Appendix A. Configuration Options

Whether to enable support for nixos containers.

Type: boolean

Default: true

Declared by:

Extra binary formats to register with the kernel. See https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html for more details.

Type: attribute set of submodules

Default: { }

Declared by:

Whether to open the interpreter file as soon as the registration is loaded, rather than waiting for a relevant file to be invoked.

See the description of the 'F' flag in the kernel docs for more details.

Type: boolean

Default: false

Declared by:

The interpreter to invoke to run the program.

Note that the actual registration will point to /run/binfmt/${name}, so the kernel interpreter length limit doesn't apply.

Type: path

Declared by:

The magic number or extension to match on.

Type: string

Declared by:

A mask to be ANDed with the byte sequence of the file before matching

Type: null or string

Default: null

Declared by:

Whether to launch with the credentials and security token of the binary, not the interpreter (e.g. setuid bit).

See the description of the 'C' flag in the kernel docs for more details.

Implies/requires openBinary = true.

Type: boolean

Default: false

Declared by:

The byte offset of the magic number used for recognition.

Type: null or signed integer

Default: null

Declared by:

Whether to pass the binary to the interpreter as an open file descriptor, instead of a path.

Type: boolean

Default: false

Declared by:

Whether to pass the original argv[0] to the interpreter.

See the description of the 'P' flag in the kernel docs for more details;

Type: boolean

Default: false

Declared by:

Whether to recognize executables by magic number or extension.

Type: one of "magic", "extension"

Default: "magic"

Declared by:

List of names of kernel modules that should not be loaded automatically by the hardware probing code.

Type: list of strings

Default: [ ]

Example: [ "cirrusfb" "i2c_piix4" ]

Declared by:

Whether to delete all files in /tmp during boot.

Type: boolean

Default: false

Declared by:

The kernel console loglevel. All Kernel Messages with a log level smaller than this setting will be printed to the console.

Type: signed integer

Default: 4

Declared by:

If enabled, NixOS will set up a kernel that will boot on crash, and leave the user in systemd rescue to be able to save the crashed kernel dump at /proc/vmcore. It also activates the NMI watchdog.

Type: boolean

Default: false

Declared by:

Parameters that will be passed to the kernel kexec-ed on crash.

Type: list of strings

Default: [ "1" "boot.shell_on_fail" ]

Declared by:

The amount of memory reserved for the crashdump kernel. If you choose a too high value, dmesg will mention "crashkernel reservation failed".

Type: unspecified

Default: "128M"

Declared by:

Size limit for the /dev/shm tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.

Type: string

Default: "50%"

Example: "256m"

Declared by:

Size limit for the /dev tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.

Type: string

Default: "5%"

Example: "32m"

Declared by:

Enable setting font as early as possible (in initrd).

Type: boolean

Default: false

Declared by:

Any additional configuration to be appended to the generated modprobe.conf. This is typically used to specify module options. See modprobe.conf(5) for details.

Type: string

Default: ""

Example:

''
options parport_pc io=0x378 irq=7 dma=1
''

Declared by:

A list of additional packages supplying kernel modules.

Type: list of packages

Default: [ ]

Example:

[ pkgs.linuxPackages.nvidia_x11 ]

Declared by:

Tty (virtual console) devices, in addition to the consoles on which mingetty and syslogd run, that must be initialised. Only useful if you have some program that you want to run on some fixed console. For example, the NixOS installation CD opens the manual in a web browser on console 7, so it sets boot.extraTTYs to ["tty7"].

Type: list of strings

Default: [ ]

Example: [ "tty8" "tty9" ]

Declared by:

Whether to enable grow the root partition on boot.

Type: boolean

Default: false

Example: true

Declared by:

Whether to try to load kernel modules for all detected hardware. Usually this does a good job of providing you with the modules you need, but sometimes it can crash the system or cause other nasty effects.

Type: boolean

Default: true

Declared by:

The set of kernel modules in the initial ramdisk used during the boot process. This set must include all modules necessary for mounting the root device. That is, it should include modules for the physical device (e.g., SCSI drivers) and for the file system (e.g., ext3). The set specified here is automatically closed under the module dependency relation, i.e., all dependencies of the modules list here are included automatically. The modules listed here are available in the initrd, but are only loaded on demand (e.g., the ext3 module is loaded automatically when an ext3 filesystem is mounted, and modules for PCI devices are loaded when they match the PCI ID of a device in your system). To force a module to be loaded, include it in boot.initrd.kernelModules.

Type: list of strings

Default: [ ]

Example: [ "sata_nv" "ext3" ]

Declared by:

Whether to run fsck on journaling filesystems such as ext3.

Type: boolean

Default: true

Declared by:

List of modules that are always loaded by the initrd.

Type: list of strings

Default: [ ]

Declared by:

A list of cryptographic kernel modules needed to decrypt the root device(s). The default includes all common modules.

Type: list of strings

Default: [ "aes" "aes_generic" "blowfish" "twofish" "serpent" "cbc" "xts" "lrw" "sha1" "sha256" "sha512" "aes_x86_64" ]

Declared by:

The encrypted disk that should be opened before the root filesystem is mounted. Both LVM-over-LUKS and LUKS-over-LVM setups are supported. The unencrypted devices can be accessed as /dev/mapper/name.

Type: list or attribute set of submodules

Default: { }

Example: { luksroot = { device = "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08"; } ; }

Declared by:

Whether to allow TRIM requests to the underlying device. This option has security implications; please read the LUKS documentation before activating it.

Type: boolean

Default: false

Declared by:

Path of the underlying encrypted block device.

Type: string

Example: "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08"

Declared by:

Whether to fallback to interactive passphrase prompt if the keyfile cannot be found. This will prevent unattended boot should the keyfile go missing.

Type: boolean

Default: false

Declared by:

The name of the file or block device that should be used as header for the encrypted device.

Type: null or string

Default: null

Example: "/root/header.img"

Declared by:

The name of the file (can be a raw device or a partition) that should be used as the decryption key for the encrypted device. If not specified, you will be prompted for a passphrase instead.

Type: null or string

Default: null

Example: "/dev/sdb1"

Declared by:

The offset of the key file. Use this in combination with keyFileSize to use part of a file as key file (often the case if a raw device or partition is used as a key file). If not specified, the key begins at the first byte of keyFile.

Type: null or signed integer

Default: null

Example: 4096

Declared by:

The size of the key file. Use this if only the beginning of the key file should be used as a key (often the case if a raw device or partition is used as key file). If not specified, the whole keyFile will be used decryption, instead of just the first keyFileSize bytes.

Type: null or signed integer

Default: null

Example: 4096

Declared by:

Whether the luksOpen will be attempted before LVM scan or after it.

Type: boolean

Default: true

Declared by:

The options to use for this LUKS device in Yubikey-PBA. If null (the default), Yubikey-PBA will be disabled for this device.

Type: null or submodule

Default: null

Declared by:

Time in seconds to wait for the Yubikey.

Type: signed integer

Default: 10

Declared by:

How much the iteration count for PBKDF2 is increased at each successful authentication.

Type: signed integer

Default: 0

Declared by:

Length of the LUKS slot key derived with PBKDF2 in byte.

Type: signed integer

Default: 64

Declared by:

Length of the new salt in byte (64 is the effective maximum).

Type: signed integer

Default: 16

Declared by:

Which slot on the Yubikey to challenge.

Type: signed integer

Default: 2

Declared by:

An unencrypted device that will temporarily be mounted in stage-1. Must contain the current salt to create the challenge for this LUKS device.

Type: path

Default: "/dev/sda1"

Declared by:

The filesystem of the unencrypted device.

Type: string

Default: "vfat"

Declared by:

Absolute path of the salt on the unencrypted device with that device's root directory as "/".

Type: string

Default: "/crypt-storage/default"

Declared by:

Whether to use a passphrase and a Yubikey (true), or only a Yubikey (false).

Type: boolean

Default: true

Declared by:

Unless enabled, encryption keys can be easily recovered by an attacker with physical access to any machine with PCMCIA, ExpressCard, ThunderBolt or FireWire port. More information is available at http://en.wikipedia.org/wiki/DMA_attack.

This option blacklists FireWire drivers, but doesn't remove them. You can manually load the drivers if you need to use a FireWire device, but don't forget to unload them!

Type: boolean

Default: true

Declared by:

When opening a new LUKS device try reusing last successful passphrase.

Useful for mounting a number of devices that use the same passphrase without retyping it several times.

Such setup can be useful if you use cryptsetup luksSuspend. Different LUKS devices will still have different master keys even when using the same passphrase.

Type: boolean

Default: true

Declared by:

Enables support for authenticating with a Yubikey on LUKS devices. See the NixOS wiki for information on how to properly setup a LUKS device and a Yubikey to work with this feature.

Type: boolean

Default: false

Declared by:

Contents of /etc/mdadm.conf in stage 1.

Type: string

Default: ""

Declared by:

Add network connectivity support to initrd. The network may be configured using the ip kernel parameter, as described in the kernel documentation. Otherwise, if networking.useDHCP is enabled, an IP address is acquired using DHCP.

You should add the module(s) required for your network card to boot.initrd.availableKernelModules. lspci -v -s <ethernet controller> will tell you which.

Type: boolean

Default: false

Declared by:

Shell commands to be executed after stage 1 of the boot has initialised the network.

Type: string

Default: ""

Declared by:

Start SSH service during initrd boot. It can be used to debug failing boot on a remote server, enter pasphrase for an encrypted partition etc. Service is killed when stage-1 boot is finished.

Type: boolean

Default: false

Declared by:

Authorized keys for the root user on initrd.

Type: list of strings

Default: [ ]

Declared by:

DSS SSH private key file in the Dropbear format.

WARNING: Unless your bootloader supports initrd secrets, this key is contained insecurely in the global Nix store. Do NOT use your regular SSH host private keys for this purpose or you'll expose them to regular users!

Type: null or path

Default: null

Declared by:

ECDSA SSH private key file in the Dropbear format.

WARNING: Unless your bootloader supports initrd secrets, this key is contained insecurely in the global Nix store. Do NOT use your regular SSH host private keys for this purpose or you'll expose them to regular users!

Type: null or path

Default: null

Declared by:

RSA SSH private key file in the Dropbear format.

WARNING: Unless your bootloader supports initrd secrets, this key is contained insecurely in the global Nix store. Do NOT use your regular SSH host private keys for this purpose or you'll expose them to regular users!

Type: null or path

Default: null

Declared by:

Port on which SSH initrd service should listen.

Type: signed integer

Default: 22

Declared by:

Login shell of the remote user. Can be used to limit actions user can do.

Type: string

Default: "/bin/ash"

Declared by:

Additional command-line arguments passed verbatim to udhcpc if boot.initrd.network.enable and networking.useDHCP are enabled.

Type: list of strings

Default: [ ]

Declared by:

Shell commands to be executed immediately after stage 1 of the boot has loaded kernel modules and created device nodes in /dev.

Type: string

Default: ""

Declared by:

Shell commands to be executed immediately after the stage 1 filesystems have been mounted.

Type: string

Default: ""

Declared by:

Shell commands to be executed before udev is started to create device nodes.

Type: string

Default: ""

Declared by:

Shell commands to be executed before the failure prompt is shown.

Type: string

Default: ""

Declared by:

Shell commands to be executed immediately before LVM discovery.

Type: string

Default: ""

Declared by:

Other initrd files to prepend to the final initrd we are building.

Type: list of strings

Default: [ ]

Declared by:

Names of supported filesystem types in the initial ramdisk.

Type: list of strings

Default: [ ]

Example: [ "btrfs" ]

Declared by:

Whether this NixOS machine is a lightweight container running in another NixOS system.

Type: boolean

Default: false

Declared by:

Runtime parameters of the Linux kernel, as set by sysctl(8). Note that sysctl parameters names must be enclosed in quotes (e.g. "vm.swappiness" instead of vm.swappiness). The value of each parameter may be a string, integer, boolean, or null (signifying the option will not appear at all).

Type: attribute set of sysctl option values

Default: { }

Example:

{ "net.ipv4.tcp_syncookies" = false; "vm.swappiness" = 60; }

Declared by:

The set of kernel modules to be loaded in the second stage of the boot process. Note that modules that are needed to mount the root file system should be added to boot.initrd.availableKernelModules or boot.initrd.kernelModules.

Type: list of strings

Default: [ ]

Declared by:

This option allows you to override the Linux kernel used by NixOS. Since things like external kernel module packages are tied to the kernel you're using, it also overrides those. This option is a function that takes Nixpkgs as an argument (as a convenience), and returns an attribute set containing at the very least an attribute kernel. Additional attributes may be needed depending on your configuration. For instance, if you use the NVIDIA X driver, then it also needs to contain an attribute nvidia_x11.

Type: unspecified

Default: "pkgs.linuxPackages"

Example:

pkgs.linuxPackages_2_6_25

Declared by:

Parameters added to the kernel command line.

Type: list of strings

Default: [ ]

Declared by:

A list of additional patches to apply to the kernel.

Type: list of attribute sets

Default: [ ]

Example:

[ pkgs.kernelPatches.ubuntu_fan_4_4 ]

Declared by:

Whether the installation process is allowed to modify EFI boot variables.

Type: boolean

Default: false

Declared by:

Where the EFI System Partition is mounted.

Type: string

Default: "/boot"

Declared by:

Whether to create symlinks to the system generations under /boot. When enabled, /boot/default/kernel, /boot/default/initrd, etc., are updated to point to the current generation's kernel image, initial RAM disk, and other bootstrap files.

This optional is not necessary with boot loaders such as GNU GRUB for which the menu is updated to point to the latest bootstrap files. However, it is needed for U-Boot on platforms where the boot command line is stored in flash memory rather than in a menu file.

Type: boolean

Default: false

Declared by:

Whether copy the necessary boot files into /boot, so /nix/store is not needed by the boot loader.

Type: boolean

Default: false

Declared by:

Whether to generate an extlinux-compatible configuration file under /boot/extlinux.conf. For instance, U-Boot's generic distro boot support uses this file format.

See U-boot's documentation for more information.

Type: boolean

Default: false

Declared by:

Maximum number of configurations in the boot menu.

Type: signed integer

Default: 20

Example: 10

Declared by:

Whether to enable the GNU GRUB boot loader.

Type: boolean

Default: true

Declared by:

Enable support for encrypted partitions. GRUB should automatically unlock the correct encrypted partition and look for filesystems.

Type: boolean

Default: false

Declared by:

Background color to be used for GRUB to fill the areas the image isn't filling.

Type: null or string

Default: null

Example: "#7EBAE4"

Declared by:

Maximum of configurations in boot menu. GRUB has problems when there are too many entries.

Type: signed integer

Default: 100

Example: 120

Declared by:

GRUB entry name instead of default.

Type: string

Default: ""

Example: "Stable 2.6.21"

Declared by:

Whether the GRUB menu builder should copy kernels and initial ramdisks to /boot. This is done automatically if /boot is on a different partition than /.

Type: boolean

Default: false

Declared by:

Index of the default menu item to be booted.

Type: signed integer or string

Default: "0"

Declared by:

The device on which the GRUB boot loader will be installed. The special value nodev means that a GRUB boot menu will be generated, but GRUB itself will not actually be installed. To install GRUB on multiple devices, use boot.loader.grub.devices.

Type: string

Default: ""

Example: "/dev/disk/by-id/wwn-0x500001234567890a"

Declared by:

The devices on which the boot loader, GRUB, will be installed. Can be used instead of device to install GRUB onto multiple devices.

Type: list of strings

Default: [ ]

Example: [ "/dev/disk/by-id/wwn-0x500001234567890a" ]

Declared by:

Whether to invoke grub-install with --removable.

Unless you turn this on, GRUB will install itself somewhere in boot.loader.efi.efiSysMountPoint (exactly where depends on other config variables). If you've set boot.loader.efi.canTouchEfiVariables *AND* you are currently booted in UEFI mode, then GRUB will use efibootmgr to modify the boot order in the EFI variables of your firmware to include this location. If you are *not* booted in UEFI mode at the time GRUB is being installed, the NVRAM will not be modified, and your system will not find GRUB at boot time. However, GRUB will still return success so you may miss the warning that gets printed ("efibootmgr: EFI variables are not supported on this system.").

If you turn this feature on, GRUB will install itself in a special location within efiSysMountPoint (namely EFI/boot/boot$arch.efi) which the firmwares are hardcoded to try first, regardless of NVRAM EFI variables.

To summarize, turn this on if:

Type: boolean

Default: false

Declared by:

Whether GRUB should be built with EFI support. EFI support is only available for GRUB v2. This option is ignored for GRUB v1.

Type: boolean

Default: false

Declared by:

Additional GRUB commands inserted in the configuration file just before the menu entries.

Type: string

Default: ""

Example: "serial; terminal_output.serial"

Declared by:

Any additional entries you want added to the GRUB boot menu.

Type: string

Default: ""

Example:

''
# GRUB 1 example (not GRUB 2 compatible)
title Windows
  chainloader (hd0,1)+1

# GRUB 2 example
menuentry "Windows 7" {
  chainloader (hd0,4)+1
}

# GRUB 2 with UEFI example, chainloading another distro
menuentry "Fedora" {
  set root=(hd1,1)
  chainloader /efi/fedora/grubx64.efi
}
''

Declared by:

Whether extraEntries are included before the default option.

Type: boolean

Default: false

Declared by:

A set of files to be copied to /boot. Each attribute name denotes the destination file name in /boot, while the corresponding attribute value specifies the source file.

Type: attribute set of paths

Default: { }

Example:

{ "memtest.bin" = "${pkgs.memtest86plus}/memtest.bin"; }

Declared by:

The path to a second initramfs to be supplied to the kernel. This ramfs will not be copied to the store, so that it can contain secrets such as LUKS keyfiles or ssh keys. This implies that rolling back to a previous configuration won't rollback the state of this file.

Type: null or path

Default: null

Example: "/boot/extra_initramfs.gz"

Declared by:

Additional GRUB commands inserted in the configuration file at the start of each NixOS menu entry.

Type: string

Default: ""

Example: "root (hd0)"

Declared by:

Additional bash commands to be run at the script that prepares the GRUB menu entries.

Type: string

Default: ""

Declared by:

Path to a TrueType, OpenType, or pf2 font to be used by Grub.

Type: null or path

Default: "\${pkgs.grub2}/share/grub/unicode.pf2"

Declared by:

Font size for the grub menu. Ignored unless font is set to a ttf or otf font.

Type: null or signed integer

Default: null

Example:

Declared by:

Whether to try and forcibly install GRUB even if problems are detected. It is not recommended to enable this unless you know what you are doing.

Type: boolean

Default: false

Declared by:

Determines how GRUB will identify devices when generating the configuration file. A value of uuid / label signifies that grub will always resolve the uuid or label of the device before using it in the configuration. A value of provided means that GRUB will use the device name as show in df or mount. Note, zfs zpools / datasets are ignored and will always be mounted using their labels.

Type: one of "uuid", "label", "provided"

Default: "uuid"

Declared by:

The gfxmode to pass to GRUB when loading a graphical boot interface under BIOS.

Type: string

Default: "1024x768"

Example: "auto"

Declared by:

The gfxmode to pass to GRUB when loading a graphical boot interface under EFI.

Type: string

Default: "auto"

Example: "1024x768"

Declared by:

Set of iPXE scripts available for booting from the GRUB boot menu.

Type: attribute set of path or strings

Default: { }

Example:

{ demo = ''
    #!ipxe
    dhcp
    chain http://boot.ipxe.org/demo/boot.php
  '';
}

Declared by:

Make Memtest86+, a memory testing program, available from the GRUB boot menu.

Type: boolean

Default: false

Declared by:

Parameters added to the Memtest86+ command line. As of memtest86+ 5.01 the following list of (apparently undocumented) parameters are accepted:

This list of command line options was obtained by reading the Memtest86+ source code.

Type: list of strings

Default: [ ]

Example: [ "console=ttyS0,115200" ]

Declared by:

Mirror the boot configuration to multiple partitions and install grub to the respective devices corresponding to those partitions.

Type: list of submodules

Default: [ ]

Example: [ { devices = [ "/dev/disk/by-id/wwn-0x500001234567890a" ] ; path = "/boot1"; } { devices = [ "/dev/disk/by-id/wwn-0x500009876543210a" ] ; path = "/boot2"; } ]

Declared by:

The path to the devices which will have the GRUB MBR written. Note these are typically device paths and not paths to partitions.

Type: list of strings

Default: [ ]

Example: [ "/dev/disk/by-id/wwn-0x500001234567890a" "/dev/disk/by-id/wwn-0x500009876543210a" ]

Declared by:

The id of the bootloader to store in efi nvram. The default is to name it NixOS and append the path or efiSysMountPoint. This is only used if boot.loader.efi.canTouchEfiVariables is true.

Type: null or string

Default: null

Example: "NixOS-fsid"

Declared by:

The path to the efi system mount point. Usually this is the same partition as the above path and can be left as null.

Type: null or string

Default: null

Example: "/boot1/efi"

Declared by:

The path to the boot directory where GRUB will be written. Generally this boot path should double as an EFI path.

Type: string

Example: "/boot1"

Declared by:

Background image used for GRUB. Set to null to run GRUB in text mode.

Type: null or path

Example:

./my-background.png

Declared by:

Whether to stretch the image or show the image in the top-left corner unstretched.

Type: one of "normal", "stretch"

Default: "stretch"

Declared by:

Path to the Nix store when looking for kernels at boot. Only makes sense when copyKernels is false.

Type: string

Default: "/nix/store"

Declared by:

Enable trusted boot. GRUB will measure all critical components during the boot process to offer TCG (TPM) support.

Type: boolean

Default: false

Declared by:

Use a special version of TrustedGRUB that is needed by some HP laptops and works only for the HP laptops.

Type: boolean

Default: false

Declared by:

Assertion that the target system has an activated TPM. It is a safety check before allowing the activation of 'trustedBoot.enable'. TrustedBoot WILL FAIL TO BOOT YOUR SYSTEM if no TPM is available.

Type: string

Default: ""

Example: "YES_TPM_is_activated"

Declared by:

If set to true, append entries for other OSs detected by os-prober.

Type: boolean

Default: false

Declared by:

The version of GRUB to use: 1 for GRUB Legacy (versions 0.9x), or 2 (the default) for GRUB 2.

Type: signed integer

Default: 2

Example: 1

Declared by:

Whether GRUB should be built against libzfs. ZFS support is only available for GRUB v2. This option is ignored for GRUB v1.

Type: boolean

Default: false

Declared by:

Some systems require a /sbin/init script which is started. Or having it makes starting NixOS easier. This applies to some kind of hosting services and user mode linux.

Additionally this script will create /boot/init-other-configurations-contents.txt containing contents of remaining configurations. You can copy paste them into /sbin/init manually running a rescue system or such.

Type: boolean

Default: false

Declared by:

Whether to create files with the system generations in /boot. /boot/old will hold files from old generations.

Type: boolean

Default: false

Declared by:

Extra options that will be appended to /boot/config.txt file. For possible values, see: https://www.raspberrypi.org/documentation/configuration/config-txt/

Type: null or string

Default: null

Declared by:

Enable using uboot as bootmanager for the raspberry pi.

Type: boolean

Default: false

Declared by:

Maximum number of configurations in the boot menu.

Type: signed integer

Default: 20

Example: 10

Declared by:

Type: one of 1, 2, 3

Default: 2

Declared by:

Whether to enable the systemd-boot (formerly gummiboot) EFI boot manager

Type: boolean

Default: false

Declared by:

The resolution of the console. The following values are valid:

Type: one of "0", "1", "2", "auto", "max", "keep"

Default: "keep"

Declared by:

Whether to allow editing the kernel command-line before boot. It is recommended to set this to false, as it allows gaining root access by passing init=/bin/sh as a kernel parameter. However, it is enabled by default for backwards compatibility.

Type: boolean

Default: true

Declared by:

Timeout (in seconds) until loader boots the default menu item. Use null if the loader menu should be displayed indefinitely.

Type: null or signed integer

Default: 5

Declared by:

Whether to enable Plymouth boot splash screen.

Type: boolean

Default: false

Example: true

Declared by:

Logo which is displayed on the splash screen.

Type: path

Default:

''
pkgs.fetchurl {
          url = "https://nixos.org/logo/nixos-hires.png";
          sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si";
        }''

Declared by:

Splash screen theme.

Type: string

Default: "breeze"

Declared by:

Extra theme packages for plymouth.

Type: list of packages

Default: [ ]

Declared by:

Shell commands to be executed just before systemd is started.

Type: string

Default: ""

Example: "rm -f /var/log/messages"

Declared by:

Device for manual resume attempt during boot. This should be used primarily if you want to resume from file. If left empty, the swap partitions are used. Specify here the device where the file resides. You should also use boot.kernelParams to specify resume_offset.

Type: string

Default: ""

Example: "/dev/sda3"

Declared by:

Size limit for the /run tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.

Type: string

Default: "25%"

Example: "256m"

Declared by:

Location of the device.

Type: null or string (with check: non-empty)

Default: null

Example: "/dev/sda"

Declared by:

Type of the file system.

Type: string (with check: non-empty)

Default: "auto"

Example: "ext3"

Declared by:

Location of the mounted the file system.

Type: string (with check: non-empty)

Example: "/mnt/usb"

Declared by:

Options used to mount the file system.

Type: list of string (with check: non-empty)s

Default: [ "defaults" ]

Example: [ "data=journal" ]

Declared by:

Names of supported filesystem types.

Type: list of strings

Default: [ ]

Example: [ "btrfs" ]

Declared by:

Whether to mount a tmpfs on /tmp during boot.

Type: boolean

Default: false

Declared by:

Whether to activate VESA video mode on boot.

Type: boolean

Default: false

Declared by:

Use the unstable zfs package. This might be an option, if the latest kernel is not yet supported by a published release of ZFS. Enabling this option will install a development version of ZFS on Linux. The version will have already passed an extensive test suite, but it is more likely to hit an undiscovered bug compared to running a released version of ZFS on Linux.

Type: boolean

Default: false

Declared by:

Name of directory from which to import ZFS devices.

This should be a path under /dev containing stable names for all devices needed, as import may fail if device nodes are renamed concurrently with a device failing.

Type: path

Default: "/dev/disk/by-id"

Example: "/dev/disk/by-id"

Declared by:

Name or GUID of extra ZFS pools that you wish to import during boot.

Usually this is not necessary. Instead, you should set the mountpoint property of ZFS filesystems to legacy and add the ZFS filesystems to NixOS's fileSystems option, which makes NixOS automatically import the associated pool.

However, in some cases (e.g. if you have many filesystems) it may be preferable to exclusively use ZFS commands to manage filesystems. If so, since NixOS/systemd will not be managing those filesystems, you will need to specify the ZFS pool here so that NixOS automatically imports it on every boot.

Type: list of strings

Default: [ ]

Example: [ "tank" "data" ]

Declared by:

Forcibly import all ZFS pool(s).

This is enabled by default for backwards compatibility purposes, but it is highly recommended to disable this option, as it bypasses some of the safeguards ZFS uses to protect your ZFS pools.

If you set this option to false and NixOS subsequently fails to import your non-root ZFS pool(s), you should manually import each pool with "zpool import -f <pool-name>", and then reboot. You should only need to do this once.

Type: boolean

Default: true

Declared by:

Forcibly import the ZFS root pool(s) during early boot.

This is enabled by default for backwards compatibility purposes, but it is highly recommended to disable this option, as it bypasses some of the safeguards ZFS uses to protect your ZFS pools.

If you set this option to false and NixOS subsequently fails to boot because it cannot import the root pool, you should boot with the zfs_force=1 option as a kernel parameter (e.g. by manually editing the kernel params in grub during boot). You should only need to do this once.

Type: boolean

Default: true

Declared by:

Request encryption keys or passwords for all encrypted datasets on import. Dataset encryption is only supported in zfsUnstable at the moment. For root pools the encryption key can be supplied via both an interactive prompt (keylocation=prompt) and from a file (keylocation=file://). Note that for data pools the encryption key can be only loaded from a file and not via interactive prompt since the import is processed in a background systemd service.

Type: boolean

Default: false

Declared by:

A set of NixOS system configurations to be run as lightweight containers. Each container appears as a service container-name on the host system, allowing it to be started and stopped via systemctl.

Type: attribute set of submodules

Default: { }

Example:

{ webserver =
    { path = "/nix/var/nix/profiles/webserver";
    };
  database =
    { config =
        { config, pkgs, ... }:
        { services.postgresql.enable = true;
          services.postgresql.package = pkgs.postgresql96;

          system.stateVersion = "17.03";
        };
    };
}

Declared by:

Allows the container to create and setup tunnel interfaces by granting the NET_ADMIN capability and enabling access to /dev/net/tun.

Type: boolean

Default: false

Declared by:

Grant additional capabilities to the container. See the capabilities(7) and systemd-nspawn(1) man pages for more information.

Type: list of strings

Default: [ ]

Example: [ "CAP_NET_ADMIN" "CAP_MKNOD" ]

Declared by:

A list of device nodes to which the containers has access to.

Type: list of submodules

Default: [ ]

Example: [ { modifier = "rw"; node = "/dev/net/tun"; } ]

Declared by:

Device node access modifier. Takes a combination r (read), w (write), and m (mknod). See the systemd.resource-control(5) man page for more information.

Type: string

Example: "rw"

Declared by:

Path to device node

Type: string

Example: "/dev/net/tun"

Declared by:

Whether the container is automatically started at boot-time.

Type: boolean

Default: false

Declared by:

An extra list of directories that is bound to the container.

Type: list or attribute set of submodules

Default: { }

Example: { /home = { hostPath = "/home/alice"; isReadOnly = false; } ; }

Declared by:

Location of the host path to be mounted.

Type: null or string

Default: null

Example: "/home/alice"

Declared by:

Determine whether the mounted path will be accessed in read-only mode.

Type: boolean

Default: true

Declared by:

Mount point on the container file system.

Type: string

Example: "/mnt/usb"

Declared by:

A specification of the desired configuration of this container, as a NixOS module.

Type: Toplevel NixOS config

Declared by:

Extra flags passed to the systemd-nspawn command. See systemd-nspawn(1) for details.

Type: list of strings

Default: [ ]

Example: [ "--drop-capability=CAP_SYS_CHROOT" ]

Declared by:

Extra veth-pairs to be created for the container

Type: attribute set of submodules

Default: { }

Declared by:

List of forwarded ports from host to container. Each forwarded port is specified by protocol, hostPort and containerPort. By default, protocol is tcp and hostPort and containerPort are assumed to be the same if containerPort is not explicitly given.

Type: list of submodules

Default: [ ]

Example: [ { containerPort = 80; hostPort = 8080; protocol = "tcp"; } ]

Declared by:

Target port of container

Type: null or signed integer

Default: null

Declared by:

Source port of the external interface on host

Type: signed integer

Declared by:

The protocol specifier for port forwarding between host and container

Type: string

Default: "tcp"

Declared by:

The IPv4 address assigned to the host interface. (Not used when hostBridge is set.)

Type: null or string

Default: null

Example: "10.231.136.1"

Declared by:

The IPv6 address assigned to the host interface. (Not used when hostBridge is set.)

Type: null or string

Default: null

Example: "fc00::1"

Declared by:

Put the host-side of the veth-pair into the named bridge. Only one of hostAddress* or hostBridge can be given.

Type: null or string

Default: null

Example: "br0"

Declared by:

The IPv4 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /32 and routing is set up from localAddress to hostAddress and back.

Type: null or string

Default: null

Example: "10.231.136.2"

Declared by:

The IPv6 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /128 and routing is set up from localAddress6 to hostAddress6 and back.

Type: null or string

Default: null

Example: "fc00::2"

Declared by:

List of forwarded ports from host to container. Each forwarded port is specified by protocol, hostPort and containerPort. By default, protocol is tcp and hostPort and containerPort are assumed to be the same if containerPort is not explicitly given.

Type: list of submodules

Default: [ ]

Example: [ { containerPort = 80; hostPort = 8080; protocol = "tcp"; } ]

Declared by:

Target port of container

Type: null or signed integer

Default: null

Declared by:

Source port of the external interface on host

Type: signed integer

Declared by:

The protocol specifier for port forwarding between host and container

Type: string

Default: "tcp"

Declared by:

The IPv4 address assigned to the host interface. (Not used when hostBridge is set.)

Type: null or string

Default: null

Example: "10.231.136.1"

Declared by:

The IPv6 address assigned to the host interface. (Not used when hostBridge is set.)

Type: null or string

Default: null

Example: "fc00::1"

Declared by:

Put the host-side of the veth-pair into the named bridge. Only one of hostAddress* or hostBridge can be given.

Type: null or string

Default: null

Example: "br0"

Declared by:

The list of interfaces to be moved into the container.

Type: list of strings

Default: [ ]

Example: [ "eth1" "eth2" ]

Declared by:

The IPv4 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /32 and routing is set up from localAddress to hostAddress and back.

Type: null or string

Default: null

Example: "10.231.136.2"

Declared by:

The IPv6 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /128 and routing is set up from localAddress6 to hostAddress6 and back.

Type: null or string

Default: null

Example: "fc00::2"

Declared by:

The list of host interfaces from which macvlans will be created. For each interface specified, a macvlan interface will be created and moved to the container.

Type: list of strings

Default: [ ]

Example: [ "eth1" "eth2" ]

Declared by:

As an alternative to specifying config, you can specify the path to the evaluated NixOS system configuration, typically a symlink to a system profile.

Type: path

Example: "/nix/var/nix/profiles/containers/webserver"

Declared by:

Whether to give the container its own private virtual Ethernet interface. The interface is called eth0, and is hooked up to the interface ve-container-name on the host. If this option is not set, then the container shares the network interfaces of the host, and can bind to any port on any interface.

Type: boolean

Default: false

Declared by:

Mounts a set of tmpfs file systems into the container. Multiple paths can be specified. Valid items must conform to the --tmpfs argument of systemd-nspawn. See systemd-nspawn(1) for details.

Type: list of strings

Default: [ ]

Example: [ "/var" ]

Declared by:

Whether to install documentation of packages from environment.systemPackages into the generated system path.

See "Multiple-output packages" chapter in the nixpkgs manual for more info.

Type: boolean

Default: true

Declared by:

Whether to install documentation targeted at developers.

Type: boolean

Default: false

Declared by:

Whether to install documentation distributed in packages' /share/doc. Usually plain text and/or HTML. This also includes "doc" outputs.

Type: boolean

Default: true

Declared by:

Whether to install info pages and the info command. This also includes "info" outputs.

Type: boolean

Default: true

Declared by:

Whether to install manual pages and the man command. This also includes "man" outputs.

Type: boolean

Default: true

Declared by:

Whether to install NixOS's own documentation.

Type: boolean

Default: true

Declared by:

Whether to enable Dysnomia

Type: boolean

Default: false

Declared by:

Whether to publish privacy-sensitive authentication credentials

Type: boolean

Default: false

Declared by:

The Dysnomia package

Type: path

Declared by:

An atttribute set in which each key represents a container and each value an attribute set in which each key represents a component and each value a derivation constructing its initial state

Type: unspecified

Default: { }

Declared by:

An attribute set in which each key represents a container and each value an attribute set providing its configuration properties

Type: unspecified

Default: { }

Declared by:

A list of paths containing additional container configurations that are added to the search folders

Type: unspecified

Default: [ ]

Declared by:

An attribute set providing additional container settings in addition to the default properties

Type: unspecified

Default: { }

Declared by:

A list of paths containing additional modules that are added to the search folders

Type: unspecified

Default: [ ]

Declared by:

An attribute set in which each attribute represents a machine property. Optionally, these values can be shell substitutions.

Type: unspecified

Default: { }

Declared by:

Some NixOS packages provide debug symbols. However, these are not included in the system closure by default to save disk space. Enabling this option causes the debug symbols to appear in /run/current-system/sw/lib/debug/.build-id, where tools such as gdb can find them. If you need debug symbols for a package that doesn't provide them by default, you can enable them as follows:

nixpkgs.config.packageOverrides = pkgs: {
  hello = pkgs.hello.overrideAttrs (oldAttrs: {
    separateDebugInfo = true;
  });
};

Type: boolean

Default: false

Declared by:

Whether to enable support for the BLCR checkpointing tool.

Type: unspecified

Default: false

Declared by:

Alias of _module.check.

Type: unspecified

Declared by:

Set of files that have to be linked in /etc.

Type: list or attribute set of submodules

Default: { }

Example:

{ example-configuration-file =
    { source = "/nix/store/.../etc/dir/file.conf.example";
      mode = "0440";
    };
  "default/useradd".text = "GROUP=100 ...";
}

Declared by:

Whether this /etc file should be generated. This option allows specific /etc files to be disabled.

Type: boolean

Default: true

Declared by:

GID of created file. Only takes affect when the file is copied (that is, the mode is not 'symlink').

Type: signed integer

Default: 0

Declared by:

Group name of created file. Only takes affect when the file is copied (that is, the mode is not 'symlink'). Changing this option takes precedence over gid.

Type: string

Default: "+0"

Declared by:

If set to something else than symlink, the file is copied instead of symlinked, with the given file mode.

Type: string

Default: "symlink"

Example: "0600"

Declared by:

Path of the source file.

Type: path

Declared by:

Name of symlink (relative to /etc). Defaults to the attribute name.

Type: string

Declared by:

Text of the file.

Type: null or string

Default: null

Declared by:

UID of created file. Only takes affect when the file is copied (that is, the mode is not 'symlink').

Type: signed integer

Default: 0

Declared by:

User name of created file. Only takes affect when the file is copied (that is, the mode is not 'symlink'). Changing this option takes precedence over uid.

Type: string

Default: "+0"

Declared by:

Shell script code called during global environment initialisation after all variables and profileVariables have been set. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split.

Type: string

Default: ""

Declared by:

List of additional package outputs to be symlinked into /run/current-system/sw.

Type: list of strings

Default: [ ]

Example: [ "doc" "info" "devdoc" ]

Declared by:

Shell fragments to be run after the system environment has been created. This should only be used for things that need to modify the internals of the environment, e.g. generating MIME caches. The environment being built can be accessed at $out.

Type: string

Default: ""

Declared by:

Configure freetds database entries. Each attribute denotes a section within freetds.conf, and the value (a string) is the config content for that section. When at least one entry is configured the global environment variables FREETDSCONF, FREETDS and SYBASE will be configured to allow the programs that use freetds to find the library and config.

Type: attribute set of strings

Default: { }

Example:

{ MYDATABASE = ''
    host = 10.0.2.100
    port = 1433
    tds version = 7.2
  '';
}

Declared by:

Which packages gnome should exclude from the default environment

Type: list of packages

Default: [ ]

Example:

[ pkgs.gnome3.totem ]

Declared by:

Shell script code called during interactive shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split.

Type: string

Default: ""

Declared by:

Shell script code called during login shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split.

Type: string

Default: ""

Declared by:

Which LXQt packages to exclude from the default environment

Type: list of packages

Default: [ ]

Example:

[ pkgs.lxqt.qterminal ]

Declared by:

Which MATE packages to exclude from the default environment

Type: list of packages

Default: [ ]

Example:

[ pkgs.mate.mate-terminal pkgs.mate.pluma ]

Declared by:

Switch off the options in the default configuration that require X11 libraries. This includes client-side font configuration and SSH forwarding of X11 authentication in. Thus, you probably do not want to enable this option if you want to run X11 programs on this machine via SSH.

Type: boolean

Default: false

Declared by:

List of directories to be symlinked in /run/current-system/sw.

Type: list of strings

Default: [ ]

Example: [ "/" ]

Declared by:

Attribute set of environment variable. Each attribute maps to a list of relative paths. Each relative path is appended to the each profile of environment.profiles to form the content of the corresponding environment variable.

Type: attribute set of list of stringss

Example: { MANPATH = [ "/man" "/share/man" ] ; PATH = [ "/bin" ] ; }

Declared by:

A list of profiles used to setup the global environment.

Type: list of strings

Default: [ ]

Declared by:

A set of environment variables used in the global environment. These variables will be set by PAM. The value of each variable can be either a string or a list of strings. The latter is concatenated, interspersed with colon characters.

Type: attribute set of string or list of stringss

Default: { }

Declared by:

An attribute set that maps aliases (the top level attribute names in this option) to command strings or directly to build outputs. The aliases are added to all users' shells.

Type: attribute set

Default: { }

Example: { ll = "ls -l"; }

Declared by:

Shell script code called during shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split.

Type: string

Default: ""

Declared by:

A list of permissible login shells for user accounts. No need to mention /bin/sh here, it is placed into this list implicitly.

Type: list of package or paths

Default: [ ]

Example:

[ pkgs.bashInteractive pkgs.zsh ]

Declared by:

The set of packages that appear in /run/current-system/sw. These packages are automatically available to all users, and are automatically updated every time you rebuild the system configuration. (The latter is the main difference with installing them in the default profile, /nix/var/nix/profiles/default.

Type: list of packages

Default: [ ]

Example:

[ pkgs.firefox pkgs.thunderbird ]

Declared by:

Specifies Unix ODBC drivers to be registered in /etc/odbcinst.ini. You may also want to add pkgs.unixODBC to the system path to get a command line client to connnect to ODBC databases.

Type: list of packages

Default: [ ]

Example:

with pkgs.unixODBCDrivers; [ sqlite psql ]

Declared by:

A set of environment variables used in the global environment. These variables will be set on shell initialisation (e.g. in /etc/profile). The value of each variable can be either a string or a list of strings. The latter is concatenated, interspersed with colon characters.

Type: attribute set of string or list of stringss

Default: { }

Example: { EDITOR = "nvim"; VISUAL = "nvim"; }

Declared by:

The file systems to be mounted. It must include an entry for the root directory (mountPoint = "/"). Each entry in the list is an attribute set with the following fields: mountPoint, device, fsType (a file system type recognised by mount; defaults to "auto"), and options (the mount options passed to mount using the -o flag; defaults to [ "defaults" ]).

Instead of specifying device, you can also specify a volume label (label) for file systems that support it, such as ext2/ext3 (see mke2fs -L).

Type: list or attribute set of submodules

Default: { }

Example:

{
  "/".device = "/dev/hda1";
  "/data" = {
    device = "/dev/hda2";
    fsType = "ext3";
    options = [ "data=journal" ];
  };
  "/bigdisk".label = "bigdisk";
}

Declared by:

If the device does not currently contain a filesystem (as determined by blkid, then automatically format it with the filesystem type specified in fsType. Use with caution.

Type: boolean

Default: false

Declared by:

If set, the filesystem is grown to its maximum size before being mounted. (This is typically the size of the containing partition.) This is currently only supported for ext2/3/4 filesystems that are mounted during early boot.

Type: boolean

Default: false

Declared by:

Location of the device.

Type: null or string (with check: non-empty)

Default: null

Example: "/dev/sda"

Declared by:

The block device is backed by an encrypted one, adds this device as a initrd luks entry.

Type: boolean

Default: false

Declared by:

Location of the backing encrypted device.

Type: null or string

Default: null

Example: "/dev/sda1"

Declared by:

File system location of keyfile. This unlocks the drive after the root has been mounted to /mnt-root.

Type: null or string

Default: null

Example: "/mnt-root/root/.swapkey"

Declared by:

Label of the unlocked encrypted device. Set fileSystems.<name?>.device to /dev/mapper/<label> to mount the unlocked device.

Type: null or string

Default: null

Example: "rootfs"

Declared by:

If autoFormat option is set specifies extra options passed to mkfs.

Type: string

Default: ""

Declared by:

Type of the file system.

Type: string (with check: non-empty)

Default: "auto"

Example: "ext3"

Declared by:

Label of the device (if any).

Type: null or string (with check: non-empty)

Default: null

Example: "root-partition"

Declared by:

Location of the mounted the file system.

Type: string (with check: non-empty)

Example: "/mnt/usb"

Declared by:

If set, this file system will be mounted in the initial ramdisk. By default, this applies to the root file system and to the file system containing /nix/store.

Type: boolean

Default: false

Declared by:

Disable running fsck on this filesystem.

Type: boolean

Default: false

Declared by:

Options used to mount the file system.

Type: list of string (with check: non-empty)s

Default: [ "defaults" ]

Example: [ "data=journal" ]

Declared by:

Enable a basic set of fonts providing several font styles and families and reasonable coverage of Unicode.

Type: boolean

Default: false

Declared by:

Whether to create a directory with links to all fonts in /run/current-system/sw/share/X11-fonts.

Type: unspecified

Default: false

Declared by:

Whether to add the fonts provided by Ghostscript (such as various URW fonts and the “Base-14” Postscript fonts) to the list of system fonts, making them available to X11 applications.

Type: unspecified

Default: false

Declared by:

If enabled, a Fontconfig configuration file will be built pointing to a set of default fonts. If you don't care about running X11 applications or any other program that uses Fontconfig, you can turn this option off and prevent a dependency on all those fonts.

Type: boolean

Default: true

Declared by:

Allow bitmap fonts. Set to false to ban all bitmap fonts.

Type: boolean

Default: true

Declared by:

Allow Type-1 fonts. Default is false because of poor rendering.

Type: boolean

Default: false

Declared by:

Enable font antialiasing. At high resolution (> 200 DPI), antialiasing has no visible effect; users of such displays may want to disable this option.

Type: boolean

Default: true

Declared by:

Generate system fonts cache for 32-bit applications.

Type: boolean

Default: false

Declared by:

System-wide default monospace font(s). Multiple fonts may be listed in case multiple languages must be supported.

Type: list of strings

Default: [ "DejaVu Sans Mono" ]

Declared by:

System-wide default sans serif font(s). Multiple fonts may be listed in case multiple languages must be supported.

Type: list of strings

Default: [ "DejaVu Sans" ]

Declared by:

System-wide default serif font(s). Multiple fonts may be listed in case multiple languages must be supported.

Type: list of strings

Default: [ "DejaVu Serif" ]

Declared by:

Force DPI setting. Setting to 0 disables DPI forcing; the DPI detected for the display will be used.

Type: signed integer

Default: 0

Declared by:

Enable font hinting. Hinting aligns glyphs to pixel boundaries to improve rendering sharpness at low resolution. At high resolution (> 200 dpi) hinting will do nothing (at best); users of such displays may want to disable this option.

Type: boolean

Default: true

Declared by:

Enable the autohinter in place of the default interpreter. The results are usually lower quality than correctly-hinted fonts, but better than unhinted fonts.

Type: boolean

Default: false

Declared by:

Include the user configuration from ~/.config/fontconfig/fonts.conf or ~/.config/fontconfig/conf.d.

Type: boolean

Default: true

Declared by:

System-wide customization file contents, has higher priority than defaultFonts settings.

Type: string

Default: ""

Declared by:

Enable fontconfig-penultimate settings to supplement the NixOS defaults by providing per-font rendering defaults and metric aliases.

Type: boolean

Default: true

Declared by:

FreeType LCD filter. At high resolution (> 200 DPI), LCD filtering has no visible effect; users of such displays may want to select none.

Type: one of "none", "default", "light", "legacy"

Default: "default"

Declared by:

Subpixel order. The overwhelming majority of displays are rgb in their normal orientation. Select vrgb for mounting such a display 90 degrees clockwise from its normal orientation or vbgr for mounting 90 degrees counter-clockwise. Select bgr in the unlikely event of mounting 180 degrees from the normal orientation. Reverse these directions in the improbable event that the display's native subpixel order is bgr.

Type: one of "rgb", "bgr", "vrgb", "vbgr", "none"

Default: "rgb"

Declared by:

Enable fontconfig-ultimate settings (formerly known as Infinality). Besides the customizable settings in this NixOS module, fontconfig-ultimate also provides many font-specific rendering tweaks.

Type: boolean

Default: false

Declared by:

FreeType rendering settings preset. Any of the presets may be customized by setting environment variables.

Type: one of "ultimate1", "ultimate2", "ultimate3", "ultimate4", "ultimate5", "osx", "windowsxp"

Default: "ultimate3"

Declared by:

Font substitutions to replace common Type 1 fonts with nicer TrueType fonts. free uses free fonts, ms uses Microsoft fonts, combi uses a combination, and none disables the substitutions.

Type: one of "free", "combi", "ms", "none"

Default: "free"

Declared by:

Use embedded bitmaps in fonts like Calibri.

Type: boolean

Default: false

Declared by:

List of primary font paths.

Type: list of paths

Default: [ ]

Example:

[ pkgs.dejavu_fonts ]

Declared by:

When enabled, GNU software is chosen by default whenever a there is a choice between GNU and non-GNU software (e.g., GNU lsh vs. OpenSSH).

Type: boolean

Default: false

Declared by:

Turn on this option if you want to enable all the firmware.

Type: boolean

Default: false

Declared by:

Whether to enable Kernel Same-Page Merging.

Type: boolean

Default: false

Example: true

Declared by:

Turn on this option if you want to enable all the firmware with a license allowing redistribution. (i.e. free firmware and firmware-linux-nonfree)

Type: boolean

Default: false

Declared by:

Whether to enable support for Bluetooth..

Type: boolean

Default: false

Example: true

Declared by:

Which BlueZ package to use.

Type: package

Default: "pkgs.bluez"

Example: "pkgs.bluez.override { enableMidi = true; }"

Declared by:

Set additional configuration for system-wide bluetooth (/etc/bluetooth/main.conf).

NOTE: We already include [Policy], so any configuration under the Policy group should come first.

Type: string

Default: ""

Example:

''
[General]
ControllerMode = bredr
''

Declared by:

Whether to power up the default Bluetooth controller on boot.

Type: boolean

Default: true

Declared by:

Enable brightnessctl in userspace. This will allow brightness control from users in the video group.

Type: boolean

Default: false

Declared by:

Enable the bumblebee daemon to manage Optimus hybrid video cards. This should power off secondary GPU until its use is requested by running an application with optirun.

Type: boolean

Default: false

Declared by:

Set to true if you intend to connect your discrete card to a monitor. This option will set up your Nvidia card for EDID discovery and to turn on the monitor signal.

Only nvidia driver is supported so far.

Type: boolean

Default: false

Declared by:

Set driver used by bumblebeed. Supported are nouveau and nvidia.

Type: one of "nvidia", "nouveau"

Default: "nvidia"

Declared by:

Group for bumblebee socket

Type: string

Default: "wheel"

Example: "video"

Declared by:

Set preferred power management method for unused card.

Type: one of "auto", "bbswitch", "switcheroo", "none"

Default: "auto"

Declared by:

Whether to enable the Corsair keyboard/mouse driver.

Type: boolean

Default: false

Example: true

Declared by:

The package implementing the Corsair keyboard/mouse driver.

Type: package

Default: "pkgs.ckb"

Declared by:

Update the CPU microcode for AMD processors.

Type: boolean

Default: false

Declared by:

Update the CPU microcode for Intel processors.

Type: boolean

Default: false

Declared by:

Enables udev rules for Digital Bitbox devices.

Type: boolean

Default: false

Declared by:

The Digital Bitbox package to use. This can be used to install a package with udev rules that differ from the defaults.

Type: package

Default: "pkgs.digitalbitbox"

Declared by:

Whether to enable facetimehd kernel module.

Type: boolean

Default: false

Example: true

Declared by:

List of packages containing firmware files. Such files will be loaded automatically if the kernel asks for them (i.e., when it has detected specific hardware that requires firmware to function). If multiple packages contain firmware files with the same name, the first package in the list takes precedence. Note that you must rebuild your system if you add files to any of these directories.

Type: list of packages

Default: [ ]

Declared by:

Enable the Machine Check Exception logger.

Type: boolean

Default: false

Declared by:

Whether to enable Magewell Pro Capture family kernel module.

Type: boolean

Default: false

Example: true

Declared by:

Enables udev rules for Nitrokey devices. By default grants access to users in the "nitrokey" group. You may want to install the nitrokey-app package, depending on your device and needs.

Type: boolean

Default: false

Declared by:

Grant access to Nitrokey devices to users in this group.

Type: string

Default: "nitrokey"

Example: "wheel"

Declared by:

Enable kernel modesetting when using the NVIDIA proprietary driver.

Enabling this fixes screen tearing when using Optimus via PRIME (see hardware.nvidia.optimus_prime.enable. This is not enabled by default because it is not officially supported by NVIDIA and would not work with SLI.

Type: boolean

Default: false

Declared by:

Enable NVIDIA Optimus support using the NVIDIA proprietary driver via PRIME. If enabled, the NVIDIA GPU will be always on and used for all rendering, while enabling output to displays attached only to the integrated Intel GPU without a multiplexer.

Note that this option only has any effect if the "nvidia" driver is specified in services.xserver.videoDrivers, and it should preferably be the only driver there.

If this is enabled, then the bus IDs of the NVIDIA and Intel GPUs have to be specified (hardware.nvidia.optimus_prime.nvidiaBusId and hardware.nvidia.optimus_prime.intelBusId).

If you enable this, you may want to also enable kernel modesetting for the NVIDIA driver (hardware.nvidia.modesetting.enable) in order to prevent tearing.

Note that this configuration will only be successful when a display manager for which the services.xserver.displayManager.setupCommands option is supported is used; notably, SLiM is not supported.

Type: boolean

Default: false

Declared by:

Bus ID of the Intel GPU. You can find it using lspci; for example if lspci shows the Intel GPU at "00:02.0", set this option to "PCI:0:2:0".

Type: string

Default: ""

Example: "PCI:0:2:0"

Declared by:

Bus ID of the NVIDIA GPU. You can find it using lspci; for example if lspci shows the NVIDIA GPU at "01:00.0", set this option to "PCI:1:0:0".

Type: string

Default: ""

Example: "PCI:1:0:0"

Declared by:

Completely disable the NVIDIA graphics card and use the integrated graphics processor instead.

Type: boolean

Default: false

Declared by:

Enable OnlyKey device (https://crp.to/p/) support.

Type: boolean

Default: false

Declared by:

Whether to enable OpenGL drivers. This is needed to enable OpenGL support in X11 systems, as well as for Wayland compositors like sway, way-cooler and Weston. It is enabled by default by the corresponding modules, so you do not usually have to set it yourself, only if there is no module for your wayland compositor of choice. See services.xserver.enable, programs.sway.enable, and programs.way-cooler.enable.

Type: boolean

Default: false

Declared by:

Whether to enable accelerated OpenGL rendering through the Direct Rendering Interface (DRI).

Type: boolean

Default: true

Declared by:

On 64-bit systems, whether to support Direct Rendering for 32-bit applications (such as Wine). This is currently only supported for the nvidia and ati_unfree drivers, as well as Mesa.

Type: boolean

Default: false

Declared by:

Additional packages to add to OpenGL drivers. This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc.

Type: list of packages

Default: [ ]

Example:

with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ]

Declared by:

Additional packages to add to 32-bit OpenGL drivers on 64-bit systems. Used when driSupport32Bit is set. This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc.

Type: list of packages

Default: [ ]

Example:

with pkgs.pkgsi686Linux; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]

Declared by:

Make S3TC(S3 Texture Compression) via libtxc_dxtn available to OpenGL drivers instead of the patent-free S2TC replacement.

Using this library may require a patent license depending on your location.

Type: boolean

Default: false

Declared by:

This enables Parallels Tools for Linux guests, along with provided video, mouse and other hardware drivers.

Type: boolean

Default: false

Declared by:

Defines which package to use for prl-tools. Override to change the version.

Type: package

Default: "config.boot.kernelPackages.prl-tools"

Example:

config.boot.kernelPackages.prl-tools

Declared by:

Control prlfsmountd service. When this service is running, shares can not be manually mounted through `mount -t prl_fs ...` as this service will remount and trample any set options. Recommended to enable for simple file sharing, but extended share use such as for code should disable this to manually mount shares.

Type: boolean