy bind port.
Type: signed integer
Default:
4444
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.port
Bind port for socksproxy endoint.
Type: signed integer
Default:
4447
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.reseed.file
Full path to SU3 file to reseed from.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.reseed.floodfill
Path to router info of floodfill to reseed from.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.reseed.proxy
URL for reseed proxy, supports http/socks.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.reseed.urls
Reseed URLs.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.reseed.verify
Whether to enable SU3 signature verification.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.reseed.zipfile
Path to local .zip file to reseed from.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.share
Limit of transit traffic from max bandwidth in percents.
Type: signed integer
Default:
100
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.ssu
Whether to enable ssu.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.trust.enable
Whether to enable Explicit trust options.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.trust.family
Router Familiy to trust for first hops.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.trust.hidden
Whether to enable Router concealment..
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.trust.routers
Only connect to the listed routers.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.upnp.enable
Whether to enable UPnP service discovery.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.upnp.name
Name i2pd appears in UPnP forwardings list.
Type: string
Default:
"I2Pd"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.websocket.enable
Whether to enable websockets.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.websocket.address
Bind address for websockets endpoint.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.websocket.name
The endpoint name.
Type: string
Default:
"websockets"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.websocket.port
Bind port for websockets endoint.
Type: signed integer
Default:
7666
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.icecast.enable
Whether to enable Icecast server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
|
services.icecast.admin.password
Password used for all administration functions.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
|
services.icecast.admin.user
Username used for all administration functions.
Type: string
Default:
"admin"
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
|
services.icecast.extraConf
icecast.xml content.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
|
services.icecast.group
Group privileges for the server.
Type: string
Default:
"nogroup"
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
|
services.icecast.hostname
DNS name or IP address that will be used for the stream directory lookups or possibily the playlist generation if a Host header is not provided.
Type: string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
|
services.icecast.listen.address
Address Icecast will listen on.
Type: string
Default:
"::"
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
|
services.icecast.listen.port
TCP port that will be used to accept client connections.
Type: signed integer
Default:
8000
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
|
services.icecast.logDir
Base directory used for logging.
Type: path
Default:
"/var/log/icecast"
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
|
services.icecast.user
User privileges for the server.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
|
services.ihaskell.enable
Autostart an IHaskell notebook service.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/ihaskell.nix>
|
services.ihaskell.extraPackages
Extra packages available to ghc when running ihaskell. The
value must be a function which receives the attrset defined
in haskellPackages
as the sole argument.
Type: unspecified
Default:
"<function>"
Example:
haskellPackages: [ haskellPackages.wreq haskellPackages.lens ]
Declared by:
<nixpkgs/nixos/modules/services/misc/ihaskell.nix>
|
services.illum.enable
Enable illum, a daemon for controlling screen brightness with brightness buttons.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/illum.nix>
|
services.incron.enable
Whether to enable the incron daemon.
Note that commands run under incrontab only support common Nix profiles for the PATH
provided variable.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/incron.nix>
|
services.incron.allow
Users allowed to use incrontab.
If empty then no user will be allowed to have their own incrontab.
If null
then will defer to deny
.
If both allow
and deny
are null
then all users will be allowed to have their own incrontab.
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/incron.nix>
|
services.incron.deny
Users forbidden from using incrontab.
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/incron.nix>
|
services.incron.extraPackages
Extra packages available to the system incrontab.
Type: list of packages
Default:
[
]
Example:
[ pkgs.rsync ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/incron.nix>
|
services.incron.systab
The system incrontab contents.
Type: string
Default:
""
Example:
'' /var/mail IN_CLOSE_WRITE abc $@/$# /tmp IN_ALL_EVENTS efg $@/$# $& ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/incron.nix>
|
services.infinoted.enable
Whether to enable infinoted.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.infinoted.package
Package providing infinoted
Type: package
Default:
"pkgs.libinfinity"
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.infinoted.certificateChain
Chain of CA-certificates to which our `certificateFile` is relative. Optional for TLS.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.infinoted.certificateFile
Server certificate to use for TLS
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.infinoted.extraConfig
Additional configuration to append to infinoted.conf
Type: string
Default:
'' [autosave] interval=10 ''
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.infinoted.group
What to call the primary group of the dedicated user under which infinoted is run
Type: string
Default:
"infinoted"
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.infinoted.keyFile
Private key to use for TLS
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.infinoted.passwordFile
File to read server-wide password from
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.infinoted.plugins
Plugins to enable
Type: list of strings
Default:
[
"note-text" "note-chat" "logging" "autosave"
]
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.infinoted.port
Port to listen on
Type: signed integer
Default:
6523
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.infinoted.rootDirectory
Root of the directory structure to serve
Type: path
Default:
"/var/lib/infinoted/documents/"
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.infinoted.securityPolicy
How strictly to enforce clients connection with TLS.
Type: one of "no-tls", "allow-tls", "require-tls"
Default:
"require-tls"
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.infinoted.user
What to call the dedicated user under which infinoted is run
Type: string
Default:
"infinoted"
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.influxdb.enable
Whether to enable the influxdb server
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/influxdb.nix>
|
services.influxdb.package
Which influxdb derivation to use
Type: package
Default:
"pkgs.influxdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/influxdb.nix>
|
services.influxdb.dataDir
Data directory for influxd data files.
Type: path
Default:
"/var/db/influxdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/influxdb.nix>
|
services.influxdb.extraConfig
Extra configuration options for influxdb
Type: attribute set
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/databases/influxdb.nix>
|
services.influxdb.group
Group under which influxdb runs
Type: string
Default:
"influxdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/influxdb.nix>
|
services.influxdb.user
User account under which influxdb runs
Type: string
Default:
"influxdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/influxdb.nix>
|
services.interception-tools.enable
Whether to enable the interception tools service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/interception-tools.nix>
|
services.interception-tools.plugins
A list of interception tools plugins that will be made available to use inside the udevmon configuration.
Type: list of packages
Default:
[
(build of interception-tools-caps2esc-0.1.0)
]
Declared by:
<nixpkgs/nixos/modules/services/hardware/interception-tools.nix>
|
services.interception-tools.udevmonConfig
String of udevmon YAML configuration, or path to a udevmon YAML configuration file.
Type: string or path
Default:
'' - JOB: "intercept -g $DEVNODE | caps2esc | uinput -d $DEVNODE" DEVICE: EVENTS: EV_KEY: [KEY_CAPSLOCK, KEY_ESC] ''
Example:
'' - JOB: "intercept -g $DEVNODE | y2z | x2y | uinput -d $DEVNODE" DEVICE: EVENTS: EV_KEY: [KEY_X, KEY_Y] ''
Declared by:
<nixpkgs/nixos/modules/services/hardware/interception-tools.nix>
|
services.iodine.clients
Each attribute of this option defines a systemd service that
runs iodine. Many or none may be defined.
The name of each service is
iodine-
where name
name
is the name of the
corresponding attribute name.
Type: attribute set of submodules
Default:
{
}
Example:
{ foo = { server = "tunnel.mdomain.com"; relay = "8.8.8.8"; extraConfig = "-v"; } }
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
|
services.iodine.clients.<name>.extraConfig
Additional command line parameters
Type: string
Default:
""
Example:
"-l 192.168.1.10 -p 23"
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
|
services.iodine.clients.<name>.passwordFile
File that containts password
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
|
services.iodine.clients.<name>.relay
DNS server to use as a intermediate relay to the iodined server
Type: string
Default:
""
Example:
"8.8.8.8"
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
|
services.iodine.clients.<name>.server
Domain or Subdomain of server running iodined
Type: string
Default:
""
Example:
"tunnel.mydomain.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
|
services.iodine.server.enable
enable iodined server
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
|
services.iodine.server.domain
Domain or subdomain of which nameservers point to us
Type: string
Default:
""
Example:
"tunnel.mydomain.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
|
services.iodine.server.extraConfig
Additional command line parameters
Type: string
Default:
""
Example:
"-l 192.168.1.10 -p 23"
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
|
services.iodine.server.ip
The assigned ip address or ip range
Type: string
Default:
""
Example:
"172.16.10.1/24"
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
|
services.iodine.server.passwordFile
File that containts password
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
|
services.iperf3.enable
Whether to enable iperf3 network throughput testing server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
|
services.iperf3.affinity
CPU affinity for the process.
Type: null or unsigned integer, meaning >=0
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
|
services.iperf3.authorizedUsersFile
Path to the configuration file containing authorized users credentials to run iperf tests.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
|
services.iperf3.bind
Bind to the specific interface associated with the given address.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
|
services.iperf3.debug
Emit debugging output.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
|
services.iperf3.extraFlags
Extra flags to pass to iperf3(1).
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
|
services.iperf3.forceFlush
Force flushing output at every interval.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
|
services.iperf3.port
Server port to listen on for iperf3 client requsts.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
5201
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
|
services.iperf3.rsaPrivateKey
Path to the RSA private key (not password-protected) used to decrypt authentication credentials from the client.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
|
services.iperf3.verbose
Give more detailed output.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
|
services.ipfs.enable
Whether to enable Interplanetary File System.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
|
services.ipfs.enableGC
Whether to enable automatic garbage collection
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
|
services.ipfs.apiAddress
Where IPFS exposes its API to
Type: string
Default:
"/ip4/127.0.0.1/tcp/5001"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
|
services.ipfs.autoMount
Whether IPFS should try to mount /ipfs and /ipns at startup.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
|
services.ipfs.dataDir
The data dir for IPFS
Type: string
Default:
"/var/lib/ipfs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
|
services.ipfs.defaultMode
systemd service that is enabled by default
Type: one of "online", "offline", "norouting"
Default:
"online"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
|
services.ipfs.emptyRepo
If set to true, the repo won't be initialized with help files
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
|
services.ipfs.extraConfig
Attrset of daemon configuration to set using ipfs config, every time the daemon starts. These are applied last, so may override configuration set by other options in this module. Keep in mind that this configuration is stateful; i.e., unsetting anything in here does not reset the value to the default!
Type: attribute set
Default:
{
}
Example:
{
Bootstrap =
[
"/ip4/128.199.219.111/tcp/4001/ipfs/QmSoLSafTMBsPKadTEgaXctDQVcqN88CNLHXMkTNwMKPnu" "/ip4/162.243.248.213/tcp/4001/ipfs/QmSoLueR4xBeUbY9WZ9xGUUxunbKWcrNFTDAadQJmocnWm"
]
; Datastore =
{
StorageMax = "100GB";
}
; Discovery =
{
MDNS =
{
Enabled = false;
}
;
}
; Swarm =
{
AddrFilters = null;
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
|
services.ipfs.extraFlags
Extra flags passed to the IPFS daemon
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
|
services.ipfs.gatewayAddress
Where the IPFS Gateway can be reached
Type: string
Default:
"/ip4/127.0.0.1/tcp/8080"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
|
services.ipfs.group
Group under which the IPFS daemon runs
Type: string
Default:
"ipfs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
|
services.ipfs.ipfsMountDir
Where to mount the IPFS namespace to
Type: string
Default:
"/ipfs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
|
services.ipfs.ipnsMountDir
Where to mount the IPNS namespace to
Type: string
Default:
"/ipns"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
|
services.ipfs.localDiscovery
Whether to enable local discovery for the ipfs daemon. This will allow ipfs to scan ports on your local network. Some hosting services will ban you if you do this.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
|
services.ipfs.serviceFdlimit
The fdlimit for the IPFS systemd unit or null
to have the daemon attempt to manage it
Type: null or signed integer
Default:
null
Example:
65536
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
|
services.ipfs.swarmAddress
Where IPFS listens for incoming p2p connections
Type: list of strings
Default:
[
"/ip4/0.0.0.0/tcp/4001" "/ip6/::/tcp/4001"
]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
|
services.ipfs.user
User under which the IPFS daemon runs
Type: string
Default:
"ipfs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
|
services.ircdHybrid.enable
Enable IRCD.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.ircdHybrid.adminEmail
IRCD server administrator e-mail.
Type: unspecified
Default:
"<bit-bucket@example.com>"
Example:
"<name@domain.tld>"
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.ircdHybrid.certificate
IRCD server SSL certificate. There are some limitations - read manual.
Type: unspecified
Default:
null
Example:
/root/certificates/irc.pem
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.ircdHybrid.description
IRCD server description.
Type: unspecified
Default:
"Hybrid-7 IRC server."
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.ircdHybrid.extraIPs
Extra IP's to bind.
Type: unspecified
Default:
[
]
Example:
[
"127.0.0.1"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.ircdHybrid.extraPort
Extra port to avoid filtering.
Type: unspecified
Default:
"7117"
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.ircdHybrid.rsaKey
IRCD server RSA key.
Type: unspecified
Default:
null
Example:
/root/certificates/irc.key
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.ircdHybrid.serverName
IRCD server name.
Type: unspecified
Default:
"hades.arpa"
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.ircdHybrid.sid
IRCD server unique ID in a net of servers.
Type: unspecified
Default:
"0NL"
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.irkerd.enable
Whether to enable irker, an IRC notification daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/irkerd.nix>
|
services.irkerd.listenAddress
Specifies the bind address on which the irker daemon listens. The default is localhost.
Irker authors strongly warn about the risks of running this on a publicly accessible interface, so change this with caution.
Type: string
Default:
"localhost"
Example:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/irkerd.nix>
|
services.irkerd.nick
Nick to use for irker
Type: string
Default:
"irker"
Declared by:
<nixpkgs/nixos/modules/services/misc/irkerd.nix>
|
services.irkerd.openPorts
Open ports in the firewall for irkerd
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/irkerd.nix>
|
services.irqbalance.enable
Whether to enable irqbalance daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/irqbalance.nix>
|
services.jackett.enable
Whether to enable Jackett.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/jackett.nix>
|
services.jboss.enable
Whether to enable JBoss. WARNING : this package is outdated and is known to have vulnerabilities.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
|
services.jboss.deployDir
Location of the deployment files
Type: unspecified
Default:
"/nix/var/nix/profiles/default/server/default/deploy/"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
|
services.jboss.libUrl
Location where the shared library JARs are stored
Type: unspecified
Default:
"file:///nix/var/nix/profiles/default/server/default/lib"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
|
services.jboss.logDir
Location of the logfile directory of JBoss
Type: unspecified
Default:
"/var/log/jboss"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
|
services.jboss.serverDir
Location of the server instance files
Type: unspecified
Default:
"/var/jboss/server"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
|
services.jboss.tempDir
Location where JBoss stores its temp files
Type: unspecified
Default:
"/tmp"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
|
services.jboss.useJK
Whether to use to connector to the Apache HTTP server
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
|
services.jboss.user
User account under which jboss runs.
Type: unspecified
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
|
services.jenkins.enable
Whether to enable the jenkins continuous integration server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.package
Jenkins package to use.
Type: package
Default:
"pkgs.jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.packages
Packages to add to PATH for the jenkins process.
Type: list of packages
Default:
"[ pkgs.stdenv pkgs.git pkgs.jdk config.programs.ssh.package pkgs.nix ]"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.environment
Additional environment variables to be passed to the jenkins process.
As a base environment, jenkins receives NIX_PATH from
environment.sessionVariables
, NIX_REMOTE is set to
"daemon" and JENKINS_HOME is set to the value of
services.jenkins.home
.
This option has precedence and can be used to override those
mentioned variables.
Type: attribute set of strings
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.extraGroups
List of extra groups that the "jenkins" user should be a part of.
Type: list of strings
Default:
[
]
Example:
[
"wheel" "dialout"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.extraJavaOptions
Additional command line arguments to pass to the Java run time (as opposed to Jenkins).
Type: list of strings
Default:
[
]
Example:
[
"-Xmx80m"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.extraOptions
Additional command line arguments to pass to Jenkins.
Type: list of strings
Default:
[
]
Example:
[
"--debug=9"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.group
If the default user "jenkins" is configured then this is the primary group of that user.
Type: string
Default:
"jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.home
The path to use as JENKINS_HOME. If the default user "jenkins" is configured then this is the home of the "jenkins" user.
Type: path
Default:
"/var/lib/jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.jobBuilder.enable
Whether or not to enable the Jenkins Job Builder (JJB) service. It allows defining jobs for Jenkins in a declarative manner.
Jobs managed through the Jenkins WebUI (or by other means) are left unchanged.
Note that it really is declarative configuration; if you remove a previously defined job, the corresponding job directory will be deleted.
Please see the Jenkins Job Builder documentation for more info: http://docs.openstack.org/infra/jenkins-job-builder/
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix>
|
services.jenkins.jobBuilder.accessToken
User token in Jenkins used to reload config.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix>
|
services.jenkins.jobBuilder.accessUser
User id in Jenkins used to reload config.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix>
|
services.jenkins.jobBuilder.jsonJobs
Job descriptions for Jenkins Job Builder in JSON format.
Type: list of strings
Default:
[
]
Example:
[ '' [ { "job": { "name": "jenkins-job-test-2", "builders": [ "shell": "echo 'Hello world!'" ] } } ] '' ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix>
|
services.jenkins.jobBuilder.nixJobs
Job descriptions for Jenkins Job Builder in Nix format.
This is a trivial wrapper around jsonJobs, using builtins.toJSON behind the scene.
Type: list of attribute sets
Default:
[
]
Example:
[ { job = { name = "jenkins-job-test-3"; builders = [ { shell = "echo 'Hello world!'"; } ]; }; } ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix>
|
services.jenkins.jobBuilder.yamlJobs
Job descriptions for Jenkins Job Builder in YAML format.
Type: string
Default:
""
Example:
'' - job: name: jenkins-job-test-1 builders: - shell: echo 'Hello world!' ''
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix>
|
services.jenkins.listenAddress
Specifies the bind address on which the jenkins HTTP interface listens. The default is the wildcard address.
Type: string
Default:
"0.0.0.0"
Example:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.plugins
A set of plugins to activate. Note that this will completely
remove and replace any previously installed plugins. If you
have manually-installed plugins that you want to keep while
using this module, set this option to
null
. You can generate this set with a
tool such as jenkinsPlugins2nix
.
Type: null or attribute set of packages
Default:
null
Example:
import path/to/jenkinsPlugins2nix-generated-plugins.nix { inherit (pkgs) fetchurl stdenv; }
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.port
Specifies port number on which the jenkins HTTP interface listens. The default is 8080.
Type: signed integer
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.prefix
Specifies a urlPrefix to use with jenkins. If the example /jenkins is given, the jenkins server will be accessible using localhost:8080/jenkins.
Type: string
Default:
""
Example:
"/jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.user
User the jenkins server should execute under.
Type: string
Default:
"jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkinsSlave.enable
If true the system will be configured to work as a jenkins slave. If the system is also configured to work as a jenkins master then this has no effect. In progress: Currently only assures the jenkins user is configured.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix>
|
services.jenkinsSlave.group
If the default slave agent user "jenkins" is configured then this is the primary group of that user.
Type: string
Default:
"jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix>
|
services.jenkinsSlave.home
The path to use as JENKINS_HOME. If the default user "jenkins" is configured then this is the home of the "jenkins" user.
Type: path
Default:
"/var/lib/jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix>
|
services.jenkinsSlave.user
User the jenkins slave agent should execute under.
Type: string
Default:
"jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix>
|
services.jira.enable
Whether to enable Atlassian JIRA service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.catalinaOptions
Java options to pass to catalina/tomcat.
Type: list of strings
Default:
[
]
Example:
[
"-Xms1024m" "-Xmx2048m"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.group
Group which runs JIRA.
Type: string
Default:
"jira"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.home
Home directory of the JIRA instance.
Type: string
Default:
"/var/lib/jira"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.jrePackage
Note that Atlassian only support the Oracle JRE (JRASERVER-46152).
Type: package
Default:
"pkgs.oraclejre8"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.listenAddress
Address to listen on.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.listenPort
Port to listen on.
Type: signed integer
Default:
8091
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.proxy.enable
Whether to enable reverse proxy support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.proxy.name
Virtual hostname at the proxy
Type: string
Example:
"jira.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.proxy.port
Port used at the proxy
Type: signed integer
Default:
443
Example:
80
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.proxy.scheme
Protocol used at the proxy.
Type: string
Default:
"https"
Example:
"http"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.proxy.secure
Whether the connections to the proxy should be considered secure.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.sso.enable
Whether to enable SSO with Atlassian Crowd.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.sso.applicationName
Exact name of this JIRA instance in Crowd
Type: string
Example:
"jira"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.sso.applicationPassword
Application password of this JIRA instance in Crowd
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.sso.crowd
Crowd Base URL without trailing slash
Type: string
Example:
"http://localhost:8095/crowd"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.sso.validationInterval
Set to 0, if you want authentication checks to occur on each request. Otherwise set to the number of minutes between request to validate if the user is logged in or out of the Crowd SSO server. Setting this value to 1 or higher will increase the performance of Crowd's integration.
Type: signed integer
Default:
2
Example:
0
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.user
User which runs JIRA.
Type: string
Default:
"jira"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.journalbeat.enable
Whether to enable journalbeat.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/logging/journalbeat.nix>
|
services.journalbeat.extraConfig
Any other configuration options you want to add
Type: string
Default:
'' journalbeat: seek_position: cursor cursor_seek_fallback: tail write_cursor_state: true cursor_flush_period: 5s clean_field_names: true convert_to_numbers: false move_metadata_to_field: journal default_type: journal ''
Declared by:
<nixpkgs/nixos/modules/services/logging/journalbeat.nix>
|
services.journalbeat.name
Name of the beat
Type: string
Default:
"journalbeat"
Declared by:
<nixpkgs/nixos/modules/services/logging/journalbeat.nix>
|
services.journalbeat.stateDir
The state directory. Journalbeat's own logs and other data are stored here.
Type: string
Default:
"/var/lib/journalbeat"
Declared by:
<nixpkgs/nixos/modules/services/logging/journalbeat.nix>
|
services.journalbeat.tags
Tags to place on the shipped log messages
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/logging/journalbeat.nix>
|
services.journald.enableHttpGateway
Whether to enable the HTTP gateway to the journal.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
services.journald.console
If non-empty, write log messages to the specified TTY device.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
services.journald.extraConfig
Extra config options for systemd-journald. See man journald.conf for available options.
Type: string
Default:
""
Example:
"Storage=volatile"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
services.journald.rateLimitBurst
Configures the rate limiting burst limit (number of messages per interval) that is applied to all messages generated on the system. This rate limiting is applied per-service, so that two services which log do not interfere with each other's limit.
Type: signed integer
Default:
1000
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
services.journald.rateLimitInterval
Configures the rate limiting interval that is applied to all messages generated on the system. This rate limiting is applied per-service, so that two services which log do not interfere with each other's limit. The value may be specified in the following units: s, min, h, ms, us. To turn off any kind of rate limiting, set either value to 0.
Type: string
Default:
"30s"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
services.journalwatch.enable
If enabled, periodically check the journal with journalwatch and report the results by mail.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
|
services.journalwatch.accuracy
The time window around the interval in which the journalwatch run will be scheduled.
The format is described in systemd.time(7).
Type: string
Default:
"10min"
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
|
services.journalwatch.extraConfig
Extra lines to be added verbatim to the journalwatch/config configuration file.
You can add any commandline argument to the config, without the '--'.
See journalwatch --help
for all arguments and their description.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
|
services.journalwatch.filterBlocks
filterBlocks can be defined to blacklist journal messages which are not errors. Each block matches on a log entry field, and the filters in that block then are matched against all messages with a matching log entry field.
All messages whose PRIORITY is at least 6 (INFO) are processed by journalwatch. If you don't specify any filterBlocks, PRIORITY is reduced to 5 (NOTICE) by default.
All regular expressions are extended Python regular expressions, for details see: http://doc.pyschools.com/html/regex.html
Type: list of submodules
Default:
[
{
filters = "(Stopped|Stopping|Starting|Started) .*\n(Created slice|Removed slice) user-\\d*\\.slice\\.\nReceived SIGRTMIN\\+24 from PID .*\n(Reached target|Stopped target) .*\nStartup finished in \\d*ms\\.\n"; match = "SYSLOG_IDENTIFIER = systemd";
}
]
Example:
[
{
filters = "New session [a-z]?\\d+ of user \\w+\\.\nRemoved session [a-z]?\\d+\\.\n"; match = "_SYSTEMD_UNIT = systemd-logind.service";
}
{
filters = "pam_unix\\(crond:session\\): session (opened|closed) for user \\w+\n\\(\\w+\\) CMD .*\n"; match = "SYSLOG_IDENTIFIER = /(CROND|crond)/";
}
]
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
|
services.journalwatch.filterBlocks.*.filters
The filters to apply on all messages which satisfy match
.
Any of those messages that match any specified filter will be removed from journalwatch's output.
Each filter is an extended Python regular expression.
You can specify multiple filters and separate them by newlines.
Lines starting with '#' are comments. Inline-comments are not permitted.
Type: string
Example:
'' (Stopped|Stopping|Starting|Started) .* (Reached target|Stopped target) .* ''
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
|
services.journalwatch.filterBlocks.*.match
Syntax: field = value
Specifies the log entry field
this block should apply to.
If the field
of a message matches this value
,
this patternBlock's filters
are applied.
If value
starts and ends with a slash, it is interpreted as
an extended python regular expression, if not, it's an exact match.
The journal fields are explained in systemd.journal-fields(7).
Type: string
Example:
"SYSLOG_IDENTIFIER = systemd"
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
|
services.journalwatch.interval
How often to run journalwatch.
The format is described in systemd.time(7).
Type: string
Default:
"hourly"
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
|
services.journalwatch.mailBinary
Sendmail-compatible binary to be used to send the messages.
Type: path
Default:
"/run/wrappers/bin/sendmail"
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
|
services.journalwatch.mailFrom
Mail address to send journalwatch reports from.
Type: string
Default:
"journalwatch@nixos"
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
|
services.journalwatch.mailTo
Mail address to send journalwatch reports to.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
|
services.journalwatch.priority
Lowest priority of message to be considered.
A value between 7 ("debug"), and 0 ("emerg"). Defaults to 6 ("info").
If you don't care about anything with "info" priority, you can reduce
this to e.g. 5 ("notice") to considerably reduce the amount of
messages without needing many filterBlocks
.
Type: signed integer
Default:
6
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
|
services.jupyter.enable
Whether to enable Jupyter development server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.group
Name of the group used to run the jupyter service. Use this if you want to create a group of users that are able to view the notebook directory's content.
Type: string
Default:
"jupyter"
Example:
"users"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.ip
IP address Jupyter will be listening on.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.kernels
Declarative kernel config
Kernels can be declared in any language that supports and has the required dependencies to communicate with a jupyter server. In python's case, it means that ipykernel package must always be included in the list of packages of the targeted environment.
Type: null or attribute set of submodules
Default:
null
Example:
{ python3 = let env = (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ ipykernel pandas scikitlearn ])); in { displayName = "Python 3 for machine learning"; argv = [ "$ {env.interpreter}" "-m" "ipykernel_launcher" "-f" "{connection_file}" ]; language = "python"; logo32 = "$ {env.sitePackages}/ipykernel/resources/logo-32x32.png"; logo64 = "$ {env.sitePackages}/ipykernel/resources/logo-64x64.png"; }; }
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.kernels.<name>.argv
Command and arguments to start the kernel.
Type: list of strings
Example:
[
"{customEnv.interpreter}" "-m" "ipykernel_launcher" "-f" "{connection_file}"
]
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.kernels.<name>.displayName
Name that will be shown to the user.
Type: string
Default:
""
Example:
[
"Python 3" "Python 3 for Data Science"
]
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.kernels.<name>.language
Language of the environment. Typically the name of the binary.
Type: string
Example:
"python"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.kernels.<name>.logo32
Path to 32x32 logo png.
Type: null or path
Default:
null
Example:
"{env.sitePackages}/ipykernel/resources/logo-32x32.png"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.kernels.<name>.logo64
Path to 64x64 logo png.
Type: null or path
Default:
null
Example:
"{env.sitePackages}/ipykernel/resources/logo-64x64.png"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.notebookConfig
Raw jupyter config.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.notebookDir
Root directory for notebooks.
Type: string
Default:
"~/"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.password
Password to use with notebook. Can be generated using: In [1]: from notebook.auth import passwd In [2]: passwd('test') Out[2]: 'sha1:1b961dc713fb:88483270a63e57d18d43cf337e629539de1436ba' NOTE: you need to keep the single quote inside the nix string. Or you can use a python oneliner: "open('/path/secret_file', 'r', encoding='utf8').read().strip()" It will be interpreted at the end of the notebookConfig.
Type: string
Example:
[
"'sha1:1b961dc713fb:88483270a63e57d18d43cf337e629539de1436ba'" "open('/path/secret_file', 'r', encoding='utf8').read().strip()"
]
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.port
Port number Jupyter will be listening on.
Type: signed integer
Default:
8888
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.user
Name of the user used to run the jupyter service. For security reason, jupyter should really not be run as root. If not set (jupyter), the service will create a jupyter user with appropriate settings.
Type: string
Default:
"jupyter"
Example:
"aborsu"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.kbfs.enable
Whether to mount the Keybase filesystem.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kbfs.nix>
|
services.kbfs.extraFlags
Additional flags to pass to the Keybase filesystem on launch.
Type: list of strings
Default:
[
]
Example:
[
"-label kbfs" "-mount-type normal"
]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kbfs.nix>
|
services.kbfs.mountPoint
Mountpoint for the Keybase filesystem.
Type: string
Default:
"%h/keybase"
Example:
"/keybase"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kbfs.nix>
|
services.keepalived.enable
Whether to enable Keepalived.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.enableScriptSecurity
Don't run scripts configured to be run as root if any part of the path is writable by a non-root user.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.extraConfig
Extra lines to be added verbatim to the configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.extraGlobalDefs
Extra lines to be added verbatim to the 'global_defs' block of the configuration file
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.snmp.enable
Whether to enable the builtin AgentX subagent.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.snmp.enableChecker
Enable SNMP handling of checker element of KEEPALIVED MIB.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.snmp.enableKeepalived
Enable SNMP handling of vrrp element of KEEPALIVED MIB.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.snmp.enableRfc
Enable SNMP handling of RFC2787 and RFC6527 VRRP MIBs.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.snmp.enableRfcV2
Enable SNMP handling of RFC2787 VRRP MIB.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.snmp.enableRfcV3
Enable SNMP handling of RFC6527 VRRP MIB.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.snmp.enableTraps
Enable SNMP traps.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.snmp.socket
Socket to use for connecting to SNMP master agent. If this value is set to null, keepalived's default will be used, which is unix:/var/agentx/master, unless using a network namespace, when the default is udp:localhost:705.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances
Declarative vhost config
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.extraConfig
Extra lines to be added verbatim to the vrrp_instance section.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.interface
Interface for inside_network, bound by vrrp.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.noPreempt
VRRP will normally preempt a lower priority machine when a higher priority machine comes online. "nopreempt" allows the lower priority machine to maintain the master role, even when a higher priority machine comes back online. NOTE: For this to work, the initial state of this entry must be BACKUP.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.priority
For electing MASTER, highest priority wins. To be MASTER, make 50 more than other machines.
Type: signed integer
Default:
100
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.state
Initial state. As soon as the other machine(s) come up, an election will be held and the machine with the highest "priority" will become MASTER. So the entry here doesn't matter a whole lot.
Type: one of "MASTER", "BACKUP"
Default:
"BACKUP"
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.trackInterfaces
List of network interfaces to monitor for health tracking.
Type: list of strings
Default:
[
]
Example:
[
"eth0" "eth1"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.trackScripts
List of script names to invoke for health tracking.
Type: list of strings
Default:
[
]
Example:
[
"chk_cmd1" "chk_cmd2"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.unicastPeers
Do not send VRRP adverts over VRRP multicast group. Instead it sends adverts to the following list of ip addresses using unicast design fashion. It can be cool to use VRRP FSM and features in a networking environment where multicast is not supported! IP Addresses specified can IPv4 as well as IPv6.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.unicastSrcIp
Default IP for binding vrrpd is the primary IP on interface. If you want to hide location of vrrpd, use this IP as src_addr for unicast vrrp packets.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.useVmac
Use VRRP Virtual MAC.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.virtualIps
Declarative vhost config
Type: list of submodules
Default:
[
]
Example:
TODO: Example
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.virtualIps.*.addr
IP address, optionally with a netmask: IPADDR[/MASK]
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.virtualIps.*.brd
The broadcast address on the interface.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.virtualIps.*.dev
The name of the device to add the address to.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.virtualIps.*.label
Each address may be tagged with a label string. In order to preserve compatibility with Linux-2.0 net aliases, this string must coincide with the name of the device or must be prefixed with the device name followed by colon.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.virtualIps.*.scope
The scope of the area where this address is valid.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.virtualRouterId
Arbitrary unique number 0..255. Used to differentiate multiple instances of vrrpd running on the same NIC (and hence same socket).
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.vmacInterface
Name of the vmac interface to use. keepalived will come up with a name if you don't specify one.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.vmacXmitBase
Send/Recv VRRP messages from base interface instead of VMAC interface.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpScripts
Declarative vrrp script config
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpScripts.<name>.extraConfig
Extra lines to be added verbatim to the vrrp_script section.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpScripts.<name>.fall
Required number of failures for KO transition.
Type: signed integer
Default:
3
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpScripts.<name>.group
Name of group to run the script under. Defaults to user group.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpScripts.<name>.interval
Seconds between script invocations.
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpScripts.<name>.rise
Required number of successes for OK transition.
Type: signed integer
Default:
5
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpScripts.<name>.script
(Path of) Script command to execute followed by args, i.e. cmd [args]...
Type: string
Example:
"\${pkgs.curl} -f http://localhost:80"
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpScripts.<name>.timeout
Seconds after which script is considered to have failed.
Type: signed integer
Default:
5
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpScripts.<name>.user
Name of user to run the script under.
Type: string
Default:
"keepalived_script"
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpScripts.<name>.weight
Following a failure, adjust the priority by this weight.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.kerberos_server.enable
Enable the kerberos authentification server.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/system/kerberos.nix>
|
services.keybase.enable
Whether to start the Keybase service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/keybase.nix>
|
services.kibana.enable
Whether to enable enable kibana service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.package
Kibana package to use
Type: package
Default:
"pkgs.kibana"
Example:
"pkgs.kibana5"
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.cert
Kibana ssl certificate.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.dataDir
Kibana data directory
Type: path
Default:
"/var/lib/kibana"
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.defaultAppId
Elasticsearch default application id.
Type: string
Default:
"discover"
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.elasticsearch.ca
CA file to auth against elasticsearch.
It's recommended to use the certificateAuthorities
option
when using kibana-5.4 or newer.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.elasticsearch.cert
Certificate file to auth against elasticsearch.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.elasticsearch.certificateAuthorities
CA files to auth against elasticsearch.
Please use the ca
option when using kibana < 5.4
because those old versions don't support setting multiple CA's.
This defaults to the singleton list [ca] when the ca
option is defined.
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.elasticsearch.key
Key file to auth against elasticsearch.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.elasticsearch.password
Password for elasticsearch basic auth.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.elasticsearch.url
Elasticsearch url
Type: string
Default:
"http://localhost:9200"
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.elasticsearch.username
Username for elasticsearch basic auth.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.extraConf
Kibana extra configuration
Type: attribute set
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.index
Elasticsearch index to use for saving kibana config.
Type: string
Default:
".kibana"
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.key
Kibana ssl key.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.listenAddress
Kibana listening host
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.port
Kibana listening port
Type: signed integer
Default:
5601
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kippo.enable
Enable the kippo honeypot ssh server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/kippo.nix>
|
services.kippo.extraConfig
Extra verbatim configuration added to the end of kippo.cfg.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/kippo.nix>
|
services.kippo.hostname
Hostname for kippo to present to SSH login
Type: string
Default:
"nas3"
Declared by:
<nixpkgs/nixos/modules/services/networking/kippo.nix>
|
services.kippo.logPath
Path of log files needed for operation and configuration.
Type: string
Default:
"/var/log/kippo"
Declared by:
<nixpkgs/nixos/modules/services/networking/kippo.nix>
|
services.kippo.pidPath
Path of pid files needed for operation.
Type: string
Default:
"/run/kippo"
Declared by:
<nixpkgs/nixos/modules/services/networking/kippo.nix>
|
services.kippo.port
TCP port number for kippo to bind to.
Type: signed integer
Default:
2222
Declared by:
<nixpkgs/nixos/modules/services/networking/kippo.nix>
|
services.kippo.varPath
Path of read/write files needed for operation and configuration.
Type: string
Default:
"/var/lib/kippo"
Declared by:
<nixpkgs/nixos/modules/services/networking/kippo.nix>
|
services.klogd.enable
Whether to enable klogd, the kernel log message processing daemon. Since systemd handles logging of kernel messages on Linux 3.5 and later, this is only useful if you're running an older kernel.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/logging/klogd.nix>
|
services.kmscon.enable
Use kmscon as the virtual console instead of gettys. kmscon is a kms/dri-based userspace virtual terminal implementation. It supports a richer feature set than the standard linux console VT, including full unicode support, and when the video card supports drm should be much faster.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/ttys/kmscon.nix>
|
services.kmscon.extraConfig
Extra contents of the kmscon.conf file.
Type: string
Default:
""
Example:
"font-size=14"
Declared by:
<nixpkgs/nixos/modules/services/ttys/kmscon.nix>
|
services.kmscon.extraOptions
Extra flags to pass to kmscon.
Type: string
Default:
""
Example:
"--term xterm-256color"
Declared by:
<nixpkgs/nixos/modules/services/ttys/kmscon.nix>
|
services.kmscon.hwRender
Whether to use 3D hardware acceleration to render the console.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/ttys/kmscon.nix>
|
services.kresd.enable
Whether to enable knot-resolver domain name server.
DNSSEC validation is turned on by default.
You can run sudo nc -U /run/kresd/control
and give commands interactively to kresd.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/kresd.nix>
|
services.kresd.cacheDir
Directory for caches. They are intended to survive reboots.
Type: path
Default:
"/var/cache/kresd"
Declared by:
<nixpkgs/nixos/modules/services/networking/kresd.nix>
|
services.kresd.extraConfig
Extra lines to be added verbatim to the generated configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/kresd.nix>
|
services.kresd.interfaces
What addresses the server should listen on. (UDP+TCP 53)
Type: list of strings
Default:
[
"::1" "127.0.0.1"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/kresd.nix>
|
services.kresd.listenTLS
Addresses on which kresd should provide DNS over TLS (see RFC 7858). For detailed syntax see ListenStream in man systemd.socket.
Type: list of strings
Default:
[
]
Example:
[
"198.51.100.1:853" "[2001:db8::1]:853" "853"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/kresd.nix>
|
services.kubernetes.package
Kubernetes package to use.
Type: package
Default:
"pkgs.kubernetes"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.addonManager.enable
Whether to enable Kubernetes addon manager.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.addonManager.addons
Kubernetes addons (any kind of Kubernetes resource can be an addon).
Type: attribute set of attribute set or list of attribute setss
Default:
{
}
Example:
{ "my-service" = { "apiVersion" = "v1"; "kind" = "Service"; "metadata" = { "name" = "my-service"; "namespace" = "default"; }; "spec" = { ... }; }; } // import <nixpkgs/nixos/modules/services/cluster/kubernetes/dashboard.nix> { cfg = config.services.kubernetes; };
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.addons.dashboard.enable
Whether to enable kubernetes dashboard addon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/dashboard.nix>
|
services.kubernetes.addons.dashboard.image
Docker image to seed for the kubernetes dashboard container.
Type: attribute set
Default:
{
finalImageTag = "v1.8.3"; imageDigest = "sha256:dc4026c1b595435ef5527ca598e1e9c4343076926d7d62b365c44831395adbd0"; imageName = "k8s.gcr.io/kubernetes-dashboard-amd64"; sha256 = "18ajcg0q1vignfjk2sm4xj4wzphfz8wah69ps8dklqfvv0164mc8";
}
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/dashboard.nix>
|
services.kubernetes.addons.dashboard.rbac
Role-based access control (RBAC) options
Type: submodule
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/dashboard.nix>
|
services.kubernetes.addons.dashboard.rbac.enable
Whether to enable role based access control is enabled for kubernetes dashboard
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/dashboard.nix>
|
services.kubernetes.addons.dashboard.rbac.clusterAdmin
Whether to assign cluster admin rights to the kubernetes dashboard
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/dashboard.nix>
|
services.kubernetes.addons.dashboard.version
Which version of the kubernetes dashboard to deploy
Type: string
Default:
"v1.8.3"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/dashboard.nix>
|
services.kubernetes.addons.dns.enable
Whether to enable kubernetes dns addon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/dns.nix>
|
services.kubernetes.addons.dns.clusterDomain
Dns cluster domain
Type: string
Default:
"cluster.local"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/dns.nix>
|
services.kubernetes.addons.dns.clusterIp
Dns addon clusterIP
Type: string
Default:
"10.0.0.254"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/dns.nix>
|
services.kubernetes.addons.dns.dnsmasq-nanny
Docker image to seed for the kube-dns dnsmasq container.
Type: attribute set
Default:
{
finalImageTag = "1.14.10"; imageDigest = "sha256:bbb2a290a568125b3b996028958eb773f33b5b87a6b37bf38a28f8b62dddb3c8"; imageName = "k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64"; sha256 = "1fihml7s2mfwgac51cbqpylkwbivc8nyhgi4vb820s83zvl8a6y1";
}
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/dns.nix>
|
services.kubernetes.addons.dns.kube-dns
Docker image to seed for the kube-dns main container.
Type: attribute set
Default:
{
finalImageTag = "1.14.10"; imageDigest = "sha256:b99fc3eee2a9f052f7eb4cc00f15eb12fc405fa41019baa2d6b79847ae7284a8"; imageName = "k8s.gcr.io/k8s-dns-kube-dns-amd64"; sha256 = "0x583znk9smqn0fix7ld8sm5jgaxhqhx3fq97b1wkqm7iwhvl3pj";
}
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/dns.nix>
|
services.kubernetes.addons.dns.sidecar
Docker image to seed for the kube-dns sidecar container.
Type: attribute set
Default:
{
finalImageTag = "1.14.10"; imageDigest = "sha256:4f1ab957f87b94a5ec1edc26fae50da2175461f00afecf68940c4aa079bd08a4"; imageName = "k8s.gcr.io/k8s-dns-sidecar-amd64"; sha256 = "08l1bv5jgrhvjzpqpbinrkgvv52snc4fzyd8ya9v18ns2klyz7m0";
}
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/dns.nix>
|
services.kubernetes.apiserver.enable
Whether to enable Kubernetes apiserver.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.enableAdmissionPlugins
Kubernetes admission control plugins to enable. See https://kubernetes.io/docs/admin/admission-controllers/
Type: list of strings
Default:
[
"NamespaceLifecycle" "LimitRanger" "ServiceAccount" "ResourceQuota" "DefaultStorageClass" "DefaultTolerationSeconds" "NodeRestriction"
]
Example:
[
"NamespaceLifecycle" "NamespaceExists" "LimitRanger" "SecurityContextDeny" "ServiceAccount" "ResourceQuota" "PodSecurityPolicy" "NodeRestriction" "DefaultStorageClass"
]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.advertiseAddress
Kubernetes apiserver IP address on which to advertise the apiserver to members of the cluster. This address must be reachable by the rest of the cluster.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.allowPrivileged
Whether to allow privileged containers on Kubernetes.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.authorizationMode
Kubernetes apiserver authorization mode (AlwaysAllow/AlwaysDeny/ABAC/Webhook/RBAC/Node). See https://kubernetes.io/docs/reference/access-authn-authz/authorization/
Type: list of one of "AlwaysAllow", "AlwaysDeny", "ABAC", "Webhook", "RBAC", "Node"s
Default:
[
"RBAC" "Node"
]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.authorizationPolicy
Kubernetes apiserver authorization policy file. See https://kubernetes.io/docs/reference/access-authn-authz/authorization/
Type: list of attribute sets
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.basicAuthFile
Kubernetes apiserver basic authentication file. See https://kubernetes.io/docs/reference/access-authn-authz/authentication
Type: null or path
Default:
(build of users)
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.bindAddress
The IP address on which to listen for the --secure-port port. The associated interface(s) must be reachable by the rest of the cluster, and by CLI/web clients.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.clientCaFile
Kubernetes apiserver CA file for client auth.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.disableAdmissionPlugins
Kubernetes admission control plugins to disable. See https://kubernetes.io/docs/admin/admission-controllers/
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.extraOpts
Kubernetes apiserver extra command line options.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.featureGates
List set of feature gates
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.kubeletClientCaFile
Path to a cert file for connecting to kubelet.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.kubeletClientCertFile
Client certificate to use for connections to kubelet.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.kubeletClientKeyFile
Key to use for connections to kubelet.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.kubeletHttps
Whether to use https for connections to kubelet.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.port
Kubernetes apiserver listening port.
Type: signed integer
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.runtimeConfig
Api runtime configuration. See https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/
Type: string
Default:
"authentication.k8s.io/v1beta1=true"
Example:
"api/all=false,api/v1=true"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.securePort
Kubernetes apiserver secure port.
Type: signed integer
Default:
443
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.serviceAccountKeyFile
Kubernetes apiserver PEM-encoded x509 RSA private or public key file, used to verify ServiceAccount tokens. By default tls private key file is used.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.serviceClusterIpRange
A CIDR notation IP range from which to assign service cluster IPs. This must not overlap with any IP ranges assigned to nodes for pods.
Type: string
Default:
"10.0.0.0/24"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.storageBackend
Kubernetes apiserver storage backend.
Type: one of "etcd2", "etcd3"
Default:
"etcd3"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.tlsCertFile
Kubernetes apiserver certificate file.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.tlsKeyFile
Kubernetes apiserver private key file.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.tokenAuthFile
Kubernetes apiserver token authentication file. See https://kubernetes.io/docs/reference/access-authn-authz/authentication
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.apiserver.webhookConfig
Kubernetes apiserver Webhook config file. It uses the kubeconfig file format. See https://kubernetes.io/docs/reference/access-authn-authz/webhook/
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.caFile
Default kubernetes certificate authority
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.clusterCidr
Kubernetes controller manager and proxy CIDR Range for Pods in cluster.
Type: string
Default:
"10.1.0.0/16"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.controllerManager.enable
Whether to enable Kubernetes controller manager.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.controllerManager.address
Kubernetes controller manager listening address.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.controllerManager.extraOpts
Kubernetes controller manager extra command line options.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.controllerManager.featureGates
List set of feature gates
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.controllerManager.kubeconfig.caFile
Kubernetes controller manager certificate authority file used to connect to kube-apiserver.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.controllerManager.kubeconfig.certFile
Kubernetes controller manager client certificate file used to connect to kube-apiserver.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.controllerManager.kubeconfig.keyFile
Kubernetes controller manager client key file used to connect to kube-apiserver.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.controllerManager.kubeconfig.server
Kubernetes controller manager kube-apiserver server address.
Type: string
Default:
"http://127.0.0.1:8080"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.controllerManager.leaderElect
Whether to start leader election before executing main loop.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.controllerManager.port
Kubernetes controller manager listening port.
Type: signed integer
Default:
10252
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.controllerManager.rootCaFile
Kubernetes controller manager certificate authority file included in service account's token secret.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.controllerManager.serviceAccountKeyFile
Kubernetes controller manager PEM-encoded private RSA key file used to sign service account tokens
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.dataDir
Kubernetes root directory for managing kubelet files.
Type: path
Default:
"/var/lib/kubernetes"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.etcd.caFile
Etcd ca file.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.etcd.certFile
Etcd cert file.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.etcd.keyFile
Etcd key file.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.etcd.servers
List of etcd servers. By default etcd is started, except if this option is changed.
Type: list of strings
Default:
[
"http://127.0.0.1:2379"
]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.featureGates
List set of feature gates
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.flannel.enable
Whether to enable flannel networking
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubeconfig.caFile
Default kubeconfig certificate authority file used to connect to kube-apiserver.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubeconfig.certFile
Default kubeconfig client certificate file used to connect to kube-apiserver.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubeconfig.keyFile
Default kubeconfig client key file used to connect to kube-apiserver.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubeconfig.server
Default kubeconfig kube-apiserver server address.
Type: string
Default:
"http://127.0.0.1:8080"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.enable
Whether to enable Kubernetes kubelet.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.address
Kubernetes kubelet info server listening address.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.allowPrivileged
Whether to allow Kubernetes containers to request privileged mode.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.applyManifests
Whether to apply manifests (this is true for master node).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.clientCaFile
Kubernetes apiserver CA file for client authentication.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.clusterDns
Use alternative DNS.
Type: string
Default:
"10.1.0.1"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.clusterDomain
Use alternative domain.
Type: string
Default:
"cluster.local"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.cni.packages
List of network plugin packages to install.
Type: list of packages
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.cni.config
Kubernetes CNI configuration.
Type: list of attribute sets
Default:
[
]
Example:
[{ "cniVersion": "0.2.0", "name": "mynet", "type": "bridge", "bridge": "cni0", "isGateway": true, "ipMasq": true, "ipam": { "type": "host-local", "subnet": "10.22.0.0/16", "routes": [ { "dst": "0.0.0.0/0" } ] } } { "cniVersion": "0.2.0", "type": "loopback" }]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.cni.configDir
Path to Kubernetes CNI configuration directory.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.extraOpts
Kubernetes kubelet extra command line options.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.featureGates
List set of feature gates
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.healthz.bind
Kubernetes kubelet healthz listening address.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.healthz.port
Kubernetes kubelet healthz port.
Type: signed integer
Default:
10248
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.hostname
Kubernetes kubelet hostname override.
Type: string
Default:
"nixos"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.kubeconfig.caFile
Kubelet certificate authority file used to connect to kube-apiserver.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.kubeconfig.certFile
Kubelet client certificate file used to connect to kube-apiserver.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.kubeconfig.keyFile
Kubelet client key file used to connect to kube-apiserver.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.kubeconfig.server
Kubelet kube-apiserver server address.
Type: string
Default:
"http://127.0.0.1:8080"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.manifests
List of manifests to bootstrap with kubelet (only pods can be created as manifest entry)
Type: attribute set of attribute sets
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.networkPlugin
Network plugin to use by Kubernetes.
Type: null or one of "cni", "kubenet"
Default:
"kubenet"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.nodeIp
IP address of the node. If set, kubelet will use this IP address for the node.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.port
Kubernetes kubelet info server listening port.
Type: signed integer
Default:
10250
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.registerNode
Whether to auto register kubelet with API server.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.seedDockerImages
List of docker images to preload on system
Type: list of packages
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.taints
Node taints (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/).
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.taints.<name>.effect
Effect of taint.
Type: one of "NoSchedule", "PreferNoSchedule", "NoExecute"
Example:
"NoSchedule"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.taints.<name>.key
Key of taint.
Type: string
Default:
"‹name›"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.taints.<name>.value
Value of taint.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.tlsCertFile
File containing x509 Certificate for HTTPS.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.tlsKeyFile
File containing x509 private key matching tlsCertFile.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.unschedulable
Whether to set node taint to unschedulable=true as it is the case of node that has only master role.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.path
Packages added to the services' PATH environment variable. Both the bin and sbin subdirectories of each package are added.
Type: list of packages
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.proxy.enable
Whether to enable Kubernetes proxy.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.proxy.address
Kubernetes proxy listening address.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.proxy.extraOpts
Kubernetes proxy extra command line options.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.proxy.featureGates
List set of feature gates
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.proxy.kubeconfig.caFile
Kubernetes proxy certificate authority file used to connect to kube-apiserver.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.proxy.kubeconfig.certFile
Kubernetes proxy client certificate file used to connect to kube-apiserver.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.proxy.kubeconfig.keyFile
Kubernetes proxy client key file used to connect to kube-apiserver.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.proxy.kubeconfig.server
Kubernetes proxy kube-apiserver server address.
Type: string
Default:
"http://127.0.0.1:8080"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.roles
Kubernetes role that this machine should take.
Master role will enable etcd, apiserver, scheduler and controller manager services. Node role will enable etcd, docker, kubelet and proxy services.
Type: list of one of "master", "node"s
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.scheduler.enable
Whether to enable Kubernetes scheduler.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.scheduler.address
Kubernetes scheduler listening address.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.scheduler.extraOpts
Kubernetes scheduler extra command line options.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.scheduler.featureGates
List set of feature gates
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.scheduler.kubeconfig.caFile
Kubernetes scheduler certificate authority file used to connect to kube-apiserver.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.scheduler.kubeconfig.certFile
Kubernetes scheduler client certificate file used to connect to kube-apiserver.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.scheduler.kubeconfig.keyFile
Kubernetes scheduler client key file used to connect to kube-apiserver.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.scheduler.kubeconfig.server
Kubernetes scheduler kube-apiserver server address.
Type: string
Default:
"http://127.0.0.1:8080"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.scheduler.leaderElect
Whether to start leader election before executing main loop.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.scheduler.port
Kubernetes scheduler listening port.
Type: signed integer
Default:
10251
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.verbose
Kubernetes enable verbose mode for debugging.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.lambdabot.enable
Enable the Lambdabot IRC bot
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/lambdabot.nix>
|
services.lambdabot.package
Used lambdabot package
Type: package
Default:
"pkgs.lambdabot"
Declared by:
<nixpkgs/nixos/modules/services/networking/lambdabot.nix>
|
services.lambdabot.script
Lambdabot script
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/lambdabot.nix>
|
services.leaps.enable
Whether to enable leaps.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/leaps.nix>
|
services.leaps.address
Hostname or IP-address to listen to. By default it will listen on all interfaces.
Type: string
Default:
""
Example:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/leaps.nix>
|
services.leaps.path
Subdirectory used for reverse proxy setups
Type: path
Default:
"/"
Declared by:
<nixpkgs/nixos/modules/services/misc/leaps.nix>
|
services.leaps.port
A port where leaps listens for incoming http requests
Type: signed integer
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/misc/leaps.nix>
|
services.libreswan.enable
Whether to enable libreswan ipsec service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/libreswan.nix>
|
services.libreswan.configSetup
Options to go in the 'config setup' section of the libreswan ipsec configuration
Type: string
Default:
'' protostack=netkey nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10 ''
Example:
'' secretsfile=/root/ipsec.secrets protostack=netkey nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/libreswan.nix>
|
services.libreswan.connections
A set of connections to define for the libreswan ipsec service
Type: attribute set of strings
Default:
{
}
Example:
{
myconnection = "auto=add\nleft=%defaultroute\nleftid=@user\n\nright=my.vpn.com\n\nikev2=no\nikelifetime=8h\n";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/libreswan.nix>
|
services.lidarr.enable
Whether to enable Lidarr.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/lidarr.nix>
|
services.lighttpd.enable
Enable the lighttpd web server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.lighttpd.enableModules
List of lighttpd modules to enable. Sub-services take care of
enabling modules as needed, so this option is mainly for when you
want to add custom stuff to
services.lighttpd.extraConfig
that depends on a
certain module.
Type: list of strings
Default:
[
]
Example:
[
"mod_cgi" "mod_status"
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.lighttpd.enableUpstreamMimeTypes
Whether to include the list of mime types bundled with lighttpd
(upstream). If you disable this, no mime types will be added by
NixOS and you will have to add your own mime types in
services.lighttpd.extraConfig
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.lighttpd.cgit.enable
If true, enable cgit (fast web interface for git repositories) as a sub-service in lighttpd.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/cgit.nix>
|
services.lighttpd.cgit.configText
Verbatim contents of the cgit runtime configuration file. Documentation (with cgitrc example file) is available in "man cgitrc". Or online: http://git.zx2c4.com/cgit/tree/cgitrc.5.txt
Type: string
Default:
""
Example:
'' cache-size=1000 scan-path=/srv/git ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/cgit.nix>
|
services.lighttpd.cgit.subdir
The subdirectory in which to serve cgit. The web application will be accessible at http://yourserver/${subdir}
Type: string
Default:
"cgit"
Example:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/cgit.nix>
|
services.lighttpd.collectd.enable
Whether to enable collectd subservice accessible at http://yourserver/collectd.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/collectd.nix>
|
services.lighttpd.collectd.collectionCgi
Path to collection.cgi script from (collectd sources)/contrib/collection.cgi This option allows to use a customized version
Type: path
Default:
(build of collection.cgi)
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/collectd.nix>
|
services.lighttpd.configText
Overridable config file contents to use for lighttpd. By default, use the contents automatically generated by NixOS.
Type: string
Default:
""
Example:
"...verbatim config file contents..."
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.lighttpd.document-root
Document-root of the web server. Must be readable by the "lighttpd" user.
Type: path
Default:
"/srv/www"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.lighttpd.extraConfig
These configuration lines will be appended to the generated lighttpd
config file. Note that this mechanism does not work when the manual
configText
option is used.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.lighttpd.gitweb.enable
If true, enable gitweb in lighttpd. Access it at http://yourserver/gitweb
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/gitweb.nix>
|
services.lighttpd.mod_status
Show server status overview at /server-status, statistics at /server-statistics and list of loaded modules at /server-config.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.lighttpd.mod_userdir
If true, requests in the form /~user/page.html are rewritten to take the file public_html/page.html from the home directory of the user.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.lighttpd.port
TCP port number for lighttpd to bind to.
Type: signed integer
Default:
80
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.liquidsoap.streams
Set of Liquidsoap streams to start, one systemd service per stream.
Type: attribute set of path or strings
Default:
{
}
Example:
{
myStream1 = "/etc/liquidsoap/myStream1.liq"; myStream2 = ./myStream2.liq; myStream3 = "out(playlist(\"/srv/music/\"))";
}
Declared by:
<nixpkgs/nixos/modules/services/audio/liquidsoap.nix>
|
services.lirc.enable
Whether to enable LIRC daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/lirc.nix>
|
services.lirc.configs
Configurations for lircd to load, see man:lircd.conf(5) for details (lircd.conf
)
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/hardware/lirc.nix>
|
services.lirc.extraArguments
Extra arguments to lircd.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/hardware/lirc.nix>
|
services.lirc.options
LIRC default options descriped in man:lircd(8) (lirc_options.conf
)
Type: string
Example:
'' [lircd] nodaemon = False ''
Declared by:
<nixpkgs/nixos/modules/services/hardware/lirc.nix>
|
services.lldpd.enable
Whether to enable Link Layer Discovery Protocol Daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/lldpd.nix>
|
services.lldpd.extraArgs
List of command line parameters for lldpd
Type: list of strings
Default:
[
]
Example:
[
"-c" "-k" "-I eth0"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/lldpd.nix>
|
services.localtime.enable
Enable localtime
, simple daemon for keeping the system
timezone up-to-date based on the current location. It uses geoclue2 to
determine the current location and systemd-timedated to actually set
the timezone.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/system/localtime.nix>
|
services.locate.enable
If enabled, NixOS will periodically update the database of files used by the locate command.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
|
services.locate.extraFlags
Extra flags to pass to updatedb.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
|
services.locate.interval
Update the locate database at this interval. Updates by default at 2:15 AM every day.
The format is described in systemd.time(7).
Type: string
Default:
"02:15"
Example:
"hourly"
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
|
services.locate.localuser
The user to search non-network directories as, using su.
Type: null or string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
|
services.locate.locate
The locate implementation to use
Type: package
Default:
"pkgs.findutils"
Example:
"pkgs.mlocate"
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
|
services.locate.output
The database file to build.
Type: path
Default:
"/var/cache/locatedb"
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
|
services.locate.pruneBindMounts
Whether not to index bind mounts
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
|
services.locate.pruneFS
Which filesystem types to exclude from indexing
Type: list of strings
Default:
[
"afs" "anon_inodefs" "auto" "autofs" "bdev" "binfmt" "binfmt_misc" "cgroup" "cifs" "coda" "configfs" "cramfs" "cpuset" "debugfs" "devfs" "devpts" "devtmpfs" "ecryptfs" "eventpollfs" "exofs" "futexfs" "ftpfs" "fuse" "fusectl" "gfs" "gfs2" "hostfs" "hugetlbfs" "inotifyfs" "iso9660" "jffs2" "lustre" "misc" "mqueue" "ncpfs" "nnpfs" "ocfs" "ocfs2" "pipefs" "proc" "ramfs" "rpc_pipefs" "securityfs" "selinuxfs" "sfs" "shfs" "smbfs" "sockfs" "spufs" "nfs" "NFS" "nfs4" "nfsd" "sshfs" "subfs" "supermount" "sysfs" "tmpfs" "ubifs" "udf" "usbfs" "vboxsf" "vperfctrfs"
]
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
|
services.locate.pruneNames
Directory components which should exclude paths containing them from indexing
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
|
services.locate.prunePaths
Which paths to exclude from indexing
Type: list of paths
Default:
[
"/tmp" "/var/tmp" "/var/cache" "/var/lock" "/var/run" "/var/spool" "/nix/store"
]
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
|
services.logcheck.enable
Enable the logcheck cron job.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.config
Config options that you would like in logcheck.conf.
Type: string
Default:
"FQDN=1"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.extraGroups
Extra groups for the logcheck user, for example to be able to use sendmail, or to access certain log files.
Type: list of strings
Default:
[
]
Example:
[
"postdrop" "mongodb"
]
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.extraRulesDirs
Directories with extra rules.
Type: list of paths
Default:
[
]
Example:
"/etc/logcheck"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.files
Which log files to check.
Type: list of paths
Default:
[
"/var/log/messages"
]
Example:
[
"/var/log/messages" "/var/log/mail"
]
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.ignore
This option defines extra ignore rules.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.ignore.<name>.level
Set the logcheck level.
Type: one of "workstation", "server", "paranoid"
Default:
"server"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.ignore.<name>.regex
Regex specifying which log lines to ignore.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.ignoreCron
This option defines extra ignore rules for cronjobs.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.ignoreCron.<name>.cmdline
Command line for the cron job. Will be turned into a regex for the logcheck ignore rule.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.ignoreCron.<name>.timeArgs
"min hr dom mon dow" crontab time args, to auto-create a cronjob too. Leave at null to not do this and just add a logcheck ignore rule.
Type: null or string
Default:
null
Example:
"02 06 * * *"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.ignoreCron.<name>.user
User that runs the cronjob.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.level
Set the logcheck level. Either "workstation", "server", or "paranoid".
Type: string
Default:
"server"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.mailTo
Email address to send reports to.
Type: string
Default:
"root"
Example:
"you@domain.com"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.timeOfDay
Time of day to run logcheck. A logcheck will be scheduled at xx:02 each day. Leave default (*) to run every hour. Of course when nothing special was logged, logcheck will be silent.
Type: string
Default:
"*"
Example:
"6"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.user
Username for the logcheck user.
Type: string
Default:
"logcheck"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logind.extraConfig
Extra config options for systemd-logind. See man logind.conf for available options.
Type: string
Default:
""
Example:
"IdleAction=lock"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
services.logind.lidSwitch
Specifies what to be done when the laptop lid is closed.
Type: one of "ignore", "poweroff", "reboot", "halt", "kexec", "suspend", "hibernate", "hybrid-sleep", "lock"
Default:
"suspend"
Example:
"ignore"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
services.logind.lidSwitchDocked
Specifies what to be done when the laptop lid is closed and another screen is added.
Type: one of "ignore", "poweroff", "reboot", "halt", "kexec", "suspend", "hibernate", "hybrid-sleep", "lock"
Default:
"ignore"
Example:
"suspend"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
services.logkeys.enable
Whether to enable logkeys service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/logkeys.nix>
|
services.logkeys.device
Use the given device as keyboard input event device instead of /dev/input/eventX default.
Type: null or string
Default:
null
Example:
"/dev/input/event15"
Declared by:
<nixpkgs/nixos/modules/services/misc/logkeys.nix>
|
services.logmein-hamachi.enable
Whether to enable LogMeIn Hamachi, a proprietary (closed source) commercial VPN software.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/logmein-hamachi.nix>
|
services.logrotate.enable
Enable the logrotate cron job
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/logging/logrotate.nix>
|
services.logrotate.config
The contents of the logrotate config file
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/logging/logrotate.nix>
|
services.logstash.enable
Enable logstash.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.package
Logstash package to use.
Type: package
Default:
"pkgs.logstash"
Example:
pkgs.logstash5
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.dataDir
A path to directory writable by logstash that it uses to store data. Plugins will also have access to this path.
Type: string
Default:
"/var/lib/logstash"
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.extraSettings
Extra Logstash settings in YAML format.
Type: string
Default:
""
Example:
'' pipeline: batch: size: 125 delay: 5 ''
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.filterConfig
logstash filter configuration.
Type: string
Default:
""
Example:
'' if [type] == "syslog" { # Keep only relevant systemd fields # http://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html prune { whitelist_names => [ "type", "@timestamp", "@version", "MESSAGE", "PRIORITY", "SYSLOG_FACILITY" ] } } ''
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.filterWorkers
The quantity of filter workers to run.
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.inputConfig
Logstash input configuration.
Type: string
Default:
"generator { }"
Example:
'' # Read from journal pipe { command => "''${pkgs.systemd}/bin/journalctl -f -o json" type => "syslog" codec => json {} } ''
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.listenAddress
Address on which to start webserver.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.logLevel
Logging verbosity level.
Type: one of "debug", "info", "warn", "error", "fatal"
Default:
"warn"
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.outputConfig
Logstash output configuration.
Type: string
Default:
"stdout { codec => rubydebug }"
Example:
'' redis { host => ["localhost"] data_type => "list" key => "logstash" codec => json } elasticsearch { } ''
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.plugins
The paths to find other logstash plugins in.
Type: list of paths
Default:
[
]
Example:
[ pkgs.logstash-contrib ]
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.port
Port on which to start webserver.
Type: string
Default:
"9292"
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.longview.enable
If enabled, system metrics will be sent to Linode LongView.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/longview.nix>
|
services.longview.apacheStatusUrl
The Apache status page URL. If provided, Longview will gather statistics from this location. This requires Apache mod_status to be loaded and enabled.
Type: string
Default:
""
Example:
"http://127.0.0.1/server-status"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/longview.nix>
|
services.longview.apiKey
Longview API key. To get this, look in Longview settings which are found at https://manager.linode.com/longview/.
Warning: this secret is stored in the world-readable Nix store!
Use apiKeyFile
instead.
Type: string
Default:
""
Example:
"01234567-89AB-CDEF-0123456789ABCDEF"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/longview.nix>
|
services.longview.apiKeyFile
A file containing the Longview API key. To get this, look in Longview settings which are found at https://manager.linode.com/longview/.
apiKeyFile
takes precedence over apiKey
.
Type: null or path
Default:
null
Example:
"/run/keys/longview-api-key"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/longview.nix>
|
services.longview.mysqlPassword
The password corresponding to mysqlUser
.
Warning: this is stored in cleartext in the Nix store!
Use mysqlPasswordFile
instead.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/longview.nix>
|
services.longview.mysqlPasswordFile
A file containing the password corresponding to mysqlUser
.
Type: null or path
Default:
null
Example:
"/run/keys/dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/longview.nix>
|
services.longview.mysqlUser
The user for connecting to the MySQL database. If provided, Longview will connect to MySQL and collect statistics about queries, etc. This user does not need to have been granted any extra privileges.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/longview.nix>
|
services.longview.nginxStatusUrl
The Nginx status page URL. Longview will gather statistics from this URL. This requires the Nginx stub_status module to be enabled and configured at the given location.
Type: string
Default:
""
Example:
"http://127.0.0.1/nginx_status"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/longview.nix>
|
services.lshd.enable
Whether to enable the GNU lshd SSH2 daemon, which allows secure remote login.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.hostKey
Path to the server's private key. Note that this key must have been created, e.g., using "lsh-keygen --server | lsh-writekey --server", so that you can run lshd.
Type: unspecified
Default:
"/etc/lsh/host-key"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.interfaces
List of network interfaces where listening for connections. When providing the empty list, `[]', lshd listens on all network interfaces.
Type: unspecified
Default:
[
]
Example:
[
"localhost" "1.2.3.4:443"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.loginShell
If non-null, override the default login shell with the specified value.
Type: unspecified
Default:
null
Example:
"/nix/store/xyz-bash-10.0/bin/bash10"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.passwordAuthentication
Whether to enable password authentication.
Type: unspecified
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.portNumber
The port on which to listen for connections.
Type: unspecified
Default:
22
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.publicKeyAuthentication
Whether to enable public key authentication.
Type: unspecified
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.rootLogin
Whether to enable remote root login.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.srpKeyExchange
Whether to enable SRP key exchange and user authentication.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.subsystems
List of subsystem-path pairs, where the head of the pair denotes the subsystem name, and the tail denotes the path to an executable implementing it.
Type: unspecified
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.syslog
Whether to enable syslog output.
Type: unspecified
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.tcpForwarding
Whether to enable TCP/IP forwarding.
Type: unspecified
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.x11Forwarding
Whether to enable X11 forwarding.
Type: unspecified
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.mail.freepopsd.enable
Enables Freepops, a POP3 webmail wrapper.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/freepops.nix>
|
services.mail.freepopsd.bind
Bind over an IPv4 address instead of any.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/mail/freepops.nix>
|
services.mail.freepopsd.logFile
Filename of the log file or syslog to rely on the logging daemon.
Type: string
Default:
"/var/log/freepopsd"
Example:
"syslog"
Declared by:
<nixpkgs/nixos/modules/services/mail/freepops.nix>
|
services.mail.freepopsd.port
Port on which the pop server will listen.
Type: signed integer
Default:
2000
Declared by:
<nixpkgs/nixos/modules/services/mail/freepops.nix>
|
services.mail.freepopsd.suid.group
Group under which freepopsd will be after binding the port.
Type: string
Default:
"nogroup"
Declared by:
<nixpkgs/nixos/modules/services/mail/freepops.nix>
|
services.mail.freepopsd.suid.user
User name under which freepopsd will be after binding the port.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/mail/freepops.nix>
|
services.mail.freepopsd.threads
Max simultaneous connections.
Type: signed integer
Default:
5
Declared by:
<nixpkgs/nixos/modules/services/mail/freepops.nix>
|
services.mailhog.enable
Whether to enable MailHog.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/mailhog.nix>
|
services.mailhog.user
User account under which mailhog runs.
Type: string
Default:
"mailhog"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailhog.nix>
|
services.mailpile.enable
Whether to enable Mailpile the mail client.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/mailpile.nix>
|
services.mailpile.hostname
Listen to this hostname or ip.
Type: unspecified
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/mailpile.nix>
|
services.mailpile.port
Listen on this port.
Type: unspecified
Default:
"33411"
Declared by:
<nixpkgs/nixos/modules/services/networking/mailpile.nix>
|
services.mantisbt.enable
Enable the mantisbt web service. This switches on httpd with PHP and database.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/mantisbt.nix>
|
services.mantisbt.extraConfig
The contents of config_inc.php, without leading <?php. If left empty, the admin directory will be accessible.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/mantisbt.nix>
|
services.mantisbt.urlPrefix
The URL prefix under which the mantisbt service appears.
Type: string
Default:
"/mantisbt"
Declared by:
<nixpkgs/nixos/modules/services/misc/mantisbt.nix>
|
services.marathon.enable
Whether to enable the marathon mesos framework.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/scheduling/marathon.nix>
|
services.marathon.environment
Environment variables passed to Marathon.
Type: attribute set
Default:
{
}
Example:
{
JAVA_OPTS = "-Xmx512m"; MESOSPHERE_HTTP_CREDENTIALS = "username:password";
}
Declared by:
<nixpkgs/nixos/modules/services/scheduling/marathon.nix>
|
services.marathon.extraCmdLineOptions
Extra command line options to pass to Marathon. See https://mesosphere.github.io/marathon/docs/command-line-flags.html for all possible flags.
Type: list of strings
Default:
[
]
Example:
[
"--https_port=8443" "--zk_timeout=10000" "--marathon_store_timeout=2000"
]
Declared by:
<nixpkgs/nixos/modules/services/scheduling/marathon.nix>
|
services.marathon.httpPort
Marathon listening port for HTTP connections.
Type: signed integer
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/scheduling/marathon.nix>
|
services.marathon.master
Mesos master address. See https://mesosphere.github.io/marathon/docs/ for details.
Type: string
Default:
"zk://localhost:2181/mesos"
Example:
"zk://1.2.3.4:2181,2.3.4.5:2181,3.4.5.6:2181/mesos"
Declared by:
<nixpkgs/nixos/modules/services/scheduling/marathon.nix>
|
services.marathon.user
The user that the Marathon framework will be launched as. If the user doesn't exist it will be created. If you want to run apps that require root access or you want to launch apps using arbitrary users, that is using the `--mesos_user` flag then you need to change this to `root`.
Type: string
Default:
"marathon"
Example:
"root"
Declared by:
<nixpkgs/nixos/modules/services/scheduling/marathon.nix>
|
services.marathon.zookeeperHosts
ZooKeeper hosts' addresses.
Type: list of strings
Default:
[
"localhost:2181"
]
Example:
[
"1.2.3.4:2181" "2.3.4.5:2181" "3.4.5.6:2181"
]
Declared by:
<nixpkgs/nixos/modules/services/scheduling/marathon.nix>
|
services.mathics.enable
Whether to enable Mathics notebook service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/mathics.nix>
|
services.mathics.external
Listen on all interfaces, rather than just localhost?
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/mathics.nix>
|
services.mathics.port
TCP port to listen on.
Type: signed integer
Default:
8000
Declared by:
<nixpkgs/nixos/modules/services/misc/mathics.nix>
|
services.matomo.enable
Enable matomo web analytics with php-fpm backend. Either the nginx option or the webServerUser option is mandatory.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx
With this option, you can customize an nginx virtualHost which already has sensible defaults for matomo.
Either this option or the webServerUser option is mandatory.
Set this to {} to just enable the virtualHost if you don't need any customization.
If enabled, then by default, the serverName
is
matomo.$\{config.networking.hostName\}.$\{config.networking.domain\}
,
SSL is active, and certificates are acquired via ACME.
If this is set to null (the default), no nginx virtualHost will be configured.
Type: null or submodule
Default:
null
Example:
{
enableACME = false; serverAliases =
[
"matomo.\${config.networking.domain}" "stats.\${config.networking.domain}"
]
;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.enableACME
Whether to ask Let's Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through useACMEHost
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.acmeFallbackHost
Host which to proxy requests to if acme challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.acmeRoot
Directory to store certificates and keys managed by the ACME service.
Type: string
Default:
"/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.addSSL
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen
to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the nix store.
Type: attribute set of strings
Default:
{
}
Example:
{ user = "password"; };
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.basicAuthFile
Basic Auth password file for a vhost.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.default
Makes this vhost the default.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.extraConfig
These lines go to the end of the vhost verbatim.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.forceSSL
Whether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS. This will set defaults for
listen
to listen on all interfaces on the respective default
ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.globalRedirect
If set, all requests for this host are redirected permanently to the given hostname.
Type: null or string
Default:
null
Example:
"newserver.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.http2
Whether to enable HTTP 2. Note that (as of writing) due to nginx's implementation, to disable HTTP 2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2,then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.listen
Listen addresses and ports for this virtual host.
IPv6 addresses must be enclosed in square brackets.
Note: this option overrides addSSL
and onlySSL
.
Type: list of submodules
Default:
[
]
Example:
[
{
addr = "195.154.1.1"; port = 443; ssl = true;
}
{
addr = "192.154.1.1"; port = 80;
}
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.listen.*.addr
IP address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.listen.*.port
Port number.
Type: signed integer
Default:
80
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.listen.*.ssl
Enable SSL.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.locations
Declarative location config
Type: attribute set of submodules
Default:
{
}
Example:
{ "/" = { proxyPass = "http://localhost:3000"; }; };
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.locations.<name>.alias
Alias directory for requests.
Type: null or path
Default:
null
Example:
"/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.locations.<name>.extraConfig
These lines go to the end of the location verbatim.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.locations.<name>.index
Adds index directive.
Type: null or string
Default:
null
Example:
"index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.locations.<name>.priority
Order of this location block in relation to the others in the vhost. The semantics are the same as with `lib.mkOrder`. Smaller values have a greater priority.
Type: signed integer
Default:
1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.locations.<name>.proxyPass
Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.
Type: null or string
Default:
null
Example:
"http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.locations.<name>.proxyWebsockets
Whether to supporty proxying websocket connections with HTTP/1.1.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.locations.<name>.root
Root directory for requests.
Type: null or path
Default:
null
Example:
"/your/root/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.locations.<name>.tryFiles
Adds try_files directive.
Type: null or string
Default:
null
Example:
"\$uri =404"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.onlySSL
Whether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen
to listen on all interfaces on port 443.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.root
The path of the web root directory.
Type: null or path
Default:
null
Example:
"/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of strings
Default:
[
]
Example:
[
"www.example.org" "example.org"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.serverName
Name of this virtual host. Defaults to attribute name in virtualHosts.
Type: null or string
Default:
null
Example:
"example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.sslCertificate
Path to server SSL certificate.
Type: path
Example:
"/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.sslCertificateKey
Path to server SSL certificate key.
Type: path
Example:
"/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.sslTrustedCertificate
Path to root SSL certificate for stapling and client certificates.
Type: null or path
Default:
null
Example:
"/var/root.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.useACMEHost
A host of an existing Let's Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through enableACME
.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.phpfpmProcessManagerConfig
Settings for phpfpm's process manager. You might need to change this depending on the load for matomo.
Type: string
Default:
'' ; default phpfpm process manager settings pm = dynamic pm.max_children = 75 pm.start_servers = 10 pm.min_spare_servers = 5 pm.max_spare_servers = 20 pm.max_requests = 500 ; log worker's stdout, but this has a performance hit catch_workers_output = yes ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.webServerUser
Name of the web server user that forwards requests to the /run/phpfpm-matomo.sock fastcgi socket for matomo if the nginx option is not used. Either this option or the nginx option is mandatory. If you want to use another webserver than nginx, you need to set this to that server's user and pass fastcgi requests to `index.php` and `piwik.php` to this socket.
Type: null or string
Default:
null
Example:
"lighttpd"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matrix-synapse.enable
Whether to enable matrix.org synapse.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.enable_metrics
Enable collection and rendering of performance metrics
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.enable_registration
Enable registration for new users.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.enable_registration_captcha
Enables ReCaptcha checks when registering, preventing signup unless a captcha is answered. Requires a valid ReCaptcha public/private key.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.package
Overridable attribute of the matrix synapse server package to use.
Type: package
Default:
"pkgs.matrix-synapse"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.allow_guest_access
Allows users to register as guests without a password/email/etc, and participate in rooms hosted on this server which have been made accessible to anonymous users.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.app_service_config_files
A list of application service config file to use
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.bcrypt_rounds
Set the number of bcrypt rounds used to generate password hash. Larger numbers increase the work factor needed to generate the hash.
Type: string
Default:
"12"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.bind_host
DEPRECATED: Use listeners instead. Local interface to listen on. The empty string will cause synapse to listen on all interfaces.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.bind_port
DEPRECATED: Use listeners instead. The port to listen for HTTPS requests on. For when matrix traffic is sent directly to synapse.
Type: null or signed integer
Default:
null
Example:
8448
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.create_local_database
Whether to create a local database automatically.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.dataDir
The directory where matrix-synapse stores its stateful data such as certificates, media and uploads.
Type: string
Default:
"/var/lib/matrix-synapse"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.database_args
Arguments to pass to the engine.
Type: attribute set
Default:
{
database = "matrix-synapse"; user = "matrix-synapse";
}
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.database_name
Database name.
Type: string
Default:
"matrix-synapse"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.database_type
The database engine name. Can be sqlite or psycopg2.
Type: one of "sqlite3", "psycopg2"
Default:
"psycopg2"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.database_user
Database user name.
Type: string
Default:
"matrix-synapse"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.dynamic_thumbnails
Whether to generate new thumbnails on the fly to precisely match the resolution requested by the client. If true then whenever a new resolution is requested by the client the server will generate a new thumbnail. If false the server will pick a thumbnail from a precalculated list.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.event_cache_size
Number of events to cache in memory.
Type: string
Default:
"10K"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.expire_access_token
Whether to enable access token expiration.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.extraConfig
Extra config options for matrix-synapse.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.extraConfigFiles
Extra config files to include.
The configuration files will be included based on the command line argument --config-path. This allows to configure secrets without having to go through the Nix store, e.g. based on deployment keys if NixOPS is in use.
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.federation_rc_concurrent
The number of federation requests to concurrently process from a single server
Type: string
Default:
"3"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.federation_rc_reject_limit
The maximum number of concurrent federation requests allowed from a single server
Type: string
Default:
"50"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.federation_rc_sleep_delay
The duration in milliseconds to delay processing events from remote servers by if they go over the sleep limit.
Type: string
Default:
"500"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.federation_rc_sleep_limit
The number of federation requests from a single server in a window before the server will delay processing the request.
Type: string
Default:
"10"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.federation_rc_window_size
The federation window size in milliseconds
Type: string
Default:
"1000"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.key_refresh_interval
How long key response published by this server is valid for. Used to set the valid_until_ts in /key/v2 APIs. Determines how quickly servers will query to check which keys are still valid.
Type: string
Default:
"1d"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.listeners
List of ports that Synapse should listen on, their purpose and their configuration.
Type: list of submodules
Default:
[
{
bind_address = ""; port = 8448; resources =
[
{
compress = true; names =
[
"client" "webclient"
]
;
}
{
compress = false; names =
[
"federation"
]
;
}
]
; tls = true; type = "http"; x_forwarded = false;
}
]
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.listeners.*.bind_address
Local interface to listen on. The empty string will cause synapse to listen on all interfaces.
Type: string
Default:
""
Example:
"203.0.113.42"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.listeners.*.port
The port to listen for HTTP(S) requests on.
Type: signed integer
Example:
8448
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.listeners.*.resources
List of HTTP resources to serve on this listener.
Type: list of submodules
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.listeners.*.resources.*.compress
Should synapse compress HTTP responses to clients that support it? This should be disabled if running synapse behind a load balancer that can do automatic compression.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.listeners.*.resources.*.names
List of resources to host on this listener.
Type: list of strings
Example:
[
"client" "webclient" "federation"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.listeners.*.tls
Whether to listen for HTTPS connections rather than HTTP.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.listeners.*.type
Type of listener.
Type: string
Default:
"http"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.listeners.*.x_forwarded
Use the X-Forwarded-For (XFF) header as the client IP and not the actual client IP.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.logConfig
A yaml python logging config file
Type: string
Default:
'' version: 1 # In systemd's journal, loglevel is implicitly stored, so let's omit it # from the message text. formatters: journal_fmt: format: '%(name)s: [%(request)s] %(message)s' filters: context: (): synapse.util.logcontext.LoggingContextFilter request: "" handlers: journal: class: systemd.journal.JournalHandler formatter: journal_fmt filters: [context] SYSLOG_IDENTIFIER: synapse root: level: INFO handlers: [journal] disable_existing_loggers: False ''
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.macaroon_secret_key
Secret key for authentication tokens
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.max_image_pixels
Maximum number of pixels that will be thumbnailed
Type: string
Default:
"32M"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.max_upload_size
The largest allowed upload size in bytes
Type: string
Default:
"10M"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.no_tls
Don't bind to the https port
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.public_baseurl
The public-facing base URL for the client API (not including _matrix/...)
Type: null or string
Default:
null
Example:
"https://example.com:8448/"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.rc_message_burst_count
Number of message a client can send before being throttled
Type: string
Default:
"10.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.rc_messages_per_second
Number of messages a client can send per second
Type: string
Default:
"0.2"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.recaptcha_private_key
This Home Server's ReCAPTCHA private key.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.recaptcha_public_key
This Home Server's ReCAPTCHA public key.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.registration_shared_secret
If set, allows registration by anyone who also has the shared secret, even if registration is otherwise disabled.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.report_stats
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.room_invite_state_types
A list of event types that will be included in the room_invite_state
Type: list of strings
Default:
[
"m.room.join_rules" "m.room.canonical_alias" "m.room.avatar" "m.room.name"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.server_name
The domain name of the server, with optional explicit port. This is used by remote servers to connect to this server, e.g. matrix.org, localhost:8080, etc. This is also the last part of your UserID.
Type: string
Default:
"nixos"
Example:
"example.com"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.servers
The trusted servers to download signing keys from.
Type: attribute set of attribute set of stringss
Default:
{
matrix.org =
{
ed25519:auto = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.tls_certificate_path
PEM encoded X509 certificate for TLS. You can replace the self-signed certificate that synapse autogenerates on launch with your own SSL certificate + key pair if you like. Any required intermediary certificates can be appended after the primary certificate in hierarchical order.
Type: null or string
Default:
null
Example:
"/var/lib/matrix-synapse/homeserver.tls.crt"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.tls_dh_params_path
PEM dh parameters for ephemeral keys
Type: null or string
Default:
null
Example:
"/var/lib/matrix-synapse/homeserver.tls.dh"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.tls_private_key_path
PEM encoded private key for TLS. Specify null if synapse is not speaking TLS directly.
Type: null or string
Default:
null
Example:
"/var/lib/matrix-synapse/homeserver.tls.key"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.trusted_third_party_id_servers
The list of identity servers trusted to verify third party identifiers by this server.
Type: list of strings
Default:
[
"matrix.org"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.turn_shared_secret
The shared secret used to compute passwords for the TURN server
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.turn_uris
The public URIs of the TURN server to give to clients
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.turn_user_lifetime
How long generated TURN credentials last
Type: string
Default:
"1h"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.unsecure_port
DEPRECATED: Use listeners instead. The port to listen for HTTP requests on. For when matrix traffic passes through loadbalancer that unwraps TLS.
Type: null or signed integer
Default:
null
Example:
8008
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.url_preview_enabled
Is the preview URL API enabled? If enabled, you *must* specify an explicit url_preview_ip_range_blacklist of IPs that the spider is denied from accessing.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.url_preview_ip_range_blacklist
List of IP address CIDR ranges that the URL preview spider is denied from accessing.
Type: list of strings
Default:
[
"127.0.0.0/8" "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" "100.64.0.0/10" "169.254.0.0/16"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.url_preview_ip_range_whitelist
List of IP address CIDR ranges that the URL preview spider is allowed to access even if they are specified in url_preview_ip_range_blacklist.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.url_preview_url_blacklist
Optional list of URL matches that the URL preview spider is denied from accessing.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.user_creation_max_duration
Sets the expiry for the short term user creation in milliseconds. The default value is two weeks.
Type: string
Default:
"1209600000"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.verbose
Logging verbosity level.
Type: string
Default:
"0"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matrix-synapse.web_client
Whether to serve a web client from the HTTP/HTTPS root resource.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
|
services.matterbridge.enable
Whether to enable Matterbridge chat platform bridge.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/matterbridge.nix>
|
services.matterbridge.configFile
WARNING: THIS IS INSECURE, as your password will end up in
/nix/store
, thus publicly readable. Use
services.matterbridge.configPath
instead.
The matterbridge configuration file in the TOML file format.
Type: string
Example:
'' # WARNING: as this file contains credentials, do not use this option! # It is kept only for backwards compatibility, and would cause your # credentials to be in the nix-store, thus with the world-readable # permission bits. # Use services.matterbridge.configPath instead. [irc] [irc.freenode] Server="irc.freenode.net:6667" Nick="matterbot" [mattermost] [mattermost.work] # Do not prefix it with http:// or https:// Server="yourmattermostserver.domain" Team="yourteam" Login="yourlogin" Password="yourpass" PrefixMessagesWithNick=true [[gateway]] name="gateway1" enable=true [[gateway.inout]] account="irc.freenode" channel="#testing" [[gateway.inout]] account="mattermost.work" channel="off-topic" ''
Declared by:
<nixpkgs/nixos/modules/services/networking/matterbridge.nix>
|
services.matterbridge.configPath
The path to the matterbridge configuration file.
Type: null or string
Default:
null
Example:
"/etc/nixos/matterbridge.toml"
Declared by:
<nixpkgs/nixos/modules/services/networking/matterbridge.nix>
|
services.matterbridge.group
Group which runs the matterbridge service.
Type: string
Default:
"matterbridge"
Declared by:
<nixpkgs/nixos/modules/services/networking/matterbridge.nix>
|
services.matterbridge.user
User which runs the matterbridge service.
Type: string
Default:
"matterbridge"
Declared by:
<nixpkgs/nixos/modules/services/networking/matterbridge.nix>
|
services.mattermost.enable
Whether to enable Mattermost chat server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.extraConfig
Addtional configuration options as Nix attribute set in config.json schema.
Type: attribute set
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.group
Group which runs the Mattermost service.
Type: string
Default:
"mattermost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.listenAddress
Address and port this Mattermost instance listens to.
Type: string
Default:
":8065"
Example:
"[::1]:8065"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.localDatabaseCreate
Create a local PostgreSQL database for Mattermost automatically.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.localDatabaseName
Local Mattermost database name.
Type: string
Default:
"mattermost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.localDatabasePassword
Password for local Mattermost database user.
Type: string
Default:
"mmpgsecret"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.localDatabaseUser
Local Mattermost database username.
Type: string
Default:
"mattermost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.matterircd.enable
Whether to enable Mattermost IRC bridge.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.matterircd.parameters
Set commandline parameters to pass to matterircd. See https://github.com/42wim/matterircd#usage for more information.
Type: list of strings
Default:
[
]
Example:
[
"-mmserver chat.example.com" "-bind [::]:6667"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.mutableConfig
Whether the Mattermost config.json is writeable by Mattermost.
Most of the settings can be edited in the system console of Mattermost if this option is enabled. A template config using the options specified in services.mattermost will be generated but won't be overwritten on changes or rebuilds.
If this option is disabled, changes in the system console won't be possible (default). If an config.json is present, it will be overwritten!
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.siteName
Name of this Mattermost site.
Type: string
Default:
"Mattermost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.siteUrl
URL this Mattermost instance is reachable under, without trailing slash.
Type: string
Example:
"https://chat.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.statePath
Mattermost working directory
Type: string
Default:
"/var/lib/mattermost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.user
User which runs the Mattermost service.
Type: string
Default:
"mattermost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mbpfan.enable
Whether to enable mbpfan, fan controller daemon for Apple Macs and MacBooks.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
|
services.mbpfan.package
The package used for the mbpfan daemon.
Type: package
Default:
"pkgs.mbpfan"
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
|
services.mbpfan.highTemp
The high temperature.
Type: signed integer
Default:
66
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
|
services.mbpfan.lowTemp
The low temperature.
Type: signed integer
Default:
63
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
|
services.mbpfan.maxFanSpeed
The maximum fan speed.
Type: signed integer
Default:
6200
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
|
services.mbpfan.maxTemp
The maximum temperature.
Type: signed integer
Default:
86
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
|
services.mbpfan.minFanSpeed
The minimum fan speed.
Type: signed integer
Default:
2000
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
|
services.mbpfan.pollingInterval
The polling interval.
Type: signed integer
Default:
7
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
|
services.mbpfan.verbose
If true, sets the log level to verbose.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
|
services.mediatomb.enable
Whether to enable the mediatomb DLNA server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.customCfg
Allow mediatomb to create and use its own config file inside /var/lib/mediatomb.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.dataDir
The directory where mediatomb stores its state, data, etc.
Type: path
Default:
"/var/lib/mediatomb"
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.dsmSupport
Whether to enable D-Link DSM 320 specific tweaks. WARNING: incompatible with ps3 support.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.group
Group account under which mediatomb runs.
Type: unspecified
Default:
"mediatomb"
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.interface
A specific interface to bind to.
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.port
The network port to listen on.
Type: unspecified
Default:
49152
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.ps3Support
Whether to enable ps3 specific tweaks. WARNING: incompatible with DSM 320 support.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.serverName
How to identify the server on the network.
Type: string
Default:
"mediatomb"
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.tg100Support
Whether to enable Telegent TG100 specific tweaks.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.transcoding
Whether to enable transcoding.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.user
User account under which mediatomb runs.
Type: unspecified
Default:
"mediatomb"
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.uuid
A unique (on your network) to identify the server by.
Type: unspecified
Default:
"fdfc8a4e-a3ad-4c1d-b43d-a2eedb03a687"
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.meguca.enable
Whether to enable meguca.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/meguca.nix>
|
services.meguca.assumeReverseProxy
Assume the server is behind a reverse proxy, when resolving client IPs.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/meguca.nix>
|
services.meguca.cacheSize
Cache size in MB.
Type: null or signed integer
Default:
null
Example:
256
Declared by:
<nixpkgs/nixos/modules/services/web-servers/meguca.nix>
|
services.meguca.compressTraffic
Compress all traffic with gzip.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/meguca.nix>
|
services.meguca.dataDir
Location where meguca stores it's database and links.
Type: path
Default:
"/var/lib/meguca"
Example:
"/home/okina/meguca"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/meguca.nix>
|
services.meguca.httpsOnly
Serve and listen only through HTTPS.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/meguca.nix>
|
services.meguca.listenAddress
Listen on a specific IP address and port.
Type: null or string
Default:
null
Example:
"127.0.0.1:8000"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/meguca.nix>
|
services.meguca.password
Password for the meguca database.
Type: string
Default:
"meguca"
Example:
"dumbpass"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/meguca.nix>
|
services.meguca.passwordFile
Password file for the meguca database.
Type: path
Default:
"/run/keys/meguca-password-file"
Example:
"/home/okina/meguca/keys/pass"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/meguca.nix>
|
services.meguca.postgresArgs
Postgresql connection arguments.
Type: string
Example:
"user=meguca password=dumbpass dbname=meguca sslmode=disable"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/meguca.nix>
|
services.meguca.postgresArgsFile
Postgresql connection arguments file.
Type: path
Default:
"/run/keys/meguca-postgres-args"
Example:
"/home/okina/meguca/keys/postgres"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/meguca.nix>
|
services.meguca.reverseProxy
Reverse proxy IP.
Type: null or string
Default:
null
Example:
"192.168.1.5"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/meguca.nix>
|
services.meguca.sslCertificate
Path to the SSL certificate.
Type: null or string
Default:
null
Example:
"/home/okina/meguca/ssl.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/meguca.nix>
|
services.memcached.enable
Whether to enable Memcached.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
|
services.memcached.enableUnixSocket
Whether to enable unix socket at /run/memcached/memcached.sock.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
|
services.memcached.extraOptions
A list of extra options that will be added as a suffix when running memcached
Type: unspecified
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
|
services.memcached.listen
The IP address to bind to
Type: unspecified
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
|
services.memcached.maxConnections
The maximum number of simultaneous connections
Type: unspecified
Default:
1024
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
|
services.memcached.maxMemory
The maximum amount of memory to use for storage, in megabytes.
Type: unspecified
Default:
64
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
|
services.memcached.port
The port to bind to
Type: unspecified
Default:
11211
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
|
services.memcached.user
The user to run Memcached as
Type: unspecified
Default:
"memcached"
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
|
services.mesos.master.enable
Whether to enable the Mesos Master.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-master.nix>
|
services.mesos.master.advertiseIp
IP address advertised to reach this master.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-master.nix>
|
services.mesos.master.advertisePort
Port advertised to reach this Mesos master.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-master.nix>
|
services.mesos.master.extraCmdLineOptions
Extra command line options for Mesos Master.
See https://mesos.apache.org/documentation/latest/configuration/
Type: list of strings
Default:
[
""
]
Example:
[
"--credentials=VALUE"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-master.nix>
|
services.mesos.master.ip
IP address to listen on.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-master.nix>
|
services.mesos.master.logLevel
The logging level used. Possible values: 'INFO', 'WARNING', 'ERROR'
Type: string
Default:
"INFO"
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-master.nix>
|
services.mesos.master.port
Mesos Master port
Type: signed integer
Default:
5050
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-master.nix>
|
services.mesos.master.quorum
The size of the quorum of replicas when using 'replicated_log' based registry. It is imperative to set this value to be a majority of masters i.e., quorum > (number of masters)/2.
If 0 will fall back to --registry=in_memory.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-master.nix>
|
services.mesos.master.workDir
The Mesos work directory.
Type: string
Default:
"/var/lib/mesos/master"
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-master.nix>
|
services.mesos.master.zk
ZooKeeper URL (used for leader election amongst masters). May be one of: zk://host1:port1,host2:port2,.../mesos zk://username:password@host1:port1,host2:port2,.../mesos
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-master.nix>
|
services.mesos.slave.enable
Whether to enable the Mesos Slave.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
|
services.mesos.slave.advertiseIp
IP address advertised to reach this agent.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
|
services.mesos.slave.advertisePort
Port advertised to reach this agent.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
|
services.mesos.slave.attributes
Machine attributes for the slave instance.
Use caution when changing this; you may need to manually reset slave metadata before the slave can re-register.
Type: attribute set of strings
Default:
{
}
Example:
{
host = "aabc123"; os = "nixos"; rack = "aa";
}
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
|
services.mesos.slave.containerizers
List of containerizer implementations to compose in order to provide containerization. Available options are mesos and docker. The order the containerizers are specified is the order they are tried.
Type: list of strings
Default:
[
"mesos"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
|
services.mesos.slave.dockerRegistry
The default url for pulling Docker images. It could either be a Docker registry server url, or a local path in which Docker image archives are stored.
Type: null or string or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
|
services.mesos.slave.executorEnvironmentVariables
The environment variables that should be passed to the executor, and thus subsequently task(s).
Type: attribute set of strings
Default:
{
PATH = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin";
}
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
|
services.mesos.slave.extraCmdLineOptions
Extra command line options for Mesos Slave.
See https://mesos.apache.org/documentation/latest/configuration/
Type: list of strings
Default:
[
""
]
Example:
[
"--gc_delay=3days"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
|
services.mesos.slave.imageProviders
List of supported image providers, e.g., APPC,DOCKER.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
|
services.mesos.slave.imageProvisionerBackend
Strategy for provisioning container rootfs from images, e.g., aufs, bind, copy, overlay.
Type: string
Default:
"copy"
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
|
services.mesos.slave.ip
IP address to listen on.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
|
services.mesos.slave.isolation
Isolation mechanisms to use, e.g., posix/cpu,posix/mem, or cgroups/cpu,cgroups/mem, or network/port_mapping, or `gpu/nvidia` for nvidia specific gpu isolation.
Type: list of strings
Default:
[
"posix/cpu" "posix/mem"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
|
services.mesos.slave.logLevel
The logging level used. Possible values: 'INFO', 'WARNING', 'ERROR'
Type: string
Default:
"INFO"
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
|
services.mesos.slave.master
May be one of: zk://host1:port1,host2:port2,.../path zk://username:password@host1:port1,host2:port2,.../path
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
|
services.mesos.slave.port
Port to listen on.
Type: signed integer
Default:
5051
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
|
services.mesos.slave.withDocker
Enable the docker containerizer.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
|
services.mesos.slave.withHadoop
Add the HADOOP_HOME to the slave.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
|
services.mesos.slave.workDir
The Mesos work directory.
Type: string
Default:
"/var/lib/mesos/slave"
Declared by:
<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
|
services.mighttpd2.enable
Whether to enable Mighttpd2 web server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/mighttpd2.nix>
|
services.mighttpd2.config
Verbatim config file to use (see http://www.mew.org/~kazu/proj/mighttpd/en/config.html)
Type: string
Default:
""
Example:
'' # Example configuration for Mighttpd 2 Port: 80 # IP address or "*" Host: * Debug_Mode: Yes # Yes or No # If available, "nobody" is much more secure for User:. User: root # If available, "nobody" is much more secure for Group:. Group: root Pid_File: /var/run/mighty.pid Logging: Yes # Yes or No Log_File: /var/log/mighty # The directory must be writable by User: Log_File_Size: 16777216 # bytes Log_Backup_Number: 10 Index_File: index.html Index_Cgi: index.cgi Status_File_Dir: /usr/local/share/mighty/status Connection_Timeout: 30 # seconds Fd_Cache_Duration: 10 # seconds # Server_Name: Mighttpd/3.x.y Tls_Port: 443 Tls_Cert_File: cert.pem # should change this with an absolute path # should change this with comma-separated absolute paths Tls_Chain_Files: chain.pem # Currently, Tls_Key_File must not be encrypted. Tls_Key_File: privkey.pem # should change this with an absolute path Service: 0 # 0 is HTTP only, 1 is HTTPS only, 2 is both ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/mighttpd2.nix>
|
services.mighttpd2.cores
How many cores to use. If null it will be determined automatically
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/mighttpd2.nix>
|
services.mighttpd2.routing
Verbatim routing file to use (see http://www.mew.org/~kazu/proj/mighttpd/en/config.html)
Type: string
Default:
""
Example:
'' # Example routing for Mighttpd 2 # Domain lists [localhost www.example.com] # Entries are looked up in the specified order # All paths must end with "/" # A path to CGI scripts should be specified with "=>" /~alice/cgi-bin/ => /home/alice/public_html/cgi-bin/ # A path to static files should be specified with "->" /~alice/ -> /home/alice/public_html/ /cgi-bin/ => /export/cgi-bin/ # Reverse proxy rules should be specified with ">>" # /path >> host:port/path2 # Either "host" or ":port" can be committed, but not both. /app/cal/ >> example.net/calendar/ # Yesod app in the same server /app/wiki/ >> 127.0.0.1:3000/ / -> /export/www/ ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/mighttpd2.nix>
|
services.minecraft-server.enable
If enabled, start a Minecraft Server. The listening port for
the server is always 25565
. The server
data will be loaded from and saved to
/var/lib/minecraft
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
|
services.minecraft-server.dataDir
Directory to store minecraft database and other state/data files.
Type: path
Default:
"/var/lib/minecraft"
Declared by:
<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
|
services.minecraft-server.jvmOpts
JVM options for the Minecraft Service.
Type: string
Default:
"-Xmx2048M -Xms2048M"
Declared by:
<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
|
services.minecraft-server.openFirewall
Whether to open ports in the firewall (if enabled) for the server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
|
services.minetest-server.enable
If enabled, starts a Minetest Server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/games/minetest-server.nix>
|
services.minetest-server.configPath
Path to the config to use.
If set to null, the config of the running user will be used: `~/.minetest/minetest.conf`.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/games/minetest-server.nix>
|
services.minetest-server.gameId
Id of the game to use. To list available games run `minetestserver --gameid list`.
If only one game exists, this option can be null.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/games/minetest-server.nix>
|
services.minetest-server.logPath
Path to logfile for logging.
If set to null, logging will be output to stdout which means all output will be catched by systemd.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/games/minetest-server.nix>
|
services.minetest-server.port
Port number to bind to.
If set to null, the default 30000 will be used.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/games/minetest-server.nix>
|
services.minetest-server.world
Name of the world to use. To list available worlds run `minetestserver --world list`.
If only one world exists, this option can be null.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/games/minetest-server.nix>
|
services.mingetty.autologinUser
Username of the account that will be automatically logged in at the console. If unspecified, a login prompt is shown as usual.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/ttys/agetty.nix>
|
services.mingetty.greetingLine
Welcome line printed by mingetty. The default shows current NixOS version label, machine type and tty.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/ttys/agetty.nix>
|
services.mingetty.helpLine
Help line printed by mingetty below the welcome line. Used by the installation CD to give some hints on how to proceed.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/ttys/agetty.nix>
|
services.mingetty.serialSpeed
Bitrates to allow for agetty's listening on serial ports. Listing more bitrates gives more interoperability but at the cost of long delays for getting a sync on the line.
Type: list of signed integers
Default:
[
115200 57600 38400 9600
]
Example:
[
38400 9600
]
Declared by:
<nixpkgs/nixos/modules/services/ttys/agetty.nix>
|
services.minidlna.enable
Whether to enable MiniDLNA, a simple DLNA server. It serves media files such as video and music to DLNA client devices such as televisions and media players.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
|
services.minidlna.config
The contents of MiniDLNA's configuration file.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
|
services.minidlna.loglevel
Defines the type of messages that should be logged, and down to which level of importance they should be considered.
The possible types are “artwork”, “database”, “general”, “http”, “inotify”, “metadata”, “scanner”, “ssdp” and “tivo”.
The levels are “off”, “fatal”, “error”, “warn”, “info” and “debug”, listed here in order of decreasing importance. “off” turns off logging messages entirely, “fatal” logs the most critical messages only, and so on down to “debug” that logs every single messages.
The types are comma-separated, followed by an equal sign (‘=’), followed by a level that applies to the preceding types. This can be repeated, separating each of these constructs with a comma.
Defaults to “general,artwork,database,inotify,scanner,metadata, http,ssdp,tivo=warn” which logs every type of message at the “warn” level.
Type: string
Default:
"warn"
Example:
"general,artwork,database,inotify,scanner,metadata,http,ssdp,tivo=warn"
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
|
services.minidlna.mediaDirs
Directories to be scanned for media files. The prefixes
A,
, V,
and
P,
restrict a directory to audio, video
or image files. The directories must be accessible to the
minidlna
user account.
Type: list of strings
Default:
[
]
Example:
[
"/data/media" "V,/home/alice/video"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
|
services.minio.enable
Whether to enable Minio Object Storage.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
|
services.minio.package
Minio package to use.
Type: package
Default:
"pkgs.minio"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
|
services.minio.accessKey
Access key of 5 to 20 characters in length that clients use to access the server.
This overrides the access key that is generated by minio on first startup and stored inside the
configDir
directory.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
|
services.minio.browser
Enable or disable access to web UI.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
|
services.minio.configDir
The config directory, for the access keys and other settings.
Type: path
Default:
"/var/lib/minio/config"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
|
services.minio.dataDir
The data directory, for storing the objects.
Type: path
Default:
"/var/lib/minio/data"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
|
services.minio.listenAddress
Listen on a specific IP address and port.
Type: string
Default:
":9000"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
|
services.minio.region
The physical location of the server. By default it is set to us-east-1, which is same as AWS S3's and Minio's default region.
Type: string
Default:
"us-east-1"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
|
services.minio.secretKey
Specify the Secret key of 8 to 40 characters in length that clients use to access the server.
This overrides the secret key that is generated by minio on first startup and stored inside the
configDir
directory.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
|
services.miniupnpd.enable
Whether to enable MiniUPnP daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/miniupnpd.nix>
|
services.miniupnpd.appendConfig
Configuration lines appended to the MiniUPnP config.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/miniupnpd.nix>
|
services.miniupnpd.externalInterface
Name of the external interface.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/miniupnpd.nix>
|
services.miniupnpd.internalIPs
The IP address ranges to listen on.
Type: list of strings
Example:
[
"192.168.1.1/24" "enp1s0"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/miniupnpd.nix>
|
services.miniupnpd.natpmp
Whether to enable NAT-PMP support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/miniupnpd.nix>
|
services.miniupnpd.upnp
Whether to enable UPNP support.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/miniupnpd.nix>
|
services.miredo.enable
Whether to enable the Miredo IPv6 tunneling service..
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/miredo.nix>
|
services.miredo.package
The package to use for the miredo daemon's binary.
Type: package
Default:
"pkgs.miredo"
Declared by:
<nixpkgs/nixos/modules/services/networking/miredo.nix>
|
services.miredo.bindAddress
Depending on the local firewall/NAT rules, you might need to force Miredo to use a fixed UDP port and or IPv4 address.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/miredo.nix>
|
services.miredo.bindPort
Depending on the local firewall/NAT rules, you might need to force Miredo to use a fixed UDP port and or IPv4 address.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/miredo.nix>
|
services.miredo.interfaceName
Name of the network tunneling interface.
Type: string
Default:
"teredo"
Declared by:
<nixpkgs/nixos/modules/services/networking/miredo.nix>
|
services.miredo.serverAddress
The hostname or primary IPv4 address of the Teredo server. This setting is required if Miredo runs as a Teredo client. "teredo.remlab.net" is an experimental service for testing only. Please use another server for production and/or large scale deployments.
Type: string
Default:
"teredo.remlab.net"
Declared by:
<nixpkgs/nixos/modules/services/networking/miredo.nix>
|
services.mjpg-streamer.enable
Whether to enable mjpg-streamer webcam streamer.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/mjpg-streamer.nix>
|
services.mjpg-streamer.group
mjpg-streamer group name.
Type: string
Default:
"video"
Declared by:
<nixpkgs/nixos/modules/services/networking/mjpg-streamer.nix>
|
services.mjpg-streamer.inputPlugin
Input plugin. See plugins documentation for more information.
Type: string
Default:
"input_uvc.so"
Declared by:
<nixpkgs/nixos/modules/services/networking/mjpg-streamer.nix>
|
services.mjpg-streamer.outputPlugin
Output plugin. @www@
is substituted for default mjpg-streamer www directory.
See plugins documentation for more information.
Type: string
Default:
"output_http.so -w @www@ -n -p 5050"
Declared by:
<nixpkgs/nixos/modules/services/networking/mjpg-streamer.nix>
|
services.mjpg-streamer.user
mjpg-streamer user name.
Type: string
Default:
"mjpg-streamer"
Declared by:
<nixpkgs/nixos/modules/services/networking/mjpg-streamer.nix>
|
services.mlmmj.enable
Enable mlmmj
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/mlmmj.nix>
|
services.mlmmj.group
mailinglist local group
Type: string
Default:
"mlmmj"
Declared by:
<nixpkgs/nixos/modules/services/mail/mlmmj.nix>
|
services.mlmmj.listDomain
Set the mailing list domain
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/mail/mlmmj.nix>
|
services.mlmmj.mailLists
The collection of hosted maillists
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/mail/mlmmj.nix>
|
services.mlmmj.maintInterval
Time interval between mlmmj-maintd runs, see systemd.time(7) for format information.
Type: string
Default:
"20min"
Declared by:
<nixpkgs/nixos/modules/services/mail/mlmmj.nix>
|
services.mlmmj.user
mailinglist local user
Type: string
Default:
"mlmmj"
Declared by:
<nixpkgs/nixos/modules/services/mail/mlmmj.nix>
|
services.monero.enable
Whether to enable Monero node daemon..
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.exclusiveNodes
List of peer IP addresses to connect to *only*. If given the other peer options will be ignored.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.extraConfig
Extra lines to be added verbatim to monerod configuration.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.extraNodes
List of additional peer IP addresses to add to the local list.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.limits.download
Limit of the download rate in kB/s.
Set to -1
to leave unlimited.
Type: signed integer
Default:
-1
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.limits.syncSize
Maximum number of blocks to sync at once.
Set to 0
for adaptive.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.limits.threads
Maximum number of threads used for a parallel job.
Set to 0
to leave unlimited.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.limits.upload
Limit of the upload rate in kB/s.
Set to -1
to leave unlimited.
Type: signed integer
Default:
-1
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.mining.enable
Whether to mine moneroj.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.mining.address
Monero address where to send mining rewards.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.mining.threads
Number of threads used for mining.
Set to 0
to use all available.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.priorityNodes
List of peer IP addresses to connect to and attempt to keep the connection open.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.rpc.address
IP address the RPC server will bind to.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.rpc.password
Password for RPC connections.
Type: string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.rpc.port
Port the RPC server will bind to.
Type: signed integer
Default:
18081
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.rpc.restricted
Whether to restrict RPC to view only commands.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.rpc.user
User name for RPC connections.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monetdb.enable
Whether to enable the MonetDB database server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
|
services.monetdb.package
MonetDB package to use.
Type: package
Default:
"pkgs.monetdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
|
services.monetdb.dataDir
Data directory for the dbfarm.
Type: path
Default:
"/var/lib/monetdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
|
services.monetdb.group
Group under which MonetDB runs.
Type: string
Default:
"monetdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
|
services.monetdb.listenAddress
Address to listen on.
Type: string
Default:
"127.0.0.1"
Example:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
|
services.monetdb.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
50000
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
|
services.monetdb.user
User account under which MonetDB runs.
Type: string
Default:
"monetdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
|
services.mongodb.enable
Whether to enable the MongoDB server.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.package
Which MongoDB derivation to use.
Type: package
Default:
"pkgs.mongodb"
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.bind_ip
IP to bind to
Type: unspecified
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.dbpath
Location where MongoDB stores its files
Type: unspecified
Default:
"/var/db/mongodb"
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.extraConfig
MongoDB extra configuration in YAML format
Type: unspecified
Default:
""
Example:
'' storage.journal.enabled: false ''
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.pidFile
Location of MongoDB pid file
Type: unspecified
Default:
"/var/run/mongodb.pid"
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.quiet
quieter output
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.replSetName
If this instance is part of a replica set, set its name here. Otherwise, leave empty to run as single node.
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.user
User account under which MongoDB runs
Type: unspecified
Default:
"mongodb"
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.monit.enable
Whether to run Monit system watcher.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/monit.nix>
|
services.monit.config
monitrc content
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/monit.nix>
|
services.mopidy.enable
Whether to enable Mopidy, a music player daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/audio/mopidy.nix>
|
services.mopidy.configuration
The configuration that Mopidy should use.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/audio/mopidy.nix>
|
services.mopidy.dataDir
The directory where Mopidy stores its state.
Type: string
Default:
"/var/lib/mopidy"
Declared by:
<nixpkgs/nixos/modules/services/audio/mopidy.nix>
|
services.mopidy.extensionPackages
Mopidy extensions that should be loaded by the service.
Type: list of packages
Default:
[
]
Example:
[ pkgs.mopidy-spotify ]
Declared by:
<nixpkgs/nixos/modules/services/audio/mopidy.nix>
|
services.mopidy.extraConfigFiles
Extra config file read by Mopidy when the service starts. Later files in the list overrides earlier configuration.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/audio/mopidy.nix>
|
services.morty.enable
Whether to enable Morty proxy server. See https://github.com/asciimoo/morty.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/morty.nix>
|
services.morty.package
morty package to use.
Type: package
Default:
"pkgs.morty"
Declared by:
<nixpkgs/nixos/modules/services/networking/morty.nix>
|
services.morty.ipv6
Allow IPv6 HTTP requests?
Type: boolean
Default:
"Allow IPv6 HTTP requests."
Declared by:
<nixpkgs/nixos/modules/services/networking/morty.nix>
|
services.morty.key
HMAC url validation key (hexadecimal encoded). Leave blank to disable. Without validation key, anyone can submit proxy requests. Leave blank to disable.
Type: string
Default:
"No HMAC url validation. Generate with echo -n somevalue | openssl dgst -sha1 -hmac somekey"
Declared by:
<nixpkgs/nixos/modules/services/networking/morty.nix>
|
services.morty.listenAddress
The address on which the service listens
Type: string
Default:
"127.0.0.1 (localhost)"
Declared by:
<nixpkgs/nixos/modules/services/networking/morty.nix>
|
services.morty.port
Listing port
Type: signed integer
Default:
3000
Declared by:
<nixpkgs/nixos/modules/services/networking/morty.nix>
|
services.morty.timeout
Request timeout in seconds.
Type: signed integer
Default:
"A resource now gets 2 seconds to respond."
Declared by:
<nixpkgs/nixos/modules/services/networking/morty.nix>
|
services.mosquitto.enable
Whether to enable Enable the MQTT Mosquitto broker..
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.aclExtraConf
Extra config to prepend to the ACL file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.allowAnonymous
Allow clients to connect without authentication.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.checkPasswords
Refuse connection when clients provide incorrect passwords.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.dataDir
The data directory.
Type: path
Default:
"/var/lib/mosquitto"
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.extraConf
Extra config to append to `mosquitto.conf` file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.host
Host to listen on without SSL.
Type: string
Default:
"127.0.0.1"
Example:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.port
Port on which to listen without SSL.
Type: signed integer
Default:
1883
Example:
1883
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.ssl.enable
Whether to enable Enable SSL listener..
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.ssl.cafile
Path to PEM encoded CA certificates.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.ssl.certfile
Path to PEM encoded server certificate.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.ssl.host
Host to listen on with SSL.
Type: string
Default:
"0.0.0.0"
Example:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.ssl.keyfile
Path to PEM encoded server key.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.ssl.port
Port on which to listen with SSL.
Type: signed integer
Default:
8883
Example:
8883
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.users
A set of users and their passwords and ACLs.
Type: attribute set of submodules
Example:
{
john =
{
acl =
[
"topic readwrite john/#"
]
; password = "123456";
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.users.<name>.acl
Control client access to topics on the broker.
Type: list of strings
Example:
[
"topic read A/B" "topic A/#"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.users.<name>.hashedPassword
Specifies the hashed password for the MQTT User.
hashedPassword
overrides password
.
To generate hashed password install mosquitto
package and use mosquitto_passwd
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.users.<name>.password
Specifies the (clear text) password for the MQTT User.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mpd.enable
Whether to enable MPD, the music player daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.dataDir
The directory where MPD stores its state, tag cache, playlists etc.
Type: path
Default:
"/var/lib/mpd"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.dbFile
The path to MPD's database. If set to null
the
parameter is omitted from the configuration.
Type: null or string
Default:
"\${dataDir}/tag_cache"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.extraConfig
Extra directives added to to the end of MPD's configuration file,
mpd.conf. Basic configuration like file location and uid/gid
is added automatically to the beginning of the file. For available
options see man 5 mpd.conf
'.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.group
Group account under which MPD runs.
Type: string
Default:
"mpd"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.musicDirectory
The directory or NFS/SMB network share where mpd reads music from.
Type: path or string matching the pattern (http|https|nfs|smb)://.+
Default:
"\${dataDir}/music"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.network.listenAddress
The address for the daemon to listen on.
Use any
to listen on all addresses.
Type: string
Default:
"127.0.0.1"
Example:
"any"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.network.port
This setting is the TCP port that is desired for the daemon to get assigned to.
Type: signed integer
Default:
6600
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.playlistDirectory
The directory where mpd stores playlists.
Type: path
Default:
"\${dataDir}/playlists"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.startWhenNeeded
If set, mpd is socket-activated; that is, instead of having it permanently running as a daemon, systemd will start it on the first incoming connection.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.user
User account under which MPD runs.
Type: string
Default:
"mpd"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mstpd.enable
Whether to enable the multiple spanning tree protocol daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/mstpd.nix>
|
services.munge.enable
Whether to enable munge service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/munge.nix>
|
services.munge.password
The path to a daemon's secret key.
Type: string
Default:
"/etc/munge/munge.key"
Declared by:
<nixpkgs/nixos/modules/services/security/munge.nix>
|
services.munin-cron.enable
Enable munin-cron. Takes care of all heavy lifting to collect data from nodes and draws graphs to html. Runs munin-update, munin-limits, munin-graphs and munin-html in that order.
HTML output is in /var/www/munin/
, configure your
favourite webserver to serve static files.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
|
services.munin-cron.extraGlobalConfig
munin.conf
extra global configuration.
See http://munin-monitoring.org/wiki/munin.conf.
Useful to setup notifications, see
http://munin-monitoring.org/wiki/HowToContact
Type: unspecified
Default:
""
Example:
'' contact.email.command mail -s "Munin notification for ''${var:host}" someone@example.com ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
|
services.munin-cron.hosts
Definitions of hosts of nodes to collect data from. Needs at least one hosts for cron to succeed. See http://munin-monitoring.org/wiki/munin.conf
Type: unspecified
Example:
'' [''${config.networking.hostName}] address localhost ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
|
services.munin-node.enable
Enable Munin Node agent. Munin node listens on 0.0.0.0 and by default accepts connections only from 127.0.0.1 for security reasons.
See http://munin-monitoring.org/wiki/munin-node.conf.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
|
services.munin-node.extraConfig
munin-node.conf
extra configuration. See
http://munin-monitoring.org/wiki/munin-node.conf
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
|
services.murmur.enable
If enabled, start the Murmur Service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.allowHtml
Allow HTML in client messages, comments, and channel descriptions.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.autobanAttempts
Number of attempts a client is allowed to make in
autobanTimeframe
seconds, before being
banned for autobanTime
.
Type: signed integer
Default:
10
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.autobanTime
The amount of time an IP ban lasts (in seconds).
Type: signed integer
Default:
300
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.autobanTimeframe
Timeframe in which a client can connect without being banned for repeated attempts (in seconds).
Type: signed integer
Default:
120
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.bandwidth
Maximum bandwidth (in bits per second) that clients may send speech at.
Type: signed integer
Default:
72000
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.bonjour
Enable Bonjour auto-discovery, which allows clients over your LAN to automatically discover Murmur servers.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.clientCertRequired
Require clients to authenticate via certificates.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.extraConfig
Extra configuration to put into mumur.ini.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.hostName
Host to bind to. Defaults binding on all addresses.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.imgMsgLength
Max length of image messages. Set 0 for no limit.
Type: signed integer
Default:
131072
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.logDays
How long to store RPC logs for in the database. Set 0 to keep logs forever, or -1 to disable DB logging.
Type: signed integer
Default:
31
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.password
Required password to join server, if specified.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.pidfile
Path to PID file for Murmur daemon.
Type: path
Default:
"/run/murmur/murmurd.pid"
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.port
Ports to bind to (UDP and TCP).
Type: signed integer
Default:
64738
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.registerHostname
DNS hostname where your server can be reached. This is only needed if you want your server to be accessed by its hostname and not IP - but the name *must* resolve on the internet properly.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.registerName
Public server registration name, and also the name of the Root channel. Even if you don't publicly register your server, you probably still want to set this.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.registerPassword
Public server registry password, used authenticate your server to the registry to prevent impersonation; required for subsequent registry updates.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.registerUrl
URL website for your server.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.sendVersion
Send Murmur version in UDP response.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.sslCa
Path to your SSL CA certificate.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.sslCert
Path to your SSL certificate.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.sslKey
Path to your SSL key.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.textMsgLength
Max length of text messages. Set 0 for no limit.
Type: signed integer
Default:
5000
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.users
Maximum number of concurrent clients allowed.
Type: signed integer
Default:
100
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.welcometext
Welcome message for connected clients.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.mwlib.nserve.enable
Whether to enable nserve. Nserve is a HTTP server. The Collection extension is talking to that program directly. Nserve uses at least one qserve instance in order to distribute and manage jobs.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
|
services.mwlib.nserve.address
Specify network interface to listen on.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
|
services.mwlib.nserve.port
Specify port to listen on.
Type: signed integer
Default:
8899
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
|
services.mwlib.nserve.qserve
Register qserve instance.
Type: list of strings
Default:
[
"127.0.0.1:14311"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
|
services.mwlib.nserve.user
User to run as.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
|
services.mwlib.nslave.enable
Pulls new jobs from exactly one qserve instance and calls the zip and render programs in order to download article collections and convert them to different output formats. Nslave uses a cache directory to store the generated documents. Nslave also starts an internal http server serving the content of the cache directory.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
|
services.mwlib.nslave.cachedir
Directory to store generated documents.
Type: path
Default:
"/var/cache/mwlib-nslave"
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
|
services.mwlib.nslave.http
Internal http server serving the content of the cache directory. You have to enable it, or use your own way for serving files and set the http.url option accordingly.
Type: submodule
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
|
services.mwlib.nslave.http.enable
Enable internal http server.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
|
services.mwlib.nslave.http.address
Specify network interface to listen on.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
|
services.mwlib.nslave.http.port
Port to listen to when serving files from cache.
Type: signed integer
Default:
8898
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
|
services.mwlib.nslave.http.url
Specify URL for accessing generated files from cache. The Collection extension of Mediawiki won't be able to download files without it.
Type: string
Default:
"http://localhost:8898/cache"
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
|
services.mwlib.nslave.numprocs
Number of parallel jobs to be executed.
Type: signed integer
Default:
10
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
|
services.mwlib.nslave.user
User to run as.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
|
services.mwlib.qserve.enable
A job queue server used to distribute and manage jobs. You should start one qserve instance for each machine that is supposed to render pdf files. Unless you’re operating the Wikipedia installation, one machine should suffice.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
|
services.mwlib.qserve.address
Specify network interface to listen on.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
|
services.mwlib.qserve.allow
List of allowed client IPs. Empty means any.
Type: list of strings
Default:
[
"127.0.0.1"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
|
services.mwlib.qserve.datadir
qserve data directory (FIXME: unused?)
Type: path
Default:
"/var/lib/mwlib-qserve"
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
|
services.mwlib.qserve.port
Specify port to listen on.
Type: signed integer
Default:
14311
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
|
services.mwlib.qserve.user
User to run as.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
|
services.mysql.enable
Whether to enable the MySQL server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.package
Which MySQL derivation to use. MariaDB packages are supported too.
Type: package
Example:
pkgs.mysql
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.bind
Address to bind to. The default is to bind to all addresses
Type: null or string
Default:
null
Example:
0.0.0.0
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.dataDir
Location where MySQL stores its table files
Type: path
Example:
"/var/lib/mysql"
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.ensureDatabases
Ensures that the specified databases exist. This option will never delete existing databases, especially not when the value of this option is changed. This means that databases created once through this option or otherwise have to be removed manually.
Type: unspecified
Default:
[
]
Example:
[
"nextcloud" "matomo"
]
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.ensureUsers
Ensures that the specified users exist and have at least the ensured permissions. The MySQL users will be identified using Unix socket authentication. This authenticates the Unix user with the same name only, and that without the need for a password. This option will never delete existing users or remove permissions, especially not when the value of this option is changed. This means that users created and permissions assigned once through this option or otherwise have to be removed manually.
Type: unspecified
Default:
[
]
Example:
[
{
ensurePermissions =
{
nextcloud.* = "ALL PRIVILEGES";
}
; name = "nextcloud";
}
{
ensurePermissions =
{
*.* = "SELECT, LOCK TABLES";
}
; name = "backup";
}
]
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.extraOptions
Provide extra options to the MySQL configuration file.
Please note, that these options are added to the
[mysqld]
section so you don't need to explicitly
state it again.
Type: string
Default:
""
Example:
'' key_buffer_size = 6G table_cache = 1600 log-error = /var/log/mysql_err.log ''
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.initialDatabases
List of database names and their initial schemas that should be used to create databases on the first startup of MySQL. The schema attribute is optional: If not specified, an empty database is created.
Type: unspecified
Default:
[
]
Example:
[
{
name = "foodatabase"; schema = ./foodatabase.sql;
}
{
name = "bardatabase";
}
]
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.initialScript
A file containing SQL statements to be executed on the first startup. Can be used for granting certain permissions on the database
Type: unspecified
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.pidDir
Location of the file which stores the PID of the MySQL server
Type: unspecified
Default:
"/run/mysqld"
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.port
Port of MySQL
Type: signed integer
Default:
3306
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.replication.masterHost
Hostname of the MySQL master server
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.replication.masterPassword
Password of the MySQL replication user
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.replication.masterPort
Port number on which the MySQL master server runs
Type: signed integer
Default:
3306
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.replication.masterUser
Username of the MySQL replication user
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.replication.role
Role of the MySQL server instance.
Type: one of "master", "slave", "none"
Default:
"none"
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.replication.serverId
Id of the MySQL server instance. This number must be unique for each instance
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.replication.slaveHost
Hostname of the MySQL slave server
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.rootPassword
Path to a file containing the root password, modified on the first startup. Not specifying a root password will leave the root password empty.
Type: unspecified
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.user
User account under which MySQL runs
Type: string
Default:
"mysql"
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysqlBackup.enable
Whether to enable MySQL backups.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
|
services.mysqlBackup.calendar
Configured when to run the backup service systemd unit (DayOfWeek Year-Month-Day Hour:Minute:Second).
Type: string
Default:
"01:15:00"
Declared by:
<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
|
services.mysqlBackup.databases
List of database names to dump.
Type: unspecified
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
|
services.mysqlBackup.location
Location to put the gzipped MySQL database dumps.
Type: unspecified
Default:
"/var/backup/mysql"
Declared by:
<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
|
services.mysqlBackup.singleTransaction
Whether to create database dump in a single transaction
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
|
services.mysqlBackup.user
User to be used to perform backup.
Type: unspecified
Default:
"mysqlbackup"
Declared by:
<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
|
services.nagios.enable
Whether to use Nagios to monitor your system or network.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.enableWebInterface
Whether to enable the Nagios web interface. You should also
enable Apache (services.httpd.enable
).
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.cgiConfigFile
Derivation for the configuration file of Nagios CGI scripts that can be used in web servers for running the Nagios web interface.
Type: package
Default:
"nagiosCGICfgFile"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.mainConfigFile
Derivation for the main configuration file of Nagios.
Type: package
Default:
"nagiosCfgFile"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.objectDefs
A list of Nagios object configuration files that must define the hosts, host groups, services and contacts for the network that you want Nagios to monitor.
Type: unspecified
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.plugins
Packages to be added to the Nagios PATH
.
Typically used to add plugins, but can be anything.
Type: list of packages
Default:
"[pkgs.nagiosPluginsOfficial pkgs.ssmtp]"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.urlPath
The URL path under which the Nagios web interface appears.
That is, you can access the Nagios web interface through
http://
.
server
/urlPath
Type: unspecified
Default:
"/nagios"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.namecoind.enable
Whether to enable namecoind, Namecoin client..
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
|
services.namecoind.extraNodes
List of additional peer IP addresses to connect to.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
|
services.namecoind.generate
Whether to generate (mine) Namecoins.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
|
services.namecoind.rpc.address
IP address the RPC server will bind to.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
|
services.namecoind.rpc.allowFrom
List of IP address ranges allowed to use the RPC API. Wiledcards (*) can be user to specify a range.
Type: list of strings
Default:
[
"127.0.0.1"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
|
services.namecoind.rpc.certificate
Certificate file for securing RPC connections.
Type: null or path
Default:
null
Example:
"/var/lib/namecoind/server.cert"
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
|
services.namecoind.rpc.key
Key file for securing RPC connections.
Type: null or path
Default:
null
Example:
"/var/lib/namecoind/server.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
|
services.namecoind.rpc.password
Password for RPC connections.
Type: string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
|
services.namecoind.rpc.port
Port the RPC server will bind to.
Type: signed integer
Default:
8332
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
|
services.namecoind.rpc.user
User name for RPC connections.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
|
services.namecoind.trustedNodes
List of the only peer IP addresses to connect to. If specified no other connection will be made.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
|
services.namecoind.wallet
Wallet file. The ownership of the file has to be namecoin:namecoin, and the permissions must be 0640.
Type: path
Default:
"/var/lib/namecoind/wallet.dat"
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
|
services.ndppd.enable
Whether to enable daemon that proxies NDP (Neighbor Discovery Protocol) messages between interfaces.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
|
services.ndppd.configFile
Path to configuration file.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
|
services.ndppd.interface
Interface which is on link-level with router.
Type: string
Default:
"eth0"
Example:
"ens3"
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
|
services.ndppd.network
Network that we proxy.
Type: string
Default:
"1111::"
Example:
"2001:DB8::/32"
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
|
services.neo4j.enable
Whether to enable Neo4j Community Edition.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.package
Neo4j package to use.
Type: package
Default:
"pkgs.neo4j"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.allowUpgrade
Allow upgrade of Neo4j database files from an older version.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.bolt.enable
Enable the BOLT connector for Neo4j. Setting this option to
false
will stop Neo4j from listening for incoming
connections on the BOLT port (7687 by default).
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.bolt.listenAddress
Neo4j listen address for BOLT traffic. The listen address is
expressed in the format <ip-address>:<port-number>
.
Type: string
Default:
":7687"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.bolt.sslPolicy
Neo4j SSL policy for BOLT traffic.
The legacy policy is a special policy which is not defined in
the policy configuration section, but rather derives from
directories.certificates
and
associated files (by default: neo4j.key
and
neo4j.cert
). Its use will be deprecated.
Note: This connector must be configured to support/require
SSL/TLS for the legacy policy to actually be utilized. See
bolt.tlsLevel
.
Type: string
Default:
"legacy"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.bolt.tlsLevel
SSL/TSL requirement level for BOLT traffic.
Type: one of "REQUIRED", "OPTIONAL", "DISABLED"
Default:
"OPTIONAL"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.constrainLoadCsv
Sets the root directory for file URLs used with the Cypher
LOAD CSV
clause to be that defined by
directories.imports
. It restricts
access to only those files within that directory and its
subdirectories.
Setting this option to false
introduces
possible security problems.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.defaultListenAddress
Default network interface to listen for incoming connections. To listen for connections on all interfaces, use "0.0.0.0".
Specifies the default IP address and address part of connector
specific listenAddress
options. To bind specific
connectors to a specific network interfaces, specify the entire
listenAddress
option for that connector.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.directories.certificates
Directory for storing certificates to be used by Neo4j for TLS connections.
When setting this directory to something other than its default,
ensure the directory's existence, and that read/write permissions are
given to the Neo4j daemon user neo4j
.
Note that changing this directory from its default will prevent
the directory structure required for each SSL policy from being
automatically generated. A policy's directory structure as defined by
its baseDirectory
,revokedDir
and
trustedDir
must then be setup manually. The
existence of these directories is mandatory, as well as the presence
of the certificate file and the private key. Ensure the correct
permissions are set on these directories and files.
Type: path
Default:
"/var/lib/neo4j/certificates"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.directories.data
Path of the data directory. You must not configure more than one Neo4j installation to use the same data directory.
When setting this directory to something other than its default,
ensure the directory's existence, and that read/write permissions are
given to the Neo4j daemon user neo4j
.
Type: path
Default:
"/var/lib/neo4j/data"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.directories.home
Path of the Neo4j home directory. Other default directories are
subdirectories of this path. This directory will be created if
non-existent, and its ownership will be chown to
the Neo4j daemon user neo4j
.
Type: path
Default:
"/var/lib/neo4j"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.directories.imports
The root directory for file URLs used with the Cypher
LOAD CSV
clause. Only meaningful when
constrainLoadCvs
is set to
true
.
When setting this directory to something other than its default,
ensure the directory's existence, and that read permission is
given to the Neo4j daemon user neo4j
.
Type: path
Default:
"/var/lib/neo4j/import"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.directories.plugins
Path of the database plugin directory. Compiled Java JAR files that contain database procedures will be loaded if they are placed in this directory.
When setting this directory to something other than its default,
ensure the directory's existence, and that read permission is
given to the Neo4j daemon user neo4j
.
Type: path
Default:
"/var/lib/neo4j/plugins"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.extraServerConfig
Extra configuration for Neo4j Community server. Refer to the complete reference of Neo4j configuration settings.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.http.enable
The HTTP connector is required for Neo4j, and cannot be disabled.
Setting this option to false
will force the HTTP
connector's listenAddress
to the loopback
interface to prevent connection of remote clients. To prevent all
clients from connecting, block the HTTP port (7474 by default) by
firewall.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.http.listenAddress
Neo4j listen address for HTTP traffic. The listen address is
expressed in the format <ip-address>:<port-number>
.
Type: string
Default:
":7474"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.https.enable
Enable the HTTPS connector for Neo4j. Setting this option to
false
will stop Neo4j from listening for incoming
connections on the HTTPS port (7473 by default).
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.https.listenAddress
Neo4j listen address for HTTPS traffic. The listen address is
expressed in the format <ip-address>:<port-number>
.
Type: string
Default:
":7473"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.https.sslPolicy
Neo4j SSL policy for HTTPS traffic.
The legacy policy is a special policy which is not defined in the
policy configuration section, but rather derives from
directories.certificates
and
associated files (by default: neo4j.key
and
neo4j.cert
). Its use will be deprecated.
Type: string
Default:
"legacy"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.readOnly
Only allow read operations from this Neo4j instance.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.shell.enable
Enable a remote shell server which Neo4j Shell clients can log in to. Only applicable to neo4j-shell.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.ssl.policies
Defines the SSL policies for use with Neo4j connectors. Each attribute of this set defines a policy, with the attribute name defining the name of the policy and its namespace. Refer to the operations manual section on Neo4j's SSL Framework for further details.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.ssl.policies.<name>.allowKeyGeneration
Allows the generation of a private key and associated self-signed certificate. Only performed when both objects cannot be found for this policy. It is recommended to turn this off again after keys have been generated.
The public certificate is required to be duplicated to the
directory holding trusted certificates as defined by the
trustedDir
option.
Keys should in general be generated and distributed offline by a trusted certificate authority and not by utilizing this mode.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.ssl.policies.<name>.baseDirectory
The mandatory base directory for cryptographic objects of this
policy. This path is only automatically generated when this
option as well as directories.certificates
are
left at their default. Ensure read/write permissions are given
to the Neo4j daemon user neo4j
.
It is also possible to override each individual
configuration with absolute paths. See the
privateKey
and publicCertificate
policy options.
Type: path
Default:
"/var/lib/neo4j/certificates/‹name›"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.ssl.policies.<name>.ciphers
Restrict the allowed ciphers of this policy to those defined here. The default ciphers are those of the JVM platform.
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.ssl.policies.<name>.clientAuth
The client authentication stance for this policy.
Type: one of "NONE", "OPTIONAL", "REQUIRE"
Default:
"REQUIRE"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.ssl.policies.<name>.privateKey
The name of private PKCS #8 key file for this policy to be found
in the baseDirectory
, or the absolute path to
the key file. It is mandatory that a key can be found or generated.
Type: string
Default:
"private.key"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.ssl.policies.<name>.publicCertificate
The name of public X.509 certificate (chain) file in PEM format
for this policy to be found in the baseDirectory
,
or the absolute path to the certificate file. It is mandatory
that a certificate can be found or generated.
The public certificate is required to be duplicated to the
directory holding trusted certificates as defined by the
trustedDir
option.
Type: string
Default:
"public.crt"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.ssl.policies.<name>.revokedDir
Path to directory of CRLs (Certificate Revocation Lists) in
PEM format. Must be an absolute path. The existence of this
directory is mandatory and will need to be created manually when:
setting this option to something other than its default; setting
either this policy's baseDirectory
or
directories.certificates
to something other than
their default. Ensure read/write permissions are given to the
Neo4j daemon user neo4j
.
Type: path
Default:
"/var/lib/neo4j/certificates/‹name›/revoked"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.ssl.policies.<name>.tlsVersions
Restrict the TLS protocol versions of this policy to those defined here.
Type: list of strings
Default:
[
"TLSv1.2"
]
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.ssl.policies.<name>.trustAll
Makes this policy trust all remote parties. Enabling this is not recommended and the policy's trusted directory will be ignored. Use of this mode is discouraged. It would offer encryption but no security.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.ssl.policies.<name>.trustedDir
Path to directory of X.509 certificates in PEM format for
trusted parties. Must be an absolute path. The existence of this
directory is mandatory and will need to be created manually when:
setting this option to something other than its default; setting
either this policy's baseDirectory
or
directories.certificates
to something other than
their default. Ensure read/write permissions are given to the
Neo4j daemon user neo4j
.
The public certificate as defined by
publicCertificate
is required to be duplicated
to this directory.
Type: path
Default:
"/var/lib/neo4j/certificates/‹name›/trusted"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.udc.enable
Enable the Usage Data Collector which Neo4j uses to collect usage data. Refer to the operations manual section on the Usage Data Collector for more information.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.workerCount
Number of Neo4j worker threads, where the default of
0
indicates a worker count equal to the number of
available processors.
Type: integer between 0 and 44738 (both inclusive)
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.netatalk.enable
Whether to enable the Netatalk AFP fileserver.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/netatalk.nix>
|
services.netatalk.extmap
File name extension mappings.
See man extmap.conf
for more information.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/netatalk.nix>
|
services.netatalk.extraConfig
Lines of configuration to add to the [Global]
section.
See man apf.conf
for more information.
Type: string
Default:
""
Example:
"uam list = uams_guest.so"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/netatalk.nix>
|
services.netatalk.homes.enable
Enable sharing of the UNIX server user home directories.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/netatalk.nix>
|
services.netatalk.homes.basedirRegex
Regex which matches the parent directory of the user homes.
Type: unspecified
Example:
"/home"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/netatalk.nix>
|
services.netatalk.homes.extraConfig
Lines of configuration to add to the [Homes]
section.
See man apf.conf
for more information.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/netatalk.nix>
|
services.netatalk.homes.path
Share not the whole user home but this subdirectory path.
Type: unspecified
Default:
""
Example:
"afp-data"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/netatalk.nix>
|
services.netatalk.port
TCP port to be used for AFP.
Type: unspecified
Default:
548
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/netatalk.nix>
|
services.netatalk.volumes
Set of AFP volumes to export.
See man apf.conf
for more information.
Type: attribute set of attribute set of unspecifiedss
Default:
{
}
Example:
{
srv =
{
hosts allow = "10.1.0.0/16 10.2.1.100 2001:0db8:1234::/48"; path = "/srv"; read only = true;
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/netatalk.nix>
|
services.netdata.enable
Whether to enable netdata.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
|
services.netdata.config
netdata.conf configuration as nix attributes. cannot be combined with configText.
Type: attribute set of attribute sets
Default:
{
}
Example:
global = { "debug log" = "syslog"; "access log" = "syslog"; "error log" = "syslog"; };
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
|
services.netdata.configText
Verbatim netdata.conf, cannot be combined with config.
Type: null or string
Default:
null
Example:
'' [global] debug log = syslog access log = syslog error log = syslog ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
|
services.netdata.group
Group under which netdata runs.
Type: string
Default:
"netdata"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
|
services.netdata.user
User account under which netdata runs.
Type: string
Default:
"netdata"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
|
services.networking.websockify.enable
Whether to enable websockify to forward websocket connections to TCP connections.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/websockify.nix>
|
services.networking.websockify.portMap
Ports to map by default.
Type: attribute set of signed integers
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/websockify.nix>
|
services.networking.websockify.sslCert
Path to the SSL certificate.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/websockify.nix>
|
services.networking.websockify.sslKey
Path to the SSL key.
Type: path
Default:
"config.services.networking.websockify.sslCert"
Declared by:
<nixpkgs/nixos/modules/services/networking/websockify.nix>
|
services.nextcloud.enable
Whether to enable nextcloud.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.caching.apcu
Whether to load the APCu module into PHP.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.caching.memcached
Whether to load the Memcached module into PHP. You still need to enable Memcached in your config.php. See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.caching.redis
Whether to load the Redis module into PHP. You still need to enable Redis in your config.php. See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.adminpass
Database password. Use adminpassFile
to avoid this
being world-readable in the /nix/store
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.adminpassFile
The full path to a file that contains the admin's password.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.adminuser
Admin username.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.dbhost
Database host.
Type: null or string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.dbname
Database name.
Type: null or string
Default:
"nextcloud"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.dbpass
Database password. Use dbpassFile
to avoid this
being world-readable in the /nix/store
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.dbpassFile
The full path to a file that contains the database password.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.dbport
Database port.
Type: null or signed integer or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.dbtableprefix
Table prefix in Nextcloud database.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.dbtype
Database type.
Type: one of "sqlite", "pgsql", "mysql"
Default:
"sqlite"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.dbuser
Database user.
Type: null or string
Default:
"nextcloud"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.extraTrustedDomains
Trusted domains, from which the nextcloud installation will be
acessible. You don't need to add
services.nextcloud.hostname
here.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.home
Storage path of nextcloud.
Type: string
Default:
"/var/lib/nextcloud"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.hostName
FQDN for the nextcloud instance.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.https
Enable if there is a TLS terminating proxy in front of nextcloud.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.maxUploadSize
Defines the upload limit for files. This changes the relevant options in php.ini and nginx if enabled.
Type: string
Default:
"512M"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.nginx.enable
Whether to enable nginx vhost management.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.phpOptions
Options for PHP's php.ini file for nextcloud.
Type: attribute set of strings
Default:
{
catch_workers_output = "yes"; display_errors = "stderr"; error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT"; expose_php = "Off"; opcache.enable_cli = "1"; opcache.fast_shutdown = "1"; opcache.interned_strings_buffer = "8"; opcache.max_accelerated_files = "10000"; opcache.memory_consumption = "128"; opcache.revalidate_freq = "1"; openssl.cafile = "/etc/ssl/certs/ca-certificates.crt"; short_open_tag = "Off";
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.phpPackages
Overridable attribute of the PHP packages set to use. If any caching
module is enabled, it will be taken from here. Therefore it should
match the version of PHP given to
services.phpfpm.phpPackage
.
Type: attribute set
Default:
"pkgs.php71Packages"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.skeletonDirectory
The directory where the skeleton files are located. These files will be copied to the data directory of new users. Leave empty to not copy any skeleton files.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.webfinger
Enable this option if you plan on using the webfinger plugin. The appropriate nginx rewrite rules will be added to your configuration.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nexus.enable
Whether to enable Sonatype Nexus3 OSS service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nexus.nix>
|
services.nexus.package
Package which runs Nexus3
Type: package
Default:
(build of nexus-3.12.1-01)
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nexus.nix>
|
services.nexus.group
Group which runs Nexus3.
Type: string
Default:
"nexus"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nexus.nix>
|
services.nexus.home
Home directory of the Nexus3 instance.
Type: string
Default:
"/var/lib/sonatype-work"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nexus.nix>
|
services.nexus.jvmOpts
Options for the JVM written to `nexus.jvmopts`. Please refer to the docs (https://help.sonatype.com/repomanager3/installation/configuring-the-runtime-environment) for further information.
Type: string
Default:
'' -Xms1200M -Xmx1200M -XX:MaxDirectMemorySize=2G -XX:+UnlockDiagnosticVMOptions -XX:+UnsyncloadClass -XX:+LogVMOutput -XX:LogFile=/var/lib/sonatype-work/nexus3/log/jvm.log -XX:-OmitStackTraceInFastThrow -Djava.net.preferIPv4Stack=true -Dkaraf.home=''${pkgs.nexus} -Dkaraf.base=''${pkgs.nexus} -Dkaraf.etc=''${pkgs.nexus}/etc/karaf -Djava.util.logging.config.file=''${pkgs.nexus}/etc/karaf/java.util.logging.properties -Dkaraf.data=/var/lib/sonatype-work/nexus3 -Djava.io.tmpdir=/var/lib/sonatype-work/nexus3/tmp -Dkaraf.startLocalConsole=false ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nexus.nix>
|
services.nexus.listenAddress
Address to listen on.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nexus.nix>
|
services.nexus.listenPort
Port to listen on.
Type: signed integer
Default:
8081
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nexus.nix>
|
services.nexus.user
User which runs Nexus3.
Type: string
Default:
"nexus"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nexus.nix>
|
services.nfs.extraConfig
Extra nfs-utils configuration.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/nfs.nix>
|
services.nfs.server.enable
Whether to enable the kernel's NFS server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
|
services.nfs.server.createMountPoints
Whether to create the mount points in the exports file at startup time.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
|
services.nfs.server.exports
Contents of the /etc/exports file. See exports(5) for the format.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
|
services.nfs.server.extraNfsdConfig
Extra configuration options for the [nfsd] section of /etc/nfs.conf.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
|
services.nfs.server.hostName
Hostname or address on which NFS requests will be accepted.
Default is all. See the -H
option in
nfsd(8).
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
|
services.nfs.server.lockdPort
Use a fixed port for the NFS lock manager kernel module
(lockd/nlockmgr
). This is useful if the
NFS server is behind a firewall.
Type: null or signed integer
Default:
null
Example:
4001
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
|
services.nfs.server.mountdPort
Use fixed port for rpc.mountd, useful if server is behind firewall.
Type: null or signed integer
Default:
null
Example:
4002
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
|
services.nfs.server.nproc
Number of NFS server threads. Defaults to the recommended value of 8.
Type: signed integer
Default:
8
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
|
services.nfs.server.statdPort
Use a fixed port for rpc.statd. This is useful if the NFS server is behind a firewall.
Type: null or signed integer
Default:
null
Example:
4000
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
|
services.nghttpx.enable
Whether to enable nghttpx.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backend-address-family
Specify address family of backend connections. If "auto" is given, both IPv4 and IPv6 are considered. If "IPv4" is given, only IPv4 address is considered. If "IPv6" is given, only IPv6 address is considered.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--backend-address-family
Type: one of "auto", "IPv4", "IPv6"
Default:
"auto"
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backends
A list of backend specifications.
Type: list of submodules
Example:
[
{
params =
{
proto = "http/1.1"; redirect-if-not-tls = true;
}
; patterns =
[
"/"
]
; server =
{
host = "172.16.0.22"; port = 8443;
}
;
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backends.*.params
Parameters to configure a backend.
Type: null or submodule
Default:
null
Example:
{
proto = "h2"; tls = true;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backends.*.params.affinity
If "ip" is given, client IP based session affinity is enabled. If "none" is given, session affinity is disabled.
Session affinity is enabled (by nghttpx) per-backend pattern. If at least one backend has a non-"none" affinity, then session affinity is enabled for all backend servers sharing the same pattern.
It is advised to set affinity on all backends explicitly if session affinity is desired. The session affinity may break if one of the backend gets unreachable, or backend settings are reloaded or replaced by API.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: one of "ip", "none"
Default:
"none"
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backends.*.params.dns
Name resolution of a backends host name is done at start up, or configuration reload. If "dns" is true, name resolution takes place dynamically.
This is useful if a backends address changes frequently. If "dns" is true, name resolution of a backend's host name at start up, or configuration reload is skipped.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backends.*.params.fall
If nghttpx cannot connect to the backend N times in a row, the backend is assumed to be offline and is excluded from load balancing. If N is 0 the backend is never excluded from load balancing.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backends.*.params.proto
This option configures the protocol the backend server expects to use.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: one of "h2", "http/1.1"
Default:
"http/1.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backends.*.params.redirect-if-not-tls
If true, a backend match requires the frontend connection be TLS encrypted. If it is not, nghttpx responds to the request with a 308 status code and https URI the client should use instead in the Location header.
The port number in the redirect URI is 443 by default and can be changed using 'services.nghttpx.redirect-https-port' option.
If at least one backend has "redirect-if-not-tls" set to true, this feature is enabled for all backend servers with the same pattern. It is advised to set "redirect-if-no-tls" parameter to all backends explicitly if this feature is desired.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backends.*.params.rise
If the backend is excluded from load balancing, nghttpx will periodically attempt to make a connection to the backend. If the connection is successful N times in a row the backend is re-included in load balancing. If N is 0 a backend is never reconsidered for load balancing once it falls.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backends.*.params.sni
Override the TLS SNI field value. This value (in nghttpx) defaults to the host value of the backend configuration.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backends.*.params.tls
This option determines whether nghttpx will negotiate its connection with a backend server using TLS or not. The burden is on the backend server to provide the TLS certificate!
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backends.*.patterns
List of nghttpx backend patterns.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more information on the pattern syntax and nghttpxs behavior.
Type: list of strings
Default:
[
]
Example:
[
"*.host.net/v1/" "host.org/v2/mypath" "/somepath"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backends.*.server
Backend server location specified as either a host:port pair or a unix domain docket.
Type: submodule or path
Default:
{
host = "127.0.0.1"; port = 80;
}
Example:
{
host = "127.0.0.1"; port = 8888;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backlog
Listen backlog size.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--backlog
Type: signed integer
Default:
65536
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.extraConfig
Extra configuration options to be appended to the generated configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.frontends
A list of frontend listener specifications.
Type: list of submodules
Example:
[
{
params =
{
tls = "no-tls";
}
; server =
{
host = "*"; port = 80;
}
;
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.frontends.*.params
Parameters to configure a backend.
Type: null or submodule
Default:
null
Example:
{
tls = "tls";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.frontends.*.params.api
Enable API access for this frontend. This enables you to dynamically modify nghttpx at run-time therefore this feature is disabled by default and should be turned on with care.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f for more detail.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.frontends.*.params.healthmon
Make this frontend a health monitor endpoint. Any request received on this frontend is responded to with a 200 OK.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f for more detail.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.frontends.*.params.proxyproto
Accept PROXY protocol version 1 on frontend connection.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f for more detail.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.frontends.*.params.sni-fwd
When performing a match to select a backend server, SNI host name received from the client is used instead of the request host. See --backend option about the pattern match.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f for more detail.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.frontends.*.params.tls
Enable or disable TLS. If true (enabled) the key and certificate must be configured for nghttpx.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f for more detail.
Type: one of "tls", "no-tls"
Default:
"tls"
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.frontends.*.server
Frontend server interface binding specification as either a host:port pair or a unix domain docket.
NB: a host of "*" listens on all interfaces and includes IPv6 addresses.
Type: submodule or path
Default:
{
host = "127.0.0.1"; port = 80;
}
Example:
{
host = "127.0.0.1"; port = 8888;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.rlimit-nofile
Set maximum number of open files (RLIMIT_NOFILE) to <N>. If 0 is given, nghttpx does not set the limit.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--rlimit-nofile
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.single-process
Run this program in a single process mode for debugging purpose. Without this option, nghttpx creates at least 2 processes: master and worker processes. If this option is used, master and worker are unified into a single process. nghttpx still spawns additional process if neverbleed is used. In the single process mode, the signal handling feature is disabled.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--single-process
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.single-thread
Run everything in one thread inside the worker process. This feature is provided for better debugging experience, or for the platforms which lack thread support. If threading is disabled, this option is always enabled.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--single-thread
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.tls
TLS certificate and key paths. Note that this does not enable
TLS for a frontend listener, to do so, a frontend
specification must set params.tls
to true.
Type: null or submodule
Default:
null
Example:
{
crt = "/etc/ssl/certs/server.crt"; key = "/etc/ssl/keys/server.key";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.tls.crt
Path to the TLS certificate file.
Type: string
Default:
"/etc/ssl/certs/server.crt"
Example:
"/etc/ssl/certs/mycert.crt"
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.tls.key
Path to the TLS key file.
Type: string
Default:
"/etc/ssl/keys/server.key"
Example:
"/etc/ssl/keys/mykeyfile.key"
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.workers
Set the number of worker threads.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-n
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nginx.enable
Whether to enable Nginx Web Server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.package
Nginx package to use. This defaults to the stable version. Note
that the nginx team recommends to use the mainline version which
available in nixpkgs as nginxMainline
.
Type: package
Default:
"pkgs.nginxStable"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.appendConfig
Configuration lines appended to the generated Nginx
configuration file. Commonly used by different modules
providing http snippets. appendConfig
can be specified more than once and it's value will be
concatenated (contrary to config
which
can be set only once).
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.appendHttpConfig
Configuration lines to be appended to the generated http block. This is mutually exclusive with using config and httpConfig for specifying the whole http block verbatim.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.clientMaxBodySize
Set nginx global client_max_body_size.
Type: string
Default:
"10m"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.commonHttpConfig
With nginx you must provide common http context definitions before they are used, e.g. log_format, resolver, etc. inside of server or location contexts. Use this attribute to set these definitions at the appropriate location.
Type: string
Default:
""
Example:
'' resolver 127.0.0.1 valid=5s; log_format myformat '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"'; ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.config
Verbatim nginx.conf configuration. This is mutually exclusive with the structured configuration via virtualHosts and the recommendedXyzSettings configuration options. See appendConfig for appending to the generated http block.
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.eventsConfig
Configuration lines to be set inside the events block.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.gitweb.enable
If true, enable gitweb in nginx. Access it at http://yourserver/gitweb
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/gitweb.nix>
|
services.nginx.group
Group account under which nginx runs.
Type: string
Default:
"nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.httpConfig
Configuration lines to be set inside the http block. This is mutually exclusive with the structured configuration via virtualHosts and the recommendedXyzSettings configuration options. See appendHttpConfig for appending to the generated http block.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.proxyResolveWhileRunning
Resolves domains of proxyPass targets at runtime and not only at start, you have to set services.nginx.resolver, too.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.recommendedGzipSettings
Enable recommended gzip settings.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.recommendedOptimisation
Enable recommended optimisation settings.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.recommendedProxySettings
Enable recommended proxy settings.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.recommendedTlsSettings
Enable recommended TLS settings.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.resolver
Configures name servers used to resolve names of upstream servers into addresses
Type: submodule
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.resolver.addresses
List of resolvers to use
Type: list of strings
Default:
[
]
Example:
[ "[::1]" "127.0.0.1:5353" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.resolver.valid
By default, nginx caches answers using the TTL value of a response. An optional valid parameter allows overriding it
Type: string
Default:
""
Example:
"30s"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.serverTokens
Show nginx version in headers and error pages.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.sslCiphers
Ciphers to choose from when negotiating tls handshakes.
Type: string
Default:
"EECDH+aRSA+AESGCM:EDH+aRSA:EECDH+aRSA:+AES256:+AES128:+SHA1:!CAMELLIA:!SEED:!3DES:!DES:!RC4:!eNULL"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.sslDhparam
Path to DH parameters file.
Type: null or path
Default:
null
Example:
"/path/to/dhparams.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.sslProtocols
Allowed TLS protocol versions.
Type: string
Default:
"TLSv1.2"
Example:
"TLSv1 TLSv1.1 TLSv1.2"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.stateDir
Directory holding all state for nginx to run.
Type: unspecified
Default:
"/var/spool/nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.statusPage
Enable status page reachable from localhost on http://127.0.0.1/nginx_status.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.upstreams
Defines a group of servers to use as proxy target.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.upstreams.<name>.extraConfig
These lines go to the end of the upstream verbatim.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.upstreams.<name>.servers
Defines the address and other parameters of the upstream servers.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.upstreams.<name>.servers.<name>.backup
Marks the server as a backup server. It will be passed requests when the primary servers are unavailable.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.user
User account under which nginx runs.
Type: string
Default:
"nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts
Declarative vhost config
Type: attribute set of submodules
Default:
{
localhost =
{
}
;
}
Example:
{ "hydra.example.com" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://localhost:3000"; }; }; };
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.enableACME
Whether to ask Let's Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through useACMEHost
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.acmeFallbackHost
Host which to proxy requests to if acme challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.acmeRoot
Directory to store certificates and keys managed by the ACME service.
Type: string
Default:
"/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.addSSL
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen
to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the nix store.
Type: attribute set of strings
Default:
{
}
Example:
{ user = "password"; };
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.basicAuthFile
Basic Auth password file for a vhost.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.default
Makes this vhost the default.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.extraConfig
These lines go to the end of the vhost verbatim.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.forceSSL
Whether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS. This will set defaults for
listen
to listen on all interfaces on the respective default
ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.globalRedirect
If set, all requests for this host are redirected permanently to the given hostname.
Type: null or string
Default:
null
Example:
"newserver.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.http2
Whether to enable HTTP 2. Note that (as of writing) due to nginx's implementation, to disable HTTP 2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2,then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.listen
Listen addresses and ports for this virtual host.
IPv6 addresses must be enclosed in square brackets.
Note: this option overrides addSSL
and onlySSL
.
Type: list of submodules
Default:
[
]
Example:
[
{
addr = "195.154.1.1"; port = 443; ssl = true;
}
{
addr = "192.154.1.1"; port = 80;
}
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.listen.*.addr
IP address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.listen.*.port
Port number.
Type: signed integer
Default:
80
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.listen.*.ssl
Enable SSL.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.locations
Declarative location config
Type: attribute set of submodules
Default:
{
}
Example:
{ "/" = { proxyPass = "http://localhost:3000"; }; };
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.locations.<name>.alias
Alias directory for requests.
Type: null or path
Default:
null
Example:
"/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.locations.<name>.extraConfig
These lines go to the end of the location verbatim.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.locations.<name>.index
Adds index directive.
Type: null or string
Default:
null
Example:
"index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.locations.<name>.priority
Order of this location block in relation to the others in the vhost. The semantics are the same as with `lib.mkOrder`. Smaller values have a greater priority.
Type: signed integer
Default:
1000
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.locations.<name>.proxyPass
Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.
Type: null or string
Default:
null
Example:
"http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.locations.<name>.proxyWebsockets
Whether to supporty proxying websocket connections with HTTP/1.1.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.locations.<name>.root
Root directory for requests.
Type: null or path
Default:
null
Example:
"/your/root/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.locations.<name>.tryFiles
Adds try_files directive.
Type: null or string
Default:
null
Example:
"\$uri =404"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.onlySSL
Whether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen
to listen on all interfaces on port 443.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.root
The path of the web root directory.
Type: null or path
Default:
null
Example:
"/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of strings
Default:
[
]
Example:
[
"www.example.org" "example.org"
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.serverName
Name of this virtual host. Defaults to attribute name in virtualHosts.
Type: null or string
Default:
null
Example:
"example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.sslCertificate
Path to server SSL certificate.
Type: path
Example:
"/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.sslCertificateKey
Path to server SSL certificate key.
Type: path
Example:
"/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.sslTrustedCertificate
Path to root SSL certificate for stapling and client certificates.
Type: null or path
Default:
null
Example:
"/var/root.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.useACMEHost
A host of an existing Let's Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through enableACME
.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.ngircd.enable
Whether to enable the ngircd IRC server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ngircd.nix>
|
services.ngircd.package
The ngircd package.
Type: package
Default:
"pkgs.ngircd"
Declared by:
<nixpkgs/nixos/modules/services/networking/ngircd.nix>
|
services.ngircd.config
The ngircd configuration (see ngircd.conf(5)).
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/ngircd.nix>
|
services.nix-serve.enable
Whether to enable nix-serve, the standalone Nix binary cache server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-serve.nix>
|
services.nix-serve.bindAddress
IP address where nix-serve will bind its listening socket.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-serve.nix>
|
services.nix-serve.extraParams
Extra command line parameters for nix-serve.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-serve.nix>
|
services.nix-serve.port
Port number where nix-serve will listen on.
Type: signed integer
Default:
5000
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-serve.nix>
|
services.nix-serve.secretKeyFile
The path to the file used for signing derivation data.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-serve.nix>
|
services.nixops-dns.enable
Whether to enable the nixops-dns resolution of NixOps virtual machines via dnsmasq and fake domain name.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/nixops-dns.nix>
|
services.nixops-dns.dnsmasq
Enable dnsmasq forwarding to nixops-dns. This allows to use nixops-dns for `services.nixops-dns.domain` resolution while forwarding the rest of the queries to original resolvers.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/nixops-dns.nix>
|
services.nixops-dns.domain
Fake domain name to resolve to NixOps virtual machines.
For example "ops" will resolve "vm.ops".
Type: string
Default:
"ops"
Example:
"ops"
Declared by:
<nixpkgs/nixos/modules/services/networking/nixops-dns.nix>
|
services.nixops-dns.user
The user the nixops-dns daemon should run as. This should be the user, which is also used for nixops and have the .nixops directory in its home.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nixops-dns.nix>
|
services.nixosManual.browser
Browser used to show the manual.
Type: path
Default:
"\${pkgs.w3m-nographics}/bin/w3m"
Declared by:
<nixpkgs/nixos/modules/services/misc/nixos-manual.nix>
|
services.nixosManual.showManual
Whether to show the NixOS manual on one of the virtual consoles.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/nixos-manual.nix>
|
services.nixosManual.ttyNumber
Virtual console on which to show the manual.
Type: signed integer
Default:
8
Declared by:
<nixpkgs/nixos/modules/services/misc/nixos-manual.nix>
|
services.nntp-proxy.enable
Whether to enable NNTP-Proxy.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.listenAddress
Proxy listen address (IPv6 literal addresses need to be enclosed in "[" and "]" characters)
Type: string
Default:
"127.0.0.1"
Example:
"[::]"
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.port
Proxy listen port
Type: signed integer
Default:
5555
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.prohibitPosting
Whether to prohibit posting to the upstream server
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.sslCert
Proxy ssl certificate path
Type: string
Default:
"cert.pem"
Example:
"/path/to/your/cert.file"
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.sslKey
Proxy ssl key path
Type: string
Default:
"key.pem"
Example:
"/path/to/your/key.file"
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.upstreamMaxConnections
Upstream server maximum allowed concurrent connections
Type: signed integer
Default:
20
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.upstreamPassword
Upstream server password
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.upstreamPort
Upstream server port
Type: signed integer
Default:
563
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.upstreamServer
Upstream server address
Type: string
Default:
""
Example:
"ssl-eu.astraweb.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.upstreamUser
Upstream server username
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.users
NNTP-Proxy user configuration
Type: attribute set of submodules
Default:
{
}
Example:
"user1" = { passwordHash = "$6$1l0t5Kn2Dk$appzivc./9l/kjq57eg5UCsBKlcfyCr0zNWYNerKoPsI1d7eAwiT0SVsOVx/CTgaBNT/u4fi2vN.iGlPfv1ek0"; maxConnections = 5; }; "anotheruser" = { passwordHash = "$6$6lwEsWB.TmsS$W7m1riUx4QrA8pKJz8hvff0dnF1NwtZXgdjmGqA1Dx2MDPj07tI9GNcb0SWlMglE.2/hBgynDdAd/XqqtRqVQ0"; maxConnections = 7; };
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.users.<name>.maxConnections
Maximum number of concurrent connections to the proxy for this user
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.users.<name>.passwordHash
SHA-512 password hash (can be generated by
mkpasswd -m sha-512 <password>
)
Type: string
Default:
null
Example:
"\$6\$GtzE7FrpE\$wwuVgFYU.TZH4Rz.Snjxk9XGua89IeVwPQ/fEUD8eujr40q5Y021yhn0aNcsQ2Ifw.BLclyzvzgegopgKcneL0"
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.users.<name>.username
Username
Type: string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.verbosity
Verbosity level
Type: one of "error", "warning", "notice", "info", "debug"
Default:
"info"
Example:
"error"
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.novacomd.enable
Whether to enable Novacom service for connecting to WebOS devices.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/novacomd.nix>
|
services.nscd.enable
Whether to enable the Name Service Cache Daemon.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/system/nscd.nix>
|
services.nscd.config
Configuration to use for Name Service Cache Daemon.
Type: string
Default:
'' server-user nscd threads 1 paranoia no debug-level 0 enable-cache passwd yes positive-time-to-live passwd 600 negative-time-to-live passwd 20 suggested-size passwd 211 check-files passwd yes persistent passwd no shared passwd yes enable-cache group yes positive-time-to-live group 3600 negative-time-to-live group 60 suggested-size group 211 check-files group yes persistent group no shared group yes enable-cache hosts yes positive-time-to-live hosts 600 negative-time-to-live hosts 5 suggested-size hosts 211 check-files hosts yes persistent hosts no shared hosts yes ''
Declared by:
<nixpkgs/nixos/modules/services/system/nscd.nix>
|
services.nsd.enable
Whether to enable NSD authoritative DNS server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.bind8Stats
Whether to enable BIND8 like statistics.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.dnssecInterval
How often to check whether dnssec key rollover is required
Type: string
Default:
"1h"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.extraConfig
Extra nsd config.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.hideVersion
Whether NSD should answer VERSION.BIND and VERSION.SERVER CHAOS class queries.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.identity
Identify the server (CH TXT ID.SERVER entry).
Type: string
Default:
"unidentified server"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.interfaces
What addresses the server should listen to.
Type: list of strings
Default:
[
"127.0.0.0" "::1"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ipFreebind
Whether to bind to nonlocal addresses and interfaces that are down. Similar to ip-transparent.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ipTransparent
Allow binding to non local addresses.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ipv4
Whether to listen on IPv4 connections.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ipv4EDNSSize
Preferred EDNS buffer size for IPv4.
Type: signed integer
Default:
4096
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ipv6
Whether to listen on IPv6 connections.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ipv6EDNSSize
Preferred EDNS buffer size for IPv6.
Type: signed integer
Default:
4096
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.keys
Define your TSIG keys here.
Type: attribute set of submodules
Default:
{
}
Example:
{ "tsig.example.org" = { algorithm = "hmac-md5"; keyFile = "/path/to/my/key"; }; }
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.keys.<name>.algorithm
Authentication algorithm for this key.
Type: string
Default:
"hmac-sha256"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.keys.<name>.keyFile
Path to the file which contains the actual base64 encoded key. The key will be copied into "/var/lib/nsd/private" before NSD starts. The copied file is only accessibly by the NSD user.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.logTimeAscii
Log time in ascii, if false then in unix epoch seconds.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.nsid
NSID identity (hex string, or "ascii_somestring").
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.port
Port the service should bind do.
Type: signed integer
Default:
53
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ratelimit.enable
Whether to enable ratelimit capabilities.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ratelimit.ipv4PrefixLength
IPv4 prefix length. Addresses are grouped by netblock.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ratelimit.ipv6PrefixLength
IPv6 prefix length. Addresses are grouped by netblock.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ratelimit.ratelimit
Max qps allowed from any query source. 0 means unlimited. With an verbosity of 2 blocked and unblocked subnets will be logged.
Type: signed integer
Default:
200
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ratelimit.size
Size of the hashtable. More buckets use more memory but lower the chance of hash hash collisions.
Type: signed integer
Default:
1000000
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ratelimit.slip
Number of packets that get discarded before replying a SLIP response. 0 disables SLIP responses. 1 will make every response a SLIP response.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ratelimit.whitelistRatelimit
Max qps allowed from whitelisted sources. 0 means unlimited. Set the rrl-whitelist option for specific queries to apply this limit instead of the default to them.
Type: signed integer
Default:
2000
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.remoteControl.enable
Whether to enable remote control via nsd-control.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.remoteControl.controlCertFile
Path to the client certificate signed with the server certificate. This file is used by nsd-control and generated by nsd-control-setup.
Type: path
Default:
"/etc/nsd/nsd_control.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.remoteControl.controlKeyFile
Path to the client private key, which is used by nsd-control but not by the server. This file is generated by nsd-control-setup.
Type: path
Default:
"/etc/nsd/nsd_control.key"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.remoteControl.interfaces
Which interfaces NSD should bind to for remote control.
Type: list of strings
Default:
[
"127.0.0.1" "::1"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.remoteControl.port
Port number for remote control operations (uses TLS over TCP).
Type: signed integer
Default:
8952
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.remoteControl.serverCertFile
Path to the server self signed certificate, which is used by the server but and by nsd-control. This file is generated by nsd-control-setup.
Type: path
Default:
"/etc/nsd/nsd_server.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.remoteControl.serverKeyFile
Path to the server private key, which is used by the server but not by nsd-control. This file is generated by nsd-control-setup.
Type: path
Default:
"/etc/nsd/nsd_server.key"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.reuseport
Whether to enable SO_REUSEPORT on all used sockets. This lets multiple processes bind to the same port. This speeds up operation especially if the server count is greater than one and makes fast restarts less prone to fail
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.rootServer
Whether this server will be a root server (a DNS root server, you usually don't want that).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.roundRobin
Whether to enable round robin rotation of records.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.serverCount
Number of NSD servers to fork. Put the number of CPUs to use here.
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.statistics
Statistics are produced every number of seconds. Prints to log. If null no statistics are logged.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.tcpCount
Maximum number of concurrent TCP connections per server.
Type: signed integer
Default:
100
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.tcpQueryCount
Maximum number of queries served on a single TCP connection. 0 means no maximum.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.tcpTimeout
TCP timeout in seconds.
Type: signed integer
Default:
120
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.verbosity
Verbosity level.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.version
The version string replied for CH TXT version.server and version.bind queries. Will use the compiled package version on null. See hideVersion for enabling/disabling this responses.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.xfrdReloadTimeout
Number of seconds between reloads triggered by xfrd.
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zonefilesCheck
Whether to check mtime of all zone files on start and sighup.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones
Define your zones here. Zones can cascade other zones and therefore inherit settings from parent zones. Look at the definition of children to learn about inheritance and child zones. The given example will define 3 zones (example.(com|org|net).). Both example.com. and example.org. inherit their configuration from serverGroup1.
Type: attribute set of submodules
Default:
{
}
Example:
{ "serverGroup1" = { provideXFR = [ "10.1.2.3 NOKEY" ]; children = { "example.com." = { data = '' $ORIGIN example.com. $TTL 86400 @ IN SOA a.ns.example.com. admin.example.com. ( ... ''; }; "example.org." = { data = '' $ORIGIN example.org. $TTL 86400 @ IN SOA a.ns.example.com. admin.example.com. ( ... ''; }; }; }; "example.net." = { provideXFR = [ "10.3.2.1 NOKEY" ]; data = '' ... ''; }; }
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.allowAXFRFallback
If NSD as secondary server should be allowed to AXFR if the primary server does not allow IXFR.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.allowNotify
Listed primary servers are allowed to notify this secondary server.
Format: <ip> <key-name | NOKEY | BLOCKED> <ip> either a plain IPv4/IPv6 address or range. Valid patters for ranges: * 10.0.0.0/24 # via subnet size * 10.0.0.0&255.255.255.0 # via subnet mask * 10.0.0.1-10.0.0.254 # via range A optional port number could be added with a '@': * 2001:1234::1@1234 <key-name | NOKEY | BLOCKED> * <key-name> will use the specified TSIG key * NOKEY no TSIG signature is required * BLOCKED notifies from non-listed or blocked IPs will be ignored *
Type: list of strings
Default:
[
]
Example:
[
"192.0.2.0/24 NOKEY" "10.0.0.1-10.0.0.5 my_tsig_key_name" "10.0.3.4&255.255.0.0 BLOCKED"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.children
Children zones inherit all options of their parents. Attributes defined in a child will overwrite the ones of its parent. Only leaf zones will be actually served. This way it's possible to define maybe zones which share most attributes without duplicating everything. This mechanism replaces nsd's patterns in a save and functional way.
Type: unspecified
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.data
The actual zone data. This is the content of your zone file. Use imports or pkgs.lib.readFile if you don't want this data in your config file.
Type: string
Default:
""
Example:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssec
Whether to enable DNSSEC.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.algorithm
Which algorithm to use for DNSSEC
Type: string
Default:
"RSASHA256"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.coverage
The length of time to ensure that keys will be correct; no action will be taken to create new keys to be activated after this time.
Type: string
Default:
"1y"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.keyttl
TTL for dnssec records
Type: string
Default:
"1h"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.ksk
Key policy for key signing keys
Type: submodule
Default:
{
keySize = 4096; postPublish = "1mo"; prePublish = "1mo"; rollPeriod = "0";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.ksk.keySize
Key size in bits
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.ksk.postPublish
How long after deactivation to keep a key in the zone
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.ksk.prePublish
How long in advance to publish new keys
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.ksk.rollPeriod
How frequently to change keys
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.zsk
Key policy for zone signing keys
Type: submodule
Default:
{
keySize = 2048; postPublish = "1w"; prePublish = "1w"; rollPeriod = "1mo";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.zsk.keySize
Key size in bits
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.zsk.postPublish
How long after deactivation to keep a key in the zone
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.zsk.prePublish
How long in advance to publish new keys
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.zsk.rollPeriod
How frequently to change keys
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.maxRefreshSecs
Limit refresh time for secondary zones. This is the timer which checks to see if the zone has to be refetched when it expires. Normally the value from the SOA record is used, but this option restricts that value.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.maxRetrySecs
Limit retry time for secondary zones. This is the timeout after a failed fetch attempt for the zone. Normally the value from the SOA record is used, but this option restricts that value.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.minRefreshSecs
Limit refresh time for secondary zones.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.minRetrySecs
Limit retry time for secondary zones.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.notify
This primary server will notify all given secondary servers about zone changes.
Format: <ip> <key-name | NOKEY> <ip> a plain IPv4/IPv6 address with on optional port number (ip@port) <key-name | NOKEY> * <key-name> sign notifies with the specified key * NOKEY don't sign notifies
Type: list of strings
Default:
[
]
Example:
[
"10.0.0.1@3721 my_key" "::5 NOKEY"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.notifyRetry
Specifies the number of retries for failed notifies. Set this along with notify.
Type: signed integer
Default:
5
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.outgoingInterface
This address will be used for zone-transfere requests if configured as a secondary server or notifications in case of a primary server. Supply either a plain IPv4 or IPv6 address with an optional port number (ip@port).
Type: null or string
Default:
null
Example:
"2000::1@1234"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.provideXFR
Allow these IPs and TSIG to transfer zones, addr TSIG|NOKEY|BLOCKED address range 192.0.2.0/24, 1.2.3.4&255.255.0.0, 3.0.2.20-3.0.2.40
Type: list of strings
Default:
[
]
Example:
[
"192.0.2.0/24 NOKEY" "192.0.2.0/24 my_tsig_key_name"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.requestXFR
Format: [AXFR|UDP] <ip-address> <key-name | NOKEY>
Type: list of strings
Default:
[
]
Example:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.rrlWhitelist
Whitelists the given rrl-types.
Type: list of one of "nxdomain", "error", "referral", "any", "rrsig", "wildcard", "nodata", "dnskey", "positive", "all"s
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.zoneStats
When set to something distinct to null NSD is able to collect statistics per zone. All statistics of this zone(s) will be added to the group specified by this given name. Use "%s" to use the zones name as the group. The groups are output from nsd-control stats and stats_noreset.
Type: null or string
Default:
null
Example:
"%s"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.ntopng.enable
Enable ntopng, a high-speed web-based traffic analysis and flow collection tool.
With the default configuration, ntopng monitors all network interfaces and displays its findings at http://localhost:3000. Default username and password is admin/admin.
See the ntopng(8) manual page and http://www.ntop.org/products/ntop/ for more info.
Note that enabling ntopng will also enable redis (key-value database server) for persistent data storage.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ntopng.nix>
|
services.ntopng.configText
Overridable configuration file contents to use for ntopng. By default, use the contents automatically generated by NixOS.
Type: string
Default:
""
Example:
'' --interface=any --http-port=3000 --disable-login ''
Declared by:
<nixpkgs/nixos/modules/services/networking/ntopng.nix>
|
services.ntopng.extraConfig
Configuration lines that will be appended to the generated ntopng
configuration file. Note that this mechanism does not work when the
manual configText
option is used.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/ntopng.nix>
|
services.ntopng.http-port
Sets the HTTP port of the embedded web server.
Type: signed integer
Default:
3000
Declared by:
<nixpkgs/nixos/modules/services/networking/ntopng.nix>
|
services.ntopng.interfaces
List of interfaces to monitor. Use "any" to monitor all interfaces.
Type: list of strings
Default:
[
"any"
]
Example:
[
"eth0" "wlan0"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ntopng.nix>
|
services.ntp.enable
Whether to synchronise your machine's time using the NTP protocol.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ntpd.nix>
|
services.ntp.extraFlags
Extra flags passed to the ntpd command.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ntpd.nix>
|
services.ntp.servers
The set of NTP servers from which to synchronise.
Type: unspecified
Default:
[
"0.nixos.pool.ntp.org" "1.nixos.pool.ntp.org" "2.nixos.pool.ntp.org" "3.nixos.pool.ntp.org"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ntpd.nix>
|
services.nullidentdmod.enable
Whether to enable Enable the nullidentdmod identd daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/nullidentdmod.nix>
|
services.nullidentdmod.userid
User ID to return. Set to null to return a random string each time.
Type: null or string
Default:
null
Example:
"alice"
Declared by:
<nixpkgs/nixos/modules/services/networking/nullidentdmod.nix>
|
services.nullmailer.enable
Whether to enable nullmailer daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.config.adminaddr
If set, all recipients to users at either "localhost" (the literal string) or the canonical host name (from the me control attribute) are remapped to this address. This is provided to allow local daemons to be able to send email to "somebody@localhost" and have it go somewhere sensible instead of being bounced by your relay host. To send to multiple addresses, put them all on one line separated by a comma.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.config.allmailfrom
If set, content will override the envelope sender on all messages.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.config.defaultdomain
The content of this attribute is appended to any host name that does not contain a period (except localhost), including defaulthost and idhost. Defaults to the value of the me attribute, if it exists, otherwise the literal name defauldomain.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.config.defaulthost
The content of this attribute is appended to any address that is missing a host name. Defaults to the value of the me control attribute, if it exists, otherwise the literal name defaulthost.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.config.doublebounceto
If the original sender was empty (the original message was a delivery status or disposition notification), the double bounce is sent to the address in this attribute.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.config.helohost
Sets the environment variable $HELOHOST which is used by the SMTP protocol module to set the parameter given to the HELO command. Defaults to the value of the me configuration attribute.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.config.idhost
The content of this attribute is used when building the message-id string for the message. Defaults to the canonicalized value of defaulthost.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.config.maxpause
The maximum time to pause between successive queue runs, in seconds. Defaults to 24 hours (86400).
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.config.me
The fully-qualifiled host name of the computer running nullmailer. Defaults to the literal name me.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.config.pausetime
The minimum time to pause between successive queue runs when there are messages in the queue, in seconds. Defaults to 1 minute (60). Each time this timeout is reached, the timeout is doubled to a maximum of maxpause. After new messages are injected, the timeout is reset. If this is set to 0, nullmailer-send will exit immediately after going through the queue once (one-shot mode).
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.config.remotes
A list of remote servers to which to send each message. Each line contains a remote host name or address followed by an optional protocol string, separated by white space.
See man 8 nullmailer-send
for syntax and available
options.
WARNING: This is stored world-readable in the nix store. If you need
to specify any secret credentials here, consider using the
remotesFile
option instead.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.config.sendtimeout
The time to wait for a remote module listed above to complete sending a message before killing it and trying again, in seconds. Defaults to 1 hour (3600). If this is set to 0, nullmailer-send will wait forever for messages to complete sending.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.group
Group to use to run nullmailer-send.
Type: string
Default:
"nullmailer"
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.remotesFile
Path to the remotes
control file. This file contains a
list of remote servers to which to send each message.
See man 8 nullmailer-send
for syntax and available
options.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.setSendmail
Whether to set the system sendmail to nullmailer's.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.user
User to use to run nullmailer-send.
Type: string
Default:
"nullmailer"
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nylon.<name?>.enable
Enables nylon as a running service upon activation.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
|
services.nylon.<name?>.acceptInterface
Tell nylon which interface to listen for client requests on, default is "lo".
Type: string
Default:
"lo"
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
|
services.nylon.<name?>.allowedIPRanges
Allowed client IP ranges are evaluated first, defaults to ARIN IPv4 private ranges: [ "192.168.0.0/16" "127.0.0.0/8" "172.16.0.0/12" "10.0.0.0/8" ]
Type: list of strings
Default:
[
"192.168.0.0/16" "127.0.0.1/8" "172.16.0.1/12" "10.0.0.0/8"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
|
services.nylon.<name?>.bindInterface
Tell nylon which interface to use as an uplink, default is "enp3s0f0".
Type: string
Default:
"enp3s0f0"
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
|
services.nylon.<name?>.deniedIPRanges
Denied client IP ranges, these gets evaluated after the allowed IP ranges, defaults to all IPv4 addresses: [ "0.0.0.0/0" ] To block all other access than the allowed.
Type: list of strings
Default:
[
"0.0.0.0/0"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
|
services.nylon.<name?>.logging
Enable logging, default is no logging.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
|
services.nylon.<name?>.name
The name of this nylon instance.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
|
services.nylon.<name?>.nrConnections
The number of allowed simultaneous connections to the daemon, default 10.
Type: signed integer
Default:
10
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
|
services.nylon.<name?>.port
What port to listen for client requests, default is 1080.
Type: signed integer
Default:
1080
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
|
services.nylon.<name?>.verbosity
Enable verbose output, default is to not be verbose.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
|
services.nzbget.enable
Whether to enable NZBGet.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/nzbget.nix>
|
services.nzbget.package
The NZBGet package to use
Type: package
Default:
"pkgs.nzbget"
Declared by:
<nixpkgs/nixos/modules/services/misc/nzbget.nix>
|
services.nzbget.group
Group under which NZBGet runs
Type: string
Default:
"nzbget"
Declared by:
<nixpkgs/nixos/modules/services/misc/nzbget.nix>
|
services.nzbget.user
User account under which NZBGet runs
Type: string
Default:
"nzbget"
Declared by:
<nixpkgs/nixos/modules/services/misc/nzbget.nix>
|
services.oauth2_proxy.enable
Whether to enable oauth2_proxy.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.package
The package that provides oauth2_proxy.
Type: package
Default:
"pkgs.oauth2_proxy"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.approvalPrompt
OAuth approval_prompt.
Type: one of "force", "auto"
Default:
"force"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.azure.resource
The resource that is protected.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.azure.tenant
Go to a tenant-specific or common (tenant-independent) endpoint.
Type: string
Default:
"common"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.basicAuthPassword
The password to set when passing the HTTP Basic Auth header.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.clientID
The OAuth Client ID.
Type: null or string
Example:
"123456.apps.googleusercontent.com"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.clientSecret
The OAuth Client Secret.
Type: null or string
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.cookie.domain
An optional cookie domain to force cookies to.
Type: null or string
Default:
null
Example:
".yourcompany.com"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.cookie.expire
Expire timeframe for cookie.
Type: string
Default:
"168h0m0s"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.cookie.httpOnly
Set HttpOnly cookie flag.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.cookie.name
The name of the cookie that the oauth_proxy creates.
Type: string
Default:
"_oauth2_proxy"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.cookie.refresh
Refresh the cookie after this duration; 0 to disable.
Type: null or string
Default:
null
Example:
"168h0m0s"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.cookie.secret
The seed string for secure cookies.
Type: null or string
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.cookie.secure
Set secure (HTTPS) cookie flag.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.customTemplatesDir
Path to custom HTML templates.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.email.addresses
Line-separated email addresses that are allowed to authenticate.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.email.domains
Authenticate emails with the specified domains. Use
*
to authenticate any email.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.extraConfig
Extra config to pass to oauth2_proxy.
Type: unspecified
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.github.org
Restrict logins to members of this organisation.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.github.team
Restrict logins to members of this team.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.google.adminEmail
The Google Admin to impersonate for API calls.
Only users with access to the Admin APIs can access the Admin SDK Directory API, thus the service account needs to impersonate one of those users to access the Admin SDK Directory API.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.google.groups
Restrict logins to members of these Google groups.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.google.serviceAccountJSON
The path to the service account JSON credentials.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.htpasswd.displayForm
Display username / password login form if an htpasswd file is provided.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.htpasswd.file
Additionally authenticate against a htpasswd file. Entries must be
created with htpasswd -s
for SHA encryption.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.httpAddress
HTTPS listening address. This module does not expose the port by
default. If you want this URL to be accessible to other machines, please
add the port to networking.firewall.allowedTCPPorts
.
Type: string
Default:
"http://127.0.0.1:4180"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.keyFile
oauth2_proxy allows passing sensitive configuration via environment variables. Make a file that contains lines like OAUTH2_PROXY_CLIENT_SECRET=asdfasdfasdf.apps.googleuserscontent.com and specify the path here.
Type: null or string
Default:
null
Example:
"/run/keys/oauth2_proxy"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.loginURL
Authentication endpoint.
You only need to set this if you are using a self-hosted provider (e.g. Github Enterprise). If you're using a publicly hosted provider (e.g github.com), then the default works.
Type: null or string
Default:
null
Example:
"https://provider.example.com/oauth/authorize"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.nginx.proxy
The address of the reverse proxy endpoint for oauth2_proxy
Type: string
Default:
"http://127.0.0.1:4180"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy_nginx.nix>
|
services.oauth2_proxy.nginx.virtualHosts
A list of nginx virtual hosts to put behind the oauth2 proxy
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy_nginx.nix>
|
services.oauth2_proxy.passAccessToken
Pass OAuth access_token to upstream via X-Forwarded-Access-Token header.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.passBasicAuth
Pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.passHostHeader
Pass the request Host Header to upstream.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.profileURL
Profile access endpoint.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.provider
OAuth provider.
Type: one of "google", "github", "azure", "gitlab", "linkedin", "myusa"
Default:
"google"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.proxyPrefix
The url root path that this proxy should be nested under.
Type: string
Default:
"/oauth2"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.redeemURL
Token redemption endpoint.
You only need to set this if you are using a self-hosted provider (e.g. Github Enterprise). If you're using a publicly hosted provider (e.g github.com), then the default works.
Type: null or string
Default:
null
Example:
"https://provider.example.com/oauth/token"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.redirectURL
The OAuth2 redirect URL.
Type: null or string
Default:
null
Example:
"https://internalapp.yourcompany.com/oauth2/callback"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.requestLogging
Log requests to stdout.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.scope
OAuth scope specification.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.setXauthrequest
Set X-Auth-Request-User and X-Auth-Request-Email response headers (useful in Nginx auth_request mode). Setting this to 'null' means using the upstream default (false).
Type: null or boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.signatureKey
GAP-Signature request signature key.
Type: null or string
Default:
null
Example:
"sha1:secret0"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.skipAuthRegexes
Skip authentication for requests matching any of these regular expressions.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.tls.enable
Whether to serve over TLS.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.tls.certificate
Path to certificate file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.tls.httpsAddress
addr:port
to listen on for HTTPS clients.
Remember to add port
to
allowedTCPPorts
if you want other machines to be
able to connect to it.
Type: string
Default:
":443"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.tls.key
Path to private key file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.upstream
The http url(s) of the upstream endpoint or file://
paths for static files. Routing is based on the path.
Type: list of strings or string convertible to it
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.validateURL
Access token validation endpoint.
You only need to set this if you are using a self-hosted provider (e.g. Github Enterprise). If you're using a publicly hosted provider (e.g github.com), then the default works.
Type: null or string
Default:
null
Example:
"https://provider.example.com/user/emails"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.ocserv.enable
Whether to enable ocserv.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ocserv.nix>
|
services.ocserv.config
Configuration content to start an OCServ server.
For a full configuration reference,please refer to the online documentation (https://ocserv.gitlab.io/www/manual.html), the openconnect recipes (https://github.com/openconnect/recipes) or `man ocserv`.
Type: string
Example:
'' # configuration examples from $out/doc without explanatory comments. # for a full reference please look at the installed man pages. auth = "plain[passwd=./sample.passwd]" tcp-port = 443 udp-port = 443 run-as-user = nobody run-as-group = nogroup socket-file = /var/run/ocserv-socket server-cert = certs/server-cert.pem server-key = certs/server-key.pem keepalive = 32400 dpd = 90 mobile-dpd = 1800 switch-to-tcp-timeout = 25 try-mtu-discovery = false cert-user-oid = 0.9.2342.19200300.100.1.1 tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0" auth-timeout = 240 min-reauth-time = 300 max-ban-score = 80 ban-reset-time = 1200 cookie-timeout = 300 deny-roaming = false rekey-time = 172800 rekey-method = ssl use-occtl = true pid-file = /var/run/ocserv.pid device = vpns predictable-ips = true default-domain = example.com ipv4-network = 192.168.1.0 ipv4-netmask = 255.255.255.0 dns = 192.168.1.2 ping-leases = false route = 10.10.10.0/255.255.255.0 route = 192.168.0.0/255.255.0.0 no-route = 192.168.5.0/255.255.255.0 cisco-client-compat = true dtls-legacy = true [vhost:www.example.com] auth = "certificate" ca-cert = certs/ca.pem server-cert = certs/server-cert-secp521r1.pem server-key = cersts/certs/server-key-secp521r1.pem ipv4-network = 192.168.2.0 ipv4-netmask = 255.255.255.0 cert-user-oid = 0.9.2342.19200300.100.1.1 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/ocserv.nix>
|
services.octoprint.enable
Whether to enable OctoPrint, web interface for 3D printers.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
|
services.octoprint.extraConfig
Extra options which are added to OctoPrint's YAML configuration file.
Type: attribute set
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
|
services.octoprint.group
Group for the daemon.
Type: string
Default:
"octoprint"
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
|
services.octoprint.host
Host to bind OctoPrint to.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
|
services.octoprint.plugins
Additional plugins.
Type: unspecified
Default:
"plugins: []"
Example:
plugins: [ m3d-fio ]
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
|
services.octoprint.port
Port to bind OctoPrint to.
Type: signed integer
Default:
5000
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
|
services.octoprint.stateDir
State directory of the daemon.
Type: path
Default:
"/var/lib/octoprint"
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
|
services.octoprint.user
User for the daemon.
Type: string
Default:
"octoprint"
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
|
services.offlineimap.enable
Whether to enable Offlineimap, a software to dispose your mailbox(es) as a local Maildir(s)..
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/offlineimap.nix>
|
services.offlineimap.package
Offlineimap derivation to use.
Type: package
Default:
"pkgs.offlineimap"
Declared by:
<nixpkgs/nixos/modules/services/mail/offlineimap.nix>
|
services.offlineimap.install
Whether to install a user service for Offlineimap. Once the service is started, emails will be fetched automatically.
The service must be manually started for each user with
"systemctl --user start offlineimap" or globally through
services.offlineimap.enable
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/offlineimap.nix>
|
services.offlineimap.onCalendar
How often is offlineimap started. Default is '*:0/3' meaning every 3 minutes. See systemd.time(7) for more information about the format.
Type: string
Default:
"*:0/3"
Declared by:
<nixpkgs/nixos/modules/services/mail/offlineimap.nix>
|
services.offlineimap.path
List of derivations to put in Offlineimap's path.
Type: list of paths
Default:
[
]
Example:
[ pkgs.pass pkgs.bash pkgs.notmuch ]
Declared by:
<nixpkgs/nixos/modules/services/mail/offlineimap.nix>
|
services.offlineimap.timeoutStartSec
How long waiting for offlineimap before killing it. Default is '120sec' meaning every 2 minutes. See systemd.time(7) for more information about the format.
Type: string
Default:
"120sec"
Declared by:
<nixpkgs/nixos/modules/services/mail/offlineimap.nix>
|
services.oidentd.enable
Whether to enable ‘oidentd’, an implementation of the Ident protocol (RFC 1413). It allows remote systems to identify the name of the user associated with a TCP connection.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/oidentd.nix>
|
services.openafsClient.enable
Whether to enable the OpenAFS client.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.packages.module
OpenAFS kernel module package. MUST match the userland package!
Type: package
Default:
(build of openafs-1.6.22.2-4.14.74)
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.packages.programs
OpenAFS programs package. MUST match the kernel module package!
Type: package
Default:
(build of openafs-1.6.22.2)
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.afsdb
Resolve cells via AFSDB DNS records.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.cache.blocks
Cache size in 1KB blocks.
Type: signed integer
Default:
100000
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.cache.chunksize
Size of each cache chunk given in powers of
2. 0
resets the chunk size to its default
values (13 (8 KB) for memcache, 18-20 (256 KB to 1 MB) for
diskcache). Maximum value is 30. Important performance
parameter. Set to higher values when dealing with large files.
Type: integer between 0 and 30 (both inclusive)
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.cache.directory
Cache directory.
Type: string
Default:
"/var/cache/openafs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.cache.diskless
Use in-memory cache for diskless machines. Has no real performance benefit anymore.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.cellName
Cell name.
Type: string
Default:
""
Example:
"grand.central.org"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.cellServDB
This cell's database server records, added to the global
CellServDB. See CellServDB(5) man page for syntax. Ignored when
afsdb
is set to true
.
Type: list of submodules
Default:
[
]
Example:
'' [ { ip = "1.2.3.4"; dnsname = "first.afsdb.server.dns.fqdn.org"; } { ip = "2.3.4.5"; dnsname = "second.afsdb.server.dns.fqdn.org"; } ] ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.cellServDB.*.dnsname
DNS full-qualified domain name of a database server
Type: string
Default:
""
Example:
"afs.example.org"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.cellServDB.*.ip
IP Address of a database server
Type: string
Default:
""
Example:
"1.2.3.4"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.crypt
Whether to enable (weak) protocol encryption.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.daemons
Number of daemons to serve user requests. Numbers higher than 6 usually do no increase performance. Default is sufficient for up to five concurrent users.
Type: signed integer
Default:
2
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.fakestat
Return fake data on stat() calls. If true
,
always do so. If false
, only do so for
cross-cell mounts (as these are potentially expensive).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.inumcalc
Inode calculation method. compat
is
computationally less expensive, but md5
greatly
reduces the likelihood of inode collisions in larger scenarios
involving multiple cells mounted into one AFS space.
Type: string matching the pattern compat|md5
Default:
"compat"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.mountPoint
Mountpoint of the AFS file tree, conventionally
/afs
. When set to a different value, only
cross-cells that use the same value can be accessed.
Type: string
Default:
"/afs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.sparse
Minimal cell list in /afs.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.startDisconnected
Start up in disconnected mode. You need to execute
fs disco online
(as root) to switch to
connected mode. Useful for roaming devices.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsServer.enable
Whether to enable the OpenAFS server. An OpenAFS server needs a
complex setup. So, be aware that enabling this service and setting
some options does not give you a turn-key-ready solution. You need
at least a running Kerberos 5 setup, as OpenAFS relies on it for
authentication. See the Guide "QuickStartUnix" coming with
pkgs.openafs.doc
for complete setup
instructions.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.package
OpenAFS package for the server binaries
Type: package
Default:
(build of )
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.advertisedAddresses
List of IP addresses this server is advertised under. See NetInfo(5)
Type: unspecified
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.cellName
Cell name, this server will serve.
Type: string
Default:
""
Example:
"grand.central.org"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.cellServDB
Definition of all cell-local database server machines.
Type: list of submodules
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.cellServDB.*.dnsname
DNS full-qualified domain name of a database server
Type: string
Default:
""
Example:
"afs.example.org"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.cellServDB.*.ip
IP Address of a database server
Type: string
Default:
""
Example:
"1.2.3.4"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.dottedPrincipals
If enabled, allow principal names containing (.) dots. Enabling this has security implications!
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.backup.enable
Backup server role. Use in conjunction with the
database
role to maintain the Backup
Database. Normally only used in conjunction with tape storage
or IBM's Tivoli Storage Manager.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.backup.buserverArgs
Arguments to the buserver process. See its man page.
Type: string
Default:
""
Example:
"-p 8"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.backup.cellServDB
Definition of all cell-local backup database server machines. Use this when your cell uses less backup database servers than other database server machines.
Type: list of submodules
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.backup.cellServDB.*.dnsname
DNS full-qualified domain name of a database server
Type: string
Default:
""
Example:
"afs.example.org"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.backup.cellServDB.*.ip
IP Address of a database server
Type: string
Default:
""
Example:
"1.2.3.4"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.database.enable
Database server role, maintains the Volume Location Database,
Protection Database (and Backup Database, see
backup
role). There can be multiple
servers in the database role for replication, which then need
reliable network connection to each other.
Servers in this role appear in AFSDB DNS records or the CellServDB.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.database.ptserverArgs
Arguments to the ptserver process. See its man page.
Type: string
Default:
""
Example:
"-restricted -default_access S---- S-M---"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.database.vlserverArgs
Arguments to the vlserver process. See its man page.
Type: string
Default:
""
Example:
"-rxbind"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.fileserver.enable
Fileserver role, serves files and volumes from its local storage.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.fileserver.fileserverArgs
Arguments to the dafileserver process. See its man page.
Type: string
Default:
"-vattachpar 128 -vhashsize 11 -L -rxpck 400 -cb 1000000"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.fileserver.salvagerArgs
Arguments to the dasalvager process. See its man page.
Type: string
Default:
""
Example:
"-showlog -showmounts"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.fileserver.salvageserverArgs
Arguments to the salvageserver process. See its man page.
Type: string
Default:
""
Example:
"-showlog"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.fileserver.volserverArgs
Arguments to the davolserver process. See its man page.
Type: string
Default:
""
Example:
"-sync never"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.udpPacketSize
UDP packet size to use in Bytes. Higher values can speed up
communications. The default of 1 MB is a sufficient in most
cases. Make sure to increase the kernel's UDP buffer size
accordingly via net.core(w|r|opt)mem_max
sysctl.
Type: signed integer
Default:
1310720
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.opendkim.enable
Whether to enable the OpenDKIM sender authentication system.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/opendkim.nix>
|
services.opendkim.configFile
Additional opendkim configuration.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/opendkim.nix>
|
services.opendkim.domains
Local domains set (see opendkim(8)
for more information on datasets).
Messages from them are signed, not verified.
Type: string
Default:
"csl:nixos"
Example:
"csl:example.com,mydomain.net"
Declared by:
<nixpkgs/nixos/modules/services/mail/opendkim.nix>
|
services.opendkim.group
Group for the daemon.
Type: string
Default:
"opendkim"
Declared by:
<nixpkgs/nixos/modules/services/mail/opendkim.nix>
|
services.opendkim.keyPath
The path that opendkim should put its generated private keys into. The DNS settings will be found in this directory with the name selector.txt.
Type: path
Default:
"/var/lib/opendkim/keys"
Declared by:
<nixpkgs/nixos/modules/services/mail/opendkim.nix>
|
services.opendkim.selector
Selector to use when signing.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/mail/opendkim.nix>
|
services.opendkim.socket
Socket which is used for communication with OpenDKIM.
Type: string
Default:
"local:/run/opendkim/opendkim.sock"
Declared by:
<nixpkgs/nixos/modules/services/mail/opendkim.nix>
|
services.opendkim.user
User for the daemon.
Type: string
Default:
"opendkim"
Declared by:
<nixpkgs/nixos/modules/services/mail/opendkim.nix>
|
services.openfire.enable
Whether to enable OpenFire XMPP server.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/openfire.nix>
|
services.openfire.usePostgreSQL
Whether you use PostgreSQL service for your storage back-end.
Type: unspecified
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/openfire.nix>
|
services.openldap.enable
Whether to enable the ldap server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
|
services.openldap.configDir
Use this optional config directory instead of using slapd.conf
Type: null or path
Default:
null
Example:
"/var/db/slapd.d"
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
|
services.openldap.dataDir
The database directory.
Type: string
Default:
"/var/db/openldap"
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
|
services.openldap.declarativeContents
Declarative contents for the LDAP database, in LDIF format.
Note a few facts when using it. First, the database
must be stored in the directory defined by
dataDir
. Second, all dataDir
will be erased
when starting the LDAP server. Third, modifications to the database
are not prevented, they are just dropped on the next reboot of the
server. Finally, performance-wise the database and indexes are rebuilt
on each server startup, so this will slow down server startup,
especially with large databases.
Type: null or string
Default:
null
Example:
'' dn: dc=example,dc=org objectClass: domain dc: example dn: ou=users,dc=example,dc=org objectClass = organizationalUnit ou: users # ... ''
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
|
services.openldap.extraConfig
slapd.conf configuration
Type: string
Default:
""
Example:
'' include ${pkgs.openldap.out}/etc/schema/core.schema include ${pkgs.openldap.out}/etc/schema/cosine.schema include ${pkgs.openldap.out}/etc/schema/inetorgperson.schema include ${pkgs.openldap.out}/etc/schema/nis.schema database bdb suffix dc=example,dc=org rootdn cn=admin,dc=example,dc=org # NOTE: change after first start rootpw secret directory /var/db/openldap ''
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
|
services.openldap.group
Group account under which slapd runs.
Type: string
Default:
"openldap"
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
|
services.openldap.urlList
URL list slapd should listen on.
Type: list of strings
Default:
[
"ldap:///"
]
Example:
[
"ldaps:///"
]
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
|
services.openldap.user
User account under which slapd runs.
Type: string
Default:
"openldap"
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
|
services.openntpd.enable
Whether to enable OpenNTP time synchronization server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/openntpd.nix>
|
services.openntpd.extraConfig
Additional text appended to openntpd.conf
.
Type: string
Default:
""
Example:
'' listen on 127.0.0.1 listen on ::1 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/openntpd.nix>
|
services.openntpd.extraOptions
Extra options used when launching openntpd.
Type: string
Default:
""
Example:
"-s"
Declared by:
<nixpkgs/nixos/modules/services/networking/openntpd.nix>
|
services.openntpd.servers
The set of NTP servers from which to synchronise.
Type: list of strings
Default:
[
"0.nixos.pool.ntp.org" "1.nixos.pool.ntp.org" "2.nixos.pool.ntp.org" "3.nixos.pool.ntp.org"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/openntpd.nix>
|
services.opensmtpd.enable
Whether to enable the OpenSMTPD server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/opensmtpd.nix>
|
services.opensmtpd.package
The OpenSMTPD package to use.
Type: package
Default:
"pkgs.opensmtpd"
Declared by:
<nixpkgs/nixos/modules/services/mail/opensmtpd.nix>
|
services.opensmtpd.addSendmailToSystemPath
Whether to add OpenSMTPD's sendmail binary to the system path or not.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/opensmtpd.nix>
|
services.opensmtpd.extraServerArgs
Extra command line arguments provided when the smtpd process is started.
Type: list of strings
Default:
[
]
Example:
[
"-v" "-P mta"
]
Declared by:
<nixpkgs/nixos/modules/services/mail/opensmtpd.nix>
|
services.opensmtpd.procPackages
Packages to search for filters, tables, queues, and schedulers.
Add OpenSMTPD-extras here if you want to use the filters, etc. from that package.
Type: list of packages
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/mail/opensmtpd.nix>
|
services.opensmtpd.serverConfiguration
The contents of the smtpd.conf configuration file. See the OpenSMTPD documentation for syntax information.
Type: string
Example:
'' listen on lo accept for any deliver to lmtp localhost:24 ''
Declared by:
<nixpkgs/nixos/modules/services/mail/opensmtpd.nix>
|
services.openssh.enable
Whether to enable the OpenSSH secure shell daemon, which allows secure remote logins.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.allowSFTP
Whether to enable the SFTP subsystem in the SSH daemon. This enables the use of commands such as sftp and sshfs.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.authorizedKeysFiles
Files from which authorized keys are read.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.challengeResponseAuthentication
Specifies whether challenge/response authentication is allowed.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.ciphers
Allowed ciphers
Defaults to recommended settings from both https://stribika.github.io/2015/01/04/secure-secure-shell.html and https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29
Type: list of strings
Default:
[
"chacha20-poly1305@openssh.com" "aes256-gcm@openssh.com" "aes128-gcm@openssh.com" "aes256-ctr" "aes192-ctr" "aes128-ctr"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.extraConfig
Verbatim contents of sshd_config
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.forwardX11
Whether to allow X11 connections to be forwarded.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.gatewayPorts
Specifies whether remote hosts are allowed to connect to ports forwarded for the client. See sshd_config(5).
Type: string
Default:
"no"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.hostKeys
NixOS can automatically generate SSH host keys. This option specifies the path, type and size of each key. See ssh-keygen(1) for supported types and sizes.
Type: list of attribute sets
Default:
[
{
bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; type = "rsa";
}
{
path = "/etc/ssh/ssh_host_ed25519_key"; type = "ed25519";
}
]
Example:
[
{
bits = 4096; openSSHFormat = true; path = "/etc/ssh/ssh_host_rsa_key"; rounds = 100; type = "rsa";
}
{
comment = "key comment"; path = "/etc/ssh/ssh_host_ed25519_key"; rounds = 100; type = "ed25519";
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.kexAlgorithms
Allowed key exchange algorithms
Defaults to recommended settings from both https://stribika.github.io/2015/01/04/secure-secure-shell.html and https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29
Type: list of strings
Default:
[
"curve25519-sha256@libssh.org" "diffie-hellman-group-exchange-sha256"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.knownHosts
Alias of programs.ssh.knownHosts
.
Type: unspecified
Declared by:
<nixpkgs/nixos/modules/rename.nix>
|
services.openssh.listenAddresses
List of addresses and ports to listen on (ListenAddress directive
in config). If port is not specified for address sshd will listen
on all ports specified by ports
option.
NOTE: this will override default listening on all local addresses and port 22.
NOTE: setting this option won't automatically enable given ports
in firewall configuration.
Type: list of submodules
Default:
[
]
Example:
[
{
addr = "192.168.3.1"; port = 22;
}
{
addr = "0.0.0.0"; port = 64022;
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.listenAddresses.*.addr
Host, IPv4 or IPv6 address to listen to.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.listenAddresses.*.port
Port to listen to.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.logLevel
Gives the verbosity level that is used when logging messages from sshd(8). The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is VERBOSE. DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging output. Logging with a DEBUG level violates the privacy of users and is not recommended.
LogLevel VERBOSE logs user's key fingerprint on login. Needed to have a clear audit track of which key was used to log in.
Type: one of "QUIET", "FATAL", "ERROR", "INFO", "VERBOSE", "DEBUG", "DEBUG1", "DEBUG2", "DEBUG3"
Default:
"VERBOSE"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.macs
Allowed MACs
Defaults to recommended settings from both https://stribika.github.io/2015/01/04/secure-secure-shell.html and https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern_.28OpenSSH_6.7.2B.29
Type: list of strings
Default:
[
"hmac-sha2-512-etm@openssh.com" "hmac-sha2-256-etm@openssh.com" "umac-128-etm@openssh.com" "hmac-sha2-512" "hmac-sha2-256" "umac-128@openssh.com"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.moduliFile
Path to moduli
file to install in
/etc/ssh/moduli
. If this option is unset, then
the moduli
file shipped with OpenSSH will be used.
Type: path
Example:
"/etc/my-local-ssh-moduli;"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.openFirewall
Whether to automatically open the specified ports in the firewall.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.passwordAuthentication
Specifies whether password authentication is allowed.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.permitRootLogin
Whether the root user can login using ssh.
Type: one of "yes", "without-password", "prohibit-password", "forced-commands-only", "no"
Default:
"prohibit-password"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.ports
Specifies on which ports the SSH daemon listens.
Type: list of signed integers
Default:
[
22
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.sftpFlags
Commandline flags to add to sftp-server.
Type: list of strings
Default:
[
]
Example:
[
"-f AUTHPRIV" "-l INFO"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.startWhenNeeded
If set, sshd is socket-activated; that is, instead of having it permanently running as a daemon, systemd will start an instance for each incoming connection.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.useDns
Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for the remote IP address maps back to the very same IP address. If this option is set to no (the default) then only addresses and not host names may be used in ~/.ssh/authorized_keys from and sshd_config Match Host directives.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.opentracker.enable
Whether to enable opentracker.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/torrent/opentracker.nix>
|
services.opentracker.package
opentracker package to use
Type: package
Default:
"pkgs.opentracker"
Declared by:
<nixpkgs/nixos/modules/services/torrent/opentracker.nix>
|
services.opentracker.extraOptions
Configuration Arguments for opentracker See https://erdgeist.org/arts/software/opentracker/ for all params
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/torrent/opentracker.nix>
|
services.opentsdb.enable
Whether to run OpenTSDB.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/opentsdb.nix>
|
services.opentsdb.package
OpenTSDB package to use.
Type: package
Default:
"pkgs.opentsdb"
Example:
pkgs.opentsdb
Declared by:
<nixpkgs/nixos/modules/services/databases/opentsdb.nix>
|
services.opentsdb.config
The contents of OpenTSDB's configuration file
Type: string
Default:
'' tsd.core.auto_create_metrics = true tsd.http.request.enable_chunked = true ''
Declared by:
<nixpkgs/nixos/modules/services/databases/opentsdb.nix>
|
services.opentsdb.group
Group account under which OpenTSDB runs.
Type: string
Default:
"opentsdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/opentsdb.nix>
|
services.opentsdb.port
Which port OpenTSDB listens on.
Type: signed integer
Default:
4242
Declared by:
<nixpkgs/nixos/modules/services/databases/opentsdb.nix>
|
services.opentsdb.user
User account under which OpenTSDB runs.
Type: string
Default:
"opentsdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/opentsdb.nix>
|
services.openvpn.servers
Each attribute of this option defines a systemd service that
runs an OpenVPN instance. These can be OpenVPN servers or
clients. The name of each systemd service is
openvpn-
,
where name
.servicename
is the corresponding
attribute name.
Type: attribute set of submodules
Default:
{
}
Example:
{ server = { config = '' # Simplest server configuration: http://openvpn.net/index.php/documentation/miscellaneous/static-key-mini-howto.html. # server : dev tun ifconfig 10.8.0.1 10.8.0.2 secret /root/static.key ''; up = "ip route add ..."; down = "ip route del ..."; }; client = { config = '' client remote vpn.example.org dev tun proto tcp-client port 8080 ca /root/.vpn/ca.crt cert /root/.vpn/alice.crt key /root/.vpn/alice.key ''; up = "echo nameserver $nameserver | ${pkgs.openresolv}/sbin/resolvconf -m 0 -a $dev"; down = "${pkgs.openresolv}/sbin/resolvconf -d $dev"; }; }
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
|
services.openvpn.servers.<name>.authUserPass
This option can be used to store the username / password credentials with the "auth-user-pass" authentication method.
WARNING: Using this option will put the credentials WORLD-READABLE in the Nix store!
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
|
services.openvpn.servers.<name>.authUserPass.password
The password to store inside the credentials file.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
|
services.openvpn.servers.<name>.authUserPass.username
The username to store inside the credentials file.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
|
services.openvpn.servers.<name>.autoStart
Whether this OpenVPN instance should be started automatically.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
|
services.openvpn.servers.<name>.config
Configuration of this OpenVPN instance. See openvpn(8) for details.
To import an external config file, use the following definition:
config = "config /path/to/config.ovpn"
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
|
services.openvpn.servers.<name>.down
Shell commands executed when the instance is shutting down.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
|
services.openvpn.servers.<name>.up
Shell commands executed when the instance is starting.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
|
services.openvpn.servers.<name>.updateResolvConf
Use the script from the update-resolv-conf package to automatically update resolv.conf with the DNS information provided by openvpn. The script will be run after the "up" commands and before the "down" commands.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
|
services.osquery.enable
Whether to enable osquery.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/osquery.nix>
|
services.osquery.databasePath
Path used for database file.
Type: path
Default:
"/var/osquery/osquery.db"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/osquery.nix>
|
services.osquery.extraConfig
Extra config to be recursively merged into the JSON config file.
Type: attribute set
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/osquery.nix>
|
services.osquery.loggerPath
Base directory used for logging.
Type: path
Default:
"/var/log/osquery"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/osquery.nix>
|
services.osquery.pidfile
Path used for pid file.
Type: path
Default:
"/var/osquery/osqueryd.pidfile"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/osquery.nix>
|
services.osquery.utc
Attempt to convert all UNIX calendar times to UTC.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/osquery.nix>
|
services.osrm.enable
Enable the OSRM service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/osrm.nix>
|
services.osrm.address
IP address on which the web server will listen.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/osrm.nix>
|
services.osrm.algorithm
Algorithm to use for the data. Must be one of CH, CoreCH, MLD
Type: one of "CH", "CoreCH", "MLD"
Default:
"MLD"
Declared by:
<nixpkgs/nixos/modules/services/misc/osrm.nix>
|
services.osrm.dataFile
Data file location
Type: path
Example:
"/var/lib/osrm/berlin-latest.osrm"
Declared by:
<nixpkgs/nixos/modules/services/misc/osrm.nix>
|
services.osrm.extraFlags
Extra command line arguments passed to osrm-routed
Type: list of strings
Default:
[
]
Example:
[
"--max-table-size 1000" "--max-matching-size 1000"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/osrm.nix>
|
services.osrm.port
Port on which the web server will run.
Type: signed integer
Default:
5000
Declared by:
<nixpkgs/nixos/modules/services/misc/osrm.nix>
|
services.osrm.threads
Number of threads to use.
Type: signed integer
Default:
4
Declared by:
<nixpkgs/nixos/modules/services/misc/osrm.nix>
|
services.ostinato.enable
Whether to enable Ostinato agent-controller (Drone).
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ostinato.nix>
|
services.ostinato.port
Port to listen on.
Type: signed integer
Default:
7878
Declared by:
<nixpkgs/nixos/modules/services/networking/ostinato.nix>
|
services.ostinato.portList.exclude
A list of ports does not appear on the port list managed by drone.
Type: list of strings
Default:
[
]
Example:
''[ "usbmon*" "eth0" ]''
Declared by:
<nixpkgs/nixos/modules/services/networking/ostinato.nix>
|
services.ostinato.portList.include
For a port to pass the filter and appear on the port list managed by drone, it be allowed by this include list.
Type: list of strings
Default:
[
]
Example:
''[ "eth*" "lo*" ]''
Declared by:
<nixpkgs/nixos/modules/services/networking/ostinato.nix>
|
services.ostinato.rateAccuracy
To ensure that the actual transmit rate is as close as possible to the configured transmit rate, Drone runs a busy-wait loop. While this provides the maximum accuracy possible, the CPU utilization is 100% while the transmit is on. You can however, sacrifice the accuracy to reduce the CPU load.
Type: one of "High", "Low"
Default:
"High"
Declared by:
<nixpkgs/nixos/modules/services/networking/ostinato.nix>
|
services.ostinato.rpcServer.address
By default, the Drone RPC server will listen on all interfaces and local IPv4 adresses for incoming connections from clients. Specify a single IPv4 or IPv6 address if you want to restrict that. To listen on any IPv6 address, use ::
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/ostinato.nix>
|
services.owamp.enable
Whether to enable Enable OWAMP server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/owamp.nix>
|
services.oxidized.enable
Whether to enable the oxidized configuation backup service..
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/admin/oxidized.nix>
|
services.oxidized.configFile
Path to the oxidized configuration file.
Type: path
Example:
pkgs.writeText "oxidized-config.yml" '' --- debug: true use_syslog: true input: default: ssh ssh: secure: true interval: 3600 model_map: dell: powerconnect hp: procurve source: default: csv csv: delimiter: !ruby/regexp /:/ file: "/var/lib/oxidized/.config/oxidized/router.db" map: name: 0 model: 1 username: 2 password: 3 pid: "/var/lib/oxidized/.config/oxidized/pid" rest: 127.0.0.1:8888 retries: 3 # ... additional config '';
Declared by:
<nixpkgs/nixos/modules/services/admin/oxidized.nix>
|
services.oxidized.dataDir
State directory for the oxidized service.
Type: path
Default:
"/var/lib/oxidized"
Declared by:
<nixpkgs/nixos/modules/services/admin/oxidized.nix>
|
services.oxidized.group
Group under which the oxidized service runs.
Type: string
Default:
"oxidized"
Declared by:
<nixpkgs/nixos/modules/services/admin/oxidized.nix>
|
services.oxidized.routerDB
Path to the file/database which contains the targets for oxidized.
Type: path
Example:
pkgs.writeText "oxidized-router.db" '' hostname-sw1:powerconnect:username1:password2 hostname-sw2:procurve:username2:password2 # ... additional hosts ''
Declared by:
<nixpkgs/nixos/modules/services/admin/oxidized.nix>
|
services.oxidized.user
User under which the oxidized service runs.
Type: string
Default:
"oxidized"
Declared by:
<nixpkgs/nixos/modules/services/admin/oxidized.nix>
|
services.parsoid.enable
Whether to enable Parsoid -- bidirectional wikitext parser.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/parsoid.nix>
|
services.parsoid.extraConfig
Extra configuration to add to parsoid configuration.
Type: attribute set
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/misc/parsoid.nix>
|
services.parsoid.interface
Interface to listen on.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/parsoid.nix>
|
services.parsoid.port
Port to listen on.
Type: signed integer
Default:
8000
Declared by:
<nixpkgs/nixos/modules/services/misc/parsoid.nix>
|
services.parsoid.wikis
Used MediaWiki API endpoints.
Type: list of string or attribute sets
Example:
[
"http://localhost/api.php"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/parsoid.nix>
|
services.parsoid.workers
Number of Parsoid workers.
Type: signed integer
Default:
2
Declared by:
<nixpkgs/nixos/modules/services/misc/parsoid.nix>
|
services.pcscd.enable
Whether to enable PCSC-Lite daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/pcscd.nix>
|
services.pcscd.plugins
Plugin packages to be used for PCSC-Lite.
Type: list of packages
Default:
"[ pkgs.ccid ]"
Example:
[ pkgs.pcsc-cyberjack ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/pcscd.nix>
|
services.pcscd.readerConfig
Configuration for devices that aren't hotpluggable.
See reader.conf(5) for valid options.
Type: string
Default:
""
Example:
'' FRIENDLYNAME "Some serial reader" DEVICENAME /dev/ttyS0 LIBPATH /path/to/serial_reader.so CHANNELID 1 ''
Declared by:
<nixpkgs/nixos/modules/services/hardware/pcscd.nix>
|
services.pdns-recursor.enable
Whether to enable PowerDNS Recursor, a recursive DNS server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdns-recursor.api.address
IP address Recursor REST API server will bind to.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdns-recursor.api.allowFrom
IP address ranges of clients allowed to make API requests.
Type: list of strings
Default:
[
"0.0.0.0/0"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdns-recursor.api.port
Port number Recursor REST API server will bind to.
Type: signed integer
Default:
8082
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdns-recursor.dns.address
IP address Recursor DNS server will bind to.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdns-recursor.dns.allowFrom
IP address ranges of clients allowed to make DNS queries.
Type: list of strings
Default:
[
"10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16"
]
Example:
[
"0.0.0.0/0"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdns-recursor.dns.port
Port number Recursor DNS server will bind to.
Type: signed integer
Default:
53
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdns-recursor.dnssecValidation
Controls the level of DNSSEC processing done by the PowerDNS Recursor. See https://doc.powerdns.com/md/recursor/dnssec/ for a detailed explanation.
Type: one of "off", "process-no-validate", "process", "log-fail", "validate"
Default:
"validate"
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdns-recursor.exportHosts
Whether to export names and IP addresses defined in /etc/hosts.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdns-recursor.extraConfig
Extra options to be appended to the configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdns-recursor.forwardZones
DNS zones to be forwarded to other servers.
Type: attribute set
Default:
{
}
Example:
{
eth = "127.0.0.1:5353";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdns-recursor.resolveDNSChainQueries
Resolve .bit
top-level domains using DNSChain and namecoin.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/dnschain.nix>
|
services.pdns-recursor.serveRFC1918
Whether to directly resolve the RFC1918 reverse-mapping domains:
10.in-addr.arpa
,
168.192.in-addr.arpa
,
16-31.172.in-addr.arpa
This saves load on the AS112 servers.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdnsd.enable
Whether to enable pdnsd.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/pdnsd.nix>
|
services.pdnsd.cacheDir
Directory holding the pdnsd cache
Type: string
Default:
"/var/cache/pdnsd"
Declared by:
<nixpkgs/nixos/modules/services/networking/pdnsd.nix>
|
services.pdnsd.extraConfig
Extra configuration directives that should be added to
pdnsd.conf
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/pdnsd.nix>
|
services.pdnsd.globalConfig
Global configuration that should be added to the global directory
of pdnsd.conf
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/pdnsd.nix>
|
services.pdnsd.serverConfig
Server configuration that should be added to the server directory
of pdnsd.conf
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/pdnsd.nix>
|
services.peerflix.enable
Whether to enable peerflix service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/torrent/peerflix.nix>
|
services.peerflix.downloadDir
Peerflix temporary download directory.
Type: path
Default:
"/var/lib/peerflix/torrents"
Declared by:
<nixpkgs/nixos/modules/services/torrent/peerflix.nix>
|
services.peerflix.stateDir
Peerflix state directory.
Type: path
Default:
"/var/lib/peerflix"
Declared by:
<nixpkgs/nixos/modules/services/torrent/peerflix.nix>
|
services.pfix-srsd.enable
Whether to run the postfix sender rewriting scheme daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/pfix-srsd.nix>
|
services.pfix-srsd.domain
The domain for which to enable srs
Type: string
Example:
"example.com"
Declared by:
<nixpkgs/nixos/modules/services/mail/pfix-srsd.nix>
|
services.pfix-srsd.secretsFile
The secret data used to encode the SRS address.
to generate, use a command like:
for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/ -$//' | sed 's/^/ /'; done
Type: path
Default:
"/var/lib/pfix-srsd/secrets"
Declared by:
<nixpkgs/nixos/modules/services/mail/pfix-srsd.nix>
|
services.pgmanage.enable
Whether to enable PostgreSQL Administration for the web.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.package
The pgmanage package to use.
Type: package
Default:
"pkgs.pgmanage"
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.allowCustomConnections
This tells pgmanage whether or not to allow anyone to use a custom connection from the login screen.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.connections
pgmanage requires at least one PostgreSQL server be defined.
Detailed information about PostgreSQL connection strings is available at: http://www.postgresql.org/docs/current/static/libpq-connect.html
Note that you should not specify your user name or password. That information will be entered on the login screen. If you specify a username or password, it will be removed by pgmanage before attempting to connect to a database.
Type: attribute set of strings
Default:
{
}
Example:
{
mini-server = "hostaddr=127.0.0.1 port=5432 dbname=postgres sslmode=require"; nuc-server = "hostaddr=192.168.0.100 port=5432 dbname=postgres";
}
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.localOnly
This tells pgmanage whether or not to set the listening socket to local addresses only.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.logLevel
Verbosity of logs
Type: one of "error", "warn", "notice", "info"
Default:
"error"
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.loginGroup
This tells pgmanage to only allow users in a certain PostgreSQL group to login to pgmanage. Note that a connection will be made to PostgreSQL in order to test if the user is a member of the login group.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.loginTimeout
Number of seconds of inactivity before user is automatically logged out.
Type: signed integer
Default:
3600
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.port
This tells pgmanage what port to listen on for browser requests.
Type: signed integer
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.sqlRoot
This tells pgmanage where to put the SQL file history. All tabs are saved to this location so that if you get disconnected from pgmanage you don't lose your work.
Type: string
Default:
"/var/lib/pgmanage"
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.superOnly
This tells pgmanage whether or not to only allow super users to login. The recommended value is true and will restrict users who are not super users from logging in to any PostgreSQL instance through pgmanage. Note that a connection will be made to PostgreSQL in order to test if the user is a superuser.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.tls
These options tell pgmanage where the TLS Certificate and Key files reside. If you use these options then you'll only be able to access pgmanage through a secure TLS connection. These options are only necessary if you wish to connect directly to pgmanage using a secure TLS connection. As an alternative, you can set up pgmanage in a reverse proxy configuration. This allows your web server to terminate the secure connection and pass on the request to pgmanage. You can find help to set up this configuration in: https://github.com/pgManage/pgManage/blob/master/INSTALL_NGINX.md
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.tls.cert
TLS certificate
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.tls.key
TLS key
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgpkeyserver-lite.enable
Whether to enable pgpkeyserver-lite on a nginx vHost proxying to a gpg keyserver.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/pgpkeyserver-lite.nix>
|
services.pgpkeyserver-lite.package
Which webgui derivation to use.
Type: package
Default:
"pkgs.pgpkeyserver-lite"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/pgpkeyserver-lite.nix>
|
services.pgpkeyserver-lite.hkpAddress
Wich ip address the sks-keyserver is listening on.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/pgpkeyserver-lite.nix>
|
services.pgpkeyserver-lite.hkpPort
Which port the sks-keyserver is listening on.
Type: signed integer
Default:
11371
Declared by:
<nixpkgs/nixos/modules/services/web-apps/pgpkeyserver-lite.nix>
|
services.pgpkeyserver-lite.hostname
Which hostname to set the vHost to that is proxying to sks.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/pgpkeyserver-lite.nix>
|
services.phd.enable
Enable daemons for phabricator.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/phd.nix>
|
services.phpfpm.extraConfig
Extra configuration that should be put in the global section of
the PHP-FPM configuration file. Do not specify the options
error_log
or
daemonize
here, since they are generated by
NixOS.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
|
services.phpfpm.phpOptions
Options appended to the PHP configuration file php.ini
.
Type: string
Default:
""
Example:
'' date.timezone = "CET" ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
|
services.phpfpm.phpPackage
The PHP package to use for running the PHP-FPM service.
Type: package
Default:
"pkgs.php"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
|
services.phpfpm.poolConfigs
A mapping between PHP-FPM pool names and their configurations.
See the documentation on php-fpm.conf
for
details on configuration directives. If no pools are defined,
the phpfpm service is disabled.
Type: attribute set of strings
Default:
{
}
Example:
{ mypool = '' listen = /run/phpfpm/mypool user = nobody pm = dynamic pm.max_children = 75 pm.start_servers = 10 pm.min_spare_servers = 5 pm.max_spare_servers = 20 pm.max_requests = 500 ''; }
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
|
services.phpfpm.pools
PHP-FPM pools. If no pools or poolConfigs are defined, the PHP-FPM service is disabled.
Type: attribute set of submodules
Default:
{
}
Example:
{ mypool = { listen = "/path/to/unix/socket"; extraConfig = '' user = nobody pm = dynamic pm.max_children = 75 pm.start_servers = 10 pm.min_spare_servers = 5 pm.max_spare_servers = 20 pm.max_requests = 500 ''; } }
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
|
services.phpfpm.pools.<name>.extraConfig
Extra lines that go into the pool configuration.
See the documentation on php-fpm.conf
for
details on configuration directives.
Type: string
Example:
'' user = nobody pm = dynamic pm.max_children = 75 pm.start_servers = 10 pm.min_spare_servers = 5 pm.max_spare_servers = 20 pm.max_requests = 500 ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
|
services.phpfpm.pools.<name>.listen
The address on which to accept FastCGI requests.
Type: string
Example:
"/path/to/unix/socket"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
|
services.physlock.enable
Whether to enable the physlock screen locking mechanism.
Enable this and then run systemctl start physlock to securely lock the screen.
This will switch to a new virtual terminal, turn off console
switching and disable SysRq mechanism (when
services.physlock.disableSysRq
is set)
until the root or user password is given.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/physlock.nix>
|
services.physlock.allowAnyUser
Whether to allow any user to lock the screen. This will install a setuid wrapper to allow any user to start physlock as root, which is a minor security risk. Call the physlock binary to use this instead of using the systemd service.
Note that you might need to relog to have the correct binary in your PATH upon changing this option.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/physlock.nix>
|
services.physlock.disableSysRq
Whether to disable SysRq when locked with physlock.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/security/physlock.nix>
|
services.physlock.lockOn.extraTargets
Other targets to lock the screen just before.
Useful if you want to e.g. both autologin to X11 so that
your ~/.xsession
gets executed and
still to have the screen locked so that the system can be
booted relatively unattended.
Type: list of strings
Default:
[
]
Example:
[
"display-manager.service"
]
Declared by:
<nixpkgs/nixos/modules/services/security/physlock.nix>
|
services.physlock.lockOn.hibernate
Whether to lock screen with physlock just before hibernate.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/security/physlock.nix>
|
services.physlock.lockOn.suspend
Whether to lock screen with physlock just before suspend.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/security/physlock.nix>
|
services.pipewire.enable
Whether to enable pipewire service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire.nix>
|
services.pipewire.socketActivation
Automatically run pipewire when connections are made to the pipewire socket.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire.nix>
|
services.plex.enable
Whether to enable Plex Media Server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
|
services.plex.package
The Plex package to use. Plex subscribers may wish to use their own package here, pointing to subscriber-only server versions.
Type: package
Default:
"pkgs.plex"
Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
|
services.plex.dataDir
The directory where Plex stores its data files.
Type: string
Default:
"/var/lib/plex"
Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
|
services.plex.extraPlugins
A list of paths to extra plugin bundles to install in Plex's plugin
directory. Every time the systemd unit for Plex starts up, all of the
symlinks in Plex's plugin directory will be cleared and this module
will symlink all of the paths specified here to that directory. If
this behavior is undesired, set managePlugins
to
false.
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
|
services.plex.group
Group under which Plex runs.
Type: string
Default:
"plex"
Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
|
services.plex.managePlugins
If set to true, this option will cause all of the symlinks in Plex's
plugin directory to be removed and symlinks for paths specified in
extraPlugins
to be added.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
|
services.plex.openFirewall
Open ports in the firewall for the media server
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
|
services.plex.user
User account under which Plex runs.
Type: string
Default:
"plex"
Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
|
services.plexpy.enable
Whether to enable PlexPy Plex Monitor.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/plexpy.nix>
|
services.plexpy.package
The PlexPy package to use.
Type: package
Default:
"pkgs.plexpy"
Declared by:
<nixpkgs/nixos/modules/services/misc/plexpy.nix>
|
services.plexpy.configFile
The location of PlexPy's config file.
Type: string
Default:
"/var/lib/plexpy/config.ini"
Declared by:
<nixpkgs/nixos/modules/services/misc/plexpy.nix>
|
services.plexpy.dataDir
The directory where PlexPy stores its data files.
Type: string
Default:
"/var/lib/plexpy"
Declared by:
<nixpkgs/nixos/modules/services/misc/plexpy.nix>
|
services.plexpy.group
Group under which PlexPy runs.
Type: string
Default:
"nogroup"
Declared by:
<nixpkgs/nixos/modules/services/misc/plexpy.nix>
|
services.plexpy.port
TCP port where PlexPy listens.
Type: signed integer
Default:
8181
Declared by:
<nixpkgs/nixos/modules/services/misc/plexpy.nix>
|
services.plexpy.user
User account under which PlexPy runs.
Type: string
Default:
"plexpy"
Declared by:
<nixpkgs/nixos/modules/services/misc/plexpy.nix>
|
services.polipo.enable
Whether to run the polipo caching web proxy.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/polipo.nix>
|
services.polipo.allowedClients
List of IP addresses or network addresses that may connect to Polipo.
Type: list of strings
Default:
[
"127.0.0.1" "::1"
]
Example:
[
"127.0.0.1" "::1" "134.157.168.0/24" "2001:660:116::/48"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/polipo.nix>
|
services.polipo.extraConfig
Polio configuration. Contents will be added verbatim to the configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/polipo.nix>
|
services.polipo.parentProxy
Hostname and port number of an HTTP parent proxy; it should have the form ‘host:port’.
Type: string
Default:
""
Example:
"localhost:8124"
Declared by:
<nixpkgs/nixos/modules/services/networking/polipo.nix>
|
services.polipo.proxyAddress
IP address on which Polipo will listen.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/polipo.nix>
|
services.polipo.proxyPort
TCP port on which Polipo will listen.
Type: signed integer
Default:
8123
Declared by:
<nixpkgs/nixos/modules/services/networking/polipo.nix>
|
services.polipo.socksParentProxy
Hostname and port number of an SOCKS parent proxy; it should have the form ‘host:port’.
Type: string
Default:
""
Example:
"localhost:9050"
Declared by:
<nixpkgs/nixos/modules/services/networking/polipo.nix>
|
services.postfix.enable
Whether to run the Postfix mail server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.enableHeaderChecks
Whether to enable postfix header checks
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.enableSmtp
Whether to enable smtp in master.cf.
Type: unspecified
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.enableSubmission
Whether to enable smtp submission.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.aliasFiles
Aliases' tables to be compiled and placed into /var/lib/postfix/conf.
Type: attribute set of paths
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.aliasMapType
The format the alias map should have. Use regexp if you want to use regular expressions.
Type: one of "hash", "regexp", "pcre"
Default:
"hash"
Example:
"regexp"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.config
The main.cf configuration file as key value set.
Type: attribute set of boolean or string or list of stringss
Example:
{
mail_owner = "postfix"; smtp_use_tls = true;
}
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.destination
Full (!) list of domains we deliver locally. Leave blank for acceptable Postfix default.
Type: null or list of strings
Default:
null
Example:
[
"localhost"
]
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.dnsBlacklistOverrides
contents of check_client_access for overriding dnsBlacklists
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.dnsBlacklists
dns blacklist servers to use with smtpd_client_restrictions
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.domain
Domain to use. Leave blank to use hostname minus first component.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.extraAliases
Additional entries to put verbatim into aliases file, cf. man-page aliases(8).
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.extraConfig
Extra lines to be added verbatim to the main.cf configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.extraHeaderChecks
Extra lines to /etc/postfix/header_checks file.
Type: string
Default:
""
Example:
"/^X-Spam-Flag:/ REDIRECT spam@example.com"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.extraMasterConf
Extra lines to append to the generated master.cf file.
Type: string
Default:
""
Example:
"submission inet n - n - - smtpd"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.group
What to call the Postfix group (must be used only for postfix).
Type: string
Default:
"postfix"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.headerChecks
Postfix header checks.
Type: list of submodules
Default:
[
]
Example:
[
{
action = "REDIRECT spam@example.com"; pattern = "/^X-Spam-Flag:/";
}
]
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.headerChecks.*.action
The action to be executed when the pattern is matched
Type: string
Default:
"DUNNO"
Example:
"BCC mail@example.com"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.headerChecks.*.pattern
A regexp pattern matching the header
Type: string
Default:
"/^.*/"
Example:
"/^X-Mailer:/"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.hostname
Hostname to use. Leave blank to use just the hostname of machine. It should be FQDN.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.lookupMX
Whether relay specified is just domain whose MX must be used.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.mapFiles
Maps to be compiled and placed into /var/lib/postfix/conf.
Type: attribute set of paths
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.masterConfig
An attribute set of service options, which correspond to the service
definitions usually done within the Postfix
master.cf
file.
Type: attribute set of submodules
Default:
{
}
Example:
{
submission =
{
args =
[
"-o" "smtpd_tls_security_level=encrypt"
]
; type = "inet";
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.masterConfig.<name>.args
Arguments to pass to the command
. There is no shell
processing involved and shell syntax is passed verbatim to the
process.
Type: list of strings
Default:
[
]
Example:
[
"-o" "smtp_helo_timeout=5"
]
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.masterConfig.<name>.chroot
Whether the service is chrooted to have only access to the
services.postfix.queueDir
and the closure of
store paths specified by the program
option.
Type: boolean
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.masterConfig.<name>.command
A program name specifying a Postfix service/daemon process.
By default it's the attribute name
.
Type: string
Default:
"‹name›"
Example:
"smtpd"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.masterConfig.<name>.maxproc
The maximum number of processes to spawn for this service. If the
value is 0
it doesn't have any limit. If
null
is given it uses the postfix default of
100
.
Type: signed integer
Example:
1
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.masterConfig.<name>.name
The name of the service to run. Defaults to the attribute set key.
Type: string
Default:
"‹name›"
Example:
"smtp"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.masterConfig.<name>.private
Whether the service's sockets and storage directory is restricted to
be only available via the mail system. If null
is
given it uses the postfix default true
.
Type: boolean
Example:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.masterConfig.<name>.privileged
Type: boolean
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.masterConfig.<name>.type
The type of the service
Type: one of "inet", "unix", "fifo", "pass"
Default:
"unix"
Example:
"inet"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.masterConfig.<name>.wakeup
Automatically wake up the service after the specified number of
seconds. If 0
is given, never wake the service
up.
Type: signed integer
Example:
60
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.masterConfig.<name>.wakeupUnusedComponent
If set to false
the component will only be woken
up if it is used. This is equivalent to postfix' notion of adding a
question mark behind the wakeup time in
master.cf
Type: boolean
Example:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.networks
Net masks for trusted - allowed to relay mail to third parties - hosts. Leave empty to use mynetworks_style configuration or use default (localhost-only).
Type: null or list of strings
Default:
null
Example:
[
"192.168.0.1/24"
]
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.networksStyle
Name of standard way of trusted network specification to use, leave blank if you specify it explicitly or if you want to use default (localhost-only).
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.origin
Origin to use in outgoing e-mail. Leave blank to use hostname.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.postmasterAlias
Who should receive postmaster e-mail. Multiple values can be added by separating values with comma.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.recipientDelimiter
Delimiter for address extension: so mail to user+test can be handled by ~user/.forward+test
Type: string
Default:
""
Example:
"+"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.relayDomains
List of domains we agree to relay to. Default is empty.
Type: null or list of strings
Default:
null
Example:
[
"localdomain"
]
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.relayHost
Mail relay for outbound mail.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.relayPort
SMTP port for relay mail relay.
Type: signed integer
Default:
25
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.rootAlias
Who should receive root e-mail. Blank for no redirection. Multiple values can be added by separating values with comma.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.setSendmail
Whether to set the system sendmail to postfix's.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.setgidGroup
How to call postfix setgid group (for postdrop). Should be uniquely used group.
Type: string
Default:
"postdrop"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.sslCACert
SSL certificate of CA.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.sslCert
SSL certificate to use.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.sslKey
SSL key to use.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.submissionOptions
Options for the submission config in master.cf
Type: attribute set
Default:
{
milter_macro_daemon_name = "ORIGINATING"; smtpd_client_restrictions = "permit_sasl_authenticated,reject"; smtpd_sasl_auth_enable = "yes"; smtpd_tls_security_level = "encrypt";
}
Example:
{
milter_macro_daemon_name = "ORIGINATING"; smtpd_client_restrictions = "permit_sasl_authenticated,reject"; smtpd_sasl_auth_enable = "yes"; smtpd_sasl_type = "dovecot"; smtpd_tls_security_level = "encrypt";
}
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.transport
Entries for the transport map, cf. man-page transport(8).
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.useSrs
Whether to enable sender rewriting scheme
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.user
What to call the Postfix user (must be used only for postfix).
Type: string
Default:
"postfix"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.virtual
Entries for the virtual alias map, cf. man-page virtual(8).
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.virtualMapType
What type of virtual alias map file to use. Use "regexp"
for regular expressions.
Type: one of "hash", "regexp", "pcre"
Default:
"hash"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postgresql.enable
Whether to run PostgreSQL.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.enableTCPIP
Whether PostgreSQL should listen on all network interfaces. If disabled, the database can only be accessed via its Unix domain socket or via TCP connections to localhost.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.package
PostgreSQL package to use.
Type: package
Example:
pkgs.postgresql96
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.authentication
Defines how users authenticate themselves to the server. By default, "trust" access to local users will always be granted along with any other custom options. If you do not want this, set this option using "lib.mkForce" to override this behaviour.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.dataDir
Data directory for PostgreSQL.
Type: path
Example:
"/var/lib/postgresql/9.6"
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.extraConfig
Additional text to be appended to postgresql.conf
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.extraPlugins
When this list contains elements a new store path is created. PostgreSQL and the elements are symlinked into it. Then pg_config, postgres and pg_ctl are copied to make them use the new $out/lib directory as pkglibdir. This makes it possible to use postgis without patching the .sql files which reference $libdir/postgis-1.5.
Type: list of paths
Default:
[
]
Example:
[ (pkgs.postgis.override { postgresql = pkgs.postgresql94; }) ]
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.identMap
Defines the mapping from system users to database users.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.initialScript
A file containing SQL statements to execute on first startup.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.port
The port on which PostgreSQL listens.
Type: signed integer
Default:
5432
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.recoveryConfig
Contents of the recovery.conf
file.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresqlBackup.enable
Whether to enable PostgreSQL dumps.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
|
services.postgresqlBackup.databases
List of database names to dump.
Type: unspecified
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
|
services.postgresqlBackup.location
Location to put the gzipped PostgreSQL database dumps.
Type: unspecified
Default:
"/var/backup/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
|
services.postgresqlBackup.pgdumpOptions
Command line options for pg_dump.
Type: string
Default:
"-Cbo"
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
|
services.postgresqlBackup.startAt
This option defines (see systemd.time
for format) when the
databases should be dumped.
The default is to update at 01:15 (at night) every day.
Type: unspecified
Default:
"*-*-* 01:15:00"
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
|
services.postgrey.enable
Whether to run the Postgrey daemon
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.IPv4CIDR
Strip N bits from IPv4 addresses if lookupBySubnet is true
Type: signed integer
Default:
24
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.IPv6CIDR
Strip N bits from IPv6 addresses if lookupBySubnet is true
Type: signed integer
Default:
64
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.autoWhitelist
Whitelist clients after successful delivery of N messages
Type: null or signed integer
Default:
5
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.delay
Greylist for N seconds
Type: signed integer
Default:
300
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.greylistAction
Response status for greylisted messages (see access(5))
Type: string
Default:
"DEFER_IF_PERMIT"
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.greylistHeader
Prepend header to greylisted mails; use %%t for seconds delayed due to greylisting, %%v for the version of postgrey, %%d for the date, and %%h for the host
Type: string
Default:
"X-Greylist: delayed %%t seconds by postgrey-%%v at %%h; %%d"
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.greylistText
Response status text for greylisted messages; use %%s for seconds left until greylisting is over and %%r for mail domain of recipient
Type: string
Default:
"Greylisted for %%s seconds"
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.lookupBySubnet
Strip the last N bits from IP addresses, determined by IPv4CIDR and IPv6CIDR
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.maxAge
Delete entries from whitelist if they haven't been seen for N days
Type: signed integer
Default:
35
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.privacy
Store data using one-way hash functions (SHA1)
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.retryWindow
Allow N days for the first retry. Use string with appended 'h' to specify time in hours
Type: string or signed integer
Default:
2
Example:
"12h"
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.socket
Socket to bind to
Type: submodule or submodule
Default:
{
mode = "0777"; path = "/var/run/postgrey.sock";
}
Example:
{
addr = "127.0.0.1"; port = 10030;
}
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.whitelistClients
Client address whitelist files (see postgrey(8))
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.whitelistRecipients
Recipient address whitelist files (see postgrey(8))
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postsrsd.enable
Whether to enable the postsrsd SRS server for Postfix.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
|
services.postsrsd.domain
Domain name for rewrite
Type: string
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
|
services.postsrsd.excludeDomains
Origin domains to exclude from rewriting in addition to primary domain
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
|
services.postsrsd.forwardPort
Port for the forward SRS lookup
Type: signed integer
Default:
10001
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
|
services.postsrsd.group
Group for the daemon
Type: string
Default:
"postsrsd"
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
|
services.postsrsd.reversePort
Port for the reverse SRS lookup
Type: signed integer
Default:
10002
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
|
services.postsrsd.secretsFile
Secret keys used for signing and verification
Type: path
Default:
"/var/lib/postsrsd/postsrsd.secret"
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
|
services.postsrsd.separator
First separator character in generated addresses
Type: one of "-", "=", "+"
Default:
"="
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
|
services.postsrsd.timeout
Timeout for idle client connections in seconds
Type: signed integer
Default:
1800
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
|
services.postsrsd.user
User for the daemon
Type: string
Default:
"postsrsd"
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
|
services.powerdns.enable
Whether to enable Powerdns domain name server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/powerdns.nix>
|
services.powerdns.extraConfig
Extra lines to be added verbatim to pdns.conf. Powerdns will chroot to /var/lib/powerdns. So any file, powerdns is supposed to be read, should be in /var/lib/powerdns and needs to specified relative to the chroot.
Type: string
Default:
"launch=bind"
Declared by:
<nixpkgs/nixos/modules/services/networking/powerdns.nix>
|
services.pptpd.enable
Whether to enable Whether pptpd should be run on startup..
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/pptpd.nix>
|
services.pptpd.clientIpRange
The range from which client IPs are drawn.
Type: string
Default:
"10.124.124.2-11"
Declared by:
<nixpkgs/nixos/modules/services/networking/pptpd.nix>
|
services.pptpd.extraPppdOptions
Adds extra lines to the pppd options file.
Type: string
Default:
""
Example:
'' ms-dns 8.8.8.8 ms-dns 8.8.4.4 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/pptpd.nix>
|
services.pptpd.extraPptpdOptions
Adds extra lines to the pptpd configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/pptpd.nix>
|
services.pptpd.maxClients
The maximum number of simultaneous connections.
Type: signed integer
Default:
10
Declared by:
<nixpkgs/nixos/modules/services/networking/pptpd.nix>
|
services.pptpd.serverIp
The server-side IP address.
Type: string
Default:
"10.124.124.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/pptpd.nix>
|
services.prayer.enable
Whether to run the prayer webmail http server.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/prayer.nix>
|
services.prayer.extraConfig
Extra configuration. Contents will be added verbatim to the configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/prayer.nix>
|
services.prayer.port
Port the prayer http server is listening to.
Type: unspecified
Default:
"2080"
Declared by:
<nixpkgs/nixos/modules/services/networking/prayer.nix>
|
services.prey.enable
Enables the http://preyproject.com/ shell client. Be sure to specify both API and device keys. Once enabled, a cron job will run every 15 minutes to report status information.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/prey.nix>
|
services.prey.apiKey
API key
obtained from
https://panel.preyproject.com/profile.
Type: string
Declared by:
<nixpkgs/nixos/modules/security/prey.nix>
|
services.prey.deviceKey
Device key
obtained by visiting
https://panel.preyproject.com/devices
and clicking on your device.
Type: string
Declared by:
<nixpkgs/nixos/modules/security/prey.nix>
|
services.printing.enable
Whether to enable printing support through the CUPS daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.browsedConf
The contents of the configuration. file of the CUPS Browsed daemon
(cups-browsed.conf
)
Type: string
Default:
""
Example:
'' BrowsePoll cups.example.com ''
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.browsing
Specifies whether shared printers are advertised.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.clientConf
The contents of the client configuration.
(client.conf
)
Type: string
Default:
""
Example:
'' ServerName server.example.com Encryption Never ''
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.defaultShared
Specifies whether local printers are shared by default.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.drivers
CUPS drivers to use. Drivers provided by CUPS, cups-filters,
Ghostscript and Samba are added unconditionally. If this list contains
Gutenprint (i.e. a derivation with
meta.isGutenprint = true
) the PPD files in
/var/lib/cups/ppd
will be updated automatically
to avoid errors due to incompatible versions.
Type: list of paths
Default:
[
]
Example:
[ pkgs.gutenprint pkgs.hplip pkgs.splix ]
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.extraConf
Extra contents of the configuration file of the CUPS daemon
(cupsd.conf
).
Type: string
Default:
""
Example:
'' BrowsePoll cups.example.com MaxCopies 42 ''
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.extraFilesConf
Extra contents of the configuration file of the CUPS daemon
(cups-files.conf
).
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.listenAddresses
A list of addresses and ports on which to listen.
Type: list of strings
Default:
[
"localhost:631"
]
Example:
[
"*:631"
]
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.logLevel
Specifies the cupsd logging verbosity.
Type: string
Default:
"info"
Example:
"debug"
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.snmpConf
The contents of /etc/cups/snmp.conf
. See "man
cups-snmp.conf" for a complete description.
Type: string
Default:
'' Address @LOCAL ''
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.startWhenNeeded
If set, CUPS is socket-activated; that is, instead of having it permanently running as a daemon, systemd will start it on the first incoming connection.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.tempDir
CUPSd temporary directory.
Type: path
Default:
"/tmp"
Example:
"/tmp/cups"
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.webInterface
Specifies whether the web interface is enabled.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.privoxy.enable
Whether to enable the Privoxy non-caching filtering proxy.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
|
services.privoxy.enableEditActions
Whether or not the web-based actions file editor may be used.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
|
services.privoxy.actionsFiles
List of paths to Privoxy action files. These paths may either be absolute or relative to the privoxy configuration directory.
Type: list of strings
Default:
[
"match-all.action" "default.action"
]
Example:
[
"match-all.action" "default.action" "/etc/privoxy/user.action"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
|
services.privoxy.extraConfig
Extra configuration. Contents will be added verbatim to the configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
|
services.privoxy.filterFiles
List of paths to Privoxy filter files. These paths may either be absolute or relative to the privoxy configuration directory.
Type: list of strings
Default:
[
"default.filter"
]
Example:
[
"default.filter" "/etc/privoxy/user.filter"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
|
services.privoxy.listenAddress
Address the proxy server is listening to.
Type: string
Default:
"127.0.0.1:8118"
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
|
services.prometheus.enable
Enable the Prometheus monitoring daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.alertmanager.enable
Whether to enable Prometheus Alertmanager.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanager.configText
Alertmanager configuration as YAML text. If non-null, this option defines the text that is written to alertmanager.yml. If null, the contents of alertmanager.yml is generated from the structured config options.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanager.configuration
Alertmanager configuration as nix attribute set.
Type: attribute set
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanager.extraFlags
Extra commandline options when launching the Alertmanager.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanager.group
Group under which Alertmanager shall be run.
Type: string
Default:
"nogroup"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanager.listenAddress
Address to listen on for the web interface and API.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanager.logFormat
If set use a syslog logger or JSON logging.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanager.logLevel
Only log messages with the given severity or above.
Type: one of "debug", "info", "warn", "error", "fatal"
Default:
"warn"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanager.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanager.port
Port to listen on for the web interface and API.
Type: signed integer
Default:
9093
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanager.user
User name under which Alertmanager shall be run.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanager.webExternalUrl
The URL under which Alertmanager is externally reachable (for example, if Alertmanager is served via a reverse proxy). Used for generating relative and absolute links back to Alertmanager itself. If the URL has a path portion, it will be used to prefix all HTTP endoints served by Alertmanager. If omitted, relevant URL components will be derived automatically.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanagerNotificationQueueCapacity
The capacity of the queue for pending alert manager notifications.
Type: signed integer
Default:
10000
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.alertmanagerTimeout
Alert manager HTTP API timeout (in seconds).
Type: signed integer
Default:
10
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.alertmanagerURL
List of Alertmanager URLs to send notifications to.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.configText
If non-null, this option defines the text that is written to prometheus.yml. If null, the contents of prometheus.yml is generated from the structured config options.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.dataDir
Directory to store Prometheus metrics data.
Type: path
Default:
"/var/lib/prometheus"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.exporters
Prometheus exporter configuration
Type: submodule
Default:
{
}
Example:
{ node = { enable = true; enabledCollectors = [ "systemd" ]; }; varnish.enable = true; }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.blackbox.enable
Whether to enable the prometheus blackbox exporter.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.blackbox.configFile
Path to configuration file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.blackbox.extraFlags
Extra commandline options to pass to the blackbox exporter.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.blackbox.firewallFilter
Specify a filter for iptables to use when
services.prometheus.exporters.blackbox.openFirewall
is true. It is used as `ip46tables -I nixos-fw firewallFilter
-j nixos-fw-accept`.
Type: string
Default:
"-p tcp -m tcp --dport 9115"
Example:
"-i eth0 -p tcp -m tcp --dport 9115"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.blackbox.group
Group under which the blackbox exporter shall be run.
Has no effect when systemd.services.prometheus-blackbox-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.blackbox.listenAddress
Address to listen on.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.blackbox.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.blackbox.port
Port to listen on.
Type: signed integer
Default:
9115
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.blackbox.user
User name under which the blackbox exporter shall be run.
Has no effect when systemd.services.prometheus-blackbox-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.enable
Whether to enable the prometheus collectd exporter.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.collectdBinary.enable
Whether to enable collectd binary protocol receiver.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.collectdBinary.authFile
File mapping user names to pre-shared keys (passwords).
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.collectdBinary.listenAddress
Address to listen on for binary network packets.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.collectdBinary.port
Network address on which to accept collectd binary network packets.
Type: signed integer
Default:
25826
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.collectdBinary.securityLevel
Minimum required security level for accepted packets.
Type: one of "None", "Sign", "Encrypt"
Default:
"None"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.extraFlags
Extra commandline options to pass to the collectd exporter.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.firewallFilter
Specify a filter for iptables to use when
services.prometheus.exporters.collectd.openFirewall
is true. It is used as `ip46tables -I nixos-fw firewallFilter
-j nixos-fw-accept`.
Type: string
Default:
"-p tcp -m tcp --dport 9103"
Example:
"-i eth0 -p tcp -m tcp --dport 9103"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.group
Group under which the collectd exporter shall be run.
Has no effect when systemd.services.prometheus-collectd-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.listenAddress
Address to listen on.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.logFormat
Set the log target and format.
Type: string
Default:
"logger:stderr"
Example:
"logger:syslog?appname=bob&local=7 or logger:stdout?json=true"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.logLevel
Only log messages with the given severity or above.
Type: one of "debug", "info", "warn", "error", "fatal"
Default:
"info"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.port
Port to listen on.
Type: signed integer
Default:
9103
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.user
User name under which the collectd exporter shall be run.
Has no effect when systemd.services.prometheus-collectd-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dnsmasq.enable
Whether to enable the prometheus dnsmasq exporter.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dnsmasq.dnsmasqListenAddress
Address on which dnsmasq listens.
Type: string
Default:
"localhost:53"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dnsmasq.extraFlags
Extra commandline options to pass to the dnsmasq exporter.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dnsmasq.firewallFilter
Specify a filter for iptables to use when
services.prometheus.exporters.dnsmasq.openFirewall
is true. It is used as `ip46tables -I nixos-fw firewallFilter
-j nixos-fw-accept`.
Type: string
Default:
"-p tcp -m tcp --dport 9153"
Example:
"-i eth0 -p tcp -m tcp --dport 9153"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dnsmasq.group
Group under which the dnsmasq exporter shall be run.
Has no effect when systemd.services.prometheus-dnsmasq-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dnsmasq.leasesPath
Path to the dnsmasq.leases
file.
Type: path
Default:
"/var/lib/misc/dnsmasq.leases"
Example:
"/var/lib/dnsmasq/dnsmasq.leases"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dnsmasq.listenAddress
Address to listen on.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dnsmasq.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dnsmasq.port
Port to listen on.
Type: signed integer
Default:
9153
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dnsmasq.user
User name under which the dnsmasq exporter shall be run.
Has no effect when systemd.services.prometheus-dnsmasq-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dovecot.enable
Whether to enable the prometheus dovecot exporter.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dovecot.extraFlags
Extra commandline options to pass to the dovecot exporter.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dovecot.firewallFilter
Specify a filter for iptables to use when
services.prometheus.exporters.dovecot.openFirewall
is true. It is used as `ip46tables -I nixos-fw firewallFilter
-j nixos-fw-accept`.
Type: string
Default:
"-p tcp -m tcp --dport 9166"
Example:
"-i eth0 -p tcp -m tcp --dport 9166"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dovecot.group
Group under which the dovecot exporter shall be run.
Has no effect when systemd.services.prometheus-dovecot-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dovecot.listenAddress
Address to listen on.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dovecot.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dovecot.port
Port to listen on.
Type: signed integer
Default:
9166
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dovecot.scopes
Stats scopes to query.
Type: list of strings
Default:
[
"user"
]
Example:
[
"user" "global"
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dovecot.socketPath
Path under which the stats socket is placed. The user/group under which the exporter runs, should be able to access the socket in order to scrape the metrics successfully.
Type: path
Default:
"/var/run/dovecot/stats"
Example:
"/var/run/dovecot2/stats"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dovecot.telemetryPath
Path under which to expose metrics.
Type: string
Default:
"/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dovecot.user
User name under which the dovecot exporter shall be run.
Has no effect when systemd.services.prometheus-dovecot-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fritzbox.enable
Whether to enable the prometheus fritzbox exporter.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fritzbox.extraFlags
Extra commandline options to pass to the fritzbox exporter.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fritzbox.firewallFilter
Specify a filter for iptables to use when
services.prometheus.exporters.fritzbox.openFirewall
is true. It is used as `ip46tables -I nixos-fw firewallFilter
-j nixos-fw-accept`.
Type: string
Default:
"-p tcp -m tcp --dport 9133"
Example:
"-i eth0 -p tcp -m tcp --dport 9133"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fritzbox.gatewayAddress
The hostname or IP of the FRITZ!Box.
Type: string
Default:
"fritz.box"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fritzbox.gatewayPort
The port of the FRITZ!Box UPnP service.
Type: signed integer
Default:
49000
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fritzbox.group
Group under which the fritzbox exporter shall be run.
Has no effect when systemd.services.prometheus-fritzbox-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fritzbox.listenAddress
Address to listen on.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fritzbox.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fritzbox.port
Port to listen on.
Type: signed integer
Default:
9133
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fritzbox.user
User name under which the fritzbox exporter shall be run.
Has no effect when systemd.services.prometheus-fritzbox-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.json.enable
Whether to enable the prometheus json exporter.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.json.configFile
Path to configuration file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.json.extraFlags
Extra commandline options to pass to the json exporter.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.json.firewallFilter
Specify a filter for iptables to use when
services.prometheus.exporters.json.openFirewall
is true. It is used as `ip46tables -I nixos-fw firewallFilter
-j nixos-fw-accept`.
Type: string
Default:
"-p tcp -m tcp --dport 7979"
Example:
"-i eth0 -p tcp -m tcp --dport 7979"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.json.group
Group under which the json exporter shall be run.
Has no effect when systemd.services.prometheus-json-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.json.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.json.port
Port to listen on.
Type: signed integer
Default:
7979
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.json.url
URL to scrape JSON from.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.json.user
User name under which the json exporter shall be run.
Has no effect when systemd.services.prometheus-json-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.minio.enable
Whether to enable the prometheus minio exporter.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.minio.extraFlags
Extra commandline options to pass to the minio exporter.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.minio.firewallFilter
Specify a filter for iptables to use when
services.prometheus.exporters.minio.openFirewall
is true. It is used as `ip46tables -I nixos-fw firewallFilter
-j nixos-fw-accept`.
Type: string
Default:
"-p tcp -m tcp --dport 9290"
Example:
"-i eth0 -p tcp -m tcp --dport 9290"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.minio.group
Group under which the minio exporter shall be run.
Has no effect when systemd.services.prometheus-minio-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.minio.listenAddress
Address to listen on.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.minio.minioAccessKey
The value of the Minio access key.
It is required in order to connect to the server.
By default this uses the one from the local minio server if enabled
and config.services.minio.accessKey
.
Type: string
Example:
"yourMinioAccessKey"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.minio.minioAccessSecret
The value of the Minio access secret.
It is required in order to connect to the server.
By default this uses the one from the local minio server if enabled
and config.services.minio.secretKey
.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.minio.minioAddress
The URL of the minio server. Use HTTPS if Minio accepts secure connections only. By default this connects to the local minio server if enabled.
Type: string
Example:
"https://10.0.0.1:9000"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.minio.minioBucketStats
Collect statistics about the buckets and files in buckets. It requires more computation, use it carefully in case of large buckets..
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.minio.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.minio.port
Port to listen on.
Type: signed integer
Default:
9290
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.minio.user
User name under which the minio exporter shall be run.
Has no effect when systemd.services.prometheus-minio-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginx.enable
Whether to enable the prometheus nginx exporter.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginx.extraFlags
Extra commandline options to pass to the nginx exporter.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginx.firewallFilter
Specify a filter for iptables to use when
services.prometheus.exporters.nginx.openFirewall
is true. It is used as `ip46tables -I nixos-fw firewallFilter
-j nixos-fw-accept`.
Type: string
Default:
"-p tcp -m tcp --dport 9113"
Example:
"-i eth0 -p tcp -m tcp --dport 9113"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginx.group
Group under which the nginx exporter shall be run.
Has no effect when systemd.services.prometheus-nginx-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginx.insecure
Ignore server certificate if using https.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginx.listenAddress
Address to listen on.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginx.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginx.port
Port to listen on.
Type: signed integer
Default:
9113
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginx.scrapeUri
Address to access the nginx status page. Can be enabled with services.nginx.statusPage = true.
Type: string
Default:
"http://localhost/nginx_status"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginx.telemetryEndpoint
Path under which to expose metrics.
Type: string
Default:
"/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginx.user
User name under which the nginx exporter shall be run.
Has no effect when systemd.services.prometheus-nginx-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.node.enable
Whether to enable the prometheus node exporter.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.node.enabledCollectors
Collectors to enable. The collectors listed here are enabled in addition to the default ones.
Type: list of strings
Default:
[
]
Example:
''[ "systemd" ]''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.node.disabledCollectors
Collectors to disable which are enabled by default.
Type: list of strings
Default:
[
]
Example:
''[ "timex" ]''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.node.extraFlags
Extra commandline options to pass to the node exporter.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.node.firewallFilter
Specify a filter for iptables to use when
services.prometheus.exporters.node.openFirewall
is true. It is used as `ip46tables -I nixos-fw firewallFilter
-j nixos-fw-accept`.
Type: string
Default:
"-p tcp -m tcp --dport 9100"
Example:
"-i eth0 -p tcp -m tcp --dport 9100"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.node.group
Group under which the node exporter shall be run.
Has no effect when systemd.services.prometheus-node-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.node.listenAddress
Address to listen on.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.node.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.node.port
Port to listen on.
Type: signed integer
Default:
9100
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.node.user
User name under which the node exporter shall be run.
Has no effect when systemd.services.prometheus-node-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.enable
Whether to enable the prometheus postfix exporter.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.extraFlags
Extra commandline options to pass to the postfix exporter.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.firewallFilter
Specify a filter for iptables to use when
services.prometheus.exporters.postfix.openFirewall
is true. It is used as `ip46tables -I nixos-fw firewallFilter
-j nixos-fw-accept`.
Type: string
Default:
"-p tcp -m tcp --dport 9154"
Example:
"-i eth0 -p tcp -m tcp --dport 9154"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.group
Group under which the postfix exporter shall be run.
Has no effect when systemd.services.prometheus-postfix-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.listenAddress
Address to listen on.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.logfilePath
Path where Postfix writes log entries. This file will be truncated by this exporter!
Type: path
Default:
"/var/log/postfix_exporter_input.log"
Example:
"/var/log/mail.log"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.port
Port to listen on.
Type: signed integer
Default:
9154
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.showqPath
Path where Postfix places it's showq socket.
Type: path
Default:
"/var/spool/postfix/public/showq"
Example:
"/var/lib/postfix/queue/public/showq"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.systemd.enable
Whether to enable reading metrics from the systemd-journal instead of from a logfile .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.systemd.journalPath
Path to the systemd journal.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.systemd.slice
Name of the postfix systemd slice.
This overrides the systemd.unit
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.systemd.unit
Name of the postfix systemd unit.
Type: string
Default:
"postfix.service"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.telemetryPath
Path under which to expose metrics.
Type: string
Default:
"/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.user
User name under which the postfix exporter shall be run.
Has no effect when systemd.services.prometheus-postfix-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.snmp.enable
Whether to enable the prometheus snmp exporter.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.snmp.configuration
Snmp exporter configuration as nix attribute set. Mutually exclusive with 'configurationPath' option.
Type: null or attribute set
Default:
{
}
Example:
'' { "default" = { "version" = 2; "auth" = { "community" = "public"; }; }; }; ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.snmp.configurationPath
Path to a snmp exporter configuration file. Mutually exclusive with 'configuration' option.
Type: null or path
Default:
null
Example:
"./snmp.yml"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.snmp.extraFlags
Extra commandline options to pass to the snmp exporter.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.snmp.firewallFilter
Specify a filter for iptables to use when
services.prometheus.exporters.snmp.openFirewall
is true. It is used as `ip46tables -I nixos-fw firewallFilter
-j nixos-fw-accept`.
Type: string
Default:
"-p tcp -m tcp --dport 9116"
Example:
"-i eth0 -p tcp -m tcp --dport 9116"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.snmp.group
Group under which the snmp exporter shall be run.
Has no effect when systemd.services.prometheus-snmp-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.snmp.listenAddress
Address to listen on.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.snmp.logFormat
Set the log target and format.
Type: string
Default:
"logger:stderr"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.snmp.logLevel
Only log messages with the given severity or above.
Type: one of "debug", "info", "warn", "error", "fatal"
Default:
"info"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.snmp.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.snmp.port
Port to listen on.
Type: signed integer
Default:
9116
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.snmp.user
User name under which the snmp exporter shall be run.
Has no effect when systemd.services.prometheus-snmp-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.surfboard.enable
Whether to enable the prometheus surfboard exporter.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.surfboard.extraFlags
Extra commandline options to pass to the surfboard exporter.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.surfboard.firewallFilter
Specify a filter for iptables to use when
services.prometheus.exporters.surfboard.openFirewall
is true. It is used as `ip46tables -I nixos-fw firewallFilter
-j nixos-fw-accept`.
Type: string
Default:
"-p tcp -m tcp --dport 9239"
Example:
"-i eth0 -p tcp -m tcp --dport 9239"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.surfboard.group
Group under which the surfboard exporter shall be run.
Has no effect when systemd.services.prometheus-surfboard-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.surfboard.listenAddress
Address to listen on.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.surfboard.modemAddress
The hostname or IP of the cable modem.
Type: string
Default:
"192.168.100.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.surfboard.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.surfboard.port
Port to listen on.
Type: signed integer
Default:
9239
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.surfboard.user
User name under which the surfboard exporter shall be run.
Has no effect when systemd.services.prometheus-surfboard-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.enable
Whether to enable the prometheus unifi exporter.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.extraFlags
Extra commandline options to pass to the unifi exporter.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.firewallFilter
Specify a filter for iptables to use when
services.prometheus.exporters.unifi.openFirewall
is true. It is used as `ip46tables -I nixos-fw firewallFilter
-j nixos-fw-accept`.
Type: string
Default:
"-p tcp -m tcp --dport 9130"
Example:
"-i eth0 -p tcp -m tcp --dport 9130"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.group
Group under which the unifi exporter shall be run.
Has no effect when systemd.services.prometheus-unifi-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.listenAddress
Address to listen on.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.port
Port to listen on.
Type: signed integer
Default:
9130
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.unifiAddress
URL of the UniFi Controller API.
Type: string
Example:
"https://10.0.0.1:8443"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.unifiInsecure
If enabled skip the verification of the TLS certificate of the UniFi Controller API. Use with caution.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.unifiPassword
Password for authentication against UniFi Controller API.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.unifiTimeout
Timeout including unit for UniFi Controller API requests.
Type: string
Default:
"5s"
Example:
"2m"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.unifiUsername
username for authentication against UniFi Controller API.
Type: string
Example:
"ReadOnlyUser"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.user
User name under which the unifi exporter shall be run.
Has no effect when systemd.services.prometheus-unifi-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.enable
Whether to enable the prometheus varnish exporter.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.extraFlags
Extra commandline options to pass to the varnish exporter.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.firewallFilter
Specify a filter for iptables to use when
services.prometheus.exporters.varnish.openFirewall
is true. It is used as `ip46tables -I nixos-fw firewallFilter
-j nixos-fw-accept`.
Type: string
Default:
"-p tcp -m tcp --dport 9131"
Example:
"-i eth0 -p tcp -m tcp --dport 9131"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.group
Group under which the varnish exporter shall be run.
Has no effect when systemd.services.prometheus-varnish-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.healthPath
Path under which to expose healthcheck. Disabled unless configured.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.instance
varnishstat -n value.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.listenAddress
Address to listen on.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.noExit
Do not exit server on Varnish scrape errors.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.port
Port to listen on.
Type: signed integer
Default:
9131
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.raw
Enable raw stdout logging without timestamps.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.telemetryPath
Path under which to expose metrics.
Type: string
Default:
"/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.user
User name under which the varnish exporter shall be run.
Has no effect when systemd.services.prometheus-varnish-exporter.serviceConfig.DynamicUser
is true.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.varnishStatPath
Path to varnishstat.
Type: string
Default:
"varnishstat"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.verbose
Enable verbose logging.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.withGoMetrics
Export go runtime and http handler metrics.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.extraFlags
Extra commandline options when launching Prometheus.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.globalConfig
Parameters that are valid in all configuration contexts. They also serve as defaults for other configuration sections
Type: submodule
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.globalConfig.evaluation_interval
How frequently to evaluate rules by default.
Type: string
Default:
"1m"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.globalConfig.external_labels
The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager).
Type: attribute set of strings
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.globalConfig.scrape_interval
How frequently to scrape targets by default.
Type: string
Default:
"1m"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.globalConfig.scrape_timeout
How long until a scrape request times out.
Type: string
Default:
"10s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.listenAddress
Address to listen on for the web interface, API, and telemetry.
Type: string
Default:
"0.0.0.0:9090"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.ruleFiles
Any additional rules files to include in this configuration.
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.rules
Alerting and/or Recording rules to evaluate at runtime.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs
A list of scrape configurations.
Type: list of submodules
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.basic_auth
Optional http login credentials for metrics scraping.
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.basic_auth.password
HTTP password
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.basic_auth.username
HTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs
List of Consul service discovery configurations.
Type: list of submodules
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.datacenter
Consul datacenter
Type: null or string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.password
Consul password
Type: null or string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.scheme
Consul scheme
Type: null or string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.server
Consul server to query.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.services
A list of services for which targets are retrieved.
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tag_separator
The string by which Consul tags are joined into the tag label.
Type: string
Default:
","
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.token
Consul token
Type: null or string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.username
Consul username
Type: null or string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dns_sd_configs
List of DNS service discovery configurations.
Type: list of submodules
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dns_sd_configs.*.names
A list of DNS SRV record names to be queried.
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dns_sd_configs.*.refresh_interval
The time after which the provided names are refreshed.
Type: string
Default:
"30s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.file_sd_configs
List of file service discovery configurations.
Type: list of submodules
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.file_sd_configs.*.files
Patterns for files from which target groups are extracted. Refer to the Prometheus documentation for permitted filename patterns and formats.
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.file_sd_configs.*.refresh_interval
Refresh interval to re-read the files.
Type: string
Default:
"30s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.honor_labels
Controls how Prometheus handles conflicts between labels that are already present in scraped data and labels that Prometheus would attach server-side ("job" and "instance" labels, manually configured target labels, and labels generated by service discovery implementations).
If honor_labels is set to "true", label conflicts are resolved by keeping label values from the scraped data and ignoring the conflicting server-side labels.
If honor_labels is set to "false", label conflicts are resolved by renaming conflicting labels in the scraped data to "exported_<original-label>" (for example "exported_instance", "exported_job") and then attaching server-side labels. This is useful for use cases such as federation, where all labels specified in the target should be preserved.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.job_name
The job name assigned to scraped metrics by default.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.metrics_path
The HTTP resource path on which to fetch metrics from targets.
Type: string
Default:
"/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.params
Optional HTTP URL parameters.
Type: attribute set of list of stringss
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.relabel_configs
List of relabel configurations.
Type: list of submodules
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.relabel_configs.*.action
Action to perform based on regex matching.
Type: one of "replace", "keep", "drop"
Default:
"replace"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.relabel_configs.*.regex
Regular expression against which the extracted value is matched.
Type: string
Default:
"(.*)"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.relabel_configs.*.replacement
Replacement value against which a regex replace is performed if the regular expression matches.
Type: string
Default:
"\$1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.relabel_configs.*.separator
Separator placed between concatenated source label values.
Type: string
Default:
";"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.relabel_configs.*.source_labels
The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression.
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.relabel_configs.*.target_label
Label to which the resulting value is written in a replace action. It is mandatory for replace actions.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scheme
The URL scheme with which to fetch metrics from targets.
Type: one of "http", "https"
Default:
"http"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scrape_interval
How frequently to scrape targets from this job. Defaults to the globally configured default.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scrape_timeout
Per-target timeout when scraping this job. Defaults to the globally configured default.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.static_configs
List of labeled target groups for this job.
Type: list of submodules
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.static_configs.*.labels
Labels assigned to all metrics scraped from the targets.
Type: attribute set of strings
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.static_configs.*.targets
The targets specified by the target group.
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prosody.enable
Whether to enable the prosody server
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.package
Prosody package to use
Type: package
Default:
"pkgs.prosody"
Example:
pkgs.prosody.override { withExtraLibs = [ pkgs.luaPackages.lpty ]; withCommunityModules = [ "auth_external" ]; };
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.admins
List of administrators of the current host
Type: list of strings
Default:
[
]
Example:
[
"admin1@example.com" "admin2@example.com"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.allowRegistration
Allow account creation
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.c2sRequireEncryption
Force clients to use encrypted connections? This option will prevent clients from authenticating unless they are using encryption.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.dataDir
Directory where Prosody stores its data
Type: string
Default:
"/var/lib/prosody"
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.extraConfig
Additional prosody configuration
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.extraModules
Enable custom modules
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.extraPluginPaths
Addtional path in which to look find plugins/modules
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.group
Group account under which prosody runs.
Type: string
Default:
"prosody"
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.admin_adhoc
Allows administration via an XMPP client that supports ad-hoc commands
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.admin_telnet
Opens telnet console interface on localhost port 5582
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.announce
Send announcement to all online users
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.blocklist
Allow users to block communications with other users
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.bosh
Enable BOSH clients, aka 'Jabber over HTTP'
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.carbons
Keep multiple clients in sync
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.dialback
s2s dialback support
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.disco
Service discovery
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.groups
Shared roster support
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.http_files
Serve static files from a directory over HTTP
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.legacyauth
Legacy authentication. Only used by some old clients and bots
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.limits
Enable bandwidth limiting for XMPP connections
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.mam
Store messages in an archive and allow users to access it
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.motd
Send a message to users when they log in
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.pep
Enables users to publish their mood, activity, playing music and more
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.ping
Replies to XMPP pings with pongs
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.private
Private XML storage (for room bookmarks, etc.)
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.proxy65
Enables a file transfer proxy service which clients behind NAT can use
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.register
Allow users to register on this server using a client and change passwords
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.roster
Allow users to have a roster
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.saslauth
Authentication for clients and servers. Recommended if you want to log in.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.server_contact_info
Publish contact information for this service
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.time
Let others know the time here on this server
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.tls
Add support for secure TLS on c2s/s2s connections
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.uptime
Report how long server has been running
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.vcard
Allow users to set vCards
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.version
Replies to server version requests
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.watchregistrations
Alert admins of registrations
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.websocket
Enable WebSocket support
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.welcome
Welcome users who register accounts
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.s2sInsecureDomains
Some servers have invalid or self-signed certificates. You can list remote domains here that will not be required to authenticate using certificates. They will be authenticated using DNS instead, even when s2s_secure_auth is enabled.
Type: list of strings
Default:
[
]
Example:
[
"insecure.example.com"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.s2sRequireEncryption
Force servers to use encrypted connections? This option will prevent servers from authenticating unless they are using encryption. Note that this is different from authentication.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.s2sSecureAuth
Force certificate authentication for server-to-server connections? This provides ideal security, but requires servers you communicate with to support encryption AND present valid, trusted certificates. For more information see https://prosody.im/doc/s2s#security
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.s2sSecureDomains
Even if you leave s2s_secure_auth disabled, you can still require valid certificates for some domains by specifying a list here.
Type: list of strings
Default:
[
]
Example:
[
"jabber.org"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.ssl
Paths to SSL files
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.ssl.cert
Path to the certificate file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.ssl.extraOptions
Extra SSL configuration options.
Type: attribute set
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.ssl.key
Path to the key file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.user
User account under which prosody runs.
Type: string
Default:
"prosody"
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.virtualHosts
Define the virtual hosts
Type: list or attribute set of submodules
Default:
{
localhost =
{
domain = "localhost"; enabled = true;
}
;
}
Example:
{
myhost =
{
domain = "my-xmpp-example-host.org"; enabled = true;
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.virtualHosts.<name?>.enabled
Whether to enable the virtual host
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.virtualHosts.<name?>.domain
Domain name
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.virtualHosts.<name?>.extraConfig
Additional virtual host specific configuration
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.virtualHosts.<name?>.ssl
Paths to SSL files
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.virtualHosts.<name?>.ssl.cert
Path to the certificate file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.virtualHosts.<name?>.ssl.extraOptions
Extra SSL configuration options.
Type: attribute set
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.virtualHosts.<name?>.ssl.key
Path to the key file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.psd.enable
Whether to enable the Profile Sync daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/profile-sync-daemon.nix>
|
services.psd.resyncTimer
The amount of time to wait before syncing browser profiles back to the disk.
Takes a systemd.unit time span. The time unit defaults to seconds if omitted.
Type: string
Default:
"1h"
Example:
"1h 30min"
Declared by:
<nixpkgs/nixos/modules/services/desktops/profile-sync-daemon.nix>
|
services.pykms.enable
Whether to enable the PyKMS service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/pykms.nix>
|
services.pykms.listenAddress
The IP address on which to listen.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/pykms.nix>
|
services.pykms.openFirewallPort
Whether the listening port should be opened automatically.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/pykms.nix>
|
services.pykms.port
The port on which to listen.
Type: signed integer
Default:
1688
Declared by:
<nixpkgs/nixos/modules/services/misc/pykms.nix>
|
services.pykms.verbose
Show verbose output.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/pykms.nix>
|
services.qemuGuest.enable
Whether to enable the qemu guest agent.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-guest-agent.nix>
|
services.quagga.babel.enable
Whether to enable the Quagga BABEL routing protocol.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.babel.config
babeld configuration statements.
Type: string
Default:
""
Example:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.babel.configFile
Configuration file to use for Quagga babeld. By default the NixOS generated files are used.
Type: null or path
Default:
null
Example:
"/etc/quagga/babeld.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.babel.vtyListenAddress
Address to bind to for the VTY interface.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.babel.vtyListenPort
TCP Port to bind to for the VTY interface.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.bgp.enable
Whether to enable the Quagga BGP routing protocol.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.bgp.config
bgpd configuration statements.
Type: string
Default:
""
Example:
'' router bgp 65001 neighbor 10.0.0.1 remote-as 65001 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.bgp.configFile
Configuration file to use for Quagga bgpd. By default the NixOS generated files are used.
Type: null or path
Default:
null
Example:
"/etc/quagga/bgpd.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.bgp.vtyListenAddress
Address to bind to for the VTY interface.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.bgp.vtyListenPort
TCP Port to bind to for the VTY interface.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.isis.enable
Whether to enable the Quagga ISIS routing protocol.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.isis.config
isisd configuration statements.
Type: string
Default:
""
Example:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.isis.configFile
Configuration file to use for Quagga isisd. By default the NixOS generated files are used.
Type: null or path
Default:
null
Example:
"/etc/quagga/isisd.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.isis.vtyListenAddress
Address to bind to for the VTY interface.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.isis.vtyListenPort
TCP Port to bind to for the VTY interface.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.ospf.enable
Whether to enable the Quagga OSPF routing protocol.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.ospf.config
ospfd configuration statements.
Type: string
Default:
""
Example:
'' router ospf network 10.0.0.0/8 area 0 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.ospf.configFile
Configuration file to use for Quagga ospfd. By default the NixOS generated files are used.
Type: null or path
Default:
null
Example:
"/etc/quagga/ospfd.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.ospf.vtyListenAddress
Address to bind to for the VTY interface.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.ospf.vtyListenPort
TCP Port to bind to for the VTY interface.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.ospf6.enable
Whether to enable the Quagga OSPF6 routing protocol.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.ospf6.config
ospf6d configuration statements.
Type: string
Default:
""
Example:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.ospf6.configFile
Configuration file to use for Quagga ospf6d. By default the NixOS generated files are used.
Type: null or path
Default:
null
Example:
"/etc/quagga/ospf6d.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.ospf6.vtyListenAddress
Address to bind to for the VTY interface.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.ospf6.vtyListenPort
TCP Port to bind to for the VTY interface.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.pim.enable
Whether to enable the Quagga PIM routing protocol.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.pim.config
pimd configuration statements.
Type: string
Default:
""
Example:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.pim.configFile
Configuration file to use for Quagga pimd. By default the NixOS generated files are used.
Type: null or path
Default:
null
Example:
"/etc/quagga/pimd.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.pim.vtyListenAddress
Address to bind to for the VTY interface.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.pim.vtyListenPort
TCP Port to bind to for the VTY interface.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.rip.enable
Whether to enable the Quagga RIP routing protocol.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.rip.config
ripd configuration statements.
Type: string
Default:
""
Example:
'' router rip network 10.0.0.0/8 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.rip.configFile
Configuration file to use for Quagga ripd. By default the NixOS generated files are used.
Type: null or path
Default:
null
Example:
"/etc/quagga/ripd.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.rip.vtyListenAddress
Address to bind to for the VTY interface.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.rip.vtyListenPort
TCP Port to bind to for the VTY interface.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.ripng.enable
Whether to enable the Quagga RIPNG routing protocol.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.ripng.config
ripngd configuration statements.
Type: string
Default:
""
Example:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.ripng.configFile
Configuration file to use for Quagga ripngd. By default the NixOS generated files are used.
Type: null or path
Default:
null
Example:
"/etc/quagga/ripngd.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.ripng.vtyListenAddress
Address to bind to for the VTY interface.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.ripng.vtyListenPort
TCP Port to bind to for the VTY interface.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.zebra.enable
Whether to enable the Zebra routing manager.
The Zebra routing manager is automatically enabled if any routing protocols are configured.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.zebra.config
zebra configuration statements.
Type: string
Default:
""
Example:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.zebra.configFile
Configuration file to use for Quagga zebra. By default the NixOS generated files are used.
Type: null or path
Default:
null
Example:
"/etc/quagga/zebra.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.zebra.vtyListenAddress
Address to bind to for the VTY interface.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quagga.zebra.vtyListenPort
TCP Port to bind to for the VTY interface.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/quagga.nix>
|
services.quassel.enable
Whether to run the Quassel IRC client daemon.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
|
services.quassel.package
The package of the quassel daemon.
Type: package
Default:
"pkgs.quasselDaemon"
Example:
pkgs.quasselDaemon
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
|
services.quassel.dataDir
The directory holding configuration files, the SQlite database and the SSL Cert.
Type: unspecified
Default:
"/home/quassel/.config/quassel-irc.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
|
services.quassel.interfaces
The interfaces the Quassel daemon will be listening to. If `[ 127.0.0.1 ]', only clients on the local host can connect to it; if `[ 0.0.0.0 ]', clients can access it from any network interface.
Type: unspecified
Default:
[
"127.0.0.1"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
|
services.quassel.portNumber
The port number the Quassel daemon will be listening to.
Type: unspecified
Default:
4242
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
|
services.quassel.user
The existing user the Quassel daemon should run as. If left empty, a default "quassel" user will be created.
Type: unspecified
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
|
services.quassel-webserver.enable
Whether to enable the quassel webclient service
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/quassel-webserver.nix>
|
services.quassel-webserver.backlogLimit
Amount of backlogs to fetch per buffer after first retrieval
Type: signed integer
Default:
100
Declared by:
<nixpkgs/nixos/modules/services/web-apps/quassel-webserver.nix>
|
services.quassel-webserver.forceHostAndPort
Force the users to use the quasselCoreHost and quasselCorePort defaults
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/quassel-webserver.nix>
|
services.quassel-webserver.initialBacklogLimit
Amount of backlogs to fetch per buffer on connection
Type: signed integer
Default:
20
Declared by:
<nixpkgs/nixos/modules/services/web-apps/quassel-webserver.nix>
|
services.quassel-webserver.pkg
The quassel-webserver package
Type: package
Default:
"pkgs.quassel-webserver"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/quassel-webserver.nix>
|
services.quassel-webserver.port
The port the quassel webserver should listen on
Type: signed integer
Default:
60443
Declared by:
<nixpkgs/nixos/modules/services/web-apps/quassel-webserver.nix>
|
services.quassel-webserver.prefixPath
Configure this if you use a reverse proxy. Must start with a '/'
Type: string
Default:
""
Example:
"/quassel"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/quassel-webserver.nix>
|
services.quassel-webserver.quasselCoreHost
The default host of the quassel core
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/quassel-webserver.nix>
|
services.quassel-webserver.quasselCorePort
The default quassel core port
Type: signed integer
Default:
4242
Declared by:
<nixpkgs/nixos/modules/services/web-apps/quassel-webserver.nix>
|
services.quassel-webserver.secureCore
Connect to the core using SSL
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/quassel-webserver.nix>
|
services.quassel-webserver.theme
default or darksolarized
Type: string
Default:
"default"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/quassel-webserver.nix>
|
services.quassel-webserver.useHttps
Whether the quassel webserver connection should be a https connection
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/quassel-webserver.nix>
|
services.rabbitmq.enable
Whether to enable the RabbitMQ server, an Advanced Message Queuing Protocol (AMQP) broker.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.rabbitmq.package
Which rabbitmq package to use.
Type: package
Default:
"pkgs.rabbitmq-server"
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.rabbitmq.config
Verbatim advanced configuration file contents. Prefered way is to use configItems.
See http://www.rabbitmq.com/configure.html
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.rabbitmq.configItems
New style config options.
See http://www.rabbitmq.com/configure.html
Type: attribute set of strings
Default:
{
}
Example:
'' { "auth_backends.1.authn" = "rabbit_auth_backend_ldap"; "auth_backends.1.authz" = "rabbit_auth_backend_internal"; } ''
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.rabbitmq.cookie
Erlang cookie is a string of arbitrary length which must be the same for several nodes to be allowed to communicate. Leave empty to generate automatically.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.rabbitmq.dataDir
Data directory for rabbitmq.
Type: path
Default:
"/var/lib/rabbitmq"
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.rabbitmq.listenAddress
IP address on which RabbitMQ will listen for AMQP
connections. Set to the empty string to listen on all
interfaces. Note that RabbitMQ creates a user named
guest
with password
guest
by default, so you should delete
this user if you intend to allow external access.
Together with 'port' setting it's mostly an alias for configItems."listeners.tcp.1" and it's left for backwards compatibility with previous version of this module.
Type: string
Default:
"127.0.0.1"
Example:
""
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.rabbitmq.pluginDirs
The list of directories containing external plugins
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.rabbitmq.plugins
The names of plugins to enable
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.rabbitmq.port
Port on which RabbitMQ will listen for AMQP connections.
Type: signed integer
Default:
5672
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.racoon.enable
Whether to enable racoon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/racoon.nix>
|
services.racoon.config
Contents of racoon configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/racoon.nix>
|
services.racoon.configPath
Location of racoon config if config is not provided.
Type: path
Default:
"/etc/racoon/racoon.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/racoon.nix>
|
services.radarr.enable
Whether to enable Radarr.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/radarr.nix>
|
services.radicale.enable
Enable Radicale CalDAV and CardDAV server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/radicale.nix>
|
services.radicale.package
Radicale package to use. This defaults to version 1.x if
system.stateVersion < 17.09
and version 2.x
otherwise.
Type: package
Default:
"pkgs.radicale2"
Declared by:
<nixpkgs/nixos/modules/services/networking/radicale.nix>
|
services.radicale.config
Radicale configuration, this will set the service configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/radicale.nix>
|
services.radicale.extraArgs
Extra arguments passed to the Radicale daemon.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/radicale.nix>
|
services.radvd.enable
Whether to enable the Router Advertisement Daemon (radvd), which provides link-local advertisements of IPv6 router addresses and prefixes using the Neighbor Discovery Protocol (NDP). This enables stateless address autoconfiguration in IPv6 clients on the network.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/radvd.nix>
|
services.radvd.config
The contents of the radvd configuration file.
Type: unspecified
Example:
'' interface eth0 { AdvSendAdvert on; prefix 2001:db8:1234:5678::/64 { }; }; ''
Declared by:
<nixpkgs/nixos/modules/services/networking/radvd.nix>
|
services.ratbagd.enable
Whether to enable ratbagd for configuring gaming mice.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/ratbagd.nix>
|
services.rdnssd.enable
Whether to enable the RDNSS daemon
(rdnssd), which configures DNS servers in
/etc/resolv.conf
from RDNSS
advertisements sent by IPv6 routers.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/rdnssd.nix>
|
services.redis.enable
Whether to enable the Redis server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.package
Which Redis derivation to use.
Type: package
Default:
"pkgs.redis"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.appendFsync
How often to fsync the append-only log, options: no, always, everysec.
Type: string
Default:
"everysec"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.appendOnly
By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.appendOnlyFilename
Filename for the append-only file (stored inside of dbpath)
Type: string
Default:
"appendonly.aof"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.bind
The IP interface to bind to.
Type: null or string
Default:
null
Example:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.databases
Set the number of databases.
Type: signed integer
Default:
16
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.dbFilename
The filename where to dump the DB.
Type: string
Default:
"dump.rdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.dbpath
The DB will be written inside this directory, with the filename specified using the 'dbFilename' configuration.
Type: path
Default:
"/var/lib/redis"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.extraConfig
Extra configuration options for redis.conf.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.logLevel
Specify the server verbosity level, options: debug, verbose, notice, warning.
Type: string
Default:
"notice"
Example:
"debug"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.logfile
Specify the log file name. Also 'stdout' can be used to force Redis to log on the standard output.
Type: string
Default:
"/dev/null"
Example:
"/var/log/redis.log"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.masterAuth
If the master is password protected (using the requirePass configuration) it is possible to tell the slave to authenticate before starting the replication synchronization process, otherwise the master will refuse the slave request. (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
Type: unspecified
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.openFirewall
Whether to open ports in the firewall for the server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.pidFile
Type: path
Default:
"/var/lib/redis/redis.pid"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.port
The port for Redis to listen to.
Type: signed integer
Default:
6379
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.requirePass
Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
Type: null or string
Default:
null
Example:
"letmein!"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.save
The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes.
Type: list of list of signed integerss
Default:
[
[
900 1
]
[
300 10
]
[
60 10000
]
]
Example:
[
[
900 1
]
[
300 10
]
[
60 10000
]
]
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.slaveOf
An attribute set with two attributes: ip and port to which this redis instance acts as a slave.
Type: unspecified
Default:
null
Example:
{
ip = "192.168.1.100"; port = 6379;
}
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.slowLogLogSlowerThan
Log queries whose execution take longer than X in milliseconds.
Type: signed integer
Default:
10000
Example:
1000
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.slowLogMaxLen
Maximum number of items to keep in slow log.
Type: signed integer
Default:
128
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.syslog
Enable logging to the system logger.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.unixSocket
The path to the socket to bind to.
Type: null or path
Default:
null
Example:
"/var/run/redis.sock"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.user
User account under which Redis runs.
Type: string
Default:
"redis"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.vmOverCommit
Set vm.overcommit_memory to 1 (Suggested for Background Saving: http://redis.io/topics/faq)
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redmine.enable
Enable the Redmine service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.database.host
Database host address.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.database.name
Database name.
Type: string
Default:
"redmine"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.database.password
The password corresponding to database.user
.
Warning: this is stored in cleartext in the Nix store!
Use database.passwordFile
instead.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.database.passwordFile
A file containing the password corresponding to
database.user
.
Type: null or path
Default:
null
Example:
"/run/keys/redmine-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.database.port
Database host port.
Type: signed integer
Default:
3306
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.database.type
Database engine to use.
Type: one of "mysql2", "postgresql"
Default:
"mysql2"
Example:
"postgresql"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.database.user
Database user.
Type: string
Default:
"redmine"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.extraConfig
Extra configuration in configuration.yml.
See https://guides.rubyonrails.org/action_mailer_basics.html#action-mailer-configuration
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.group
Group under which Redmine is ran.
Type: string
Default:
"redmine"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.stateDir
The state directory, logs and plugins are stored here.
Type: string
Default:
"/var/lib/redmine"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.user
User under which Redmine is ran.
Type: string
Default:
"redmine"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redshift.enable
Enable Redshift to change your screen's colour temperature depending on the time of day.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.redshift.package
redshift derivation to use.
Type: package
Default:
"pkgs.redshift"
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.redshift.brightness.day
Screen brightness to apply during the day,
between 0.1
and 1.0
.
Type: string
Default:
"1"
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.redshift.brightness.night
Screen brightness to apply during the night,
between 0.1
and 1.0
.
Type: string
Default:
"1"
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.redshift.extraOptions
Additional command-line arguments to pass to redshift.
Type: list of strings
Default:
[
]
Example:
[
"-v" "-m randr"
]
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.redshift.latitude
Your current latitude, between
-90.0
and 90.0
. Must be provided
along with longitude.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.redshift.longitude
Your current longitude, between
between -180.0
and 180.0
. Must be
provided along with latitude.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.redshift.provider
The location provider to use for determining your location. If set to
manual
you must also provide latitude/longitude.
Type: one of "manual", "geoclue2"
Default:
"manual"
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.redshift.temperature.day
Colour temperature to use during the day, between
1000
and 25000
K.
Type: signed integer
Default:
5500
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.redshift.temperature.night
Colour temperature to use at night, between
1000
and 25000
K.
Type: signed integer
Default:
3700
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.redsocks.enable
Whether to enable redsocks.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.chroot
Chroot under which to run redsocks. Log file is opened before chroot, but if logging to syslog /etc/localtime may be required.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.log
Where to send logs.
Possible values are: - stderr - file:/path/to/file - syslog:FACILITY where FACILITY is any of "daemon", "local0", etc.
Type: string
Default:
"stderr"
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.log_debug
Log connection progress.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.log_info
Log start and end of client sessions.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.redsocks
Local port to proxy associations to be performed.
The example shows how to configure a proxy to handle port 80 as HTTP relay, and all other ports as HTTP connect.
Type: list of submodules
Example:
[
{
doNotRedirect =
[
"-d 1.2.0.0/16"
]
; port = 23456; proxy = "1.2.3.4:8080"; redirectCondition = "--dport 80"; type = "http-relay";
}
{
doNotRedirect =
[
"-d 1.2.0.0/16"
]
; port = 23457; proxy = "1.2.3.4:8080"; redirectCondition = true; type = "http-connect";
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.redsocks.*.disclose_src
Way to disclose client IP to the proxy. - "false": do not disclose http-connect supports the following ways: - "X-Forwarded-For": add header "X-Forwarded-For: IP" - "Forwarded_ip": add header "Forwarded: for=IP" (see RFC7239) - "Forwarded_ipport": add header 'Forwarded: for="IP:port"'
Type: one of "false", "X-Forwarded-For", "Forwarded_ip", "Forwarded_ipport"
Default:
"false"
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.redsocks.*.doNotRedirect
Iptables filters that if matched will get the packet off of redsocks.
Type: list of strings
Default:
[
]
Example:
[
"-d 1.2.3.4"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.redsocks.*.ip
IP on which redsocks should listen. Defaults to 127.0.0.1 for security reasons.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.redsocks.*.login
Login to send to proxy.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.redsocks.*.password
Password to send to proxy. WARNING, this will end up world-readable in the store! Awaiting https://github.com/NixOS/nix/issues/8 to be able to fix.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.redsocks.*.port
Port on which redsocks should listen.
Type: signed integer
Default:
12345
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.redsocks.*.proxy
Proxy through which redsocks should forward incoming traffic. Example: "example.org:8080"
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.redsocks.*.redirectCondition
Conditions to make outbound packets go through this redsocks instance.
If set to false, no packet will be forwarded. If set to true, all packets will be forwarded (except packets excluded by redirectInternetOnly).
If set to a string, this is an iptables filter that will be matched against packets before getting them into redsocks. For example, setting it to "--dport 80" will only send packets to port 80 to redsocks. Note "-p tcp" is always implicitly added, as udp can only be proxied through redudp or the like.
Type: boolean or string
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.redsocks.*.redirectInternetOnly
Exclude all non-globally-routable IPs from redsocks
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.redsocks.*.type
Type of proxy.
Type: one of "socks4", "socks5", "http-connect", "http-relay"
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.resilio.enable
If enabled, start the Resilio Sync daemon. Once enabled, you can interact with the service through the Web UI, or configure it in your NixOS configuration.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.enableWebUI
Enable Web UI for administration. Bound to the specified
httpListenAddress
and
httpListenPort
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.apiKey
API key, which enables the developer API.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.checkForUpdates
Determines whether to check for updates and alert the user about them in the UI.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.deviceName
Name of the Resilio Sync device.
Type: string
Default:
"nixos"
Example:
"Voltron"
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.directoryRoot
Default directory to add folders in the web UI.
Type: string
Default:
""
Example:
"/media"
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.downloadLimit
Download speed limit. 0 is unlimited (default).
Type: signed integer
Default:
0
Example:
1024
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.encryptLAN
Encrypt LAN data.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.httpListenAddr
HTTP address to bind to.
Type: string
Default:
"0.0.0.0"
Example:
"1.2.3.4"
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.httpListenPort
HTTP port to bind on.
Type: signed integer
Default:
9000
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.httpLogin
HTTP web login username.
Type: string
Default:
""
Example:
"allyourbase"
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.httpPass
HTTP web login password.
Type: string
Default:
""
Example:
"arebelongtous"
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.listeningPort
Listening port. Defaults to 0 which randomizes the port.
Type: signed integer
Default:
0
Example:
44444
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.sharedFolders
Shared folder list. If enabled, web UI must be
disabled. Secrets can be generated using rslsync
--generate-secret
. Note that this secret will be
put inside the Nix store, so it is realistically not very
secret.
If you would like to be able to modify the contents of this
directories, it is recommended that you make your user a
member of the resilio
group.
Directories in this list should be in the
resilio
group, and that group must have
write access to the directory. It is also recommended that
chmod g+s
is applied to the directory
so that any sub directories created will also belong to
the resilio
group. Also,
setfacl -d -m group:resilio:rwx
and
setfacl -m group:resilio:rwx
should also
be applied so that the sub directories are writable by
the group.
Type: unspecified
Default:
[
]
Example:
[
{
directory = "/home/user/sync_test"; knownHosts =
[
"192.168.1.2:4444" "192.168.1.3:4444"
]
; searchLAN = true; secret = "AHMYFPCQAHBM7LQPFXQ7WV6Y42IGUXJ5Y"; useDHT = false; useRelayServer = true; useSyncTrash = true; useTracker = true;
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.storagePath
Where BitTorrent Sync will store it's database files (containing things like username info and licenses). Generally, you should not need to ever change this.
Type: path
Default:
"/var/lib/resilio-sync/"
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.uploadLimit
Upload speed limit. 0 is unlimited (default).
Type: signed integer
Default:
0
Example:
1024
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.useUpnp
Use Universal Plug-n-Play (UPnP)
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resolved.enable
Whether to enable the systemd DNS resolver daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/resolved.nix>
|
services.resolved.dnssec
If set to
"true"
all DNS lookups are DNSSEC-validated locally (excluding LLMNR and Multicast DNS). Note that this mode requires a DNS server that supports DNSSEC. If the DNS server does not properly support DNSSEC all validations will fail.
"allow-downgrade"
DNSSEC validation is attempted, but if the server does not support DNSSEC properly, DNSSEC mode is automatically disabled. Note that this mode makes DNSSEC validation vulnerable to "downgrade" attacks, where an attacker might be able to trigger a downgrade to non-DNSSEC mode by synthesizing a DNS response that suggests DNSSEC was not supported.
"false"
DNS lookups are not DNSSEC validated.
Type: one of "true", "allow-downgrade", "false"
Default:
"allow-downgrade"
Example:
"true"
Declared by:
<nixpkgs/nixos/modules/system/boot/resolved.nix>
|
services.resolved.domains
A list of domains. These domains are used as search suffixes when resolving single-label host names (domain names which contain no dot), in order to qualify them into fully-qualified domain names (FQDNs).
For compatibility reasons, if this setting is not specified,
the search domains listed in
/etc/resolv.conf
are used instead, if
that file exists and any domains are configured in it.
Type: list of strings
Default:
[
]
Example:
[
"example.com"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/resolved.nix>
|
services.resolved.extraConfig
Extra config to append to resolved.conf.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/resolved.nix>
|
services.resolved.fallbackDns
A list of IPv4 and IPv6 addresses to use as the fallback DNS servers. If this option is empty, a compiled-in list of DNS servers is used instead.
Type: list of strings
Default:
[
]
Example:
[
"8.8.8.8" "2001:4860:4860::8844"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/resolved.nix>
|
services.resolved.llmnr
Controls Link-Local Multicast Name Resolution support (RFC 4795) on the local host.
If set to
"true"
Enables full LLMNR responder and resolver support.
"false"
Disables both.
"resolve"
Only resolution support is enabled, but responding is disabled.
Type: one of "true", "resolve", "false"
Default:
"true"
Example:
"false"
Declared by:
<nixpkgs/nixos/modules/system/boot/resolved.nix>
|
services.restic.backups
Periodic backups to create with Restic.
Type: attribute set of submodules
Default:
{
}
Example:
{
localbackup =
{
initialize = true; passwordFile = "/etc/nixos/secrets/restic-password"; paths =
[
"/home"
]
; repository = "/mnt/backup-hdd";
}
; remotebackup =
{
extraOptions =
[
"sftp.command='ssh backup@host -i /etc/nixos/secrets/backup-private-key -s sftp'"
]
; passwordFile = "/etc/nixos/secrets/restic-password"; paths =
[
"/home"
]
; repository = "sftp:backup@host:/backups/home"; timerConfig =
{
OnCalendar = "00:05"; RandomizedDelaySec = "5h";
}
;
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.extraBackupArgs
Extra arguments passed to restic backup.
Type: list of strings
Default:
[
]
Example:
[
"--exclude-file=/etc/nixos/restic-ignore"
]
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.extraOptions
Extra extended options to be passed to the restic --option flag.
Type: list of strings
Default:
[
]
Example:
[
"sftp.command='ssh backup@192.168.1.100 -i /home/user/.ssh/id_rsa -s sftp'"
]
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.initialize
Create the repository if it doesn't exist.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.passwordFile
Read the repository password from a file.
Type: string
Example:
"/etc/nixos/restic-password"
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.paths
Which paths to backup.
Type: list of strings
Default:
[
]
Example:
[
"/var/lib/postgresql" "/home/user/backup"
]
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.repository
repository to backup to.
Type: string
Example:
"sftp:backup@192.168.1.100:/backups/‹name›"
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.s3CredentialsFile
file containing the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY for an S3-hosted repository, in the format of an EnvironmentFile as described by systemd.exec(5)
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.timerConfig
When to run the backup. See man systemd.timer for details.
Type: attribute set of strings
Default:
{
OnCalendar = "daily";
}
Example:
{
OnCalendar = "00:05"; RandomizedDelaySec = "5h";
}
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.user
As which user the backup should run.
Type: string
Default:
"root"
Example:
"postgresql"
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.server.enable
Whether to enable Restic REST Server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/backup/restic-rest-server.nix>
|
services.restic.server.package
Restic REST server package to use.
Type: package
Default:
"pkgs.restic-rest-server"
Declared by:
<nixpkgs/nixos/modules/services/backup/restic-rest-server.nix>
|
services.restic.server.appendOnly
Enable append only mode. This mode allows creation of new backups but prevents deletion and modification of existing backups. This can be useful when backing up systems that have a potential of being hacked.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/restic-rest-server.nix>
|
services.restic.server.dataDir
The directory for storing the restic repository.
Type: path
Default:
"/var/lib/restic"
Declared by:
<nixpkgs/nixos/modules/services/backup/restic-rest-server.nix>
|
services.restic.server.extraFlags
Extra commandline options to pass to Restic REST server.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/backup/restic-rest-server.nix>
|
services.restic.server.listenAddress
Listen on a specific IP address and port.
Type: string
Default:
":8000"
Example:
"127.0.0.1:8080"
Declared by:
<nixpkgs/nixos/modules/services/backup/restic-rest-server.nix>
|
services.restic.server.privateRepos
Enable private repos. Grants access only when a subdirectory with the same name as the user is specified in the repository URL.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/restic-rest-server.nix>
|
services.restic.server.prometheus
Enable Prometheus metrics at /metrics.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/restic-rest-server.nix>
|
services.restya-board.enable
Whether to enable restya-board.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.dataDir
Data of the application.
Type: path
Default:
"/var/lib/restya-board"
Example:
"/var/lib/restya-board"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.database.host
Host of the database. Leave 'null' to use a local PostgreSQL database. A local PostgreSQL database is initialized automatically.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.database.name
Name of the database. The database must exist.
Type: string
Default:
"restya_board"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.database.passwordFile
The database user's password. 'null' if no password is set.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.database.port
The database's port.
Type: null or signed integer
Default:
5432
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.database.user
The database user. The user must exist and have access to the specified database.
Type: string
Default:
"restya_board"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.email.login
SMTP authentication login used when sending outgoing mail.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.email.password
SMTP authentication password used when sending outgoing mail.
ATTENTION: The password is stored world-readable in the nix-store!
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.email.port
Port used to connect to SMTP server.
Type: signed integer
Default:
25
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.email.server
Hostname to send outgoing mail. Null to use the system MTA.
Type: null or string
Default:
null
Example:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.group
Group account under which the web-application runs.
Type: string
Default:
"nginx"
Example:
"nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.timezone
Timezone the web-app runs in.
Type: string
Default:
"GMT"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.user
User account under which the web-application runs.
Type: string
Default:
"restya-board"
Example:
"restya-board"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.virtualHost.listenHost
Listen address for the virtualhost to use.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.virtualHost.listenPort
Listen port for the virtualhost to use.
Type: signed integer
Default:
3000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.virtualHost.serverName
Name of the nginx virtualhost to use.
Type: string
Default:
"restya.board"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.riak.enable
Whether to enable riak.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/riak.nix>
|
services.riak.package
Riak package to use.
Type: package
Default:
"pkgs.riak"
Example:
pkgs.riak
Declared by:
<nixpkgs/nixos/modules/services/databases/riak.nix>
|
services.riak.dataDir
Data directory for Riak.
Type: path
Default:
"/var/db/riak"
Declared by:
<nixpkgs/nixos/modules/services/databases/riak.nix>
|
services.riak.distributedCookie
Cookie for distributed node communication. All nodes in the same cluster should use the same cookie or they will not be able to communicate.
Type: string
Default:
"riak"
Declared by:
<nixpkgs/nixos/modules/services/databases/riak.nix>
|
services.riak.extraAdvancedConfig
Additional text to be appended to advanced.config
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/riak.nix>
|
services.riak.extraConfig
Additional text to be appended to riak.conf
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/riak.nix>
|
services.riak.logDir
Log directory for Riak.
Type: path
Default:
"/var/log/riak"
Declared by:
<nixpkgs/nixos/modules/services/databases/riak.nix>
|
services.riak.nodeName
Name of the Erlang node.
Type: string
Default:
"riak@127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/riak.nix>
|
services.riak-cs.enable
Whether to enable riak-cs.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/riak-cs.nix>
|
services.riak-cs.package
Riak package to use.
Type: package
Default:
"pkgs.riak-cs"
Example:
pkgs.riak-cs
Declared by:
<nixpkgs/nixos/modules/services/databases/riak-cs.nix>
|
services.riak-cs.anonymousUserCreation
Anonymous user creation.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/riak-cs.nix>
|
services.riak-cs.dataDir
Data directory for Riak CS.
Type: path
Default:
"/var/db/riak-cs"
Declared by:
<nixpkgs/nixos/modules/services/databases/riak-cs.nix>
|
services.riak-cs.distributedCookie
Cookie for distributed node communication. All nodes in the same cluster should use the same cookie or they will not be able to communicate.
Type: string
Default:
"riak"
Declared by:
<nixpkgs/nixos/modules/services/databases/riak-cs.nix>
|
services.riak-cs.extraAdvancedConfig
Additional text to be appended to advanced.config
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/riak-cs.nix>
|
services.riak-cs.extraConfig
Additional text to be appended to riak-cs.conf
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/riak-cs.nix>
|
services.riak-cs.listener
Name of Riak CS listening service.
Type: string
Default:
"127.0.0.1:8080"
Declared by:
<nixpkgs/nixos/modules/services/databases/riak-cs.nix>
|
services.riak-cs.logDir
Log directory for Riak CS.
Type: path
Default:
"/var/log/riak-cs"
Declared by:
<nixpkgs/nixos/modules/services/databases/riak-cs.nix>
|
services.riak-cs.nodeName
Name of the Erlang node.
Type: string
Default:
"riak-cs@127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/riak-cs.nix>
|
services.riak-cs.riakHost
Name of riak hosting service.
Type: string
Default:
"127.0.0.1:8087"
Declared by:
<nixpkgs/nixos/modules/services/databases/riak-cs.nix>
|
services.riak-cs.stanchionHost
Name of stanchion hosting service.
Type: string
Default:
"127.0.0.1:8085"
Declared by:
<nixpkgs/nixos/modules/services/databases/riak-cs.nix>
|
services.riak-cs.stanchionSsl
Tell stanchion to use SSL.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/riak-cs.nix>
|
services.riemann.enable
Enable the Riemann network monitoring daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann.nix>
|
services.riemann.config
Contents of the Riemann configuration file. For more complicated config you should use configFile.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann.nix>
|
services.riemann.configFile
A Riemann config file. Any files in the same directory as this file will be added to the classpath by Riemann.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann.nix>
|
services.riemann.configFiles
Extra files containing Riemann configuration. These files will be
loaded at runtime by Riemann (with Clojure's
load-file
function) at the end of the
configuration if you use the config option, this is ignored if you
use configFile.
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann.nix>
|
services.riemann.extraClasspathEntries
Extra entries added to the Java classpath when running Riemann.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann.nix>
|
services.riemann.extraJavaOpts
Extra Java options used when launching Riemann.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann.nix>
|
services.riemann-dash.enable
Enable the riemann-dash dashboard daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann-dash.nix>
|
services.riemann-dash.config
Contents added to the end of the riemann-dash configuration file.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann-dash.nix>
|
services.riemann-dash.dataDir
Location of the riemann-base dir. The dashboard configuration file is is stored to this directory. The directory is created automatically on service start, and owner is set to the riemanndash user.
Type: string
Default:
"/var/riemann-dash"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann-dash.nix>
|
services.riemann-tools.enableHealth
Enable the riemann-health daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann-tools.nix>
|
services.riemann-tools.riemannHost
Address of the host riemann node. Defaults to localhost.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann-tools.nix>
|
services.rippleDataApi.enable
Whether to enable ripple data api.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.couchdb.create
Whether to create couchdb database needed by ripple data api.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.couchdb.db
Ripple data api couchdb database.
Type: string
Default:
"rippled"
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.couchdb.host
Ripple data api couchdb host.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.couchdb.pass
Ripple data api couchdb password.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.couchdb.port
Ripple data api couchdb port.
Type: signed integer
Default:
5984
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.couchdb.user
Ripple data api couchdb username.
Type: string
Default:
"rippled"
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.importMode
Ripple data api import mode.
Type: one of "live", "liveOnly"
Default:
"liveOnly"
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.maxLedger
Ripple data api maximal ledger to fetch.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.minLedger
Ripple data api minimal ledger to fetch.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.port
Ripple data api port
Type: signed integer
Default:
5993
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.redis.enable
Whether to enable caching of ripple data to redis.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.redis.host
Ripple data api redis host.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.redis.port
Ripple data api redis port.
Type: signed integer
Default:
5984
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.rippleds
List of rippleds to be used by ripple data api.
Type: list of strings
Default:
[
"http://s_east.ripple.com:51234" "http://s_west.ripple.com:51234"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippled.enable
Whether to enable rippled.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.package
Which rippled package to use.
Type: package
Default:
"pkgs.rippled"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.databasePath
Path to the ripple database.
Type: path
Default:
"/var/lib/rippled"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.extraConfig
Extra lines to be added verbatim to the rippled.cfg configuration file.
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.fetchDepth
The number of past ledgers to serve to other peers that request historical ledger data (or "full" for no limit).
Type: signed integer or one of "full"
Default:
"full"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.importDb
Settings for performing a one-time import.
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.importDb.advisoryDelete
If set, then require administrative RPC call "can_delete" to enable online deletion of ledger records.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.importDb.compression
Whether to enable snappy compression.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.importDb.extraOpts
Extra database options.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.importDb.onlineDelete
Enable automatic purging of older ledger information.
Type: null or signed integer
Default:
1296000
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.importDb.path
Location to store the database.
Type: path
Default:
"/var/lib/rippled"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.importDb.type
Rippled database type.
Type: one of "rocksdb", "nudb"
Default:
"rocksdb"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ips
List of hostnames or ips where the Ripple protocol is served. For a starter list, you can either copy entries from: https://ripple.com/ripple.txt or if you prefer you can let it default to r.ripple.com 51235
A port may optionally be specified after adding a space to the address. By convention, if known, IPs are listed in from most to least trusted.
Type: list of strings
Default:
[
"r.ripple.com 51235"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ipsFixed
List of IP addresses or hostnames to which rippled should always attempt to maintain peer connections with. This is useful for manually forming private networks, for example to configure a validation server that connects to the Ripple network through a public-facing server, or for building a set of cluster peers.
A port may optionally be specified after adding a space to the address
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ledgerHistory
The number of past ledgers to acquire on server startup and the minimum to maintain while running.
Type: signed integer or one of "full"
Default:
1296000
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.logLevel
Logging verbosity.
Type: one of "debug", "error", "info"
Default:
"error"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.nodeDb
Rippled main database options.
Type: null or submodule
Default:
{
extraOpts = " open_files=2000\n filter_bits=12\n cache_mb=256\n file_size_pb=8\n file_size_mult=2;\n "; type = "rocksdb";
}
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.nodeDb.advisoryDelete
If set, then require administrative RPC call "can_delete" to enable online deletion of ledger records.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.nodeDb.compression
Whether to enable snappy compression.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.nodeDb.extraOpts
Extra database options.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.nodeDb.onlineDelete
Enable automatic purging of older ledger information.
Type: null or signed integer
Default:
1296000
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.nodeDb.path
Location to store the database.
Type: path
Default:
"/var/lib/rippled"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.nodeDb.type
Rippled database type.
Type: one of "rocksdb", "nudb"
Default:
"rocksdb"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.nodeSize
Rippled size of the node you are running. "tiny", "small", "medium", "large", and "huge"
Type: one of "tiny", "small", "medium", "large", "huge"
Default:
"small"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ports
Ports exposed by rippled
Type: attribute set of submodules
Default:
{
peer =
{
ip = "0.0.0.0"; port = 51235; protocol =
[
"peer"
]
;
}
; rpc =
{
admin =
[
"127.0.0.1"
]
; port = 5005; protocol =
[
"http"
]
;
}
; ws_public =
{
ip = "0.0.0.0"; port = 5006; protocol =
[
"ws" "wss"
]
;
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ports.<name>.admin
A comma-separated list of admin IP addresses.
Type: list of strings
Default:
[
"127.0.0.1"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ports.<name>.ip
Ip where rippled listens.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ports.<name>.password
When set, these credentials will be required on HTTP/S requests.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ports.<name>.port
Port where rippled listens.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ports.<name>.protocol
Protocols expose by rippled.
Type: list of one of "http", "https", "ws", "wss", "peer"s
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ports.<name>.ssl.cert
Specifies the path to the SSL certificate file in PEM format. This is not needed if the chain includes it.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ports.<name>.ssl.chain
If you need a certificate chain, specify the path to the certificate chain here. The chain may include the end certificate.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ports.<name>.ssl.key
Specifies the filename holding the SSL key in PEM format.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ports.<name>.user
When set, these credentials will be required on HTTP/S requests.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.sntpServers
IP address or domain of NTP servers to use for time synchronization.;
Type: list of strings
Default:
[
"time.windows.com" "time.apple.com" "time.nist.gov" "pool.ntp.org"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.statsd.enable
Whether to enable statsd monitoring for rippled.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.statsd.address
The UDP address and port of the listening StatsD server.
Type: string
Default:
"127.0.0.1:8125"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.statsd.prefix
A string prepended to each collected metric.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.tempDb
Rippled temporary database options.
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.tempDb.advisoryDelete
If set, then require administrative RPC call "can_delete" to enable online deletion of ledger records.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.tempDb.compression
Whether to enable snappy compression.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.tempDb.extraOpts
Extra database options.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.tempDb.onlineDelete
Enable automatic purging of older ledger information.
Type: null or signed integer
Default:
1296000
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.tempDb.path
Location to store the database.
Type: path
Default:
"/var/lib/rippled"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.tempDb.type
Rippled database type.
Type: one of "rocksdb", "nudb"
Default:
"rocksdb"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.validationQuorum
The minimum number of trusted validations a ledger must have before the server considers it fully validated.
Type: signed integer
Default:
3
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.validators
List of nodes to always accept as validators. Nodes are specified by domain or public key.
Type: list of strings
Default:
[
"n949f75evCHwgyP4fPVgaHqNHxUVN15PsJEZ3B3HnXPcPjcZAoy7 RL1" "n9MD5h24qrQqiyBC8aeqqCWvpiBiYQ3jxSr91uiDvmrkyHRdYLUj RL2" "n9L81uNCaPgtUJfaHh89gmdvXKAmSt5Gdsw2g1iPWaPkAHW5Nm4C RL3" "n9KiYM9CgngLvtRCQHZwgC2gjpdaZcCcbt3VboxiNFcKuwFVujzS RL4" "n9LdgEtkmGB9E2h3K4Vp7iGUaKuq23Zr32ehxiU8FWY7xoxbWTSA RL5"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rmilter.enable
Whether to run the rmilter daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/rmilter.nix>
|
services.rmilter.bindSocket.address
Inet address to listen on.
Type: string
Default:
"::1"
Example:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/mail/rmilter.nix>
|
services.rmilter.bindSocket.path
Path to Unix domain socket to listen on.
Type: string
Default:
"/run/rmilter.sock"
Declared by:
<nixpkgs/nixos/modules/services/mail/rmilter.nix>
|
services.rmilter.bindSocket.port
Inet port to listen on.
Type: signed integer
Default:
11990
Declared by:
<nixpkgs/nixos/modules/services/mail/rmilter.nix>
|
services.rmilter.bindSocket.type
What kind of socket rmilter should listen on. Either "unix" for an Unix domain socket or "inet" for a TCP socket.
Type: one of "unix", "inet"
Default:
"unix"
Declared by:
<nixpkgs/nixos/modules/services/mail/rmilter.nix>
|
services.rmilter.debug
Whether to run the rmilter daemon in debug mode.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/rmilter.nix>
|
services.rmilter.extraConfig
Custom snippet to append to rmilter config
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/rmilter.nix>
|
services.rmilter.group
Group to use when no root privileges are required.
Type: string
Default:
"rmilter"
Declared by:
<nixpkgs/nixos/modules/services/mail/rmilter.nix>
|
services.rmilter.postfix.enable
Add rmilter to postfix main.conf
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/rmilter.nix>
|
services.rmilter.postfix.configFragment
Addon to postfix configuration
Type: string
Default:
'' smtpd_milters = unix:/run/rmilter.sock milter_protocol = 6 milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} ''
Declared by:
<nixpkgs/nixos/modules/services/mail/rmilter.nix>
|
services.rmilter.rspamd.enable
Whether to use rspamd to filter mails
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/rmilter.nix>
|
services.rmilter.rspamd.extraConfig
Custom snippet to append to end of `spamd' section
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/rmilter.nix>
|
services.rmilter.rspamd.rejectMessage
reject message for spam
Type: string
Default:
"Spam message rejected; If this is not spam contact abuse"
Declared by:
<nixpkgs/nixos/modules/services/mail/rmilter.nix>
|
services.rmilter.rspamd.servers
Spamd socket definitions. Is server name is prefixed with r: it is rspamd server.
Type: list of strings
Default:
[
"r:/run/rspamd/rspamd.sock"
]
Declared by:
<nixpkgs/nixos/modules/services/mail/rmilter.nix>
|
services.rmilter.rspamd.whitelist
list of ips or nets that should be not checked with spamd
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/mail/rmilter.nix>
|
services.rmilter.socketActivation
Enable systemd socket activation for rmilter.
Disabling socket activation is not recommended when a Unix domain socket is used and could lead to incorrect permissions.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/rmilter.nix>
|
services.rmilter.user
User to use when no root privileges are required.
Type: string
Default:
"rmilter"
Declared by:
<nixpkgs/nixos/modules/services/mail/rmilter.nix>
|
services.rogue.enable
Whether to enable the Rogue game on one of the virtual consoles.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/rogue.nix>
|
services.rogue.tty
Virtual console on which to run Rogue.
Type: string
Default:
"tty9"
Declared by:
<nixpkgs/nixos/modules/services/misc/rogue.nix>
|
services.rpcbind.enable
Whether to enable `rpcbind', an ONC RPC directory service notably used by NFS and NIS, and which can be queried using the rpcinfo(1) command. `rpcbind` is a replacement for `portmap`.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/rpcbind.nix>
|
services.rsnapshot.enable
Whether to enable rsnapshot backups.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/backup/rsnapshot.nix>
|
services.rsnapshot.enableManualRsnapshot
Whether to enable manual usage of the rsnapshot command with this module.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/backup/rsnapshot.nix>
|
services.rsnapshot.cronIntervals
Periodicity at which intervals should be run by cron. Note that the intervals also have to exist in configuration as retain options.
Type: attribute set of strings
Default:
{
}
Example:
{
daily = "50 21 * * *"; hourly = "0 * * * *";
}
Declared by:
<nixpkgs/nixos/modules/services/backup/rsnapshot.nix>
|
services.rsnapshot.extraConfig
rsnapshot configuration option in addition to the defaults from rsnapshot and this module.
Note that tabs are required to separate option arguments, and directory names require trailing slashes.
The "extra" in the option name might be a little misleading right now, as it is required to get a functional configuration.
Type: string
Default:
""
Example:
'' retains hourly 24 retain daily 365 backup /home/ localhost/ ''
Declared by:
<nixpkgs/nixos/modules/services/backup/rsnapshot.nix>
|
services.rspamd.enable
Whether to enable Whether to run the rspamd daemon..
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.debug
Whether to run the rspamd daemon in debug mode.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.extraConfig
Extra configuration to add at the end of the rspamd configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.group
Group to use when no root privileges are required.
Type: string
Default:
"rspamd"
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.user
User to use when no root privileges are required.
Type: string
Default:
"rspamd"
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.workers
Attribute set of workers to start.
Type: attribute set of submodules
Default:
{
controller =
{
}
; normal =
{
}
;
}
Example:
{ normal = { includes = [ "$CONFDIR/worker-normal.inc" ]; bindSockets = [{ socket = "/run/rspamd/rspamd.sock"; mode = "0660"; owner = "rspamd"; group = "rspamd"; }]; }; controller = { includes = [ "$CONFDIR/worker-controller.inc" ]; bindSockets = [ "[::1]:11334" ]; }; }
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.workers.<name>.enable
Whether to run the rspamd worker.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.workers.<name>.bindSockets
List of sockets to listen, in format acceptable by rspamd
Type: list of string or submodules
Default:
[
]
Example:
[
{
mode = "0666"; owner = "rspamd"; socket = "/run/rspamd.sock";
}
"*:11333"
]
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.workers.<name>.count
Number of worker instances to run
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.workers.<name>.extraConfig
Additional entries to put verbatim into worker section of rspamd config file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.workers.<name>.includes
List of files to include in configuration
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.workers.<name>.name
Name of the worker
Type: null or string
Default:
"‹name›"
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.workers.<name>.type
The type of this worker
Type: null or one of "normal", "controller", "fuzzy_storage", "proxy", "lua"
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rsyncd.enable
Whether to enable the rsync daemon.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
|
services.rsyncd.address
IP address the daemon will listen on; rsyncd will listen on all addresses if this is not specified.
Type: unspecified
Default:
""
Example:
"192.168.1.2"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
|
services.rsyncd.extraConfig
Lines of configuration to add to rsyncd globally. See man rsyncd.conf for options.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
|
services.rsyncd.group
The group to run the daemon as. By default the daemon runs as root.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
|
services.rsyncd.modules
A set describing exported directories. See man rsyncd.conf for options.
Type: attribute set of attribute set of stringss
Default:
{
}
Example:
{
srv =
{
comment = "Public rsync share."; path = "/srv"; read only = "yes";
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
|
services.rsyncd.motd
Message of the day to display to clients on each connect. This usually contains site information and any legal notices.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
|
services.rsyncd.port
TCP port the daemon will listen on.
Type: signed integer
Default:
873
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
|
services.rsyncd.user
The user to run the daemon as. By default the daemon runs as root.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
|
services.rsyslogd.enable
Whether to enable syslogd. Note that systemd also logs syslog messages, so you normally don't need to run syslogd.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/logging/rsyslogd.nix>
|
services.rsyslogd.defaultConfig
The default syslog.conf
file configures a
fairly standard setup of log files, which can be extended by
means of extraConfig
.
Type: string
Default:
'' # "local1" is used for dhcpd messages. local1.* -/var/log/dhcpd mail.* -/var/log/mail *.=warning;*.=err -/var/log/warn *.crit /var/log/warn *.*;mail.none;local1.none -/var/log/messages ''
Declared by:
<nixpkgs/nixos/modules/services/logging/rsyslogd.nix>
|
services.rsyslogd.extraConfig
Additional text appended to syslog.conf
,
i.e. the contents of defaultConfig
.
Type: string
Default:
""
Example:
"news.* -/var/log/news"
Declared by:
<nixpkgs/nixos/modules/services/logging/rsyslogd.nix>
|
services.rsyslogd.extraParams
Additional parameters passed to rsyslogd.
Type: list of strings
Default:
[
]
Example:
[
"-m 0"
]
Declared by:
<nixpkgs/nixos/modules/services/logging/rsyslogd.nix>
|
services.sabnzbd.enable
Whether to enable the sabnzbd server.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/sabnzbd.nix>
|
services.sabnzbd.configFile
Path to config file.
Type: unspecified
Default:
"/var/lib/sabnzbd/sabnzbd.ini"
Declared by:
<nixpkgs/nixos/modules/services/networking/sabnzbd.nix>
|
services.sabnzbd.group
Group to run the service as
Type: unspecified
Default:
"sabnzbd"
Declared by:
<nixpkgs/nixos/modules/services/networking/sabnzbd.nix>
|
services.sabnzbd.user
User to run the service as
Type: unspecified
Default:
"sabnzbd"
Declared by:
<nixpkgs/nixos/modules/services/networking/sabnzbd.nix>
|
services.safeeyes.enable
Whether to enable the safeeyes OSGi service
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/safeeyes.nix>
|
services.salt.master.enable
Whether to enable Salt master service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/admin/salt/master.nix>
|
services.salt.master.configuration
Salt master configuration as Nix attribute set.
Type: attribute set
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/admin/salt/master.nix>
|
services.salt.minion.enable
Whether to enable Salt minion service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/admin/salt/minion.nix>
|
services.salt.minion.configuration
Salt minion configuration as Nix attribute set. See https://docs.saltstack.com/en/latest/ref/configuration/minion.html for details.
Type: attribute set
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/admin/salt/minion.nix>
|
services.samba.enable
Whether to enable Samba, which provides file and print services to Windows clients through the SMB/CIFS protocol.
If you use the firewall consider adding the following:
networking.firewall.allowedTCPPorts = [ 139 445 ]; networking.firewall.allowedUDPPorts = [ 137 138 ];
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.enableNmbd
Whether to enable Samba's nmbd, which replies to NetBIOS over IP name service requests. It also participates in the browsing protocols which make up the Windows "Network Neighborhood" view.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.enableWinbindd
Whether to enable Samba's winbindd, which provides a number of services to the Name Service Switch capability found in most modern C libraries, to arbitrary applications via PAM and ntlm_auth and to Samba itself.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.package
Defines which package should be used for the samba server.
Type: package
Default:
"pkgs.samba"
Example:
pkgs.samba3
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.configText
Verbatim contents of smb.conf. If null (default), use the autogenerated file from NixOS instead.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.extraConfig
Additional global section and extra section lines go in here.
Type: string
Default:
""
Example:
'' guest account = nobody map to guest = bad user ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.invalidUsers
List of users who are denied to login via Samba.
Type: list of strings
Default:
[
"root"
]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.nsswins
Whether to enable the WINS NSS (Name Service Switch) plug-in. Enabling it allows applications to resolve WINS/NetBIOS names (a.k.a. Windows machine names) by transparently querying the winbindd daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.securityType
Samba security type
Type: string
Default:
"user"
Example:
"share"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.shares
A set describing shared resources. See man smb.conf for options.
Type: attribute set of attribute set of unspecifiedss
Default:
{
}
Example:
{
public =
{
browseable = "yes"; comment = "Public samba share."; guest ok = "yes"; path = "/srv/public"; read only = true;
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.syncPasswordsByPam
Enabling this will add a line directly after pam_unix.so. Whenever a password is changed the samba password will be updated as well. However, you still have to add the samba password once, using smbpasswd -a user. If you don't want to maintain an extra password database, you still can send plain text passwords which is not secure.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.saned.enable
Enable saned network daemon for remote connection to scanners.
saned would be runned from scanner
user; to allow
access to hardware that doesn't have scanner
group
you should add needed groups to this user.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
services.saned.extraConfig
Extra saned configuration lines.
Type: string
Default:
""
Example:
"192.168.0.0/24"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
services.saslauthd.enable
Whether to enable Whether to enable the Cyrus SASL authentication daemon..
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/system/saslauthd.nix>
|
services.saslauthd.package
Cyrus SASL package to use.
Type: package
Default:
"pkgs.cyrus_sasl.bin"
Declared by:
<nixpkgs/nixos/modules/services/system/saslauthd.nix>
|
services.saslauthd.config
Configuration to use for Cyrus SASL authentication daemon.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/system/saslauthd.nix>
|
services.saslauthd.mechanism
Auth mechanism to use
Type: string
Default:
"pam"
Declared by:
<nixpkgs/nixos/modules/services/system/saslauthd.nix>
|
services.scollector.enable
Whether to run scollector.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
|
services.scollector.package
scollector binary to use.
Type: package
Default:
"pkgs.scollector"
Example:
pkgs.scollector
Declared by:
<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
|
services.scollector.bosunHost
Host and port of the bosun server that will store the collected data.
Type: string
Default:
"localhost:8070"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
|
services.scollector.collectors
An attribute set mapping the frequency of collection to a list of binaries that should be executed at that frequency. You can use "0" to run a binary forever.
Type: attribute set of list of pathss
Default:
{
}
Example:
{ "0" = [ "${postgresStats}/bin/collect-stats" ]; }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
|
services.scollector.extraConfig
Extra scollector configuration added to the end of scollector.toml
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
|
services.scollector.extraOpts
Extra scollector command line options
Type: list of strings
Default:
[
]
Example:
[
"-d"
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
|
services.scollector.group
Group account under which scollector runs.
Type: string
Default:
"scollector"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
|
services.scollector.user
User account under which scollector runs.
Type: string
Default:
"scollector"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
|
services.searx.enable
Whether to enable the searx server. See https://github.com/asciimoo/searx.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/searx.nix>
|
services.searx.package
searx package to use.
Type: package
Default:
"pkgs.searx"
Declared by:
<nixpkgs/nixos/modules/services/networking/searx.nix>
|
services.searx.configFile
The path of the Searx server configuration file. If no file is specified, a default file is used (default config file has debug mode enabled).
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/searx.nix>
|
services.seeks.enable
Whether to enable the Seeks server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/seeks.nix>
|
services.seeks.confDir
The Seeks server configuration. If it is not specified, a default configuration is used.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/seeks.nix>
|
services.selfoss.enable
Whether to enable selfoss.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
|
services.selfoss.database.host
Host of the database (has no effect if type is "sqlite").
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
|
services.selfoss.database.name
Name of the existing database (has no effect if type is "sqlite").
Type: string
Default:
"tt_rss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
|
services.selfoss.database.password
The database user's password (has no effect if type is "sqlite").
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
|
services.selfoss.database.port
The database's port. If not set, the default ports will be provided (5432 and 3306 for pgsql and mysql respectively) (has no effect if type is "sqlite").
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
|
services.selfoss.database.type
Database to store feeds. Supported are sqlite, pgsql and mysql.
Type: one of "pgsql", "mysql", "sqlite"
Default:
"sqlite"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
|
services.selfoss.database.user
The database user. The user must exist and has access to the specified database (has no effect if type is "sqlite").
Type: string
Default:
"tt_rss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
|
services.selfoss.extraConfig
Extra configuration added to config.ini
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
|
services.selfoss.pool
Name of existing phpfpm pool that is used to run web-application. If not specified a pool will be created automatically with default values.
Type: string
Default:
"selfoss_pool"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
|
services.selfoss.user
User account under which both the service and the web-application run.
Type: string
Default:
"nginx"
Example:
"nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
|
services.serviio.enable
Whether to enable the Serviio Media Server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/serviio.nix>
|
services.serviio.dataDir
The directory where serviio stores its state, data, etc.
Type: path
Default:
"/var/lib/serviio"
Declared by:
<nixpkgs/nixos/modules/services/misc/serviio.nix>
|
services.shadowsocks.enable
Whether to run shadowsocks-libev shadowsocks server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
|
services.shadowsocks.encryptionMethod
Encryption method. See https://github.com/shadowsocks/shadowsocks-org/wiki/AEAD-Ciphers.
Type: string
Default:
"chacha20-ietf-poly1305"
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
|
services.shadowsocks.localAddress
Local address to which the server binds.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
|
services.shadowsocks.mode
Relay protocols.
Type: one of "tcp_only", "tcp_and_udp", "udp_only"
Default:
"tcp_and_udp"
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
|
services.shadowsocks.password
Password for connecting clients.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
|
services.shadowsocks.passwordFile
Password file with a password for connecting clients.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
|
services.shadowsocks.port
Port which the server uses.
Type: signed integer
Default:
8388
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
|
services.shairport-sync.enable
Enable the shairport-sync daemon.
Running with a local system-wide or remote pulseaudio server is recommended.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/shairport-sync.nix>
|
services.shairport-sync.arguments
Arguments to pass to the daemon. Defaults to a local pulseaudio server.
Type: unspecified
Default:
"-v -d pulse"
Declared by:
<nixpkgs/nixos/modules/services/networking/shairport-sync.nix>
|
services.shairport-sync.user
User account name under which to run shairport-sync. The account will be created.
Type: unspecified
Default:
"shairport"
Declared by:
<nixpkgs/nixos/modules/services/networking/shairport-sync.nix>
|
services.shellinabox.enable
Whether to enable shellinabox daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/shellinabox.nix>
|
services.shellinabox.enableSSL
Whether or not to enable SSL (https) support.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/shellinabox.nix>
|
services.shellinabox.certDirectory
The daemon will look in this directory far any certificates. If the browser negotiated a Server Name Identification the daemon will look for a matching certificate-SERVERNAME.pem file. If no SNI handshake takes place, it will fall back on using the certificate in the certificate.pem file.
If no suitable certificate is installed, shellinaboxd will attempt to create a new self-signed certificate. This will only succeed if, after dropping privileges, shellinaboxd has write permissions for this directory.
Type: null or path
Default:
null
Example:
"/var/certs"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/shellinabox.nix>
|
services.shellinabox.certFile
Path to server SSL certificate.
Type: null or path
Default:
null
Example:
"/var/certificate.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/shellinabox.nix>
|
services.shellinabox.extraOptions
A list of strings to be appended to the command line arguments for shellinaboxd. Please see the manual page https://code.google.com/p/shellinabox/wiki/shellinaboxd_man for a full list of available arguments.
Type: list of strings
Default:
[
]
Example:
[
"--port=443" "--service /:LOGIN"
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/shellinabox.nix>
|
services.shellinabox.user
User to run shellinaboxd as. If started as root, the server drops
privileges by changing to nobody, unless overridden by the
--user
option.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/shellinabox.nix>
|
services.shibboleth-sp.enable
Whether to enable the shibboleth service
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/shibboleth-sp.nix>
|
services.shibboleth-sp.configFile
Path to shibboleth config file
Type: path
Example:
"\${pkgs.shibboleth-sp}/etc/shibboleth/shibboleth2.xml"
Declared by:
<nixpkgs/nixos/modules/services/security/shibboleth-sp.nix>
|
services.shibboleth-sp.fastcgi.enable
Whether to include the shibauthorizer and shibresponder FastCGI processes
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/shibboleth-sp.nix>
|
services.shibboleth-sp.fastcgi.shibAuthorizerPort
Port for shibauthorizer FastCGI proccess to bind to
Type: signed integer
Default:
9100
Declared by:
<nixpkgs/nixos/modules/services/security/shibboleth-sp.nix>
|
services.shibboleth-sp.fastcgi.shibResponderPort
Port for shibauthorizer FastCGI proccess to bind to
Type: signed integer
Default:
9101
Declared by:
<nixpkgs/nixos/modules/services/security/shibboleth-sp.nix>
|
services.shout.enable
Whether to enable Shout web IRC client.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/shout.nix>
|
services.shout.config
Shout config.js
contents as attribute set (will be
converted to JSON to generate the configuration file).
The options defined here will be merged to the default configuration file.
Documentation: http://shout-irc.com/docs/server/configuration.html
Type: attribute set
Default:
{
}
Example:
{
defaults =
{
host = "localhost"; name = "Your Network"; port = 6697;
}
; displayNetwork = false;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/shout.nix>
|
services.shout.configFile
Contents of Shout's config.js
file.
Used for backward compatibility, recommended way is now to use
the config
option.
Documentation: http://shout-irc.com/docs/server/configuration.html
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/shout.nix>
|
services.shout.listenAddress
IP interface to listen on for http connections.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/shout.nix>
|
services.shout.port
TCP port to listen on for http connections.
Type: signed integer
Default:
9000
Declared by:
<nixpkgs/nixos/modules/services/networking/shout.nix>
|
services.shout.private
Make your shout instance private. You will need to configure user
accounts by adding entries in /var/lib/shout/users
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/shout.nix>
|
services.sickbeard.enable
Whether to enable the sickbeard server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/sickbeard.nix>
|
services.sickbeard.package
Enable pkgs.sickrage
or pkgs.sickgear
as an alternative to SickBeard
Type: package
Default:
(build of sickbeard-2016-03-21)
Example:
pkgs.sickrage
Declared by:
<nixpkgs/nixos/modules/services/misc/sickbeard.nix>
|
services.sickbeard.configFile
Path to config file.
Type: path
Default:
"/var/lib/sickbeard/config.ini"
Declared by:
<nixpkgs/nixos/modules/services/misc/sickbeard.nix>
|
services.sickbeard.dataDir
Path where to store data files.
Type: path
Default:
"/var/lib/sickbeard"
Declared by:
<nixpkgs/nixos/modules/services/misc/sickbeard.nix>
|
services.sickbeard.group
Group to run the service as
Type: string
Default:
"sickbeard"
Declared by:
<nixpkgs/nixos/modules/services/misc/sickbeard.nix>
|
services.sickbeard.port
Port to bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8081
Declared by:
<nixpkgs/nixos/modules/services/misc/sickbeard.nix>
|
services.sickbeard.user
User to run the service as
Type: string
Default:
"sickbeard"
Declared by:
<nixpkgs/nixos/modules/services/misc/sickbeard.nix>
|
services.siproxd.enable
Whether to enable the Siproxd SIP proxy/masquerading daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.extraConfig
Extra configuration to add to siproxd configuration.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.hostsAllowReg
Acess control list for incoming SIP registrations.
Type: list of strings
Default:
[
]
Example:
[
"192.168.1.0/24" "192.168.2.0/24"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.hostsAllowSip
Acess control list for incoming SIP traffic.
Type: list of strings
Default:
[
]
Example:
[
"123.45.0.0/16" "123.46.0.0/16"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.hostsDenySip
Acess control list for denying incoming SIP registrations and traffic.
Type: list of strings
Default:
[
]
Example:
[
"10.0.0.0/8" "11.0.0.0/8"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.ifInbound
Local network interface
Type: string
Example:
"eth0"
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.ifOutbound
Public network interface
Type: string
Example:
"ppp0"
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.passwordFile
Path to per-user password file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.rtpDscp
DSCP (differentiated services) value to be assigned to RTP packets. Allows QOS aware routers to handle different types traffic with different priorities.
Type: signed integer
Default:
46
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.rtpPortHigh
Top of UDP port range for incoming and outgoing RTP traffic
Type: signed integer
Default:
7089
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.rtpPortLow
Bottom of UDP port range for incoming and outgoing RTP traffic
Type: signed integer
Default:
7070
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.rtpTimeout
Timeout for an RTP stream. If for the specified number of seconds no data is relayed on an active stream, it is considered dead and will be killed.
Type: signed integer
Default:
300
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.sipDscp
DSCP (differentiated services) value to be assigned to SIP packets. Allows QOS aware routers to handle different types traffic with different priorities.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.sipListenPort
Port to listen for incoming SIP messages.
Type: signed integer
Default:
5060
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.sks.enable
Whether to enable SKS (synchronizing key server for OpenPGP) and start the database server. You need to create "${dataDir}/dump/*.gpg" for the initial import.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/sks.nix>
|
services.sks.package
Which SKS derivation to use.
Type: package
Default:
"pkgs.sks"
Declared by:
<nixpkgs/nixos/modules/services/security/sks.nix>
|
services.sks.dataDir
Data directory (-basedir) for SKS, where the database and all configuration files are located (e.g. KDB, PTree, membership and sksconf).
Type: path
Default:
"/var/db/sks"
Example:
"/var/lib/sks"
Declared by:
<nixpkgs/nixos/modules/services/security/sks.nix>
|
services.sks.hkpAddress
Domain names, IPv4 and/or IPv6 addresses to listen on for HKP requests.
Type: list of strings
Default:
[
"127.0.0.1" "::1"
]
Declared by:
<nixpkgs/nixos/modules/services/security/sks.nix>
|
services.sks.hkpPort
HKP port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
11371
Declared by:
<nixpkgs/nixos/modules/services/security/sks.nix>
|
services.sks.webroot
Source directory (will be symlinked, if not null) for the files the built-in webserver should serve. SKS (${pkgs.sks.webSamples}) provides the following examples: "HTML5", "OpenPKG", and "XHTML+ES". The index file can be named index.html, index.htm, index.xhtm, or index.xhtml. Files with the extensions .css, .es, .js, .jpg, .jpeg, .png, or .gif are supported. Subdirectories and filenames with anything other than alphanumeric characters and the '.' character will be ignored.
Type: null or path
Default:
"\${pkgs.sks.webSamples}/OpenPKG"
Declared by:
<nixpkgs/nixos/modules/services/security/sks.nix>
|
services.skydns.enable
Whether to enable skydns service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
|
services.skydns.package
Skydns package to use.
Type: package
Default:
"pkgs.skydns"
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
|
services.skydns.address
Skydns address to bind to.
Type: string
Default:
"0.0.0.0:53"
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
|
services.skydns.domain
Skydns default domain if not specified by etcd config.
Type: string
Default:
"skydns.local."
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
|
services.skydns.etcd.caCert
Skydns path of TLS certificate authority public key.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
|
services.skydns.etcd.machines
Skydns list of etcd endpoints to connect to.
Type: list of strings
Default:
[
"http://127.0.0.1:2379"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
|
services.skydns.etcd.tlsKey
Skydns path of TLS client certificate - private key.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
|
services.skydns.etcd.tlsPem
Skydns path of TLS client certificate - public key.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
|
services.skydns.extraConfig
Skydns attribute set of extra config options passed as environemnt variables.
Type: attribute set of strings
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
|
services.skydns.nameservers
Skydns list of nameservers to forward DNS requests to when not authoritative for a domain.
Type: list of strings
Default:
[
]
Example:
[
"8.8.8.8:53" "8.8.4.4:53"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
|
services.slimserver.enable
Whether to enable slimserver.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/audio/slimserver.nix>
|
services.slimserver.package
Slimserver package to use.
Type: package
Default:
"pkgs.slimserver"
Declared by:
<nixpkgs/nixos/modules/services/audio/slimserver.nix>
|
services.slimserver.dataDir
The directory where slimserver stores its state, tag cache, playlists etc.
Type: path
Default:
"/var/lib/slimserver"
Declared by:
<nixpkgs/nixos/modules/services/audio/slimserver.nix>
|
services.slurm.enableSrunX11
If enabled srun will accept the option "--x11" to allow for X11 forwarding from within an interactive session or a batch job. This activates the slurm-spank-x11 module. Note that this option also enables 'services.openssh.forwardX11' on the client.
This option requires slurm to be compiled without native X11 support.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.enableStools
Wether to provide a slurm.conf file.
Enable this option if you do not run a slurm daemon on this host
(i.e. server.enable
and client.enable
are false
)
but you still want to run slurm commands from this host.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.package
The package to use for slurm binaries.
Type: package
Default:
"pkgs.slurm"
Example:
pkgs.slurm-full
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.client.enable
Whether to enable slurm client daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.clusterName
Necessary to distinguish accounting records in a multi-cluster environment.
Type: string
Default:
"default"
Example:
"myCluster"
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.controlAddr
Name that ControlMachine should be referred to in establishing a communications path.
Type: null or string
Default:
null
Example:
null
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.controlMachine
The short hostname of the machine where SLURM control functions are executed (i.e. the name returned by the command "hostname -s", use "tux001" rather than "tux001.my.com").
Type: null or string
Default:
null
Example:
null
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.extraCgroupConfig
Extra configuration for cgroup.conf
. This file is
used when procTrackType=proctrack/cgroup
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.extraConfig
Extra configuration options that will be added verbatim at the end of the slurm configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.extraPlugstackConfig
Extra configuration that will be added to the end of plugstack.conf
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.nodeName
Name that SLURM uses to refer to a node (or base partition for BlueGene systems). Typically this would be the string that "/bin/hostname -s" returns. Note that now you have to write node's parameters after the name.
Type: null or string
Default:
null
Example:
"linux[1-32] CPUs=1 State=UNKNOWN"
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.partitionName
Name by which the partition may be referenced. Note that now you have to write the partition's parameters after the name.
Type: null or string
Default:
null
Example:
"debug Nodes=linux[1-32] Default=YES MaxTime=INFINITE State=UP"
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.procTrackType
Plugin to be used for process tracking on a job step basis. The slurmd daemon uses this mechanism to identify all processes which are children of processes it spawns for a user job step.
Type: string
Default:
"proctrack/linuxproc"
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.server.enable
Wether to enable the slurm control daemon.
Note that the standard authentication method is "munge".
The "munge" service needs to be provided with a password file in order for
slurm to work properly (see services.munge.password
).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.smartd.enable
Whether to enable smartd daemon from smartmontools
package.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.autodetect
Whenever smartd should monitor all devices connected to the machine at the time it's being started (the default).
Set to false to monitor the devices listed in
services.smartd.devices
only.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.defaults.autodetected
Like services.smartd.defaults.monitored
, but for the
autodetected devices.
Type: string
Default:
"-a"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.defaults.monitored
Common default options for explicitly monitored (listed in
services.smartd.devices
) devices.
The default value turns on monitoring of all the things (see
man 5 smartd.conf
).
The example also turns on SMART Automatic Offline Testing on startup, and schedules short self-tests daily, and long self-tests weekly.
Type: string
Default:
"-a"
Example:
"-a -o on -s (S/../.././02|L/../../7/04)"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.devices
List of devices to monitor.
Type: list of submodules
Default:
[
]
Example:
[
{
device = "/dev/sda";
}
{
device = "/dev/sdb"; options = "-d sat";
}
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.devices.*.device
Location of the device.
Type: string
Example:
"/dev/sda"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.devices.*.options
Options that determine how smartd monitors the device.
Type: string
Default:
""
Example:
"-d sat"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.extraOptions
Extra command-line options passed to the smartd
daemon on startup.
(See man 8 smartd
.)
Type: list of strings
Default:
[
]
Example:
[
"-A /var/log/smartd/" "--interval=3600"
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.notifications.mail.enable
Whenever to send e-mail notifications.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.notifications.mail.mailer
Sendmail-compatible binary to be used to send the messages.
You should probably enable
services.postfix
or some other MTA for
this to work.
Type: path
Default:
"/run/wrappers/bin/sendmail"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.notifications.mail.recipient
Recipient of the notification messages.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.notifications.test
Whenever to send a test notification on startup.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.notifications.wall.enable
Whenever to send wall notifications to all users.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.notifications.x11.enable
Whenever to send X11 xmessage notifications.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.notifications.x11.display
DISPLAY to send X11 notifications to.
Type: string
Default:
":0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smokeping.enable
Enable the smokeping service
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.package
Specify a custom smokeping package
Type: package
Default:
"pkgs.smokeping"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.alertConfig
Configuration for alerts.
Type: string
Default:
'' to = root@localhost from = smokeping@localhost ''
Example:
to = alertee@address.somewhere from = smokealert@company.xy +someloss type = loss # in percent pattern = >0%,*12*,>0%,*12*,>0% comment = loss 3 times in a row;
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.cgiUrl
URL to the smokeping cgi.
Type: string
Default:
"http://nixos:8081/smokeping.cgi"
Example:
"https://somewhere.example.com/smokeping.cgi"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.config
Full smokeping config supplied by the user. Overrides and replaces any other configuration supplied.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.databaseConfig
Configure the ping frequency and retention of the rrd files. Once set, changing the interval will require deletion or migration of all the collected data.
Type: string
Default:
'' step = 300 pings = 20 # consfn mrhb steps total AVERAGE 0.5 1 1008 AVERAGE 0.5 12 4320 MIN 0.5 12 4320 MAX 0.5 12 4320 AVERAGE 0.5 144 720 MAX 0.5 144 720 MIN 0.5 144 720 ''
Example:
# near constant pings. step = 30 pings = 20 # consfn mrhb steps total AVERAGE 0.5 1 10080 AVERAGE 0.5 12 43200 MIN 0.5 12 43200 MAX 0.5 12 43200 AVERAGE 0.5 144 7200 MAX 0.5 144 7200 MIN 0.5 144 7200
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.extraConfig
Any additional customization not already included.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.hostName
DNS name for the urls generated in the cgi.
Type: string
Default:
"nixos"
Example:
"somewhere.example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.imgUrl
Base url for images generated in the cgi.
Type: string
Default:
"http://nixos:8081/cache"
Example:
"https://somewhere.example.com/cache"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.linkStyle
DNS name for the urls generated in the cgi.
Type: one of "original", "absolute", "relative"
Default:
"relative"
Example:
"absolute"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.mailHost
Use this SMTP server to send alerts
Type: string
Default:
""
Example:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.owner
Real name of the owner of the instance
Type: string
Default:
"nobody"
Example:
"Joe Admin"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.ownerEmail
Email contact for owner
Type: string
Default:
"no-reply@nixos"
Example:
"no-reply@yourdomain.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.port
TCP port to use for the web server.
Type: signed integer
Default:
8081
Example:
8081
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.presentationConfig
presentation graph style
Type: string
Default:
'' + charts menu = Charts title = The most interesting destinations ++ stddev sorter = StdDev(entries=>4) title = Top Standard Deviation menu = Std Deviation format = Standard Deviation %f ++ max sorter = Max(entries=>5) title = Top Max Roundtrip Time menu = by Max format = Max Roundtrip Time %f seconds ++ loss sorter = Loss(entries=>5) title = Top Packet Loss menu = Loss format = Packets Lost %f ++ median sorter = Median(entries=>5) title = Top Median Roundtrip Time menu = by Median format = Median RTT %f seconds + overview width = 600 height = 50 range = 10h + detail width = 600 height = 200 unison_tolerance = 2 "Last 3 Hours" 3h "Last 30 Hours" 30h "Last 10 Days" 10d "Last 360 Days" 360d ''
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.presentationTemplate
Default page layout for the web UI.
Type: string
Default:
"\${pkgs.smokeping}/etc/basepage.html.dist"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.probeConfig
Probe configuration
Type: string
Default:
'' + FPing binary = /run/wrappers/bin/fping ''
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.sendmail
Use this sendmail compatible script to deliver alerts
Type: null or path
Default:
null
Example:
"/run/wrappers/bin/sendmail"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.smokeMailTemplate
Specify the smokemail template for alerts.
Type: string
Default:
"\${pkgs.smokeping}/etc/smokemail.dist"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.targetConfig
Target configuration
Type: string
Default:
'' probe = FPing menu = Top title = Network Latency Grapher remark = Welcome to the SmokePing website of xxx Company. \ Here you will learn all about the latency of our network. + Local menu = Local title = Local Network ++ LocalMachine menu = Local Machine title = This host host = localhost ''
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.user
User that runs smokeping and (optionally) thttpd
Type: string
Default:
"smokeping"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.webService
Enable a smokeping web interface
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.snapper.cleanupInterval
Cleanup interval.
The format is described in systemd.time(7).
Type: string
Default:
"1d"
Declared by:
<nixpkgs/nixos/modules/services/misc/snapper.nix>
|
services.snapper.configs
Subvolume configuration
Type: attribute set of submodules
Default:
{
}
Example:
Declared by:
<nixpkgs/nixos/modules/services/misc/snapper.nix>
|
services.snapper.configs.<name>.extraConfig
Additional configuration next to SUBVOLUME and FSTYPE. See man:snapper-configs(5).
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/snapper.nix>
|
services.snapper.configs.<name>.fstype
Filesystem type. Only btrfs is stable and tested.
Type: one of "btrfs"
Default:
"btrfs"
Declared by:
<nixpkgs/nixos/modules/services/misc/snapper.nix>
|
services.snapper.configs.<name>.subvolume
Path of the subvolume or mount point. This path is a subvolume and has to contain a subvolume named .snapshots. See also man:snapper(8) section PERMISSIONS.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/snapper.nix>
|
services.snapper.filters
Global display difference filter. See man:snapper(8) for more details.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/snapper.nix>
|
services.snapper.snapshotInterval
Snapshot interval.
The format is described in systemd.time(7).
Type: string
Default:
"hourly"
Declared by:
<nixpkgs/nixos/modules/services/misc/snapper.nix>
|
services.sniproxy.enable
Whether to enable sniproxy server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/sniproxy.nix>
|
services.sniproxy.config
sniproxy.conf configuration excluding the daemon username and pid file.
Type: string
Default:
""
Example:
error_log { filename /var/log/sniproxy/error.log } access_log { filename /var/log/sniproxy/access.log } listen 443 { proto tls } table { example.com 192.0.2.10 example.net 192.0.2.20 }
Declared by:
<nixpkgs/nixos/modules/services/networking/sniproxy.nix>
|
services.sniproxy.group
Group under which sniproxy runs.
Type: string
Default:
"sniproxy"
Declared by:
<nixpkgs/nixos/modules/services/networking/sniproxy.nix>
|
services.sniproxy.logDir
Location of the log directory for sniproxy.
Type: string
Default:
"/var/log/sniproxy/"
Declared by:
<nixpkgs/nixos/modules/services/networking/sniproxy.nix>
|
services.sniproxy.user
User account under which sniproxy runs.
Type: string
Default:
"sniproxy"
Declared by:
<nixpkgs/nixos/modules/services/networking/sniproxy.nix>
|
services.softether.enable
Whether to enable SoftEther VPN services.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/softether.nix>
|
services.softether.package
softether derivation to use.
Type: package
Default:
"pkgs.softether"
Declared by:
<nixpkgs/nixos/modules/services/networking/softether.nix>
|
services.softether.dataDir
Data directory for SoftEther VPN.
Type: string
Default:
"/var/lib/softether"
Declared by:
<nixpkgs/nixos/modules/services/networking/softether.nix>
|
services.softether.vpnbridge.enable
Whether to enable SoftEther VPN Bridge.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/softether.nix>
|
services.softether.vpnclient.enable
Whether to enable SoftEther VPN Client.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/softether.nix>
|
services.softether.vpnclient.down
Shell commands executed when the Virtual Network Adapter(s) is/are shutting down.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/softether.nix>
|
services.softether.vpnclient.up
Shell commands executed when the Virtual Network Adapter(s) is/are starting.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/softether.nix>
|
services.softether.vpnserver.enable
Whether to enable SoftEther VPN Server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/softether.nix>
|
services.solr.enable
Enables the solr service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.solr.extraJars
List of paths pointing to jars. Jars are copied to commonLibFolder to be available to java/solr.
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.solr.extraJavaOptions
Extra command line options given to the java process running solr.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.solr.extraWinstoneOptions
Extra command line options given to the Winstone, which is the servlet container hosting solr.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.solr.group
The group that will own the working directory.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.solr.javaPackage
Which Java derivation to use for running solr.
Type: package
Default:
"pkgs.jre"
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.solr.log4jConfiguration
Contents of the log4j.properties
used. By default,
everything is logged to stdout (picked up by systemd) with level INFO.
Type: string
Default:
'' log4j.rootLogger=INFO, stdout log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.Target=System.out log4j.appender.stdout.layout=org.apache.log4j.PatternLayout log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n ''
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.solr.solrHome
The solr home directory. It is your own responsibility to make sure this directory contains a working solr configuration, and is writeable by the the user running the solr service. Failing to do so, the solr will not start properly.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.solr.solrPackage
Which solr derivation to use for running solr.
Type: package
Default:
"pkgs.solr"
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.solr.user
The user that should run the solr process and. the working directories.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.sonarr.enable
Whether to enable Sonarr.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/sonarr.nix>
|
services.spamassassin.enable
Whether to run the SpamAssassin daemon
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/spamassassin.nix>
|
services.spamassassin.config
The SpamAssassin local.cf config
If you are using this configuration: add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_
Then you can Use this sieve filter: require ["fileinto", "reject", "envelope"];
if header :contains "X-Spam-Flag" "YES" { fileinto "spam"; }
Or this procmail filter: :0: * ^X-Spam-Flag: YES /var/vpopmail/domains/lastlog.de/js/.maildir/.spam/new
To filter your messages based on the additional mail headers added by spamassassin.
Type: string
Default:
""
Example:
'' #rewrite_header Subject [***** SPAM _SCORE_ *****] required_score 5.0 use_bayes 1 bayes_auto_learn 1 add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_ ''
Declared by:
<nixpkgs/nixos/modules/services/mail/spamassassin.nix>
|
services.spamassassin.debug
Whether to run the SpamAssassin daemon in debug mode
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/spamassassin.nix>
|
services.spamassassin.initPreConf
The SpamAssassin init.pre config.
Type: string
Default:
'' # # to update this list, run this command in the rules directory: # grep 'loadplugin.*Mail::SpamAssassin::Plugin::.*' -o -h * | sort | uniq # #loadplugin Mail::SpamAssassin::Plugin::AccessDB #loadplugin Mail::SpamAssassin::Plugin::AntiVirus loadplugin Mail::SpamAssassin::Plugin::AskDNS # loadplugin Mail::SpamAssassin::Plugin::ASN loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold #loadplugin Mail::SpamAssassin::Plugin::AWL loadplugin Mail::SpamAssassin::Plugin::Bayes loadplugin Mail::SpamAssassin::Plugin::BodyEval loadplugin Mail::SpamAssassin::Plugin::Check #loadplugin Mail::SpamAssassin::Plugin::DCC loadplugin Mail::SpamAssassin::Plugin::DKIM loadplugin Mail::SpamAssassin::Plugin::DNSEval loadplugin Mail::SpamAssassin::Plugin::FreeMail loadplugin Mail::SpamAssassin::Plugin::Hashcash loadplugin Mail::SpamAssassin::Plugin::HeaderEval loadplugin Mail::SpamAssassin::Plugin::HTMLEval loadplugin Mail::SpamAssassin::Plugin::HTTPSMismatch loadplugin Mail::SpamAssassin::Plugin::ImageInfo loadplugin Mail::SpamAssassin::Plugin::MIMEEval loadplugin Mail::SpamAssassin::Plugin::MIMEHeader # loadplugin Mail::SpamAssassin::Plugin::PDFInfo #loadplugin Mail::SpamAssassin::Plugin::PhishTag loadplugin Mail::SpamAssassin::Plugin::Pyzor loadplugin Mail::SpamAssassin::Plugin::Razor2 # loadplugin Mail::SpamAssassin::Plugin::RelayCountry loadplugin Mail::SpamAssassin::Plugin::RelayEval loadplugin Mail::SpamAssassin::Plugin::ReplaceTags # loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody # loadplugin Mail::SpamAssassin::Plugin::Shortcircuit loadplugin Mail::SpamAssassin::Plugin::SpamCop loadplugin Mail::SpamAssassin::Plugin::SPF #loadplugin Mail::SpamAssassin::Plugin::TextCat # loadplugin Mail::SpamAssassin::Plugin::TxRep loadplugin Mail::SpamAssassin::Plugin::URIDetail loadplugin Mail::SpamAssassin::Plugin::URIDNSBL loadplugin Mail::SpamAssassin::Plugin::URIEval # loadplugin Mail::SpamAssassin::Plugin::URILocalBL loadplugin Mail::SpamAssassin::Plugin::VBounce loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject loadplugin Mail::SpamAssassin::Plugin::WLBLEval ''
Declared by:
<nixpkgs/nixos/modules/services/mail/spamassassin.nix>
|
services.spice-vdagentd.enable
Whether to enable Spice guest vdagent daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/spice-vdagentd.nix>
|
services.spiped.enable
Enable the spiped service module.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config
Configuration for a secure pipe daemon. The daemon can be
started, stopped, or examined using
systemctl
, under the name
spiped@foo
.
Type: attribute set of submodules
Default:
{
}
Example:
{ pipe1 = { keyfile = "/var/lib/spiped/pipe1.key"; encrypt = true; source = "localhost:6000"; target = "endpoint.example.com:7000"; }; pipe2 = { keyfile = "/var/lib/spiped/pipe2.key"; decrypt = true; source = "0.0.0.0:7000"; target = "localhost:3000"; }; }
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.decrypt
Take encrypted connections from the
source
socket and send unencrypted
connections to the target
socket.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.disableKeepalives
Disable transport layer keep-alives.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.disableReresolution
Disable target address re-resolution.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.encrypt
Take unencrypted connections from the
source
socket and send encrypted
connections to the target
socket.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.keyfile
Name of a file containing the spiped key. As the
daemon runs as the spiped
user, the
key file must be somewhere owned by that user. By
default, we recommend putting the keys for any spipe
services in /var/lib/spiped
.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.maxConns
Limit on the number of simultaneous connections allowed.
Type: signed integer
Default:
100
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.resolveRefresh
Resolution refresh time for the target socket, in seconds.
Type: signed integer
Default:
60
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.source
Address on which spiped should listen for incoming
connections. Must be in one of the following formats:
/absolute/path/to/unix/socket
,
host.name:port
,
[ip.v4.ad.dr]:port
or
[ipv6::addr]:port
- note that
hostnames are resolved when spiped is launched and are
not re-resolved later; thus if DNS entries change
spiped will continue to connect to the expired
address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.target
Address to which spiped should connect.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.timeout
Timeout, in seconds, after which an attempt to connect to the target or a protocol handshake will be aborted (and the connection dropped) if not completed
Type: signed integer
Default:
5
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.waitForDNS
Wait for DNS. Normally when spiped
is
launched it resolves addresses and binds to its source
socket before the parent process returns; with this option
it will daemonize first and retry failed DNS lookups until
they succeed. This allows spiped
to
launch even if DNS isn't set up yet, but at the expense of
losing the guarantee that once spiped
has
finished launching it will be ready to create pipes.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.weakHandshake
Use fast/weak handshaking: This reduces the CPU time spent in the initial connection setup, at the expense of losing perfect forward secrecy.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.squeezelite.enable
Whether to enable Squeezelite, a software Squeezebox emulator.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/audio/squeezelite.nix>
|
services.squeezelite.dataDir
The directory where Squeezelite stores its name file.
Type: string
Default:
"/var/lib/squeezelite"
Declared by:
<nixpkgs/nixos/modules/services/audio/squeezelite.nix>
|
services.squeezelite.extraArguments
Additional command line arguments to pass to Squeezelite.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/audio/squeezelite.nix>
|
services.squid.enable
Whether to run squid web proxy.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/squid.nix>
|
services.squid.configText
Verbatim contents of squid.conf. If null (default), use the autogenerated file from NixOS instead.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/squid.nix>
|
services.squid.extraConfig
Squid configuration. Contents will be added verbatim to the configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/squid.nix>
|
services.squid.proxyPort
TCP port on which squid will listen.
Type: signed integer
Default:
3128
Declared by:
<nixpkgs/nixos/modules/services/networking/squid.nix>
|
services.sshd.enable
Alias of services.openssh.enable
.
Type: unspecified
Declared by:
<nixpkgs/nixos/modules/rename.nix>
|
services.sshguard.enable
Whether to enable the sshguard service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/sshguard.nix>
|
services.sshguard.attack_threshold
Block attackers when their cumulative attack score exceeds threshold. Most attacks have a score of 10.
Type: signed integer
Default:
30
Declared by:
<nixpkgs/nixos/modules/services/security/sshguard.nix>
|
services.sshguard.blacklist_file
Blacklist an attacker when its score exceeds threshold. Blacklisted addresses are loaded from and added to blacklist-file.
Type: path
Default:
"/var/lib/sshguard/blacklist.db"
Declared by:
<nixpkgs/nixos/modules/services/security/sshguard.nix>
|
services.sshguard.blacklist_threshold
Blacklist an attacker when its score exceeds threshold. Blacklisted addresses are loaded from and added to blacklist-file.
Type: null or signed integer
Default:
null
Example:
120
Declared by:
<nixpkgs/nixos/modules/services/security/sshguard.nix>
|
services.sshguard.blocktime
Block attackers for initially blocktime seconds after exceeding threshold. Subsequent blocks increase by a factor of 1.5.
sshguard unblocks attacks at random intervals, so actual block times will be longer.
Type: signed integer
Default:
120
Declared by:
<nixpkgs/nixos/modules/services/security/sshguard.nix>
|
services.sshguard.detection_time
Remember potential attackers for up to detection_time seconds before resetting their score.
Type: signed integer
Default:
1800
Declared by:
<nixpkgs/nixos/modules/services/security/sshguard.nix>
|
services.sshguard.services
Systemd services sshguard should receive logs of.
Type: list of strings
Default:
[
"sshd"
]
Example:
[
"sshd" "exim"
]
Declared by:
<nixpkgs/nixos/modules/services/security/sshguard.nix>
|
services.sshguard.whitelist
Whitelist a list of addresses, hostnames, or address blocks.
Type: list of strings
Default:
[
]
Example:
[
"198.51.100.56" "198.51.100.2"
]
Declared by:
<nixpkgs/nixos/modules/services/security/sshguard.nix>
|
services.sslh.enable
Whether to enable sslh.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/sslh.nix>
|
services.sslh.appendConfig
Verbatim configuration file.
Type: string
Default:
'' protocols: ( { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; }, { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; }, { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; }, { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; }, { name: "ssl"; host: "localhost"; port: "443"; probe: "builtin"; }, { name: "anyprot"; host: "localhost"; port: "443"; probe: "builtin"; } ); ''
Declared by:
<nixpkgs/nixos/modules/services/networking/sslh.nix>
|
services.sslh.listenAddress
Listening address or hostname.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/sslh.nix>
|
services.sslh.port
Listening port.
Type: signed integer
Default:
443
Declared by:
<nixpkgs/nixos/modules/services/networking/sslh.nix>
|
services.sslh.timeout
Timeout in seconds.
Type: signed integer
Default:
2
Declared by:
<nixpkgs/nixos/modules/services/networking/sslh.nix>
|
services.sslh.transparent
Will the services behind sslh (Apache, sshd and so on) see the external IP and ports as if the external world connected directly to them
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/sslh.nix>
|
services.sslh.verbose
Verbose logs.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/sslh.nix>
|
services.ssm-agent.enable
Whether to enable AWS SSM agent.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/ssm-agent.nix>
|
services.ssm-agent.package
The SSM agent package to use
Type: path
Default:
"pkgs.ssm-agent"
Declared by:
<nixpkgs/nixos/modules/services/misc/ssm-agent.nix>
|
services.sssd.enable
Whether to enable the System Security Services Daemon..
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/sssd.nix>
|
services.sssd.config
Contents of sssd.conf
.
Type: string
Default:
'' [sssd] config_file_version = 2 services = nss, pam domains = shadowutils [nss] [pam] [domain/shadowutils] id_provider = proxy proxy_lib_name = files auth_provider = proxy proxy_pam_target = sssd-shadowutils proxy_fast_alias = True ''
Declared by:
<nixpkgs/nixos/modules/services/misc/sssd.nix>
|
services.sssd.sshAuthorizedKeysIntegration
Whether to make sshd look up authorized keys from SSS.
For this to work, the ssh
SSS service must be enabled in the sssd configuration.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/sssd.nix>
|
services.stanchion.enable
Whether to enable stanchion.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/stanchion.nix>
|
services.stanchion.package
Stanchion package to use.
Type: package
Default:
"pkgs.stanchion"
Example:
pkgs.stanchion
Declared by:
<nixpkgs/nixos/modules/services/databases/stanchion.nix>
|
services.stanchion.adminKey
Name of admin user.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/stanchion.nix>
|
services.stanchion.adminSecret
Name of admin secret
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/stanchion.nix>
|
services.stanchion.dataDir
Data directory for Stanchion.
Type: path
Default:
"/var/db/stanchion"
Declared by:
<nixpkgs/nixos/modules/services/databases/stanchion.nix>
|
services.stanchion.distributedCookie
Cookie for distributed node communication. All nodes in the same cluster should use the same cookie or they will not be able to communicate.
Type: string
Default:
"riak"
Declared by:
<nixpkgs/nixos/modules/services/databases/stanchion.nix>
|
services.stanchion.extraConfig
Additional text to be appended to stanchion.conf
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/stanchion.nix>
|
services.stanchion.listener
Name of Riak CS listening service.
Type: string
Default:
"127.0.0.1:8085"
Declared by:
<nixpkgs/nixos/modules/services/databases/stanchion.nix>
|
services.stanchion.logDir
Log directory for Stanchino.
Type: path
Default:
"/var/log/stanchion"
Declared by:
<nixpkgs/nixos/modules/services/databases/stanchion.nix>
|
services.stanchion.nodeName
Name of the Erlang node.
Type: string
Default:
"stanchion@127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/stanchion.nix>
|
services.stanchion.riakHost
Name of riak hosting service.
Type: string
Default:
"127.0.0.1:8087"
Declared by:
<nixpkgs/nixos/modules/services/databases/stanchion.nix>
|
services.stanchion.stanchionHost
Name of stanchion hosting service.
Type: string
Default:
"127.0.0.1:8085"
Declared by:
<nixpkgs/nixos/modules/services/databases/stanchion.nix>
|
services.statsd.enable
Whether to enable statsd.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
|
services.statsd.backends
List of backends statsd will use for data persistence
Type: list of strings
Default:
[
]
Example:
[
"graphite" "console" "repeater" "statsd-librato-backend" "stackdriver-statsd-backend" "statsd-influxdb-backend"
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
|
services.statsd.extraConfig
Extra configuration options for statsd
Type: null or string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
|
services.statsd.graphiteHost
Hostname or IP of Graphite server
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
|
services.statsd.graphitePort
Port of Graphite server (i.e. carbon-cache).
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
|
services.statsd.listenAddress
Address that statsd listens on over UDP
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
|
services.statsd.mgmt_address
Address to run management TCP interface on
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
|
services.statsd.mgmt_port
Port to run the management TCP interface on
Type: signed integer
Default:
8126
Declared by:
<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
|
services.statsd.port
Port that stats listens for messages on over UDP
Type: signed integer
Default:
8125
Declared by:
<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
|
services.strongswan.enable
Whether to enable strongSwan.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan.nix>
|
services.strongswan.enabledPlugins
A list of additional plugins to enable if
managePlugins
is true.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan.nix>
|
services.strongswan.ca
A set of CAs (certification authorities) and their options for
the ‘ca xxx’ sections of the ipsec.conf
file.
Type: attribute set of attribute set of stringss
Default:
{
}
Example:
{
strongswan =
{
auto = "add"; cacert = "/run/keys/strongswanCert.pem"; crluri = "http://crl2.strongswan.org/strongswan.crl";
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan.nix>
|
services.strongswan.connections
A set of connections and their options for the ‘conn xxx’
sections of the ipsec.conf
file.
Type: attribute set of attribute set of stringss
Default:
{
}
Example:
{
%default =
{
keyexchange = "ikev2"; keyingtries = "1";
}
; roadwarrior =
{
auto = "add"; leftcert = "/run/keys/moonCert.pem"; leftid = "@moon.strongswan.org"; leftsubnet = "10.1.0.0/16"; right = "%any";
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan.nix>
|
services.strongswan.managePlugins
If set to true, this option will disable automatic plugin loading and
then tell strongSwan to enable the plugins specified in the
enabledPlugins
option.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan.nix>
|
services.strongswan.secrets
A list of paths to IPSec secret files. These
files will be included into the main ipsec.secrets file with
the include
directive. It is safer if these
paths are absolute.
Type: list of paths
Default:
[
]
Example:
[
"/run/keys/ipsec-foo.secret"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan.nix>
|
services.strongswan.setup
A set of options for the ‘config setup’ section of the
ipsec.conf
file. Defines general
configuration parameters.
Type: attribute set of strings
Default:
{
}
Example:
{
cachecrls = "yes"; strictcrlpolicy = "yes";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan.nix>
|
services.strongswan-swanctl.enable
Whether to enable strongswan-swanctl service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.package
The strongswan derivation to use.
Type: package
Default:
"pkgs.strongswan"
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.strongswan.extraConfig
Contents of the strongswan.conf
file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.authorities
Section defining complementary attributes of certification authorities, each in its own subsection with an arbitrary yet unique name
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.authorities.<name>.cacert
The certificates may use a relative path from the swanctl
x509ca
directory or an absolute path.
Configure one of cacert
,
file
, or
handle
per section.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.authorities.<name>.cert_uri_base
Defines the base URI for the Hash and URL feature supported by IKEv2. Instead of exchanging complete certificates, IKEv2 allows one to send an URI that resolves to the DER encoded certificate. The certificate URIs are built by appending the SHA1 hash of the DER encoded certificates to this base URI.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.authorities.<name>.crl_uris
List of CRL distribution points (ldap, http, or file URI).
StrongSwan default: []
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.authorities.<name>.file
Absolute path to the certificate to load. Passed as-is to the daemon, so it must be readable by it.
Configure either this or handle
, but not both, in one section.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.authorities.<name>.handle
Hex-encoded CKA_ID or handle of the certificate on a token or TPM, respectively.
Configure either this or file
, but not both, in one section.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.authorities.<name>.module
Optional PKCS#11 module name.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.authorities.<name>.ocsp_uris
List of OCSP URIs.
StrongSwan default: []
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.authorities.<name>.slot
Optional slot number of the token that stores the certificate.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections
Section defining IKE connection configurations, each in its own subsection with an arbitrary yet unique name
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.aggressive
Enables Aggressive Mode instead of Main Mode with Identity Protection. Aggressive Mode is considered less secure, because the ID and HASH payloads are exchanged unprotected. This allows a passive attacker to snoop peer identities, and even worse, start dictionary attacks on the Preshared Key.
StrongSwan default: false
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children
CHILD_SA configuration sub-section. Each connection definition may have
one or more sections in its children
subsection. The
section name defines the name of the CHILD_SA configuration, which must be
unique within the connection (denoted <child> below).
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ah_proposals
AH proposals to offer for the CHILD_SA. A proposal is a set of algorithms. For AH, this includes an integrity algorithm and an optional Diffie-Hellman group. If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial negotiation uses a separate Diffie-Hellman exchange using the specified group (refer to esp_proposals for details).
In IKEv2, multiple algorithms of the same kind can be specified in a single proposal, from which one gets selected. In IKEv1, only one algorithm per kind is allowed per proposal, more algorithms get implicitly stripped. Use multiple proposals to offer different algorithms combinations in IKEv1.
Algorithm keywords get separated using dashes. Multiple proposals may be
specified in a list. The special value default
forms
a default proposal of supported algorithms considered safe, and is
usually a good choice for interoperability. By default no AH proposals
are included, instead ESP is proposed.
StrongSwan default: []
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.close_action
Action to perform after a CHILD_SA gets closed by the peer.
The default of none
does not take any action,
trap
installs a trap policy for the CHILD_SA.
start
tries to re-create the CHILD_SA.
close_action
does not provide any guarantee that the
CHILD_SA is kept alive. It acts on explicit close messages only, but not
on negotiation failures. Use trap policies to reliably re-create failed
CHILD_SAs.
StrongSwan default: "none"
Type: null or one of "none", "trap", "start"
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.dpd_action
Action to perform for this CHILD_SA on DPD timeout. The default clear closes the CHILD_SA and does not take further action. trap installs a trap policy, which will catch matching traffic and tries to re-negotiate the tunnel on-demand. restart immediately tries to re-negotiate the CHILD_SA under a fresh IKE_SA.
StrongSwan default: "clear"
Type: null or one of "clear", "trap", "restart"
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.esp_proposals
ESP proposals to offer for the CHILD_SA. A proposal is a set of algorithms. For ESP non-AEAD proposals, this includes an integrity algorithm, an encryption algorithm, an optional Diffie-Hellman group and an optional Extended Sequence Number Mode indicator. For AEAD proposals, a combined mode algorithm is used instead of the separate encryption/integrity algorithms.
If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial negotiation use a separate Diffie-Hellman exchange using the specified group. However, for IKEv2, the keys of the CHILD_SA created implicitly with the IKE_SA will always be derived from the IKE_SA's key material. So any DH group specified here will only apply when the CHILD_SA is later rekeyed or is created with a separate CREATE_CHILD_SA exchange. A proposal mismatch might, therefore, not immediately be noticed when the SA is established, but may later cause rekeying to fail.
Extended Sequence Number support may be indicated with the
esn
and noesn
values, both may be
included to indicate support for both modes. If omitted,
noesn
is assumed.
In IKEv2, multiple algorithms of the same kind can be specified in a single proposal, from which one gets selected. In IKEv1, only one algorithm per kind is allowed per proposal, more algorithms get implicitly stripped. Use multiple proposals to offer different algorithms combinations in IKEv1.
Algorithm keywords get separated using dashes. Multiple proposals may be
specified as a list. The special value default
forms
a default proposal of supported algorithms considered safe, and is
usually a good choice for interoperability. If no algorithms are
specified for AH nor ESP, the default set of algorithms for ESP is
included.
StrongSwan default: ["default"]
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.hostaccess
Hostaccess variable to pass to updown
script.
StrongSwan default: true
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.hw_offload
Enable hardware offload for this CHILD_SA, if supported by the IPsec
implementation. The value yes
enforces offloading
and the installation will fail if it's not supported by either kernel or
device. The value auto
enables offloading, if it's
supported, but the installation does not fail otherwise.
StrongSwan default: "no"
Type: null or one of "yes", "no", "auto"
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.inactivity
Timeout before closing CHILD_SA after inactivity. If no traffic has been processed in either direction for the configured timeout, the CHILD_SA gets closed due to inactivity. The default value of 0 disables inactivity checks.
StrongSwan default: "0s"
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.interface
Optional interface name to restrict outbound IPsec policies.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ipcomp
Enable IPComp compression before encryption. If enabled, IKE tries to negotiate IPComp compression to compress ESP payload data prior to encryption.
StrongSwan default: false
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_bytes
Maximum bytes processed before CHILD_SA gets closed. Usually this hard
volume limit is never reached, because the CHILD_SA gets rekeyed
before. If that fails for whatever reason, this limit closes the
CHILD_SA. The default is 10% more than rekey_bytes
.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_packets
Maximum number of packets processed before CHILD_SA gets closed. Usually this hard packets limit is never reached, because the CHILD_SA gets rekeyed before. If that fails for whatever reason, this limit closes the CHILD_SA.
The default is 10% more than rekey_bytes
.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_time
Maximum lifetime before CHILD_SA gets closed. Usually this hard lifetime
is never reached, because the CHILD_SA gets rekeyed before. If that fails
for whatever reason, this limit closes the CHILD_SA. The default is 10%
more than the rekey_time
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.local_ts
List of local traffic selectors to include in CHILD_SA. Each selector is
a CIDR subnet definition, followed by an optional proto/port
selector. The special value dynamic
may be used
instead of a subnet definition, which gets replaced by the tunnel outer
address or the virtual IP, if negotiated. This is the default.
A protocol/port selector is surrounded by opening and closing square
brackets. Between these brackets, a numeric or getservent(3) protocol
name may be specified. After the optional protocol restriction, an
optional port restriction may be specified, separated by a slash. The
port restriction may be numeric, a getservent(3) service name, or the
special value opaque
for RFC 4301 OPAQUE
selectors. Port ranges may be specified as well, none of the kernel
backends currently support port ranges, though.
When IKEv1 is used only the first selector is interpreted, except if the Cisco Unity extension plugin is used. This is due to a limitation of the IKEv1 protocol, which only allows a single pair of selectors per CHILD_SA. So to tunnel traffic matched by several pairs of selectors when using IKEv1 several children (CHILD_SAs) have to be defined that cover the selectors. The IKE daemon uses traffic selector narrowing for IKEv1, the same way it is standardized and implemented for IKEv2. However, this may lead to problems with other implementations. To avoid that, configure identical selectors in such scenarios.
StrongSwan default: ["dynamic"]
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_in
Netfilter mark and mask for input traffic. On Linux, Netfilter may
require marks on each packet to match an SA/policy having that option
set. This allows installing duplicate policies and enables Netfilter
rules to select specific SAs/policies for incoming traffic. Note that
inbound marks are only set on policies, by default, unless
mark_in_sa
is enabled. The special value
%unique
sets a unique mark on each CHILD_SA instance,
beyond that the value %unique-dir
assigns a different
unique mark for each
An additional mask may be appended to the mark, separated by
/
. The default mask if omitted is
0xffffffff
.
StrongSwan default: "0/0x00000000"
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_in_sa
Whether to set mark_in
on the inbound SA. By default,
the inbound mark is only set on the inbound policy. The tuple destination
address, protocol and SPI is unique and the mark is not required to find
the correct SA, allowing to mark traffic after decryption instead (where
more specific selectors may be used) to match different policies. Marking
packets before decryption is still possible, even if no mark is set on
the SA.
StrongSwan default: false
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_out
Netfilter mark and mask for output traffic. On Linux, Netfilter may
require marks on each packet to match a policy/SA having that option
set. This allows installing duplicate policies and enables Netfilter
rules to select specific policies/SAs for outgoing traffic. The special
value %unique
sets a unique mark on each CHILD_SA
instance, beyond that the value %unique-dir
assigns a
different unique mark for each CHILD_SA direction (in/out).
An additional mask may be appended to the mark, separated by
/
. The default mask if omitted is
0xffffffff
.
StrongSwan default: "0/0x00000000"
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mode
IPsec Mode to establish CHILD_SA with.
tunnel
negotiates the CHILD_SA in IPsec Tunnel Mode,
whereas transport
uses IPsec Transport Mode.
transport_proxy
signifying the special Mobile IPv6
Transport Proxy Mode.
beet
is the Bound End to End Tunnel mixture mode,
working with fixed inner addresses without the need to include them in
each packet.
Both transport
and beet
modes are
subject to mode negotiation; tunnel
mode is
negotiated if the preferred mode is not available.
pass
and drop
are used to install
shunt policies which explicitly bypass the defined traffic from IPsec
processing or drop it, respectively.
StrongSwan default: "tunnel"
Type: null or one of "tunnel", "transport", "transport_proxy", "beet", "pass", "drop"
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.policies
Whether to install IPsec policies or not. Disabling this can be useful in some scenarios e.g. MIPv6, where policies are not managed by the IKE daemon. Since 5.3.3.
StrongSwan default: true
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.policies_fwd_out
Whether to install outbound FWD IPsec policies or not. Enabling this is required in case there is a drop policy that would match and block forwarded traffic for this CHILD_SA. Since 5.5.1.
StrongSwan default: false
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.priority
Optional fixed priority for IPsec policies. This could be useful to install high-priority drop policies. The default of 0 uses dynamically calculated priorities based on the size of the traffic selectors.
StrongSwan default: 0
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_bytes
Byte range from which to choose a random value to subtract from
rekey_bytes
. The default is the difference between
life_bytes
and rekey_bytes
.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_packets
Packet range from which to choose a random value to subtract from
rekey_packets
. The default is the difference between
life_packets
and rekey_packets
.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_time
Time range from which to choose a random value to subtract from
rekey_time
. The default is the difference between
life_time
and rekey_time
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_bytes
Number of bytes processed before initiating CHILD_SA rekeying. CHILD_SA rekeying refreshes key material, optionally using a Diffie-Hellman exchange if a group is specified in the proposal.
To avoid rekey collisions initiated by both ends simultaneously, a value
in the range of rand_bytes
gets subtracted to form the
effective soft volume limit.
Volume based CHILD_SA rekeying is disabled by default.
StrongSwan default: 0
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_packets
Number of packets processed before initiating CHILD_SA rekeying. CHILD_SA rekeying refreshes key material, optionally using a Diffie-Hellman exchange if a group is specified in the proposal.
To avoid rekey collisions initiated by both ends simultaneously, a value
in the range of rand_packets
gets subtracted to form
the effective soft packet count limit.
Packet count based CHILD_SA rekeying is disabled by default.
StrongSwan default: 0
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_time
Time to schedule CHILD_SA rekeying. CHILD_SA rekeying refreshes key
material, optionally using a Diffie-Hellman exchange if a group is
specified in the proposal. To avoid rekey collisions initiated by both
ends simultaneously, a value in the range of rand_time
gets subtracted to form the effective soft lifetime.
By default CHILD_SA rekeying is scheduled every hour, minus
rand_time
.
StrongSwan default: "1h"
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.remote_ts
List of remote selectors to include in CHILD_SA. See
local_ts
for a description of the selector syntax.
StrongSwan default: ["dynamic"]
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.replay_window
IPsec replay window to configure for this CHILD_SA. Larger values than
the default of 32
are supported using the Netlink
backend only, a value of 0
disables IPsec replay
protection.
StrongSwan default: 32
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.reqid
Fixed reqid to use for this CHILD_SA. This might be helpful in some scenarios, but works only if each CHILD_SA configuration is instantiated not more than once. The default of 0 uses dynamic reqids, allocated incrementally.
StrongSwan default: 0
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.sha256_96
HMAC-SHA-256 is used with 128-bit truncation with IPsec. For compatibility with implementations that incorrectly use 96-bit truncation this option may be enabled to configure the shorter truncation length in the kernel. This is not negotiated, so this only works with peers that use the incorrect truncation length (or have this option enabled).
StrongSwan default: false
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.start_action
Action to perform after loading the configuration.
The default of none
loads the connection only, which
then can be manually initiated or used as a responder configuration.
The value trap
installs a trap policy, which triggers
the tunnel as soon as matching traffic has been detected.
The value start
initiates the connection actively.
When unloading or replacing a CHILD_SA configuration having a
start_action
different from none
,
the inverse action is performed. Configurations with
start
get closed, while such with
trap
get uninstalled.
StrongSwan default: "none"
Type: null or one of "none", "trap", "start"
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.tfc_padding
Pads ESP packets with additional data to have a consistent ESP packet
size for improved Traffic Flow Confidentiality. The padding defines the
minimum size of all ESP packets sent. The default value of
0
disables TFC padding, the special value
mtu
adds TFC padding to create a packet size equal to
the Path Maximum Transfer Unit.
StrongSwan default: 0
Type: null or signed integer or one of "mtu"
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.updown
Updown script to invoke on CHILD_SA up and down events.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.dpd_delay
Interval to check the liveness of a peer actively using IKEv2 INFORMATIONAL exchanges or IKEv1 R_U_THERE messages. Active DPD checking is only enforced if no IKE or ESP/AH packet has been received for the configured DPD delay.
StrongSwan default: "0s"
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.dpd_timeout
Charon by default uses the normal retransmission mechanism and timeouts to check the liveness of a peer, as all messages are used for liveness checking. For compatibility reasons, with IKEv1 a custom interval may be specified; this option has no effect on connections using IKEv2.
StrongSwan default: "0s"
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.dscp
Differentiated Services Field Codepoint to set on outgoing IKE packets for this connection. The value is a six digit binary encoded string specifying the Codepoint to set, as defined in RFC 2474.
StrongSwan default: "000000"
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.encap
To enforce UDP encapsulation of ESP packets, the IKE daemon can fake the NAT detection payloads. This makes the peer believe that NAT takes place on the path, forcing it to encapsulate ESP packets in UDP.
Usually this is not required, but it can help to work around connectivity issues with too restrictive intermediary firewalls.
StrongSwan default: false
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.fragmentation
Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2
fragmentation). Acceptable values are yes
(the default
since 5.5.1), accept
(since versions:5.5.3),
force
and no
.
If set to yes
, and the peer
supports it, oversized IKE messages will be sent in fragments.
If set to
accept
, support for fragmentation is announced to the peer but the daemon
does not send its own messages in fragments.
If set to force
(only
supported for IKEv1) the initial IKE message will already be fragmented if
required.
Finally, setting the option to no
will disable announcing
support for this feature.
Note that fragmented IKE messages sent by a peer are always processed irrespective of the value of this option (even when set to no).
StrongSwan default: "yes"
Type: null or one of "yes", "accept", "force", "no"
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.keyingtries
Number of retransmission sequences to perform during initial
connect. Instead of giving up initiation after the first retransmission
sequence with the default value of 1
, additional
sequences may be started according to the configured value. A value of
0
initiates a new sequence until the connection
establishes or fails with a permanent error.
StrongSwan default: 1
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local
Section for a local authentication round. A local authentication round defines the rules how authentication is performed for the local peer. Multiple rounds may be defined to use IKEv2 RFC 4739 Multiple Authentication or IKEv1 XAuth.
Each round is defined in a section having local
as
prefix, and an optional unique suffix. To define a single authentication
round, the suffix may be omitted.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.aaa_id
Server side EAP-Identity to expect in the EAP method. Some EAP methods, such as EAP-TLS, use an identity for the server to perform mutual authentication. This identity may differ from the IKE identity, especially when EAP authentication is delegated from the IKE responder to an AAA backend.
For EAP-(T)TLS, this defines the identity for which the server must provide a certificate in the TLS exchange.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.auth
Authentication to perform locally.
The default pubkey
uses public key authentication
using a private key associated to a usable certificate.
psk
uses pre-shared key authentication.
The IKEv1 specific xauth
is used for XAuth or Hybrid
authentication,
while the IKEv2 specific eap
keyword defines EAP
authentication.
For xauth
, a specific backend name may be appended,
separated by a dash. The appropriate xauth
backend is
selected to perform the XAuth exchange. For traditional XAuth, the
xauth
method is usually defined in the second
authentication round following an initial pubkey
(or
psk
) round. Using xauth
in the
first round performs Hybrid Mode client authentication.
For eap
, a specific EAP method name may be appended, separated by a
dash. An EAP module implementing the appropriate method is selected to
perform the EAP conversation.
Since 5.4.0, if both peers support RFC 7427 ("Signature Authentication
in IKEv2") specific hash algorithms to be used during IKEv2
authentication may be configured. To do so use ike:
followed by a trust chain signature scheme constraint (see description
of the remote
section's auth
keyword). For example, with ike:pubkey-sha384-sha256
a public key signature scheme with either SHA-384 or SHA-256 would get
used for authentication, in that order and depending on the hash
algorithms supported by the peer. If no specific hash algorithms are
configured, the default is to prefer an algorithm that matches or
exceeds the strength of the signature key. If no constraints with
ike:
prefix are configured any signature scheme
constraint (without ike:
prefix) will also apply to
IKEv2 authentication, unless this is disabled in
strongswan.conf
. To use RSASSA-PSS signatures use
rsa/pss
instead of pubkey
or
rsa
as in e.g.
ike:rsa/pss-sha256
. If pubkey
or
rsa
constraints are configured RSASSA-PSS signatures
will only be used if enabled in strongswan.conf
(5).
StrongSwan default: "pubkey"
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert
Section for a certificate candidate to use for authentication. Certificates in certs are transmitted as binary blobs, these sections offer more flexibility.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.file
Absolute path to the certificate to load. Passed as-is to the daemon, so it must be readable by it.
Configure either this or handle
, but not both, in one section.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.handle
Hex-encoded CKA_ID or handle of the certificate on a token or TPM, respectively.
Configure either this or file
, but not both, in one section.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.module
Optional PKCS#11 module name.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.slot
Optional slot number of the token that stores the certificate.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.certs
List of certificate candidates to use for
authentication. The certificates may use a relative path from the
swanctl x509
directory or an absolute path.
The certificate used for authentication is selected based on the received certificate request payloads. If no appropriate CA can be located, the first certificate is used.
StrongSwan default: []
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.eap_id
Client EAP-Identity to use in EAP-Identity exchange and the EAP method.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.id
IKE identity to use for authentication round. When using certificate authentication, the IKE identity must be contained in the certificate, either as subject or as subjectAltName.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.pubkeys
List of raw public key candidates to use for
authentication. The public keys may use a relative path from the swanctl
pubkey
directory or an absolute path.
Even though multiple local public keys could be defined in principle, only the first public key in the list is used for authentication.
StrongSwan default: []
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.round
Optional numeric identifier by which authentication rounds are sorted. If not specified rounds are ordered by their position in the config file/vici message.
StrongSwan default: 0
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.xauth_id
Client XAuth username used in the XAuth exchange.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local_addrs
Local address(es) to use for IKE communication. Takes single IPv4/IPv6 addresses, DNS names, CIDR subnets or IP address ranges.
As initiator, the first non-range/non-subnet is used to initiate the connection from. As responder, the local destination address must match at least to one of the specified addresses, subnets or ranges.
If FQDNs are assigned they are resolved every time a configuration lookup is done. If DNS resolution times out, the lookup is delayed for that time.
StrongSwan default: []
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local_port
Local UDP port for IKE communication. By default the port of the socket
backend is used, which is usually 500
. If port
500
is used, automatic IKE port floating to port
4500
is used to work around NAT issues.
Using a non-default local IKE port requires support from the socket backend in use (socket-dynamic).
StrongSwan default: 500
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.mediated_by
The name of the connection to mediate this connection through. If given, the connection will be mediated through the named mediation connection. The mediation connection must have mediation enabled.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.mediation
Whether this connection is a mediation connection, that is, whether this connection is used to mediate other connections using the IKEv2 Mediation Extension. Mediation connections create no CHILD_SA.
StrongSwan default: false
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.mediation_peer
Identity under which the peer is registered at the mediation server, that is, the IKE identity the other end of this connection uses as its local identity on its connection to the mediation server. This is the identity we request the mediation server to mediate us with. Only relevant on connections that set mediated_by. If it is not given, the remote IKE identity of the first authentication round of this connection will be used.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.mobike
Enables MOBIKE on IKEv2 connections. MOBIKE is enabled by default on IKEv2 connections, and allows mobility of clients and multi-homing on servers by migrating active IPsec tunnels.
Usually keeping MOBIKE enabled is unproblematic, as it is not used if the peer does not indicate support for it. However, due to the design of MOBIKE, IKEv2 always floats to port 4500 starting from the second exchange. Some implementations don't like this behavior, hence it can be disabled.
StrongSwan default: true
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.over_time
Hard IKE_SA lifetime if rekey/reauth does not complete, as time. To avoid having an IKE/ISAKMP kept alive if IKE reauthentication or rekeying fails perpetually, a maximum hard lifetime may be specified. If the IKE_SA fails to rekey or reauthenticate within the specified time, the IKE_SA gets closed.
In contrast to CHILD_SA rekeying, over_time is relative in time to the rekey_time and reauth_time values, as it applies to both.
The default is 10% of the longer of rekey_time
and
reauth_time
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.pools
List of named IP pools to allocate virtual IP addresses and other configuration attributes from. Each name references a pool by name from either the pools section or an external pool.
StrongSwan default: []
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.proposals
A proposal is a set of algorithms. For non-AEAD algorithms, this includes for IKE an encryption algorithm, an integrity algorithm, a pseudo random function and a Diffie-Hellman group. For AEAD algorithms, instead of encryption and integrity algorithms, a combined algorithm is used.
In IKEv2, multiple algorithms of the same kind can be specified in a single proposal, from which one gets selected. In IKEv1, only one algorithm per kind is allowed per proposal, more algorithms get implicitly stripped. Use multiple proposals to offer different algorithms combinations in IKEv1.
Algorithm keywords get separated using dashes. Multiple proposals may be
specified in a list. The special value default
forms a
default proposal of supported algorithms considered safe, and is usually a
good choice for interoperability.
StrongSwan default: ["default"]
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.pull
If the default of yes is used, Mode Config works in pull mode, where the initiator actively requests a virtual IP. With no, push mode is used, where the responder pushes down a virtual IP to the initiating peer.
Push mode is currently supported for IKEv1, but not in IKEv2. It is used by a few implementations only, pull mode is recommended.
StrongSwan default: true
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.rand_time
Time range from which to choose a random value to subtract from rekey/reauth times. To avoid having both peers initiating the rekey/reauth procedure simultaneously, a random time gets subtracted from the rekey/reauth times.
The default is equal to the configured over_time
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.reauth_time
Time to schedule IKE reauthentication. IKE reauthentication recreates the IKE/ISAKMP SA from scratch and re-evaluates the credentials. In asymmetric configurations (with EAP or configuration payloads) it might not be possible to actively reauthenticate as responder. The IKEv2 reauthentication lifetime negotiation can instruct the client to perform reauthentication.
Reauthentication is disabled by default. Enabling it usually may lead to small connection interruptions, as strongSwan uses a break-before-make policy with IKEv2 to avoid any conflicts with associated tunnel resources.
StrongSwan default: "0s"
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.rekey_time
IKE rekeying refreshes key material using a Diffie-Hellman exchange, but does not re-check associated credentials. It is supported in IKEv2 only, IKEv1 performs a reauthentication procedure instead.
With the default value IKE rekeying is scheduled every 4 hours, minus the configured rand_time. If a reauth_time is configured, rekey_time defaults to zero, disabling rekeying; explicitly set both to enforce rekeying and reauthentication.
StrongSwan default: "4h"
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote
Section for a remote authentication round. A remote authentication round defines the constraints how the peers must authenticate to use this connection. Multiple rounds may be defined to use IKEv2 RFC 4739 Multiple Authentication or IKEv1 XAuth.
Each round is defined in a section having remote
as
prefix, and an optional unique suffix. To define a single authentication
round, the suffix may be omitted.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.auth
Authentication to expect from remote. See the local
section's auth
keyword description about the details of
supported mechanisms.
Since 5.4.0, to require a trustchain public key strength for the remote
side, specify the key type followed by the minimum strength in bits (for
example ecdsa-384
or
rsa-2048-ecdsa-256
). To limit the acceptable set of
hashing algorithms for trustchain validation, append hash algorithms to
pubkey or a key strength definition (for example
pubkey-sha256-sha512
,
rsa-2048-sha256-sha384-sha512
or
rsa-2048-sha256-ecdsa-256-sha256-sha384
).
Unless disabled in strongswan.conf
, or explicit IKEv2
signature constraints are configured (refer to the description of the
local
section's auth
keyword for
details), such key types and hash algorithms are also applied as
constraints against IKEv2 signature authentication schemes used by the
remote side. To require RSASSA-PSS signatures use
rsa/pss
instead of pubkey
or
rsa
as in e.g. rsa/pss-sha256
. If
pubkey
or rsa
constraints are
configured RSASSA-PSS signatures will only be accepted if enabled in
strongswan.conf
(5).
To specify trust chain constraints for EAP-(T)TLS, append a colon to the
EAP method, followed by the key type/size and hash algorithm as
discussed above (e.g. eap-tls:ecdsa-384-sha384
).
StrongSwan default: "pubkey"
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert
Section for a CA certificate to accept for authentication. Certificates in cacerts are transmitted as binary blobs, these sections offer more flexibility.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.file
Absolute path to the certificate to load. Passed as-is to the daemon, so it must be readable by it.
Configure either this or handle
, but not both, in one section.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.handle
Hex-encoded CKA_ID or handle of the certificate on a token or TPM, respectively.
Configure either this or file
, but not both, in one section.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.module
Optional PKCS#11 module name.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.slot
Optional slot number of the token that stores the certificate.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacerts
List of CA certificates to accept for
authentication. The certificates may use a relative path from the
swanctl x509ca
directory or an absolute path.
StrongSwan default: []
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert
Section for a certificate candidate to use for authentication. Certificates in certs are transmitted as binary blobs, these sections offer more flexibility.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.file
Absolute path to the certificate to load. Passed as-is to the daemon, so it must be readable by it.
Configure either this or handle
, but not both, in one section.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.handle
Hex-encoded CKA_ID or handle of the certificate on a token or TPM, respectively.
Configure either this or file
, but not both, in one section.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.module
Optional PKCS#11 module name.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.slot
Optional slot number of the token that stores the certificate.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert_policy
List of certificate policy OIDs the peer's certificate must have. OIDs are specified using the numerical dotted representation.
StrongSwan default: []
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.certs
List of certificates to accept for authentication. The certificates may
use a relative path from the swanctl x509
directory
or an absolute path.
StrongSwan default: []
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.eap_id
Identity to use as peer identity during EAP authentication. If set to
%any
the EAP-Identity method will be used to ask the
client for an EAP identity.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.groups
Authorization group memberships to require. The peer must prove membership to at least one of the specified groups. Group membership can be certified by different means, for example by appropriate Attribute Certificates or by an AAA backend involved in the authentication.
StrongSwan default: []
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.id
IKE identity to expect for authentication round. When using certificate authentication, the IKE identity must be contained in the certificate, either as subject or as subjectAltName.
StrongSwan default: "%any"
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.pubkeys
List of raw public keys to accept for
authentication. The public keys may use a relative path from the swanctl
pubkey
directory or an absolute path.
StrongSwan default: []
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.revocation
Certificate revocation policy for CRL or OCSP revocation.
A strict
revocation policy fails if no revocation information is
available, i.e. the certificate is not known to be unrevoked.
ifuri
fails only if a CRL/OCSP URI is available, but certificate
revocation checking fails, i.e. there should be revocation information
available, but it could not be obtained.
The default revocation policy relaxed
fails only if a certificate is
revoked, i.e. it is explicitly known that it is bad.
StrongSwan default: "relaxed"
Type: null or one of "strict", "ifuri", "relaxed"
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.round
Optional numeric identifier by which authentication rounds are sorted. If not specified rounds are ordered by their position in the config file/vici message.
StrongSwan default: 0
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote_addrs
Remote address(es) to use for IKE communication. Takes single IPv4/IPv6 addresses, DNS names, CIDR subnets or IP address ranges.
As initiator, the first non-range/non-subnet is used to initiate the connection to. As responder, the initiator source address must match at least to one of the specified addresses, subnets or ranges.
If FQDNs are assigned they are resolved every time a configuration lookup is done. If DNS resolution times out, the lookup is delayed for that time. To initiate a connection, at least one specific address or DNS name must be specified.
StrongSwan default: []
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote_port
Remote UDP port for IKE communication. If the default of port
500
is used, automatic IKE port floating to port
4500
is used to work around NAT issues.
StrongSwan default: 500
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.send_cert
Send certificate payloads when using certificate authentication.
With the default of ifasked
the daemon sends
certificate payloads only if certificate requests have been received.
never
disables sending of certificate payloads
altogether,
always
causes certificate payloads to be sent
unconditionally whenever certificate authentication is used.
StrongSwan default: "ifasked"
Type: null or one of "always", "never", "ifasked"
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.send_certreq
Send certificate request payloads to offer trusted root CA certificates to the peer. Certificate requests help the peer to choose an appropriate certificate/private key for authentication and are enabled by default. Disabling certificate requests can be useful if too many trusted root CA certificates are installed, as each certificate request increases the size of the initial IKE packets.
StrongSwan default: true
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.unique
Connection uniqueness policy to enforce. To avoid multiple connections from the same user, a uniqueness policy can be enforced.
The value never
does never enforce such a policy, even
if a peer included INITIAL_CONTACT notification messages,
whereas no
replaces existing connections for the same
identity if a new one has the INITIAL_CONTACT notify.
keep
rejects new connection attempts if the same user
already has an active connection,
replace
deletes any existing connection if a new one
for the same user gets established.
To compare connections for uniqueness, the remote IKE identity is used. If EAP or XAuth authentication is involved, the EAP-Identity or XAuth username is used to enforce the uniqueness policy instead.
On initiators this setting specifies whether an INITIAL_CONTACT notify is
sent during IKE_AUTH if no existing connection is found with the remote
peer (determined by the identities of the first authentication
round). Unless set to never
the client will send a notify.
StrongSwan default: "no"
Type: null or one of "no", "never", "keep", "replace"
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.version
IKE major version to use for connection.
1 uses IKEv1 aka ISAKMP,
2 uses IKEv2.
A connection using the default of 0 accepts both IKEv1 and IKEv2 as responder, and initiates the connection actively with IKEv2.
StrongSwan default: 0
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.vips
List of virtual IPs to request in IKEv2 configuration payloads or IKEv1
Mode Config. The wildcard addresses 0.0.0.0
and
::
request an arbitrary address, specific addresses may
be defined. The responder may return a different address, though, or none
at all.
StrongSwan default: []
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.pools
Section defining named pools. Named pools may be referenced by connections with the pools option to assign virtual IPs and other configuration attributes. Each pool must have a unique name (denoted <name> below).
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.pools.<name>.addrs
Subnet or range defining addresses allocated in pool. Accepts a single CIDR subnet defining the pool to allocate addresses from or an address range (<from>-<to>). Pools must be unique and non-overlapping.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.pools.<name>.dhcp
Address or CIDR subnets
StrongSwan default: []
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.pools.<name>.dns
Address or CIDR subnets
StrongSwan default: []
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.pools.<name>.nbns
Address or CIDR subnets
StrongSwan default: []
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.pools.<name>.netmask
Address or CIDR subnets
StrongSwan default: []
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.pools.<name>.server
Address or CIDR subnets
StrongSwan default: []
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.pools.<name>.split_exclude
Address or CIDR subnets
StrongSwan default: []
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.pools.<name>.split_include
Address or CIDR subnets
StrongSwan default: []
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.pools.<name>.subnet
Address or CIDR subnets
StrongSwan default: []
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.eap
EAP secret section for a specific secret. Each EAP secret is defined in a
unique section having the eap
prefix. EAP secrets are
used for XAuth authentication as well.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.eap.<name>.id
Identity the EAP/XAuth secret belongs to. Multiple unique identities may
be specified, each having an id
prefix, if a secret
is shared between multiple users.
Type: attribute set of null or strings
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.eap.<name>.secret
Value of the EAP/XAuth secret. It may either be an ASCII string, a hex encoded string if it has a 0x prefix or a Base64 encoded string if it has a 0s prefix in its value.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.ecdsa
Private key decryption passphrase for a key in the
ecdsa
folder.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.ecdsa.<name>.file
File name in the ecdsa
folder for which this
passphrase should be used.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.ecdsa.<name>.secret
Value of decryption passphrase for ECDSA key.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.ike
IKE preshared secret section for a specific secret. Each IKE PSK is
defined in a unique section having the ike
prefix.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.ike.<name>.id
IKE identity the IKE preshared secret belongs to. Multiple unique
identities may be specified, each having an id
prefix, if a secret is shared between multiple peers.
Type: attribute set of null or strings
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.ike.<name>.secret
Value of the IKE preshared secret. It may either be an ASCII string, a hex encoded string if it has a 0x prefix or a Base64 encoded string if it has a 0s prefix in its value.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.ntlm
NTLM secret section for a specific secret. Each NTLM secret is defined in
a unique section having the ntlm
prefix. NTLM secrets
may only be used for EAP-MSCHAPv2 authentication.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.ntlm.<name>.id
Identity the NTLM secret belongs to. Multiple unique identities may be specified, each having an id prefix, if a secret is shared between multiple users.
Type: attribute set of null or strings
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.ntlm.<name>.secret
Value of the NTLM secret, which is the NT Hash of the actual secret, that is, MD4(UTF-16LE(secret)). The resulting 16-byte value may either be given as a hex encoded string with a 0x prefix or as a Base64 encoded string with a 0s prefix.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.pkcs12
PKCS#12 decryption passphrase for a container in the
pkcs12
folder.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.file
File name in the pkcs12
folder for which this
passphrase should be used.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.secret
Value of decryption passphrase for PKCS#12 container.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.pkcs8
Private key decryption passphrase for a key in the
pkcs8
folder.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.pkcs8.<name>.file
File name in the pkcs8
folder for which this
passphrase should be used.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.pkcs8.<name>.secret
Value of decryption passphrase for PKCS#8 key.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.private
Private key decryption passphrase for a key in the
private
folder.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.private.<name>.file
File name in the private folder for which this passphrase should be used.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.private.<name>.secret
Value of decryption passphrase for private key.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.rsa
Private key decryption passphrase for a key in the rsa
folder.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.rsa.<name>.file
File name in the rsa
folder for which this passphrase
should be used.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.rsa.<name>.secret
Value of decryption passphrase for RSA key.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.token
Definition for a private key that's stored on a token/smartcard/TPM.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.token.<name>.handle
Hex-encoded CKA_ID or handle of the private key on the token or TPM, respectively.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.token.<name>.module
Optional PKCS#11 module name to access the token.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.token.<name>.pin
Optional PIN required to access the key on the token. If none is
provided the user is prompted during an interactive
--load-creds
call.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.token.<name>.slot
Optional slot number to access the token.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.xauth
EAP secret section for a specific secret. Each EAP secret is defined in a
unique section having the eap
prefix. EAP secrets are
used for XAuth authentication as well.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.xauth.<name>.id
Identity the EAP/XAuth secret belongs to. Multiple unique identities may
be specified, each having an id
prefix, if a secret
is shared between multiple users.
Type: attribute set of null or strings
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.xauth.<name>.secret
Value of the EAP/XAuth secret. It may either be an ASCII string, a hex encoded string if it has a 0x prefix or a Base64 encoded string if it has a 0s prefix in its value.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.stubby.enable
Whether to enable Stubby DNS resolver.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
|
services.stubby.authenticationMode
Selects the Strict or Opportunistic usage profile.
For strict, set to GETDNS_AUTHENTICATION_REQUIRED
.
for opportunistic, use GETDNS_AUTHENTICATION_NONE
.
Type: one of "GETDNS_AUTHENTICATION_REQUIRED", "GETDNS_AUTHENTICATION_NONE"
Default:
"GETDNS_AUTHENTICATION_REQUIRED"
Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
|
services.stubby.debugLogging
Enable or disable debug level logging.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
|
services.stubby.extraConfig
Add additional configuration options. see stubby(1)for more options.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
|
services.stubby.fallbackProtocols
Ordered list composed of one or more transport protocols.
Strict mode should only use GETDNS_TRANSPORT_TLS
.
Other options are GETDNS_TRANSPORT_UDP
and
GETDNS_TRANSPORT_TCP
.
Type: list of one of "GETDNS_TRANSPORT_TLS", "GETDNS_TRANSPORT_TCP", "GETDNS_TRANSPORT_UDP"s
Default:
[
"GETDNS_TRANSPORT_TLS"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
|
services.stubby.idleTimeout
EDNS0 option for keepalive idle timeout expressed in milliseconds.
Type: signed integer
Default:
10000
Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
|
services.stubby.listenAddresses
Sets the listen address for the stubby daemon. Uses port 53 by default. Ise IP@port to specify a different port.
Type: list of strings
Default:
[
"127.0.0.1" "0::1"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
|
services.stubby.queryPaddingBlocksize
EDNS0 option to pad the size of the DNS query to the given blocksize.
Type: signed integer
Default:
128
Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
|
services.stubby.roundRobinUpstreams
Instructs stubby to distribute queries across all available name
servers. Default is true
. Set to
false
in order to use the first available.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
|
services.stubby.subnetPrivate
EDNS0 option for ECS client privacy. Default is
true
. If set, this option prevents the client
subnet from being sent to authoritative nameservers.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
|
services.stubby.upstreamServers
Add additional upstreams. See stubby
(1) for an
example of the entry formatting. In Strict mode, at least one of the
following settings must be supplied for each nameserver:
tls_auth_name
or
tls_pubkey_pinset
.
Type: string
Default:
'' - address_data: 145.100.185.15 tls_auth_name: "dnsovertls.sinodun.com" tls_pubkey_pinset: - digest: "sha256" value: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4= - address_data: 145.100.185.16 tls_auth_name: "dnsovertls1.sinodun.com" tls_pubkey_pinset: - digest: "sha256" value: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA= - address_data: 185.49.141.37 tls_auth_name: "getdnsapi.net" tls_pubkey_pinset: - digest: "sha256" value: foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q= - address_data: 2001:610:1:40ba:145:100:185:15 tls_auth_name: "dnsovertls.sinodun.com" tls_pubkey_pinset: - digest: "sha256" value: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4= - address_data: 2001:610:1:40ba:145:100:185:16 tls_auth_name: "dnsovertls1.sinodun.com" tls_pubkey_pinset: - digest: "sha256" value: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA= - address_data: 2a04:b900:0:100::38 tls_auth_name: "getdnsapi.net" tls_pubkey_pinset: - digest: "sha256" value: foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q= ''
Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
|
services.stunnel.enable
Whether to enable the stunnel TLS tunneling service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.stunnel.enableInsecureSSLv3
Enable support for the insecure SSLv3 protocol.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.stunnel.clients
Define the client configurations.
Type: attribute set of submodules
Default:
{
}
Example:
{
foobar =
{
accept = "0.0.0.0:8080"; connect = "nixos.org:443"; verifyChain = false;
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.stunnel.clients.<name>.CAPath
Path to a file containing certificates to validate against.
Type: path
Default:
"\${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.stunnel.clients.<name>.accept
IP:Port on which connections should be accepted.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.stunnel.clients.<name>.connect
IP:Port destination to connect to.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.stunnel.clients.<name>.verifyChain
Check if the provided certificate has a valid certificate chain (against CAPath).
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.stunnel.clients.<name>.verifyHostname
If set, stunnel checks if the provided certificate is valid for the given hostname.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.stunnel.clients.<name>.verifyPeer
Check if the provided certificate is contained in CAPath.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.stunnel.fipsMode
Enable FIPS 140-2 mode required for compliance.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.stunnel.group
The group under which stunnel runs.
Type: null or string
Default:
"nogroup"
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.stunnel.logLevel
Verbosity of stunnel output.
Type: one of "emerg", "alert", "crit", "err", "warning", "notice", "info", "debug"
Default:
"info"
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.stunnel.servers
Define the server configuations.
Type: attribute set of submodules
Default:
{
}
Example:
{
fancyWebserver =
{
accept = 443; cert = "/path/to/pem/file"; connect = 8080; enable = true;
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.stunnel.servers.<name>.accept
On which port stunnel should listen for incoming TLS connections.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.stunnel.servers.<name>.cert
File containing both the private and public keys.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.stunnel.servers.<name>.connect
To which port the decrypted connection should be forwarded.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.stunnel.user
The user under which stunnel runs.
Type: null or string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.subsonic.enable
Whether to enable Subsonic daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
|
services.subsonic.contextPath
The context path, i.e., the last part of the Subsonic URL. Typically '/' or '/subsonic'. Default '/'
Type: path
Default:
"/"
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
|
services.subsonic.defaultMusicFolder
Configure Subsonic to use this folder for music. This option only has effect the first time Subsonic is started.
Type: path
Default:
"/var/music"
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
|
services.subsonic.defaultPlaylistFolder
Configure Subsonic to use this folder for playlists. This option only has effect the first time Subsonic is started.
Type: path
Default:
"/var/playlists"
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
|
services.subsonic.defaultPodcastFolder
Configure Subsonic to use this folder for Podcasts. This option only has effect the first time Subsonic is started.
Type: path
Default:
"/var/music/Podcast"
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
|
services.subsonic.home
The directory where Subsonic will create files. Make sure it is writable.
Type: path
Default:
"/var/lib/subsonic"
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
|
services.subsonic.httpsPort
The port on which Subsonic will listen for incoming HTTPS traffic. Set to 0 to disable.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
|
services.subsonic.listenAddress
The host name or IP address on which to bind Subsonic. Only relevant if you have multiple network interfaces and want to make Subsonic available on only one of them. The default value will bind Subsonic to all available network interfaces.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
|
services.subsonic.maxMemory
The memory limit (max Java heap size) in megabytes. Default: 100
Type: signed integer
Default:
100
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
|
services.subsonic.port
The port on which Subsonic will listen for incoming HTTP traffic. Set to 0 to disable.
Type: signed integer
Default:
4040
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
|
services.subsonic.transcoders
List of paths to transcoder executables that should be accessible from Subsonic. Symlinks will be created to each executable inside /var/lib/subsonic/transcoders.
Type: list of paths
Default:
[
"\${pkgs.ffmpeg.bin}/bin/ffmpeg"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
|
services.sundtek.enable
Whether to enable Sundtek driver.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/sundtek.nix>
|
services.supybot.enable
Enable Supybot, an IRC bot
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/supybot.nix>
|
services.supybot.configFile
Path to a supybot config file. This can be generated by running supybot-wizard.
Note: all paths should include the full path to the stateDir directory (backup conf data logs logs/plugins plugins tmp web).
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/supybot.nix>
|
services.supybot.stateDir
The root directory, logs and plugins are stored here
Type: unspecified
Default:
"/home/supybot"
Declared by:
<nixpkgs/nixos/modules/services/networking/supybot.nix>
|
services.svnserve.enable
Whether to enable svnserve to serve Subversion repositories through the SVN protocol.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/svnserve.nix>
|
services.svnserve.svnBaseDir
Base directory from which Subversion repositories are accessed.
Type: unspecified
Default:
"/repos"
Declared by:
<nixpkgs/nixos/modules/services/misc/svnserve.nix>
|
services.syncthing.enable
Whether to enable Syncthing - the self-hosted open-source alternative to Dropbox and Bittorrent Sync. Initial interface will be available on http://127.0.0.1:8384/. .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.package
Syncthing package to use.
Type: package
Default:
"pkgs.syncthing"
Example:
pkgs.syncthing
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.all_proxy
Overwrites all_proxy environment variable for the syncthing process to the given value. This is normaly used to let relay client connect through SOCKS5 proxy server.
Type: null or string
Default:
null
Example:
"socks5://address.com:1234"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.dataDir
Path where the settings and keys will exist.
Type: path
Default:
"/var/lib/syncthing"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.group
Syncthing will be run under this group (group will not be created if it doesn't exist. This can be your user name).
Type: string
Default:
"nogroup"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.openDefaultPorts
Open the default ports in the firewall: - TCP 22000 for transfers - UDP 21027 for discovery If multiple users are running syncthing on this machine, you will need to manually open a set of ports for each instance and leave this disabled. Alternatively, if are running only a single instance on this machine using the default ports, enable this.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.systemService
Auto launch Syncthing as a system service.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.user
Syncthing will be run under this user (user will be created if it doesn't exist. This can be your user name).
Type: string
Default:
"syncthing"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.synergy.client.enable
Whether to enable the Synergy client (receive keyboard and mouse events from a Synergy server).
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.client.autoStart
Whether the Synergy client should be started automatically.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.client.screenName
Use the given name instead of the hostname to identify ourselves to the server.
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.client.serverAddress
The server address is of the form: [hostname][:port]. The hostname must be the address or hostname of the server. The port overrides the default port, 24800.
Type: unspecified
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.server.enable
Whether to enable the Synergy server (send keyboard and mouse events).
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.server.address
Address on which to listen for clients.
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.server.autoStart
Whether the Synergy server should be started automatically.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.server.configFile
The Synergy server configuration file.
Type: unspecified
Default:
"/etc/synergy-server.conf"
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.server.screenName
Use the given name instead of the hostname to identify this screen in the configuration.
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.syslog-ng.enable
Whether to enable the syslog-ng daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/logging/syslog-ng.nix>
|
services.syslog-ng.package
The package providing syslog-ng binaries.
Type: package
Default:
"pkgs.syslogng"
Declared by:
<nixpkgs/nixos/modules/services/logging/syslog-ng.nix>
|
services.syslog-ng.configHeader
The very first lines of the configuration file. Should usually contain the syslog-ng version header.
Type: string
Default:
'' @version: 3.6 @include "scl.conf" ''
Declared by:
<nixpkgs/nixos/modules/services/logging/syslog-ng.nix>
|
services.syslog-ng.extraConfig
Configuration added to the end of syslog-ng.conf
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/logging/syslog-ng.nix>
|
services.syslog-ng.extraModulePaths
A list of paths that should be included in syslog-ng's
--module-path
option. They should usually
end in /lib/syslog-ng
Type: list of strings
Default:
[
]
Example:
[ "${pkgs.syslogng_incubator}/lib/syslog-ng" ]
Declared by:
<nixpkgs/nixos/modules/services/logging/syslog-ng.nix>
|
services.syslogd.enable
Whether to enable syslogd. Note that systemd also logs syslog messages, so you normally don't need to run syslogd.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/logging/syslogd.nix>
|
services.syslogd.enableNetworkInput
Accept logging through UDP. Option -r of syslogd(8).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/logging/syslogd.nix>
|
services.syslogd.defaultConfig
The default syslog.conf
file configures a
fairly standard setup of log files, which can be extended by
means of extraConfig
.
Type: string
Default:
'' # Send emergency messages to all users. *.emerg * # "local1" is used for dhcpd messages. local1.* -/var/log/dhcpd mail.* -/var/log/mail *.=warning;*.=err -/var/log/warn *.crit /var/log/warn *.*;mail.none;local1.none -/var/log/messages ''
Declared by:
<nixpkgs/nixos/modules/services/logging/syslogd.nix>
|
services.syslogd.extraConfig
Additional text appended to syslog.conf
,
i.e. the contents of defaultConfig
.
Type: string
Default:
""
Example:
"news.* -/var/log/news"
Declared by:
<nixpkgs/nixos/modules/services/logging/syslogd.nix>
|
services.syslogd.extraParams
Additional parameters passed to syslogd.
Type: list of strings
Default:
[
]
Example:
[
"-m 0"
]
Declared by:
<nixpkgs/nixos/modules/services/logging/syslogd.nix>
|
services.syslogd.tty
The tty device on which syslogd will print important log messages. Leave this option blank to disable tty logging.
Type: string
Default:
"tty10"
Declared by:
<nixpkgs/nixos/modules/services/logging/syslogd.nix>
|
services.sysprof.enable
Whether to enable sysprof profiling daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/sysprof.nix>
|
services.sysstat.enable
Whether to enable sar system activity collection.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/sysstat.nix>
|
services.sysstat.collect-args
Arguments to pass sa1 when collecting statistics
Type: unspecified
Default:
"1 1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/sysstat.nix>
|
services.sysstat.collect-frequency
OnCalendar specification for sysstat-collect
Type: unspecified
Default:
"*:00/10"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/sysstat.nix>
|
services.systemhealth.enable
Enable the system health monitor and its generation of graphs.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/systemhealth.nix>
|
services.systemhealth.drives
Drives to monitor.
Type: unspecified
Default:
[
]
Example:
[
{
name = "root"; path = "/";
}
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/systemhealth.nix>
|
services.systemhealth.interfaces
Interfaces to monitor (minimum one).
Type: unspecified
Default:
[
"lo"
]
Example:
[
"lo" "eth0" "eth1"
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/systemhealth.nix>
|
services.systemhealth.urlPrefix
The URL prefix under which the System Health web pages appear in httpd.
Type: unspecified
Default:
"/health"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/systemhealth.nix>
|
services.tahoe.introducers
The Tahoe introducers.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.introducers.<name>.package
The package to use for the Tahoe LAFS daemon.
Type: package
Default:
"pkgs.tahoelafs"
Example:
pkgs.tahoelafs
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.introducers.<name>.nickname
The nickname of this Tahoe introducer.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.introducers.<name>.tub.location
The external location that the introducer should listen on.
If specified, the port should be included.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.introducers.<name>.tub.port
The port on which the introducer will listen.
Type: signed integer
Default:
3458
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes
The Tahoe nodes.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.package
The package to use for the Tahoe LAFS daemon.
Type: package
Default:
"pkgs.tahoelafs"
Example:
pkgs.tahoelafs
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.client.helper
The furl for a Tahoe helper node.
Like all furls, keep this safe and don't share it.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.client.introducer
The furl for a Tahoe introducer node.
Like all furls, keep this safe and don't share it.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.client.shares.happy
The number of distinct storage nodes required to store a file.
Type: signed integer
Default:
7
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.client.shares.needed
The number of shares required to reconstitute a file.
Type: signed integer
Default:
3
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.client.shares.total
The number of shares required to store a file.
Type: signed integer
Default:
10
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.helper.enable
Whether to enable helper service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.nickname
The nickname of this Tahoe node.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.sftpd.enable
Whether to enable SFTP service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.sftpd.accounts.file
Path to the accounts file.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.sftpd.accounts.url
URL of the accounts server.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.sftpd.hostPrivateKeyFile
Path to the SSH host private key.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.sftpd.hostPublicKeyFile
Path to the SSH host public key.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.sftpd.port
The port on which the SFTP server will listen.
This is the correct setting to tweak if you want Tahoe's SFTP daemon to listen on a different port.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.storage.enable
Whether to enable storage service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.storage.reservedSpace
The amount of filesystem space to not use for storage.
Type: string
Default:
"1G"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.tub.location
The external location that the node should listen on.
This is the setting to tweak if there are multiple interfaces and you want to alter which interface Tahoe is advertising.
If specified, the port should be included.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.tub.port
The port on which the tub will listen.
This is the correct setting to tweak if you want Tahoe's storage system to listen on a different port.
Type: signed integer
Default:
3457
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.web.port
The port on which the Web server will listen.
This is the correct setting to tweak if you want Tahoe's WUI to listen on a different port.
Type: signed integer
Default:
3456
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tarsnap.enable
Enable periodic tarsnap backups.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives
Tarsnap archive configurations. Each attribute names an archive to be created at a given time interval, according to the options associated with it. When uploading to the tarsnap server, archive names are suffixed by a 1 second resolution timestamp.
For each member of the set is created a timer which triggers the
instanced tarsnap-archive-name
service unit. You may use
systemctl start tarsnap-archive-name to
manually trigger creation of archive-name
at
any time.
Type: attribute set of submodules
Default:
{
}
Example:
{ nixos = { directories = [ "/home" "/root/ssl" ]; }; gamedata = { directories = [ "/var/lib/minecraft" ]; period = "*:30"; }; }
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.aggressiveNetworking
Upload data over multiple TCP connections, potentially increasing tarsnap's bandwidth utilisation at the cost of slowing down all other network traffic. Not recommended unless TCP congestion is the dominant limiting factor.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.cachedir
The cache allows tarsnap to identify previously stored data blocks, reducing archival time and bandwidth usage.
Should the cache become desynchronized or corrupted, tarsnap will refuse to run until you manually rebuild the cache with tarsnap --fsck.
Set to null
to disable caching.
Type: null or path
Default:
"/var/cache/tarsnap/root-tarsnap.key"
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.checkpointBytes
Create a checkpoint every checkpointBytes
of uploaded data (optionally specified using an SI prefix).
1GB is the minimum value. A higher value is recommended, as checkpointing is expensive.
Set to null
to disable checkpointing.
Type: null or string
Default:
"1GB"
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.directories
List of filesystem paths to archive.
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.excludes
Exclude files and directories matching these patterns.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.explicitSymlinks
Whether to follow symlinks specified as archives.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.followSymlinks
Whether to follow all symlinks in archive trees.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.includes
Include only files and directories matching these patterns (the empty list includes everything).
Exclusions have precedence over inclusions.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.keyfile
Set a specific keyfile for this archive. This defaults to
"/root/tarsnap.key"
if left unspecified.
Use this option if you want to run multiple backups
concurrently - each archive must have a unique key. You can
generate a write-only key derived from your master key (which
is recommended) using tarsnap-keymgmt(1)
.
Note: every archive must have an individual master key. You
must generate multiple keys with
tarsnap-keygen(1)
, and then generate write
only keys from those.
The keyfile name should be given as a string and not a path, to avoid the key being copied into the Nix store.
Type: string
Default:
"/root/tarsnap.key"
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.lowmem
Reduce memory consumption by not caching small files. Possibly beneficial if the average file size is smaller than 1 MB and the number of files is lower than the total amount of RAM in KB.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.maxbw
Abort archival if upstream bandwidth usage in bytes exceeds this threshold.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.maxbwRateDown
Download bandwidth rate limit in bytes.
Type: null or signed integer
Default:
null
Example:
50 * 1000
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.maxbwRateUp
Upload bandwidth rate limit in bytes.
Type: null or signed integer
Default:
null
Example:
25 * 1000
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.nodump
Exclude files with the nodump
flag.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.period
Create archive at this interval.
The format is described in systemd.time(7).
Type: string
Default:
"01:15"
Example:
"hourly"
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.printStats
Print global archive statistics upon completion. The output is available via systemctl status tarsnap-archive-name.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.verbose
Whether to produce verbose logging output.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.verylowmem
Reduce memory consumption by a factor of 2 beyond what
lowmem
does, at the cost of significantly
slowing down the archiving process.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.keyfile
The keyfile which associates this machine with your tarsnap account. Create the keyfile with tarsnap-keygen.
Note that each individual archive (specified below) may also have its
own individual keyfile specified. Tarsnap does not allow multiple
concurrent backups with the same cache directory and key (starting a
new backup will cause another one to fail). If you have multiple
archives specified, you should either spread out your backups to be
far apart, or specify a separate key for each archive. By default
every archive defaults to using
"/root/tarsnap.key"
.
It's recommended for backups that you generate a key for every archive
using tarsnap-keygen(1)
, and then generate a
write-only tarsnap key using tarsnap-keymgmt(1)
,
and keep your master key(s) for a particular machine off-site.
The keyfile name should be given as a string and not a path, to avoid the key being copied into the Nix store.
Type: string
Default:
"/root/tarsnap.key"
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.taskserver.enable
Whether to enable the Taskwarrior server.
More instructions about NixOS in conjuction with Taskserver can be found in the NixOS manual at Chapter 17, Taskserver.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.allowedClientIDs
A list of regular expressions that are matched against the reported
client id (such as task 2.3.0
).
The values all
or none
have
special meaning. Overidden by any entry in the option
services.taskserver.disallowedClientIDs
.
Type: string or list of strings
Default:
[
]
Example:
[
"[Tt]ask [2-9]+"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.ciphers
List of GnuTLS ciphers to use. See the GnuTLS documentation about priority strings at https://gnutls.org/manual/html_node/Priority-Strings.html for full details.
Type: null or string
Default:
null
Example:
"NORMAL:-VERS-SSL3.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.config
Configuration options to pass to Taskserver.
The options here are the same as described in taskdrc(5), but with one difference:
The server
option is
server.listen
here, because the
server
option would collide with other options
like server.cert
and we would run in a type error
(attribute set versus string).
Nix types like integers or booleans are automatically converted to the right values Taskserver would expect.
Type: attribute set
Example:
{
client =
{
cert = "/tmp/debugging.cert";
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.confirmation
Determines whether certain commands are confirmed.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.dataDir
Data directory for Taskserver.
Type: path
Default:
"/var/lib/taskserver"
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.debug
Logs debugging information.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.disallowedClientIDs
A list of regular expressions that are matched against the reported
client id (such as task 2.3.0
).
The values all
or none
have
special meaning. Any entry here overrides those in
services.taskserver.allowedClientIDs
.
Type: string or list of strings
Default:
[
]
Example:
[
"[Tt]ask [2-9]+"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.extensions
Fully qualified path of the Taskserver extension scripts. Currently there are none.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.fqdn
The fully qualified domain name of this server, which is also used as the common name in the certificates.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.group
Group for Taskserver.
Type: string
Default:
"taskd"
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.ipLog
Logs the IP addresses of incoming requests.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.listenHost
The address (IPv4, IPv6 or DNS) to listen on.
If the value is something else than localhost
the
port defined by listenPort
is automatically added to
networking.firewall.allowedTCPPorts
.
Type: string
Default:
"localhost"
Example:
"::"
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.listenPort
Port number of the Taskserver.
Type: signed integer
Default:
53589
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.organisations
An attribute set where the keys name the organisation and the values
are a set of lists of users
and
groups
.
Type: attribute set of submodules
Default:
{
}
Example:
{
myShinyOrganisation =
{
groups =
[
"staff" "outsiders"
]
; users =
[
"alice" "bob"
]
;
}
; yetAnotherOrganisation =
{
users =
[
"foo" "bar"
]
;
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.organisations.<name>.groups
A list of group names that belong to the organization.
Type: list of strings
Default:
[
]
Example:
[
"workers" "slackers"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.organisations.<name>.users
A list of user names that belong to the organization.
Type: list of strings
Default:
[
]
Example:
[
"alice" "bob"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.pki.auto.bits
The bit size for generated keys.
This option is for the automatically handled CA and will be ignored if any
of the services.taskserver.pki.manual.*
options are set.
Type: signed integer
Default:
4096
Example:
2048
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.pki.auto.expiration.ca
The expiration time of the CA certificate in days or null
for no
expiration time.
This option is for the automatically handled CA and will be ignored if any
of the services.taskserver.pki.manual.*
options are set.
Type: null or signed integer
Default:
null
Example:
365
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.pki.auto.expiration.client
The expiration time of client certificates in days or null
for no
expiration time.
This option is for the automatically handled CA and will be ignored if any
of the services.taskserver.pki.manual.*
options are set.
Type: null or signed integer
Default:
null
Example:
365
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.pki.auto.expiration.crl
The expiration time of the certificate revocation list (CRL) in days or null
for no
expiration time.
This option is for the automatically handled CA and will be ignored if any
of the services.taskserver.pki.manual.*
options are set.
Type: null or signed integer
Default:
null
Example:
365
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.pki.auto.expiration.server
The expiration time of the server certificate in days or null
for no
expiration time.
This option is for the automatically handled CA and will be ignored if any
of the services.taskserver.pki.manual.*
options are set.
Type: null or signed integer
Default:
null
Example:
365
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.pki.manual.ca.cert
Fully qualified path to the CA certificate.
Setting this option will prevent automatic CA creation and handling.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.pki.manual.server.cert
Fully qualified path to the server certificate.
Setting this option will prevent automatic CA creation and handling.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.pki.manual.server.crl
Fully qualified path to the server certificate revocation list.
Setting this option will prevent automatic CA creation and handling.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.pki.manual.server.key
Fully qualified path to the server key.
Setting this option will prevent automatic CA creation and handling.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.queueSize
Size of the connection backlog, see listen(2).
Type: signed integer
Default:
10
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.requestLimit
Size limit of incoming requests, in bytes.
Type: signed integer
Default:
1048576
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.trust
Determines how client certificates are validated.
The value allow all
performs no client
certificate validation. This is not recommended. The value
strict
causes the client certificate to be
validated against a CA.
Type: one of "allow all", "strict"
Default:
"strict"
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.user
User for Taskserver.
Type: string
Default:
"taskd"
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.tcsd.enable
Whether to enable tcsd, a Trusted Computing management service that provides TCG Software Stack (TSS). The tcsd daemon is the only portal to the Trusted Platform Module (TPM), a hardware chip on the motherboard.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
|
services.tcsd.conformanceCred
Path to the conformance credential for your TPM. See also the platformCred option
Type: path
Default:
"/var/lib/tpm/conformance.cert"
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
|
services.tcsd.endorsementCred
Path to the endorsement credential for your TPM. See also the platformCred option
Type: path
Default:
"/var/lib/tpm/endorsement.cert"
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
|
services.tcsd.firmwarePCRs
PCR indices used in the TPM for firmware measurements.
Type: string
Default:
"0,1,2,3,4,5,6,7"
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
|
services.tcsd.group
Group account under which tcsd runs.
Type: string
Default:
"tss"
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
|
services.tcsd.kernelPCRs
PCR indices used in the TPM for kernel measurements.
Type: string
Default:
"8,9,10,11,12"
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
|
services.tcsd.platformCred
Path to the platform credential for your TPM. Your TPM manufacturer may have provided you with a set of credentials (certificates) that should be used when creating identities using your TPM. When a user of your TPM makes an identity, this credential will be encrypted as part of that process. See the 1.1b TPM Main specification section 9.3 for information on this process.
Type: path
Default:
"/var/lib/tpm/platform.cert"
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
|
services.tcsd.stateDir
The location of the system persistent storage file. The system persistent storage file holds keys and data across restarts of the TCSD and system reboots.
Type: path
Default:
"/var/lib/tpm"
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
|
services.tcsd.user
User account under which tcsd runs.
Type: string
Default:
"tss"
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
|
services.teamspeak3.enable
Whether to run the Teamspeak3 voice communication server daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
|
services.teamspeak3.dataDir
Directory to store TS3 database and other state/data files.
Type: path
Default:
"/var/lib/teamspeak3-server"
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
|
services.teamspeak3.defaultVoicePort
Default UDP port for clients to connect to virtual servers - used for first virtual server, subsequent ones will open on incrementing port numbers by default.
Type: signed integer
Default:
9987
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
|
services.teamspeak3.fileTransferIP
IP on which the server instance will listen for incoming file transfer connections. Defaults to any IP.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
|
services.teamspeak3.fileTransferPort
TCP port opened for file transfers.
Type: signed integer
Default:
30033
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
|
services.teamspeak3.logPath
Directory to store log files in.
Type: path
Default:
"/var/log/teamspeak3-server/"
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
|
services.teamspeak3.queryIP
IP on which the server instance will listen for incoming ServerQuery connections. Defaults to any IP.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
|
services.teamspeak3.queryPort
TCP port opened for ServerQuery connections.
Type: signed integer
Default:
10011
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
|
services.teamspeak3.voiceIP
IP on which the server instance will listen for incoming voice connections. Defaults to any IP.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
|
services.teamviewer.enable
Whether to enable TeamViewer daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/teamviewer.nix>
|
services.telegraf.enable
Whether to enable telegraf server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/telegraf.nix>
|
services.telegraf.package
Which telegraf derivation to use
Type: package
Default:
"pkgs.telegraf"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/telegraf.nix>
|
services.telegraf.extraConfig
Extra configuration options for telegraf
Type: attribute set
Default:
{
}
Example:
{
inputs =
{
statsd =
{
delete_timings = true; service_address = ":8125";
}
;
}
; outputs =
{
influxdb =
{
database = "telegraf"; urls =
[
"http://localhost:8086"
]
;
}
;
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/telegraf.nix>
|
services.telepathy.enable
Whether to enable Telepathy service, a communications framework that enables real-time communication via pluggable protocol backends.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/telepathy.nix>
|
services.terraria.enable
If enabled, starts a Terraria server. The server can be connected to via tmux -S /var/lib/terraria/terraria.sock attach
for administration by users who are a part of the terraria
group (use C-b d
shortcut to detach again).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
|
services.terraria.autoCreatedWorldSize
Specifies the size of the auto-created world if worldPath
does not
point to an existing world.
Type: one of "small", "medium", "large"
Default:
"medium"
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
|
services.terraria.banListPath
The path to the ban list.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
|
services.terraria.maxPlayers
Sets the max number of players (between 1 and 255).
Type: signed integer
Default:
255
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
|
services.terraria.messageOfTheDay
Set the server message of the day text.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
|
services.terraria.noUPnP
Disables automatic Universal Plug and Play.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
|
services.terraria.password
Sets the server password. Leave null
for no password.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
|
services.terraria.port
Specifies the port to listen on.
Type: signed integer
Default:
7777
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
|
services.terraria.secure
Adds additional cheat protection to the server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
|
services.terraria.worldPath
The path to the world file (.wld
) which should be loaded.
If no world exists at this path, one will be created with the size
specified by autoCreatedWorldSize
.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
|
services.tftpd.enable
Whether to enable tftpd, a Trivial File Transfer Protocol server. The server will be run as an xinetd service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/tftpd.nix>
|
services.tftpd.path
Where the tftp server files are stored.
Type: path
Default:
"/srv/tftp"
Declared by:
<nixpkgs/nixos/modules/services/networking/tftpd.nix>
|
services.thermald.enable
Whether to enable thermald, the temperature management daemon.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/thermald.nix>
|
services.thermald.configFile
the thermald manual configuration file.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/thermald.nix>
|
services.thermald.debug
Whether to enable debug logging.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/thermald.nix>
|
services.thinkfan.enable
Whether to enable thinkfan, fan controller for IBM/Lenovo ThinkPads.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
|
services.thinkfan.fan
Specifies the fan we want to use. On anything other than a Thinkpad you'll probably use some PWM control file in /sys/class/hwmon. A sysfs fan would be specified like this: pwm_fan /sys/class/hwmon/hwmon2/device/pwm1
Type: string
Default:
"tp_fan /proc/acpi/ibm/fan"
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
|
services.thinkfan.levels
(LEVEL, LOW, HIGH) LEVEL is the fan level to use (0-7 with thinkpad_acpi). LOW is the temperature at which to step down to the previous level. HIGH is the temperature at which to step up to the next level. All numbers are integers.
Type: string
Default:
'' (0, 0, 55) (1, 48, 60) (2, 50, 61) (3, 52, 63) (6, 56, 65) (7, 60, 85) (127, 80, 32767) ''
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
|
services.thinkfan.sensors
thinkfan can read temperatures from three possible sources:
/proc/acpi/ibm/thermal Which is provided by the thinkpad_acpi kernel module (keyword tp_thermal)
/sys/class/hwmon/*/temp*_input Which may be provided by any hwmon drivers (keyword hwmon)
S.M.A.R.T. (since 0.9 and requires the USE_ATASMART compilation flag) Which reads the temperature directly from the hard disk using libatasmart (keyword atasmart)
Multiple sensors may be added, in which case they will be numbered in their order of appearance.
Type: string
Default:
'' tp_thermal /proc/acpi/ibm/thermal (0,0,10) ''
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
|
services.timesyncd.enable
Enables the systemd NTP client daemon.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/timesyncd.nix>
|
services.timesyncd.servers
The set of NTP servers from which to synchronise.
Type: unspecified
Default:
[
"0.nixos.pool.ntp.org" "1.nixos.pool.ntp.org" "2.nixos.pool.ntp.org" "3.nixos.pool.ntp.org"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/timesyncd.nix>
|
services.tinc.networks
Defines the tinc networks which will be started. Each network invokes a different daemon.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.package
The package to use for the tinc daemon's binary.
Type: package
Default:
"pkgs.tinc_pre"
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.bindToAddress
The ip address to bind to (both listen on and send packets from).
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.chroot
Change process root directory to the directory where the config file is located (/etc/tinc/netname/), for added security. The chroot is performed after all the initialization is done, after writing pid files and opening network sockets.
Note that tinc can't run scripts anymore (such as tinc-down or host-up), unless it is setup to be runnable inside chroot environment.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.debugLevel
The amount of debugging information to add to the log. 0 means little logging while 5 is the most logging. man tincd for more details.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.ed25519PrivateKeyFile
Path of the private ed25519 keyfile.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.extraConfig
Extra lines to add to the tinc service configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.hosts
The name of the host in the network as well as the configuration for that host. This name should only contain alphanumerics and underscores.
Type: attribute set of strings
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.interfaceType
The type of virtual interface used for the network connection
Type: one of "tun", "tap"
Default:
"tun"
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.listenAddress
The ip address to listen on for incoming connections.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.name
The name of the node which is used as an identifier when communicating with the remote nodes in the mesh. If null then the hostname of the system is used to derive a name (note that tinc may replace non-alphanumeric characters in hostnames by underscores).
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinydns.enable
Whether to run the tinydns dns server
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/tinydns.nix>
|
services.tinydns.data
The DNS data to serve, in the format described by tinydns-data(8)
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/tinydns.nix>
|
services.tinydns.ip
IP address on which to listen for connections
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/tinydns.nix>
|
services.tlp.enable
Whether to enable the TLP daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/tlp.nix>
|
services.tlp.extraConfig
Additional configuration variables for TLP
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/hardware/tlp.nix>
|
services.tomcat.enable
Whether to enable Apache Tomcat.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.package
Which tomcat package to use.
Type: package
Default:
"pkgs.tomcat85"
Example:
pkgs.tomcat9
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.axis2.enable
Whether to enable an Apache Axis2 container
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.axis2.services
List containing AAR files or directories with AAR files which are web services to be deployed on Axis2
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.baseDir
Location where Tomcat stores configuration files, webapplications and logfiles
Type: path
Default:
"/var/tomcat"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.catalinaOpts
Parameters to pass to the Java Virtual Machine which spawns the Catalina servlet container
Type: list of strings or string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.commonLibs
List containing JAR files or directories with JAR files which are libraries shared by the web applications and the servlet container
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.extraConfigFiles
Extra configuration files to pull into the tomcat conf directory
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.extraEnvironment
Environment Variables to pass to the tomcat service
Type: list of strings
Default:
[
]
Example:
[
"ENVIRONMENT=production"
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.extraGroups
Defines extra groups to which the tomcat user belongs.
Type: unspecified
Default:
[
]
Example:
[
"users"
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.group
Group account under which Apache Tomcat runs.
Type: string
Default:
"tomcat"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.javaOpts
Parameters to pass to the Java Virtual Machine which spawns Apache Tomcat
Type: list of strings or string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.jdk
Which JDK to use.
Type: package
Default:
"pkgs.jdk"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.logDirs
Directories to create in baseDir/logs/
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.logPerVirtualHost
Whether to enable logging per virtual host.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.serverXml
Verbatim server.xml configuration. This is mutually exclusive with the virtualHosts options.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.sharedLibs
List containing JAR files or directories with JAR files which are libraries shared by the web applications
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.user
User account under which Apache Tomcat runs.
Type: string
Default:
"tomcat"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.virtualHosts
List consisting of a virtual host name and a list of web applications to deploy on each virtual host
Type: list of submodules
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.virtualHosts.*.name
name of the virtualhost
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.virtualHosts.*.webapps
List containing web application WAR files and/or directories containing web applications and configuration files for the virtual host.
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.webapps
List containing WAR files or directories with WAR files which are web applications to be deployed on Tomcat
Type: list of paths
Default:
"[ pkgs.tomcat85.webapps ]"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tor.enable
Enable the Tor daemon. By default, the daemon is run without relay, exit, bridge or client connectivity.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.enableGeoIP
Whenever to configure Tor daemon to use GeoIP databases.
Disabling this will disable by-country statistics for bridges and relays and some client and third-party software functionality.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.enable
Whether to enable Tor daemon to route application connections. You might want to disable this if you plan running a dedicated Tor relay.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.dns.enable
Whether to enable tor dns resolver
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.dns.automapHostsSuffixes
List of suffixes to use with automapHostsOnResolve
Type: list of strings
Default:
[
".onion" ".exit"
]
Example:
[
".onion"
]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.dns.isolationOptions
Tor isolation options
Type: list of one of "IsolateClientAddr", "IsolateSOCKSAuth", "IsolateClientProtocol", "IsolateDestPort", "IsolateDestAddr"s
Default:
[
]
Example:
[
"IsolateClientAddr" "IsolateSOCKSAuth" "IsolateClientProtocol" "IsolateDestPort" "IsolateDestAddr"
]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.dns.listenAddress
Bind tor dns to this address.
Type: string
Default:
"127.0.0.1:9053"
Example:
"192.168.0.1:9053"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.privoxy.enable
Whether to enable and configure the system Privoxy to use Tor's faster port, suitable for HTTP.
To have anonymity, protocols need to be scrubbed of identifying information, and this can be accomplished for HTTP by Privoxy.
Privoxy can also be useful for KDE torification. A good setup would be: setting SOCKS proxy to the default Tor port, providing maximum circuit isolation where possible; and setting HTTP proxy to Privoxy to route HTTP traffic over faster, but less isolated port.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.socksIsolationOptions
Tor isolation options
Type: list of one of "IsolateClientAddr", "IsolateSOCKSAuth", "IsolateClientProtocol", "IsolateDestPort", "IsolateDestAddr"s
Default:
[
"IsolateDestAddr"
]
Example:
[
"IsolateClientAddr" "IsolateSOCKSAuth" "IsolateClientProtocol" "IsolateDestPort" "IsolateDestAddr"
]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.socksListenAddress
Bind to this address to listen for connections from Socks-speaking applications. Provides strong circuit isolation, separate circuit per IP address.
Type: string
Default:
"127.0.0.1:9050"
Example:
"192.168.0.1:9100"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.socksListenAddressFaster
Bind to this address to listen for connections from
Socks-speaking applications. Same as
socksListenAddress
but uses weaker
circuit isolation to provide performance suitable for a
web browser.
Type: string
Default:
"127.0.0.1:9063"
Example:
"192.168.0.1:9101"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.socksPolicy
Entry policies to allow/deny SOCKS requests based on IP
address. First entry that matches wins. If no SocksPolicy
is set, we accept all (and only) requests from
socksListenAddress
.
Type: null or string
Default:
null
Example:
"accept 192.168.0.0/16, reject *"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.transparentProxy.enable
Whether to enable tor transparent proxy
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.transparentProxy.isolationOptions
Tor isolation options
Type: list of one of "IsolateClientAddr", "IsolateSOCKSAuth", "IsolateClientProtocol", "IsolateDestPort", "IsolateDestAddr"s
Default:
[
]
Example:
[
"IsolateClientAddr" "IsolateSOCKSAuth" "IsolateClientProtocol" "IsolateDestPort" "IsolateDestAddr"
]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.transparentProxy.listenAddress
Bind transparent proxy to this address.
Type: string
Default:
"127.0.0.1:9040"
Example:
"192.168.0.1:9040"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.controlPort
If set, Tor will accept connections on the specified port and allow them to control the tor process.
Type: null or signed integer or string
Default:
null
Example:
9051
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.controlSocket.enable
Wheter to enable Tor control socket. Control socket is created
in /run/tor/control
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.extraConfig
Extra configuration. Contents will be added verbatim to the configuration file at the end.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.hiddenServices
A set of static hidden services that terminate their Tor circuits at this node.
Every element in this set declares a virtual onion host.
You can specify your onion address by putting corresponding private key to an appropriate place in /var/lib/tor.
For services without private keys in /var/lib/tor Tor daemon will generate random key pairs (which implies random onion addresses) on restart. The latter could take a while, please be patient.
Hidden services can be useful even if you don't intend to actually hide them, since they can also be seen as a kind of NAT traversal mechanism. E.g. the example will make your sshd, whatever runs on "8080" and your mail server available from anywhere where the Tor network is available (which, with the help from bridges, is pretty much everywhere), even if both client and server machines are behind NAT you have no control over.
Type: list or attribute set of submodules
Default:
{
}
Example:
{ "my-hidden-service-example".map = [ { port = 22; } # map ssh port to this machine's ssh { port = 80; toPort = 8080; } # map http port to whatever runs on 8080 { port = "sip"; toHost = "mail.example.com"; toPort = "imap"; } # because we can ]; }
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.hiddenServices.<name?>.authorizeClient
If configured, the hidden service is accessible for authorized clients only.
Type: null or submodule
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.hiddenServices.<name?>.authorizeClient.authType
Either "basic"
for a general-purpose authorization protocol
or "stealth"
for a less scalable protocol
that also hides service activity from unauthorized clients.
Type: one of "basic", "stealth"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.hiddenServices.<name?>.authorizeClient.clientNames
Only clients that are listed here are authorized to access the hidden service.
Generated authorization data can be found in /var/lib/tor/onion/$name/hostname
.
Clients need to put this authorization data in their configuration file using HidServAuth
.
Type: non-empty list of string matching the pattern [A-Za-z0-9+-_]+s
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.hiddenServices.<name?>.map
Port mapping for this hidden service.
Type: list of submodules
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.hiddenServices.<name?>.map.*.port
Hidden service port to "bind to".
Type: signed integer or string
Example:
80
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.hiddenServices.<name?>.map.*.toHost
Mapping destination host.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.hiddenServices.<name?>.map.*.toPort
Mapping destination port.
Type: signed integer or string
Example:
8080
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.hiddenServices.<name?>.name
Name of this tor hidden service.
This is purely descriptive.
After restarting Tor daemon you should be able to
find your .onion address in
/var/lib/tor/onion/$name/hostname
.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.enable
Whether to enable relaying TOR traffic for others.
See https://www.torproject.org/docs/tor-doc-relay for details.
Setting this to true requires setting
services.tor.relay.role
and
services.tor.relay.port
options.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.accountingMax
Specify maximum bandwidth allowed during an accounting period. This
allows you to limit overall tor bandwidth over some time period.
See the AccountingMax
option by looking at the
tor manual tor(1) for more.
Note this limit applies individually to upload and
download; if you specify "500 GBytes"
here, then you may transfer up to 1 TBytes of overall
bandwidth (500 GB upload, 500 GB download).
Type: null or string
Default:
null
Example:
"450 GBytes"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.accountingStart
Specify length of an accounting period. This allows you to limit
overall tor bandwidth over some time period. See the
AccountingStart
option by looking at the tor
manual tor(1) for more.
Type: null or string
Default:
null
Example:
"month 1 1:00"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.address
The IP address or full DNS name for advertised address of your relay. Leave unset and Tor will guess.
Type: null or string
Default:
null
Example:
"noname.example.com"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.bandwidthBurst
Specify this to allow bursts of the bandwidth usage of relayed (server) traffic. The average usage will still be as specified in relayBandwidthRate. Your own traffic is still unthrottled. Units: bytes/second.
Type: null or signed integer
Default:
null
Example:
200
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.bandwidthRate
Specify this to limit the bandwidth usage of relayed (server) traffic. Your own traffic is still unthrottled. Units: bytes/second.
Type: null or signed integer
Default:
null
Example:
100
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.contactInfo
Contact information for the relay owner (e.g. a mail address and GPG key ID).
Type: null or string
Default:
null
Example:
"admin@relay.com"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.exitPolicy
A comma-separated list of exit policies. They're considered first to last, and the first match wins. If you want to _replace_ the default exit policy, end this with either a reject *:* or an accept *:*. Otherwise, you're _augmenting_ (prepending to) the default exit policy. Leave commented to just use the default, which is available in the man page or at https://www.torproject.org/documentation.html.
Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses for issues you might encounter if you use the default exit policy.
If certain IPs and ports are blocked externally, e.g. by your firewall, you should update your exit policy to reflect this -- otherwise Tor users will be told that those destinations are down.
Type: null or string
Default:
null
Example:
"accept *:6660-6667,reject *:*"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.nickname
A unique handle for your TOR relay.
Type: string
Default:
"anonymous"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.port
What port to advertise for Tor connections. This corresponds to the
ORPort
section in the Tor manual; see
tor(1) for more details.
At a minimum, you should just specify the port for the relay to listen on; a common one like 143, 22, 80, or 443 to help Tor users who may have very restrictive port-based firewalls.
Type: signed integer or string
Example:
143
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.role
Your role in Tor network. There're several options:
exit
An exit relay. This allows Tor users to access regular Internet services through your public IP.
Running an exit relay may expose you to abuse complaints. See https://www.torproject.org/faq.html.en#ExitPolicies for more info.
You can specify which services Tor users may access via
your exit relay using exitPolicy
option.
relay
Regular relay. This allows Tor users to relay onion traffic to other Tor nodes, but not to public Internet.
Note that some misconfigured and/or disrespectful towards privacy sites will block you even if your relay is not an exit relay. That is, just being listed in a public relay directory can have unwanted consequences. Which means you might not want to use this role if you browse public Internet from the same network as your relay, unless you want to write e-mails to those sites (you should!).
See https://www.torproject.org/docs/tor-doc-relay.html.en for more info.
bridge
Regular bridge. Works like a regular relay, but doesn't list you in the public relay directory and hides your Tor node behind obfsproxy.
Using this option will make Tor advertise your bridge to users through various mechanisms like https://bridges.torproject.org/, though.
WARNING: THE FOLLOWING PARAGRAPH IS NOT LEGAL ADVICE. Consult with your lawer when in doubt.
This role should be safe to use in most situations (unless the act of forwarding traffic for others is a punishable offence under your local laws, which would be pretty insane as it would make ISP illegal).
See https://www.torproject.org/docs/bridges.html.en for more info.
private-bridge
Private bridge. Works like regular bridge, but does not advertise your node in any way.
Using this role means that you won't contribute to Tor network in any way unless you advertise your node yourself in some way.
Use this if you want to run a private bridge, for example because you'll give out your bridge address manually to your friends.
Switching to this role after measurable time in
"bridge" role is pretty useless as some Tor users
would have learned about your node already. In the
latter case you can still change
port
option.
See https://www.torproject.org/docs/bridges.html.en for more info.
Type: one of "exit", "relay", "bridge", "private-bridge"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.torsocks.enable
Whether to build /etc/tor/torsocks.conf
containing the specified global torsocks configuration.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
|
services.tor.torsocks.allowInbound
Set Torsocks to accept inbound connections. If set to
true
, listen() and accept() will be
allowed to be used with non localhost address.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
|
services.tor.torsocks.fasterServer
IP/Port of the Tor SOCKS server for torsocks-faster wrapper suitable for HTTP. Currently, hostnames are NOT supported by torsocks.
Type: string
Default:
"127.0.0.1:9063"
Example:
"192.168.0.20:1234"
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
|
services.tor.torsocks.onionAddrRange
Tor hidden sites do not have real IP addresses. This specifies what range of IP addresses will be handed to the application as "cookies" for .onion names. Of course, you should pick a block of addresses which you aren't going to ever need to actually connect to. This is similar to the MapAddress feature of the main tor daemon.
Type: string
Default:
"127.42.42.0/24"
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
|
services.tor.torsocks.server
IP/Port of the Tor SOCKS server. Currently, hostnames are NOT supported by torsocks.
Type: string
Default:
"127.0.0.1:9050"
Example:
"192.168.0.20:1234"
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
|
services.tor.torsocks.socks5Password
SOCKS5 password. The TORSOCKS_PASSWORD
environment variable overrides this option if it is set.
Type: null or string
Default:
null
Example:
"sekret"
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
|
services.tor.torsocks.socks5Username
SOCKS5 username. The TORSOCKS_USERNAME
environment variable overrides this option if it is set.
Type: null or string
Default:
null
Example:
"bob"
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
|
services.tor.tsocks.enable
Whether to build tsocks wrapper script to relay application traffic via Tor.
You shouldn't use this unless you know what you're
doing because your installation of Tor already comes with
its own superior (doesn't leak DNS queries)
torsocks
wrapper which does pretty much
exactly the same thing as this.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/torify.nix>
|
services.tor.tsocks.config
Extra configuration. Contents will be added verbatim to TSocks configuration file.
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/security/torify.nix>
|
services.tor.tsocks.server
IP address of TOR client to use.
Type: unspecified
Default:
"localhost:9050"
Example:
"192.168.0.20"
Declared by:
<nixpkgs/nixos/modules/services/security/torify.nix>
|
services.torque.mom.enable
Whether to enable torque computing node.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/computing/torque/mom.nix>
|
services.torque.mom.serverNode
Hostname running pbs server.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/computing/torque/mom.nix>
|
services.torque.server.enable
Whether to enable torque server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/computing/torque/server.nix>
|
services.toxBootstrapd.enable
Whether to enable the Tox DHT bootstrap daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-bootstrapd.nix>
|
services.toxBootstrapd.extraConfig
Configuration for bootstrap daemon. See https://github.com/irungentoo/toxcore/blob/master/other/bootstrap_daemon/tox-bootstrapd.conf and http://wiki.tox.im/Nodes.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-bootstrapd.nix>
|
services.toxBootstrapd.keysFile
Node key file.
Type: string
Default:
"/var/lib/tox-bootstrapd/keys"
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-bootstrapd.nix>
|
services.toxBootstrapd.port
Listening port (UDP).
Type: signed integer
Default:
33445
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-bootstrapd.nix>
|
services.toxvpn.enable
Whether to enable enable toxvpn running on startup.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/toxvpn.nix>
|
services.toxvpn.auto_add_peers
peers to automacally connect to on startup
Type: list of strings
Default:
[
]
Example:
''[ "toxid1" "toxid2" ]''
Declared by:
<nixpkgs/nixos/modules/services/networking/toxvpn.nix>
|
services.toxvpn.localip
your ip on the vpn
Type: string
Default:
"10.123.123.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/toxvpn.nix>
|
services.toxvpn.port
udp port for toxcore, port-forward to help with connectivity if you run many nodes behind one NAT
Type: signed integer
Default:
33445
Declared by:
<nixpkgs/nixos/modules/services/networking/toxvpn.nix>
|
services.traefik.enable
Whether to enable Traefik web server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/traefik.nix>
|
services.traefik.package
Traefik package to use.
Type: package
Default:
"pkgs.traefik"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/traefik.nix>
|
services.traefik.configFile
Path to verbatim traefik.toml to use.
(Using that option has precedence over configOptions
)
Type: null or path
Default:
null
Example:
/path/to/config.toml
Declared by:
<nixpkgs/nixos/modules/services/web-servers/traefik.nix>
|
services.traefik.configOptions
Config for Traefik.
Type: attribute set
Default:
{
defaultEntryPoints =
[
"http"
]
; entryPoints =
{
http =
{
address = ":80";
}
;
}
;
}
Example:
{
backends =
{
backend1 =
{
servers =
{
server1 =
{
url = "http://localhost:8000";
}
;
}
;
}
;
}
; defaultEntrypoints =
[
"http"
]
; entryPoints =
{
http =
{
address = ":80";
}
;
}
; file =
{
}
; frontends =
{
frontend1 =
{
backend = "backend1"; routes =
{
test_1 =
{
rule = "Host:localhost";
}
;
}
;
}
;
}
; web =
{
address = ":8080";
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/web-servers/traefik.nix>
|
services.traefik.dataDir
Location for any persistent data traefik creates, ie. acme
Type: path
Default:
"/var/lib/traefik"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/traefik.nix>
|
services.traefik.group
Set the group that traefik runs under.
For the docker backend this needs to be set to docker
instead.
Type: string
Default:
"traefik"
Example:
"docker"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/traefik.nix>
|
services.transmission.enable
Whether or not to enable the headless Transmission BitTorrent daemon.
Transmission daemon can be controlled via the RPC interface using transmission-remote or the WebUI (http://localhost:9091/ by default).
Torrents are downloaded to /var/lib/transmission/Downloads by default and are accessible to users in the "transmission" group.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.home
The directory where transmission will create files.
Type: path
Default:
"/var/lib/transmission"
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.port
TCP port number to run the RPC/web interface.
Type: signed integer
Default:
9091
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.settings
Attribute set whos fields overwrites fields in settings.json (each time the service starts). String values must be quoted, integer and boolean values must not.
See https://github.com/transmission/transmission/wiki/Editing-Configuration-Files for documentation.
Type: attribute set
Default:
{
download-dir = "/var/lib/transmission/Downloads"; incomplete-dir = "/var/lib/transmission/.incomplete"; incomplete-dir-enabled = true;
}
Example:
{
download-dir = "/srv/torrents/"; incomplete-dir = "/srv/torrents/.incomplete/"; incomplete-dir-enabled = true; rpc-whitelist = "127.0.0.1,192.168.*.*";
}
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.trezord.enable
Enable Trezor bridge daemon, for use with Trezor hardware bitcoin wallets.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/trezord.nix>
|
services.tt-rss.enable
Whether to enable tt-rss.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.enableGZipOutput
Selectively gzip output to improve wire performance. This requires PHP Zlib extension on the server. Enabling this can break tt-rss in several httpd/php configurations, if you experience weird errors and tt-rss failing to start, blank pages after login, or content encoding errors, disable it.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.auth.autoCreate
Allow authentication modules to auto-create users in tt-rss internal database when authenticated successfully.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.auth.autoLogin
Automatically login user on remote or other kind of externally supplied authentication, otherwise redirect to login form as normal. If set to true, users won't be able to set application language and settings profile.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.checkForUpdates
Check for updates automatically if running Git version
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.database.host
Host of the database. Leave null to use Unix domain socket.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.database.name
Name of the existing database.
Type: string
Default:
"tt_rss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.database.password
The database user's password.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.database.port
The database's port. If not set, the default ports will be provided (5432 and 3306 for pgsql and mysql respectively).
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.database.type
Database to store feeds. Supported are pgsql and mysql.
Type: one of "pgsql", "mysql"
Default:
"pgsql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.database.user
The database user. The user must exist and has access to the specified database.
Type: string
Default:
"tt_rss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.email.digestSubject
Subject line for email digests.
Type: string
Default:
"[tt-rss] New headlines for last 24 hours"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.email.fromAddress
Address for sending outgoing mail. This applies to password reset notifications, digest emails and any other mail.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.email.fromName
Name for sending outgoing mail. This applies to password reset notifications, digest emails and any other mail.
Type: string
Default:
"Tiny Tiny RSS"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.email.login
SMTP authentication login used when sending outgoing mail.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.email.password
SMTP authentication password used when sending outgoing mail.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.email.security
Used to select a secure SMTP connection. Allowed values: ssl, tls, or empty.
Type: one of "", "ssl", "tls"
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.email.server
Hostname:port combination to send outgoing mail. Blank - use system MTA.
Type: string
Default:
""
Example:
"localhost:25"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.extraConfig
Additional lines to append to config.php
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.feedCryptKey
Key used for encryption of passwords for password-protected feeds in the database. A string of 24 random characters. If left blank, encryption is not used. Requires mcrypt functions. Warning: changing this key will make your stored feed passwords impossible to decrypt.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.forceArticlePurge
When this option is not 0, users ability to control feed purging intervals is disabled and all articles (which are not starred) older than this amount of days are purged.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.logDestination
Log destination to use. Possible values: sql (uses internal logging you can read in Preferences -> System), syslog - logs to system log. Setting this to blank uses PHP logging (usually to http server error.log).
Type: one of "", "sql", "syslog"
Default:
"sql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.pluginPackages
List of plugins to install. The list elements are expected to
be derivations. All elements in this derivation are automatically
copied to the plugins.local
directory.
Type: list of packages
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.plugins
List of plugins to load automatically for all users. System plugins have to be specified here. Please enable at least one authentication plugin here (auth_*). Users may enable other user plugins from Preferences/Plugins but may not disable plugins specified in this list. Disabling auth_internal in this list would automatically disable reset password link on the login form.
Type: list of strings
Default:
[
"auth_internal" "note"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.pool
Name of existing phpfpm pool that is used to run web-application. If not specified a pool will be created automatically with default values.
Type: string
Default:
"tt-rss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.pubSubHubbub.enable
Enable client PubSubHubbub support in tt-rss. When disabled, tt-rss won't try to subscribe to PUSH feed updates.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.pubSubHubbub.hub
URL to a PubSubHubbub-compatible hub server. If defined, "Published articles" generated feed would automatically become PUSH-enabled.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.registration.enable
Allow users to register themselves. Please be aware that allowing random people to access your tt-rss installation is a security risk and potentially might lead to data loss or server exploit. Disabled by default.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.registration.maxUsers
Maximum amount of users which will be allowed to register on this system. 0 - no limit.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.registration.notifyAddress
Email address to send new user notifications to.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.root
Root of the application.
Type: path
Default:
"/var/lib/tt-rss"
Example:
"/var/lib/tt-rss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.selfUrlPath
Full URL of your tt-rss installation. This should be set to the location of tt-rss directory, e.g. http://example.org/tt-rss/ You need to set this option correctly otherwise several features including PUSH, bookmarklets and browser integration will not work properly.
Type: string
Example:
"http://localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.sessionCookieLifetime
Default lifetime of a session (e.g. login) cookie. In seconds, 0 means cookie will be deleted when browser closes.
Type: signed integer
Default:
86400
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.simpleUpdateMode
Enables fallback update mode where tt-rss tries to update feeds in background while tt-rss is open in your browser. If you don't have a lot of feeds and don't want to or can't run background processes while not running tt-rss, this method is generally viable to keep your feeds up to date. Still, there are more robust (and recommended) updating methods available, you can read about them here: http://tt-rss.org/wiki/UpdatingFeeds
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.singleUserMode
Operate in single user mode, disables all functionality related to multiple users and authentication. Enabling this assumes you have your tt-rss directory protected by other means (e.g. http auth).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.sphinx.index
Index names in Sphinx configuration. Example configuration files are available on tt-rss wiki.
Type: list of strings
Default:
[
"ttrss" "delta"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.sphinx.server
Hostname:port combination for the Sphinx server.
Type: string
Default:
"localhost:9312"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.themePackages
List of themes to install. The list elements are expected to
be derivations. All elements in this derivation are automatically
copied to the themes.local
directory.
Type: list of packages
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.user
User account under which both the update daemon and the web-application run.
Type: string
Default:
"tt_rss"
Example:
"tt_rss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.virtualHost
Name of the nginx virtualhost to use and setup. If null, do not setup any virtualhost.
Type: null or string
Default:
"tt-rss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tvheadend.enable
Whether to enable Tvheadend.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/tvheadend.nix>
|
services.tvheadend.htspPort
Port to bind HTSP to.
Type: signed integer
Default:
9982
Declared by:
<nixpkgs/nixos/modules/services/networking/tvheadend.nix>
|
services.tvheadend.httpPort
Port to bind HTTP to.
Type: signed integer
Default:
9981
Declared by:
<nixpkgs/nixos/modules/services/networking/tvheadend.nix>
|
services.tzupdate.enable
Enable the tzupdate timezone updating service. This provides a one-shot service which can be activated with systemctl to update the timezone.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/tzupdate.nix>
|
services.u9fs.enable
Whether to run the u9fs 9P server for Unix.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/u9fs.nix>
|
services.u9fs.extraArgs
Extra arguments to pass on invocation, see man 4 u9fs
Type: string
Default:
""
Example:
"-a none"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/u9fs.nix>
|
services.u9fs.listenStreams
Sockets to listen for clients on. See man 5 systemd.socket for socket syntax.
Type: list of strings
Default:
[
"564"
]
Example:
[
"192.168.16.1:564"
]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/u9fs.nix>
|
services.u9fs.user
User to run u9fs under.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/u9fs.nix>
|
services.udev.packages
List of packages containing udev rules.
All files found in
and
pkg
/etc/udev/rules.d
will be included.
pkg
/lib/udev/rules.d
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
services.udev.extraHwdb
Additional hwdb files. They'll be written
into file 10-local.hwdb
. Thus they are
read before all other files.
Type: string
Default:
""
Example:
'' evdev:input:b0003v05AFp8277* KEYBOARD_KEY_70039=leftalt KEYBOARD_KEY_700e2=leftctrl ''
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
services.udev.extraRules
Additional udev rules. They'll be written
into file 99-local.rules
. Thus they are
read and applied after all other rules.
Type: string
Default:
""
Example:
'' KERNEL=="eth*", ATTR{address}=="00:1D:60:B9:6D:4F", NAME="my_fast_network_card" ''
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
services.udev.path
Packages added to the PATH
environment variable when
executing programs from Udev rules.
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
services.udisks2.enable
Whether to enable Udisks, a DBus service that allows applications to query and manipulate storage devices.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/udisks2.nix>
|
services.uhub.enable
Whether to enable the uhub ADC hub.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.uhub.enableTLS
Whether to enable TLS support.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.uhub.aclConfig
Contents of user ACL configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.uhub.address
Address to bind the hub to.
Type: string
Default:
"any"
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.uhub.hubConfig
Contents of uhub configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.uhub.plugins.authSqlite.enable
Whether to enable the Sqlite authentication database plugin
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.uhub.plugins.authSqlite.file
Path to user database. Use the uhub-passwd utility to create the database and add/remove users.
Type: string
Example:
"/var/db/uhub-users"
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.uhub.plugins.history.enable
Whether to enable the history plugin.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.uhub.plugins.history.connect
The number of chat history messages to send when users connect (0 = do not send any history).
Type: signed integer
Default:
5
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.uhub.plugins.history.default
When !history is provided without arguments, then this default number of messages are returned.
Type: signed integer
Default:
10
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.uhub.plugins.history.max
The maximum number of messages to keep in history
Type: signed integer
Default:
200
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.uhub.plugins.logging.enable
Whether to enable the logging plugin.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.uhub.plugins.logging.file
Path of log file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.uhub.plugins.logging.syslog
If true then the system log is used instead of writing to file.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.uhub.plugins.welcome.enable
Whether to enable the welcome plugin.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.uhub.plugins.welcome.motd
Welcome message displayed to clients after connecting
and with the !motd
command.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.uhub.plugins.welcome.rules
Rules message, displayed to clients with the !rules
command.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.uhub.port
TCP port to bind the hub to.
Type: signed integer
Default:
1511
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.unbound.enable
Whether to enable Unbound domain name server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
|
services.unbound.enableRootTrustAnchor
Use and update root trust anchor for DNSSEC validation.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
|
services.unbound.allowedAccess
What networks are allowed to use unbound as a resolver.
Type: list of strings
Default:
[
"127.0.0.0/24"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
|
services.unbound.extraConfig
Extra unbound config. See unbound.conf(8 ).
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
|
services.unbound.forwardAddresses
What servers to forward queries to.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
|
services.unbound.interfaces
What addresses the server should listen on.
Type: list of strings
Default:
[
"127.0.0.1" "::1"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
|
services.unclutter.enable
Enable unclutter to hide your mouse cursor when inactive
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter.nix>
|
services.unclutter.package
unclutter derivation to use.
Type: package
Default:
"pkgs.unclutter"
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter.nix>
|
services.unclutter.excluded
Names of windows where unclutter should not apply
Type: list of strings
Default:
[
]
Example:
[
""
]
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter.nix>
|
services.unclutter.extraOptions
More arguments to pass to the unclutter command
Type: list of strings
Default:
[
]
Example:
[
"noevent" "grab"
]
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter.nix>
|
services.unclutter.keystroke
Wait for a keystroke before hiding the cursor
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter.nix>
|
services.unclutter.threeshold
Minimum number of pixels considered cursor movement
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter.nix>
|
services.unclutter.timeout
Number of seconds before the cursor is marked inactive
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter.nix>
|
services.unclutter-xfixes.enable
Enable unclutter-xfixes to hide your mouse cursor when inactive.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter-xfixes.nix>
|
services.unclutter-xfixes.package
unclutter-xfixes derivation to use.
Type: package
Default:
"pkgs.unclutter-xfixes"
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter-xfixes.nix>
|
services.unclutter-xfixes.extraOptions
More arguments to pass to the unclutter-xfixes command.
Type: list of strings
Default:
[
]
Example:
[
"exclude-root" "ignore-scrolling" "fork"
]
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter-xfixes.nix>
|
services.unclutter-xfixes.threshold
Minimum number of pixels considered cursor movement.
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter-xfixes.nix>
|
services.unclutter-xfixes.timeout
Number of seconds before the cursor is marked inactive.
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter-xfixes.nix>
|
services.undervolt.enable
Whether to undervolt intel cpus.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.undervolt.package
undervolt derivation to use.
Type: package
Default:
"pkgs.undervolt"
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.undervolt.analogioOffset
The amount of voltage to offset analogio by. Accepts a floating point number.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.undervolt.coreOffset
The amount of voltage to offset the CPU cores by. Accepts a floating point number.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.undervolt.gpuOffset
The amount of voltage to offset the GPU by. Accepts a floating point number.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.undervolt.temp
The temperature target. Accepts a floating point number.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.undervolt.tempAc
The temperature target on AC power. Accepts a floating point number.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.undervolt.tempBat
The temperature target on battery power. Accepts a floating point number.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.undervolt.uncoreOffset
The amount of voltage to offset uncore by. Accepts a floating point number.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.undervolt.verbose
Whether to enable verbose logging.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.unifi.enable
Whether or not to enable the unifi controller service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/unifi.nix>
|
services.unifi.dataDir
Where to store the database and other data.
This directory will be bind-mounted to /var/lib/unifi/data as part of the service startup.
Type: string
Default:
"/var/lib/unifi/data"
Declared by:
<nixpkgs/nixos/modules/services/networking/unifi.nix>
|
services.unifi.initialJavaHeapSize
Set the initial heap size for the JVM in MB. If this option isn't set, the JVM will decide this value at runtime.
Type: null or signed integer
Default:
null
Example:
1024
Declared by:
<nixpkgs/nixos/modules/services/networking/unifi.nix>
|
services.unifi.jrePackage
The JRE package to use. Check the release notes to ensure it is supported.
Type: package
Default:
"pkgs.jre8"
Declared by:
<nixpkgs/nixos/modules/services/networking/unifi.nix>
|
services.unifi.maximumJavaHeapSize
Set the maximimum heap size for the JVM in MB. If this option isn't set, the JVM will decide this value at runtime.
Type: null or signed integer
Default:
null
Example:
4096
Declared by:
<nixpkgs/nixos/modules/services/networking/unifi.nix>
|
services.unifi.mongodbPackage
The mongodb package to use.
Type: package
Default:
"pkgs.mongodb"
Declared by:
<nixpkgs/nixos/modules/services/networking/unifi.nix>
|
services.unifi.openPorts
Whether or not to open the minimum required ports on the firewall.
This is necessary to allow firmware upgrades and device discovery to work. For remote login, you should additionally open (or forward) port 8443.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/unifi.nix>
|
services.unifi.unifiPackage
The unifi package to use.
Type: package
Default:
"pkgs.unifiLTS"
Declared by:
<nixpkgs/nixos/modules/services/networking/unifi.nix>
|
services.upower.enable
Whether to enable Upower, a DBus service that provides power management support to applications.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
|
services.upower.package
Which upower package to use.
Type: package
Default:
"pkgs.upower"
Example:
pkgs.upower
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
|
services.uptime.enableSeparateMonitoringService
Whether to enable the uptime monitoring service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
|
services.uptime.enableWebService
Whether to enable the uptime monitoring program web service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
|
services.uptime.configFile
The uptime configuration file
If mongodb: server != localhost, please set usesRemoteMongo = true
If you only want to run the monitor, please set enableWebService = false and enableSeparateMonitoringService = true
If autoStartMonitor: false (recommended) and you want to run both services, please set enableSeparateMonitoringService = true
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
|
services.uptime.nodeEnv
The node environment to run in (development, production, etc.)
Type: string
Default:
"production"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
|
services.uptime.usesRemoteMongo
Whether the configuration file specifies a remote mongo instance
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
|
services.uptimed.enable
Enable uptimed
, allowing you to track
your highest uptimes.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/system/uptimed.nix>
|
services.urxvtd.enable
Enable urxvtd, the urxvt terminal daemon. To use urxvtd, run "urxvtc".
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/urxvtd.nix>
|
services.usbguard.enable
Whether to enable USBGuard daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
|
services.usbguard.IPCAccessControlFiles
The files at this location will be interpreted by the daemon as IPC access control definition files. See the IPC ACCESS CONTROL section in usbguard-daemon.conf(5) for more details.
Type: path
Default:
"/var/lib/usbguard/IPCAccessControl.d/"
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
|
services.usbguard.IPCAllowedGroups
A list of groupnames that the daemon will accept IPC connections from.
Type: list of strings
Default:
[
]
Example:
[
"wheel"
]
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
|
services.usbguard.IPCAllowedUsers
A list of usernames that the daemon will accept IPC connections from.
Type: list of strings
Default:
[
"root"
]
Example:
[
"root" "yourusername"
]
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
|
services.usbguard.auditFilePath
USBGuard audit events log file path.
Type: path
Default:
"/var/log/usbguard/usbguard-audit.log"
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
|
services.usbguard.deviceRulesWithPort
Generate device specific rules including the "via-port" attribute.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
|
services.usbguard.implictPolicyTarget
How to treat USB devices that don't match any rule in the policy. Target should be one of allow, block or reject (logically remove the device node from the system).
Type: one of "allow", "block", "reject", "keep", "apply-policy"
Default:
"block"
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
|
services.usbguard.insertedDevicePolicy
How to treat USB devices that are already connected after the daemon starts. One of block, reject, apply-policy.
Type: one of "allow", "block", "reject", "keep", "apply-policy"
Default:
"apply-policy"
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
|
services.usbguard.presentControllerPolicy
How to treat USB controller devices that are already connected when the daemon starts. One of allow, block, reject, keep or apply-policy.
Type: one of "allow", "block", "reject", "keep", "apply-policy"
Default:
"keep"
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
|
services.usbguard.presentDevicePolicy
How to treat USB devices that are already connected when the daemon starts. Policy should be one of allow, block, reject, keep (keep whatever state the device is currently in) or apply-policy (evaluate the rule set for every present device).
Type: one of "allow", "block", "reject", "keep", "apply-policy"
Default:
"apply-policy"
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
|
services.usbguard.restoreControllerDeviceState
The USBGuard daemon modifies some attributes of controller devices like the default authorization state of new child device instances. Using this setting, you can controll whether the daemon will try to restore the attribute values to the state before modificaton on shutdown.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
|
services.usbguard.ruleFile
The USBGuard daemon will use this file to load the policy rule set from it and to write new rules received via the IPC interface.
Running the command usbguard generate-policy
as
root will generate a config for your currently plugged in devices.
For a in depth guide consult the official documentation.
Setting the rules
option will ignore the
ruleFile
option.
Type: path
Default:
"/var/lib/usbguard/rules.conf"
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
|
services.usbguard.rules
The USBGuard daemon will load this policy rule set. Modifying it via the IPC interface won't work if you use this option, since the contents of this option will be written into the nix-store it will be read-only.
You can still use usbguard generate-policy
to
generate rules, but you would have to insert them here.
Setting the rules
option will ignore the
ruleFile
option.
Type: null or string
Default:
null
Example:
'' allow with-interface equals { 08:*:* } ''
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
|
services.usbmuxd.enable
Enable the usbmuxd ("USB multiplexing daemon") service. This daemon is in charge of multiplexing connections over USB to an iOS device. This is needed for transferring data from and to iOS devices (see ifuse). Also this may enable plug-n-play tethering for iPhones.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/usbmuxd.nix>
|
services.usbmuxd.group
The group usbmuxd should use to run after startup.
Type: string
Default:
"usbmux"
Declared by:
<nixpkgs/nixos/modules/services/hardware/usbmuxd.nix>
|
services.usbmuxd.user
The user usbmuxd should use to run after startup.
Type: string
Default:
"usbmux"
Declared by:
<nixpkgs/nixos/modules/services/hardware/usbmuxd.nix>
|
services.uvcvideo.dynctrl.enable
Whether to enable uvcvideo dynamic controls.
Note that enabling this brings the uvcdynctrl tool into your environement and register all dynamic controls from specified packages to the uvcvideo driver.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/video/uvcvideo/default.nix>
|
services.uvcvideo.dynctrl.packages
List of packages containing uvcvideo dynamic controls
rules. All files found in
will be included.pkg
/share/uvcdynctrl/data
Note that these will serve as input to the libwebcam package which through its own udev rule will register the dynamic controls from specified packages to the uvcvideo driver.
Type: list of paths
Example:
[ pkgs.tiscamera ]
Declared by:
<nixpkgs/nixos/modules/hardware/video/uvcvideo/default.nix>
|
services.uwsgi.enable
Enable uWSGI
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/uwsgi.nix>
|
services.uwsgi.group
Group account under which uwsgi runs.
Type: string
Default:
"uwsgi"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/uwsgi.nix>
|
services.uwsgi.instance
uWSGI configuration. It awaits an attribute type
inside which can be either
normal
or emperor
.
For normal
mode you can specify pythonPackages
as a function
from libraries set into a list of libraries. pythonpath
will be set accordingly.
For emperor
mode, you should use vassals
attribute
which should be either a set of names and configurations or a path to a directory.
Other attributes will be used in configuration file as-is. Notice that you can redefine
plugins
setting here.
Type: attribute set
Default:
{
type = "normal";
}
Example:
{ type = "emperor"; vassals = { moin = { type = "normal"; pythonPackages = self: with self; [ moinmoin ]; socket = "/run/uwsgi/uwsgi.sock"; }; }; }
Declared by:
<nixpkgs/nixos/modules/services/web-servers/uwsgi.nix>
|
services.uwsgi.plugins
Plugins used with uWSGI
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/uwsgi.nix>
|
services.uwsgi.runDir
Where uWSGI communication sockets can live
Type: string
Default:
"/run/uwsgi"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/uwsgi.nix>
|
services.uwsgi.user
User account under which uwsgi runs.
Type: string
Default:
"uwsgi"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/uwsgi.nix>
|
services.varnish.enable
Whether to enable Varnish Server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
|
services.varnish.package
The package to use
Type: package
Default:
"pkgs.varnish5"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
|
services.varnish.config
Verbatim default.vcl configuration.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
|
services.varnish.extraCommandLine
Command line switches for varnishd (run 'varnishd -?' to get list of options)
Type: string
Default:
""
Example:
"-s malloc,256M"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
|
services.varnish.extraModules
Varnish modules (except 'std').
Type: list of packages
Default:
[
]
Example:
[ pkgs.varnish5Packages.geoip ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
|
services.varnish.http_address
HTTP listen address and port.
Type: string
Default:
"*:6081"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
|
services.varnish.stateDir
Directory holding all state for Varnish to run.
Type: path
Default:
"/var/spool/varnish/nixos"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
|
services.vault.enable
Whether to enable Vault daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.vault.package
This option specifies the vault package to use.
Type: package
Default:
"pkgs.vault"
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.vault.address
The name of the ip interface to listen to
Type: string
Default:
"127.0.0.1:8200"
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.vault.extraConfig
Extra text appended to vault.hcl
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.vault.listenerExtraConfig
Extra text appended to the listener section.
Type: string
Default:
'' tls_min_version = "tls12" ''
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.vault.storageBackend
The name of the type of storage backend
Type: one of "inmem", "file", "consul", "zookeeper", "s3", "azure", "dynamodb", "etcd", "mssql", "mysql", "postgresql", "swift", "gcs"
Default:
"inmem"
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.vault.storageConfig
Storage configuration
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.vault.storagePath
Data directory for file backend
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.vault.telemetryConfig
Telemetry configuration
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.vault.tlsCertFile
TLS certificate file. TLS will be disabled unless this option is set
Type: null or string
Default:
null
Example:
"/path/to/your/cert.pem"
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.vault.tlsKeyFile
TLS private key file. TLS will be disabled unless this option is set
Type: null or string
Default:
null
Example:
"/path/to/your/key.pem"
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.venus.enable
Planet Venus is an awesome ‘river of news’ feed reader. It downloads news feeds published by web sites and aggregates their content together into a single combined feed, latest news first.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.venus.cacheDirectory
Where cached feeds are stored.
Type: path
Default:
"/var/cache/venus"
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.venus.dates
Specification (in the format described by systemd.time(7)) of the time at which the Venus will collect feeds.
Type: string
Default:
"*:0/15"
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.venus.feeds
List of feeds.
Type: unspecified
Default:
[
]
Example:
[
{
feedUrl = "http://url/to/rss/feed.xml"; homepageUrl = "http://garbas.si"; name = "Rok Garbas";
}
]
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.venus.group
Group for running venus script.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.venus.itemsPerPage
How many items to put on each page.
Type: signed integer
Default:
15
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.venus.link
Link to the main page.
Type: string
Default:
"http://planet.nixos.org"
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.venus.name
Your planet's name.
Type: string
Default:
"NixOS Planet"
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.venus.outputDirectory
Directory to place output files.
Type: path
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.venus.outputTheme
Directory containing a config.ini file which is merged with this one. This is typically used to specify templating and bill of material information.
Type: path
Default:
"\${pkgs.venus}/themes/classic_fancy"
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.venus.ownerEmail
Your e-mail address.
Type: string
Default:
"some@example.com"
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.venus.ownerName
Your name.
Type: string
Default:
"Rok Garbas"
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.venus.user
User for running venus script.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/programs/venus.nix>
|
services.virtlyst.enable
Whether to enable Virtlyst libvirt web interface.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/virtlyst.nix>
|
services.virtlyst.adminPassword
Initial admin password with which the database will be seeded.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/virtlyst.nix>
|
services.virtlyst.httpSocket
IP and/or port to which to bind the http socket.
Type: string
Default:
"localhost:3000"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/virtlyst.nix>
|
services.virtuoso.enable
Whether to enable Virtuoso Opensource database server.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/virtuoso.nix>
|
services.virtuoso.config
Extra options to put into Virtuoso configuration file.
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/virtuoso.nix>
|
services.virtuoso.dirsAllowed
A list of directories Virtuoso is allowed to access
Type: unspecified
Default:
null
Example:
"/www, /home/"
Declared by:
<nixpkgs/nixos/modules/services/databases/virtuoso.nix>
|
services.virtuoso.httpListenAddress
ip:port or port for Virtuoso HTTP server to listen on.
Type: unspecified
Default:
null
Example:
"myserver:8080"
Declared by:
<nixpkgs/nixos/modules/services/databases/virtuoso.nix>
|
services.virtuoso.listenAddress
ip:port or port to listen on.
Type: unspecified
Default:
"1111"
Example:
"myserver:1323"
Declared by:
<nixpkgs/nixos/modules/services/databases/virtuoso.nix>
|
services.virtuoso.parameters
Extra options to put into [Parameters] section of Virtuoso configuration file.
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/databases/virtuoso.nix>
|
services.vmwareGuest.enable
Whether to enable VMWare Guest Support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/virtualisation/vmware-guest.nix>
|
services.vmwareGuest.headless
Whether to disable X11-related features.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/vmware-guest.nix>
|
services.vnstat.enable
Whether to enable update of network usage statistics via vnstatd.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/vnstat.nix>
|
services.vsftpd.enable
Whether to enable the vsftpd FTP server.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.anonymousMkdirEnable
Whether any uploads are permitted to anonymous users.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.anonymousUmask
Anonymous write umask.
Type: string
Default:
"077"
Example:
"002"
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.anonymousUploadEnable
Whether any uploads are permitted to anonymous users.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.anonymousUser
Whether to enable the anonymous FTP user.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.anonymousUserHome
Directory to consider the HOME of the anonymous user.
Type: path
Default:
"/home/ftp/"
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.anonymousUserNoPassword
Whether to disable the password for the anonymous FTP user.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.chrootlocalUser
Whether local users are confined to their home directory.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.extraConfig
Extra configuration to add at the bottom of the generated configuration file.
Type: string
Default:
""
Example:
"ftpd_banner=Hello"
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.forceLocalDataSSL
Only applies if sslEnable
is true. Non anonymous (local) users
must use a secure SSL connection for sending/receiving data on data connection.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.forceLocalLoginsSSL
Only applies if sslEnable
is true. Non anonymous (local) users
must use a secure SSL connection to send a password.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.localUsers
Whether to enable FTP for local users.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.portPromiscuous
Set to YES if you want to disable the PORT security check that ensures that outgoing data connections can only connect to the client. Only enable if you know what you are doing!
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.rsaCertFile
RSA certificate file.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.rsaKeyFile
RSA private key file.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.ssl_sslv2
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.ssl_sslv3
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.ssl_tlsv1
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.userlist
See userlistFile
.
Type: unspecified
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.userlistDeny
Specifies whether userlistFile
is a list of user
names to allow or deny access.
The default false
means whitelist/allow.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.userlistEnable
Whether users are included.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.userlistFile
Newline separated list of names to be allowed/denied if userlistEnable
is true
. Meaning see userlistDeny
.
The default is a file containing the users from userlist
.
If explicitely set to null userlist_file will not be set in vsftpd's config file.
Type: path
Default:
'' pkgs.writeText "userlist" (concatMapStrings (x: "''${x} ") cfg.userlist)''
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.writeEnable
Whether any write activity is permitted to users.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.wakeonlan.interfaces
Interfaces where to enable Wake-On-LAN, and how. Two methods available: "magicpacket" and "password". The password has the shape of six bytes in hexadecimal separated by a colon each. For more information, check the ethtool manual.
Type: unspecified
Default:
[
]
Example:
[
{
interface = "eth0"; method = "password"; password = "00:11:22:33:44:55";
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/wakeonlan.nix>
|
services.weechat.enable
Whether to enable weechat.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/weechat.nix>
|
services.weechat.binary
Binary to execute (by default ${weechat}/bin/weechat).
Type: unspecified
Default:
"\${pkgs.weechat}/bin/weechat"
Example:
${pkgs.weechat}/bin/weechat-headless
Declared by:
<nixpkgs/nixos/modules/services/misc/weechat.nix>
|
services.weechat.root
Weechat state directory.
Type: string
Default:
"/var/lib/weechat"
Declared by:
<nixpkgs/nixos/modules/services/misc/weechat.nix>
|
services.weechat.sessionName
Name of the `screen' session for weechat.
Type: string
Default:
"weechat-screen"
Declared by:
<nixpkgs/nixos/modules/services/misc/weechat.nix>
|
services.winstone
Defines independent Winstone services, each serving one WAR-file.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/web-servers/winstone.nix>
|
services.winstone.<name>.extraJavaOptions
Extra command line options given to the java process running Winstone.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/winstone.nix>
|
services.winstone.<name>.extraOptions
Extra command line options given to the Winstone process.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/winstone.nix>
|
services.winstone.<name>.group
The group that will own the working directory.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-servers/winstone.nix>
|
services.winstone.<name>.javaPackage
Which Java derivation to use for running Winstone.
Type: package
Default:
"pkgs.jre"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/winstone.nix>
|
services.winstone.<name>.serviceName
The name of the systemd service. By default, it is derived from the winstone instance name.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-servers/winstone.nix>
|
services.winstone.<name>.user
The user that should run this Winstone process and own the working directory.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-servers/winstone.nix>
|
services.winstone.<name>.warFile
The WAR file that Winstone should serve.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-servers/winstone.nix>
|
services.winstone.<name>.workDir
The working directory for this Winstone instance. Will contain extracted webapps etc. The directory will be created if it doesn't exist.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-servers/winstone.nix>
|
services.xbanish.enable
Whether to enable xbanish.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/xbanish.nix>
|
services.xbanish.arguments
Arguments to pass to xbanish command
Type: string
Default:
""
Example:
"-d -i shift"
Declared by:
<nixpkgs/nixos/modules/services/x11/xbanish.nix>
|
services.xe-guest-utilities.enable
Whether to enable Whether to enable the Xen guest utilities daemon..
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/virtualisation/xe-guest-utilities.nix>
|
services.xfs.enable
Whether to enable the X Font Server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/xfs.nix>
|
services.xinetd.enable
Whether to enable the xinetd super-server daemon.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.extraDefaults
Additional configuration lines added to the default section of xinetd's configuration.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.services
A list of services provided by xinetd.
Type: list of submodules
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.services.*.extraConfig
Extra configuration-lines added to the section of the service.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.services.*.flags
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.services.*.name
Name of the service.
Type: string
Example:
"login"
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.services.*.port
Port number of the service.
Type: signed integer
Default:
0
Example:
123
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.services.*.protocol
Protocol of the service. Usually tcp
or udp
.
Type: string
Default:
"tcp"
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.services.*.server
Path of the program that implements the service.
Type: string
Example:
"/foo/bin/ftpd"
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.services.*.serverArgs
Command-line arguments for the server program.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.services.*.unlisted
Whether this server is listed in
/etc/services
. If so, the port
number can be omitted.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.services.*.user
User account for the service
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xl2tpd.enable
Whether to enable Whether xl2tpd should be run on startup..
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/xl2tpd.nix>
|
services.xl2tpd.clientIpRange
The range from which client IPs are drawn.
Type: string
Default:
"10.125.125.2-11"
Declared by:
<nixpkgs/nixos/modules/services/networking/xl2tpd.nix>
|
services.xl2tpd.extraPppdOptions
Adds extra lines to the pppd options file.
Type: string
Default:
""
Example:
'' ms-dns 8.8.8.8 ms-dns 8.8.4.4 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/xl2tpd.nix>
|
services.xl2tpd.extraXl2tpOptions
Adds extra lines to the xl2tpd configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/xl2tpd.nix>
|
services.xl2tpd.serverIp
The server-side IP address.
Type: string
Default:
"10.125.125.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/xl2tpd.nix>
|
services.xmr-stak.enable
Whether to enable xmr-stak miner.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/xmr-stak.nix>
|
services.xmr-stak.configFiles
Content of config files like config.txt, pools.txt or cpu.txt.
Type: attribute set of strings
Default:
{
}
Example:
{ "config.txt" = '' "verbose_level" : 4, "h_print_time" : 60, "tls_secure_algo" : true, ''; "pools.txt" = '' "currency" : "monero7", "pool_list" : [ { "pool_address" : "pool.supportxmr.com:443", "wallet_address" : "my-wallet-address", "rig_id" : "", "pool_password" : "nixos", "use_nicehash" : false, "use_tls" : true, "tls_fingerprint" : "", "pool_weight" : 23 }, ], ''; }
Declared by:
<nixpkgs/nixos/modules/services/misc/xmr-stak.nix>
|
services.xmr-stak.cudaSupport
Whether to enable support for CUDA (NVidia graphics cards).
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/xmr-stak.nix>
|
services.xmr-stak.extraArgs
List of parameters to pass to xmr-stak.
Type: list of strings
Default:
[
]
Example:
[
"--noCPU" "--currency monero"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/xmr-stak.nix>
|
services.xmr-stak.openclSupport
Whether to enable support for OpenCL (AMD/ATI graphics cards).
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/xmr-stak.nix>
|
services.xrdp.enable
Whether to enable Whether xrdp should be run on startup..
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/xrdp.nix>
|
services.xrdp.package
The package to use for the xrdp daemon's binary.
Type: package
Default:
"pkgs.xrdp"
Declared by:
<nixpkgs/nixos/modules/services/networking/xrdp.nix>
|
services.xrdp.defaultWindowManager
The script to run when user log in, usually a window manager, e.g. "icewm", "xfce4-session" This is per-user overridable, if file ~/startwm.sh exists it will be used instead.
Type: string
Default:
"xterm"
Example:
"xfce4-session"
Declared by:
<nixpkgs/nixos/modules/services/networking/xrdp.nix>
|
services.xrdp.port
Specifies on which port the xrdp daemon listens.
Type: signed integer
Default:
3389
Declared by:
<nixpkgs/nixos/modules/services/networking/xrdp.nix>
|
services.xrdp.sslCert
ssl certificate path A self-signed certificate will be generated if file not exists.
Type: string
Default:
"/etc/xrdp/cert.pem"
Example:
"/path/to/your/cert.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/xrdp.nix>
|
services.xrdp.sslKey
ssl private key path A self-signed certificate will be generated if file not exists.
Type: string
Default:
"/etc/xrdp/key.pem"
Example:
"/path/to/your/key.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/xrdp.nix>
|
services.xserver.enable
Whether to enable the X server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.enableCtrlAltBackspace
Whether to enable the DontZap option, which binds Ctrl+Alt+Backspace to forcefully kill X. This can lead to data loss and is disabled by default.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.enableTCP
Whether to allow the X server to accept TCP connections.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.autoRepeatDelay
Sets the autorepeat delay (length of time in milliseconds that a key must be depressed before autorepeat starts).
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.autoRepeatInterval
Sets the autorepeat interval (length of time in milliseconds that should elapse between autorepeat-generated keystrokes).
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.autorun
Whether to start the X server automatically.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.config
The contents of the configuration file of the X server
(xorg.conf
).
Type: string
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.defaultDepth
Default colour depth.
Type: signed integer
Default:
0
Example:
8
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.desktopManager.default
Default desktop manager loaded if none have been chosen.
Type: string
Default:
""
Example:
"none"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/default.nix>
|
services.xserver.desktopManager.enlightenment.enable
Enable the Enlightenment desktop environment.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/enlightenment.nix>
|
services.xserver.desktopManager.gnome3.enable
Enable Gnome 3 desktop manager.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix>
|
services.xserver.desktopManager.gnome3.debug
Whether to enable gnome-session debug messages.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix>
|
services.xserver.desktopManager.gnome3.extraGSettingsOverridePackages
List of packages for which gsettings are overridden.
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix>
|
services.xserver.desktopManager.gnome3.extraGSettingsOverrides
Additional gsettings overrides.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix>
|
services.xserver.desktopManager.gnome3.sessionPath
Additional list of packages to be added to the session search path. Useful for GNOME Shell extensions or GSettings-conditional autostart.
Note that this should be a last resort; patching the package is preferred (see GPaste).
Type: unspecified
Default:
[
]
Example:
[ pkgs.gnome3.gpaste ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix>
|
services.xserver.desktopManager.kodi.enable
Enable the kodi multimedia center.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/kodi.nix>
|
services.xserver.desktopManager.lumina.enable
Enable the Lumina desktop manager
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/lumina.nix>
|
services.xserver.desktopManager.lxqt.enable
Enable the LXQt desktop manager
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/lxqt.nix>
|
services.xserver.desktopManager.mate.enable
Enable the MATE desktop environment
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix>
|
services.xserver.desktopManager.mate.debug
Whether to enable mate-session debug messages.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix>
|
services.xserver.desktopManager.maxx.enable
Whether to enable MaXX desktop environment.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/maxx.nix>
|
services.xserver.desktopManager.plasma5.enable
Enable the Plasma 5 (KDE 5) desktop environment.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix>
|
services.xserver.desktopManager.plasma5.enableQt4Support
Enable support for Qt 4-based applications. Particularly, install a default backend for Phonon.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix>
|
services.xserver.desktopManager.wallpaper.combineScreens
When set to true
the wallpaper will stretch across all screens.
When set to false
the wallpaper is duplicated to all screens.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/default.nix>
|
services.xserver.desktopManager.wallpaper.mode
The file ~/.background-image
is used as a background image.
This option specifies the placement of this image onto your desktop.
Possible values:
center
: Center the image on the background. If it is too small, it will be surrounded by a black border.
fill
: Like scale
, but preserves aspect ratio by zooming the image until it fits. Either a horizontal or a vertical part of the image will be cut off.
max
: Like fill
, but scale the image to the maximum size that fits the screen with black borders on one side.
scale
: Fit the file into the background without repeating it, cutting off stuff or using borders. But the aspect ratio is not preserved either.
tile
: Tile (repeat) the image in case it is too small for the screen.
Type: one of "center", "fill", "max", "scale", "tile"
Default:
"scale"
Example:
"fill"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/default.nix>
|
services.xserver.desktopManager.xfce.enable
Enable the Xfce desktop environment.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix>
|
services.xserver.desktopManager.xfce.enableXfwm
Enable the XFWM (default) window manager.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix>
|
services.xserver.desktopManager.xfce.extraSessionCommands
Shell commands executed just before XFCE is started.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix>
|
services.xserver.desktopManager.xfce.noDesktop
Don't install XFCE desktop components (xfdesktop, panel and notification daemon).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix>
|
services.xserver.desktopManager.xfce.thunarPlugins
A list of plugin that should be installed with Thunar.
Type: list of packages
Default:
[
]
Example:
[ pkgs.xfce.thunar-archive-plugin ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix>
|
services.xserver.desktopManager.xterm.enable
Enable a xterm terminal as a desktop manager.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/xterm.nix>
|
services.xserver.deviceSection
Contents of the first Device section of the X server configuration file.
Type: string
Default:
""
Example:
"VideoRAM 131072"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.display
Display number for the X server.
Type: null or signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.displayManager.auto.enable
Whether to enable the fake "auto" display manager, which
automatically logs in the user specified in the
user
option. This is mostly useful for
automated tests.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/auto.nix>
|
services.xserver.displayManager.auto.user
The user account to login automatically.
Type: unspecified
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/auto.nix>
|
services.xserver.displayManager.extraSessionFilePackages
A list of packages containing xsession files to be passed to the display manager.
Type: list of packages
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.gdm.enable
Whether to enable GDM as the display manager. GDM in NixOS is not well-tested with desktops other than GNOME, so use with caution, as it could render the system unusable. .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix>
|
services.xserver.displayManager.gdm.autoLogin
Auto login configuration attrset.
Type: submodule
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix>
|
services.xserver.displayManager.gdm.autoLogin.enable
Automatically log in as the sepecified autoLogin.user
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix>
|
services.xserver.displayManager.gdm.autoLogin.delay
Seconds of inactivity after which the autologin will be performed.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix>
|
services.xserver.displayManager.gdm.autoLogin.user
User to be used for the autologin.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix>
|
services.xserver.displayManager.gdm.debug
Whether to enable debugging messages in GDM .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix>
|
services.xserver.displayManager.gdm.wayland
Allow GDM run on Wayland instead of Xserver
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix>
|
services.xserver.displayManager.hiddenUsers
A list of users which will not be shown in the display manager.
Type: list of strings
Default:
[
"nobody"
]
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.job.environment
Additional environment variables needed by the display manager.
Type: attribute set of unspecifieds
Default:
{
}
Example:
{
SLIM_CFGFILE = "/etc/slim.conf";
}
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.job.execCmd
Command to start the display manager.
Type: string
Example:
"${pkgs.slim}/bin/slim"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.job.logToFile
Whether the display manager redirects the output of the
session script to ~/.xsession-errors
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.job.logToJournal
Whether the display manager redirects the output of the session script to the systemd journal.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.job.preStart
Script executed before the display manager is started.
Type: string
Default:
""
Example:
"rm -f /var/log/my-display-manager.log"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.lightdm.enable
Whether to enable lightdm as the display manager.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
|
services.xserver.displayManager.lightdm.autoLogin
Configuration for automatic login.
Type: submodule
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
|
services.xserver.displayManager.lightdm.autoLogin.enable
Automatically log in as the specified autoLogin.user
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
|
services.xserver.displayManager.lightdm.autoLogin.timeout
Show the greeter for this many seconds before automatic login occurs.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
|
services.xserver.displayManager.lightdm.autoLogin.user
User to be used for the automatic login.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
|
services.xserver.displayManager.lightdm.background
The background image or color to use.
Type: string
Default:
"\${pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom}/share/artwork/gnome/nix-wallpaper-simple-dark-gray_bottom.png"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
|
services.xserver.displayManager.lightdm.extraConfig
Extra lines to append to LightDM section.
Type: string
Default:
""
Example:
'' user-authority-in-system-dir = true ''
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
|
services.xserver.displayManager.lightdm.extraSeatDefaults
Extra lines to append to SeatDefaults section.
Type: string
Default:
""
Example:
'' greeter-show-manual-login=true ''
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
|
services.xserver.displayManager.lightdm.greeter.enable
If set to false, run lightdm in greeterless mode. This only works if autologin is enabled and autoLogin.timeout is zero.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
|
services.xserver.displayManager.lightdm.greeter.package
The LightDM greeter to login via. The package should be a directory containing a .desktop file matching the name in the 'name' option.
Type: package
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
|
services.xserver.displayManager.lightdm.greeter.name
The name of a .desktop file in the directory specified in the 'package' option.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
|
services.xserver.displayManager.lightdm.greeters.gtk.enable
Whether to enable lightdm-gtk-greeter as the lightdm greeter.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
|
services.xserver.displayManager.lightdm.greeters.gtk.clock-format
Clock format string (as expected by strftime, e.g. "%H:%M") to use with the lightdm gtk greeter panel.
If set to null the default clock format is used.
Type: null or string
Default:
null
Example:
"%F"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
|
services.xserver.displayManager.lightdm.greeters.gtk.extraConfig
Extra configuration that should be put in the lightdm-gtk-greeter.conf configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
|
services.xserver.displayManager.lightdm.greeters.gtk.iconTheme.package
The package path that contains the icon theme given in the name option.
Type: package
Default:
"pkgs.gnome3.defaultIconTheme"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
|
services.xserver.displayManager.lightdm.greeters.gtk.iconTheme.name
Name of the icon theme to use for the lightdm-gtk-greeter.
Type: string
Default:
"Adwaita"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
|
services.xserver.displayManager.lightdm.greeters.gtk.indicators
List of allowed indicator modules to use for the lightdm gtk greeter panel.
Built-in indicators include "~a11y", "~language", "~session", "~power", "~clock", "~host", "~spacer". Unity indicators can be represented by short name (e.g. "sound", "power"), service file name, or absolute path.
If set to null the default indicators are used.
Type: null or list of strings
Default:
null
Example:
[
"~host" "~spacer" "~clock" "~spacer" "~session" "~language" "~a11y" "~power"
]
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
|
services.xserver.displayManager.lightdm.greeters.gtk.theme.package
The package path that contains the theme given in the name option.
Type: package
Default:
"pkgs.gnome3.gnome-themes-extra"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
|
services.xserver.displayManager.lightdm.greeters.gtk.theme.name
Name of the theme to use for the lightdm-gtk-greeter.
Type: string
Default:
"Adwaita"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
|
services.xserver.displayManager.lightdm.greeters.mini.enable
Whether to enable lightdm-mini-greeter as the lightdm greeter.
Note that this greeter starts only the default X session.
You can configure the default X session by
services.xserver.desktopManager.default
and
services.xserver.windowManager.default
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/mini.nix>
|
services.xserver.displayManager.lightdm.greeters.mini.extraConfig
Extra configuration that should be put in the lightdm-mini-greeter.conf configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/mini.nix>
|
services.xserver.displayManager.lightdm.greeters.mini.user
The user to login as.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/mini.nix>
|
services.xserver.displayManager.sddm.enable
Whether to enable sddm as the display manager.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
|
services.xserver.displayManager.sddm.enableHidpi
Whether to enable automatic HiDPI mode.
Versions up to 0.17 are broken so this only works from 0.18 onwards.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
|
services.xserver.displayManager.sddm.autoLogin
Configuration for automatic login.
Type: submodule
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
|
services.xserver.displayManager.sddm.autoLogin.enable
Automatically log in as autoLogin.user
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
|
services.xserver.displayManager.sddm.autoLogin.relogin
If true automatic login will kick in again on session exit (logout), otherwise it will only log in automatically when the display-manager is started.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
|
services.xserver.displayManager.sddm.autoLogin.user
User to be used for the automatic login.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
|
services.xserver.displayManager.sddm.autoNumlock
Enable numlock at login.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
|
services.xserver.displayManager.sddm.extraConfig
Extra lines appended to the configuration of SDDM.
Type: string
Default:
""
Example:
'' [Autologin] User=john Session=plasma.desktop ''
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
|
services.xserver.displayManager.sddm.setupScript
A script to execute when starting the display server. DEPRECATED, please
use services.xserver.displayManager.setupCommands
.
Type: string
Default:
""
Example:
'' # workaround for using NVIDIA Optimus without Bumblebee xrandr --setprovideroutputsource modesetting NVIDIA-0 xrandr --auto ''
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
|
services.xserver.displayManager.sddm.stopScript
A script to execute when stopping the display server.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
|
services.xserver.displayManager.sddm.theme
Greeter theme to use.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
|
services.xserver.displayManager.session
List of sessions supported with the command used to start each
session. Each session script can set the
waitPID
shell variable to make this script
wait until the end of the user session. Each script is used
to define either a window manager or a desktop manager. These
can be differentiated by setting the attribute
manage
either to "window"
or "desktop"
.
The list of desktop manager and window manager should appear inside the display manager with the desktop manager name followed by the window manager name.
Type: unspecified
Default:
[
]
Example:
[ { manage = "desktop"; name = "xterm"; start = '' ${pkgs.xterm}/bin/xterm -ls & waitPID=$! ''; } ]
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.sessionCommands
Shell commands executed just before the window or desktop manager is started.
Type: string
Default:
""
Example:
'' xmessage "Hello World!" & ''
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.setupCommands
Shell commands executed just after the X server has started.
This option is only effective for display managers for which this feature is supported; currently these are LightDM, GDM and SDDM.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.slim.enable
Whether to enable SLiM as the display manager.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/slim.nix>
|
services.xserver.displayManager.slim.autoLogin
Automatically log in as the default user.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/slim.nix>
|
services.xserver.displayManager.slim.consoleCmd
The command to run when "console" is given as the username.
Type: null or string
Default:
'' ''${pkgs.xterm}/bin/xterm -C -fg white -bg black +sb -T "Console login" -e ''${pkgs.shadow}/bin/login ''
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/slim.nix>
|
services.xserver.displayManager.slim.defaultUser
The default user to load. If you put a username here you get it automatically loaded into the username field, and the focus is placed on the password.
Type: null or string
Default:
null
Example:
"login"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/slim.nix>
|
services.xserver.displayManager.slim.extraConfig
Extra configuration options for SLiM login manager. Do not add options that can be configured directly.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/slim.nix>
|
services.xserver.displayManager.slim.theme
The theme for the SLiM login manager. If not specified, SLiM's default theme is used. See http://slim.berlios.de/themes01.php for a collection of themes. TODO: berlios shut down.
Type: null or path
Default:
'' pkgs.fetchurl { url = "https://github.com/jagajaga/nixos-slim-theme/archive/2.0.tar.gz"; sha256 = "0lldizhigx7bjhxkipii87y432hlf5wdvamnfxrryf9z7zkfypc8"; }''
Example:
pkgs.fetchurl { url = "mirror://sourceforge/slim.berlios/slim-wave.tar.gz"; sha256 = "0ndr419i5myzcylvxb89m9grl2xyq6fbnyc3lkd711mzlmnnfxdy"; }
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/slim.nix>
|
services.xserver.displayManager.xpra.enable
Whether to enable xpra as display manager.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix>
|
services.xserver.displayManager.xpra.auth
Authentication to use when connecting to xpra
Type: string
Default:
"pam"
Example:
"password:value=mysecret"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix>
|
services.xserver.displayManager.xpra.bindTcp
Bind xpra to TCP
Type: null or string
Default:
"127.0.0.1:10000"
Example:
"0.0.0.0:10000"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix>
|
services.xserver.displayManager.xpra.extraOptions
Extra xpra options
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix>
|
services.xserver.displayManager.xpra.pulseaudio
Whether to enable pulseaudio audio streaming..
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix>
|
services.xserver.displayManager.xserverArgs
List of arguments for the X server.
Type: list of strings
Default:
[
]
Example:
[
"-ac" "-logverbose" "-verbose" "-nolisten tcp"
]
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.xserverBin
Path to the X server used by display managers.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.dpi
DPI resolution to use for X server.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.exportConfiguration
Whether to symlink the X server configuration under
/etc/X11/xorg.conf
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.extraConfig
Additional contents (sections) included in the X server configuration file
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.extraDisplaySettings
Lines to be added to every Display subsection of the Screen section.
Type: string
Default:
""
Example:
"Virtual 2048 2048"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.inputClassSections
Content of additional InputClass sections of the X server configuration file.
Type: list of strings
Default:
[
]
Example:
[ '' Identifier "Trackpoint Wheel Emulation" MatchProduct "ThinkPad USB Keyboard with TrackPoint" Option "EmulateWheel" "true" Option "EmulateWheelButton" "2" Option "Emulate3Buttons" "false" '' ]
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.layout
Keyboard layout, or multiple keyboard layouts separated by commas.
Type: string
Default:
"us"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.libinput.enable
Whether to enable libinput.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.accelProfile
Sets the pointer acceleration profile to the given profile.
Permitted values are adaptive, flat.
Not all devices support this option or all profiles.
If a profile is unsupported, the default profile for this is used.
flat
: Pointer motion is accelerated by a constant
(device-specific) factor, depending on the current speed.
adaptive
: Pointer acceleration depends on the input speed.
This is the default profile for most devices.
Type: one of "flat", "adaptive"
Default:
"adaptive"
Example:
"flat"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.accelSpeed
Cursor acceleration (how fast speed increases from minSpeed to maxSpeed).
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.additionalOptions
Additional options for libinput touchpad driver.
Type: string
Default:
""
Example:
'' Option "DragLockButtons" "L1 B1 L2 B2" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.buttonMapping
Sets the logical button mapping for this device, see XSetPointerMapping(3). The string must be a space-separated list of button mappings in the order of the logical buttons on the device, starting with button 1. The default mapping is "1 2 3 ... 32". A mapping of 0 deac‐ tivates the button. Multiple buttons can have the same mapping. Invalid mapping strings are discarded and the default mapping is used for all buttons. Buttons not specified in the user's mapping use the default mapping. See section BUTTON MAPPING for more details.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.calibrationMatrix
A string of 9 space-separated floating point numbers. Sets the calibration matrix to the 3x3 matrix where the first row is (abc), the second row is (def) and the third row is (ghi).
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.clickMethod
Enables a click method. Permitted values are none
,
buttonareas
, clickfinger
.
Not all devices support all methods, if an option is unsupported,
the default click method for this device is used.
Type: null or one of "none", "buttonareas", "clickfinger"
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.dev
Path for touchpad device. Set to null to apply to any auto-detected touchpad.
Type: null or string
Default:
null
Example:
"/dev/input/event0"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.disableWhileTyping
Disable input method while typing.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.horizontalScrolling
Disables horizontal scrolling. When disabled, this driver will discard any horizontal scroll events from libinput. Note that this does not disable horizontal scrolling, it merely discards the horizontal axis from any scroll events.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.leftHanded
Enables left-handed button orientation, i.e. swapping left and right buttons.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.middleEmulation
Enables middle button emulation. When enabled, pressing the left and right buttons simultaneously produces a middle mouse button click.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.naturalScrolling
Enables or disables natural scrolling behavior.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.scrollButton
Designates a button as scroll button. If the ScrollMethod is button and the button is logically held down, x/y axis movement is converted into scroll events.
Type: null or signed integer
Default:
null
Example:
1
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.scrollMethod
Specify the scrolling method: twofinger
, edge
,
or none
Type: one of "twofinger", "edge", "button", "none"
Default:
"twofinger"
Example:
"edge"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.sendEventsMode
Sets the send events mode to disabled
, enabled
,
or disabled-on-external-mouse
Type: one of "disabled", "enabled", "disabled-on-external-mouse"
Default:
"enabled"
Example:
"disabled"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.tapping
Enables or disables tap-to-click behavior.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.tappingDragLock
Enables or disables drag lock during tapping behavior. When enabled, a finger up during tap- and-drag will not immediately release the button. If the finger is set down again within the timeout, the draging process continues.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.moduleSection
Contents of the Module section of the X server configuration file.
Type: string
Default:
""
Example:
'' SubSection "extmod" EndSubsection ''
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.modules
Packages to be added to the module search path of the X server.
Type: list of paths
Default:
[
]
Example:
[ pkgs.xf86_input_wacom ]
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.monitorSection
Contents of the first Monitor section of the X server configuration file.
Type: string
Default:
""
Example:
"HorizSync 28-49"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.multitouch.enable
Whether to enable multitouch touchpad support.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/multitouch.nix>
|
services.xserver.multitouch.additionalOptions
Additional options for mtrack touchpad driver.
Type: string
Default:
""
Example:
'' Option "ScaleDistance" "50" Option "RotateDistance" "60" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/multitouch.nix>
|
services.xserver.multitouch.buttonsMap
Remap touchpad buttons.
Type: list of signed integers
Default:
[
3 2 0
]
Example:
[
1 3 2
]
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/multitouch.nix>
|
services.xserver.multitouch.ignorePalm
Whether to ignore touches detected as being the palm (i.e when typing)
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/multitouch.nix>
|
services.xserver.multitouch.invertScroll
Whether to invert scrolling direction à la OSX Lion
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/multitouch.nix>
|
services.xserver.multitouch.tapButtons
Whether to enable tap buttons.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/multitouch.nix>
|
services.xserver.resolutions
The screen resolutions for the X server. The first element is the default resolution. If this list is empty, the X server will automatically configure the resolution.
Type: list of attribute sets
Default:
[
]
Example:
[
{
x = 1600; y = 1200;
}
{
x = 1024; y = 786;
}
]
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.screenSection
Contents of the first Screen section of the X server configuration file.
Type: string
Default:
""
Example:
'' Option "RandRRotation" "on" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.serverFlagsSection
Contents of the ServerFlags section of the X server configuration file.
Type: unspecified
Default:
""
Example:
'' Option "BlankTime" "0" Option "StandbyTime" "0" Option "SuspendTime" "0" Option "OffTime" "0" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.serverLayoutSection
Contents of the ServerLayout section of the X server configuration file.
Type: string
Default:
""
Example:
'' Option "AIGLX" "true" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.startDbusSession
Whether to start a new DBus session when you log in with dbus-launch.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.synaptics.enable
Whether to enable touchpad support. Deprecated: Consider services.xserver.libinput.enable.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.accelFactor
Cursor acceleration (how fast speed increases from minSpeed to maxSpeed).
Type: null or string
Default:
"0.001"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.additionalOptions
Additional options for synaptics touchpad driver.
Type: string
Default:
""
Example:
'' Option "RTCornerButton" "2" Option "RBCornerButton" "3" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.buttonsMap
Remap touchpad buttons.
Type: list of signed integers
Default:
[
1 2 3
]
Example:
[
1 3 2
]
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.dev
Path for touchpad device. Set to null to apply to any auto-detected touchpad.
Type: null or string
Default:
null
Example:
"/dev/input/event0"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.fingersMap
Remap several-fingers taps.
Type: list of signed integers
Default:
[
1 2 3
]
Example:
[
1 3 2
]
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.horizEdgeScroll
Whether to enable horizontal edge drag-scrolling.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.horizTwoFingerScroll
Whether to enable horizontal two-finger drag-scrolling.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.horizontalScroll
Whether to enable horizontal scrolling (on touchpad)
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.maxSpeed
Cursor speed factor for highest-speed finger motion.
Type: null or string
Default:
"1.0"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.minSpeed
Cursor speed factor for precision finger motion.
Type: null or string
Default:
"0.6"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.palmDetect
Whether to enable palm detection (hardware support required)
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.palmMinWidth
Minimum finger width at which touch is considered a palm
Type: null or signed integer
Default:
null
Example:
5
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.palmMinZ
Minimum finger pressure at which touch is considered a palm
Type: null or signed integer
Default:
null
Example:
20
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.scrollDelta
Move distance of the finger for a scroll event.
Type: null or signed integer
Default:
null
Example:
75
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.tapButtons
Whether to enable tap buttons.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.twoFingerScroll
Whether to enable two-finger drag-scrolling. Overridden by horizTwoFingerScroll and vertTwoFingerScroll.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.vertEdgeScroll
Whether to enable vertical edge drag-scrolling.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.vertTwoFingerScroll
Whether to enable vertical two-finger drag-scrolling.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.terminateOnReset
Whether to terminate X upon server reset.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.tty
Virtual console for the X server.
Type: null or signed integer
Default:
7
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.updateDbusEnvironment
Whether to update the DBus activation environment after launching the desktop manager.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.useGlamor
Whether to use the Glamor module for 2D acceleration, if possible.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.useXFS
Determines how to connect to the X Font Server.
Type: unspecified
Default:
false
Example:
"unix/:7100"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.verbose
Controls verbosity of X logging.
Type: null or signed integer
Default:
3
Example:
7
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.videoDriver
The name of the video driver for your graphics card. This
option is obsolete; please set the
services.xserver.videoDrivers
instead.
Type: null or string
Default:
null
Example:
"i810"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.videoDrivers
The names of the video drivers the configuration supports. They will be tried in order until one that supports your card is found.
Type: list of strings
Default:
[
"ati" "cirrus" "intel" "vesa" "vmware" "modesetting"
]
Example:
[
"ati_unfree" "amdgpu" "amdgpu-pro" "nv" "nvidia" "nvidiaLegacy340" "nvidiaLegacy304"
]
Related packages:
amdgpu aka pkgs.xorg.xf86videoamdgpu (xf86-video-amdgpu-1.4.0)
: ???.
ark aka pkgs.xorg.xf86videoark (xf86-video-ark-0.7.5)
[UNAVAILABLE]: ???.
ast aka pkgs.xorg.xf86videoast (xf86-video-ast-1.1.5)
: ???.
ati aka pkgs.xorg.xf86videoati (xf86-video-ati-18.0.1)
: ???.
chips aka pkgs.xorg.xf86videochips (xf86-video-chips-1.2.7)
: ???.
cirrus aka pkgs.xorg.xf86videocirrus (xf86-video-cirrus-1.5.3)
: ???.
dummy aka pkgs.xorg.xf86videodummy (xf86-video-dummy-0.3.8)
: ???.
fbdev aka pkgs.xorg.xf86videofbdev (xf86-video-fbdev-0.4.4)
: ???.
geode aka pkgs.xorg.xf86videogeode (xf86-video-geode-2.11.17)
[UNAVAILABLE]: ???.
glide aka pkgs.xorg.xf86videoglide (xf86-video-glide-1.2.2)
[UNAVAILABLE]: ???.
glint aka pkgs.xorg.xf86videoglint (xf86-video-glint-1.2.9)
: ???.
i128 aka pkgs.xorg.xf86videoi128 (xf86-video-i128-1.3.6)
[UNAVAILABLE]: ???.
i740 aka pkgs.xorg.xf86videoi740 (xf86-video-i740-1.3.6)
: ???.
intel aka pkgs.xorg.xf86videointel (xf86-video-intel-2017-10-19)
: ???.
mach64 aka pkgs.xorg.xf86videomach64 (xf86-video-mach64-6.9.5)
: ???.
mga aka pkgs.xorg.xf86videomga (xf86-video-mga-1.6.5)
: ???.
neomagic aka pkgs.xorg.xf86videoneomagic (xf86-video-neomagic-1.2.9)
: ???.
newport aka pkgs.xorg.xf86videonewport (xf86-video-newport-0.2.4)
[UNAVAILABLE]: ???.
nouveau aka pkgs.xorg.xf86videonouveau (xf86-video-nouveau-1.0.15)
: ???.
nv aka pkgs.xorg.xf86videonv (xf86-video-nv-2.1.21)
: ???.
openchrome aka pkgs.xorg.xf86videoopenchrome (xf86-video-openchrome-0.6.0)
: ???.
qxl aka pkgs.xorg.xf86videoqxl (xf86-video-qxl-0.1.5)
: ???.
r128 aka pkgs.xorg.xf86videor128 (xf86-video-r128-6.10.2)
: ???.
rendition aka pkgs.xorg.xf86videorendition (xf86-video-rendition-4.2.6)
: ???.
s3virge aka pkgs.xorg.xf86videos3virge (xf86-video-s3virge-1.10.7)
: ???.
savage aka pkgs.xorg.xf86videosavage (xf86-video-savage-2.3.9)
: ???.
siliconmotion aka pkgs.xorg.xf86videosiliconmotion (xf86-video-siliconmotion-1.7.9)
: ???.
sis aka pkgs.xorg.xf86videosis (xf86-video-sis-0.10.9)
: ???.
sisusb aka pkgs.xorg.xf86videosisusb (xf86-video-sisusb-0.9.7)
: ???.
suncg6 aka pkgs.xorg.xf86videosuncg6 (xf86-video-suncg6-1.1.2)
: ???.
sunffb aka pkgs.xorg.xf86videosunffb (xf86-video-sunffb-1.2.2)
: ???.
sunleo aka pkgs.xorg.xf86videosunleo (xf86-video-sunleo-1.2.2)
: ???.
tdfx aka pkgs.xorg.xf86videotdfx (xf86-video-tdfx-1.4.7)
: ???.
tga aka pkgs.xorg.xf86videotga (xf86-video-tga-1.2.2)
[UNAVAILABLE]: ???.
trident aka pkgs.xorg.xf86videotrident (xf86-video-trident-1.3.8)
: ???.
v4l aka pkgs.xorg.xf86videov4l (xf86-video-v4l-0.2.0)
[UNAVAILABLE]: ???.
vesa aka pkgs.xorg.xf86videovesa (xf86-video-vesa-2.4.0)
: ???.
vmware aka pkgs.xorg.xf86videovmware (xf86-video-vmware-13.2.1)
: ???.
voodoo aka pkgs.xorg.xf86videovoodoo (xf86-video-voodoo-1.2.5)
[UNAVAILABLE]: ???.
wsfb aka pkgs.xorg.xf86videowsfb (xf86-video-wsfb-0.4.0)
[UNAVAILABLE]: ???.
xgi aka pkgs.xorg.xf86videoxgi (xf86-video-xgi-1.6.1)
: ???.
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.virtualScreen
Virtual screen size for Xrandr.
Type: null or attribute set
Default:
null
Example:
{
x = 2048; y = 2048;
}
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.wacom.enable
Whether to enable the Wacom touchscreen/digitizer/tablet. If you ever have any issues such as, try switching to terminal (ctrl-alt-F1) and back which will make Xorg reconfigure the device ?
If you're not satisfied by the default behaviour you can override
environment.etc."X11/xorg.conf.d/70-wacom.conf"
in
configuration.nix easily.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/wacom.nix>
|
services.xserver.windowManager.2bwm.enable
Whether to enable 2bwm.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/2bwm.nix>
|
services.xserver.windowManager.afterstep.enable
Whether to enable afterstep.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/afterstep.nix>
|
services.xserver.windowManager.awesome.enable
Whether to enable Awesome window manager.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/awesome.nix>
|
services.xserver.windowManager.awesome.package
Package to use for running the Awesome WM.
Type: null or package
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/awesome.nix>
|
services.xserver.windowManager.awesome.luaModules
List of lua packages available for being used in the Awesome configuration.
Type: list of packages
Default:
[
]
Example:
[ luaPackages.oocairo ]
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/awesome.nix>
|
services.xserver.windowManager.awesome.noArgb
Disable client transparency support, which can be greatly detrimental to performance in some setups
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/awesome.nix>
|
services.xserver.windowManager.bspwm.enable
Whether to enable bspwm.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/bspwm.nix>
|
services.xserver.windowManager.bspwm.package
bspwm package to use.
Type: package
Default:
"pkgs.bspwm"
Example:
"pkgs.bspwm-unstable"
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/bspwm.nix>
|
services.xserver.windowManager.bspwm.configFile
Path to the bspwm configuration file. If null, $HOME/.config/bspwm/bspwmrc will be used.
Type: null or path
Default:
null
Example:
"\${pkgs.bspwm}/share/doc/bspwm/examples/bspwmrc"
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/bspwm.nix>
|
services.xserver.windowManager.bspwm.sxhkd.package
sxhkd package to use.
Type: package
Default:
"pkgs.sxhkd"
Example:
"pkgs.sxhkd-unstable"
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/bspwm.nix>
|
services.xserver.windowManager.bspwm.sxhkd.configFile
Path to the sxhkd configuration file. If null, $HOME/.config/sxhkd/sxhkdrc will be used.
Type: null or path
Default:
null
Example:
"\${pkgs.bspwm}/share/doc/bspwm/examples/sxhkdrc"
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/bspwm.nix>
|
services.xserver.windowManager.default
Default window manager loaded if none have been chosen.
Type: string
Default:
"none"
Example:
"wmii"
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/default.nix>
|
services.xserver.windowManager.dwm.enable
Whether to enable dwm.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/dwm.nix>
|
services.xserver.windowManager.evilwm.enable
Whether to enable evilwm.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/evilwm.nix>
|
services.xserver.windowManager.exwm.enable
Whether to enable exwm.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/exwm.nix>
|
services.xserver.windowManager.exwm.enableDefaultConfig
Enable an uncustomised exwm configuration.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/exwm.nix>
|
services.xserver.windowManager.exwm.extraPackages
Extra packages available to Emacs. The value must be a
function which receives the attrset defined in
emacsPackages
as the sole argument.
Type: unspecified
Default:
"<function>"
Example:
epkgs: [ epkgs.emms epkgs.magit epkgs.proofgeneral ]
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/exwm.nix>
|
services.xserver.windowManager.fluxbox.enable
Whether to enable fluxbox.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/fluxbox.nix>
|
services.xserver.windowManager.fvwm.enable
Whether to enable Fvwm window manager.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/fvwm.nix>
|
services.xserver.windowManager.fvwm.gestures
Whether or not to enable libstroke for gesture support
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/fvwm.nix>
|
services.xserver.windowManager.herbstluftwm.enable
Whether to enable herbstluftwm.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/herbstluftwm.nix>
|
services.xserver.windowManager.herbstluftwm.configFile
Path to the herbstluftwm configuration file. If left at the default value, $XDG_CONFIG_HOME/herbstluftwm/autostart will be used.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/herbstluftwm.nix>
|
services.xserver.windowManager.i3.enable
Whether to enable i3 window manager.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/i3.nix>
|
services.xserver.windowManager.i3.package
i3 package to use.
Type: package
Default:
"pkgs.i3"
Example:
"pkgs.i3-gaps"
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/i3.nix>
|
services.xserver.windowManager.i3.configFile
Path to the i3 configuration file. If left at the default value, $HOME/.i3/config will be used.
Type: null or path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/i3.nix>
|
services.xserver.windowManager.i3.extraPackages
Extra packages to be installed system wide.
Type: list of packages
Default:
[
(build of )
(build of i3status-2.12)
(build of i3lock-2.10)
]
Example:
with pkgs; [ dmenu i3status i3lock ]
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/i3.nix>
|
services.xserver.windowManager.i3.extraSessionCommands
Shell commands executed just before i3 is started.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/i3.nix>
|
services.xserver.windowManager.icewm.enable
Whether to enable icewm.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/icewm.nix>
|
services.xserver.windowManager.jwm.enable
Whether to enable jwm.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/jwm.nix>
|
services.xserver.windowManager.metacity.enable
Whether to enable metacity.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/metacity.nix>
|
services.xserver.windowManager.mwm.enable
Whether to enable mwm.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/mwm.nix>
|
services.xserver.windowManager.notion.enable
Whether to enable notion.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/notion.nix>
|
services.xserver.windowManager.openbox.enable
Whether to enable openbox.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/openbox.nix>
|
services.xserver.windowManager.pekwm.enable
Whether to enable pekwm.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/pekwm.nix>
|
services.xserver.windowManager.qtile.enable
Whether to enable qtile.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/qtile.nix>
|
services.xserver.windowManager.ratpoison.enable
Whether to enable ratpoison.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/ratpoison.nix>
|
services.xserver.windowManager.sawfish.enable
Whether to enable sawfish.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/sawfish.nix>
|
services.xserver.windowManager.spectrwm.enable
Whether to enable spectrwm.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/spectrwm.nix>
|
services.xserver.windowManager.stumpwm.enable
Whether to enable stumpwm.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/stumpwm.nix>
|
services.xserver.windowManager.twm.enable
Whether to enable twm.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/twm.nix>
|
services.xserver.windowManager.windowlab.enable
Whether to enable windowlab.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/windowlab.nix>
|
services.xserver.windowManager.windowmaker.enable
Whether to enable windowmaker.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/windowmaker.nix>
|
services.xserver.windowManager.wmii.enable
Whether to enable wmii.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/wmii.nix>
|
services.xserver.windowManager.xmonad.enable
Whether to enable xmonad.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
|
services.xserver.windowManager.xmonad.enableContribAndExtras
Enable xmonad-{contrib,extras} in Xmonad.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
|
services.xserver.windowManager.xmonad.extraPackages
Extra packages available to ghc when rebuilding Xmonad. The
value must be a function which receives the attrset defined
in haskellPackages
as the sole argument.
Type: unspecified
Default:
"self: []"
Example:
haskellPackages: [ haskellPackages.xmonad-contrib haskellPackages.monad-logger ]
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
|
services.xserver.windowManager.xmonad.haskellPackages
haskellPackages used to build Xmonad and other packages.
This can be used to change the GHC version used to build
Xmonad and the packages listed in
extraPackages
.
Type: unspecified
Default:
"pkgs.haskellPackages"
Example:
pkgs.haskell.packages.ghc784
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
|
services.xserver.xautolock.enable
Whether to enable xautolock.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
|
services.xserver.xautolock.enableNotifier
Whether to enable the notifier feature of xautolock. This publishes a notification before the autolock.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
|
services.xserver.xautolock.extraOptions
Additional command-line arguments to pass to xautolock.
Type: list of strings
Default:
[
]
Example:
[
"-detectsleep"
]
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
|
services.xserver.xautolock.killer
The script to use when nothing has happend for as long as killtime
Type: null or string
Default:
null
Example:
"\${pkgs.systemd}/bin/systemctl suspend"
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
|
services.xserver.xautolock.killtime
Minutes xautolock waits until it executes the script specified in killer
(Has to be at least 10 minutes)
Type: signed integer
Default:
20
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
|
services.xserver.xautolock.locker
The script to use when automatically locking the computer.
Type: string
Default:
"\${pkgs.xlockmore}/bin/xlock"
Example:
"\${pkgs.i3lock}/bin/i3lock -i /path/to/img"
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
|
services.xserver.xautolock.notifier
Notification script to be used to warn about the pending autolock.
Type: null or string
Default:
null
Example:
''''${pkgs.libnotify}/bin/notify-send "Locking in 10 seconds"''
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
|
services.xserver.xautolock.notify
Time (in seconds) before the actual lock when the notification about the pending lock should be published.
Type: signed integer
Default:
10
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
|
services.xserver.xautolock.nowlocker
The script to use when manually locking the computer with xautolock -locknow.
Type: null or string
Default:
null
Example:
"\${pkgs.i3lock}/bin/i3lock -i /path/to/img"
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
|
services.xserver.xautolock.time
Idle time to wait until xautolock locks the computer.
Type: signed integer
Default:
15
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
|
services.xserver.xkbDir
Path used for -xkbdir xserver parameter.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.xkbModel
Keyboard model.
Type: string
Default:
"pc104"
Example:
"presario"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.xkbOptions
X keyboard options; layout switching goes here.
Type: string
Default:
"terminate:ctrl_alt_bksp"
Example:
"grp:caps_toggle, grp_led:scroll"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.xkbVariant
X keyboard variant.
Type: string
Default:
""
Example:
"colemak"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.xrandrHeads
Multiple monitor configuration, just specify a list of XRandR outputs. The individual elements should be either simple strings or an attribute set of output options.
If the element is a string, it is denoting the physical output for a
monitor, if it's an attribute set, you must at least provide the
output
option.
The monitors will be mapped from left to right in the order of the list.
By default, the first monitor will be set as the primary monitor if
none of the elements contain an option that has set
primary
to true
.
Only one monitor is allowed to be primary.
Be careful using this option with multiple graphic adapters or with drivers that have poor support for XRandR, unexpected things might happen with those.
Type: list of submodule or string convertible to its
Default:
[
]
Example:
[
"HDMI-0"
{
output = "DVI-0"; primary = true;
}
{
monitorConfig = ''Option "Rotate" "left"''; output = "DVI-1";
}
]
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.xrandrHeads.*.monitorConfig
Extra lines to append to the Monitor
section
verbatim.
Type: string
Default:
""
Example:
'' DisplaySize 408 306 Option "DPMS" "false" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.xrandrHeads.*.output
The output name of the monitor, as shown by xrandr(1) invoked without arguments.
Type: string
Example:
"DVI-0"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.xrandrHeads.*.primary
Whether this head is treated as the primary monitor,
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xtreemfs.enable
Whether to enable XtreemFS.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.dir.enable
Whether to enable XtreemFS DIR service.
Type: unspecified
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.dir.address
If specified, it defines the interface to listen on. If not specified, the service will listen on all interfaces (any).
Type: unspecified
Default:
""
Example:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.dir.extraConfig
Configuration of XtreemFS DIR service. WARNING: configuration is saved as plaintext inside nix store. For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html
Type: string
Default:
""
Example:
'' # specify whether SSL is required ssl.enabled = true ssl.service_creds.pw = passphrase ssl.service_creds.container = pkcs12 ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/dir.p12 ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks ssl.trusted_certs.pw = jks_passphrase ssl.trusted_certs.container = jks ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.dir.httpPort
Specifies the listen port for the HTTP service that returns the status page.
Type: unspecified
Default:
30638
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.dir.port
The port to listen on for incoming connections (TCP).
Type: unspecified
Default:
32638
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.dir.replication.enable
Whether to enable XtreemFS DIR replication plugin.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.dir.replication.extraConfig
Configuration of XtreemFS DIR replication plugin. WARNING: configuration is saved as plaintext inside nix store. For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html
Type: string
Example:
'' # participants of the replication including this replica babudb.repl.participant.0 = 192.168.0.10 babudb.repl.participant.0.port = 35676 babudb.repl.participant.1 = 192.168.0.11 babudb.repl.participant.1.port = 35676 babudb.repl.participant.2 = 192.168.0.12 babudb.repl.participant.2.port = 35676 # number of servers that at least have to be up to date # To have a fault-tolerant system, this value has to be set to the # majority of nodes i.e., if you have three replicas, set this to 2 # Please note that a setup with two nodes provides no fault-tolerance. babudb.repl.sync.n = 2 # specify whether SSL is required babudb.ssl.enabled = true babudb.ssl.protocol = tlsv12 # server credentials for SSL handshakes babudb.ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/osd.p12 babudb.ssl.service_creds.pw = passphrase babudb.ssl.service_creds.container = pkcs12 # trusted certificates for SSL handshakes babudb.ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks babudb.ssl.trusted_certs.pw = jks_passphrase babudb.ssl.trusted_certs.container = jks babudb.ssl.authenticationWithoutEncryption = false ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.dir.syncMode
The sync mode influences how operations are committed to the disk log before the operation is acknowledged to the caller.
-ASYNC mode the writes to the disk log are buffered in memory by the operating system. This is the fastest mode but will lead to data loss in case of a crash, kernel panic or power failure. -SYNC_WRITE_METADATA opens the file with O_SYNC, the system will not buffer any writes. The operation will be acknowledged when data has been safely written to disk. This mode is slow but offers maximum data safety. However, BabuDB cannot influence the disk drive caches, this depends on the OS and hard disk model. -SYNC_WRITE similar to SYNC_WRITE_METADATA but opens file with O_DSYNC which means that only the data is commit to disk. This can lead to some data loss depending on the implementation of the underlying file system. Linux does not implement this mode. -FDATASYNC is similar to SYNC_WRITE but opens the file in asynchronous mode and calls fdatasync() after writing the data to disk. -FSYNC is similar to SYNC_WRITE_METADATA but opens the file in asynchronous mode and calls fsync() after writing the data to disk.
For best throughput use ASYNC, for maximum data safety use FSYNC.
(If xtreemfs.dir.replication.enable is true then FDATASYNC is forced)
Type: unspecified
Default:
"FSYNC"
Example:
"FDATASYNC"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.dir.uuid
Must be set to a unique identifier, preferably a UUID according to RFC 4122. UUIDs can be generated with `uuidgen` command, found in the `utillinux` package.
Type: unspecified
Example:
"eacb6bab-f444-4ebf-a06a-3f72d7465e40"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.homeDir
XtreemFS home dir for the xtreemfs user.
Type: unspecified
Default:
"/var/lib/xtreemfs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.mrc.enable
Whether to enable XtreemFS MRC service.
Type: unspecified
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.mrc.address
If specified, it defines the interface to listen on. If not specified, the service will listen on all interfaces (any).
Type: unspecified
Default:
""
Example:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.mrc.extraConfig
Configuration of XtreemFS MRC service. WARNING: configuration is saved as plaintext inside nix store. For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html
Type: string
Example:
'' osd_check_interval = 300 no_atime = true local_clock_renewal = 0 remote_time_sync = 30000 authentication_provider = org.xtreemfs.common.auth.NullAuthProvider # shared secret between the MRC and all OSDs capability_secret = iNG8UuQJrJ6XVDTe dir_service.host = 192.168.0.10 dir_service.port = 32638 # if replication is enabled dir_service.1.host = 192.168.0.11 dir_service.1.port = 32638 dir_service.2.host = 192.168.0.12 dir_service.2.port = 32638 # specify whether SSL is required ssl.enabled = true ssl.protocol = tlsv12 ssl.service_creds.pw = passphrase ssl.service_creds.container = pkcs12 ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/mrc.p12 ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks ssl.trusted_certs.pw = jks_passphrase ssl.trusted_certs.container = jks ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.mrc.httpPort
Specifies the listen port for the HTTP service that returns the status page.
Type: unspecified
Default:
30636
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.mrc.port
The port to listen on for incoming connections (TCP).
Type: unspecified
Default:
32636
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.mrc.replication.enable
Whether to enable XtreemFS MRC replication plugin.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.mrc.replication.extraConfig
Configuration of XtreemFS MRC replication plugin. WARNING: configuration is saved as plaintext inside nix store. For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html
Type: string
Example:
'' # participants of the replication including this replica babudb.repl.participant.0 = 192.168.0.10 babudb.repl.participant.0.port = 35678 babudb.repl.participant.1 = 192.168.0.11 babudb.repl.participant.1.port = 35678 babudb.repl.participant.2 = 192.168.0.12 babudb.repl.participant.2.port = 35678 # number of servers that at least have to be up to date # To have a fault-tolerant system, this value has to be set to the # majority of nodes i.e., if you have three replicas, set this to 2 # Please note that a setup with two nodes provides no fault-tolerance. babudb.repl.sync.n = 2 # specify whether SSL is required babudb.ssl.enabled = true babudb.ssl.protocol = tlsv12 # server credentials for SSL handshakes babudb.ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/osd.p12 babudb.ssl.service_creds.pw = passphrase babudb.ssl.service_creds.container = pkcs12 # trusted certificates for SSL handshakes babudb.ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks babudb.ssl.trusted_certs.pw = jks_passphrase babudb.ssl.trusted_certs.container = jks babudb.ssl.authenticationWithoutEncryption = false ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.mrc.syncMode
The sync mode influences how operations are committed to the disk log before the operation is acknowledged to the caller.
-ASYNC mode the writes to the disk log are buffered in memory by the operating system. This is the fastest mode but will lead to data loss in case of a crash, kernel panic or power failure. -SYNC_WRITE_METADATA opens the file with O_SYNC, the system will not buffer any writes. The operation will be acknowledged when data has been safely written to disk. This mode is slow but offers maximum data safety. However, BabuDB cannot influence the disk drive caches, this depends on the OS and hard disk model. -SYNC_WRITE similar to SYNC_WRITE_METADATA but opens file with O_DSYNC which means that only the data is commit to disk. This can lead to some data loss depending on the implementation of the underlying file system. Linux does not implement this mode. -FDATASYNC is similar to SYNC_WRITE but opens the file in asynchronous mode and calls fdatasync() after writing the data to disk. -FSYNC is similar to SYNC_WRITE_METADATA but opens the file in asynchronous mode and calls fsync() after writing the data to disk.
For best throughput use ASYNC, for maximum data safety use FSYNC.
(If xtreemfs.mrc.replication.enable is true then FDATASYNC is forced)
Type: unspecified
Default:
"FSYNC"
Example:
"FDATASYNC"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.mrc.uuid
Must be set to a unique identifier, preferably a UUID according to RFC 4122. UUIDs can be generated with `uuidgen` command, found in the `utillinux` package.
Type: unspecified
Example:
"eacb6bab-f444-4ebf-a06a-3f72d7465e41"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.osd.enable
Whether to enable XtreemFS OSD service.
Type: unspecified
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.osd.address
If specified, it defines the interface to listen on. If not specified, the service will listen on all interfaces (any).
Type: unspecified
Default:
""
Example:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.osd.extraConfig
Configuration of XtreemFS OSD service. WARNING: configuration is saved as plaintext inside nix store. For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html
Type: string
Example:
'' local_clock_renewal = 0 remote_time_sync = 30000 report_free_space = true capability_secret = iNG8UuQJrJ6XVDTe dir_service.host = 192.168.0.10 dir_service.port = 32638 # if replication is used dir_service.1.host = 192.168.0.11 dir_service.1.port = 32638 dir_service.2.host = 192.168.0.12 dir_service.2.port = 32638 # specify whether SSL is required ssl.enabled = true ssl.service_creds.pw = passphrase ssl.service_creds.container = pkcs12 ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/osd.p12 ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks ssl.trusted_certs.pw = jks_passphrase ssl.trusted_certs.container = jks ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.osd.httpPort
Specifies the listen port for the HTTP service that returns the status page.
Type: unspecified
Default:
30640
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.osd.port
The port to listen on for incoming connections (TCP and UDP).
Type: unspecified
Default:
32640
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.osd.uuid
Must be set to a unique identifier, preferably a UUID according to RFC 4122. UUIDs can be generated with `uuidgen` command, found in the `utillinux` package.
Type: unspecified
Example:
"eacb6bab-f444-4ebf-a06a-3f72d7465e42"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.yandex-disk.enable
Whether to enable Yandex-disk client. See https://disk.yandex.ru/
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix>
|
services.yandex-disk.directory
The directory to use for Yandex.Disk storage
Type: unspecified
Default:
"/home/Yandex.Disk"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix>
|
services.yandex-disk.excludes
Comma-separated list of directories which are excluded from synchronization.
Type: string
Default:
""
Example:
"data,backup"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix>
|
services.yandex-disk.password
Your yandex.com password. Warning: it will be world-readable in /nix/store.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix>
|
services.yandex-disk.user
The user the yandex-disk daemon should run as.
Type: unspecified
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix>
|
services.yandex-disk.username
Your yandex.com login name.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix>
|
services.ympd.enable
Whether to enable ympd, the MPD Web GUI.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/audio/ympd.nix>
|
services.ympd.mpd.host
The host where MPD is listening.
Type: string
Default:
"localhost"
Example:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/audio/ympd.nix>
|
services.ympd.mpd.port
The port where MPD is listening.
Type: signed integer
Default:
6600
Example:
6600
Declared by:
<nixpkgs/nixos/modules/services/audio/ympd.nix>
|
services.ympd.webPort
The port where ympd's web interface will be available.
Type: string
Default:
"8080"
Example:
"ssl://8080:/path/to/ssl-private-key.pem"
Declared by:
<nixpkgs/nixos/modules/services/audio/ympd.nix>
|
services.youtrack.enable
Whether to enable YouTrack service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
|
services.youtrack.package
Package to use.
Type: package
Default:
"pkgs.youtrack"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
|
services.youtrack.address
The interface youtrack will listen on.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
|
services.youtrack.baseUrl
Base URL for youtrack. Will be auto-detected and stored in database.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
|
services.youtrack.extraParams
Extra parameters to pass to youtrack. See https://www.jetbrains.com/help/youtrack/standalone/YouTrack-Java-Start-Parameters.html for more information.
Type: attribute set of strings
Default:
{
}
Example:
{
jetbrains.youtrack.overrideRootPassword = "tortuga";
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
|
services.youtrack.jvmOpts
Extra options to pass to the JVM. See https://www.jetbrains.com/help/youtrack/standalone/Configure-JVM-Options.html for more information.
Type: string
Default:
""
Example:
"-XX:MetaspaceSize=250m"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
|
services.youtrack.maxMemory
Maximum Java heap size
Type: string
Default:
"1g"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
|
services.youtrack.maxMetaspaceSize
Maximum java Metaspace memory.
Type: string
Default:
"350m"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
|
services.youtrack.port
The port youtrack will listen on.
Type: signed integer
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
|
services.youtrack.statePath
Where to keep the youtrack database.
Type: string
Default:
"/var/lib/youtrack"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
|
services.youtrack.virtualHost
Name of the nginx virtual host to use and setup. If null, do not setup anything.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
|
services.zabbixAgent.enable
Whether to run the Zabbix monitoring agent on this machine. It will send monitoring data to a Zabbix server.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
|
services.zabbixAgent.package
The Zabbix package to use.
Type: attribute set
Default:
"pkgs.zabbix"
Example:
pkgs.zabbix34
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
|
services.zabbixAgent.extraConfig
Configuration that is injected verbatim into the configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
|
services.zabbixAgent.server
The IP address or hostname of the Zabbix server to connect to.
Type: unspecified
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
|
services.zabbixServer.enable
Whether to run the Zabbix server on this machine.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
|
services.zabbixServer.dbPassword
Password used to connect to the database server.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
|
services.zabbixServer.dbServer
Hostname or IP address of the database server. Use an empty string ("") to use peer authentication.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
|
services.zabbixServer.extraConfig
Configuration that is injected verbatim into the configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
|
services.zeitgeist.enable
Whether to enable zeitgeist.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/desktops/zeitgeist.nix>
|
services.zerobin.enable
Whether to enable 0bin.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/zerobin.nix>
|
services.zerobin.dataDir
Path to the 0bin data directory
Type: string
Default:
"/var/lib/zerobin"
Declared by:
<nixpkgs/nixos/modules/services/networking/zerobin.nix>
|
services.zerobin.extraConfig
Extra configuration to be appended to the 0bin config file (see https://0bin.readthedocs.org/en/latest/en/options.html)
Type: string
Default:
""
Example:
'' MENU = ( ('Home', '/'), ) COMPRESSED_STATIC_FILE = True ''
Declared by:
<nixpkgs/nixos/modules/services/networking/zerobin.nix>
|
services.zerobin.group
The group 0bin should run as
Type: string
Default:
"zerobin"
Declared by:
<nixpkgs/nixos/modules/services/networking/zerobin.nix>
|
services.zerobin.listenAddress
The address zerobin should listen to
Type: string
Default:
"localhost"
Example:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/zerobin.nix>
|
services.zerobin.listenPort
The port zerobin should listen on
Type: signed integer
Default:
8000
Example:
1357
Declared by:
<nixpkgs/nixos/modules/services/networking/zerobin.nix>
|
services.zerobin.user
The user 0bin should run as
Type: string
Default:
"zerobin"
Declared by:
<nixpkgs/nixos/modules/services/networking/zerobin.nix>
|
services.zeronet.enable
Whether to enable zeronet.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/zeronet.nix>
|
services.zeronet.dataDir
Path to the zeronet data directory.
Type: path
Default:
"/var/lib/zeronet"
Example:
"/home/okina/zeronet"
Declared by:
<nixpkgs/nixos/modules/services/networking/zeronet.nix>
|
services.zeronet.extraConfig
Extra configuration. Contents will be added verbatim to the configuration file at the end.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/zeronet.nix>
|
services.zeronet.logDir
Path to the zeronet log directory.
Type: path
Default:
"/var/log/zeronet"
Example:
"/home/okina/zeronet/log"
Declared by:
<nixpkgs/nixos/modules/services/networking/zeronet.nix>
|
services.zeronet.port
Optional zeronet web UI port.
Type: null or signed integer
Default:
null
Example:
43110
Declared by:
<nixpkgs/nixos/modules/services/networking/zeronet.nix>
|
services.zeronet.tor
Use TOR for zeronet traffic where possible.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/zeronet.nix>
|
services.zeronet.torAlways
Use TOR for all zeronet traffic.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/zeronet.nix>
|
services.zerotierone.enable
Whether to enable ZeroTierOne.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/zerotierone.nix>
|
services.zerotierone.package
ZeroTier One package to use.
Type: package
Default:
"pkgs.zerotierone"
Declared by:
<nixpkgs/nixos/modules/services/networking/zerotierone.nix>
|
services.zerotierone.joinNetworks
List of ZeroTier Network IDs to join on startup
Type: list of strings
Default:
[
]
Example:
[
"a8a2c3c10c1a68de"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/zerotierone.nix>
|
services.zerotierone.port
Network port used by ZeroTier.
Type: signed integer
Default:
9993
Example:
9993
Declared by:
<nixpkgs/nixos/modules/services/networking/zerotierone.nix>
|
services.zfs.autoScrub.enable
Enables periodic scrubbing of ZFS pools.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.autoScrub.interval
Systemd calendar expression when to scrub ZFS pools. See systemd.time(7).
Type: string
Default:
"Sun, 02:00"
Example:
"daily"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.autoScrub.pools
List of ZFS pools to periodically scrub. If empty, all pools will be scrubbed.
Type: list of strings
Default:
[
]
Example:
[
"tank"
]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.autoSnapshot.enable
Enable the (OpenSolaris-compatible) ZFS auto-snapshotting service.
Note that you must set the com.sun:auto-snapshot
property to true
on all datasets which you wish
to auto-snapshot.
You can override a child dataset to use, or not use auto-snapshotting
by setting its flag with the given interval:
zfs set com.sun:auto-snapshot:weekly=false DATASET
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.autoSnapshot.daily
Number of daily auto-snapshots that you wish to keep.
Type: signed integer
Default:
7
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.autoSnapshot.flags
Flags to pass to the zfs-auto-snapshot command.
Run zfs-auto-snapshot
(without any arguments) to
see available flags.
If it's not too inconvenient for snapshots to have timestamps in UTC,
it is suggested that you append --utc
to the list
of default options (see example).
Otherwise, snapshot names can cause name conflicts or apparent time reversals due to daylight savings, timezone or other date/time changes.
Type: string
Default:
"-k -p"
Example:
"-k -p --utc"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.autoSnapshot.frequent
Number of frequent (15-minute) auto-snapshots that you wish to keep.
Type: signed integer
Default:
4
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.autoSnapshot.hourly
Number of hourly auto-snapshots that you wish to keep.
Type: signed integer
Default:
24
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.autoSnapshot.monthly
Number of monthly auto-snapshots that you wish to keep.
Type: signed integer
Default:
12
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.autoSnapshot.weekly
Number of weekly auto-snapshots that you wish to keep.
Type: signed integer
Default:
4
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.znapzend.enable
Whether to enable ZnapZend ZFS backup daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.autoCreation
Automatically create the destination dataset if it does not exists.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.logLevel
The log level when logging to file. Any of debug, info, warning, err, alert. Default in daemonized form is debug.
Type: one of "debug", "info", "warning", "err", "alert"
Default:
"debug"
Example:
"warning"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.logTo
Where to log to (syslog::<facility> or <filepath>).
Type: string
Default:
"syslog::daemon"
Example:
"/var/log/znapzend.log"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.noDestroy
Does all changes to the filesystem except destroy.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.pure
Do not persist any stateful znapzend setups. If this option is enabled, your previously set znapzend setups will be cleared and only the ones defined with this module will be applied.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup
Znapzend configuration.
Type: list or attribute set of submodules
Default:
{
}
Example:
{ "tank/home" = { # Make snapshots of tank/home every hour, keep those for 1 day, # keep every days snapshot for 1 month, etc. plan = "1d=>1h,1m=>1d,1y=>1m"; recursive = true; # Send all those snapshots to john@example.com:rtank/john as well destinations.remote = { host = "john@example.com"; dataset = "rtank/john"; }; }; };
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name?>.enable
Whether to enable this source.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name?>.dataset
The dataset to use for this source.
Type: string
Example:
"tank/home"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name?>.destinations
Additional destinations.
Type: list or attribute set of submodules
Default:
{
}
Example:
{ local = { dataset = "btank/backup"; presend = "zpool import -N btank"; postsend = "zpool export btank"; }; remote = { host = "john@example.com"; dataset = "tank/john"; }; };
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name?>.destinations.<name?>.dataset
Dataset name to send snapshots to.
Type: string
Example:
"tank/main"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name?>.destinations.<name?>.host
Host to use for the destination dataset. Can be prefixed with
user@
to specify the ssh user.
Type: null or string
Default:
null
Example:
"john@example.com"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name?>.destinations.<name?>.label
Label for this destination. Defaults to the attribute name.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name?>.destinations.<name?>.plan
The znapzend backup plan to use for the source.
The plan specifies how often to backup and for how long to keep the backups. It consists of a series of retention periodes to interval associations:
retA=>intA,retB=>intB,...
Both intervals and retention periods are expressed in standard units of time or multiples of them. You can use both the full name or a shortcut according to the following listing:
second|sec|s, minute|min, hour|h, day|d, week|w, month|mon|m, year|y
See znapzendzetup(1) for more info.
Type: string
Example:
"1h=>10min,1d=>1h,1w=>1d,1m=>1w,1y=>1m"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name?>.destinations.<name?>.postsend
Command to run after sending the snapshot to the destination.
Intended to run a remote script via ssh on the
destination, e.g. to bring up a backup disk or server or to put a
zpool online/offline. See also presend
.
Type: null or string
Default:
null
Example:
"ssh root@bserv zpool export tank"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name?>.destinations.<name?>.presend
Command to run before sending the snapshot to the destination.
Intended to run a remote script via ssh on the
destination, e.g. to bring up a backup disk or server or to put a
zpool online/offline. See also postsend
.
Type: null or string
Default:
null
Example:
"ssh root@bserv zpool import -Nf tank"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name?>.mbuffer.enable
Whether to use mbuffer.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name?>.mbuffer.port
Port to use for mbuffer.
If this is null, it will run mbuffer through ssh.
If this is not null, it will run mbuffer directly through TCP, which is not encrypted but faster. In that case the given port needs to be open on the destination host.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name?>.mbuffer.size
The size for mbuffer. Supports the units b, k, M, G.
Type: string of the form number{b|k|M|G}
Default:
"1G"
Example:
"128M"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name?>.plan
The znapzend backup plan to use for the source.
The plan specifies how often to backup and for how long to keep the backups. It consists of a series of retention periodes to interval associations:
retA=>intA,retB=>intB,...
Both intervals and retention periods are expressed in standard units of time or multiples of them. You can use both the full name or a shortcut according to the following listing:
second|sec|s, minute|min, hour|h, day|d, week|w, month|mon|m, year|y
See znapzendzetup(1) for more info.
Type: string
Example:
"1h=>10min,1d=>1h,1w=>1d,1m=>1w,1y=>1m"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name?>.postsnap
Command to run after snapshots are taken on the source dataset,
e.g. for database unlocking. See also presnap
.
Type: null or string
Default:
null
Example:
${pkgs.coreutils}/bin/kill `${pkgs.coreutils}/bin/cat /tmp/mariadblock.pid`;${pkgs.coreutils}/bin/rm /tmp/mariadblock.pid
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name?>.presnap
Command to run before snapshots are taken on the source dataset,
e.g. for database locking/flushing. See also
postsnap
.
Type: null or string
Default:
null
Example:
${pkgs.mariadb}/bin/mysql -e "set autocommit=0;flush tables with read lock;\\! ${pkgs.coreutils}/bin/sleep 600" & ${pkgs.coreutils}/bin/echo $! > /tmp/mariadblock.pid ; sleep 10
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name?>.recursive
Whether to do recursive snapshots.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name?>.sendDelay
Specify delay (in seconds) before sending snaps to the destination. May be useful if you want to control sending time.
Type: signed integer
Default:
0
Example:
60
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name?>.timestampFormat
The timestamp format to use for constructing snapshot names.
The syntax is strftime
-like. The string must
consist of the mandatory %Y %m %d %H %M %S
.
Optionally - _ . :
characters as well as any
alphanumeric character are allowed. If suffixed by a
Z
, times will be in UTC.
Type: string containing all of the characters %Y, %m, %d, %H, %M, %S
Default:
"%Y-%m-%d-%H%M%S"
Example:
"znapzend-%m.%d.%Y-%H%M%SZ"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znc.enable
Enable a ZNC service for a user.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.confOptions.extraZncConf
Extra config to `znc.conf` file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.confOptions.modules
A list of modules to include in the `znc.conf` file.
Type: list of strings
Default:
[
"webadmin" "adminlog"
]
Example:
[
"partyline" "webadmin" "adminlog" "log"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.confOptions.networks
IRC networks to connect the user to.
Type: attribute set of submodules
Default:
{
}
Example:
{
freenode =
{
modules =
[
"simple_away"
]
; port = 6697; server = "chat.freenode.net"; useSSL = true;
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.confOptions.networks.<name>.channels
IRC channels to join.
Type: list of strings
Default:
[
]
Example:
[
"nixos"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.confOptions.networks.<name>.extraConf
Extra config for the network.
Type: string
Default:
""
Example:
'' Encoding = ^UTF-8 FloodBurst = 4 FloodRate = 1.00 IRCConnectEnabled = true Ident = johntron JoinDelay = 0 Nick = johntron ''
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.confOptions.networks.<name>.hasBitlbeeControlChannel
Whether to add the special Bitlbee operations channel.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.confOptions.networks.<name>.modulePackages
External ZNC modules to build.
Type: list of packages
Default:
[
]
Example:
[
"pkgs.zncModules.push" "pkgs.zncModules.fish"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.confOptions.networks.<name>.modules
ZNC modules to load.
Type: list of strings
Default:
[
"simple_away"
]
Example:
[ simple_away sasl ]
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.confOptions.networks.<name>.password
IRC server password, such as for a Slack gateway.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.confOptions.networks.<name>.port
IRC server port.
Type: signed integer
Default:
6697
Example:
6697
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.confOptions.networks.<name>.server
IRC server address.
Type: string
Example:
"chat.freenode.net"
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.confOptions.networks.<name>.useSSL
Whether to use SSL to connect to the IRC server.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.confOptions.networks.<name>.userName
A nick identity specific to the IRC server.
Type: string
Default:
""
Example:
"johntron"
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.confOptions.nick
The IRC nick.
Type: string
Default:
"znc-user"
Example:
"john"
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.confOptions.passBlock
Generate with `nix-shell -p znc --command "znc --makepass"`. This is the password used to log in to the ZNC web admin interface.
Type: string
Example:
'' <Pass password> Method = sha256 Hash = e2ce303c7ea75c571d80d8540a8699b46535be6a085be3414947d638e48d9e93 Salt = l5Xryew4g*!oa(ECfX2o </Pass> ''
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.confOptions.port
Specifies the port on which to listen.
Type: signed integer
Default:
5000
Example:
5000
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.confOptions.uriPrefix
An optional URI prefix for the ZNC web interface. Can be used to make ZNC available behind a reverse proxy.
Type: null or string
Default:
null
Example:
"/znc/"
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.confOptions.useSSL
Indicates whether the ZNC server should use SSL when listening on the specified port. A self-signed certificate will be generated.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.confOptions.userModules
A list of user modules to include in the `znc.conf` file.
Type: list of strings
Default:
[
"chansaver" "controlpanel"
]
Example:
[
"chansaver" "controlpanel" "fish" "push"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.confOptions.userName
The user name used to log in to the ZNC web admin interface.
Type: string
Default:
"znc"
Example:
"johntron"
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.dataDir
The data directory. Used for configuration files and modules.
Type: path
Default:
"/var/lib/znc/"
Example:
"/home/john/.znc/"
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.extraFlags
Extra flags to use when executing znc command.
Type: list of strings
Default:
[
]
Example:
[
"--debug"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.group
Group to own the ZNCserver process.
Type: string
Default:
""
Example:
"users"
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.modulePackages
A list of global znc module packages to add to znc.
Type: list of packages
Default:
[
]
Example:
[ pkgs.zncModules.fish pkgs.zncModules.push ]
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.mutable
Indicates whether to allow the contents of the `dataDir` directory to be changed by the user at run-time. If true, modifications to the ZNC configuration after its initial creation are not overwritten by a NixOS system rebuild. If false, the ZNC configuration is rebuilt by every system rebuild. If the user wants to manage the ZNC service using the web admin interface, this value should be set to true.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.openFirewall
Whether to open ports in the firewall for ZNC.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.user
The name of an existing user account to use to own the ZNC server process. If not specified, a default user will be created to own the process.
Type: string
Default:
"znc"
Example:
"john"
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.znc.zncConf
Config file as generated with `znc --makeconf` to use for the whole ZNC configuration. If specified, `confOptions` will be ignored, and this value, as-is, will be used. If left empty, a conf file with default values will be used.
Type: string
Default:
""
Example:
"See: http://wiki.znc.in/Configuration"
Declared by:
<nixpkgs/nixos/modules/services/networking/znc.nix>
|
services.zookeeper.enable
Whether to enable Zookeeper.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
|
services.zookeeper.package
The zookeeper package to use
Type: package
Default:
"pkgs.zookeeper"
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
|
services.zookeeper.dataDir
Data directory for Zookeeper
Type: path
Default:
"/var/lib/zookeeper"
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
|
services.zookeeper.extraCmdLineOptions
Extra command line options for the Zookeeper launcher.
Type: list of strings
Default:
[
"-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.local.only=true"
]
Example:
[
"-Djava.net.preferIPv4Stack=true" "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.local.only=true"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
|
services.zookeeper.extraConf
Extra configuration for Zookeeper.
Type: string
Default:
'' initLimit=5 syncLimit=2 tickTime=2000 ''
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
|
services.zookeeper.id
Zookeeper ID.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
|
services.zookeeper.logging
Zookeeper logging configuration.
Type: string
Default:
'' zookeeper.root.logger=INFO, CONSOLE log4j.rootLogger=INFO, CONSOLE log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout log4j.appender.CONSOLE.layout.ConversionPattern=[myid:%X{myid}] - %-5p [%t:%C{1}@%L] - %m%n ''
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
|
services.zookeeper.port
Zookeeper Client port.
Type: signed integer
Default:
2181
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
|
services.zookeeper.preferIPv4
Add the -Djava.net.preferIPv4Stack=true flag to the Zookeeper server.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
|
services.zookeeper.purgeInterval
The time interval in hours for which the purge task has to be triggered. Set to a positive integer (1 and above) to enable the auto purging.
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
|
services.zookeeper.servers
All Zookeeper Servers.
Type: string
Default:
""
Example:
'' server.0=host0:2888:3888 server.1=host1:2888:3888 server.2=host2:2888:3888 ''
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
|
services.zope2.instances
zope2 instances to be created automaticaly by the system.
Type: attribute set of submodules
Default:
{
}
Example:
{ plone01 = { http_address = "127.0.0.1:8080"; extra = '' <zodb_db main> mount-point / cache-size 30000 <blobstorage> blob-dir /var/lib/zope2/plone01/blobstorage <filestorage> path /var/lib/zope2/plone01/filestorage/Data.fs </filestorage> </blobstorage> </zodb_db> ''; }; }
Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
|
services.zope2.instances.<name>.packages
The list of packages you want to make available to the zope2 instance.
Type: list of packages
Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
|
services.zope2.instances.<name>.clientHome
Home directory of zope2 instance.
Type: string
Default:
"/var/lib/zope2/‹name›"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
|
services.zope2.instances.<name>.extra
Extra zope.conf
Type: string
Default:
'' <zodb_db main> mount-point / cache-size 30000 <blobstorage> blob-dir /var/lib/zope2/‹name›/blobstorage <filestorage> path /var/lib/zope2/‹name›/filestorage/Data.fs </filestorage> </blobstorage> </zodb_db> ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
|
services.zope2.instances.<name>.http_address
Give a port and address for the HTTP server.
Type: string
Default:
"localhost:8080"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
|
services.zope2.instances.<name>.name
The name of the zope2 instance. If undefined, the name of the attribute set will be used.
Type: string
Default:
"‹name›"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
|
services.zope2.instances.<name>.threads
Specify the number of threads that Zope's ZServer web server will use to service requests.
Type: signed integer
Default:
2
Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
|
services.zope2.instances.<name>.user
The name of the effective user for the Zope process.
Type: string
Default:
"zope2"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
|
sound.enable
Whether to enable ALSA sound.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
sound.enableOSSEmulation
Whether to enable ALSA OSS emulation (with certain cards sound mixing may not work!).
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
sound.extraConfig
Set addition configuration for system-wide alsa.
Type: string
Default:
""
Example:
'' defaults.pcm.!card 3 ''
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
sound.mediaKeys.enable
Whether to enable volume and capture control with keyboard media keys.
You want to leave this disabled if you run a desktop environment like KDE, Gnome, Xfce, etc, as those handle such things themselves. You might want to enable this if you run a minimalistic desktop environment or work from bare linux ttys/framebuffers.
Enabling this will turn on services.actkbd
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
sound.mediaKeys.volumeStep
The value by which to increment/decrement volume on media keys.
See amixer(1) for allowed values.
Type: string
Default:
"1"
Example:
"1%"
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
swapDevices
The swap devices and swap files. These must have been
initialised using mkswap. Each element
should be an attribute set specifying either the path of the
swap device or file (device
) or the label
of the swap device (label
, see
mkswap -L). Using a label is
recommended.
Type: list of submodules
Default:
[
]
Example:
[
{
device = "/dev/hda7";
}
{
device = "/var/swapfile";
}
{
label = "bigswap";
}
]
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
<nixpkgs/nixos/modules/config/swap.nix>
|
swapDevices.*.device
Path of the device.
Type: string
Example:
"/dev/sda3"
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
|
swapDevices.*.encrypted.enable
The block device is backed by an encrypted one, adds this device as a initrd luks entry.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
swapDevices.*.encrypted.blkDev
Location of the backing encrypted device.
Type: null or string
Default:
null
Example:
"/dev/sda1"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
swapDevices.*.encrypted.keyFile
File system location of keyfile. This unlocks the drive after the root has been mounted to /mnt-root
.
Type: null or string
Default:
null
Example:
"/mnt-root/root/.swapkey"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
swapDevices.*.encrypted.label
Label of the unlocked encrypted device. Set fileSystems.<name?>.device
to /dev/mapper/<label>
to mount the unlocked device.
Type: null or string
Default:
null
Example:
"rootfs"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
swapDevices.*.label
Label of the device. Can be used instead of device
.
Type: string
Example:
"swap"
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
|
swapDevices.*.priority
Specify the priority of the swap device. Priority is a value between 0 and 32767. Higher numbers indicate higher priority. null lets the kernel choose a priority, which will show up as a negative value.
Type: null or signed integer
Default:
null
Example:
2048
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
|
swapDevices.*.randomEncryption
Encrypt swap device with a random key. This way you won't have a persistent swap device.
HINT: run "cryptsetup benchmark" to test cipher performance on your machine.
WARNING: Don't try to hibernate when you have at least one swap partition with this option enabled! We have no way to set the partition into which hibernation image is saved, so if your image ends up on an encrypted one you would lose it!
WARNING #2: Do not use /dev/disk/by-uuid/… or /dev/disk/by-label/… as your swap device when using randomEncryption as the UUIDs and labels will get erased on every boot when the partition is encrypted. Best to use /dev/disk/by-partuuid/…
Type: submodule or boolean convertible to it
Default:
false
Example:
{
cipher = "serpent-xts-plain64"; enable = true; source = "/dev/random";
}
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
|
swapDevices.*.randomEncryption.enable
Encrypt swap device with a random key. This way you won't have a persistent swap device.
WARNING: Don't try to hibernate when you have at least one swap partition with this option enabled! We have no way to set the partition into which hibernation image is saved, so if your image ends up on an encrypted one you would lose it!
WARNING #2: Do not use /dev/disk/by-uuid/… or /dev/disk/by-label/… as your swap device when using randomEncryption as the UUIDs and labels will get erased on every boot when the partition is encrypted. Best to use /dev/disk/by-partuuid/…
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
|
swapDevices.*.randomEncryption.cipher
Use specified cipher for randomEncryption.
Hint: Run "cryptsetup benchmark" to see which one is fastest on your machine.
Type: string
Default:
"aes-xts-plain64"
Example:
"serpent-xts-plain64"
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
|
swapDevices.*.randomEncryption.source
Define the source of randomness to obtain a random key for encryption.
Type: string
Default:
"/dev/urandom"
Example:
"/dev/random"
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
|
swapDevices.*.size
If this option is set, ‘device’ is interpreted as the path of a swapfile that will be created automatically with the indicated size (in megabytes).
Type: null or signed integer
Default:
null
Example:
2048
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
|
system.activationScripts
A set of shell script fragments that are executed when a NixOS system configuration is activated. Examples are updating /etc, creating accounts, and so on. Since these are executed every time you boot the system or run nixos-rebuild, it's important that they are idempotent and fast.
Type: attribute set of unspecifieds
Default:
{
}
Example:
{ stdio = { text = '' # Needed by some programs. ln -sfn /proc/self/fd /dev/fd ln -sfn /proc/self/fd/0 /dev/stdin ln -sfn /proc/self/fd/1 /dev/stdout ln -sfn /proc/self/fd/2 /dev/stderr ''; deps = []; }; }
Declared by:
<nixpkgs/nixos/modules/system/activation/activation-script.nix>
|
system.autoUpgrade.enable
Whether to periodically upgrade NixOS to the latest
version. If enabled, a systemd timer will run
nixos-rebuild switch --upgrade
once a
day.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/installer/tools/auto-upgrade.nix>
|
system.autoUpgrade.channel
The URI of the NixOS channel to use for automatic
upgrades. By default, this is the channel set using
nix-channel (run nix-channel
--list
to see the current value).
Type: null or string
Default:
null
Example:
"https://nixos.org/channels/nixos-14.12-small"
Declared by:
<nixpkgs/nixos/modules/installer/tools/auto-upgrade.nix>
|
system.autoUpgrade.dates
Specification (in the format described by systemd.time(7)) of the time at which the update will occur.
Type: string
Default:
"04:40"
Declared by:
<nixpkgs/nixos/modules/installer/tools/auto-upgrade.nix>
|
system.autoUpgrade.flags
Any additional flags passed to nixos-rebuild.
Type: list of strings
Default:
[
]
Example:
[
"-I" "stuff=/home/alice/nixos-stuff" "--option" "extra-binary-caches" "http://my-cache.example.org/"
]
Declared by:
<nixpkgs/nixos/modules/installer/tools/auto-upgrade.nix>
|
system.copySystemConfiguration
If enabled, copies the NixOS configuration file
(usually /etc/nixos/configuration.nix
)
and links it from the resulting system
(getting to /run/current-system/configuration.nix
).
Note that only this single file is copied, even if it imports others.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
|
system.extraDependencies
A list of packages that should be included in the system closure but not otherwise made available to users. This is primarily used by the installation tests.
Type: list of packages
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
|
system.nixos.codeName
The NixOS release code name (e.g. Emu
).
Type: string (read only)
Declared by:
<nixpkgs/nixos/modules/misc/version.nix>
|
system.nixos.label
NixOS version name to be used in the names of generated outputs and boot labels.
If you ever wanted to influence the labels in your GRUB menu, this is the option for you.
The default is system.nixos.tags
separated by
"-" + "-" + NIXOS_LABEL_VERSION
environment
variable (defaults to the value of
system.nixos.version
).
Can be overriden by setting NIXOS_LABEL
.
Useful for not loosing track of configurations built from different nixos branches/revisions, e.g.:
#!/bin/sh today=`date +%Y%m%d` branch=`(cd nixpkgs ; git branch 2>/dev/null | sed -n '/^\* / { s|^\* ||; p; }')` revision=`(cd nixpkgs ; git rev-parse HEAD)` export NIXOS_LABEL_VERSION="$today.$branch-${revision:0:7}" nixos-rebuild switch
Type: string
Declared by:
<nixpkgs/nixos/modules/misc/label.nix>
|
system.nixos.release
The NixOS release (e.g. 16.03
).
Type: string (read only)
Default:
"19.03"
Declared by:
<nixpkgs/nixos/modules/misc/version.nix>
|
system.nixos.tags
Strings to prefix to the default
system.nixos.label
.
Useful for not loosing track of configurations built with different options, e.g.:
{ system.nixos.tags = [ "with-xen" ]; virtualisation.xen.enable = true; }
Type: list of strings
Default:
[
]
Example:
[
"with-xen"
]
Declared by:
<nixpkgs/nixos/modules/misc/label.nix>
|
system.replaceRuntimeDependencies
List of packages to override without doing a full rebuild. The original derivation and replacement derivation must have the same name length, and ideally should have close-to-identical directory layout.
Type: list of submodules
Default:
[
]
Example:
[ ({ original = pkgs.openssl; replacement = pkgs.callPackage /path/to/openssl { }; }) ]
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
|
system.replaceRuntimeDependencies.*.original
The original package to override.
Type: package
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
|
system.replaceRuntimeDependencies.*.replacement
The replacement package.
Type: package
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
|
system.stateVersion
Every once in a while, a new NixOS release may change configuration defaults in a way incompatible with stateful data. For instance, if the default version of PostgreSQL changes, the new version will probably be unable to read your existing databases. To prevent such breakage, you can set the value of this option to the NixOS release with which you want to be compatible. The effect is that NixOS will option defaults corresponding to the specified release (such as using an older version of PostgreSQL).
Type: string
Default:
"19.03"
Declared by:
<nixpkgs/nixos/modules/misc/version.nix>
|
system.userActivationScripts
A set of shell script fragments that are executed by a systemd user service when a NixOS system configuration is activated. Examples are rebuilding the .desktop file cache for showing applications in the menu. Since these are executed every time you run nixos-rebuild, it's important that they are idempotent and fast.
Type: attribute set of unspecifieds
Default:
{
}
Example:
{ plasmaSetup = { text = '' ${pkgs.libsForQt5.kservice}/bin/kbuildsycoca5" ''; deps = []; }; }
Declared by:
<nixpkgs/nixos/modules/system/activation/activation-script.nix>
|
systemd.enableCgroupAccounting
Whether to enable cgroup accounting.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.enableEmergencyMode
Whether to enable emergency mode, which is an sulogin shell started on the console if mounting a filesystem fails. Since some machines (like EC2 instances) have no console of any kind, emergency mode doesn't make sense, and it's better to continue with the boot insofar as possible.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/emergency-mode.nix>
|
systemd.package
The systemd package.
Type: package
Default:
"pkgs.systemd"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.packages
Packages providing systemd units.
Type: list of packages
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.additionalUpstreamSystemUnits
Additional units shipped with systemd that shall be enabled.
Type: list of strings
Default:
[
]
Example:
[
"debug-shell.service" "systemd-quotacheck.service"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts
Definition of systemd automount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from the 'where' attribute.
Type: list of submodules
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.enable
If set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0
) from being
started. Note that enable=true
does not
make a unit start by default at boot; if you want that, see
wantedBy
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.aliases
Aliases of that unit.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.automountConfig
Each attribute in this set specifies an option in the
[Automount]
section of the unit. See
systemd.automount(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
DirectoryMode = "0775";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.requiredBy
Units that require (i.e. depend on and need to go down with)
this unit. The discussion under wantedBy
applies here as well: inverse .requires
symlinks are established.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.unitConfig
Each attribute in this set specifies an option in the
[Unit]
section of the unit. See
systemd.unit(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
RequiresMountsFor = "/data";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.wantedBy
Units that want (i.e. depend on) this unit. The standard way
to make a unit start by default at boot is to set this option
to [ "multi-user.target" ]
. That's despite
the fact that the systemd.unit(5) manpage says this option
goes in the [Install]
section that controls
the behaviour of systemctl enable
. Since
such a process is stateful and thus contrary to the design of
NixOS, setting this option instead causes the equivalent
inverse .wants
symlink to be present,
establishing the same desired relationship in a stateless way.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.wants
Start the specified units when this unit is started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.where
Absolute path of a directory of the mount point. Will be created if it doesn't exist. (Mandatory)
Type: string
Example:
"/mnt"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.coredump.enable
Enables storing core dumps in systemd.
Note that this alone is not enough to enable core dumps. The maximum
file size for core dumps must be specified in limits.conf as well. See
security.pam.loginLimits
and the limits.conf(5)
man page (these specify the core dump limits for user login sessions)
and systemd.extraConfig
(where e.g.
DefaultLimitCORE=1000000
can be specified to set
the core dump limit for systemd system-level services).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/coredump.nix>
|
systemd.coredump.extraConfig
Extra config options for systemd-coredump. See coredump.conf(5) man page for available options.
Type: string
Default:
""
Example:
"Storage=journal"
Declared by:
<nixpkgs/nixos/modules/system/boot/coredump.nix>
|
systemd.ctrlAltDelUnit
Target that should be started when Ctrl-Alt-Delete is pressed.
Type: string
Default:
"reboot.target"
Example:
"poweroff.target"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.defaultUnit
Default unit started when the system boots.
Type: string
Default:
"multi-user.target"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.extraConfig
Extra config options for systemd. See man systemd-system.conf for available options.
Type: string
Default:
""
Example:
"DefaultLimitCORE=infinity"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.generator-packages
Packages providing systemd generators.
Type: list of packages
Default:
[
]
Example:
[ pkgs.systemd-cryptsetup-generator ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.generators
Definition of systemd generators.
For each NAME = VALUE
pair of the attrSet, a link is generated from
/etc/systemd/system-generators/NAME
to VALUE
.
Type: attribute set of paths
Default:
{
}
Example:
{
systemd-gpt-auto-generator = "/dev/null";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.globalEnvironment
Environment variables passed to all systemd units.
Type: attribute set of null or string or path or packages
Default:
{
}
Example:
{
TZ = "CET";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts
Definition of systemd mount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from the 'where' attribute.
Type: list of submodules
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.enable
If set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0
) from being
started. Note that enable=true
does not
make a unit start by default at boot; if you want that, see
wantedBy
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.aliases
Aliases of that unit.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.mountConfig
Each attribute in this set specifies an option in the
[Mount]
section of the unit. See
systemd.mount(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
DirectoryMode = "0775";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.options
Options used to mount the file system.
Type: string
Default:
""
Example:
"noatime"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.requiredBy
Units that require (i.e. depend on and need to go down with)
this unit. The discussion under wantedBy
applies here as well: inverse .requires
symlinks are established.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.type
File system type.
Type: string
Default:
""
Example:
"ext4"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.unitConfig
Each attribute in this set specifies an option in the
[Unit]
section of the unit. See
systemd.unit(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
RequiresMountsFor = "/data";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.wantedBy
Units that want (i.e. depend on) this unit. The standard way
to make a unit start by default at boot is to set this option
to [ "multi-user.target" ]
. That's despite
the fact that the systemd.unit(5) manpage says this option
goes in the [Install]
section that controls
the behaviour of systemctl enable
. Since
such a process is stateful and thus contrary to the design of
NixOS, setting this option instead causes the equivalent
inverse .wants
symlink to be present,
establishing the same desired relationship in a stateless way.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.wants
Start the specified units when this unit is started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.what
Absolute path of device node, file or other resource. (Mandatory)
Type: string
Example:
"/dev/sda1"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.where
Absolute path of a directory of the mount point. Will be created if it doesn't exist. (Mandatory)
Type: string
Example:
"/mnt"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.network.enable
Whether to enable networkd or not.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.links
Definition of systemd network links.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.links.<name>.enable
Whether to manage network configuration using systemd-network.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.links.<name>.extraConfig
Extra configuration append to unit
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.links.<name>.linkConfig
Each attribute in this set specifies an option in the
[Link]
section of the unit. See
systemd.link(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
MACAddress = "00:ff:ee:aa:cc:dd";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.links.<name>.matchConfig
Each attribute in this set specifies an option in the
[Match]
section of the unit. See
systemd.link(5)
systemd.netdev(5)
systemd.network(5)
for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
Name = "eth0";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs
Definition of systemd network devices.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.enable
Whether to manage network configuration using systemd-network.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.bondConfig
Each attribute in this set specifies an option in the
[Bond]
section of the unit. See
systemd.netdev(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
Mode = "802.3ad";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.extraConfig
Extra configuration append to unit
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.macvlanConfig
Each attribute in this set specifies an option in the
[MACVLAN]
section of the unit. See
systemd.netdev(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
Mode = "private";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.matchConfig
Each attribute in this set specifies an option in the
[Match]
section of the unit. See
systemd.link(5)
systemd.netdev(5)
systemd.network(5)
for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
Name = "eth0";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.netdevConfig
Each attribute in this set specifies an option in the
[Netdev]
section of the unit. See
systemd.netdev(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
Kind = "bridge"; Name = "mybridge";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.peerConfig
Each attribute in this set specifies an option in the
[Peer]
section of the unit. See
systemd.netdev(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
Name = "veth2";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.tapConfig
Each attribute in this set specifies an option in the
[Tap]
section of the unit. See
systemd.netdev(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
User = "openvpn";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.tunConfig
Each attribute in this set specifies an option in the
[Tun]
section of the unit. See
systemd.netdev(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
User = "openvpn";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.tunnelConfig
Each attribute in this set specifies an option in the
[Tunnel]
section of the unit. See
systemd.netdev(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
Remote = "192.168.1.1";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.vlanConfig
Each attribute in this set specifies an option in the
[VLAN]
section of the unit. See
systemd.netdev(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
Id = "4";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.vxlanConfig
Each attribute in this set specifies an option in the
[VXLAN]
section of the unit. See
systemd.netdev(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
Id = "4";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks
Definition of systemd networks.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.enable
Whether to manage network configuration using systemd-network.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.DHCP
Whether to enable DHCP on the interfaces matched.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.address
A list of addresses to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.addresses
A list of address sections to be added to the unit. See systemd.network(5) for details.
Type: list of submodules
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.addresses.*.addressConfig
Each attribute in this set specifies an option in the
[Address]
section of the unit. See
systemd.network(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
Address = "192.168.0.100/24";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.bond
A list of bond interfaces to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.bridge
A list of bridge interfaces to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.dhcpConfig
Each attribute in this set specifies an option in the
[DHCP]
section of the unit. See
systemd.network(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
UseDNS = true; UseRoutes = true;
}
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.dhcpServerConfig
Each attribute in this set specifies an option in the
[DHCPServer]
section of the unit. See
systemd.network(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
EmitDNS = false; PoolOffset = 50;
}
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.dns
A list of dns servers to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.domains
A list of domains to pass to the network config.
Type: null or list of strings
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.extraConfig
Extra configuration append to unit
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.gateway
A list of gateways to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.linkConfig
Each attribute in this set specifies an option in the
[Link]
section of the unit. See
systemd.network(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
Unmanaged = true;
}
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.macvlan
A list of macvlan interfaces to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.matchConfig
Each attribute in this set specifies an option in the
[Match]
section of the unit. See
systemd.link(5)
systemd.netdev(5)
systemd.network(5)
for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
Name = "eth0";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.name
The name of the network interface to match against.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.networkConfig
Each attribute in this set specifies an option in the
[Network]
section of the unit. See
systemd.network(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
Description = "My Network";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.ntp
A list of ntp servers to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.routes
A list of route sections to be added to the unit. See systemd.network(5) for details.
Type: list of submodules
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.routes.*.routeConfig
Each attribute in this set specifies an option in the
[Route]
section of the unit. See
systemd.network(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
Gateway = "192.168.0.1";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.tunnel
A list of tunnel interfaces to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.vlan
A list of vlan interfaces to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.vrf
A list of vrf interfaces to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.vxlan
A list of vxlan interfaces to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.units
Definition of networkd units.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.units.<name>.enable
If set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0
) from being
started. Note that enable=true
does not
make a unit start by default at boot; if you want that, see
wantedBy
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.units.<name>.aliases
Aliases of that unit.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.units.<name>.requiredBy
Units that require (i.e. depend on and need to go down with)
this unit. The discussion under wantedBy
applies here as well: inverse .requires
symlinks are established.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.units.<name>.text
Text of this systemd unit.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.units.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way
to make a unit start by default at boot is to set this option
to [ "multi-user.target" ]
. That's despite
the fact that the systemd.unit(5) manpage says this option
goes in the [Install]
section that controls
the behaviour of systemctl enable
. Since
such a process is stateful and thus contrary to the design of
NixOS, setting this option instead causes the equivalent
inverse .wants
symlink to be present,
establishing the same desired relationship in a stateless way.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.nspawn
Definition of systemd-nspawn configurations.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd-nspawn.nix>
|
systemd.nspawn.<name>.enable
If set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0
) from being
started. Note that enable=true
does not
make a unit start by default at boot; if you want that, see
wantedBy
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd-nspawn.nix>
|
systemd.nspawn.<name>.aliases
Aliases of that unit.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd-nspawn.nix>
|
systemd.nspawn.<name>.execConfig
Each attribute in this set specifies an option in the
[Exec]
section of this unit. See
systemd.nspawn(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
Parameters = "/bin/sh";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd-nspawn.nix>
|
systemd.nspawn.<name>.filesConfig
Each attribute in this set specifies an option in the
[Files]
section of this unit. See
systemd.nspawn(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
Bind =
[
"/home/alice"
]
;
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd-nspawn.nix>
|
systemd.nspawn.<name>.networkConfig
Each attribute in this set specifies an option in the
[Network]
section of this unit. See
systemd.nspawn(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
Private = false;
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd-nspawn.nix>
|
systemd.nspawn.<name>.requiredBy
Units that require (i.e. depend on and need to go down with)
this unit. The discussion under wantedBy
applies here as well: inverse .requires
symlinks are established.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd-nspawn.nix>
|
systemd.nspawn.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way
to make a unit start by default at boot is to set this option
to [ "multi-user.target" ]
. That's despite
the fact that the systemd.unit(5) manpage says this option
goes in the [Install]
section that controls
the behaviour of systemctl enable
. Since
such a process is stateful and thus contrary to the design of
NixOS, setting this option instead causes the equivalent
inverse .wants
symlink to be present,
establishing the same desired relationship in a stateless way.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd-nspawn.nix>
|
systemd.paths
Definition of systemd path units.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.enable
If set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0
) from being
started. Note that enable=true
does not
make a unit start by default at boot; if you want that, see
wantedBy
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.aliases
Aliases of that unit.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.pathConfig
Each attribute in this set specifies an option in the
[Path]
section of the unit. See
systemd.path(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
PathChanged = "/some/path"; Unit = "changedpath.service";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.requiredBy
Units that require (i.e. depend on and need to go down with)
this unit. The discussion under wantedBy
applies here as well: inverse .requires
symlinks are established.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.unitConfig
Each attribute in this set specifies an option in the
[Unit]
section of the unit. See
systemd.unit(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
RequiresMountsFor = "/data";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way
to make a unit start by default at boot is to set this option
to [ "multi-user.target" ]
. That's despite
the fact that the systemd.unit(5) manpage says this option
goes in the [Install]
section that controls
the behaviour of systemctl enable
. Since
such a process is stateful and thus contrary to the design of
NixOS, setting this option instead causes the equivalent
inverse .wants
symlink to be present,
establishing the same desired relationship in a stateless way.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.wants
Start the specified units when this unit is started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services
Definition of systemd service units.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/testing/service-runner.nix>
|
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.enable
If set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0
) from being
started. Note that enable=true
does not
make a unit start by default at boot; if you want that, see
wantedBy
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.aliases
Aliases of that unit.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.environment
Environment variables passed to the service's processes.
Type: attribute set of null or string or path or packages
Default:
{
}
Example:
{
LANG = "nl_NL.UTF-8"; PATH = "/foo/bar/bin";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.path
Packages added to the service's PATH
environment variable. Both the bin
and sbin
subdirectories of each
package are added.
Type: unspecified
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.postStart
Shell commands executed after the service's main process is started.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.postStop
Shell commands executed after the service's main process has exited.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.preStart
Shell commands executed before the service's main process is started.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.preStop
Shell commands executed to stop the service.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.reload
Shell commands executed when the service's main process is reloaded.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.reloadIfChanged
Whether the service should be reloaded during a NixOS
configuration switch if its definition has changed. If
enabled, the value of restartIfChanged
is
ignored.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.requiredBy
Units that require (i.e. depend on and need to go down with)
this unit. The discussion under wantedBy
applies here as well: inverse .requires
symlinks are established.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.restartIfChanged
Whether the service should be restarted during a NixOS configuration switch if its definition has changed.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.script
Shell commands executed as the service's main process.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.scriptArgs
Arguments passed to the main process script.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.serviceConfig
Each attribute in this set specifies an option in the
[Service]
section of the unit. See
systemd.service(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
RestartSec = 5; StartLimitInterval = 10;
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.startAt
Automatically start this unit at the given date/time, which
must be in the format described in
systemd.time(7). This is equivalent
to adding a corresponding timer unit with
OnCalendar
set to the value given here.
Type: string or list of strings
Default:
[
]
Example:
"Sun 14:00:00"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.stopIfChanged
If set, a changed unit is restarted by calling
systemctl stop in the old configuration,
then systemctl start in the new one.
Otherwise, it is restarted in a single step using
systemctl restart in the new configuration.
The latter is less correct because it runs the
ExecStop
commands from the new
configuration.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.unitConfig
Each attribute in this set specifies an option in the
[Unit]
section of the unit. See
systemd.unit(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
RequiresMountsFor = "/data";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way
to make a unit start by default at boot is to set this option
to [ "multi-user.target" ]
. That's despite
the fact that the systemd.unit(5) manpage says this option
goes in the [Install]
section that controls
the behaviour of systemctl enable
. Since
such a process is stateful and thus contrary to the design of
NixOS, setting this option instead causes the equivalent
inverse .wants
symlink to be present,
establishing the same desired relationship in a stateless way.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.wants
Start the specified units when this unit is started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices
Definition of slice configurations.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.enable
If set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0
) from being
started. Note that enable=true
does not
make a unit start by default at boot; if you want that, see
wantedBy
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.aliases
Aliases of that unit.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.requiredBy
Units that require (i.e. depend on and need to go down with)
this unit. The discussion under wantedBy
applies here as well: inverse .requires
symlinks are established.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.sliceConfig
Each attribute in this set specifies an option in the
[Slice]
section of the unit. See
systemd.slice(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
MemoryMax = "2G";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.unitConfig
Each attribute in this set specifies an option in the
[Unit]
section of the unit. See
systemd.unit(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
RequiresMountsFor = "/data";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way
to make a unit start by default at boot is to set this option
to [ "multi-user.target" ]
. That's despite
the fact that the systemd.unit(5) manpage says this option
goes in the [Install]
section that controls
the behaviour of systemctl enable
. Since
such a process is stateful and thus contrary to the design of
NixOS, setting this option instead causes the equivalent
inverse .wants
symlink to be present,
establishing the same desired relationship in a stateless way.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.wants
Start the specified units when this unit is started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets
Definition of systemd socket units.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.enable
If set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0
) from being
started. Note that enable=true
does not
make a unit start by default at boot; if you want that, see
wantedBy
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.aliases
Aliases of that unit.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.listenStreams
For each item in this list, a ListenStream
option in the [Socket]
section will be created.
Type: list of strings
Default:
[
]
Example:
[
"0.0.0.0:993" "/run/my-socket"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.requiredBy
Units that require (i.e. depend on and need to go down with)
this unit. The discussion under wantedBy
applies here as well: inverse .requires
symlinks are established.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.socketConfig
Each attribute in this set specifies an option in the
[Socket]
section of the unit. See
systemd.socket(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
ListenStream = "/run/my-socket";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.unitConfig
Each attribute in this set specifies an option in the
[Unit]
section of the unit. See
systemd.unit(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
RequiresMountsFor = "/data";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way
to make a unit start by default at boot is to set this option
to [ "multi-user.target" ]
. That's despite
the fact that the systemd.unit(5) manpage says this option
goes in the [Install]
section that controls
the behaviour of systemctl enable
. Since
such a process is stateful and thus contrary to the design of
NixOS, setting this option instead causes the equivalent
inverse .wants
symlink to be present,
establishing the same desired relationship in a stateless way.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.wants
Start the specified units when this unit is started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets
Definition of systemd target units.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.enable
If set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0
) from being
started. Note that enable=true
does not
make a unit start by default at boot; if you want that, see
wantedBy
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.aliases
Aliases of that unit.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.requiredBy
Units that require (i.e. depend on and need to go down with)
this unit. The discussion under wantedBy
applies here as well: inverse .requires
symlinks are established.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.unitConfig
Each attribute in this set specifies an option in the
[Unit]
section of the unit. See
systemd.unit(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
RequiresMountsFor = "/data";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way
to make a unit start by default at boot is to set this option
to [ "multi-user.target" ]
. That's despite
the fact that the systemd.unit(5) manpage says this option
goes in the [Install]
section that controls
the behaviour of systemctl enable
. Since
such a process is stateful and thus contrary to the design of
NixOS, setting this option instead causes the equivalent
inverse .wants
symlink to be present,
establishing the same desired relationship in a stateless way.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.wants
Start the specified units when this unit is started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers
Definition of systemd timer units.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.enable
If set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0
) from being
started. Note that enable=true
does not
make a unit start by default at boot; if you want that, see
wantedBy
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.aliases
Aliases of that unit.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.requiredBy
Units that require (i.e. depend on and need to go down with)
this unit. The discussion under wantedBy
applies here as well: inverse .requires
symlinks are established.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.timerConfig
Each attribute in this set specifies an option in the
[Timer]
section of the unit. See
systemd.timer(5) and
systemd.time(7) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
OnCalendar = "Sun 14:00:00"; Unit = "foo.service";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.unitConfig
Each attribute in this set specifies an option in the
[Unit]
section of the unit. See
systemd.unit(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
RequiresMountsFor = "/data";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way
to make a unit start by default at boot is to set this option
to [ "multi-user.target" ]
. That's despite
the fact that the systemd.unit(5) manpage says this option
goes in the [Install]
section that controls
the behaviour of systemctl enable
. Since
such a process is stateful and thus contrary to the design of
NixOS, setting this option instead causes the equivalent
inverse .wants
symlink to be present,
establishing the same desired relationship in a stateless way.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.wants
Start the specified units when this unit is started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.tmpfiles.rules
Rules for creating and cleaning up temporary files automatically. See tmpfiles.d(5) for the exact format.
Type: list of strings
Default:
[
]
Example:
[
"d /tmp 1777 root root 10d"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.units
Definition of systemd units.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.units.<name>.enable
If set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0
) from being
started. Note that enable=true
does not
make a unit start by default at boot; if you want that, see
wantedBy
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.units.<name>.aliases
Aliases of that unit.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.units.<name>.requiredBy
Units that require (i.e. depend on and need to go down with)
this unit. The discussion under wantedBy
applies here as well: inverse .requires
symlinks are established.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.units.<name>.text
Text of this systemd unit.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.units.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way
to make a unit start by default at boot is to set this option
to [ "multi-user.target" ]
. That's despite
the fact that the systemd.unit(5) manpage says this option
goes in the [Install]
section that controls
the behaviour of systemctl enable
. Since
such a process is stateful and thus contrary to the design of
NixOS, setting this option instead causes the equivalent
inverse .wants
symlink to be present,
establishing the same desired relationship in a stateless way.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.extraConfig
Extra config options for systemd user instances. See man systemd-user.conf for available options.
Type: string
Default:
""
Example:
"DefaultCPUAccounting=yes"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.paths
Definition of systemd per-user path units.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.paths.<name>.enable
If set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0
) from being
started. Note that enable=true
does not
make a unit start by default at boot; if you want that, see
wantedBy
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.paths.<name>.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.paths.<name>.aliases
Aliases of that unit.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.paths.<name>.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.paths.<name>.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.paths.<name>.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.paths.<name>.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.paths.<name>.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.paths.<name>.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.paths.<name>.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.paths.<name>.pathConfig
Each attribute in this set specifies an option in the
[Path]
section of the unit. See
systemd.path(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
PathChanged = "/some/path"; Unit = "changedpath.service";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.paths.<name>.requiredBy
Units that require (i.e. depend on and need to go down with)
this unit. The discussion under wantedBy
applies here as well: inverse .requires
symlinks are established.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.paths.<name>.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.paths.<name>.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.paths.<name>.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.paths.<name>.unitConfig
Each attribute in this set specifies an option in the
[Unit]
section of the unit. See
systemd.unit(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
RequiresMountsFor = "/data";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.paths.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way
to make a unit start by default at boot is to set this option
to [ "multi-user.target" ]
. That's despite
the fact that the systemd.unit(5) manpage says this option
goes in the [Install]
section that controls
the behaviour of systemctl enable
. Since
such a process is stateful and thus contrary to the design of
NixOS, setting this option instead causes the equivalent
inverse .wants
symlink to be present,
establishing the same desired relationship in a stateless way.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.paths.<name>.wants
Start the specified units when this unit is started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services
Definition of systemd per-user service units.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.enable
If set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0
) from being
started. Note that enable=true
does not
make a unit start by default at boot; if you want that, see
wantedBy
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.aliases
Aliases of that unit.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.environment
Environment variables passed to the service's processes.
Type: attribute set of null or string or path or packages
Default:
{
}
Example:
{
LANG = "nl_NL.UTF-8"; PATH = "/foo/bar/bin";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.path
Packages added to the service's PATH
environment variable. Both the bin
and sbin
subdirectories of each
package are added.
Type: unspecified
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.postStart
Shell commands executed after the service's main process is started.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.postStop
Shell commands executed after the service's main process has exited.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.preStart
Shell commands executed before the service's main process is started.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.preStop
Shell commands executed to stop the service.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.reload
Shell commands executed when the service's main process is reloaded.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.reloadIfChanged
Whether the service should be reloaded during a NixOS
configuration switch if its definition has changed. If
enabled, the value of restartIfChanged
is
ignored.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.requiredBy
Units that require (i.e. depend on and need to go down with)
this unit. The discussion under wantedBy
applies here as well: inverse .requires
symlinks are established.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.restartIfChanged
Whether the service should be restarted during a NixOS configuration switch if its definition has changed.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.script
Shell commands executed as the service's main process.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.scriptArgs
Arguments passed to the main process script.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.serviceConfig
Each attribute in this set specifies an option in the
[Service]
section of the unit. See
systemd.service(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
RestartSec = 5; StartLimitInterval = 10;
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.startAt
Automatically start this unit at the given date/time, which
must be in the format described in
systemd.time(7). This is equivalent
to adding a corresponding timer unit with
OnCalendar
set to the value given here.
Type: string or list of strings
Default:
[
]
Example:
"Sun 14:00:00"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.stopIfChanged
If set, a changed unit is restarted by calling
systemctl stop in the old configuration,
then systemctl start in the new one.
Otherwise, it is restarted in a single step using
systemctl restart in the new configuration.
The latter is less correct because it runs the
ExecStop
commands from the new
configuration.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.unitConfig
Each attribute in this set specifies an option in the
[Unit]
section of the unit. See
systemd.unit(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
RequiresMountsFor = "/data";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way
to make a unit start by default at boot is to set this option
to [ "multi-user.target" ]
. That's despite
the fact that the systemd.unit(5) manpage says this option
goes in the [Install]
section that controls
the behaviour of systemctl enable
. Since
such a process is stateful and thus contrary to the design of
NixOS, setting this option instead causes the equivalent
inverse .wants
symlink to be present,
establishing the same desired relationship in a stateless way.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.services.<name>.wants
Start the specified units when this unit is started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.slices
Definition of systemd per-user slice units.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.slices.<name>.enable
If set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0
) from being
started. Note that enable=true
does not
make a unit start by default at boot; if you want that, see
wantedBy
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.slices.<name>.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.slices.<name>.aliases
Aliases of that unit.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.slices.<name>.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.slices.<name>.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.slices.<name>.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.slices.<name>.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.slices.<name>.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.slices.<name>.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.slices.<name>.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.slices.<name>.requiredBy
Units that require (i.e. depend on and need to go down with)
this unit. The discussion under wantedBy
applies here as well: inverse .requires
symlinks are established.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.slices.<name>.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.slices.<name>.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.slices.<name>.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.slices.<name>.sliceConfig
Each attribute in this set specifies an option in the
[Slice]
section of the unit. See
systemd.slice(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
MemoryMax = "2G";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.slices.<name>.unitConfig
Each attribute in this set specifies an option in the
[Unit]
section of the unit. See
systemd.unit(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
RequiresMountsFor = "/data";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.slices.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way
to make a unit start by default at boot is to set this option
to [ "multi-user.target" ]
. That's despite
the fact that the systemd.unit(5) manpage says this option
goes in the [Install]
section that controls
the behaviour of systemctl enable
. Since
such a process is stateful and thus contrary to the design of
NixOS, setting this option instead causes the equivalent
inverse .wants
symlink to be present,
establishing the same desired relationship in a stateless way.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.slices.<name>.wants
Start the specified units when this unit is started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.sockets
Definition of systemd per-user socket units.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.sockets.<name>.enable
If set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0
) from being
started. Note that enable=true
does not
make a unit start by default at boot; if you want that, see
wantedBy
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.sockets.<name>.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.sockets.<name>.aliases
Aliases of that unit.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.sockets.<name>.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.sockets.<name>.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.sockets.<name>.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.sockets.<name>.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.sockets.<name>.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.sockets.<name>.listenStreams
For each item in this list, a ListenStream
option in the [Socket]
section will be created.
Type: list of strings
Default:
[
]
Example:
[
"0.0.0.0:993" "/run/my-socket"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.sockets.<name>.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.sockets.<name>.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.sockets.<name>.requiredBy
Units that require (i.e. depend on and need to go down with)
this unit. The discussion under wantedBy
applies here as well: inverse .requires
symlinks are established.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.sockets.<name>.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.sockets.<name>.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.sockets.<name>.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.sockets.<name>.socketConfig
Each attribute in this set specifies an option in the
[Socket]
section of the unit. See
systemd.socket(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
ListenStream = "/run/my-socket";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.sockets.<name>.unitConfig
Each attribute in this set specifies an option in the
[Unit]
section of the unit. See
systemd.unit(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
RequiresMountsFor = "/data";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.sockets.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way
to make a unit start by default at boot is to set this option
to [ "multi-user.target" ]
. That's despite
the fact that the systemd.unit(5) manpage says this option
goes in the [Install]
section that controls
the behaviour of systemctl enable
. Since
such a process is stateful and thus contrary to the design of
NixOS, setting this option instead causes the equivalent
inverse .wants
symlink to be present,
establishing the same desired relationship in a stateless way.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.sockets.<name>.wants
Start the specified units when this unit is started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.targets
Definition of systemd per-user target units.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.targets.<name>.enable
If set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0
) from being
started. Note that enable=true
does not
make a unit start by default at boot; if you want that, see
wantedBy
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.targets.<name>.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.targets.<name>.aliases
Aliases of that unit.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.targets.<name>.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.targets.<name>.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.targets.<name>.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.targets.<name>.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.targets.<name>.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.targets.<name>.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.targets.<name>.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.targets.<name>.requiredBy
Units that require (i.e. depend on and need to go down with)
this unit. The discussion under wantedBy
applies here as well: inverse .requires
symlinks are established.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.targets.<name>.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.targets.<name>.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.targets.<name>.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.targets.<name>.unitConfig
Each attribute in this set specifies an option in the
[Unit]
section of the unit. See
systemd.unit(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
RequiresMountsFor = "/data";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.targets.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way
to make a unit start by default at boot is to set this option
to [ "multi-user.target" ]
. That's despite
the fact that the systemd.unit(5) manpage says this option
goes in the [Install]
section that controls
the behaviour of systemctl enable
. Since
such a process is stateful and thus contrary to the design of
NixOS, setting this option instead causes the equivalent
inverse .wants
symlink to be present,
establishing the same desired relationship in a stateless way.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.targets.<name>.wants
Start the specified units when this unit is started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.timers
Definition of systemd per-user timer units.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.timers.<name>.enable
If set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0
) from being
started. Note that enable=true
does not
make a unit start by default at boot; if you want that, see
wantedBy
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.timers.<name>.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.timers.<name>.aliases
Aliases of that unit.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.timers.<name>.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.timers.<name>.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.timers.<name>.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.timers.<name>.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.timers.<name>.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.timers.<name>.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.timers.<name>.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.timers.<name>.requiredBy
Units that require (i.e. depend on and need to go down with)
this unit. The discussion under wantedBy
applies here as well: inverse .requires
symlinks are established.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.timers.<name>.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.timers.<name>.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.timers.<name>.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.timers.<name>.timerConfig
Each attribute in this set specifies an option in the
[Timer]
section of the unit. See
systemd.timer(5) and
systemd.time(7) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
OnCalendar = "Sun 14:00:00"; Unit = "foo.service";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.timers.<name>.unitConfig
Each attribute in this set specifies an option in the
[Unit]
section of the unit. See
systemd.unit(5) for details.
Type: attribute set of systemd options
Default:
{
}
Example:
{
RequiresMountsFor = "/data";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.timers.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way
to make a unit start by default at boot is to set this option
to [ "multi-user.target" ]
. That's despite
the fact that the systemd.unit(5) manpage says this option
goes in the [Install]
section that controls
the behaviour of systemctl enable
. Since
such a process is stateful and thus contrary to the design of
NixOS, setting this option instead causes the equivalent
inverse .wants
symlink to be present,
establishing the same desired relationship in a stateless way.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.timers.<name>.wants
Start the specified units when this unit is started.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.units
Definition of systemd per-user units.
Type: attribute set of submodules
Default:
{
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.units.<name>.enable
If set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0
) from being
started. Note that enable=true
does not
make a unit start by default at boot; if you want that, see
wantedBy
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.units.<name>.aliases
Aliases of that unit.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.units.<name>.requiredBy
Units that require (i.e. depend on and need to go down with)
this unit. The discussion under wantedBy
applies here as well: inverse .requires
symlinks are established.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.units.<name>.text
Text of this systemd unit.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.units.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way
to make a unit start by default at boot is to set this option
to [ "multi-user.target" ]
. That's despite
the fact that the systemd.unit(5) manpage says this option
goes in the [Install]
section that controls
the behaviour of systemctl enable
. Since
such a process is stateful and thus contrary to the design of
NixOS, setting this option instead causes the equivalent
inverse .wants
symlink to be present,
establishing the same desired relationship in a stateless way.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
time.hardwareClockInLocalTime
If set, keep the hardware clock in local time instead of UTC.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/timezone.nix>
|
time.timeZone
The time zone used when displaying times and dates. See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones for a comprehensive list of possible values for this setting.
If null, the timezone will default to UTC and can be set imperatively using timedatectl.
Type: null or string without spaces
Default:
null
Example:
"America/New_York"
Declared by:
<nixpkgs/nixos/modules/config/timezone.nix>
|
users.defaultUserShell
This option defines the default shell assigned to user accounts. This can be either a full system path or a shell package.
This must not be a store path, since the path is used outside the store (in particular in /etc/passwd).
Type: path or package
Example:
pkgs.zsh
Declared by:
<nixpkgs/nixos/modules/programs/shadow.nix>
|
users.enforceIdUniqueness
Whether to require that no two users/groups share the same uid/gid.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraGroups
Alias of users.groups
.
Type: unspecified
Declared by:
<nixpkgs/nixos/modules/rename.nix>
|
users.extraUsers
Alias of users.users
.
Type: unspecified
Declared by:
<nixpkgs/nixos/modules/rename.nix>
|
users.groups
Additional groups to be created automatically by the system.
Type: list or attribute set of submodules
Default:
{
}
Example:
{
hackers =
{
}
; students =
{
gid = 1001;
}
;
}
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.groups.<name?>.gid
The group GID. If the GID is null, a free GID is picked on activation.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.groups.<name?>.members
The user names of the group members, added to the
/etc/group
file.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.groups.<name?>.name
The name of the group. If undefined, the name of the attribute set will be used.
Type: string
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.ldap.enable
Whether to enable authentication against an LDAP server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.base
The distinguished name of the search base.
Type: unspecified
Example:
"dc=example,dc=org"
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.bind.distinguishedName
The distinguished name to bind to the LDAP server with. If this is not specified, an anonymous bind will be done.
Type: string
Default:
""
Example:
"cn=admin,dc=example,dc=com"
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.bind.password
The path to a file containing the credentials to use when binding to the LDAP server (if not binding anonymously).
Type: string
Default:
"/etc/ldap/bind.password"
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.bind.policy
Specifies the policy to use for reconnecting to an unavailable
LDAP server. The default is hard_open
, which
reconnects if opening the connection to the directory server
failed. By contrast, hard_init
reconnects if
initializing the connection failed. Initializing may not
actually contact the directory server, and it is possible that
a malformed configuration file will trigger reconnection. If
soft
is specified, then
nss_ldap
will return immediately on server
failure. All hard reconnect policies block with exponential
backoff before retrying.
Type: one of "hard_open", "hard_init", "soft"
Default:
"hard_open"
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.bind.timeLimit
Specifies the time limit (in seconds) to use when connecting
to the directory server. This is distinct from the time limit
specified in users.ldap.timeLimit
and affects
the initial server connection only.
Type: signed integer
Default:
30
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.daemon.enable
Whether to let the nslcd daemon (nss-pam-ldapd) handle the LDAP lookups for NSS and PAM. This can improve performance, and if you need to bind to the LDAP server with a password, it increases security, since only the nslcd user needs to have access to the bindpw file, not everyone that uses NSS and/or PAM. If this option is enabled, a local nscd user is created automatically, and the nslcd service is started automatically when the network get up.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.daemon.extraConfig
Extra configuration options that will be added verbatim at the end of the nslcd configuration file (nslcd.conf).
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.extraConfig
Extra configuration options that will be added verbatim at
the end of the ldap configuration file (ldap.conf).
If users.ldap.daemon
is enabled, this
configuration will not be used. In that case, use
users.ldap.daemon.extraConfig
instead.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.loginPam
Whether to include authentication against LDAP in login PAM
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.nsswitch
Whether to include lookup against LDAP in NSS
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.server
The URL of the LDAP server.
Type: unspecified
Example:
"ldap://ldap.example.org/"
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.timeLimit
Specifies the time limit (in seconds) to use when performing searches. A value of zero (0), which is the default, is to wait indefinitely for searches to be completed.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.useTLS
If enabled, use TLS (encryption) over an LDAP (port 389)
connection. The alternative is to specify an LDAPS server (port
636) in users.ldap.server
or to forego
security.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.motd
Message of the day shown to users when they log in.
Type: null or string
Default:
null
Example:
"Today is Sweetmorn, the 4th day of The Aftermath in the YOLD 3178."
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
users.mutableUsers
If set to true
, you are free to add new users and groups to the system
with the ordinary useradd
and
groupadd
commands. On system activation, the
existing contents of the /etc/passwd
and
/etc/group
files will be merged with the
contents generated from the users.users
and
users.groups
options.
The initial password for a user will be set
according to users.users
, but existing passwords
will not be changed.
If set to false
, the contents of the user and
group files will simply be replaced on system activation. This also
holds for the user passwords; all changed
passwords will be reset according to the
users.users
configuration on activation.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users
Additional user accounts to be created automatically by the system. This can also be used to set options for root.
Type: list or attribute set of submodules
Default:
{
}
Example:
{
alice =
{
createHome = true; description = "Alice Q. User"; extraGroups =
[
"wheel"
]
; group = "users"; home = "/home/alice"; shell = "/bin/sh"; uid = 1234;
}
;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name?>.packages
The set of packages that should be made availabe to the user.
This is in contrast to environment.systemPackages
,
which adds packages to all users.
Type: list of packages
Default:
[
]
Example:
[ pkgs.firefox pkgs.thunderbird ]
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name?>.createHome
If true, the home directory will be created automatically. If this option is true and the home directory already exists but is not owned by the user, directory owner and group will be changed to match the user.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name?>.cryptHomeLuks
Path to encrypted luks device that contains the user's home directory.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name?>.description
A short description of the user account, typically the
user's full name. This is actually the “GECOS” or “comment”
field in /etc/passwd
.
Type: string
Default:
""
Example:
"Alice Q. User"
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name?>.extraGroups
The user's auxiliary groups.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name?>.group
The user's primary group.
Type: string
Default:
"nogroup"
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name?>.hashedPassword
Specifies the hashed password for the user.
The options hashedPassword
,
password
and passwordFile
controls what password is set for the user.
hashedPassword
overrides both
password
and passwordFile
.
password
overrides passwordFile
.
If none of these three options are set, no password is assigned to
the user, and the user will not be able to do password logins.
If the option users.mutableUsers
is true, the
password defined in one of the three options will only be set when
the user is created for the first time. After that, you are free to
change the password with the ordinary user management commands. If
users.mutableUsers
is false, you cannot change
user passwords, they will always be set according to the password
options.
To generate hashed password install mkpasswd
package and run mkpasswd -m sha-512
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name?>.home
The user's home directory.
Type: path
Default:
"/var/empty"
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name?>.initialHashedPassword
Specifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist. If users.mutableUsers
is true, the
password can be changed subsequently using the
passwd command. Otherwise, it's
equivalent to setting the hashedPassword
option.
To generate hashed password install mkpasswd
package and run mkpasswd -m sha-512
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name?>.initialPassword
Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist. If
users.mutableUsers
is true, the password
can be changed subsequently using the
passwd command. Otherwise, it's
equivalent to setting the password
option. The same caveat applies: the password specified here
is world-readable in the Nix store, so it should only be
used for guest accounts or passwords that will be changed
promptly.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name?>.isNormalUser
Indicates whether this is an account for a “real” user. This
automatically sets group
to
users
, createHome
to
true
, home
to
/home/
,
username
useDefaultShell
to true
,
and isSystemUser
to
false
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name?>.isSystemUser
Indicates if the user is a system user or not. This option
only has an effect if uid
is
null
, in which case it determines whether
the user's UID is allocated in the range for system users
(below 500) or in the range for normal users (starting at
1000).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name?>.name
The name of the user account. If undefined, the name of the attribute set will be used.
Type: string
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name?>.openssh.authorizedKeys.keyFiles
A list of files each containing one OpenSSH public key that should be
added to the user's authorized keys. The contents of the files are
read at build time and added to a file that the SSH daemon reads in
addition to the the user's authorized_keys file. You can combine the
keyFiles
and keys
options.
Type: list of paths
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
users.users.<name?>.openssh.authorizedKeys.keys
A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys. The keys are added to a file that the SSH
daemon reads in addition to the the user's authorized_keys file.
You can combine the keys
and
keyFiles
options.
Warning: If you are using NixOps
then don't use this
option since it will replace the key required for deployment via ssh.
Type: list of strings
Default:
[
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
users.users.<name?>.password
Specifies the (clear text) password for the user.
Warning: do not set confidential information here
because it is world-readable in the Nix store. This option
should only be used for public accounts.
The options hashedPassword
,
password
and passwordFile
controls what password is set for the user.
hashedPassword
overrides both
password
and passwordFile
.
password
overrides passwordFile
.
If none of these three options are set, no password is assigned to
the user, and the user will not be able to do password logins.
If the option users.mutableUsers
is true, the
password defined in one of the three options will only be set when
the user is created for the first time. After that, you are free to
change the password with the ordinary user management commands. If
users.mutableUsers
is false, you cannot change
user passwords, they will always be set according to the password
options.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name?>.passwordFile
The full path to a file that contains the user's password. The password
file is read on each system activation. The file should contain
exactly one line, which should be the password in an encrypted form
that is suitable for the chpasswd -e
command.
The options hashedPassword
,
password
and passwordFile
controls what password is set for the user.
hashedPassword
overrides both
password
and passwordFile
.
password
overrides passwordFile
.
If none of these three options are set, no password is assigned to
the user, and the user will not be able to do password logins.
If the option users.mutableUsers
is true, the
password defined in one of the three options will only be set when
the user is created for the first time. After that, you are free to
change the password with the ordinary user management commands. If
users.mutableUsers
is false, you cannot change
user passwords, they will always be set according to the password
options.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name?>.shell
The path to the user's shell. Can use shell derivations,
like pkgs.bashInteractive
. Don’t
forget to enable your shell in
programs
if necessary,
like programs.zsh.enable = true;
.
Type: package or path
Default:
"pkgs.shadow"
Example:
pkgs.bashInteractive
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name?>.subGidRanges
Subordinate group ids that user is allowed to use.
They are set into /etc/subgid
and are used
by newgidmap
for user namespaces.
Type: list of submodules
Default:
[
]
Example:
[
{
count = 1; startGid = 100;
}
{
count = 999; startGid = 1001;
}
]
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name?>.subGidRanges.*.count
Count of subordinate group ids
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name?>.subGidRanges.*.startGid
Start of the range of subordinate group ids that user is allowed to use.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name?>.subUidRanges
Subordinate user ids that user is allowed to use.
They are set into /etc/subuid
and are used
by newuidmap
for user namespaces.
Type: list of submodules
Default:
[
]
Example:
[
{
count = 1; startUid = 1000;
}
{
count = 65534; startUid = 100001;
}
]
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name?>.subUidRanges.*.count
Count of subordinate user ids
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name?>.subUidRanges.*.startUid
Start of the range of subordinate user ids that user is allowed to use.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name?>.uid
The account UID. If the UID is null, a free UID is picked on activation.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name?>.useDefaultShell
If true, the user's shell will be set to
users.defaultUserShell
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
virtualisation.docker.enable
This option enables docker, a daemon that manages linux containers. Users in the "docker" group can interact with the daemon (e.g. to start or stop containers) using the docker command line tool.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
|
virtualisation.docker.enableOnBoot
When enabled dockerd is started on boot. This is required for
container, which are created with the
--restart=always
flag, to work. If this option is
disabled, docker might be started on demand by socket activation.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
|
virtualisation.docker.package
Docker package to be used in the module.
Type: package
Default:
(build of docker-18.06.1-ce)
Example:
(build of )
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
|
virtualisation.docker.autoPrune.enable
Whether to periodically prune Docker resources. If enabled, a
systemd timer will run docker system prune -f
as specified by the dates
option.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
|
virtualisation.docker.autoPrune.dates
Specification (in the format described by systemd.time(7)) of the time at which the prune will occur.
Type: string
Default:
"weekly"
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
|
virtualisation.docker.autoPrune.flags
Any additional flags passed to docker system prune.
Type: list of strings
Default:
[
]
Example:
[
"--all"
]
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
|
virtualisation.docker.extraOptions
The extra command-line options to pass to docker daemon.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
|
virtualisation.docker.listenOptions
A list of unix and tcp docker should listen to. The format follows ListenStream as described in systemd.socket(5).
Type: list of strings
Default:
[
"/var/run/docker.sock"
]
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
|
virtualisation.docker.liveRestore
Allow dockerd to be restarted without affecting running container. This option is incompatible with docker swarm.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
|
virtualisation.docker.logDriver
This option determines which Docker log driver to use.
Type: one of "none", "json-file", "syslog", "journald", "gelf", "fluentd", "awslogs", "splunk", "etwlogs", "gcplogs"
Default:
"journald"
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
|
virtualisation.docker.storageDriver
This option determines which Docker storage driver to use. By default it let's docker automatically choose preferred storage driver.
Type: null or one of "aufs", "btrfs", "devicemapper", "overlay", "overlay2", "zfs"
Default:
null
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
|
virtualisation.hypervGuest.enable
Whether to enable Hyper-V Guest Support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/virtualisation/hyperv-guest.nix>
|
virtualisation.hypervGuest.videoMode
Resolution at which to initialize the video adapter.
Supports screen resolution up to Full HD 1920x1080 with 32 bit color on Windows Server 2012, and 1600x1200 with 16 bit color on Windows Server 2008 R2 or earlier.
Type: string
Default:
"1152x864"
Example:
"1024x768"
Declared by:
<nixpkgs/nixos/modules/virtualisation/hyperv-guest.nix>
|
virtualisation.kvmgt.enable
Whether to enable KVMGT (iGVT-g) VGPU support. Allows Qemu/KVM guests to share host's Intel integrated graphics card. Currently only one graphical device can be shared .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/virtualisation/kvmgt.nix>
|
virtualisation.kvmgt.device
PCI ID of graphics card. You can figure it with ls /sys/class/mdev_bus.
Type: string
Default:
"0000:00:02.0"
Declared by:
<nixpkgs/nixos/modules/virtualisation/kvmgt.nix>
|
virtualisation.kvmgt.vgpus
Virtual GPUs to be used in Qemu. You can find devices via ls /sys/bus/pci/devices/*/mdev_supported_types and find info about device via cat /sys/bus/pci/devices/*/mdev_supported_types/i915-GVTg_V5_4/description
Type: attribute set of submodules
Default:
{
}
Example:
{
i915-GVTg_V5_8 =
{
uuid = "a297db4a-f4c2-11e6-90f6-d3b88d6c9525";
}
;
}
Declared by:
<nixpkgs/nixos/modules/virtualisation/kvmgt.nix>
|
virtualisation.kvmgt.vgpus.<name>.uuid
UUID of VGPU device. You can generate one with libossp_uuid.
Type: string
Declared by:
<nixpkgs/nixos/modules/virtualisation/kvmgt.nix>
|
virtualisation.libvirtd.enable
This option enables libvirtd, a daemon that manages virtual machines. Users in the "libvirtd" group can interact with the daemon (e.g. to start or stop VMs) using the virsh command line tool, among others.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.extraConfig
Extra contents appended to the libvirtd configuration file, libvirtd.conf.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.extraOptions
Extra command line arguments passed to libvirtd on startup.
Type: list of strings
Default:
[
]
Example:
[
"--verbose"
]
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.onShutdown
When shutting down / restarting the host what method should be used to gracefully halt the guests. Setting to "shutdown" will cause an ACPI shutdown of each guest. "suspend" will attempt to save the state of the guests ready to restore on boot.
Type: one of "shutdown", "suspend"
Default:
"suspend"
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.qemuOvmf
Allows libvirtd to take advantage of OVMF when creating new QEMU VMs with UEFI boot.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.qemuPackage
Qemu package to use with libvirt. `pkgs.qemu` can emulate alien architectures (e.g. aarch64 on x86) `pkgs.qemu_kvm` saves disk space allowing to emulate only host architectures.
Type: package
Default:
(build of qemu-3.0.0)
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.qemuRunAsRoot
If true, libvirtd runs qemu as root. If false, libvirtd runs qemu as unprivileged user qemu-libvirtd. Changing this option to false may cause file permission issues for existing guests. To fix these, manually change ownership of affected files in /var/lib/libvirt/qemu to qemu-libvirtd.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.qemuVerbatimConfig
Contents written to the qemu configuration file, qemu.conf. Make sure to include a proper namespace configuration when supplying custom configuration.
Type: string
Default:
'' namespaces = [] ''
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.lxc.enable
This enables Linux Containers (LXC), which provides tools for creating and managing system or application containers on Linux.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxc.nix>
|
virtualisation.lxc.defaultConfig
Default config (default.conf) for new containers, i.e. for network config. See lxc.container.conf (5).
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxc.nix>
|
virtualisation.lxc.lxcfs.enable
This enables LXCFS, a FUSE filesystem for LXC.
To use lxcfs in include the following configuration in your
container configuration:
virtualisation.lxc.defaultConfig = "lxc.include = ${pkgs.lxcfs}/share/lxc/config/common.conf.d/00-lxcfs.conf";
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxcfs.nix>
|
virtualisation.lxc.systemConfig
This is the system-wide LXC config. See lxc.system.conf(5).
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxc.nix>
|
virtualisation.lxc.usernetConfig
This is the config file for managing unprivileged user network administration access in LXC. See lxc-user-net(5).
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxc.nix>
|
virtualisation.lxd.enable
This option enables lxd, a daemon that manages containers. Users in the "lxd" group can interact with the daemon (e.g. to start or stop containers) using the lxc command line tool, among others.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxd.nix>
|
virtualisation.lxd.zfsSupport
enables lxd to use zfs as a storage for containers. This option is enabled by default if a zfs pool is configured with nixos.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxd.nix>
|
virtualisation.rkt.enable
Whether to enable rkt metadata service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/virtualisation/rkt.nix>
|
virtualisation.rkt.gc.automatic
Automatically run the garbage collector at a specific time.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/virtualisation/rkt.nix>
|
virtualisation.rkt.gc.dates
Specification (in the format described by systemd.time(7)) of the time at which the garbage collector will run.
Type: string
Default:
"03:15"
Declared by:
<nixpkgs/nixos/modules/virtualisation/rkt.nix>
|
virtualisation.rkt.gc.options
Options given to rkt gc
when the
garbage collector is run automatically.
Type: string
Default:
"--grace-period=24h"
Declared by:
<nixpkgs/nixos/modules/virtualisation/rkt.nix>
|
virtualisation.virtualbox.guest.enable
Whether to enable the VirtualBox service and other guest additions.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>
|
virtualisation.virtualbox.guest.x11
Whether to enable x11 graphics
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>
|
virtualisation.virtualbox.host.enable
Whether to enable VirtualBox.
In order to pass USB devices from the host to the guests, the user
needs to be in the vboxusers
group.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix>
|
virtualisation.virtualbox.host.enableExtensionPack
Whether to install the Oracle Extension Pack for VirtualBox.
You must set nixpkgs.config.allowUnfree = true
in
order to use this. This requires you accept the VirtualBox PUEL.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix>
|
virtualisation.virtualbox.host.enableHardening
Enable hardened VirtualBox, which ensures that only the binaries in the system path get access to the devices exposed by the kernel modules instead of all users in the vboxusers group.
Disabling this can put your system's security at risk, as local users in the vboxusers group can tamper with the VirtualBox device files.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix>
|
virtualisation.virtualbox.host.package
Which VirtualBox package to use.
Type: package
Default:
"pkgs.virtualbox"
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix>
|
virtualisation.virtualbox.host.addNetworkInterface
Automatically set up a vboxnet0 host-only network interface.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix>
|
virtualisation.virtualbox.host.headless
Use VirtualBox installation without GUI and Qt dependency. Useful to enable on servers and when virtual machines are controlled only via SSH.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix>
|
virtualisation.vswitch.enable
Whether to enable Open vSwitch. A configuration daemon (ovs-server) will be started.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/openvswitch.nix>
|
virtualisation.vswitch.package
Open vSwitch package to use.
Type: package
Default:
"pkgs.openvswitch"
Declared by:
<nixpkgs/nixos/modules/virtualisation/openvswitch.nix>
|
virtualisation.vswitch.ipsec
Whether to start racoon service for openvswitch.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/openvswitch.nix>
|
virtualisation.vswitch.resetOnStart
Whether to reset the Open vSwitch configuration database to a default
configuration on every start of the systemd ovsdb.service
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/openvswitch.nix>
|
virtualisation.xen.enable
Setting this option enables the Xen hypervisor, a virtualisation technology that allows multiple virtual machines, known as domains, to run concurrently on the physical machine. NixOS runs as the privileged Domain 0. This option requires a reboot to take effect.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
|
virtualisation.xen.package
The package used for Xen binary.
Type: package
Default:
"pkgs.xen"
Example:
pkgs.xen-light
Related packages:
pkgs.xen (xen-4.8.3)
: Xen hypervisor and related components (vanilla).
Vanilla version of Xen. Uses forks of Qemu and Seabios bundled with Xen. This gives vanilla experince, but wastes space and build time: typical NixOS setup that runs lots of VMs will build three different versions of Qemu when using this (two forks and upstream). Includes: * firmware/etherboot/ipxe.git: Xen's fork of iPXE. * firmware/seabios-dir-remote: Xen's fork of Seabios. * qemu-xen: Xen's fork of upstream Qemu. * qemu-xen-traditional: Xen's fork of upstream Qemu that uses old device model. * xen-libhvm-dir-remote: Helper library for reading ACPI and SMBIOS firmware values from the host system for use with the HVM guest firmware pass-through feature in Xen.
pkgs.xen-light (xen-4.8.3)
: Xen hypervisor and related components (light).
Slimmed-down version of Xen without `qemu-traditional` (you don't need it if you don't know what it is). Use with `qemu_xen-light` from nixpkgs. Includes: * firmware/etherboot/ipxe.git: Xen's fork of iPXE. * xen-libhvm-dir-remote: Helper library for reading ACPI and SMBIOS firmware values from the host system for use with the HVM guest firmware pass-through feature in Xen.
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
|
virtualisation.xen.package-qemu
The package with qemu binaries for dom0 qemu and xendomains.
Type: package
Default:
"pkgs.xen"
Example:
pkgs.qemu_xen-light
Related packages:
pkgs.xen (xen-4.8.3)
: Xen hypervisor and related components (vanilla).
Vanilla version of Xen. Uses forks of Qemu and Seabios bundled with Xen. This gives vanilla experince, but wastes space and build time: typical NixOS setup that runs lots of VMs will build three different versions of Qemu when using this (two forks and upstream). Includes: * firmware/etherboot/ipxe.git: Xen's fork of iPXE. * firmware/seabios-dir-remote: Xen's fork of Seabios. * qemu-xen: Xen's fork of upstream Qemu. * qemu-xen-traditional: Xen's fork of upstream Qemu that uses old device model. * xen-libhvm-dir-remote: Helper library for reading ACPI and SMBIOS firmware values from the host system for use with the HVM guest firmware pass-through feature in Xen.
pkgs.qemu_xen-light (qemu-xen-host-cpu-only-3.0.0)
: A generic and open source machine emulator and virtualizer.
For use with pkgs.xen-light.
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
|
virtualisation.xen.bootParams
Parameters passed to the Xen hypervisor at boot time.
Type: unspecified
Default:
""
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
|
virtualisation.xen.bridge.address
IPv4 address of the bridge.
Type: string
Default:
"172.16.0.1"
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
|
virtualisation.xen.bridge.forwardDns
If set to true
, the DNS queries from the
hosts connected to the bridge will be forwarded to the DNS
servers specified in /etc/resolv.conf .
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
|
virtualisation.xen.bridge.name
Name of bridge the Xen domUs connect to.
Type: unspecified
Default:
"xenbr0"
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
|
virtualisation.xen.bridge.prefixLength
Subnet mask of the bridge interface, specified as the number of
bits in the prefix (24
).
A DHCP server will provide IP addresses for the whole, remaining
subnet.
Type: signed integer
Default:
16
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
|
virtualisation.xen.domain0MemorySize
Amount of memory (in MiB) allocated to Domain 0 on boot. If set to 0, all memory is assigned to Domain 0.
Type: unspecified
Default:
0
Example:
512
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
|
virtualisation.xen.domains.extraConfig
Options defined here will override the defaults for xendomains. The default options can be seen in the file included from /etc/default/xendomains.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
|
virtualisation.xen.stored
Xen Store daemon to use. Defaults to oxenstored of the xen package.
Type: path
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
|
virtualisation.xen.trace
Enable Xen tracing.
Type: unspecified
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
|
xdg.autostart.enable
Whether to install files to support the XDG Autostart specification.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/xdg/autostart.nix>
|
xdg.icons.enable
Whether to install files to support the XDG Icon Theme specification.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/xdg/icons.nix>
|
xdg.menus.enable
Whether to install files to support the XDG Desktop Menu specification.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/xdg/menus.nix>
|
xdg.mime.enable
Whether to install files to support the XDG Shared MIME-info specification and the XDG MIME Applications specification.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/xdg/mime.nix>
|
zramSwap.enable
Enable in-memory compressed swap space provided by the zram kernel module. See https://www.kernel.org/doc/Documentation/blockdev/zram.txt
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/zram.nix>
|
zramSwap.memoryPercent
Maximum amount of memory that can be used by the zram swap devices (as a percentage of your total memory). Defaults to 1/2 of your total RAM.
Type: signed integer
Default:
50
Declared by:
<nixpkgs/nixos/modules/config/zram.nix>
|
zramSwap.numDevices
Number of zram swap devices to create.
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/config/zram.nix>
|
zramSwap.priority
Priority of the zram swap devices. It should be a number higher than the priority of your disk-based swap devices (so that the system will fill the zram swap devices before falling back to disk swap).
Type: signed integer
Default:
5
Declared by:
<nixpkgs/nixos/modules/config/zram.nix>
|