configuration.nix - Man Page
NixOS system configuration specification
Description
The file /etc/nixos/configuration.nix contains the declarative specification of your NixOS system configuration. The command nixos-rebuild takes this file and realises the system configuration specified therein.
Options
You can use the following options in configuration.nix.
- appstream.enable
Whether to install files to support the AppStream metadata specification.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/appstream.nix>
- boot.enableContainers
Whether to enable support for NixOS containers. Defaults to true (at no cost if containers are not actually used).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- boot.binfmt.emulatedSystems
List of systems to emulate. Will also configure Nix to support your new systems. Warning: the builder can execute all emulated systems within the same build, which introduces impurities in the case of cross compilation.
Type: list of strings
Default: [ ]
Example: [ "wasm32-wasi" "x86_64-windows" "aarch64-linux" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
- boot.binfmt.registrations
Extra binary formats to register with the kernel. See https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html for more details.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
- boot.binfmt.registrations.<name>.fixBinary
Whether to open the interpreter file as soon as the registration is loaded, rather than waiting for a relevant file to be invoked.
See the description of the 'F' flag in the kernel docs for more details.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
- boot.binfmt.registrations.<name>.interpreter
The interpreter to invoke to run the program.
Note that the actual registration will point to /run/binfmt/${name}, so the kernel interpreter length limit doesn't apply.
Type: path
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
- boot.binfmt.registrations.<name>.magicOrExtension
The magic number or extension to match on.
Type: string
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
- boot.binfmt.registrations.<name>.mask
A mask to be ANDed with the byte sequence of the file before matching
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
- boot.binfmt.registrations.<name>.matchCredentials
Whether to launch with the credentials and security token of the binary, not the interpreter (e.g. setuid bit).
See the description of the 'C' flag in the kernel docs for more details.
Implies/requires openBinary = true.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
- boot.binfmt.registrations.<name>.offset
The byte offset of the magic number used for recognition.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
- boot.binfmt.registrations.<name>.openBinary
Whether to pass the binary to the interpreter as an open file descriptor, instead of a path.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
- boot.binfmt.registrations.<name>.preserveArgvZero
Whether to pass the original argv[0] to the interpreter.
See the description of the 'P' flag in the kernel docs for more details;
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
- boot.binfmt.registrations.<name>.recognitionType
Whether to recognize executables by magic number or extension.
Type: one of "magic", "extension"
Default: "magic"
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
- boot.blacklistedKernelModules
List of names of kernel modules that should not be loaded automatically by the hardware probing code.
Type: list of strings
Default: [ ]
Example: [ "cirrusfb" "i2c_piix4" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/modprobe.nix>
- boot.cleanTmpDir
Whether to delete all files in /tmp during boot.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/tmp.nix>
- boot.consoleLogLevel
The kernel console loglevel. All Kernel Messages with a log level smaller than this setting will be printed to the console.
Type: signed integer
Default: 4
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
- boot.crashDump.enable
If enabled, NixOS will set up a kernel that will boot on crash, and leave the user in systemd rescue to be able to save the crashed kernel dump at /proc/vmcore. It also activates the NMI watchdog.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/misc/crashdump.nix>
- boot.crashDump.kernelParams
Parameters that will be passed to the kernel kexec-ed on crash.
Type: list of strings
Default: [ "1" "boot.shell_on_fail" ]
Declared by:
<nixpkgs/nixos/modules/misc/crashdump.nix>
- boot.crashDump.reservedMemory
The amount of memory reserved for the crashdump kernel. If you choose a too high value, dmesg will mention "crashkernel reservation failed".
Type: string
Default: "128M"
Declared by:
<nixpkgs/nixos/modules/misc/crashdump.nix>
- boot.devShmSize
Size limit for the /dev/shm tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.
Type: string
Default: "50%"
Example: "256m"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-2.nix>
- boot.devSize
Size limit for the /dev tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.
Type: string
Default: "5%"
Example: "32m"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-2.nix>
- boot.extraModprobeConfig
Any additional configuration to be appended to the generated modprobe.conf. This is typically used to specify module options. See modprobe.d(5) for details.
Type: strings concatenated with "\n"
Default: ""
Example:
'' options parport_pc io=0x378 irq=7 dma=1 ''
Declared by:
<nixpkgs/nixos/modules/system/boot/modprobe.nix>
- boot.extraModulePackages
A list of additional packages supplying kernel modules.
Type: list of packages
Default: [ ]
Example: [ config.boot.kernelPackages.nvidia_x11 ]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
- boot.extraSystemdUnitPaths
Additional paths that get appended to the SYSTEMD_UNIT_PATH environment variable that can contain mutable unit files.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-2.nix>
- boot.growPartition
Whether to enable grow the root partition on boot.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/system/boot/grow-partition.nix>
- boot.hardwareScan
Whether to try to load kernel modules for all detected hardware. Usually this does a good job of providing you with the modules you need, but sometimes it can crash the system or cause other nasty effects.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
- boot.initrd.enable
Whether to enable the NixOS initial RAM disk (initrd). This may be needed to perform some initialisation tasks (like mounting network/encrypted file systems) before continuing the boot process.
Type: boolean
Default: !config.boot.isContainer
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
- boot.initrd.availableKernelModules
The set of kernel modules in the initial ramdisk used during the boot process. This set must include all modules necessary for mounting the root device. That is, it should include modules for the physical device (e.g., SCSI drivers) and for the file system (e.g., ext3). The set specified here is automatically closed under the module dependency relation, i.e., all dependencies of the modules list here are included automatically. The modules listed here are available in the initrd, but are only loaded on demand (e.g., the ext3 module is loaded automatically when an ext3 filesystem is mounted, and modules for PCI devices are loaded when they match the PCI ID of a device in your system). To force a module to be loaded, include it in boot.initrd.kernelModules.
Type: list of strings
Default: [ ]
Example: [ "sata_nv" "ext3" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
- boot.initrd.checkJournalingFS
Whether to run fsck on journaling filesystems such as ext3.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
- boot.initrd.compressor
The compressor to use on the initrd image. May be any of:
- The name of one of the predefined compressors, see pkgs/build-support/kernel/initrd-compressor-meta.nix for the definitions.
- A function which, given the nixpkgs package set, returns the path to a compressor tool, e.g. pkgs: "${pkgs.pigz}/bin/pigz"
- (not recommended, because it does not work when cross-compiling) the full path to a compressor tool, e.g. "${pkgs.pigz}/bin/pigz"
The given program should read data from stdin and write it to stdout compressed.
Type: unspecified
Default: zstd if the kernel supports it (5.9+), gzip if not
Example: "xz"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
- boot.initrd.compressorArgs
Arguments to pass to the compressor for the initrd image, or null to use the compressor's defaults.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
- boot.initrd.extraFiles
Extra files to link and copy in to the initrd.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
- boot.initrd.extraFiles.<name>.source
The object to make available inside the initrd.
Type: package
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
- boot.initrd.includeDefaultModules
This option, if set, adds a collection of default kernel modules to boot.initrd.availableKernelModules and boot.initrd.kernelModules.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
- boot.initrd.kernelModules
List of modules that are always loaded by the initrd.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
- boot.initrd.luks.cryptoModules
A list of cryptographic kernel modules needed to decrypt the root device(s). The default includes all common modules.
Type: list of strings
Default: [ "aes" "aes_generic" "blowfish" "twofish" "serpent" "cbc" "xts" "lrw" "sha1" "sha256" "sha512" "af_alg" "algif_skcipher" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices
The encrypted disk that should be opened before the root filesystem is mounted. Both LVM-over-LUKS and LUKS-over-LVM setups are supported. The unencrypted devices can be accessed as /dev/mapper/name.
Type: attribute set of submodules
Default: { }
Example: { luksroot = { device = "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08"; } ; }
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.allowDiscards
Whether to allow TRIM requests to the underlying device. This option has security implications; please read the LUKS documentation before activating it. This option is incompatible with authenticated encryption (dm-crypt stacked over dm-integrity).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.bypassWorkqueues
Whether to bypass dm-crypt's internal read and write workqueues. Enabling this should improve performance on SSDs; see here for more information. Needs Linux 5.9 or later.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.device
Path of the underlying encrypted block device.
Type: string
Example: "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.fallbackToPassword
Whether to fallback to interactive passphrase prompt if the keyfile cannot be found. This will prevent unattended boot should the keyfile go missing.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.fido2.credential
The FIDO2 credential ID.
Type: null or string
Default: null
Example: "f1d00200d8dc783f7fb1e10ace8da27f8312d72692abfca2f7e4960a73f48e82e1f7571f6ebfcee9fb434f9886ccc8fcc52a6614d8d2"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.fido2.gracePeriod
Time in seconds to wait for the FIDO2 key.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.fido2.passwordLess
Defines whatever to use an empty string as a default salt.
Enable only when your device is PIN protected, such as Trezor.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.gpgCard
The option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard. If null (the default), GPG-Smartcard will be disabled for this device.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.gpgCard.encryptedPass
Path to the GPG encrypted passphrase.
Type: path
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.gpgCard.gracePeriod
Time in seconds to wait for the GPG Smartcard.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.gpgCard.publicKey
Path to the Public Key.
Type: path
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.header
The name of the file or block device that should be used as header for the encrypted device.
Type: null or string
Default: null
Example: "/root/header.img"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.keyFile
The name of the file (can be a raw device or a partition) that should be used as the decryption key for the encrypted device. If not specified, you will be prompted for a passphrase instead.
Type: null or string
Default: null
Example: "/dev/sdb1"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.keyFileOffset
The offset of the key file. Use this in combination with keyFileSize to use part of a file as key file (often the case if a raw device or partition is used as a key file). If not specified, the key begins at the first byte of keyFile.
Type: null or signed integer
Default: null
Example: 4096
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.keyFileSize
The size of the key file. Use this if only the beginning of the key file should be used as a key (often the case if a raw device or partition is used as key file). If not specified, the whole keyFile will be used decryption, instead of just the first keyFileSize bytes.
Type: null or signed integer
Default: null
Example: 4096
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.postOpenCommands
Commands that should be run right after we have mounted our LUKS device.
Type: strings concatenated with "\n"
Default: ""
Example:
'' umount /tmp/persistent ''
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.preLVM
Whether the luksOpen will be attempted before LVM scan or after it.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.preOpenCommands
Commands that should be run right before we try to mount our LUKS device. This can be useful, if the keys needed to open the drive is on another partion.
Type: strings concatenated with "\n"
Default: ""
Example:
'' mkdir -p /tmp/persistent mount -t zfs rpool/safe/persistent /tmp/persistent ''
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.yubikey
The options to use for this LUKS device in YubiKey-PBA. If null (the default), YubiKey-PBA will be disabled for this device.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.yubikey.gracePeriod
Time in seconds to wait for the YubiKey.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.yubikey.iterationStep
How much the iteration count for PBKDF2 is increased at each successful authentication.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.yubikey.keyLength
Length of the LUKS slot key derived with PBKDF2 in byte.
Type: signed integer
Default: 64
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.yubikey.saltLength
Length of the new salt in byte (64 is the effective maximum).
Type: signed integer
Default: 16
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.yubikey.slot
Which slot on the YubiKey to challenge.
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.yubikey.storage.device
An unencrypted device that will temporarily be mounted in stage-1. Must contain the current salt to create the challenge for this LUKS device.
Type: path
Default: "/dev/sda1"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.yubikey.storage.fsType
The filesystem of the unencrypted device.
Type: string
Default: "vfat"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.yubikey.storage.path
Absolute path of the salt on the unencrypted device with that device's root directory as "/".
Type: string
Default: "/crypt-storage/default"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.devices.<name>.yubikey.twoFactor
Whether to use a passphrase and a YubiKey (true), or only a YubiKey (false).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.fido2Support
Enables support for authenticating with FIDO2 devices.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.gpgSupport
Enables support for authenticating with a GPG encrypted password.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.mitigateDMAAttacks
Unless enabled, encryption keys can be easily recovered by an attacker with physical access to any machine with PCMCIA, ExpressCard, ThunderBolt or FireWire port. More information is available at http://en.wikipedia.org/wiki/DMA_attack.
This option blacklists FireWire drivers, but doesn't remove them. You can manually load the drivers if you need to use a FireWire device, but don't forget to unload them!
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.reusePassphrases
When opening a new LUKS device try reusing last successful passphrase.
Useful for mounting a number of devices that use the same passphrase without retyping it several times.
Such setup can be useful if you use cryptsetup luksSuspend. Different LUKS devices will still have different master keys even when using the same passphrase.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.luks.yubikeySupport
Enables support for authenticating with a YubiKey on LUKS devices. See the NixOS wiki for information on how to properly setup a LUKS device and a YubiKey to work with this feature.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
- boot.initrd.mdadmConf
Contents of /etc/mdadm.conf in stage 1.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
- boot.initrd.network.enable
Add network connectivity support to initrd. The network may be configured using the ip kernel parameter, as described in the kernel documentation. Otherwise, if networking.useDHCP is enabled, an IP address is acquired using DHCP.
You should add the module(s) required for your network card to boot.initrd.availableKernelModules. lspci -v | grep -iA8 'network\|ethernet' will tell you which.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-network.nix>
- boot.initrd.network.flushBeforeStage2
Whether to clear the configuration of the interfaces that were set up in the initrd right before stage 2 takes over. Stage 2 will do the regular network configuration based on the NixOS networking options.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-network.nix>
- boot.initrd.network.openvpn.enable
Starts an OpenVPN client during initrd boot. It can be used to e.g. remotely accessing the SSH service controlled by boot.initrd.network.ssh or other network services included. Service is killed when stage-1 boot is finished.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-openvpn.nix>
- boot.initrd.network.openvpn.configuration
The configuration file for OpenVPN.
Warning
Unless your bootloader supports initrd secrets, this configuration is stored insecurely in the global Nix store.Type: path
Example: ./configuration.ovpn
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-openvpn.nix>
- boot.initrd.network.postCommands
Shell commands to be executed after stage 1 of the boot has initialised the network.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-network.nix>
- boot.initrd.network.ssh.enable
Start SSH service during initrd boot. It can be used to debug failing boot on a remote server, enter pasphrase for an encrypted partition etc. Service is killed when stage-1 boot is finished.
The sshd configuration is largely inherited from services.openssh.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
- boot.initrd.network.ssh.authorizedKeys
Authorized keys for the root user on initrd.
Type: list of strings
Default: config.users.users.root.openssh.authorizedKeys.keys
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
- boot.initrd.network.ssh.extraConfig
Verbatim contents of sshd_config.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
- boot.initrd.network.ssh.hostKeys
Specify SSH host keys to import into the initrd.
To generate keys, use ssh-keygen(1):
# ssh-keygen -t rsa -N "" -f /etc/secrets/initrd/ssh_host_rsa_key # ssh-keygen -t ed25519 -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key
Warning
Unless your bootloader supports initrd secrets, these keys are stored insecurely in the global Nix store. Do NOT use your regular SSH host private keys for this purpose or you'll expose them to regular users!Additionally, even if your initrd supports secrets, if you're using initrd SSH to unlock an encrypted disk then using your regular host keys exposes the private keys on your unencrypted boot partition.
Type: list of string or paths
Default: [ ]
Example: [ "/etc/secrets/initrd/ssh_host_rsa_key" "/etc/secrets/initrd/ssh_host_ed25519_key" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
- boot.initrd.network.ssh.port
Port on which SSH initrd service should listen.
Type: signed integer
Default: 22
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
- boot.initrd.network.ssh.shell
Login shell of the remote user. Can be used to limit actions user can do.
Type: string
Default: "/bin/ash"
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
- boot.initrd.network.udhcpc.extraArgs
Additional command-line arguments passed verbatim to udhcpc if boot.initrd.network.enable and networking.useDHCP are enabled.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-network.nix>
- boot.initrd.postDeviceCommands
Shell commands to be executed immediately after stage 1 of the boot has loaded kernel modules and created device nodes in /dev.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
- boot.initrd.postMountCommands
Shell commands to be executed immediately after the stage 1 filesystems have been mounted.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
- boot.initrd.preDeviceCommands
Shell commands to be executed before udev is started to create device nodes.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
- boot.initrd.preFailCommands
Shell commands to be executed before the failure prompt is shown.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
- boot.initrd.preLVMCommands
Shell commands to be executed immediately before LVM discovery.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
- boot.initrd.prepend
Other initrd files to prepend to the final initrd we are building.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
- boot.initrd.secrets
Secrets to append to the initrd. The attribute name is the path the secret should have inside the initrd, the value is the path it should be copied from (or null for the same path inside and out).
Type: attribute set of null or paths
Default: { }
Example:
{ "/etc/dropbear/dropbear_rsa_host_key" = ./secret-dropbear-key; }Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
- boot.initrd.supportedFilesystems
Names of supported filesystem types in the initial ramdisk.
Type: list of strings
Default: [ ]
Example: [ "btrfs" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
- boot.initrd.verbose
Verbosity of the initrd. Please note that disabling verbosity removes only the mandatory messages generated by the NixOS scripts. For a completely silent boot, you might also want to set the two following configuration options:
- boot.consoleLogLevel = 0;
- boot.kernelParams = [ "quiet" "udev.log_level=3" ];
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
- boot.isContainer
Whether this NixOS machine is a lightweight container running in another NixOS system.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- boot.iscsi-initiator.discoverPortal
iSCSI portal to boot from.
Type: null or string
Default: null
Example: "192.168.1.1:3260"
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
- boot.iscsi-initiator.extraConfig
Extra lines to append to /etc/iscsid.conf
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
- boot.iscsi-initiator.extraConfigFile
Append an additional file's contents to `/etc/iscsid.conf`. Use a non-store path and store passwords in this file. Note: the file specified here must be available in the initrd, see: `boot.initrd.secrets`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
- boot.iscsi-initiator.extraIscsiCommands
Extra iscsi commands to run in the initrd.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
- boot.iscsi-initiator.logLevel
Higher numbers elicits more logs.
Type: signed integer
Default: 1
Example: 8
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
- boot.iscsi-initiator.loginAll
Do not log into a specific target on the portal, but to all that we discover. This overrides setting target.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
- boot.iscsi-initiator.name
Name of the iSCSI initiator to boot from. Note, booting from iscsi requires networkd based networking.
Type: null or string
Default: null
Example: "iqn.2020-08.org.linux-iscsi.initiatorhost:example"
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
- boot.iscsi-initiator.target
Name of the iSCSI target to boot from.
Type: null or string
Default: null
Example: "iqn.2020-08.org.linux-iscsi.targethost:example"
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
- boot.kernel.randstructSeed
Provides a custom seed for the RANDSTRUCT security option of the Linux kernel. Note that RANDSTRUCT is only enabled in NixOS hardened kernels. Using a custom seed requires building the kernel and dependent packages locally, since this customization happens at build time.
Type: string
Default: ""
Example: "my secret seed"
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
- boot.kernel.sysctl
Runtime parameters of the Linux kernel, as set by sysctl(8). Note that sysctl parameters names must be enclosed in quotes (e.g. "vm.swappiness" instead of vm.swappiness). The value of each parameter may be a string, integer, boolean, or null (signifying the option will not appear at all).
Type: attribute set of sysctl option values
Default: { }
Example:
{ "net.ipv4.tcp_syncookies" = false; "vm.swappiness" = 60; }Declared by:
<nixpkgs/nixos/modules/config/sysctl.nix>
- boot.kernelModules
The set of kernel modules to be loaded in the second stage of the boot process. Note that modules that are needed to mount the root file system should be added to boot.initrd.availableKernelModules or boot.initrd.kernelModules.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
- boot.kernelPackages
This option allows you to override the Linux kernel used by NixOS. Since things like external kernel module packages are tied to the kernel you're using, it also overrides those. This option is a function that takes Nixpkgs as an argument (as a convenience), and returns an attribute set containing at the very least an attribute kernel. Additional attributes may be needed depending on your configuration. For instance, if you use the NVIDIA X driver, then it also needs to contain an attribute nvidia_x11.
Type: unspecified
Default: pkgs.linuxPackages
Example: pkgs.linuxKernel.packages.linux_5_10
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
- boot.kernelParams
Parameters added to the kernel command line.
Type: list of string, with spaces inside double quotess
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
- boot.kernelPatches
A list of additional patches to apply to the kernel.
Type: list of attribute sets
Default: [ ]
Example: [ pkgs.kernelPatches.ubuntu_fan_4_4 ]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
- boot.loader.efi.canTouchEfiVariables
Whether the installation process is allowed to modify EFI boot variables.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/efi.nix>
- boot.loader.efi.efiSysMountPoint
Where the EFI System Partition is mounted.
Type: string
Default: "/boot"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/efi.nix>
- boot.loader.generationsDir.enable
Whether to create symlinks to the system generations under /boot. When enabled, /boot/default/kernel, /boot/default/initrd, etc., are updated to point to the current generation's kernel image, initial RAM disk, and other bootstrap files.
This optional is not necessary with boot loaders such as GNU GRUB for which the menu is updated to point to the latest bootstrap files. However, it is needed for U-Boot on platforms where the boot command line is stored in flash memory rather than in a menu file.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix>
- boot.loader.generationsDir.copyKernels
Whether copy the necessary boot files into /boot, so /nix/store is not needed by the boot loader.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix>
- boot.loader.generic-extlinux-compatible.enable
Whether to generate an extlinux-compatible configuration file under /boot/extlinux.conf. For instance, U-Boot's generic distro boot support uses this file format.
See U-boot's documentation for more information.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible>
- boot.loader.generic-extlinux-compatible.configurationLimit
Maximum number of configurations in the boot menu.
Type: signed integer
Default: 20
Example: 10
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible>
- boot.loader.generic-extlinux-compatible.populateCmd
Contains the builder command used to populate an image, honoring all options except the -c <path-to-default-configuration> argument. Useful to have for sdImage.populateRootCommands
Type: string (read only)
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible>
- boot.loader.grub.enable
Whether to enable the GNU GRUB boot loader.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.enableCryptodisk
Enable support for encrypted partitions. GRUB should automatically unlock the correct encrypted partition and look for filesystems.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.backgroundColor
Background color to be used for GRUB to fill the areas the image isn't filling.
Note
This options has no effect for GRUB 1.Type: null or string
Default: null
Example: "#7EBAE4"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.configurationLimit
Maximum of configurations in boot menu. GRUB has problems when there are too many entries.
Type: signed integer
Default: 100
Example: 120
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.configurationName
GRUB entry name instead of default.
Type: string
Default: ""
Example: "Stable 2.6.21"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.copyKernels
Whether the GRUB menu builder should copy kernels and initial ramdisks to /boot. This is done automatically if /boot is on a different partition than /.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.default
Index of the default menu item to be booted. Can also be set to "saved", which will make GRUB select the menu item that was used at the last boot.
Type: signed integer or string
Default: "0"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.device
The device on which the GRUB boot loader will be installed. The special value nodev means that a GRUB boot menu will be generated, but GRUB itself will not actually be installed. To install GRUB on multiple devices, use boot.loader.grub.devices.
Type: string
Default: ""
Example: "/dev/disk/by-id/wwn-0x500001234567890a"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.devices
The devices on which the boot loader, GRUB, will be installed. Can be used instead of device to install GRUB onto multiple devices.
Type: list of strings
Default: [ ]
Example: [ "/dev/disk/by-id/wwn-0x500001234567890a" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.efiInstallAsRemovable
Whether to invoke grub-install with --removable.
Unless you turn this on, GRUB will install itself somewhere in boot.loader.efi.efiSysMountPoint (exactly where depends on other config variables). If you've set boot.loader.efi.canTouchEfiVariables *AND* you are currently booted in UEFI mode, then GRUB will use efibootmgr to modify the boot order in the EFI variables of your firmware to include this location. If you are *not* booted in UEFI mode at the time GRUB is being installed, the NVRAM will not be modified, and your system will not find GRUB at boot time. However, GRUB will still return success so you may miss the warning that gets printed ("efibootmgr: EFI variables are not supported on this system.").
If you turn this feature on, GRUB will install itself in a special location within efiSysMountPoint (namely EFI/boot/boot$arch.efi) which the firmwares are hardcoded to try first, regardless of NVRAM EFI variables.
To summarize, turn this on if:
- You are installing NixOS and want it to boot in UEFI mode, but you are currently booted in legacy mode
- You want to make a drive that will boot regardless of the NVRAM state of the computer (like a USB "removable" drive)
- You simply dislike the idea of depending on NVRAM state to make your drive bootable
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.efiSupport
Whether GRUB should be built with EFI support. EFI support is only available for GRUB v2. This option is ignored for GRUB v1.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.extraConfig
Additional GRUB commands inserted in the configuration file just before the menu entries.
Type: strings concatenated with "\n"
Default: ""
Example:
'' serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1 terminal_input --append serial terminal_output --append serial ''
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.extraEntries
Any additional entries you want added to the GRUB boot menu.
Type: strings concatenated with "\n"
Default: ""
Example:
'' # GRUB 1 example (not GRUB 2 compatible) title Windows chainloader (hd0,1)+1 # GRUB 2 example menuentry "Windows 7" { chainloader (hd0,4)+1 } # GRUB 2 with UEFI example, chainloading another distro menuentry "Fedora" { set root=(hd1,1) chainloader /efi/fedora/grubx64.efi } ''Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.extraEntriesBeforeNixOS
Whether extraEntries are included before the default option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.extraFiles
A set of files to be copied to /boot. Each attribute name denotes the destination file name in /boot, while the corresponding attribute value specifies the source file.
Type: attribute set of paths
Default: { }
Example:
{ "memtest.bin" = "${pkgs.memtest86plus}/memtest.bin"; }Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.extraGrubInstallArgs
Additional arguments passed to grub-install.
A use case for this is to build specific GRUB2 modules directly into the GRUB2 kernel image, so that they are available and activated even in the grub rescue shell.
They are also necessary when the BIOS/UEFI is bugged and cannot correctly read large disks (e.g. above 2 TB), so GRUB2's own nativedisk and related modules can be used to use its own disk drivers. The example shows one such case. This is also useful for booting from USB. See the GRUB source code for which disk modules are available.
The list elements are passed directly as argv arguments to the grub-install program, in order.
Type: list of strings
Default: [ ]
Example: [ "--modules=nativedisk ahci pata part_gpt part_msdos diskfilter mdraid1x lvm ext2" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.extraInstallCommands
Additional shell commands inserted in the bootloader installer script after generating menu entries.
Type: strings concatenated with "\n"
Default: ""
Example:
'' # the example below generates detached signatures that GRUB can verify # https://www.gnu.org/software/grub/manual/grub/grub.html#Using-digital-signatures ''${pkgs.findutils}/bin/find /boot -not -path "/boot/efi/*" -type f -name '*.sig' -delete old_gpg_home=$GNUPGHOME export GNUPGHOME="$(mktemp -d)" ''${pkgs.gnupg}/bin/gpg --import ''${priv_key} > /dev/null 2>&1 ''${pkgs.findutils}/bin/find /boot -not -path "/boot/efi/*" -type f -exec ''${pkgs.gnupg}/bin/gpg --detach-sign "{}" \; > /dev/null 2>&1 rm -rf $GNUPGHOME export GNUPGHOME=$old_gpg_home ''Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.extraPerEntryConfig
Additional GRUB commands inserted in the configuration file at the start of each NixOS menu entry.
Type: strings concatenated with "\n"
Default: ""
Example: "root (hd0)"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.extraPrepareConfig
Additional bash commands to be run at the script that prepares the GRUB menu entries.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.font
Path to a TrueType, OpenType, or pf2 font to be used by Grub.
Type: null or path
Default: "${pkgs.grub2}/share/grub/unicode.pf2"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.fontSize
Font size for the grub menu. Ignored unless font is set to a ttf or otf font.
Type: null or signed integer
Default: null
Example: 16
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.forceInstall
Whether to try and forcibly install GRUB even if problems are detected. It is not recommended to enable this unless you know what you are doing.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.forcei686
Whether to force the use of a ia32 boot loader on x64 systems. Required to install and run NixOS on 64bit x86 systems with 32bit (U)EFI.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.fsIdentifier
Determines how GRUB will identify devices when generating the configuration file. A value of uuid / label signifies that grub will always resolve the uuid or label of the device before using it in the configuration. A value of provided means that GRUB will use the device name as show in df or mount. Note, zfs zpools / datasets are ignored and will always be mounted using their labels.
Type: one of "uuid", "label", "provided"
Default: "uuid"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.gfxmodeBios
The gfxmode to pass to GRUB when loading a graphical boot interface under BIOS.
Type: string
Default: "1024x768"
Example: "auto"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.gfxmodeEfi
The gfxmode to pass to GRUB when loading a graphical boot interface under EFI.
Type: string
Default: "auto"
Example: "1024x768"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.gfxpayloadBios
The gfxpayload to pass to GRUB when loading a graphical boot interface under BIOS.
Type: string
Default: "text"
Example: "keep"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.gfxpayloadEfi
The gfxpayload to pass to GRUB when loading a graphical boot interface under EFI.
Type: string
Default: "keep"
Example: "text"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.ipxe
Set of iPXE scripts available for booting from the GRUB boot menu.
Type: attribute set of path or strings
Default: { }
Example:
{ demo = '' #!ipxe dhcp chain http://boot.ipxe.org/demo/boot.php ''; }Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/ipxe.nix>
- boot.loader.grub.memtest86.enable
Make Memtest86+ (or MemTest86 if EFI support is enabled), a memory testing program, available from the GRUB boot menu. MemTest86 is an unfree program, so this requires allowUnfree to be set to true.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/memtest.nix>
- boot.loader.grub.memtest86.params
Parameters added to the Memtest86+ command line. As of memtest86+ 5.01 the following list of (apparently undocumented) parameters are accepted:
- console=..., set up a serial console. Examples: console=ttyS0, console=ttyS0,9600 or console=ttyS0,115200n8.
- btrace, enable boot trace.
- maxcpus=N, limit number of CPUs.
- onepass, run one pass and exit if there are no errors.
- tstlist=..., list of tests to run. Example: 0,1,2.
- cpumask=..., set a CPU mask, to select CPUs to use for testing.
This list of command line options was obtained by reading the Memtest86+ source code.
Type: list of strings
Default: [ ]
Example: [ "console=ttyS0,115200" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/memtest.nix>
- boot.loader.grub.mirroredBoots
Mirror the boot configuration to multiple partitions and install grub to the respective devices corresponding to those partitions.
Type: list of submodules
Default: [ ]
Example: [ { devices = [ "/dev/disk/by-id/wwn-0x500001234567890a" ] ; path = "/boot1"; } { devices = [ "/dev/disk/by-id/wwn-0x500009876543210a" ] ; path = "/boot2"; } ]
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.mirroredBoots.*.devices
The path to the devices which will have the GRUB MBR written. Note these are typically device paths and not paths to partitions.
Type: list of strings
Default: [ ]
Example: [ "/dev/disk/by-id/wwn-0x500001234567890a" "/dev/disk/by-id/wwn-0x500009876543210a" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.mirroredBoots.*.efiBootloaderId
The id of the bootloader to store in efi nvram. The default is to name it NixOS and append the path or efiSysMountPoint. This is only used if boot.loader.efi.canTouchEfiVariables is true.
Type: null or string
Default: null
Example: "NixOS-fsid"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.mirroredBoots.*.efiSysMountPoint
The path to the efi system mount point. Usually this is the same partition as the above path and can be left as null.
Type: null or string
Default: null
Example: "/boot1/efi"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.mirroredBoots.*.path
The path to the boot directory where GRUB will be written. Generally this boot path should double as an EFI path.
Type: string
Example: "/boot1"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.splashImage
Background image used for GRUB. Set to null to run GRUB in text mode.
Note
For grub 1: It must be a 640x480, 14-colour image in XPM format, optionally compressed with gzip or bzip2.Note
For grub 2: File must be one of .png, .tga, .jpg, or .jpeg. JPEG images must not be progressive. The image will be scaled if necessary to fit the screen.Type: null or path
Example: ./my-background.png
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.splashMode
Whether to stretch the image or show the image in the top-left corner unstretched.
Note
This options has no effect for GRUB 1.Type: one of "normal", "stretch"
Default: "stretch"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.storePath
Path to the Nix store when looking for kernels at boot. Only makes sense when copyKernels is false.
Type: string
Default: "/nix/store"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.theme
Grub theme to be used.
Note
This options has no effect for GRUB 1.Type: null or path
Default: null
Example: pkgs.nixos-grub2-theme
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.trustedBoot.enable
Enable trusted boot. GRUB will measure all critical components during the boot process to offer TCG (TPM) support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.trustedBoot.isHPLaptop
Use a special version of TrustedGRUB that is needed by some HP laptops and works only for the HP laptops.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.trustedBoot.systemHasTPM
Assertion that the target system has an activated TPM. It is a safety check before allowing the activation of 'trustedBoot.enable'. TrustedBoot WILL FAIL TO BOOT YOUR SYSTEM if no TPM is available.
Type: string
Default: ""
Example: "YES_TPM_is_activated"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.useOSProber
If set to true, append entries for other OSs detected by os-prober.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.users
User accounts for GRUB. When specified, the GRUB command line and all boot options except the default are password-protected. All passwords and hashes provided will be stored in /boot/grub/grub.cfg, and will be visible to any local user who can read this file. Additionally, any passwords and hashes provided directly in a Nix configuration (as opposed to external files) will be copied into the Nix store, and will be visible to all local users.
Type: attribute set of submodules
Default: { }
Example: { root = { hashedPasswordFile = "/path/to/file"; } ; }
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.users.<name>.hashedPassword
Specifies the password hash for the account, generated with grub-mkpasswd-pbkdf2. This hash will be copied to the Nix store, and will be visible to all local users.
Type: null or string
Default: null
Example: "grub.pbkdf2.sha512.10000.674DFFDEF76E13EA...2CC972B102CF4355"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.users.<name>.hashedPasswordFile
Specifies the path to a file containing the password hash for the account, generated with grub-mkpasswd-pbkdf2. This hash will be stored in /boot/grub/grub.cfg, and will be visible to any local user who can read this file.
Type: null or string
Default: null
Example: "/path/to/file"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.users.<name>.password
Specifies the clear text password for the account. This password will be copied to the Nix store, and will be visible to all local users.
Type: null or string
Default: null
Example: "Pa$$w0rd!"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.users.<name>.passwordFile
Specifies the path to a file containing the clear text password for the account. This password will be stored in /boot/grub/grub.cfg, and will be visible to any local user who can read this file.
Type: null or string
Default: null
Example: "/path/to/file"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.version
The version of GRUB to use: 1 for GRUB Legacy (versions 0.9x), or 2 (the default) for GRUB 2.
Type: signed integer
Default: 2
Example: 1
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.grub.zfsSupport
Whether GRUB should be built against libzfs. ZFS support is only available for GRUB v2. This option is ignored for GRUB v1.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
- boot.loader.initScript.enable
Some systems require a /sbin/init script which is started. Or having it makes starting NixOS easier. This applies to some kind of hosting services and user mode linux.
Additionally this script will create /boot/init-other-configurations-contents.txt containing contents of remaining configurations. You can copy paste them into /sbin/init manually running a rescue system or such.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/init-script/init-script.nix>
- boot.loader.raspberryPi.enable
Whether to create files with the system generations in /boot. /boot/old will hold files from old generations.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>
- boot.loader.raspberryPi.firmwareConfig
Extra options that will be appended to /boot/config.txt file. For possible values, see: https://www.raspberrypi.org/documentation/configuration/config-txt/
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>
- boot.loader.raspberryPi.uboot.enable
Enable using uboot as bootmanager for the raspberry pi.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>
- boot.loader.raspberryPi.uboot.configurationLimit
Maximum number of configurations in the boot menu.
Type: signed integer
Default: 20
Example: 10
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>
- boot.loader.raspberryPi.version
Type: one of 0, 1, 2, 3, 4
Default: 2
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>
- boot.loader.systemd-boot.enable
Whether to enable the systemd-boot (formerly gummiboot) EFI boot manager
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
- boot.loader.systemd-boot.configurationLimit
Maximum number of latest generations in the boot menu. Useful to prevent boot partition running out of disk space.
null means no limit i.e. all generations that were not garbage collected yet.
Type: null or signed integer
Default: null
Example: 120
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
- boot.loader.systemd-boot.consoleMode
The resolution of the console. The following values are valid:
- "0": Standard UEFI 80x25 mode
- "1": 80x50 mode, not supported by all devices
- "2": The first non-standard mode provided by the device firmware, if any
- "auto": Pick a suitable mode automatically using heuristics
- "max": Pick the highest-numbered available mode
- "keep": Keep the mode selected by firmware (the default)
Type: one of "0", "1", "2", "auto", "max", "keep"
Default: "keep"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
- boot.loader.systemd-boot.editor
Whether to allow editing the kernel command-line before boot. It is recommended to set this to false, as it allows gaining root access by passing init=/bin/sh as a kernel parameter. However, it is enabled by default for backwards compatibility.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
- boot.loader.systemd-boot.graceful
Invoke bootctl install with the --graceful option, which ignores errors when EFI variables cannot be written or when the EFI System Partition cannot be found. Currently only applies to random seed operations.
Only enable this option if systemd-boot otherwise fails to install, as the scope or implication of the --graceful option may change in the future.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
- boot.loader.systemd-boot.memtest86.enable
Make MemTest86 available from the systemd-boot menu. MemTest86 is a program for testing memory. MemTest86 is an unfree program, so this requires allowUnfree to be set to true.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
- boot.loader.timeout
Timeout (in seconds) until loader boots the default menu item. Use null if the loader menu should be displayed indefinitely.
Type: null or signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/loader.nix>
- boot.plymouth.enable
Whether to enable Plymouth boot splash screen.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/system/boot/plymouth.nix>
- boot.plymouth.extraConfig
Literal string to append to configFile and the config file generated by the plymouth module.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/plymouth.nix>
- boot.plymouth.font
Font file made available for displaying text on the splash screen.
Type: path
Default: "${pkgs.dejavu_fonts.minimal}/share/fonts/truetype/DejaVuSans.ttf"
Declared by:
<nixpkgs/nixos/modules/system/boot/plymouth.nix>
- boot.plymouth.logo
Logo which is displayed on the splash screen.
Type: path
Default:
pkgs.fetchurl { url = "https://nixos.org/logo/nixos-hires.png"; sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si"; }Declared by:
<nixpkgs/nixos/modules/system/boot/plymouth.nix>
- boot.plymouth.theme
Splash screen theme.
Type: string
Default: "bgrt"
Declared by:
<nixpkgs/nixos/modules/system/boot/plymouth.nix>
- boot.plymouth.themePackages
Extra theme packages for plymouth.
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/plymouth.nix>
- boot.postBootCommands
Shell commands to be executed just before systemd is started.
Type: strings concatenated with "\n"
Default: ""
Example: "rm -f /var/log/messages"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-2.nix>
- boot.resumeDevice
Device for manual resume attempt during boot. This should be used primarily if you want to resume from file. If left empty, the swap partitions are used. Specify here the device where the file resides. You should also use boot.kernelParams to specify resume_offset.
Type: string
Default: ""
Example: "/dev/sda3"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
- boot.runSize
Size limit for the /run tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.
Type: string
Default: "25%"
Example: "256m"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-2.nix>
- boot.specialFileSystems.<name>.depends
List of paths that should be mounted before this one. This filesystem's device and mountPoint are always checked and do not need to be included explicitly. If a path is added to this list, any other filesystem whose mount point is a parent of the path will be mounted before this filesystem. The paths do not need to actually be the mountPoint of some other filesystem.
Type: list of string (with check: non-empty without trailing slash)s
Default: [ ]
Example: [ "/persist" ]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- boot.specialFileSystems.<name>.device
Location of the device.
Type: null or string (with check: non-empty)
Default: null
Example: "/dev/sda"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- boot.specialFileSystems.<name>.fsType
Type of the file system.
Type: string (with check: non-empty)
Default: "auto"
Example: "ext3"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- boot.specialFileSystems.<name>.mountPoint
Location of the mounted the file system.
Type: string (with check: non-empty without trailing slash)
Example: "/mnt/usb"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- boot.specialFileSystems.<name>.options
Options used to mount the file system.
Type: list of string (with check: non-empty)s
Default: [ "defaults" ]
Example: [ "data=journal" ]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- boot.supportedFilesystems
Names of supported filesystem types.
Type: list of strings
Default: [ ]
Example: [ "btrfs" ]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- boot.systemdExecutable
The program to execute to start systemd. Typically systemd, which will find systemd in the PATH.
Type: string
Default: "systemd"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-2.nix>
- boot.tmpOnTmpfs
Whether to mount a tmpfs on /tmp during boot.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/tmp.nix>
- boot.tmpOnTmpfsSize
Size of tmpfs in percentage. Percentage is defined by systemd.
Type: string or positive integer, meaning >0
Default: "50%"
Declared by:
<nixpkgs/nixos/modules/system/boot/tmp.nix>
- boot.vesa
(Deprecated) This option, if set, activates the VESA 800x600 video mode on boot and disables kernel modesetting. It is equivalent to specifying [ "vga=0x317" "nomodeset" ] in the boot.kernelParams option. This option is deprecated as of 2020: Xorg now works better with modesetting, and you might want a different VESA vga setting, anyway.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
- boot.zfs.enableUnstable
Use the unstable zfs package. This might be an option, if the latest kernel is not yet supported by a published release of ZFS. Enabling this option will install a development version of ZFS on Linux. The version will have already passed an extensive test suite, but it is more likely to hit an undiscovered bug compared to running a released version of ZFS on Linux.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
- boot.zfs.enabled
True if ZFS filesystem support is enabled
Type: boolean (read only)
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
- boot.zfs.package
Configured ZFS userland tools package.
Type: package (read only)
Default: if config.boot.zfs.enableUnstable then pkgs.zfsUnstable else pkgs.zfs
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
- boot.zfs.devNodes
Name of directory from which to import ZFS devices.
This should be a path under /dev containing stable names for all devices needed, as import may fail if device nodes are renamed concurrently with a device failing.
Type: path
Default: "/dev/disk/by-id"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
- boot.zfs.extraPools
Name or GUID of extra ZFS pools that you wish to import during boot.
Usually this is not necessary. Instead, you should set the mountpoint property of ZFS filesystems to legacy and add the ZFS filesystems to NixOS's fileSystems option, which makes NixOS automatically import the associated pool.
However, in some cases (e.g. if you have many filesystems) it may be preferable to exclusively use ZFS commands to manage filesystems. If so, since NixOS/systemd will not be managing those filesystems, you will need to specify the ZFS pool here so that NixOS automatically imports it on every boot.
Type: list of strings
Default: [ ]
Example: [ "tank" "data" ]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
- boot.zfs.forceImportAll
Forcibly import all ZFS pool(s).
If you set this option to false and NixOS subsequently fails to import your non-root ZFS pool(s), you should manually import each pool with "zpool import -f <pool-name>", and then reboot. You should only need to do this once.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
- boot.zfs.forceImportRoot
Forcibly import the ZFS root pool(s) during early boot.
This is enabled by default for backwards compatibility purposes, but it is highly recommended to disable this option, as it bypasses some of the safeguards ZFS uses to protect your ZFS pools.
If you set this option to false and NixOS subsequently fails to boot because it cannot import the root pool, you should boot with the zfs_force=1 option as a kernel parameter (e.g. by manually editing the kernel params in grub during boot). You should only need to do this once.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
- boot.zfs.requestEncryptionCredentials
If true on import encryption keys or passwords for all encrypted datasets are requested. To only decrypt selected datasets supply a list of dataset names instead. For root pools the encryption key can be supplied via both an interactive prompt (keylocation=prompt) and from a file (keylocation=file://).
Type: boolean or list of strings
Default: true
Example: [ "tank" "data" ]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
- console.packages
List of additional packages that provide console fonts, keymaps and other resources for virtual consoles use.
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/config/console.nix>
- console.colors
The 16 colors palette used by the virtual consoles. Leave empty to use the default colors. Colors must be in hexadecimal format and listed in order from color 0 to color 15.
Type: list of strings
Default: [ ]
Example: [ "002b36" "dc322f" "859900" "b58900" "268bd2" "d33682" "2aa198" "eee8d5" "002b36" "cb4b16" "586e75" "657b83" "839496" "6c71c4" "93a1a1" "fdf6e3" ]
Declared by:
<nixpkgs/nixos/modules/config/console.nix>
- console.earlySetup
Enable setting virtual console options as early as possible (in initrd).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/console.nix>
- console.font
The font used for the virtual consoles. Leave empty to use whatever the setfont program considers the default font. Can be either a font name or a path to a PSF font file.
Type: string or path
Default: "Lat2-Terminus16"
Example: "LatArCyrHeb-16"
Declared by:
<nixpkgs/nixos/modules/config/console.nix>
- console.keyMap
The keyboard mapping table for the virtual consoles.
Type: string or path
Default: "us"
Example: "fr"
Declared by:
<nixpkgs/nixos/modules/config/console.nix>
- console.useXkbConfig
If set, configure the virtual console keymap from the xserver keyboard settings.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/console.nix>
- containers
A set of NixOS system configurations to be run as lightweight containers. Each container appears as a service container-name on the host system, allowing it to be started and stopped via systemctl.
Type: attribute set of submodules
Default: { }
Example:
{ webserver = { path = "/nix/var/nix/profiles/webserver"; }; database = { config = { config, pkgs, ... }: { services.postgresql.enable = true; services.postgresql.package = pkgs.postgresql_9_6; system.stateVersion = "17.03"; }; }; }Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.enableTun
Allows the container to create and setup tunnel interfaces by granting the NET_ADMIN capability and enabling access to /dev/net/tun.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.additionalCapabilities
Grant additional capabilities to the container. See the capabilities(7) and systemd-nspawn(1) man pages for more information.
Type: list of strings
Default: [ ]
Example: [ "CAP_NET_ADMIN" "CAP_MKNOD" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.allowedDevices
A list of device nodes to which the containers has access to.
Type: list of submodules
Default: [ ]
Example: [ { modifier = "rw"; node = "/dev/net/tun"; } ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.allowedDevices.*.modifier
Device node access modifier. Takes a combination r (read), w (write), and m (mknod). See the systemd.resource-control(5) man page for more information.
Type: string
Example: "rw"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.allowedDevices.*.node
Path to device node
Type: string
Example: "/dev/net/tun"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.autoStart
Whether the container is automatically started at boot-time.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.bindMounts
An extra list of directories that is bound to the container.
Type: attribute set of submodules
Default: { }
Example:
{ "/home" = { hostPath = "/home/alice"; isReadOnly = false; }; }Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.bindMounts.<name>.hostPath
Location of the host path to be mounted.
Type: null or string
Default: null
Example: "/home/alice"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.bindMounts.<name>.isReadOnly
Determine whether the mounted path will be accessed in read-only mode.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.bindMounts.<name>.mountPoint
Mount point on the container file system.
Type: string
Example: "/mnt/usb"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.config
A specification of the desired configuration of this container, as a NixOS module.
Type: Toplevel NixOS config
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.ephemeral
Runs container in ephemeral mode with the empty root filesystem at boot. This way container will be bootstrapped from scratch on each boot and will be cleaned up on shutdown leaving no traces behind. Useful for completely stateless, reproducible containers.
Note that this option might require to do some adjustments to the container configuration, e.g. you might want to set systemd.network.networks.$interface.dhcpV4Config.ClientIdentifier to "mac" if you use macvlans option. This way dhcp client identifier will be stable between the container restarts.
Note that the container journal will not be linked to the host if this option is enabled.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.extraFlags
Extra flags passed to the systemd-nspawn command. See systemd-nspawn(1) for details.
Type: list of strings
Default: [ ]
Example: [ "--drop-capability=CAP_SYS_CHROOT" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.extraVeths
Extra veth-pairs to be created for the container.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.extraVeths.<name>.forwardPorts
List of forwarded ports from host to container. Each forwarded port is specified by protocol, hostPort and containerPort. By default, protocol is tcp and hostPort and containerPort are assumed to be the same if containerPort is not explicitly given.
Type: list of submodules
Default: [ ]
Example: [ { containerPort = 80; hostPort = 8080; protocol = "tcp"; } ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.extraVeths.<name>.forwardPorts.*.containerPort
Target port of container
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.extraVeths.<name>.forwardPorts.*.hostPort
Source port of the external interface on host
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.extraVeths.<name>.forwardPorts.*.protocol
The protocol specifier for port forwarding between host and container
Type: string
Default: "tcp"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.extraVeths.<name>.hostAddress
The IPv4 address assigned to the host interface. (Not used when hostBridge is set.)
Type: null or string
Default: null
Example: "10.231.136.1"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.extraVeths.<name>.hostAddress6
The IPv6 address assigned to the host interface. (Not used when hostBridge is set.)
Type: null or string
Default: null
Example: "fc00::1"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.extraVeths.<name>.hostBridge
Put the host-side of the veth-pair into the named bridge. Only one of hostAddress* or hostBridge can be given.
Type: null or string
Default: null
Example: "br0"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.extraVeths.<name>.localAddress
The IPv4 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /32 and routing is set up from localAddress to hostAddress and back.
Type: null or string
Default: null
Example: "10.231.136.2"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.extraVeths.<name>.localAddress6
The IPv6 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /128 and routing is set up from localAddress6 to hostAddress6 and back.
Type: null or string
Default: null
Example: "fc00::2"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.forwardPorts
List of forwarded ports from host to container. Each forwarded port is specified by protocol, hostPort and containerPort. By default, protocol is tcp and hostPort and containerPort are assumed to be the same if containerPort is not explicitly given.
Type: list of submodules
Default: [ ]
Example: [ { containerPort = 80; hostPort = 8080; protocol = "tcp"; } ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.forwardPorts.*.containerPort
Target port of container
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.forwardPorts.*.hostPort
Source port of the external interface on host
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.forwardPorts.*.protocol
The protocol specifier for port forwarding between host and container
Type: string
Default: "tcp"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.hostAddress
The IPv4 address assigned to the host interface. (Not used when hostBridge is set.)
Type: null or string
Default: null
Example: "10.231.136.1"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.hostAddress6
The IPv6 address assigned to the host interface. (Not used when hostBridge is set.)
Type: null or string
Default: null
Example: "fc00::1"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.hostBridge
Put the host-side of the veth-pair into the named bridge. Only one of hostAddress* or hostBridge can be given.
Type: null or string
Default: null
Example: "br0"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.interfaces
The list of interfaces to be moved into the container.
Type: list of strings
Default: [ ]
Example: [ "eth1" "eth2" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.localAddress
The IPv4 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /32 and routing is set up from localAddress to hostAddress and back.
Type: null or string
Default: null
Example: "10.231.136.2"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.localAddress6
The IPv6 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /128 and routing is set up from localAddress6 to hostAddress6 and back.
Type: null or string
Default: null
Example: "fc00::2"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.macvlans
The list of host interfaces from which macvlans will be created. For each interface specified, a macvlan interface will be created and moved to the container.
Type: list of strings
Default: [ ]
Example: [ "eth1" "eth2" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.nixpkgs
A path to the nixpkgs that provide the modules, pkgs and lib for evaluating the container.
To only change the pkgs argument used inside the container modules, set the nixpkgs.* options in the container config. Setting config.nixpkgs.pkgs = pkgs speeds up the container evaluation by reusing the system pkgs, but the nixpkgs.config option in the container config is ignored in this case.
Type: path
Default: pkgs.path
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.path
As an alternative to specifying config, you can specify the path to the evaluated NixOS system configuration, typically a symlink to a system profile.
Type: path
Example: "/nix/var/nix/profiles/per-container/webserver"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.privateNetwork
Whether to give the container its own private virtual Ethernet interface. The interface is called eth0, and is hooked up to the interface ve-container-name on the host. If this option is not set, then the container shares the network interfaces of the host, and can bind to any port on any interface.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.timeoutStartSec
Time for the container to start. In case of a timeout, the container processes get killed. See systemd.time(7) for more information about the format.
Type: string
Default: "1min"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- containers.<name>.tmpfs
Mounts a set of tmpfs file systems into the container. Multiple paths can be specified. Valid items must conform to the --tmpfs argument of systemd-nspawn. See systemd-nspawn(1) for details.
Type: list of strings
Default: [ ]
Example: [ "/var" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
- documentation.enable
Whether to install documentation of packages from environment.systemPackages into the generated system path.
See "Multiple-output packages" chapter in the nixpkgs manual for more info.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
- documentation.dev.enable
Whether to install documentation targeted at developers.
- This includes man pages targeted at developers if documentation.man.enable is set (this also includes "devman" outputs).
- This includes info pages targeted at developers if documentation.info.enable is set (this also includes "devinfo" outputs).
- This includes other pages targeted at developers if documentation.doc.enable is set (this also includes "devdoc" outputs).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
- documentation.doc.enable
Whether to install documentation distributed in packages' /share/doc. Usually plain text and/or HTML. This also includes "doc" outputs.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
- documentation.info.enable
Whether to install info pages and the info command. This also includes "info" outputs.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
- documentation.man.enable
Whether to install manual pages and the man command. This also includes "man" outputs.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
- documentation.man.generateCaches
Whether to generate the manual page index caches using mandb(8). This allows searching for a page or keyword using utilities like apropos(1).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
- documentation.man.manualPages
The manual pages to generate caches for if generateCaches is enabled. Must be a path to a directory with man pages under /share/man; see the source for an example. Advanced users can make this a content-addressed derivation to save a few rebuilds.
Type: path
Default: all man pages in config.environment.systemPackages
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
- documentation.nixos.enable
Whether to install NixOS's own documentation.
- This includes man pages like configuration.nix(5) if documentation.man.enable is set.
- This includes the HTML manual and the nixos-help command if documentation.doc.enable is set.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
- documentation.nixos.extraModuleSources
Which extra NixOS module paths the generated NixOS's documentation should strip from options.
Type: list of path or strings
Default: [ ]
Example:
# e.g. with options from modules in ${pkgs.customModules}/nix: [ pkgs.customModules ]Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
- documentation.nixos.includeAllModules
Whether the generated NixOS's documentation should include documentation for all the options from all the NixOS modules included in the current configuration.nix. Disabling this will make the manual generator to ignore options defined outside of baseModules.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
- dysnomia.enable
Whether to enable Dysnomia
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
- dysnomia.enableAuthentication
Whether to publish privacy-sensitive authentication credentials
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
- dysnomia.enableLegacyModules
Whether to enable Dysnomia legacy process and wrapper modules
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
- dysnomia.package
The Dysnomia package
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
- dysnomia.components
An atttribute set in which each key represents a container and each value an attribute set in which each key represents a component and each value a derivation constructing its initial state
Type: unspecified
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
- dysnomia.containers
An attribute set in which each key represents a container and each value an attribute set providing its configuration properties
Type: unspecified
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
- dysnomia.extraContainerPaths
A list of paths containing additional container configurations that are added to the search folders
Type: unspecified
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
- dysnomia.extraContainerProperties
An attribute set providing additional container settings in addition to the default properties
Type: unspecified
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
- dysnomia.extraModulePaths
A list of paths containing additional modules that are added to the search folders
Type: unspecified
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
- dysnomia.properties
An attribute set in which each attribute represents a machine property. Optionally, these values can be shell substitutions.
Type: unspecified
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
- ec2.zfs.datasets
Datasets to create under the `tank` and `boot` zpools.
**NOTE:** This option is used only at image creation time, and does not attempt to declaratively create or manage datasets on an existing system.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/amazon-options.nix>
- ec2.zfs.datasets.<name>.mount
Where to mount this dataset.
Type: null or Concatenated string
Default: null
Declared by:
<nixpkgs/nixos/modules/virtualisation/amazon-options.nix>
- ec2.zfs.datasets.<name>.properties
Properties to set on this dataset.
Type: attribute set of Concatenated strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/amazon-options.nix>
- environment.enableDebugInfo
Some NixOS packages provide debug symbols. However, these are not included in the system closure by default to save disk space. Enabling this option causes the debug symbols to appear in /run/current-system/sw/lib/debug/.build-id, where tools such as gdb can find them. If you need debug symbols for a package that doesn't provide them by default, you can enable them as follows:
nixpkgs.config.packageOverrides = pkgs: { hello = pkgs.hello.overrideAttrs (oldAttrs: { separateDebugInfo = true; }); };Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/debug-info.nix>
- environment.checkConfigurationOptions
Alias of _module.check.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/rename.nix>
- environment.cinnamon.excludePackages
Which packages cinnamon should exclude from the default environment
Type: list of packages
Default: [ ]
Example: [ pkgs.cinnamon.blueberry ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/cinnamon.nix>
- environment.defaultPackages
Set of default packages that aren't strictly necessary for a running system, entries can be removed for a more minimal NixOS installation.
Note: If pkgs.nano is removed from this list, make sure another editor is installed and the EDITOR environment variable is set to it. Environment variables can be set using environment.variables.
Like with systemPackages, packages are installed to /run/current-system/sw. They are automatically available to all users, and are automatically updated every time you rebuild the system configuration.
Type: list of packages
Default: [ (build of nano-5.9) (build of perl-5.34.0) (build of rsync-3.2.3) (build of strace-5.16) ]
Example: [ ]
Declared by:
<nixpkgs/nixos/modules/config/system-path.nix>
- environment.etc
Set of files that have to be linked in /etc.
Type: attribute set of submodules
Default: { }
Example:
{ example-configuration-file = { source = "/nix/store/.../etc/dir/file.conf.example"; mode = "0440"; }; "default/useradd".text = "GROUP=100 ..."; }Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
- environment.etc.<name>.enable
Whether this /etc file should be generated. This option allows specific /etc files to be disabled.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
- environment.etc.<name>.gid
GID of created file. Only takes effect when the file is copied (that is, the mode is not 'symlink').
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
- environment.etc.<name>.group
Group name of created file. Only takes effect when the file is copied (that is, the mode is not 'symlink'). Changing this option takes precedence over gid.
Type: string
Default: "+0"
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
- environment.etc.<name>.mode
If set to something else than symlink, the file is copied instead of symlinked, with the given file mode.
Type: string
Default: "symlink"
Example: "0600"
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
- environment.etc.<name>.source
Path of the source file.
Type: path
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
- environment.etc.<name>.target
Name of symlink (relative to /etc). Defaults to the attribute name.
Type: string
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
- environment.etc.<name>.text
Text of the file.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
- environment.etc.<name>.uid
UID of created file. Only takes effect when the file is copied (that is, the mode is not 'symlink').
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
- environment.etc.<name>.user
User name of created file. Only takes effect when the file is copied (that is, the mode is not 'symlink'). Changing this option takes precedence over uid.
Type: string
Default: "+0"
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
- environment.extraInit
Shell script code called during global environment initialisation after all variables and profileVariables have been set. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
- environment.extraOutputsToInstall
List of additional package outputs to be symlinked into /run/current-system/sw.
Type: list of strings
Default: [ ]
Example: [ "doc" "info" "devdoc" ]
Declared by:
<nixpkgs/nixos/modules/config/system-path.nix>
- environment.extraSetup
Shell fragments to be run after the system environment has been created. This should only be used for things that need to modify the internals of the environment, e.g. generating MIME caches. The environment being built can be accessed at $out.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/system-path.nix>
- environment.freetds
Configure freetds database entries. Each attribute denotes a section within freetds.conf, and the value (a string) is the config content for that section. When at least one entry is configured the global environment variables FREETDSCONF, FREETDS and SYBASE will be configured to allow the programs that use freetds to find the library and config.
Type: attribute set of strings
Default: { }
Example:
{ MYDATABASE = '' host = 10.0.2.100 port = 1433 tds version = 7.2 ''; }Declared by:
<nixpkgs/nixos/modules/programs/freetds.nix>
- environment.gnome.excludePackages
Which packages gnome should exclude from the default environment
Type: list of packages
Default: [ ]
Example: [ pkgs.gnome.totem ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
- environment.homeBinInPath
Include ~/bin/ in $PATH.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
- environment.interactiveShellInit
Shell script code called during interactive shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
- environment.localBinInPath
Add ~/.local/bin/ to $PATH
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
- environment.loginShellInit
Shell script code called during login shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
- environment.lxqt.excludePackages
Which LXQt packages to exclude from the default environment
Type: list of packages
Default: [ ]
Example: [ pkgs.lxqt.qterminal ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/lxqt.nix>
- environment.mate.excludePackages
Which MATE packages to exclude from the default environment
Type: list of packages
Default: [ ]
Example: [ pkgs.mate.mate-terminal pkgs.mate.pluma ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix>
- environment.memoryAllocator.provider
The system-wide memory allocator.
Briefly, the system-wide memory allocator providers are:
- libc: the standard allocator provided by libc
- graphene-hardened: An allocator designed to mitigate memory corruption attacks, such as those caused by use-after-free bugs.
- jemalloc: A general purpose allocator that emphasizes fragmentation avoidance and scalable concurrency support.
- mimalloc: A compact and fast general purpose allocator, which may optionally be built with mitigations against various heap vulnerabilities.
- scudo: A user-mode allocator based on LLVM Sanitizer’s CombinedAllocator, which aims at providing additional mitigations against heap based vulnerabilities, while maintaining good performance.
Warning
Selecting an alternative allocator (i.e., anything other than libc) may result in instability, data loss, and/or service failure.Type: one of "libc", "graphene-hardened", "jemalloc", "mimalloc", "scudo"
Default: "libc"
Declared by:
<nixpkgs/nixos/modules/config/malloc.nix>
- environment.noXlibs
Switch off the options in the default configuration that require X11 libraries. This includes client-side font configuration and SSH forwarding of X11 authentication in. Thus, you probably do not want to enable this option if you want to run X11 programs on this machine via SSH.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/no-x-libs.nix>
- environment.pantheon.excludePackages
Which packages pantheon should exclude from the default environment
Type: list of packages
Default: [ ]
Example: [ pkgs.pantheon.elementary-camera ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix>
- environment.pathsToLink
List of directories to be symlinked in /run/current-system/sw.
Type: list of strings
Default: [ ]
Example: [ "/" ]
Declared by:
<nixpkgs/nixos/modules/config/system-path.nix>
- environment.profileRelativeEnvVars
Attribute set of environment variable. Each attribute maps to a list of relative paths. Each relative path is appended to the each profile of environment.profiles to form the content of the corresponding environment variable.
Type: attribute set of list of stringss
Example: { MANPATH = [ "/man" "/share/man" ] ; PATH = [ "/bin" ] ; }
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
- environment.profileRelativeSessionVariables
Attribute set of environment variable used in the global environment. These variables will be set by PAM early in the login process.
Variable substitution is available as described in pam_env.conf(5).
Each attribute maps to a list of relative paths. Each relative path is appended to the each profile of environment.profiles to form the content of the corresponding environment variable.
Also, these variables are merged into environment.profileRelativeEnvVars and it is therefore not possible to use PAM style variables such as @{HOME}.
Type: attribute set of list of stringss
Example: { MANPATH = [ "/man" "/share/man" ] ; PATH = [ "/bin" ] ; }
Declared by:
<nixpkgs/nixos/modules/config/system-environment.nix>
- environment.profiles
A list of profiles used to setup the global environment.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
- environment.sessionVariables
A set of environment variables used in the global environment. These variables will be set by PAM early in the login process.
The value of each session variable can be either a string or a list of strings. The latter is concatenated, interspersed with colon characters.
Note, due to limitations in the PAM format values may not contain the " character.
Also, these variables are merged into environment.variables and it is therefore not possible to use PAM style variables such as @{HOME}.
Type: attribute set of string or list of stringss
Default: { }
Declared by:
<nixpkgs/nixos/modules/config/system-environment.nix>
- environment.shellAliases
An attribute set that maps aliases (the top level attribute names in this option) to command strings or directly to build outputs. The aliases are added to all users' shells. Aliases mapped to null are ignored.
Type: attribute set of null or string or paths
Example: { l = null; ll = "ls -l"; }
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
- environment.shellInit
Shell script code called during shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
- environment.shells
A list of permissible login shells for user accounts. No need to mention /bin/sh here, it is placed into this list implicitly.
Type: list of package or paths
Default: [ ]
Example: [ pkgs.bashInteractive pkgs.zsh ]
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
- environment.systemPackages
The set of packages that appear in /run/current-system/sw. These packages are automatically available to all users, and are automatically updated every time you rebuild the system configuration. (The latter is the main difference with installing them in the default profile, /nix/var/nix/profiles/default.
Type: list of packages
Default: [ ]
Example: [ pkgs.firefox pkgs.thunderbird ]
Declared by:
<nixpkgs/nixos/modules/config/system-path.nix>
- environment.unixODBCDrivers
Specifies Unix ODBC drivers to be registered in /etc/odbcinst.ini. You may also want to add pkgs.unixODBC to the system path to get a command line client to connect to ODBC databases.
Type: list of packages
Default: [ ]
Example: with pkgs.unixODBCDrivers; [ sqlite psql ]
Declared by:
<nixpkgs/nixos/modules/config/unix-odbc-drivers.nix>
- environment.variables
A set of environment variables used in the global environment. These variables will be set on shell initialisation (e.g. in /etc/profile). The value of each variable can be either a string or a list of strings. The latter is concatenated, interspersed with colon characters.
Type: attribute set of string or list of stringss
Default: { }
Example: { EDITOR = "nvim"; VISUAL = "nvim"; }
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
- fileSystems
The file systems to be mounted. It must include an entry for the root directory (mountPoint = "/"). Each entry in the list is an attribute set with the following fields: mountPoint, device, fsType (a file system type recognised by mount; defaults to "auto"), and options (the mount options passed to mount using the -o flag; defaults to [ "defaults" ]).
Instead of specifying device, you can also specify a volume label (label) for file systems that support it, such as ext2/ext3 (see mke2fs -L).
Type: attribute set of submodules
Default: { }
Example:
{ "/".device = "/dev/hda1"; "/data" = { device = "/dev/hda2"; fsType = "ext3"; options = [ "data=journal" ]; }; "/bigdisk".label = "bigdisk"; }Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
<nixpkgs/nixos/modules/system/boot/stage-1.nix>- fileSystems.<name>.autoFormat
If the device does not currently contain a filesystem (as determined by blkid, then automatically format it with the filesystem type specified in fsType. Use with caution.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- fileSystems.<name>.autoResize
If set, the filesystem is grown to its maximum size before being mounted. (This is typically the size of the containing partition.) This is currently only supported for ext2/3/4 filesystems that are mounted during early boot.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- fileSystems.<name>.depends
List of paths that should be mounted before this one. This filesystem's device and mountPoint are always checked and do not need to be included explicitly. If a path is added to this list, any other filesystem whose mount point is a parent of the path will be mounted before this filesystem. The paths do not need to actually be the mountPoint of some other filesystem.
Type: list of string (with check: non-empty without trailing slash)s
Default: [ ]
Example: [ "/persist" ]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- fileSystems.<name>.device
Location of the device.
Type: null or string (with check: non-empty)
Default: null
Example: "/dev/sda"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- fileSystems.<name>.encrypted.enable
The block device is backed by an encrypted one, adds this device as a initrd luks entry.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
- fileSystems.<name>.encrypted.blkDev
Location of the backing encrypted device.
Type: null or string
Default: null
Example: "/dev/sda1"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
- fileSystems.<name>.encrypted.keyFile
Path to a keyfile used to unlock the backing encrypted device. At the time this keyfile is accessed, the neededForBoot filesystems (see fileSystems.<name?>.neededForBoot) will have been mounted under /mnt-root, so the keyfile path should usually start with "/mnt-root/".
Type: null or string
Default: null
Example: "/mnt-root/root/.swapkey"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
- fileSystems.<name>.encrypted.label
Label of the unlocked encrypted device. Set fileSystems.<name?>.device to /dev/mapper/<label> to mount the unlocked device.
Type: null or string
Default: null
Example: "rootfs"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
- fileSystems.<name>.formatOptions
If autoFormat option is set specifies extra options passed to mkfs.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- fileSystems.<name>.fsType
Type of the file system.
Type: string (with check: non-empty)
Default: "auto"
Example: "ext3"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- fileSystems.<name>.label
Label of the device (if any).
Type: null or string (with check: non-empty)
Default: null
Example: "root-partition"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- fileSystems.<name>.mountPoint
Location of the mounted the file system.
Type: string (with check: non-empty without trailing slash)
Example: "/mnt/usb"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- fileSystems.<name>.neededForBoot
If set, this file system will be mounted in the initial ramdisk. Note that the file system will always be mounted in the initial ramdisk if its mount point is one of the following: /, /nix, /nix/store, /var, /var/log, /var/lib, /var/lib/nixos, /etc, /usr.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
- fileSystems.<name>.noCheck
Disable running fsck on this filesystem.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- fileSystems.<name>.options
Options used to mount the file system.
Type: list of string (with check: non-empty)s
Default: [ "defaults" ]
Example: [ "data=journal" ]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- fonts.enableDefaultFonts
Enable a basic set of fonts providing several font styles and families and reasonable coverage of Unicode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fonts.nix>
- fonts.enableGhostscriptFonts
Whether to add the fonts provided by Ghostscript (such as various URW fonts and the “Base-14” Postscript fonts) to the list of system fonts, making them available to X11 applications.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/fonts/ghostscript.nix>
- fonts.fontDir.enable
Whether to create a directory with links to all fonts in /run/current-system/sw/share/X11/fonts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontdir.nix>
- fonts.fontDir.decompressFonts
Whether to decompress fonts in /run/current-system/sw/share/X11/fonts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontdir.nix>
- fonts.fontconfig.enable
If enabled, a Fontconfig configuration file will be built pointing to a set of default fonts. If you don't care about running X11 applications or any other program that uses Fontconfig, you can turn this option off and prevent a dependency on all those fonts.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
- fonts.fontconfig.allowBitmaps
Allow bitmap fonts. Set to false to ban all bitmap fonts.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
- fonts.fontconfig.allowType1
Allow Type-1 fonts. Default is false because of poor rendering.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
- fonts.fontconfig.antialias
Enable font antialiasing. At high resolution (> 200 DPI), antialiasing has no visible effect; users of such displays may want to disable this option.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
- fonts.fontconfig.cache32Bit
Generate system fonts cache for 32-bit applications.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
- fonts.fontconfig.defaultFonts.emoji
System-wide default emoji font(s). Multiple fonts may be listed in case a font does not support all emoji.
Note that fontconfig matches color emoji fonts preferentially, so if you want to use a black and white font while having a color font installed (eg. Noto Color Emoji installed alongside Noto Emoji), fontconfig will still choose the color font even when it is later in the list.
Type: list of strings
Default: [ "Noto Color Emoji" ]
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
- fonts.fontconfig.defaultFonts.monospace
System-wide default monospace font(s). Multiple fonts may be listed in case multiple languages must be supported.
Type: list of strings
Default: [ "DejaVu Sans Mono" ]
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
- fonts.fontconfig.defaultFonts.sansSerif
System-wide default sans serif font(s). Multiple fonts may be listed in case multiple languages must be supported.
Type: list of strings
Default: [ "DejaVu Sans" ]
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
- fonts.fontconfig.defaultFonts.serif
System-wide default serif font(s). Multiple fonts may be listed in case multiple languages must be supported.
Type: list of strings
Default: [ "DejaVu Serif" ]
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
- fonts.fontconfig.hinting.enable
Enable font hinting. Hinting aligns glyphs to pixel boundaries to improve rendering sharpness at low resolution. At high resolution (> 200 dpi) hinting will do nothing (at best); users of such displays may want to disable this option.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
- fonts.fontconfig.hinting.autohint
Enable the autohinter in place of the default interpreter. The results are usually lower quality than correctly-hinted fonts, but better than unhinted fonts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
- fonts.fontconfig.includeUserConf
Include the user configuration from ~/.config/fontconfig/fonts.conf or ~/.config/fontconfig/conf.d.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
- fonts.fontconfig.localConf
System-wide customization file contents, has higher priority than defaultFonts settings.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
- fonts.fontconfig.subpixel.lcdfilter
FreeType LCD filter. At high resolution (> 200 DPI), LCD filtering has no visible effect; users of such displays may want to select none.
Type: one of "none", "default", "light", "legacy"
Default: "default"
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
- fonts.fontconfig.subpixel.rgba
Subpixel order. The overwhelming majority of displays are rgb in their normal orientation. Select vrgb for mounting such a display 90 degrees clockwise from its normal orientation or vbgr for mounting 90 degrees counter-clockwise. Select bgr in the unlikely event of mounting 180 degrees from the normal orientation. Reverse these directions in the improbable event that the display's native subpixel order is bgr.
Type: one of "rgb", "bgr", "vrgb", "vbgr", "none"
Default: "rgb"
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
- fonts.fontconfig.useEmbeddedBitmaps
Use embedded bitmaps in fonts like Calibri.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
- fonts.fonts
List of primary font paths.
Type: list of paths
Default: [ ]
Example: [ pkgs.dejavu_fonts ]
Declared by:
<nixpkgs/nixos/modules/config/fonts/fonts.nix>
- gnu
When enabled, GNU software is chosen by default whenever a there is a choice between GNU and non-GNU software (e.g., GNU lsh vs. OpenSSH).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/gnu.nix>
- gtk.iconCache.enable
Whether to build icon theme caches for GTK applications.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/gtk/gtk-icon-cache.nix>
- hardware.enableAllFirmware
Turn on this option if you want to enable all the firmware.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/all-firmware.nix>
- hardware.enableRedistributableFirmware
Turn on this option if you want to enable all the firmware with a license allowing redistribution. (i.e. free firmware and firmware-linux-nonfree)
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/all-firmware.nix>
- hardware.acpilight.enable
Enable acpilight. This will allow brightness control via xbacklight from users in the video group
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/acpilight.nix>
- hardware.bladeRF.enable
Enables udev rules for BladeRF devices. By default grants access to users in the "bladerf" group. You may want to install the libbladeRF package.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/bladeRF.nix>
- hardware.bluetooth.enable
Whether to enable support for Bluetooth.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
- hardware.bluetooth.package
Which BlueZ package to use.
Note
Use the pkgs.bluezFull package to enable all bluez plugins.Type: package
Default: pkgs.bluez
Example: pkgs.bluezFull
Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
- hardware.bluetooth.disabledPlugins
Built-in plugins to disable
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
- hardware.bluetooth.hsphfpd.enable
Whether to enable support for hsphfpd[-prototype] implementation.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
- hardware.bluetooth.powerOnBoot
Whether to power up the default Bluetooth controller on boot.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
- hardware.bluetooth.settings
Set configuration for system-wide bluetooth (/etc/bluetooth/main.conf).
Type: attribute set of attribute set of INI atom (null, bool, int, float or string)ss
Default: { }
Example: { General = { ControllerMode = "bredr"; } ; }
Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
- hardware.brillo.enable
Whether to enable Enable brillo in userspace. This will allow brightness control from users in the video group. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/brillo.nix>
- hardware.bumblebee.enable
Enable the bumblebee daemon to manage Optimus hybrid video cards. This should power off secondary GPU until its use is requested by running an application with optirun.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
- hardware.bumblebee.connectDisplay
Set to true if you intend to connect your discrete card to a monitor. This option will set up your Nvidia card for EDID discovery and to turn on the monitor signal.
Only nvidia driver is supported so far.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
- hardware.bumblebee.driver
Set driver used by bumblebeed. Supported are nouveau and nvidia.
Type: one of "nvidia", "nouveau"
Default: "nvidia"
Declared by:
<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
- hardware.bumblebee.group
Group for bumblebee socket
Type: string
Default: "wheel"
Example: "video"
Declared by:
<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
- hardware.bumblebee.pmMethod
Set preferred power management method for unused card.
Type: one of "auto", "bbswitch", "switcheroo", "none"
Default: "auto"
Declared by:
<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
- hardware.ckb-next.enable
Whether to enable the Corsair keyboard/mouse driver.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/ckb-next.nix>
- hardware.ckb-next.package
The package implementing the Corsair keyboard/mouse driver.
Type: package
Default: pkgs.ckb-next
Declared by:
<nixpkgs/nixos/modules/hardware/ckb-next.nix>
- hardware.ckb-next.gid
Limit access to the ckb daemon to a particular group.
Type: null or signed integer
Default: null
Example: 100
Declared by:
<nixpkgs/nixos/modules/hardware/ckb-next.nix>
- hardware.cpu.amd.updateMicrocode
Update the CPU microcode for AMD processors.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/amd-microcode.nix>
- hardware.cpu.intel.updateMicrocode
Update the CPU microcode for Intel processors.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/intel-microcode.nix>
- hardware.deviceTree.enable
Build device tree files. These are used to describe the non-discoverable hardware of a system.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
- hardware.deviceTree.filter
Only include .dtb files matching glob expression.
Type: null or string
Default: null
Example: "*rpi*.dtb"
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
- hardware.deviceTree.kernelPackage
Kernel package containing the base device-tree (.dtb) to boot. Uses device trees bundled with the Linux kernel by default.
Type: path
Default: config.boot.kernelPackages.kernel
Example: pkgs.linux_latest
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
- hardware.deviceTree.name
The name of an explicit dtb to be loaded, relative to the dtb base. Useful in extlinux scenarios if the bootloader doesn't pick the right .dtb file from FDTDIR.
Type: null or string
Default: null
Example: "some-dtb.dtb"
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
- hardware.deviceTree.overlays
List of overlays to apply to base device-tree (.dtb) files.
Type: list of submodule or path convertible to its
Default: [ ]
Example:
[ { name = "pps"; dtsFile = ./dts/pps.dts; } { name = "spi"; dtsText = "..."; } { name = "precompiled"; dtboFile = ./dtbos/example.dtbo; } ]Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
- hardware.deviceTree.overlays.*.dtboFile
Path to .dtbo compiled overlay file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
- hardware.deviceTree.overlays.*.dtsFile
Path to .dts overlay file, overlay is applied to each .dtb file matching "compatible" of the overlay.
Type: null or path
Default: null
Example: ./dts/overlays.dts
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
- hardware.deviceTree.overlays.*.dtsText
Literal DTS contents, overlay is applied to each .dtb file matching "compatible" of the overlay.
Type: null or string
Default: null
Example:
'' /dts-v1/; /plugin/; / { compatible = "raspberrypi"; fragment@0 { target-path = "/soc"; __overlay__ { pps { compatible = "pps-gpio"; status = "okay"; }; }; }; }; ''Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
- hardware.deviceTree.overlays.*.name
Name of this overlay
Type: string
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
- hardware.digitalbitbox.enable
Enables udev rules for Digital Bitbox devices.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/digitalbitbox.nix>
- hardware.digitalbitbox.package
The Digital Bitbox package to use. This can be used to install a package with udev rules that differ from the defaults.
Type: package
Default: pkgs.digitalbitbox
Declared by:
<nixpkgs/nixos/modules/hardware/digitalbitbox.nix>
- hardware.facetimehd.enable
Whether to enable facetimehd kernel module.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/video/webcam/facetimehd.nix>
- hardware.fancontrol.enable
Whether to enable software fan control (requires fancontrol.config).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/fancontrol.nix>
- hardware.fancontrol.config
Required fancontrol configuration file content. See pwmconfig(8) from the lm_sensors package.
Type: strings concatenated with "\n"
Example:
'' # Configuration file generated by pwmconfig INTERVAL=10 DEVPATH=hwmon3=devices/virtual/thermal/thermal_zone2 hwmon4=devices/platform/f71882fg.656 DEVNAME=hwmon3=soc_dts1 hwmon4=f71869a FCTEMPS=hwmon4/device/pwm1=hwmon3/temp1_input FCFANS=hwmon4/device/pwm1=hwmon4/device/fan1_input MINTEMP=hwmon4/device/pwm1=35 MAXTEMP=hwmon4/device/pwm1=65 MINSTART=hwmon4/device/pwm1=150 MINSTOP=hwmon4/device/pwm1=0 ''
Declared by:
<nixpkgs/nixos/modules/services/hardware/fancontrol.nix>
- hardware.firmware
List of packages containing firmware files. Such files will be loaded automatically if the kernel asks for them (i.e., when it has detected specific hardware that requires firmware to function). If multiple packages contain firmware files with the same name, the first package in the list takes precedence. Note that you must rebuild your system if you add files to any of these directories.
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
- hardware.flirc.enable
Whether to enable software to configure a Flirc USB device.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/flirc.nix>
- hardware.gkraken.enable
Whether to enable gkraken's udev rules for NZXT AIO liquid coolers.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/gkraken.nix>
- hardware.hackrf.enable
Enables hackrf udev rules and ensures 'plugdev' group exists. This is a prerequisite to using HackRF devices without being root, since HackRF USB descriptors will be owned by plugdev through udev.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/hackrf.nix>
- hardware.i2c.enable
Whether to enable i2c devices support. By default access is granted to users in the "i2c" group (will be created if non-existent) and any user with a seat, meaning logged on the computer locally. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/i2c.nix>
- hardware.i2c.group
Grant access to i2c devices (/dev/i2c-*) to users in this group.
Type: string
Default: "i2c"
Declared by:
<nixpkgs/nixos/modules/hardware/i2c.nix>
- hardware.keyboard.teck.enable
Whether to enable non-root access to the firmware of TECK keyboards.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/keyboard/teck.nix>
- hardware.keyboard.zsa.enable
Enables udev rules for keyboards from ZSA like the ErgoDox EZ, Planck EZ and Moonlander Mark I. You need it when you want to flash a new configuration on the keyboard or use their live training in the browser. Access to the keyboard is granted to users in the "plugdev" group. You may want to install the wally-cli package.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/keyboard/zsa.nix>
- hardware.ksm.enable
Whether to enable Kernel Same-Page Merging.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/ksm.nix>
- hardware.ksm.sleep
How many milliseconds ksmd should sleep between scans. Setting it to null uses the kernel's default time.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/hardware/ksm.nix>
- hardware.ledger.enable
Whether to enable udev rules for Ledger devices.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/ledger.nix>
- hardware.logitech.lcd.enable
Whether to enable Logitech LCD Devices.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/logitech.nix>
- hardware.logitech.lcd.devices
List of USB device ids supported by g15daemon.
You most likely do not need to change this.
Type: list of strings
Default: [ "0a07" "c222" "c225" "c227" "c251" ]
Declared by:
<nixpkgs/nixos/modules/hardware/logitech.nix>
- hardware.logitech.lcd.startWhenNeeded
Only run the service when an actual supported device is plugged.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/hardware/logitech.nix>
- hardware.logitech.wireless.enable
Whether to enable Logitech Wireless Devices.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/logitech.nix>
- hardware.logitech.wireless.enableGraphical
Enable graphical support applications.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/logitech.nix>
- hardware.mcelog.enable
Enable the Machine Check Exception logger.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/mcelog.nix>
- hardware.mwProCapture.enable
Whether to enable Magewell Pro Capture family kernel module.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/video/capture/mwprocapture.nix>
- hardware.nitrokey.enable
Enables udev rules for Nitrokey devices. By default grants access to users in the "nitrokey" group. You may want to install the nitrokey-app package, depending on your device and needs.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/nitrokey.nix>
- hardware.nvidia.package
The NVIDIA X11 derivation to use.
Type: package
Default: config.boot.kernelPackages.nvidiaPackages.stable
Example: config.boot.kernelPackages.nvidiaPackages.legacy_340
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
- hardware.nvidia.modesetting.enable
Enable kernel modesetting when using the NVIDIA proprietary driver.
Enabling this fixes screen tearing when using Optimus via PRIME (see hardware.nvidia.prime.sync.enable. This is not enabled by default because it is not officially supported by NVIDIA and would not work with SLI.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
- hardware.nvidia.nvidiaPersistenced
Update for NVIDA GPU headless mode, i.e. nvidia-persistenced. It ensures all GPUs stay awake even during headless mode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
- hardware.nvidia.nvidiaSettings
Whether to add nvidia-settings, NVIDIA's GUI configuration tool, to systemPackages.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
- hardware.nvidia.powerManagement.enable
Experimental power management through systemd. For more information, see the NVIDIA docs, on Chapter 21. Configuring Power Management Support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
- hardware.nvidia.powerManagement.finegrained
Experimental power management of PRIME offload. For more information, see the NVIDIA docs, chapter 22. PCI-Express runtime power management.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
- hardware.nvidia.prime.amdgpuBusId
Bus ID of the AMD APU. You can find it using lspci; for example if lspci shows the AMD APU at "04:00.0", set this option to "PCI:4:0:0".
Type: string
Default: ""
Example: "PCI:4:0:0"
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
- hardware.nvidia.prime.intelBusId
Bus ID of the Intel GPU. You can find it using lspci; for example if lspci shows the Intel GPU at "00:02.0", set this option to "PCI:0:2:0".
Type: string
Default: ""
Example: "PCI:0:2:0"
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
- hardware.nvidia.prime.nvidiaBusId
Bus ID of the NVIDIA GPU. You can find it using lspci; for example if lspci shows the NVIDIA GPU at "01:00.0", set this option to "PCI:1:0:0".
Type: string
Default: ""
Example: "PCI:1:0:0"
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
- hardware.nvidia.prime.offload.enable
Enable render offload support using the NVIDIA proprietary driver via PRIME.
If this is enabled, then the bus IDs of the NVIDIA and Intel GPUs have to be specified (hardware.nvidia.prime.nvidiaBusId and hardware.nvidia.prime.intelBusId).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
- hardware.nvidia.prime.sync.enable
Enable NVIDIA Optimus support using the NVIDIA proprietary driver via PRIME. If enabled, the NVIDIA GPU will be always on and used for all rendering, while enabling output to displays attached only to the integrated Intel GPU without a multiplexer.
Note that this option only has any effect if the "nvidia" driver is specified in services.xserver.videoDrivers, and it should preferably be the only driver there.
If this is enabled, then the bus IDs of the NVIDIA and Intel GPUs have to be specified (hardware.nvidia.prime.nvidiaBusId and hardware.nvidia.prime.intelBusId).
If you enable this, you may want to also enable kernel modesetting for the NVIDIA driver (hardware.nvidia.modesetting.enable) in order to prevent tearing.
Note that this configuration will only be successful when a display manager for which the services.xserver.displayManager.setupCommands option is supported is used.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
- hardware.nvidia.prime.sync.allowExternalGpu
Configure X to allow external NVIDIA GPUs when using optimus.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
- hardware.nvidiaOptimus.disable
Completely disable the NVIDIA graphics card and use the integrated graphics processor instead.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/nvidia-optimus.nix>
- hardware.onlykey.enable
Enable OnlyKey device (https://crp.to/p/) support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/onlykey/default.nix>
- hardware.opengl.enable
Whether to enable OpenGL drivers. This is needed to enable OpenGL support in X11 systems, as well as for Wayland compositors like sway and Weston. It is enabled by default by the corresponding modules, so you do not usually have to set it yourself, only if there is no module for your wayland compositor of choice. See services.xserver.enable and programs.sway.enable.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/opengl.nix>
- hardware.opengl.driSupport
Whether to enable accelerated OpenGL rendering through the Direct Rendering Interface (DRI).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/hardware/opengl.nix>
- hardware.opengl.driSupport32Bit
On 64-bit systems, whether to support Direct Rendering for 32-bit applications (such as Wine). This is currently only supported for the nvidia as well as Mesa.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/opengl.nix>
- hardware.opengl.extraPackages
Additional packages to add to OpenGL drivers. This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc.
Type: list of packages
Default: [ ]
Example: with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ]
Declared by:
<nixpkgs/nixos/modules/hardware/opengl.nix>
- hardware.opengl.extraPackages32
Additional packages to add to 32-bit OpenGL drivers on 64-bit systems. Used when driSupport32Bit is set. This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc.
Type: list of packages
Default: [ ]
Example: with pkgs.pkgsi686Linux; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]
Declared by:
<nixpkgs/nixos/modules/hardware/opengl.nix>
- hardware.openrazer.enable
Whether to enable OpenRazer drivers and userspace daemon. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/openrazer.nix>
- hardware.openrazer.devicesOffOnScreensaver
Turn off the devices when the systems screensaver kicks in.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/hardware/openrazer.nix>
- hardware.openrazer.keyStatistics
Collects number of keypresses per hour per key used to generate a heatmap.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/openrazer.nix>
- hardware.openrazer.mouseBatteryNotifier
Mouse battery notifier.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/hardware/openrazer.nix>
- hardware.openrazer.syncEffectsEnabled
Set the sync effects flag to true so any assignment of effects will work across devices.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/hardware/openrazer.nix>
- hardware.openrazer.users
Usernames to be added to the "openrazer" group, so that they can start and interact with the OpenRazer userspace daemon.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/hardware/openrazer.nix>
- hardware.openrazer.verboseLogging
Whether to enable verbose logging. Logs debug messages.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/openrazer.nix>
- hardware.opentabletdriver.enable
Enable OpenTabletDriver udev rules, user service and blacklist kernel modules known to conflict with OpenTabletDriver.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/opentabletdriver.nix>
- hardware.opentabletdriver.package
OpenTabletDriver derivation to use.
Type: package
Default: pkgs.opentabletdriver
Declared by:
<nixpkgs/nixos/modules/hardware/opentabletdriver.nix>
- hardware.opentabletdriver.blacklistedKernelModules
Blacklist of kernel modules known to conflict with OpenTabletDriver.
Type: list of strings
Default: [ "hid-uclogic" "wacom" ]
Declared by:
<nixpkgs/nixos/modules/hardware/opentabletdriver.nix>
- hardware.opentabletdriver.daemon.enable
Whether to start OpenTabletDriver daemon as a systemd user service.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/hardware/opentabletdriver.nix>
- hardware.parallels.enable
This enables Parallels Tools for Linux guests, along with provided video, mouse and other hardware drivers.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/parallels-guest.nix>
- hardware.parallels.package
Defines which package to use for prl-tools. Override to change the version.
Type: null or package
Default: config.boot.kernelPackages.prl-tools
Declared by:
<nixpkgs/nixos/modules/virtualisation/parallels-guest.nix>
- hardware.parallels.autoMountShares
Control prlfsmountd service. When this service is running, shares can not be manually mounted through `mount -t prl_fs ...` as this service will remount and trample any set options. Recommended to enable for simple file sharing, but extended share use such as for code should disable this to manually mount shares.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/parallels-guest.nix>
- hardware.pcmcia.enable
Enable this option to support PCMCIA card.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/pcmcia.nix>
- hardware.pcmcia.config
Path to the configuration file which maps the memory, IRQs and ports used by the PCMCIA hardware.
Type: unspecified
Default: null
Declared by:
<nixpkgs/nixos/modules/hardware/pcmcia.nix>
- hardware.pcmcia.firmware
List of firmware used to handle specific PCMCIA card.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/hardware/pcmcia.nix>
- hardware.printers.ensureDefaultPrinter
Ensures the named printer is the default CUPS printer / printer queue.
Type: null or printable string without spaces, # and /
Default: null
Declared by:
<nixpkgs/nixos/modules/hardware/printers.nix>
- hardware.printers.ensurePrinters
Will regularly ensure that the given CUPS printers are configured as declared here. If a printer's options are manually changed afterwards, they will be overwritten eventually. This option will never delete any printer, even if removed from this list. You can check existing printers with lpstat -s and remove printers with lpadmin -x <printer-name>. Printers not listed here can still be manually configured.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/hardware/printers.nix>
- hardware.printers.ensurePrinters.*.description
Optional human-readable description.
Type: null or string
Default: null
Example: "Brother HL-5140"
Declared by:
<nixpkgs/nixos/modules/hardware/printers.nix>
- hardware.printers.ensurePrinters.*.deviceUri
How to reach the printer. lpinfo -v shows a list of supported device URIs and schemes.
Type: string
Example:
"ipp://printserver.local/printers/BrotherHL_Workroom" "usb://HP/DESKJET%20940C?serial=CN16E6C364BH"
Declared by:
<nixpkgs/nixos/modules/hardware/printers.nix>
- hardware.printers.ensurePrinters.*.location
Optional human-readable location.
Type: null or string
Default: null
Example: "Workroom"
Declared by:
<nixpkgs/nixos/modules/hardware/printers.nix>
- hardware.printers.ensurePrinters.*.model
Location of the ppd driver file for the printer. lpinfo -m shows a list of supported models.
Type: string
Example:
"gutenprint.${lib.versions.majorMinor (lib.getVersion pkgs.gutenprint)}://brother-hl-5140/expert"Declared by:
<nixpkgs/nixos/modules/hardware/printers.nix>
- hardware.printers.ensurePrinters.*.name
Name of the printer / printer queue. May contain any printable characters except "/", "#", and space.
Type: printable string without spaces, # and /
Example: "BrotherHL_Workroom"
Declared by:
<nixpkgs/nixos/modules/hardware/printers.nix>
- hardware.printers.ensurePrinters.*.ppdOptions
Sets PPD options for the printer. lpoptions [-p printername] -l shows suported PPD options for the given printer.
Type: attribute set of strings
Default: { }
Example: { Duplex = "DuplexNoTumble"; PageSize = "A4"; }
Declared by:
<nixpkgs/nixos/modules/hardware/printers.nix>
- hardware.pulseaudio.enable
Whether to enable the PulseAudio sound server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
- hardware.pulseaudio.package
The PulseAudio derivation to use. This can be used to enable features (such as JACK support, Bluetooth) via the pulseaudioFull package.
Type: package
Default: pkgs.pulseaudio
Example: pkgs.pulseaudioFull
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
- hardware.pulseaudio.configFile
The path to the default configuration options the PulseAudio server should use. By default, the "default.pa" configuration from the PulseAudio distribution is used.
Type: null or path
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
- hardware.pulseaudio.daemon.config
Config of the pulse daemon. See man pulse-daemon.conf.
Type: attribute set of unspecifieds
Default: { }
Example: { realtime-scheduling = "yes"; }
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
- hardware.pulseaudio.daemon.logLevel
The log level that the system-wide pulseaudio daemon should use, if activated.
Type: string
Default: "notice"
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
- hardware.pulseaudio.extraClientConf
Extra configuration appended to pulse/client.conf file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
- hardware.pulseaudio.extraConfig
Literal string to append to configFile and the config file generated by the pulseaudio module.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
- hardware.pulseaudio.extraModules
Extra pulseaudio modules to use. This is intended for out-of-tree pulseaudio modules like extra bluetooth codecs.
Extra modules take precedence over built-in pulseaudio modules.
Type: list of packages
Default: [ ]
Example: [ pkgs.pulseaudio-modules-bt ]
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
- hardware.pulseaudio.support32Bit
Whether to include the 32-bit pulseaudio libraries in the system or not. This is only useful on 64-bit systems and currently limited to x86_64-linux.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
- hardware.pulseaudio.systemWide
If false, a PulseAudio server is launched automatically for each user that tries to use the sound system. The server runs with user privileges. If true, one system-wide PulseAudio server is launched on boot, running as the user "pulse", and only users in the "audio" group will have access to the server. Please read the PulseAudio documentation for more details.
Don't enable this option unless you know what you are doing.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
- hardware.pulseaudio.tcp.enable
Whether to enable tcp streaming support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
- hardware.pulseaudio.tcp.anonymousClients.allowAll
Whether to enable all anonymous clients to stream to the server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
- hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges
A list of IP subnets that are allowed to stream to the server.
Type: list of strings
Default: [ ]
Example: [ "127.0.0.1" "192.168.1.0/24" ]
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
- hardware.pulseaudio.zeroconf.discovery.enable
Whether to enable discovery of pulseaudio sinks in the local network.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
- hardware.pulseaudio.zeroconf.publish.enable
Whether to enable publishing the pulseaudio sink in the local network.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
- hardware.raid.HPSmartArray.enable
Whether to enable HP Smart Array kernel modules and CLI utility.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/raid/hpsa.nix>
- hardware.rasdaemon.enable
Whether to enable RAS logging daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
- hardware.rasdaemon.config
rasdaemon configuration, currently only used for CE PFA for details, read rasdaemon.outPath/etc/sysconfig/rasdaemon's comments
Type: strings concatenated with "\n"
Default: ""
Example:
'' # defaults from included config PAGE_CE_REFRESH_CYCLE="24h" PAGE_CE_THRESHOLD="50" PAGE_CE_ACTION="soft" ''
Declared by:
<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
- hardware.rasdaemon.extraModules
extra kernel modules to load
Type: list of strings
Default: [ ]
Example: [ "i7core_edac" ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
- hardware.rasdaemon.labels
Additional memory module label descriptions to be placed in /etc/ras/dimm_labels.d/labels
Type: strings concatenated with "\n"
Default: ""
Example:
'' # vendor and model may be shown by 'ras-mc-ctl --mainboard' vendor: ASRock product: To Be Filled By O.E.M. model: B450M Pro4 # these labels are names for the motherboard slots # the numbers may be shown by `ras-mc-ctl --error-count` # they are mc:csrow:channel DDR4_A1: 0.2.0; DDR4_B1: 0.2.1; DDR4_A2: 0.3.0; DDR4_B2: 0.3.1; ''Declared by:
<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
- hardware.rasdaemon.mainboard
Custom mainboard description, see ras-mc-ctl(8) for more details.
Type: strings concatenated with "\n"
Default: ""
Example:
'' vendor = ASRock model = B450M Pro4 # it should default to such values from # /sys/class/dmi/id/board_[vendor|name] # alternatively one can supply a script # that returns the same format as above script = <path to script> ''
Declared by:
<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
- hardware.rasdaemon.record
record events via sqlite3, required for ras-mc-ctl
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
- hardware.rasdaemon.testing
Whether to enable error injection infrastructure.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
- hardware.rtl-sdr.enable
Enables rtl-sdr udev rules, ensures 'plugdev' group exists, and blacklists DVB kernel modules. This is a prerequisite to using devices supported by rtl-sdr without being root, since rtl-sdr USB descriptors will be owned by plugdev through udev.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/rtl-sdr.nix>
- hardware.sane.enable
Enable support for SANE scanners.
Note
Users in the "scanner" group will gain access to the scanner, or the "lp" group if it's also a printer.Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
- hardware.sane.brscan4.enable
When enabled, will automatically register the "brscan4" sane backend and bring configuration files to their expected location.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
- hardware.sane.brscan4.netDevices
The list of network devices that will be registered against the brscan4 sane backend.
Type: attribute set of submodules
Default: { }
Example: { office1 = { ip = "192.168.1.2"; model = "MFC-7860DW"; } ; office2 = { model = "MFC-7860DW"; nodename = "BRW0080927AFBCE"; } ; }
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
- hardware.sane.brscan4.netDevices.<name>.ip
The ip address of the device. If undefined, you will have to provide a nodename.
Type: null or string
Default: null
Example: "192.168.1.2"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
- hardware.sane.brscan4.netDevices.<name>.model
The model of the network device.
Type: string
Example: "MFC-7860DW"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
- hardware.sane.brscan4.netDevices.<name>.name
The friendly name you give to the network device. If undefined, the name of attribute will be used.
Type: string
Example: "office1"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
- hardware.sane.brscan4.netDevices.<name>.nodename
The node name of the device. If undefined, you will have to provide an ip.
Type: null or string
Default: null
Example: "BRW0080927AFBCE"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
- hardware.sane.brscan5.enable
Whether to enable the Brother brscan5 sane backend.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix>
- hardware.sane.brscan5.netDevices
The list of network devices that will be registered against the brscan5 sane backend.
Type: attribute set of submodules
Default: { }
Example: { office1 = { ip = "192.168.1.2"; model = "MFC-7860DW"; } ; office2 = { model = "MFC-7860DW"; nodename = "BRW0080927AFBCE"; } ; }
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix>
- hardware.sane.brscan5.netDevices.<name>.ip
The ip address of the device. If undefined, you will have to provide a nodename.
Type: null or string
Default: null
Example: "192.168.1.2"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix>
- hardware.sane.brscan5.netDevices.<name>.model
The model of the network device.
Type: string
Example: "ADS-1200"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix>
- hardware.sane.brscan5.netDevices.<name>.name
The friendly name you give to the network device. If undefined, the name of attribute will be used.
Type: string
Example: "office1"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix>
- hardware.sane.brscan5.netDevices.<name>.nodename
The node name of the device. If undefined, you will have to provide an ip.
Type: null or string
Default: null
Example: "BRW0080927AFBCE"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix>
- hardware.sane.disabledDefaultBackends
Names of backends which are enabled by default but should be disabled. See $SANE_CONFIG_DIR/dll.conf for the list of possible names.
Type: list of strings
Default: [ ]
Example: [ "v4l" ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
- hardware.sane.drivers.scanSnap.enable
Whether to enable drivers for the Fujitsu ScanSnap scanners.
The driver files are unfree and extracted from the Windows driver image.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
- hardware.sane.drivers.scanSnap.package
Epjitsu driver package to use. Useful if you want to extract the driver files yourself.
The process is described in the /etc/sane.d/epjitsu.conf file in the sane-backends package.
Type: package
Default: pkgs.sane-drivers.epjitsu
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
- hardware.sane.dsseries.enable
When enabled, will automatically register the "dsseries" SANE backend.
This supports the Brother DSmobile scanner series, including the DS-620, DS-720D, DS-820W, and DS-920DW scanners.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/dsseries.nix>
- hardware.sane.extraBackends
Packages providing extra SANE backends to enable.
Note
The example contains the package for HP scanners.Type: list of paths
Default: [ ]
Example: [ pkgs.hplipWithPlugin ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
- hardware.sane.netConf
Network hosts that should be probed for remote scanners.
Type: strings concatenated with "\n"
Default: ""
Example: "192.168.0.16"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
- hardware.sane.snapshot
Use a development snapshot of SANE scanner drivers.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
- hardware.sata.timeout.enable
Whether to enable SATA drive timeouts.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/sata.nix>
- hardware.sata.timeout.deciSeconds
Set SCT Error Recovery Control timeout in deciseconds for use in RAID configurations.
Values are as follows: 0 = disable SCT ERT 70 = default in consumer drives (7 seconds)
Maximum is disk dependant but probably 60 seconds.
Type: signed integer
Example: 70
Declared by:
<nixpkgs/nixos/modules/hardware/sata.nix>
- hardware.sata.timeout.drives
List of drives for which to configure the timeout.
Type: list of submodules
Declared by:
<nixpkgs/nixos/modules/hardware/sata.nix>
- hardware.sata.timeout.drives.*.idBy
The method to identify the drive.
Type: one of "path", "wwn"
Default: "path"
Declared by:
<nixpkgs/nixos/modules/hardware/sata.nix>
- hardware.sata.timeout.drives.*.name
Drive name without the full path.
Type: string
Declared by:
<nixpkgs/nixos/modules/hardware/sata.nix>
- hardware.sensor.hddtemp.enable
Enable this option to support HDD/SSD temperature sensors.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/sensor/hddtemp.nix>
- hardware.sensor.hddtemp.dbEntries
Additional DB entries
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/hardware/sensor/hddtemp.nix>
- hardware.sensor.hddtemp.drives
List of drives to monitor. If you pass /dev/disk/by-path/* entries the symlinks will be resolved as hddtemp doesn't like names with colons.
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/hardware/sensor/hddtemp.nix>
- hardware.sensor.hddtemp.extraArgs
Additional arguments passed to the daemon.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/hardware/sensor/hddtemp.nix>
- hardware.sensor.hddtemp.unit
Celcius or Fahrenheit
Type: one of "C", "F"
Default: "C"
Declared by:
<nixpkgs/nixos/modules/hardware/sensor/hddtemp.nix>
- hardware.sensor.iio.enable
Enable this option to support IIO sensors with iio-sensor-proxy.
IIO sensors are used for orientation and ambient light sensors on some mobile devices.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/sensor/iio.nix>
- hardware.spacenavd.enable
Whether to enable spacenavd to support 3DConnexion devices.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/spacenavd.nix>
- hardware.steam-hardware.enable
Enable udev rules for Steam hardware such as the Steam Controller, other supported controllers and the HTC Vive
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/steam-hardware.nix>
- hardware.system76.enableAll
Whether to enable all recommended configuration for system76 systems.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/system-76.nix>
- hardware.system76.firmware-daemon.enable
Whether to enable the system76 firmware daemon
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/system-76.nix>
- hardware.system76.kernel-modules.enable
Whether to make the system76 out-of-tree kernel modules available
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/system-76.nix>
- hardware.system76.power-daemon.enable
Whether to enable the system76 power daemon
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/system-76.nix>
- hardware.trackpoint.enable
Enable sensitivity and speed configuration for trackpoints.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/trackpoint.nix>
- hardware.trackpoint.device
The device name of the trackpoint. You can check with xinput. Some newer devices (example x1c6) use "TPPS/2 Elan TrackPoint".
Type: string
Default: "TPPS/2 IBM TrackPoint"
Declared by:
<nixpkgs/nixos/modules/tasks/trackpoint.nix>
- hardware.trackpoint.emulateWheel
Enable scrolling while holding the middle mouse button.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/trackpoint.nix>
- hardware.trackpoint.fakeButtons
Switch to "bare" PS/2 mouse support in case Trackpoint buttons are not recognized properly. This can happen for example on models like the L430, T450, T450s, on which the Trackpoint buttons are actually a part of the Synaptics touchpad.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/trackpoint.nix>
- hardware.trackpoint.sensitivity
Configure the trackpoint sensitivity. By default, the kernel configures 128.
Type: signed integer
Default: 128
Example: 255
Declared by:
<nixpkgs/nixos/modules/tasks/trackpoint.nix>
- hardware.trackpoint.speed
Configure the trackpoint speed. By default, the kernel configures 97.
Type: signed integer
Default: 97
Example: 255
Declared by:
<nixpkgs/nixos/modules/tasks/trackpoint.nix>
- hardware.tuxedo-keyboard.enable
Whether to enable Enables the tuxedo-keyboard driver.
To configure the driver, pass the options to the boot.kernelParams configuration. There are several parameters you can change. It's best to check at the source code description which options are supported. You can find all the supported parameters at: https://github.com/tuxedocomputers/tuxedo-keyboard#kernelparam
In order to use the custom lighting with the maximumg brightness and a color of 0xff0a0a one would put pass boot.kernelParams like this:
boot.kernelParams = [ "tuxedo_keyboard.mode=0" "tuxedo_keyboard.brightness=255" "tuxedo_keyboard.color_left=0xff0a0a" ];
.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/tuxedo-keyboard.nix>
- hardware.ubertooth.enable
Whether to enable Enable the Ubertooth software and its udev rules..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/ubertooth.nix>
- hardware.ubertooth.group
Group for Ubertooth's udev rules.
Type: string
Default: "ubertooth"
Example: "wheel"
Declared by:
<nixpkgs/nixos/modules/hardware/ubertooth.nix>
- hardware.uinput.enable
Whether to enable uinput support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/uinput.nix>
- hardware.usbWwan.enable
Enable this option to support USB WWAN adapters.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/usb-wwan.nix>
- hardware.video.hidpi.enable
Whether to enable Font/DPI configuration optimized for HiDPI displays.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/video/hidpi.nix>
- hardware.wirelessRegulatoryDatabase
Load the wireless regulatory database at boot.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/all-firmware.nix>
- hardware.wooting.enable
Whether to enable Enable support for Wooting keyboards.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/wooting.nix>
- hardware.xpadneo.enable
Whether to enable the xpadneo driver for Xbox One wireless controllers.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/xpadneo.nix>
- i18n.defaultLocale
The default locale. It determines the language for program messages, the format for dates and times, sort order, and so on. It also determines the character set, such as UTF-8.
Type: string
Default: "en_US.UTF-8"
Example: "nl_NL.UTF-8"
Declared by:
<nixpkgs/nixos/modules/config/i18n.nix>
- i18n.extraLocaleSettings
A set of additional system-wide locale settings other than LANG which can be configured with i18n.defaultLocale.
Type: attribute set of strings
Default: { }
Example: { LC_MESSAGES = "en_US.UTF-8"; LC_TIME = "de_DE.UTF-8"; }
Declared by:
<nixpkgs/nixos/modules/config/i18n.nix>
- i18n.glibcLocales
Customized pkg.glibcLocales package.
Changing this option can disable handling of i18n.defaultLocale and supportedLocale.
Type: path
Default: (build of glibc-locales-2.33-117)
Example: pkgs.glibcLocales
Declared by:
<nixpkgs/nixos/modules/config/i18n.nix>
- i18n.inputMethod.enabled
Select the enabled input method. Input methods is a software to input symbols that are not available on standard input devices.
Input methods are specially used to input Chinese, Japanese and Korean characters.
Currently the following input methods are available in NixOS:
- ibus: The intelligent input bus, extra input engines can be added using i18n.inputMethod.ibus.engines.
- fcitx: A customizable lightweight input method, extra input engines can be added using i18n.inputMethod.fcitx.engines.
- fcitx5: The next generation of fcitx, addons (including engines, dictionaries, skins) can be added using i18n.inputMethod.fcitx5.addons.
- nabi: A Korean input method based on XIM. Nabi doesn't support Qt 5.
- uim: The universal input method, is a library with a XIM bridge. uim mainly support Chinese, Japanese and Korean.
- hime: An extremely easy-to-use input method framework.
- kime: Koream IME.
Type: null or one of "ibus", "fcitx", "fcitx5", "nabi", "uim", "hime", "kime"
Default: null
Example: "fcitx"
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/default.nix>
- i18n.inputMethod.fcitx.engines
Enabled Fcitx engines. Available engines are: anthy, chewing, cloudpinyin, hangul, libpinyin, m17n, mozc, rime, skk, table-extra, table-other, unikey.
Type: list of packages
Default: [ ]
Example: with pkgs.fcitx-engines; [ mozc hangul ]
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/fcitx.nix>
- i18n.inputMethod.fcitx5.addons
Enabled Fcitx5 addons.
Type: list of packages
Default: [ ]
Example: with pkgs; [ fcitx5-rime ]
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix>
- i18n.inputMethod.ibus.engines
Enabled IBus engines. Available engines are: anthy, bamboo, hangul, kkc, libpinyin, libthai, m17n, mozc, rime, table, table-chinese, table-others, typing-booster, typing-booster-unwrapped, uniemoji.
Type: list of packages
Default: [ ]
Example: with pkgs.ibus-engines; [ mozc hangul ]
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/ibus.nix>
- i18n.inputMethod.ibus.panel
Replace the IBus panel with another panel.
Type: null or path
Default: null
Example: "${pkgs.plasma5Packages.plasma-desktop}/lib/libexec/kimpanel-ibus-panel"
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/ibus.nix>
- i18n.inputMethod.kime.config
kime configuration. Refer to https://github.com/Riey/kime/blob/v2.5.5/docs/CONFIGURATION.md for details on supported values.
Type: YAML value
Default: { }
Example:
{ daemon = { modules = ["Xim" "Indicator"]; }; indicator = { icon_color = "White"; }; engine = { hangul = { layout = "dubeolsik"; }; }; }Declared by:
<nixpkgs/nixos/modules/i18n/input-method/kime.nix>
- i18n.inputMethod.uim.toolbar
selected UIM toolbar.
Type: one of "gtk", "gtk3", "gtk-systray", "gtk3-systray", "qt4"
Default: "gtk"
Example: "gtk-systray"
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/uim.nix>
- i18n.supportedLocales
List of locales that the system should support. The value "all" means that all locales supported by Glibc will be installed. A full list of supported locales can be found at https://sourceware.org/git/?p=glibc.git;a=blob;f=localedata/SUPPORTED.
Type: list of strings
Default: [ "all" ]
Example: [ "en_US.UTF-8/UTF-8" "nl_NL.UTF-8/UTF-8" "nl_NL/ISO-8859-1" ]
Declared by:
<nixpkgs/nixos/modules/config/i18n.nix>
- krb5.enable
Whether to enable building krb5.conf, configuration file for Kerberos V.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
- krb5.appdefaults
Settings used by some Kerberos V5 applications.
Type: attribute set or strings concatenated with "\n"
Default: { }
Example:
{ pam = { debug = false; ticket_lifetime = 36000; renew_lifetime = 36000; max_timeout = 30; timeout_shift = 2; initial_timeout = 1; }; };Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
- krb5.capaths
Authentication paths for non-hierarchical cross-realm authentication.
Type: attribute set or strings concatenated with "\n"
Default: { }
Example:
{ "ATHENA.MIT.EDU" = { "EXAMPLE.COM" = "."; }; "EXAMPLE.COM" = { "ATHENA.MIT.EDU" = "."; }; };Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
- krb5.config
Verbatim krb5.conf configuration. Note that this is mutually exclusive with configuration via libdefaults, realms, domain_realm, capaths, appdefaults, plugins and extraConfig configuration options. Consult man krb5.conf for documentation.
Type: null or strings concatenated with "\n"
Default: null
Example:
'' [libdefaults] default_realm = EXAMPLE.COM [realms] EXAMPLE.COM = { admin_server = kerberos.example.com kdc = kerberos.example.com default_principal_flags = +preauth } [domain_realm] example.com = EXAMPLE.COM .example.com = EXAMPLE.COM [logging] kdc = SYSLOG:NOTICE admin_server = SYSLOG:NOTICE default = SYSLOG:NOTICE ''Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
- krb5.defaultRealm
DEPRECATED, please use krb5.libdefaults.default_realm.
Type: null or string
Default: null
Example: "ATHENA.MIT.EDU"
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
- krb5.domainRealm
DEPRECATED, please create a map of server hostnames to Kerberos realms in krb5.domain_realm.
Type: null or string
Default: null
Example: "athena.mit.edu"
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
- krb5.domain_realm
Map of server hostnames to Kerberos realms.
Type: attribute set or strings concatenated with "\n"
Default: { }
Example:
{ "example.com" = "EXAMPLE.COM"; ".example.com" = "EXAMPLE.COM"; };Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
- krb5.extraConfig
These lines go to the end of krb5.conf verbatim. krb5.conf may include any of the relations that are valid for kdc.conf (see man kdc.conf), but it is not a recommended practice.
Type: null or strings concatenated with "\n"
Default: null
Example:
'' [logging] kdc = SYSLOG:NOTICE admin_server = SYSLOG:NOTICE default = SYSLOG:NOTICE ''
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
- krb5.kdc
DEPRECATED, please pass a kdc attribute to a realm in krb5.realms.
Type: null or string
Default: null
Example: "kerberos.mit.edu"
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
- krb5.kerberos
The Kerberos implementation that will be present in environment.systemPackages after enabling this service.
Type: package
Default: pkgs.krb5Full
Example: pkgs.heimdal
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
- krb5.kerberosAdminServer
DEPRECATED, please pass an admin_server attribute to a realm in krb5.realms.
Type: null or string
Default: null
Example: "kerberos.mit.edu"
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
- krb5.libdefaults
Settings used by the Kerberos V5 library.
Type: attribute set or strings concatenated with "\n"
Default: { }
Example:
{ default_realm = "ATHENA.MIT.EDU"; };Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
- krb5.plugins
Controls plugin module registration.
Type: attribute set or strings concatenated with "\n"
Default: { }
Example:
{ ccselect = { disable = "k5identity"; }; };Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
- krb5.realms
Realm-specific contact information and settings.
Type: attribute set or strings concatenated with "\n"
Default: { }
Example:
{ "ATHENA.MIT.EDU" = { admin_server = "athena.mit.edu"; kdc = [ "athena01.mit.edu" "athena02.mit.edu" ]; }; };Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
- lib
This option allows modules to define helper functions, constants, etc.
Type: attribute set of attribute sets
Default: { }
Declared by:
<nixpkgs/nixos/modules/misc/lib.nix>
- location.latitude
Your current latitude, between -90.0 and 90.0. Must be provided along with longitude.
Type: floating point number
Declared by:
<nixpkgs/nixos/modules/config/locale.nix>
- location.longitude
Your current longitude, between between -180.0 and 180.0. Must be provided along with latitude.
Type: floating point number
Declared by:
<nixpkgs/nixos/modules/config/locale.nix>
- location.provider
The location provider to use for determining your location. If set to manual you must also provide latitude/longitude.
Type: one of "manual", "geoclue2"
Default: "manual"
Declared by:
<nixpkgs/nixos/modules/config/locale.nix>
- networking.enableB43Firmware
Turn on this option if you want firmware for the NICs supported by the b43 module.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/network/b43.nix>
- networking.enableIPv6
Whether to enable support for IPv6.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.enableIntel2200BGFirmware
Turn on this option if you want firmware for the Intel PRO/Wireless 2200BG to be loaded automatically. This is required if you want to use this device.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/network/intel-2200bg.nix>
- networking.bonds
This option allows you to define bond devices that aggregate multiple, underlying networking interfaces together. The value of this option is an attribute set. Each attribute specifies a bond, with the attribute name specifying the name of the bond's network interface
Type: attribute set of submodules
Default: { }
Example:
{ bond0 = { interfaces = [ "eth0" "wlan0" ]; driverOptions = { miimon = "100"; mode = "active-backup"; } ; }; anotherBond.interfaces = [ "enp4s0f0" "enp4s0f1" "enp5s0f0" "enp5s0f1" ]; }Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.bonds.<name>.driverOptions
Options for the bonding driver. Documentation can be found in https://www.kernel.org/doc/Documentation/networking/bonding.txt
Type: attribute set of strings
Default: { }
Example:
{ miimon = "100"; mode = "active-backup"; }Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.bonds.<name>.interfaces
The interfaces to bond together
Type: list of strings
Example: [ "enp4s0f0" "enp4s0f1" "wlan0" ]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.bonds.<name>.lacp_rate
DEPRECATED, use `driverOptions`. Option specifying the rate in which we'll ask our link partner to transmit LACPDU packets in 802.3ad mode.
Type: null or string
Default: null
Example: "fast"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.bonds.<name>.miimon
DEPRECATED, use `driverOptions`. Miimon is the number of millisecond in between each round of polling by the device driver for failed links. By default polling is not enabled and the driver is trusted to properly detect and handle failure scenarios.
Type: null or signed integer
Default: null
Example: 100
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.bonds.<name>.mode
DEPRECATED, use `driverOptions`. The mode which the bond will be running. The default mode for the bonding driver is balance-rr, optimizing for throughput. More information about valid modes can be found at https://www.kernel.org/doc/Documentation/networking/bonding.txt
Type: null or string
Default: null
Example: "active-backup"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.bonds.<name>.xmit_hash_policy
DEPRECATED, use `driverOptions`. Selects the transmit hash policy to use for slave selection in balance-xor, 802.3ad, and tlb modes.
Type: null or string
Default: null
Example: "layer2+3"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.bridges
This option allows you to define Ethernet bridge devices that connect physical networks together. The value of this option is an attribute set. Each attribute specifies a bridge, with the attribute name specifying the name of the bridge's network interface.
Type: attribute set of submodules
Default: { }
Example: { br0 = { interfaces = [ "eth0" "eth1" ] ; } ; br1 = { interfaces = [ "eth2" "wlan0" ] ; } ; }
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.bridges.<name>.interfaces
The physical network interfaces connected by the bridge.
Type: list of strings
Example: [ "eth0" "eth1" ]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.bridges.<name>.rstp
Whether the bridge interface should enable rstp.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.defaultGateway
The default gateway. It can be left empty if it is auto-detected through DHCP. It can be specified as a string or an option set along with a network interface.
Type: null or submodule or string convertible to it
Default: null
Example: { address = "131.211.84.1"; interface = "enp3s0"; }
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.defaultGateway.address
The default gateway address.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.defaultGateway.interface
The default gateway interface.
Type: null or string
Default: null
Example: "enp0s3"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.defaultGateway.metric
The default gateway metric/preference.
Type: null or signed integer
Default: null
Example: 42
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.defaultGateway6
The default ipv6 gateway. It can be left empty if it is auto-detected through DHCP. It can be specified as a string or an option set along with a network interface.
Type: null or submodule or string convertible to it
Default: null
Example: { address = "2001:4d0:1e04:895::1"; interface = "enp3s0"; }
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.defaultGateway6.address
The default gateway address.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.defaultGateway6.interface
The default gateway interface.
Type: null or string
Default: null
Example: "enp0s3"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.defaultGateway6.metric
The default gateway metric/preference.
Type: null or signed integer
Default: null
Example: 42
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.defaultGatewayWindowSize
The window size of the default gateway. It limits maximal data bursts that TCP peers are allowed to send to us.
Type: null or signed integer
Default: null
Example: 524288
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.dhcpcd.enable
Whether to enable dhcpcd for device configuration. This is mainly to explicitly disable dhcpcd (for example when using networkd).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
- networking.dhcpcd.allowInterfaces
Enable the DHCP client for any interface whose name matches any of the shell glob patterns in this list. Any interface not explicitly matched by this pattern will be denied. This pattern only applies when non-null.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
- networking.dhcpcd.denyInterfaces
Disable the DHCP client for any interface whose name matches any of the shell glob patterns in this list. The purpose of this option is to blacklist virtual interfaces such as those created by Xen, libvirt, LXC, etc.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
- networking.dhcpcd.extraConfig
Literal string to append to the config file generated for dhcpcd.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
- networking.dhcpcd.persistent
Whenever to leave interfaces configured on dhcpcd daemon shutdown. Set to true if you have your root or store mounted over the network or this machine accepts SSH connections through DHCP interfaces and clients should be notified when it shuts down.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
- networking.dhcpcd.runHook
Shell code that will be run after all other hooks. See `man dhcpcd-run-hooks` for details on what is possible.
Type: strings concatenated with "\n"
Default: ""
Example: "if [[ $reason =~ BOUND ]]; then echo $interface: Routers are $new_routers - were $old_routers; fi"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
- networking.dhcpcd.wait
This option specifies when the dhcpcd service will fork to background. If set to "background", dhcpcd will fork to background immediately. If set to "ipv4" or "ipv6", dhcpcd will wait for the corresponding IP address to be assigned. If set to "any", dhcpcd will wait for any type (IPv4 or IPv6) to be assigned. If set to "both", dhcpcd will wait for both an IPv4 and an IPv6 address before forking. The option "if-carrier-up" is equivalent to "any" if either ethernet is plugged nor WiFi is powered, and to "background" otherwise.
Type: one of "background", "any", "ipv4", "ipv6", "both", "if-carrier-up"
Default: "any"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
- networking.domain
The domain. It can be left empty if it is auto-detected through DHCP.
Type: null or string
Default: null
Example: "home.arpa"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.extraHosts
Additional verbatim entries to be appended to /etc/hosts. For adding hosts from derivation results, use networking.hostFiles instead.
Type: strings concatenated with "\n"
Default: ""
Example: "192.168.0.1 lanlocalhost"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
- networking.firewall.enable
Whether to enable the firewall. This is a simple stateful firewall that blocks connection attempts to unauthorised TCP or UDP ports on this machine. It does not affect packet forwarding.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.firewall.package
The iptables package to use for running the firewall service."
Type: package
Default: pkgs.iptables
Example: pkgs.iptables-nftables-compat
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.firewall.allowPing
Whether to respond to incoming ICMPv4 echo requests ("pings"). ICMPv6 pings are always allowed because the larger address space of IPv6 makes network scanning much less effective.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.firewall.allowedTCPPortRanges
A range of TCP ports on which incoming connections are accepted.
Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)ss
Default: [ ]
Example: [ { from = 8999; to = 9003; } ]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.firewall.allowedTCPPorts
List of TCP ports on which incoming connections are accepted.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)s
Default: [ ]
Example: [ 22 80 ]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.firewall.allowedUDPPortRanges
Range of open UDP ports.
Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)ss
Default: [ ]
Example: [ { from = 60000; to = 61000; } ]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.firewall.allowedUDPPorts
List of open UDP ports.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)s
Default: [ ]
Example: [ 53 ]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.firewall.autoLoadConntrackHelpers
Whether to auto-load connection-tracking helpers. See the description at networking.firewall.connectionTrackingModules
(needs kernel 3.5+)
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.firewall.checkReversePath
Performs a reverse path filter test on a packet. If a reply to the packet would not be sent via the same interface that the packet arrived on, it is refused.
If using asymmetric routing or other complicated routing, set this option to loose mode or disable it and setup your own counter-measures.
This option can be either true (or "strict"), "loose" (only drop the packet if the source address is not reachable via any interface) or false. Defaults to the value of kernelHasRPFilter.
(needs kernel 3.3+)
Type: boolean or one of "strict", "loose"
Default: true
Example: "loose"
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.firewall.connectionTrackingModules
List of connection-tracking helpers that are auto-loaded. The complete list of possible values is given in the example.
As helpers can pose as a security risk, it is advised to set this to an empty list and disable the setting networking.firewall.autoLoadConntrackHelpers unless you know what you are doing. Connection tracking is disabled by default.
Loading of helpers is recommended to be done through the CT target. More info: https://home.regit.org/netfilter-en/secure-use-of-helpers/
Type: list of strings
Default: [ ]
Example: [ "ftp" "irc" "sane" "sip" "tftp" "amanda" "h323" "netbios_sn" "pptp" "snmp" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.firewall.extraCommands
Additional shell commands executed as part of the firewall initialisation script. These are executed just before the final "reject" firewall rule is added, so they can be used to allow packets that would otherwise be refused.
Type: strings concatenated with "\n"
Default: ""
Example: "iptables -A INPUT -p icmp -j ACCEPT"
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.firewall.extraPackages
Additional packages to be included in the environment of the system as well as the path of networking.firewall.extraCommands.
Type: list of packages
Default: [ ]
Example: [ pkgs.ipset ]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.firewall.extraStopCommands
Additional shell commands executed as part of the firewall shutdown script. These are executed just after the removal of the NixOS input rule, or if the service enters a failed state.
Type: strings concatenated with "\n"
Default: ""
Example: "iptables -P INPUT ACCEPT"
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.firewall.interfaces
Interface-specific open ports.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.firewall.interfaces.<name>.allowedTCPPortRanges
A range of TCP ports on which incoming connections are accepted.
Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)ss
Default: [ ]
Example: [ { from = 8999; to = 9003; } ]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.firewall.interfaces.<name>.allowedTCPPorts
List of TCP ports on which incoming connections are accepted.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)s
Default: [ ]
Example: [ 22 80 ]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.firewall.interfaces.<name>.allowedUDPPortRanges
Range of open UDP ports.
Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)ss
Default: [ ]
Example: [ { from = 60000; to = 61000; } ]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.firewall.interfaces.<name>.allowedUDPPorts
List of open UDP ports.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)s
Default: [ ]
Example: [ 53 ]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.firewall.logRefusedConnections
Whether to log rejected or dropped incoming connections. Note: The logs are found in the kernel logs, i.e. dmesg or journalctl -k.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.firewall.logRefusedPackets
Whether to log all rejected or dropped incoming packets. This tends to give a lot of log messages, so it's mostly useful for debugging. Note: The logs are found in the kernel logs, i.e. dmesg or journalctl -k.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.firewall.logRefusedUnicastsOnly
If networking.firewall.logRefusedPackets and this option are enabled, then only log packets specifically directed at this machine, i.e., not broadcasts or multicasts.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.firewall.logReversePathDrops
Logs dropped packets failing the reverse path filter test if the option networking.firewall.checkReversePath is enabled.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.firewall.pingLimit
If pings are allowed, this allows setting rate limits on them. If non-null, this option should be in the form of flags like "--limit 1/minute --limit-burst 5"
Type: null or strings concatenated with " "
Default: null
Example: "--limit 1/minute --limit-burst 5"
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.firewall.rejectPackets
If set, refused packets are rejected rather than dropped (ignored). This means that an ICMP "port unreachable" error message is sent back to the client (or a TCP RST packet in case of an existing connection). Rejecting packets makes port scanning somewhat easier.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.firewall.trustedInterfaces
Traffic coming in from these interfaces will be accepted unconditionally. Traffic from the loopback (lo) interface will always be accepted.
Type: list of strings
Default: [ ]
Example: [ "enp0s2" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
- networking.fooOverUDP
This option allows you to configure Foo Over UDP and Generic UDP Encapsulation endpoints. See ip-fou(8) for details.
Type: attribute set of submodules
Default: { }
Example: { backup = { port = 9002; } ; primary = { local = { address = "192.0.2.1"; dev = "eth0"; } ; port = 9001; } ; }
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.fooOverUDP.<name>.local
Local address (and optionally device) to bind to using the given port.
Type: null or submodule
Default: null
Example: { address = "203.0.113.22"; }
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.fooOverUDP.<name>.local.address
Local address to bind to. The address must be available when the FOU endpoint is created, using the scripted network setup this can be achieved either by setting dev or adding dependency information to systemd.services.<name>-fou-encap; it isn't supported when using networkd.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.fooOverUDP.<name>.local.dev
Network device to bind to.
Type: null or string
Default: null
Example: "eth0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.fooOverUDP.<name>.port
Local port of the encapsulation UDP socket.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.fooOverUDP.<name>.protocol
Protocol number of the encapsulated packets. Specifying null (the default) creates a GUE endpoint, specifying a protocol number will create a FOU endpoint.
Type: null or integer between 1 and 255 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.fqdn
The fully qualified domain name (FQDN) of this host. It is the result of combining networking.hostName and networking.domain. Using this option will result in an evaluation error if the hostname is empty or no domain is specified.
Type: string (read only)
Default: "${networking.hostName}.${networking.domain}"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.hostFiles
Files that should be concatenated together to form /etc/hosts.
Type: list of paths
Default: Hosts from networking.hosts and networking.extraHosts
Example: [ "${pkgs.my-blocklist-package}/share/my-blocklist/hosts" ]
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
- networking.hostId
The 32-bit host ID of the machine, formatted as 8 hexadecimal characters.
You should try to make this ID unique among your machines. You can generate a random 32-bit ID using the following commands:
head -c 8 /etc/machine-id
(this derives it from the machine-id that systemd generates) or
head -c4 /dev/urandom | od -A none -t x4
The primary use case is to ensure when using ZFS that a pool isn't imported accidentally on a wrong machine.
Type: null or string
Default: null
Example: "4e98920d"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.hostName
The name of the machine. Leave it empty if you want to obtain it from a DHCP server (if using DHCP). The hostname must be a valid DNS label (see RFC 1035 section 2.3.1: "Preferred name syntax", RFC 1123 section 2.1: "Host Names and Numbers") and as such must not contain the domain part. This means that the hostname must start with a letter or digit, end with a letter or digit, and have as interior characters only letters, digits, and hyphen. The maximum length is 63 characters. Additionally it is recommended to only use lower-case characters. If (e.g. for legacy reasons) a FQDN is required as the Linux kernel network node hostname (uname --nodename) the option boot.kernel.sysctl."kernel.hostname" can be used as a workaround (but the 64 character limit still applies).
WARNING: Do not use underscores (_) or you may run into unexpected issues.
Type: string matching the pattern ^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$
Default: "nixos"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.hosts
Locally defined maps of hostnames to IP addresses.
Type: attribute set of list of stringss
Example:
{ "127.0.0.1" = [ "foo.bar.baz" ]; "192.168.0.2" = [ "fileserver.local" "nameserver.local" ]; };Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
- networking.interfaces
The configuration for each network interface. If networking.useDHCP is true, then every interface not listed here will be configured using DHCP.
Type: attribute set of submodules
Default: { }
Example: { eth0 = { ipv4 = { addresses = [ { address = "131.211.84.78"; prefixLength = 25; } ] ; } ; } ; }
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.ipv4.addresses
List of IPv4 addresses that will be statically assigned to the interface.
Type: list of submodules
Default: [ ]
Example: [ { address = "10.0.0.1"; prefixLength = 16; } { address = "192.168.1.1"; prefixLength = 24; } ]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.ipv4.addresses.*.address
IPv4 address of the interface. Leave empty to configure the interface using DHCP.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.ipv4.addresses.*.prefixLength
Subnet mask of the interface, specified as the number of bits in the prefix (24).
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.ipv4.routes
List of extra IPv4 static routes that will be assigned to the interface.
Type: list of submodules
Default: [ ]
Example: [ { address = "10.0.0.0"; prefixLength = 16; } { address = "192.168.2.0"; prefixLength = 24; via = "192.168.1.1"; } ]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.ipv4.routes.*.address
IPv4 address of the network.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.ipv4.routes.*.options
Other route options. See the symbol OPTIONS in the ip-route(8) manual page for the details.
Type: attribute set of strings
Default: { }
Example: { mtu = "1492"; window = "524288"; }
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.ipv4.routes.*.prefixLength
Subnet mask of the network, specified as the number of bits in the prefix (24).
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.ipv4.routes.*.via
IPv4 address of the next hop.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.ipv6.addresses
List of IPv6 addresses that will be statically assigned to the interface.
Type: list of submodules
Default: [ ]
Example: [ { address = "fdfd:b3f0:482::1"; prefixLength = 48; } { address = "2001:1470:fffd:2098::e006"; prefixLength = 64; } ]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.ipv6.addresses.*.address
IPv6 address of the interface. Leave empty to configure the interface using DHCP.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.ipv6.addresses.*.prefixLength
Subnet mask of the interface, specified as the number of bits in the prefix (64).
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.ipv6.routes
List of extra IPv6 static routes that will be assigned to the interface.
Type: list of submodules
Default: [ ]
Example: [ { address = "fdfd:b3f0::"; prefixLength = 48; } { address = "2001:1470:fffd:2098::"; prefixLength = 64; via = "fdfd:b3f0::1"; } ]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.ipv6.routes.*.address
IPv6 address of the network.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.ipv6.routes.*.options
Other route options. See the symbol OPTIONS in the ip-route(8) manual page for the details.
Type: attribute set of strings
Default: { }
Example: { mtu = "1492"; window = "524288"; }
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.ipv6.routes.*.prefixLength
Subnet mask of the network, specified as the number of bits in the prefix (64).
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.ipv6.routes.*.via
IPv6 address of the next hop.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.macAddress
MAC address of the interface. Leave empty to use the default.
Type: null or string
Default: null
Example: "00:11:22:33:44:55"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.mtu
MTU size for packets leaving the interface. Leave empty to use the default.
Type: null or signed integer
Default: null
Example: 9000
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.name
Name of the interface.
Type: string
Example: "eth0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.proxyARP
Turn on proxy_arp for this device. This is mainly useful for creating pseudo-bridges between a real interface and a virtual network such as VPN or a virtual machine for interfaces that don't support real bridging (most wlan interfaces). As ARP proxying acts slightly above the link-layer, below-ip traffic isn't bridged, so things like DHCP won't work. The advantage above using NAT lies in the fact that no IP addresses are shared, so all hosts are reachable/routeable.
WARNING: turns on ip-routing, so if you have multiple interfaces, you should think of the consequence and setup firewall rules to limit this.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.tempAddress
When IPv6 is enabled with SLAAC, this option controls the use of temporary address (aka privacy extensions) on this interface. This is used to reduce tracking.
See also the global option networking.tempAddresses, which applies to all interfaces where this is not set.
Possible values are:
- "default" to generate IPv6 temporary addresses and use these as source addresses in routing;
- "disabled" to completely disable IPv6 temporary addresses;
- "enabled" to generate IPv6 temporary addresses but still use EUI-64 addresses as source addresses;
Type: one of "default", "disabled", "enabled"
Default: config.networking.tempAddresses
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.useDHCP
Whether this interface should be configured with dhcp. Null implies the old behavior which depends on whether ip addresses are specified or not.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.virtual
Whether this interface is virtual and should be created by tunctl. This is mainly useful for creating bridges between a host and a virtual network such as VPN or a virtual machine.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.virtualOwner
In case of a virtual device, the user who owns it.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.virtualType
The type of interface to create. The default is TUN for an interface name starting with "tun", otherwise TAP.
Type: one of "tun", "tap"
Default: if hasPrefix "tun" name then "tun" else "tap"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.interfaces.<name>.wakeOnLan.enable
Wether to enable wol on this interface.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.iproute2.enable
Whether to enable copy IP route configuration files.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/config/iproute2.nix>
- networking.iproute2.rttablesExtraConfig
Verbatim lines to add to /etc/iproute2/rt_tables
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/iproute2.nix>
- networking.localCommands
Shell commands to be executed at the end of the network-setup systemd service. Note that if you are using DHCP to obtain the network configuration, interfaces may not be fully configured yet.
Type: strings concatenated with "\n"
Default: ""
Example: "text=anything; echo You can put $text here."
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.macvlans
This option allows you to define macvlan interfaces which should be automatically created.
Type: attribute set of submodules
Default: { }
Example:
{ wan = { interface = "enp2s0"; mode = "vepa"; }; }Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.macvlans.<name>.interface
The interface the macvlan will transmit packets through.
Type: string
Example: "enp4s0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.macvlans.<name>.mode
The mode of the macvlan device.
Type: null or string
Default: null
Example: "vepa"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.nameservers
The list of nameservers. It can be left empty if it is auto-detected through DHCP.
Type: list of strings
Default: [ ]
Example: [ "130.161.158.4" "130.161.33.17" ]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.nat.enable
Whether to enable Network Address Translation (NAT).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
- networking.nat.enableIPv6
Whether to enable IPv6 NAT.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
- networking.nat.dmzHost
The local IP address to which all traffic that does not match any forwarding rule is forwarded.
Type: null or string
Default: null
Example: "10.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
- networking.nat.externalIP
The public IP address to which packets from the local network are to be rewritten. If this is left empty, the IP address associated with the external interface will be used.
Type: null or string
Default: null
Example: "203.0.113.123"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
- networking.nat.externalIPv6
The public IPv6 address to which packets from the local network are to be rewritten. If this is left empty, the IP address associated with the external interface will be used.
Type: null or string
Default: null
Example: "2001:dc0:2001:11::175"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
- networking.nat.externalInterface
The name of the external network interface.
Type: null or string
Default: null
Example: "eth1"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
- networking.nat.extraCommands
Additional shell commands executed as part of the nat initialisation script.
Type: strings concatenated with "\n"
Default: ""
Example: "iptables -A INPUT -p icmp -j ACCEPT"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
- networking.nat.extraStopCommands
Additional shell commands executed as part of the nat teardown script.
Type: strings concatenated with "\n"
Default: ""
Example: "iptables -D INPUT -p icmp -j ACCEPT || true"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
- networking.nat.forwardPorts
List of forwarded ports from the external interface to internal destinations by using DNAT. Destination can be IPv6 if IPv6 NAT is enabled.
Type: list of submodules
Default: [ ]
Example: [ { destination = "10.0.0.1:80"; proto = "tcp"; sourcePort = 8080; } { destination = "[fc00::2]:80"; proto = "tcp"; sourcePort = 8080; } ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
- networking.nat.forwardPorts.*.destination
Forward connection to destination ip:port (or [ipv6]:port); to specify a port range, use ip:start-end
Type: string
Example: "10.0.0.1:80"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
- networking.nat.forwardPorts.*.loopbackIPs
Public IPs for NAT reflection; for connections to `loopbackip:sourcePort' from the host itself and from other hosts behind NAT
Type: list of strings
Default: [ ]
Example: [ "55.1.2.3" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
- networking.nat.forwardPorts.*.proto
Protocol of forwarded connection
Type: string
Default: "tcp"
Example: "udp"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
- networking.nat.forwardPorts.*.sourcePort
Source port of the external interface; to specify a port range, use a string with a colon (e.g. "60000:61000")
Type: signed integer or string matching the pattern [[:digit:]]+:[[:digit:]]+
Example: 8080
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
- networking.nat.internalIPs
The IP address ranges for which to perform NAT. Packets coming from these addresses (on any interface) and destined for the external interface will be rewritten.
Type: list of strings
Default: [ ]
Example: [ "192.168.1.0/24" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
- networking.nat.internalIPv6s
The IPv6 address ranges for which to perform NAT. Packets coming from these addresses (on any interface) and destined for the external interface will be rewritten.
Type: list of strings
Default: [ ]
Example: [ "fc00::/64" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
- networking.nat.internalInterfaces
The interfaces for which to perform NAT. Packets coming from these interface and destined for the external interface will be rewritten.
Type: list of strings
Default: [ ]
Example: [ "eth0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
- networking.networkmanager.enable
Whether to use NetworkManager to obtain an IP address and other configuration for all network interfaces that are not manually configured. If enabled, a group networkmanager will be created. Add all users that should have permission to change network settings to this group.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
- networking.networkmanager.enableStrongSwan
Enable the StrongSwan plugin.
If you enable this option the networkmanager_strongswan plugin will be added to the networking.networkmanager.packages option so you don't need to to that yourself.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
- networking.networkmanager.packages
Extra packages that provide NetworkManager plugins.
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
- networking.networkmanager.appendNameservers
A list of name servers that should be appended to the ones configured in NetworkManager or received by DHCP.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
- networking.networkmanager.connectionConfig
Configuration for the [connection] section of NetworkManager.conf. Refer to https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html#id-1.2.3.11 or NetworkManager.conf(5) for more information.
Type: attribute set of null or boolean or signed integer or strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
- networking.networkmanager.dhcp
Which program (or internal library) should be used for DHCP.
Type: one of "dhclient", "dhcpcd", "internal"
Default: "internal"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
- networking.networkmanager.dispatcherScripts
A list of scripts which will be executed in response to network events.
Type: list of submodules
Default: [ ]
Example:
[ { source = pkgs.writeText "upHook" '' if [ "$2" != "up" ]; then logger "exit: event $2 != up" exit fi # coreutils and iproute are in PATH too logger "Device $DEVICE_IFACE coming up" ''; type = "basic"; } ]Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
- networking.networkmanager.dispatcherScripts.*.source
Path to the hook script.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
- networking.networkmanager.dispatcherScripts.*.type
Dispatcher hook type. Look up the hooks described at https://developer.gnome.org/NetworkManager/stable/NetworkManager.html and choose the type depending on the output folder. You should then filter the event type (e.g., "up"/"down") from within your script.
Type: one of "basic", "pre-down", "pre-up"
Default: "basic"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
- networking.networkmanager.dns
Set the DNS (resolv.conf) processing mode.
A description of these modes can be found in the main section of https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html or in NetworkManager.conf(5).
Type: one of "default", "dnsmasq", "unbound", "systemd-resolved", "none"
Default: "default"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
- networking.networkmanager.ethernet.macAddress
Set the MAC address of the interface.
- "XX:XX:XX:XX:XX:XX"
MAC address of the interface
- "permanent"
Use the permanent MAC address of the device
- "preserve"
Don’t change the MAC address of the device upon activation
- "random"
Generate a randomized value upon each connect
- "stable"
Generate a stable, hashed MAC address
Type: string or one of "permanent", "preserve", "random", "stable"
Default: "preserve"
Example: "00:11:22:33:44:55"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
- networking.networkmanager.extraConfig
Configuration appended to the generated NetworkManager.conf. Refer to https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html or NetworkManager.conf(5) for more information.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
- networking.networkmanager.firewallBackend
Which firewall backend should be used for configuring masquerading with shared mode. If set to none, NetworkManager doesn't manage the configuration at all.
Type: one of "iptables", "nftables", "none"
Default: "iptables"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
- networking.networkmanager.insertNameservers
A list of name servers that should be inserted before the ones configured in NetworkManager or received by DHCP.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
- networking.networkmanager.logLevel
Set the default logging verbosity level.
Type: one of "OFF", "ERR", "WARN", "INFO", "DEBUG", "TRACE"
Default: "WARN"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
- networking.networkmanager.unmanaged
List of interfaces that will not be managed by NetworkManager. Interface name can be specified here, but if you need more fidelity, refer to https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html#device-spec or the "Device List Format" Appendix of NetworkManager.conf(5).
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
- networking.networkmanager.wifi.backend
Specify the Wi-Fi backend used for the device. Currently supported are wpa_supplicant or iwd (experimental).
Type: one of "wpa_supplicant", "iwd"
Default: "wpa_supplicant"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
- networking.networkmanager.wifi.macAddress
Set the MAC address of the interface.
- "XX:XX:XX:XX:XX:XX"
MAC address of the interface
- "permanent"
Use the permanent MAC address of the device
- "preserve"
Don’t change the MAC address of the device upon activation
- "random"
Generate a randomized value upon each connect
- "stable"
Generate a stable, hashed MAC address
Type: string or one of "permanent", "preserve", "random", "stable"
Default: "preserve"
Example: "00:11:22:33:44:55"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
- networking.networkmanager.wifi.powersave
Whether to enable Wi-Fi power saving.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
- networking.networkmanager.wifi.scanRandMacAddress
Whether to enable MAC address randomization of a Wi-Fi device during scanning.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
- networking.nftables.enable
Whether to enable nftables. nftables is a Linux-based packet filtering framework intended to replace frameworks like iptables.
This conflicts with the standard networking firewall, so make sure to disable it before using nftables.
Note that if you have Docker enabled you will not be able to use nftables without intervention. Docker uses iptables internally to setup NAT for containers. This module disables the ip_tables kernel module, however Docker automatically loads the module. Please see [1] for more information.
There are other programs that use iptables internally too, such as libvirt.
[1]: https://github.com/NixOS/nixpkgs/issues/24318#issuecomment-289216273
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nftables.nix>
- networking.nftables.ruleset
The ruleset to be used with nftables. Should be in a format that can be loaded using "/bin/nft -f". The ruleset is updated atomically.
Type: strings concatenated with "\n"
Default: ""
Example:
'' # Check out https://wiki.nftables.org/ for better documentation. # Table for both IPv4 and IPv6. table inet filter { # Block all incomming connections traffic except SSH and "ping". chain input { type filter hook input priority 0; # accept any localhost traffic iifname lo accept # accept traffic originated from us ct state {established, related} accept # ICMP # routers may also want: mld-listener-query, nd-router-solicit ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept ip protocol icmp icmp type { destination-unreachable, router-advertisement, time-exceeded, parameter-problem } accept # allow "ping" ip6 nexthdr icmpv6 icmpv6 type echo-request accept ip protocol icmp icmp type echo-request accept # accept SSH connections (required for a server) tcp dport 22 accept # count and drop any other traffic counter drop } # Allow all outgoing connections. chain output { type filter hook output priority 0; accept } chain forward { type filter hook forward priority 0; accept } } ''Declared by:
<nixpkgs/nixos/modules/services/networking/nftables.nix>
- networking.nftables.rulesetFile
The ruleset file to be used with nftables. Should be in a format that can be loaded using "nft -f". The ruleset is updated atomically.
Type: path
Default: a file with the contents of networking.nftables.ruleset
Declared by:
<nixpkgs/nixos/modules/services/networking/nftables.nix>
- networking.proxy.allProxy
This option specifies the all_proxy environment variable.
Type: null or string
Default: null
Example: "http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
- networking.proxy.default
This option specifies the default value for httpProxy, httpsProxy, ftpProxy and rsyncProxy.
Type: null or string
Default: null
Example: "http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
- networking.proxy.ftpProxy
This option specifies the ftp_proxy environment variable.
Type: null or string
Default: null
Example: "http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
- networking.proxy.httpProxy
This option specifies the http_proxy environment variable.
Type: null or string
Default: null
Example: "http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
- networking.proxy.httpsProxy
This option specifies the https_proxy environment variable.
Type: null or string
Default: null
Example: "http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
- networking.proxy.noProxy
This option specifies the no_proxy environment variable. If a default proxy is used and noProxy is null, then noProxy will be set to 127.0.0.1,localhost.
Type: null or string
Default: null
Example: "127.0.0.1,localhost,.localdomain"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
- networking.proxy.rsyncProxy
This option specifies the rsync_proxy environment variable.
Type: null or string
Default: null
Example: "http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
- networking.resolvconf.dnsExtensionMechanism
Enable the edns0 option in resolv.conf. With that option set, glibc supports use of the extension mechanisms for DNS (EDNS) specified in RFC 2671. The most popular user of that feature is DNSSEC, which does not work without it.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/resolvconf.nix>
- networking.resolvconf.dnsSingleRequest
Recent versions of glibc will issue both ipv4 (A) and ipv6 (AAAA) address queries at the same time, from the same port. Sometimes upstream routers will systemically drop the ipv4 queries. The symptom of this problem is that 'getent hosts example.com' only returns ipv6 (or perhaps only ipv4) addresses. The workaround for this is to specify the option 'single-request' in /etc/resolv.conf. This option enables that.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/resolvconf.nix>
- networking.resolvconf.extraConfig
Extra configuration to append to resolvconf.conf.
Type: strings concatenated with "\n"
Default: ""
Example: "libc=NO"
Declared by:
<nixpkgs/nixos/modules/config/resolvconf.nix>
- networking.resolvconf.extraOptions
Set the options in /etc/resolv.conf.
Type: list of strings
Default: [ ]
Example: [ "ndots:1" "rotate" ]
Declared by:
<nixpkgs/nixos/modules/config/resolvconf.nix>
- networking.resolvconf.useLocalResolver
Use local DNS server for resolving.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/resolvconf.nix>
- networking.rxe.enable
Whether to enable RDMA over converged ethernet.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/rxe.nix>
- networking.rxe.interfaces
Enable RDMA on the listed interfaces. The corresponding virtual RDMA interfaces will be named rxe_<interface>. UDP port 4791 must be open on the respective ethernet interfaces.
Type: list of strings
Default: [ ]
Example: [ "eth0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/rxe.nix>
- networking.search
The list of search paths used when resolving domain names.
Type: list of strings
Default: [ ]
Example: [ "example.com" "home.arpa" ]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.sits
This option allows you to define 6-to-4 interfaces which should be automatically created.
Type: attribute set of submodules
Default: { }
Example:
{ hurricane = { remote = "10.0.0.1"; local = "10.0.0.22"; ttl = 255; }; msipv6 = { remote = "192.168.0.1"; dev = "enp3s0"; ttl = 127; }; }Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.sits.<name>.dev
The underlying network device on which the tunnel resides.
Type: null or string
Default: null
Example: "enp4s0f0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.sits.<name>.encapsulation
Configures encapsulation in UDP packets.
Type: null or submodule
Default: null
Example: { port = 9001; type = "fou"; }
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.sits.<name>.encapsulation.port
Destination port for encapsulated packets.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Example: 9001
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.sits.<name>.encapsulation.sourcePort
Source port for encapsulated packets. Will be chosen automatically by the kernel if unset.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Example: 9002
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.sits.<name>.encapsulation.type
Selects encapsulation type. See ip-link(8) for details.
Type: one of "fou", "gue"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.sits.<name>.local
The address of the local endpoint which the remote side should send packets to.
Type: null or string
Default: null
Example: "10.0.0.22"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.sits.<name>.remote
The address of the remote endpoint to forward traffic over.
Type: null or string
Default: null
Example: "10.0.0.1"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.sits.<name>.ttl
The time-to-live of the connection to the remote tunnel endpoint.
Type: null or signed integer
Default: null
Example: 255
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.supplicant
Interfaces for which to start wpa_supplicant. The supplicant is used to scan for and associate with wireless networks, or to authenticate with 802.1x capable network switches.
The value of this option is an attribute set. Each attribute configures a wpa_supplicant service, where the attribute name specifies the name of the interface that wpa_supplicant operates on. The attribute name can be a space separated list of interfaces. The attribute names WLAN, LAN and DBUS have a special meaning. WLAN and LAN are configurations for universal wpa_supplicant service that is started for each WLAN interface or for each LAN interface, respectively. DBUS defines a device-unrelated wpa_supplicant service that can be accessed through D-Bus.
Type: attribute set of submodules
Default: { }
Example:
{ "wlan0 wlan1" = { configFile.path = "/etc/wpa_supplicant.conf"; userControlled.group = "network"; extraConf = '' ap_scan=1 p2p_disabled=1 ''; extraCmdArgs = "-u -W"; bridge = "br0"; }; }Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
- networking.supplicant.<name>.bridge
Name of the bridge interface that wpa_supplicant should listen at.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
- networking.supplicant.<name>.configFile.path
External wpa_supplicant.conf configuration file. The configuration options defined declaratively within networking.supplicant have precedence over options defined in configFile.
Type: null or path
Default: null
Example: /etc/wpa_supplicant.conf
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
- networking.supplicant.<name>.configFile.writable
Whether the configuration file at configFile.path should be written to by wpa_supplicant.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
- networking.supplicant.<name>.driver
Force a specific wpa_supplicant driver.
Type: null or string
Default: "nl80211,wext"
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
- networking.supplicant.<name>.extraCmdArgs
Command line arguments to add when executing wpa_supplicant.
Type: string
Default: ""
Example: "-e/run/wpa_supplicant/entropy.bin"
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
- networking.supplicant.<name>.extraConf
Configuration options for wpa_supplicant.conf. Options defined here have precedence over options in configFile. NOTE: Do not write sensitive data into extraConf as it will be world-readable in the nix-store. For sensitive information use the configFile instead.
Type: strings concatenated with "\n"
Default: ""
Example:
'' ap_scan=1 device_name=My-NixOS-Device device_type=1-0050F204-1 driver_param=use_p2p_group_interface=1 disable_scan_offload=1 p2p_listen_reg_class=81 p2p_listen_channel=1 p2p_oper_reg_class=81 p2p_oper_channel=1 manufacturer=NixOS model_name=NixOS_Unstable model_number=2015 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
- networking.supplicant.<name>.userControlled.enable
Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli. This is useful for laptop users that switch networks a lot and don't want to depend on a large package such as NetworkManager just to pick nearby access points.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
- networking.supplicant.<name>.userControlled.group
Members of this group can control wpa_supplicant.
Type: string
Default: "wheel"
Example: "network"
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
- networking.supplicant.<name>.userControlled.socketDir
Directory of sockets for controlling wpa_supplicant.
Type: string
Default: "/run/wpa_supplicant"
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
- networking.tcpcrypt.enable
Whether to enable opportunistic TCP encryption. If the other end speaks Tcpcrypt, then your traffic will be encrypted; otherwise it will be sent in clear text. Thus, Tcpcrypt alone provides no guarantees -- it is best effort. If, however, a Tcpcrypt connection is successful and any attackers that exist are passive, then Tcpcrypt guarantees privacy.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/tcpcrypt.nix>
- networking.tempAddresses
Whether to enable IPv6 Privacy Extensions for interfaces not configured explicitly in networking.interfaces.<name>.tempAddress.
This sets the ipv6.conf.*.use_tempaddr sysctl for all interfaces. Possible values are:
- "default" to generate IPv6 temporary addresses and use these as source addresses in routing;
- "disabled" to completely disable IPv6 temporary addresses;
- "enabled" to generate IPv6 temporary addresses but still use EUI-64 addresses as source addresses;
Type: one of "default", "disabled", "enabled"
Default: "default"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.timeServers
The set of NTP servers from which to synchronise.
Type: list of strings
Default: [ "0.nixos.pool.ntp.org" "1.nixos.pool.ntp.org" "2.nixos.pool.ntp.org" "3.nixos.pool.ntp.org" ]
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
- networking.ucarp.enable
Whether to enable ucarp, userspace implementation of CARP.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
- networking.ucarp.package
Package that should be used for ucarp.
Please note that the default package, pkgs.ucarp, has not received any upstream updates for a long time and can be considered as unmaintained.
Type: package
Default: pkgs.ucarp
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
- networking.ucarp.addr
Virtual shared IP address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
- networking.ucarp.advBase
Advertisement frequency in seconds.
Type: unsigned integer, meaning >=0
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
- networking.ucarp.advSkew
Advertisement skew in seconds.
Type: unsigned integer, meaning >=0
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
- networking.ucarp.deadratio
Ratio to consider a host as dead.
Type: unsigned integer, meaning >=0
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
- networking.ucarp.downscript
Command to run after become backup, the interface name, virtual address and optional extra parameters are passed as arguments.
Type: path
Example:
pkgs.writeScript "downscript" '' #!/bin/sh ${pkgs.iproute2}/bin/ip addr del "$2"/24 dev "$1" '';Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
- networking.ucarp.extraParam
Extra parameter to pass to the up/down scripts.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
- networking.ucarp.ignoreIfState
Ignore interface state, e.g., down or no carrier.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
- networking.ucarp.interface
Network interface to bind to.
Type: string
Example: "eth0"
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
- networking.ucarp.neutral
Do not run downscript at start if the host is the backup.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
- networking.ucarp.noMcast
Use broadcast instead of multicast advertisements.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
- networking.ucarp.passwordFile
File containing shared password between CARP hosts.
Type: string
Example: "/run/keys/ucarp-password"
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
- networking.ucarp.preempt
Enable preemptive failover. Thus, this host becomes the CARP master as soon as possible.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
- networking.ucarp.shutdown
Call downscript at exit.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
- networking.ucarp.srcIp
Source (real) IP address of this host.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
- networking.ucarp.upscript
Command to run after become master, the interface name, virtual address and optional extra parameters are passed as arguments.
Type: path
Example:
pkgs.writeScript "upscript" '' #!/bin/sh ${pkgs.iproute2}/bin/ip addr add "$2"/24 dev "$1" '';Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
- networking.ucarp.vhId
Virtual IP identifier shared between CARP hosts.
Type: integer between 1 and 255 (both inclusive)
Example: 1
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
- networking.useDHCP
Whether to use DHCP to obtain an IP address and other configuration for all network interfaces that are not manually configured.
Using this option is highly discouraged and also incompatible with networking.useNetworkd. Please use networking.interfaces.<name>.useDHCP instead and set this to false.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.useHostResolvConf
In containers, whether to use the resolv.conf supplied by the host.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.useNetworkd
Whether we should use networkd as the network configuration backend or the legacy script based system. Note that this option is experimental, enable at your own risk.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.usePredictableInterfaceNames
Whether to assign predictable names to network interfaces. If enabled, interfaces are assigned names that contain topology information (e.g. wlp3s0) and thus should be stable across reboots. If disabled, names depend on the order in which interfaces are discovered by the kernel, which may change randomly across reboots; for instance, you may find eth0 and eth1 flipping unpredictably.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
- networking.vlans
This option allows you to define vlan devices that tag packets on top of a physical interface. The value of this option is an attribute set. Each attribute specifies a vlan, with the name specifying the name of the vlan interface.
Type: attribute set of submodules
Default: { }
Example:
{ vlan0 = { id = 3; interface = "enp3s0"; }; vlan1 = { id = 1; interface = "wlan0"; }; }Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.vlans.<name>.id
The vlan identifier
Type: signed integer
Example: 1
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.vlans.<name>.interface
The interface the vlan will transmit packets through.
Type: string
Example: "enp4s0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.vswitches
This option allows you to define Open vSwitches that connect physical networks together. The value of this option is an attribute set. Each attribute specifies a vswitch, with the attribute name specifying the name of the vswitch's network interface.
Type: attribute set of submodules
Default: { }
Example: { vs0 = { interfaces = { eth0 = { } ; lo1 = { type = "internal"; } ; } ; } ; vs1 = { interfaces = [ { name = "eth2"; } { name = "lo2"; type = "internal"; } ] ; } ; }
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.vswitches.<name>.controllers
Specify the controller targets. For the allowed options see man 8 ovs-vsctl.
Type: list of strings
Default: [ ]
Example: [ "ptcp:6653:[::1]" ]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.vswitches.<name>.extraOvsctlCmds
Commands to manipulate the Open vSwitch database. Every line executed with ovs-vsctl. All commands are bundled together with the operations for adding the interfaces into one atomic operation.
Type: strings concatenated with "\n"
Default: ""
Example:
'' set-fail-mode <switch_name> secure set Bridge <switch_name> stp_enable=true ''
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.vswitches.<name>.interfaces
The physical network interfaces connected by the vSwitch.
Type: attribute set of submodules
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.vswitches.<name>.interfaces.<name>.name
Name of the interface
Type: string
Example: "eth0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.vswitches.<name>.interfaces.<name>.type
Openvswitch type to assign to interface
Type: null or string
Default: null
Example: "internal"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.vswitches.<name>.interfaces.<name>.vlan
Vlan tag to apply to interface
Type: null or signed integer
Default: null
Example: 10
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.vswitches.<name>.openFlowRules
OpenFlow rules to insert into the Open vSwitch. All openFlowRules are loaded with ovs-ofctl within one atomic operation.
Type: strings concatenated with "\n"
Default: ""
Example:
'' actions=normal ''
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.vswitches.<name>.openFlowVersion
Version of OpenFlow protocol to use when communicating with the switch internally (e.g. with openFlowRules).
Type: string
Default: "OpenFlow13"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.vswitches.<name>.supportedOpenFlowVersions
Supported versions to enable on this switch.
Type: list of strings
Default: [ "OpenFlow13" ]
Example: [ "OpenFlow10" "OpenFlow13" "OpenFlow14" ]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.wg-quick.interfaces
Wireguard interfaces.
Type: attribute set of submodules
Default: { }
Example: { wg0 = { address = [ "192.168.20.4/24" ] ; peers = [ { allowedIPs = [ "192.168.20.1/32" ] ; endpoint = "demo.wireguard.io:12913"; publicKey = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg="; } ] ; privateKey = "yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk="; } ; }
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
- networking.wg-quick.interfaces.<name>.address
The IP addresses of the interface.
Type: list of strings
Default: [ ]
Example: [ "192.168.2.1/24" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
- networking.wg-quick.interfaces.<name>.dns
The IP addresses of DNS servers to configure.
Type: list of strings
Default: [ ]
Example: [ "192.168.2.2" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
networking.wg-quick.interfaces.<name>.listenPort
16-bit port for listening. Optional; if not specified, automatically generated based on interface name.
Type: null or signed integer
Default: null
Example: 51820
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
- networking.wg-quick.interfaces.<name>.mtu
If not specified, the MTU is automatically determined from the endpoint addresses or the system default route, which is usually a sane choice. However, to manually specify an MTU to override this automatic discovery, this value may be specified explicitly.
Type: null or signed integer
Default: null
Example: 1248
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
- networking.wg-quick.interfaces.<name>.peers
Peers linked to the interface.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
- networking.wg-quick.interfaces.<name>.peers.*.allowedIPs
List of IP (v4 or v6) addresses with CIDR masks from which this peer is allowed to send incoming traffic and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
Type: list of strings
Example: [ "10.192.122.3/32" "10.192.124.1/24" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
- networking.wg-quick.interfaces.<name>.peers.*.endpoint
Endpoint IP or hostname of the peer, followed by a colon, and then a port number of the peer.
Type: null or string
Default: null
Example: "demo.wireguard.io:12913"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
- networking.wg-quick.interfaces.<name>.peers.*.persistentKeepalive
This is optional and is by default off, because most users will not need it. It represents, in seconds, between 1 and 65535 inclusive, how often to send an authenticated empty packet to the peer, for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds; however, most users will not need this.
Type: null or signed integer
Default: null
Example: 25
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
- networking.wg-quick.interfaces.<name>.peers.*.presharedKey
Base64 preshared key generated by wg genpsk. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
Warning: Consider using presharedKeyFile instead if you do not want to store the key in the world-readable Nix store.
Type: null or string
Default: null
Example: "rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I="
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
- networking.wg-quick.interfaces.<name>.peers.*.presharedKeyFile
File pointing to preshared key as generated by wg genpsk. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
Type: null or string
Default: null
Example: "/private/wireguard_psk"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
- networking.wg-quick.interfaces.<name>.peers.*.publicKey
The base64 public key to the peer.
Type: string
Example: "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg="
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
- networking.wg-quick.interfaces.<name>.postDown
Command called after the interface is taken down.
Type: strings concatenated with "\n" or list of strings convertible to it
Default: ""
Example: "${pkgs.iproute2}/bin/ip netns del foo"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
- networking.wg-quick.interfaces.<name>.postUp
Commands called after the interface setup.
Type: strings concatenated with "\n" or list of strings convertible to it
Default: ""
Example: "${pkgs.iproute2}/bin/ip netns add foo"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
- networking.wg-quick.interfaces.<name>.preDown
Command called before the interface is taken down.
Type: strings concatenated with "\n" or list of strings convertible to it
Default: ""
Example: "${pkgs.iproute2}/bin/ip netns del foo"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
- networking.wg-quick.interfaces.<name>.preUp
Commands called at the start of the interface setup.
Type: strings concatenated with "\n" or list of strings convertible to it
Default: ""
Example: "${pkgs.iproute2}/bin/ip netns add foo"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
- networking.wg-quick.interfaces.<name>.privateKey
Base64 private key generated by wg genkey.
Warning: Consider using privateKeyFile instead if you do not want to store the key in the world-readable Nix store.
Type: null or string
Default: null
Example: "yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk="
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
- networking.wg-quick.interfaces.<name>.privateKeyFile
Private key file as generated by wg genkey.
Type: null or string
Default: null
Example: "/private/wireguard_key"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
- networking.wg-quick.interfaces.<name>.table
The kernel routing table to add this interface's associated routes to. Setting this is useful for e.g. policy routing ("ip rule") or virtual routing and forwarding ("ip vrf"). Both numeric table IDs and table names (/etc/rt_tables) can be used. Defaults to "main".
Type: null or string
Default: null
Example: "main"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
- networking.wireguard.enable
Whether to enable WireGuard.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
- networking.wireguard.interfaces
WireGuard interfaces.
Type: attribute set of submodules
Default: { }
Example: { wg0 = { ips = [ "192.168.20.4/24" ] ; peers = [ { allowedIPs = [ "192.168.20.1/32" ] ; endpoint = "demo.wireguard.io:12913"; publicKey = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg="; } ] ; privateKey = "yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk="; } ; }
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
- networking.wireguard.interfaces.<name>.allowedIPsAsRoutes
Determines whether to add allowed IPs as routes or not.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
- networking.wireguard.interfaces.<name>.generatePrivateKeyFile
Automatically generate a private key with wg genkey, at the privateKeyFile location.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
- networking.wireguard.interfaces.<name>.interfaceNamespace
The pre-existing network namespace the WireGuard interface is moved to. The special value init means the init namespace. When null, the interface is not moved. See documentation.
Type: null or string
Default: null
Example: "init"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
- networking.wireguard.interfaces.<name>.ips
The IP addresses of the interface.
Type: list of strings
Default: [ ]
Example: [ "192.168.2.1/24" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
networking.wireguard.interfaces.<name>.listenPort
16-bit port for listening. Optional; if not specified, automatically generated based on interface name.
Type: null or signed integer
Default: null
Example: 51820
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
- networking.wireguard.interfaces.<name>.peers
Peers linked to the interface.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
- networking.wireguard.interfaces.<name>.peers.*.allowedIPs
List of IP (v4 or v6) addresses with CIDR masks from which this peer is allowed to send incoming traffic and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
Type: list of strings
Example: [ "10.192.122.3/32" "10.192.124.1/24" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
- networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshSeconds
Periodically re-execute the wg utility every this many seconds in order to let WireGuard notice DNS / hostname changes.
Setting this to 0 disables periodic reexecution.
Type: signed integer
Default: 0
Example: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
- networking.wireguard.interfaces.<name>.peers.*.endpoint
Endpoint IP or hostname of the peer, followed by a colon, and then a port number of the peer.
Warning for endpoints with changing IPs: The WireGuard kernel side cannot perform DNS resolution. Thus DNS resolution is done once by the wg userspace utility, when setting up WireGuard. Consequently, if the IP address behind the name changes, WireGuard will not notice. This is especially common for dynamic-DNS setups, but also applies to any other DNS-based setup. If you do not use IP endpoints, you likely want to set networking.wireguard.dynamicEndpointRefreshSeconds to refresh the IPs periodically.
Type: null or string
Default: null
Example: "demo.wireguard.io:12913"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
- networking.wireguard.interfaces.<name>.peers.*.persistentKeepalive
This is optional and is by default off, because most users will not need it. It represents, in seconds, between 1 and 65535 inclusive, how often to send an authenticated empty packet to the peer, for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds; however, most users will not need this.
Type: null or signed integer
Default: null
Example: 25
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
- networking.wireguard.interfaces.<name>.peers.*.presharedKey
Base64 preshared key generated by wg genpsk. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
Warning: Consider using presharedKeyFile instead if you do not want to store the key in the world-readable Nix store.
Type: null or string
Default: null
Example: "rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I="
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
- networking.wireguard.interfaces.<name>.peers.*.presharedKeyFile
File pointing to preshared key as generated by wg genpsk. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
Type: null or string
Default: null
Example: "/private/wireguard_psk"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
- networking.wireguard.interfaces.<name>.peers.*.publicKey
The base64 public key of the peer.
Type: string
Example: "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg="
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
- networking.wireguard.interfaces.<name>.postSetup
Commands called at the end of the interface setup.
Type: strings concatenated with "\n" or list of strings convertible to it
Default: ""
Example:
''printf "nameserver 10.200.100.1" | ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0''Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
- networking.wireguard.interfaces.<name>.postShutdown
Commands called after shutting down the interface.
Type: strings concatenated with "\n" or list of strings convertible to it
Default: ""
Example: "${pkgs.openresolv}/bin/resolvconf -d wg0"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
- networking.wireguard.interfaces.<name>.preSetup
Commands called at the start of the interface setup.
Type: strings concatenated with "\n" or list of strings convertible to it
Default: ""
Example: "${pkgs.iproute2}/bin/ip netns add foo"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
- networking.wireguard.interfaces.<name>.privateKey
Base64 private key generated by wg genkey.
Warning: Consider using privateKeyFile instead if you do not want to store the key in the world-readable Nix store.
Type: null or string
Default: null
Example: "yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk="
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
- networking.wireguard.interfaces.<name>.privateKeyFile
Private key file as generated by wg genkey.
Type: null or string
Default: null
Example: "/private/wireguard_key"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
- networking.wireguard.interfaces.<name>.socketNamespace
The pre-existing network namespace in which the WireGuard interface is created, and which retains the socket even if the interface is moved via interfaceNamespace. When null, the interface is created in the init namespace. See documentation.
Type: null or string
Default: null
Example: "container"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
- networking.wireguard.interfaces.<name>.table
The kernel routing table to add this interface's associated routes to. Setting this is useful for e.g. policy routing ("ip rule") or virtual routing and forwarding ("ip vrf"). Both numeric table IDs and table names (/etc/rt_tables) can be used. Defaults to "main".
Type: string
Default: "main"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
- networking.wireless.enable
Whether to enable wpa_supplicant.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
- networking.wireless.allowAuxiliaryImperativeNetworks
Whether to allow configuring networks "imperatively" (e.g. via wpa_supplicant_gui) and declaratively via networking.wireless.networks.
Please note that this adds a custom patch to wpa_supplicant.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
- networking.wireless.athUserRegulatoryDomain
If enabled, sets the ATH_USER_REGD kernel config switch to true to disable the enforcement of EEPROM regulatory restrictions for ath drivers. Requires at least Linux 5.8.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/network/ath-user-regd.nix>
- networking.wireless.dbusControlled
Whether to enable the DBus control interface. This is only needed when using NetworkManager or connman.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
- networking.wireless.driver
Force a specific wpa_supplicant driver.
Type: string
Default: "nl80211,wext"
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
- networking.wireless.environmentFile
File consisting of lines of the form varname=value to define variables for the wireless configuration.
See section "EnvironmentFile=" in systemd.exec(5) for a syntax reference.
Secrets (PSKs, passwords, etc.) can be provided without adding them to the world-readable Nix store by defining them in the environment file and referring to them in option networking.wireless.networks with the syntax @varname@. Example:
# content of /run/secrets/wireless.env PSK_HOME=mypassword PASS_WORK=myworkpassword
# wireless-related configuration networking.wireless.environmentFile = "/run/secrets/wireless.env"; networking.wireless.networks = { home.psk = "@PSK_HOME@"; work.auth = '' eap=PEAP identity="my-user@example.com" password="@PASS_WORK@" ''; };Type: null or path
Default: null
Example: "/run/secrets/wireless.env"
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
- networking.wireless.extraConfig
Extra lines appended to the configuration file. See wpa_supplicant.conf(5) for available options.
Type: string
Default: ""
Example:
'' p2p_disabled=1 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
- networking.wireless.fallbackToWPA2
Whether to fall back to WPA2 authentication protocols if WPA3 failed. This allows old wireless cards (that lack recent features required by WPA3) to connect to mixed WPA2/WPA3 access points.
To avoid possible downgrade attacks, disable this options.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
- networking.wireless.interfaces
The interfaces wpa_supplicant will use. If empty, it will automatically use all wireless interfaces.
Note
A separate wpa_supplicant instance will be started for each interface.Type: list of strings
Default: [ ]
Example: [ "wlan0" "wlan1" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
- networking.wireless.iwd.enable
Whether to enable iwd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/iwd.nix>
- networking.wireless.iwd.settings
Options passed to iwd. See here for supported options.
Type: attribute set of attribute set of INI atom (null, bool, int, float or string)ss
Default: { }
Example: { Network = { EnableIPv6 = true; RoutePriorityOffset = 300; } ; Settings = { AutoConnect = true; } ; }
Declared by:
<nixpkgs/nixos/modules/services/networking/iwd.nix>
- networking.wireless.networks
The network definitions to automatically connect to when wpa_supplicant is running. If this parameter is left empty wpa_supplicant will use /etc/wpa_supplicant.conf as the configuration file.
Type: attribute set of submodules
Default: { }
Example:
{ echelon = { # SSID with no spaces or special characters psk = "abcdefgh"; # (password will be written to /nix/store!) }; echelon = { # safe version of the above: read PSK from the psk = "@PSK_ECHELON@"; # variable PSK_ECHELON, defined in environmentFile, }; # this won't leak into /nix/store "echelon's AP" = { # SSID with spaces and/or special characters psk = "ijklmnop"; # (password will be written to /nix/store!) }; "free.wifi" = {}; # Public wireless network }Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
- networking.wireless.networks.<name>.auth
Use this option to configure advanced authentication methods like EAP. See wpa_supplicant.conf(5) for example configurations.
Warning
Be aware that this will be written to the nix store in plaintext! Use an environment variable for secrets.Note
Mutually exclusive with psk and pskRaw.Type: null or string
Default: null
Example:
'' eap=PEAP identity="user@example.com" password="@EXAMPLE_PASSWORD@" ''
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
- networking.wireless.networks.<name>.authProtocols
The list of authentication protocols accepted by this network. This corresponds to the key_mgmt option in wpa_supplicant.
Type: list of one of "WPA-PSK", "WPA-EAP", "IEEE8021X", "NONE", "WPA-NONE", "FT-PSK", "FT-EAP", "FT-EAP-SHA384", "WPA-PSK-SHA256", "WPA-EAP-SHA256", "SAE", "FT-SAE", "WPA-EAP-SUITE-B", "WPA-EAP-SUITE-B-192", "OSEN", "FILS-SHA256", "FILS-SHA384", "FT-FILS-SHA256", "FT-FILS-SHA384", "OWE", "DPP"s
Default: [ "WPA-PSK" "WPA-EAP" "SAE" "FT-PSK" "FT-EAP" "FT-SAE" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
- networking.wireless.networks.<name>.extraConfig
Extra configuration lines appended to the network block. See wpa_supplicant.conf(5) for available options.
Type: string
Default: ""
Example:
'' bssid_blacklist=02:11:22:33:44:55 02:22:aa:44:55:66 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
- networking.wireless.networks.<name>.hidden
Set this to true if the SSID of the network is hidden.
Type: boolean
Default: false
Example:
{ echelon = { hidden = true; psk = "abcdefgh"; }; }Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
- networking.wireless.networks.<name>.priority
By default, all networks will get same priority group (0). If some of the networks are more desirable, this field can be used to change the order in which wpa_supplicant goes through the networks when selecting a BSS. The priority groups will be iterated in decreasing priority (i.e., the larger the priority value, the sooner the network is matched against the scan results). Within each priority group, networks will be selected based on security policy, signal strength, etc.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
- networking.wireless.networks.<name>.psk
The network's pre-shared key in plaintext defaulting to being a network without any authentication.
Warning
Be aware that this will be written to the nix store in plaintext! Use an environment variable instead.Note
Mutually exclusive with pskRaw.Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
- networking.wireless.networks.<name>.pskRaw
The network's pre-shared key in hex defaulting to being a network without any authentication.
Warning
Be aware that this will be written to the nix store in plaintext! Use an environment variable instead.Note
Mutually exclusive with psk.Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
- networking.wireless.scanOnLowSignal
Whether to periodically scan for (better) networks when the signal of the current one is low. This will make roaming between access points faster, but will consume more power.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
- networking.wireless.userControlled.enable
Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli. This is useful for laptop users that switch networks a lot and don't want to depend on a large package such as NetworkManager just to pick nearby access points.
When using a declarative network specification you cannot persist any settings via wpa_gui or wpa_cli.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
- networking.wireless.userControlled.group
Members of this group can control wpa_supplicant.
Type: string
Default: "wheel"
Example: "network"
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
- networking.wlanInterfaces
Creating multiple WLAN interfaces on top of one physical WLAN device (NIC).
The name of the WLAN interface corresponds to the name of the attribute. A NIC is referenced by the persistent device name of the WLAN interface that udev assigns to a NIC by default. If a NIC supports multiple WLAN interfaces, then the one NIC can be used as device for multiple WLAN interfaces. If a NIC is used for creating WLAN interfaces, then the default WLAN interface with a persistent device name form udev is not created. A WLAN interface with the persistent name assigned from udev would have to be created explicitly.
Type: attribute set of submodules
Default: { }
Example:
{ wlan-station0 = { device = "wlp6s0"; }; wlan-adhoc0 = { type = "ibss"; device = "wlp6s0"; mac = "02:00:00:00:00:01"; }; wlan-p2p0 = { device = "wlp6s0"; mac = "02:00:00:00:00:02"; }; wlan-ap0 = { device = "wlp6s0"; mac = "02:00:00:00:00:03"; }; }Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.wlanInterfaces.<name>.device
The name of the underlying hardware WLAN device as assigned by udev.
Type: string
Example: "wlp6s0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.wlanInterfaces.<name>.flags
Flags for interface of type monitor.
Type: null or one of "none", "fcsfail", "control", "otherbss", "cook", "active"
Default: null
Example: "control"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.wlanInterfaces.<name>.fourAddr
Whether to enable 4-address mode with type managed.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.wlanInterfaces.<name>.mac
MAC address to use for the device. If null, then the MAC of the underlying hardware WLAN device is used.
INFO: Locally administered MAC addresses are of the form:
- x2:xx:xx:xx:xx:xx
- x6:xx:xx:xx:xx:xx
- xA:xx:xx:xx:xx:xx
- xE:xx:xx:xx:xx:xx
Type: null or string
Default: null
Example: "02:00:00:00:00:01"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.wlanInterfaces.<name>.meshID
MeshID of interface with type mesh.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- networking.wlanInterfaces.<name>.type
The type of the WLAN interface. The type has to be supported by the underlying hardware of the device.
Type: one of "managed", "ibss", "monitor", "mesh", "wds"
Default: "managed"
Example: "ibss"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
- nix.enable
Whether to enable Nix. Disabling Nix makes the system hard to modify and the Nix programs and configuration will not be made available by NixOS itself.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.package
This option specifies the Nix package instance to use throughout the system.
Type: package
Default: pkgs.nix
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.allowedUsers
A list of names of users (separated by whitespace) that are allowed to connect to the Nix daemon. As with nix.trustedUsers, you can specify groups by prefixing them with @. Also, you can allow all users by specifying *. The default is *. Note that trusted users are always allowed to connect.
Type: list of strings
Default: [ "*" ]
Example: [ "@wheel" "@builders" "alice" "bob" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.autoOptimiseStore
If set to true, Nix automatically detects files in the store that have identical contents, and replaces them with hard links to a single copy. This saves disk space. If set to false (the default), you can still run nix-store --optimise to get rid of duplicate files.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.binaryCachePublicKeys
List of public keys used to sign binary caches. If nix.requireSignedBinaryCaches is enabled, then Nix will use a binary from a binary cache if and only if it is signed by any of the keys listed here. By default, only the key for cache.nixos.org is included.
Type: list of strings
Example: [ "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.binaryCaches
List of binary cache URLs used to obtain pre-built binaries of Nix packages.
By default https://cache.nixos.org/ is added, to override it use lib.mkForce [].
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.buildCores
This option defines the maximum number of concurrent tasks during one build. It affects, e.g., -j option for make. The special value 0 means that the builder should use all available CPU cores in the system. Some builds may become non-deterministic with this option; use with care! Packages will only be affected if enableParallelBuilding is set for them.
Type: signed integer
Default: 0
Example: 64
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.buildMachines
This option lists the machines to be used if distributed builds are enabled (see nix.distributedBuilds). Nix will perform derivations on those machines via SSH by copying the inputs to the Nix store on the remote machine, starting the build, then copying the output back to the local Nix store.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.buildMachines.*.hostName
The hostname of the build machine.
Type: string
Example: "nixbuilder.example.org"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.buildMachines.*.mandatoryFeatures
A list of features mandatory for this builder. The builder will be ignored for derivations that don't require all features in this list. All mandatory features are automatically included in supportedFeatures.
Type: list of strings
Default: [ ]
Example: [ "big-parallel" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.buildMachines.*.maxJobs
The number of concurrent jobs the build machine supports. The build machine will enforce its own limits, but this allows hydra to schedule better since there is no work-stealing between build machines.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.buildMachines.*.speedFactor
The relative speed of this builder. This is an arbitrary integer that indicates the speed of this builder, relative to other builders. Higher is faster.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.buildMachines.*.sshKey
The path to the SSH private key with which to authenticate on the build machine. The private key must not have a passphrase. If null, the building user (root on NixOS machines) must have an appropriate ssh configuration to log in non-interactively.
Note that for security reasons, this path must point to a file in the local filesystem, *not* to the nix store.
Type: null or string
Default: null
Example: "/root/.ssh/id_buildhost_builduser"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.buildMachines.*.sshUser
The username to log in as on the remote host. This user must be able to log in and run nix commands non-interactively. It must also be privileged to build derivations, so must be included in nix.trustedUsers.
Type: null or string
Default: null
Example: "builder"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.buildMachines.*.supportedFeatures
A list of features supported by this builder. The builder will be ignored for derivations that require features not in this list.
Type: list of strings
Default: [ ]
Example: [ "kvm" "big-parallel" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.buildMachines.*.system
The system type the build machine can execute derivations on. Either this attribute or systems must be present, where system takes precedence if both are set.
Type: null or string
Default: null
Example: "x86_64-linux"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.buildMachines.*.systems
The system types the build machine can execute derivations on. Either this attribute or system must be present, where system takes precedence if both are set.
Type: list of strings
Default: [ ]
Example: [ "x86_64-linux" "aarch64-linux" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.checkConfig
If enabled (the default), checks that Nix can parse the generated nix.conf.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.daemonCPUSchedPolicy
Nix daemon process CPU scheduling policy. This policy propagates to build processes. other is the default scheduling policy for regular tasks. The batch policy is similar to other, but optimised for non-interactive tasks. idle is for extremely low-priority tasks that should only be run when no other task requires CPU time.
Please note that while using the idle policy may greatly improve responsiveness of a system performing expensive builds, it may also slow down and potentially starve crucial configuration updates during load.
Type: one of "other", "batch", "idle"
Default: "other"
Example: "batch"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.daemonIOSchedClass
Nix daemon process I/O scheduling class. This class propagates to build processes. best-effort is the default class for regular tasks. The idle class is for extremely low-priority tasks that should only perform I/O when no other task does.
Please note that while using the idle scheduling class can improve responsiveness of a system performing expensive builds, it might also slow down or starve crucial configuration updates during load.
Type: one of "best-effort", "idle"
Default: "best-effort"
Example: "idle"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.daemonIOSchedPriority
Nix daemon process I/O scheduling priority. This priority propagates to build processes. The supported priorities depend on the scheduling policy: With idle, priorities are not used in scheduling decisions. best-effort supports values in the range 0 (high) to 7 (low).
Type: signed integer
Default: 0
Example: 1
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.distributedBuilds
Whether to distribute builds to the machines listed in nix.buildMachines.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.extraOptions
Additional text appended to nix.conf.
Type: strings concatenated with "\n"
Default: ""
Example:
'' keep-outputs = true keep-derivations = true ''
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.gc.automatic
Automatically run the garbage collector at a specific time.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
- nix.gc.dates
How often or when garbage collection is performed. For most desktop and server systems a sufficient garbage collection is once a week.
The format is described in systemd.time(7).
Type: string
Default: "03:15"
Example: "weekly"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
- nix.gc.options
Options given to nix-collect-garbage when the garbage collector is run automatically.
Type: string
Default: ""
Example: "--max-freed $((64 * 1024**3))"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
- nix.gc.persistent
Takes a boolean argument. If true, the time when the service unit was last triggered is stored on disk. When the timer is activated, the service unit is triggered immediately if it would have been triggered at least once during the time when the timer was inactive. Such triggering is nonetheless subject to the delay imposed by RandomizedDelaySec=. This is useful to catch up on missed runs of the service when the system was powered down.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
- nix.gc.randomizedDelaySec
Add a randomized delay before each automatic upgrade. The delay will be chosen between zero and this value. This value must be a time span in the format specified by systemd.time(7)
Type: string
Default: "0"
Example: "45min"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
- nix.maxJobs
This option defines the maximum number of jobs that Nix will try to build in parallel. The default is auto, which means it will use all available logical cores. It is recommend to set it to the total number of logical cores in your system (e.g., 16 for two CPUs with 4 cores each and hyper-threading).
Type: signed integer or value "auto" (singular enum)
Default: "auto"
Example: 64
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.nixPath
The default Nix expression search path, used by the Nix evaluator to look up paths enclosed in angle brackets (e.g. <nixpkgs>).
Type: list of strings
Default: [ "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos" "nixos-config=/etc/nixos/configuration.nix" "/nix/var/nix/profiles/per-user/root/channels" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.nrBuildUsers
Number of nixbld user accounts created to perform secure concurrent builds. If you receive an error message saying that “all build users are currently in use”, you should increase this value.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.optimise.automatic
Automatically run the nix store optimiser at a specific time.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-optimise.nix>
- nix.optimise.dates
Specification (in the format described by systemd.time(7)) of the time at which the optimiser will run.
Type: list of strings
Default: [ "03:45" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-optimise.nix>
- nix.readOnlyStore
If set, NixOS will enforce the immutability of the Nix store by making /nix/store a read-only bind mount. Nix will automatically make the store writable when needed.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.registry
A system-wide flake registry.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.registry.<name>.exact
Whether the from reference needs to match exactly. If set, a from reference like nixpkgs does not match with a reference like nixpkgs/nixos-20.03.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.registry.<name>.flake
The flake input to which from> is to be rewritten.
Type: null or attribute set
Default: null
Example: nixpkgs
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.registry.<name>.from
The flake reference to be rewritten.
Type: attribute set of string or signed integer or boolean or packages
Example: { id = "nixpkgs"; type = "indirect"; }
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.registry.<name>.to
The flake reference to which from> is to be rewritten.
Type: attribute set of string or signed integer or boolean or packages
Example: { owner = "my-org"; repo = "my-nixpkgs"; type = "github"; }
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.requireSignedBinaryCaches
If enabled (the default), Nix will only download binaries from binary caches if they are cryptographically signed with any of the keys listed in nix.binaryCachePublicKeys. If disabled, signatures are neither required nor checked, so it's strongly recommended that you use only trustworthy caches and https to prevent man-in-the-middle attacks.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.sandboxPaths
Directories from the host filesystem to be included in the sandbox.
Type: list of strings
Default: [ ]
Example: [ "/dev" "/proc" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.sshServe.enable
Whether to enable serving the Nix store as a remote store via SSH.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-ssh-serve.nix>
- nix.sshServe.keys
A list of SSH public keys allowed to access the binary cache via SSH.
Type: list of strings
Default: [ ]
Example: [ "ssh-dss AAAAB3NzaC1k... alice@example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-ssh-serve.nix>
- nix.sshServe.protocol
The specific Nix-over-SSH protocol to use.
Type: one of "ssh", "ssh-ng"
Default: "ssh"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-ssh-serve.nix>
- nix.sshServe.write
Whether to enable writing to the Nix store as a remote store via SSH. Note: the sshServe user is named nix-ssh and is not a trusted-user. nix-ssh should be added to the nix.trustedUsers option in most use cases, such as allowing remote building of derivations.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-ssh-serve.nix>
- nix.systemFeatures
The supported features of a machine
Type: list of strings
Example: [ "kvm" "big-parallel" "gccarch-skylake" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.trustedBinaryCaches
List of binary cache URLs that non-root users can use (in addition to those specified using nix.binaryCaches) by passing --option binary-caches to Nix commands.
Type: list of strings
Default: [ ]
Example: [ "https://hydra.nixos.org/" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.trustedUsers
A list of names of users that have additional rights when connecting to the Nix daemon, such as the ability to specify additional binary caches, or to import unsigned NARs. You can also specify groups by prefixing them with @; for instance, @wheel means all users in the wheel group.
Type: list of strings
Default: [ "root" ]
Example: [ "root" "alice" "@wheel" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nix.useSandbox
If set, Nix will perform builds in a sandboxed environment that it will set up automatically for each build. This prevents impurities in builds by disallowing access to dependencies outside of the Nix store by using network and mount namespaces in a chroot environment. This is enabled by default even though it has a possible performance impact due to the initial setup time of a sandbox for each build. It doesn't affect derivation hashes, so changing this option will not trigger a rebuild of packages.
Type: boolean or value "relaxed" (singular enum)
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
- nixops.enableDeprecatedAutoLuks
Whether to enable Enable the deprecated NixOps AutoLuks module.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/misc/nixops-autoluks.nix>
- nixpkgs.config
The configuration of the Nix Packages collection. (For details, see the Nixpkgs documentation.) It allows you to set package configuration options.
Ignored when nixpkgs.pkgs is set.
Type: nixpkgs config
Default: { }
Example:
{ allowBroken = true; allowUnfree = true; }Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
- nixpkgs.crossSystem
Specifies the platform for which NixOS should be built. Specify this only if it is different from nixpkgs.localSystem, the platform on which NixOS should be built. In other words, specify this to cross-compile NixOS. Otherwise it should be set as null, the default. See its description in the Nixpkgs manual for more details.
Ignored when nixpkgs.pkgs is set.
Type: null or attribute set
Default: null
Example: { config = "aarch64-unknown-linux-gnu"; system = "aarch64-linux"; }
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
- nixpkgs.localSystem
Specifies the platform on which NixOS should be built. When nixpkgs.crossSystem is unset, it also specifies the platform for which NixOS should be built. If this option is unset, it defaults to the platform type of the machine where evaluation happens. Specifying this option is useful when doing distributed multi-platform deployment, or when building virtual machines. See its description in the Nixpkgs manual for more details.
Ignored when nixpkgs.pkgs is set.
Type: attribute set
Default: (import "${nixos}/../lib").lib.systems.examples.aarch64-multiplatform
Example: { config = "aarch64-unknown-linux-gnu"; system = "aarch64-linux"; }
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
- nixpkgs.overlays
List of overlays to use with the Nix Packages collection. (For details, see the Nixpkgs documentation.) It allows you to override packages globally. Each function in the list takes as an argument the original Nixpkgs. The first argument should be used for finding dependencies, and the second should be used for overriding recipes.
If nixpkgs.pkgs is set, overlays specified here will be applied after the overlays that were already present in nixpkgs.pkgs.
Type: list of nixpkgs overlays
Default: [ ]
Example:
[ (self: super: { openssh = super.openssh.override { hpnSupport = true; kerberos = self.libkrb5; }; }) ]Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
- nixpkgs.pkgs
If set, the pkgs argument to all NixOS modules is the value of this option, extended with nixpkgs.overlays, if that is also set. Either nixpkgs.crossSystem or nixpkgs.localSystem will be used in an assertion to check that the NixOS and Nixpkgs architectures match. Any other options in nixpkgs.*, notably config, will be ignored.
If unset, the pkgs argument to all NixOS modules is determined as shown in the default value for this option.
The default value imports the Nixpkgs source files relative to the location of this NixOS module, because NixOS and Nixpkgs are distributed together for consistency, so the nixos in the default value is in fact a relative path. The config, overlays, localSystem, and crossSystem come from this option's siblings.
This option can be used by applications like NixOps to increase the performance of evaluation, or to create packages that depend on a container that should be built with the exact same evaluation of Nixpkgs, for example. Applications like this should set their default value using lib.mkDefault, so user-provided configuration can override it without using lib.
Note that using a distinct version of Nixpkgs with NixOS may be an unexpected source of problems. Use this option with care.
Type: An evaluation of Nixpkgs; the top level attribute set of packages
Default:
import "${nixos}/.." { inherit (cfg) config overlays localSystem crossSystem; }Example: import <nixpkgs> {}
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
- nixpkgs.system
Specifies the Nix platform type on which NixOS should be built. It is better to specify nixpkgs.localSystem instead.
{ nixpkgs.system = ..; }is the same as
{ nixpkgs.localSystem.system = ..; }See nixpkgs.localSystem for more information.
Ignored when nixpkgs.localSystem is set. Ignored when nixpkgs.pkgs is set.
Type: string
Example: "i686-linux"
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
- power.ups.enable
Enables support for Power Devices, such as Uninterruptible Power Supplies, Power Distribution Units and Solar Controllers.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
- power.ups.maxStartDelay
This can be set as a global variable above your first UPS definition and it can also be set in a UPS section. This value controls how long upsdrvctl will wait for the driver to finish starting. This keeps your system from getting stuck due to a broken driver or UPS.
Type: signed integer
Default: 45
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
- power.ups.mode
The MODE determines which part of the NUT is to be started, and which configuration files must be modified.
The values of MODE can be:
- none: NUT is not configured, or use the Integrated Power Management, or use some external system to startup NUT components. So nothing is to be started.
- standalone: This mode address a local only configuration, with 1 UPS protecting the local system. This implies to start the 3 NUT layers (driver, upsd and upsmon) and the matching configuration files. This mode can also address UPS redundancy.
- netserver: same as for the standalone configuration, but also need some more ACLs and possibly a specific LISTEN directive in upsd.conf. Since this MODE is opened to the network, a special care should be applied to security concerns.
- netclient: this mode only requires upsmon.
Type: string
Default: "standalone"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
- power.ups.schedulerRules
File which contains the rules to handle UPS events.
Type: string
Example: "/etc/nixos/upssched.conf"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
- power.ups.ups
This is where you configure all the UPSes that this system will be monitoring directly. These are usually attached to serial ports, but USB devices are also supported.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
- power.ups.ups.<name>.description
Description of the UPS.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
- power.ups.ups.<name>.directives
List of configuration directives for this UPS.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
- power.ups.ups.<name>.driver
Specify the program to run to talk to this UPS. apcsmart, bestups, and sec are some examples.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
- power.ups.ups.<name>.maxStartDelay
This can be set as a global variable above your first UPS definition and it can also be set in a UPS section. This value controls how long upsdrvctl will wait for the driver to finish starting. This keeps your system from getting stuck due to a broken driver or UPS.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
- power.ups.ups.<name>.port
The serial port to which your UPS is connected. /dev/ttyS0 is usually the first port on Linux boxes, for example.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
- power.ups.ups.<name>.shutdownOrder
When you have multiple UPSes on your system, you usually need to turn them off in a certain order. upsdrvctl shuts down all the 0s, then the 1s, 2s, and so on. To exclude a UPS from the shutdown sequence, set this to -1.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
- power.ups.ups.<name>.summary
Lines which would be added inside ups.conf for handling this UPS.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
- powerManagement.enable
Whether to enable power management. This includes support for suspend-to-RAM and powersave features on laptops.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/power-management.nix>
- powerManagement.cpuFreqGovernor
Configure the governor used to regulate the frequency of the available CPUs. By default, the kernel configures the performance governor, although this may be overwritten in your hardware-configuration.nix file.
Often used values: "ondemand", "powersave", "performance"
Type: null or string
Default: null
Example: "ondemand"
Declared by:
<nixpkgs/nixos/modules/tasks/cpu-freq.nix>
- powerManagement.cpufreq.max
The maximum frequency the CPU will use. Defaults to the maximum possible.
Type: null or unsigned integer, meaning >=0
Default: null
Example: 2200000
Declared by:
<nixpkgs/nixos/modules/tasks/cpu-freq.nix>
- powerManagement.cpufreq.min
The minimum frequency the CPU will use.
Type: null or unsigned integer, meaning >=0
Default: null
Example: 800000
Declared by:
<nixpkgs/nixos/modules/tasks/cpu-freq.nix>
- powerManagement.powerDownCommands
Commands executed when the machine powers down. That is, they're executed both when the system shuts down and when it goes to suspend or hibernation.
Type: strings concatenated with "\n"
Default: ""
Example:
"${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda"Declared by:
<nixpkgs/nixos/modules/config/power-management.nix>
- powerManagement.powerUpCommands
Commands executed when the machine powers up. That is, they're executed both when the system first boots and when it resumes from suspend or hibernation.
Type: strings concatenated with "\n"
Default: ""
Example:
"${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda"Declared by:
<nixpkgs/nixos/modules/config/power-management.nix>
- powerManagement.powertop.enable
Whether to enable powertop auto tuning on startup.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/tasks/powertop.nix>
- powerManagement.resumeCommands
Commands executed after the system resumes from suspend-to-RAM.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/power-management.nix>
- powerManagement.scsiLinkPolicy
SCSI link power management policy. The kernel default is "max_performance".
"med_power_with_dipm" is supported by kernel versions 4.15 and newer.
Type: null or one of "min_power", "max_performance", "medium_power", "med_power_with_dipm"
Default: null
Declared by:
<nixpkgs/nixos/modules/tasks/scsi-link-power-management.nix>
- programs.adb.enable
Whether to configure system to use Android Debug Bridge (adb). To grant access to a user, it must be part of adbusers group: users.users.alice.extraGroups = ["adbusers"];
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/adb.nix>
- programs.appgate-sdp.enable
Whether to enable AppGate SDP VPN client.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/appgate-sdp.nix>
- programs.atop.enable
Whether to enable Atop.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
- programs.atop.package
Which package to use for Atop.
Type: package
Default: pkgs.atop
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
- programs.atop.atopRotateTimer.enable
Whether to enable the atop-rotate timer, which restarts the atop service daily to make sure the data files are rotate.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
- programs.atop.atopService.enable
Whether to enable the atop service responsible for storing statistics for long-term analysis.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
- programs.atop.atopacctService.enable
Whether to enable the atopacct service which manages process accounting. This allows Atop to gather data about processes that disappeared in between two refresh intervals.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
- programs.atop.atopgpu.enable
Whether to install and enable the atopgpud daemon to get information about NVIDIA gpus.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
- programs.atop.netatop.enable
Whether to install and enable the netatop kernel module. Note: this sets the kernel taint flag "O" for loading out-of-tree modules.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
- programs.atop.netatop.package
Which package to use for netatop.
Type: package
Default: config.boot.kernelPackages.netatop
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
- programs.atop.settings
Parameters to be written to /etc/atoprc.
Type: attribute set
Default: { }
Example: { flags = "a1f"; interval = 5; }
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
- programs.atop.setuidWrapper.enable
Whether to install a setuid wrapper for Atop. This is required to use some of the features as non-root user (e.g.: ipc information, netatop, atopgpu). Atop tries to drop the root privileges shortly after starting.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
- programs.autojump.enable
Whether to enable autojump.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/autojump.nix>
- programs.bandwhich.enable
Whether to add bandwhich to the global environment and configure a setcap wrapper for it.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/bandwhich.nix>
- programs.bash.enableCompletion
Whether to enable Bash completion for all interactive bash shells.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash-completion.nix>
- programs.bash.enableLsColors
Whether to enable extra colors in directory listings.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/bash/ls-colors.nix>
- programs.bash.interactiveShellInit
Shell script code called during interactive bash shell initialisation.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
- programs.bash.loginShellInit
Shell script code called during login bash shell initialisation.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
- programs.bash.promptInit
Shell script code used to initialise the bash prompt.
Type: strings concatenated with "\n"
Default:
'' # Provide a nice prompt if the terminal supports it. if [ "$TERM" != "dumb" ] || [ -n "$INSIDE_EMACS" ]; then PROMPT_COLOR="1;31m" ((UID)) && PROMPT_COLOR="1;32m" if [ -n "$INSIDE_EMACS" ] || [ "$TERM" = "eterm" ] || [ "$TERM" = "eterm-color" ]; then # Emacs term mode doesn't support xterm title escape sequence (\e]0;) PS1="\n\[\033[$PROMPT_COLOR\][\u@\h:\w]\\$\[\033[0m\] " else PS1="\n\[\033[$PROMPT_COLOR\][\[\e]0;\u@\h: \w\a\]\u@\h:\w]\\$\[\033[0m\] " fi if test "$TERM" = "xterm"; then PS1="\[\033]2;\h:\u:\w\007\]$PS1" fi fi ''Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
- programs.bash.shellAliases
Set of aliases for bash shell, which overrides environment.shellAliases. See environment.shellAliases for an option format description.
Type: attribute set of null or string or paths
Default: { }
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
- programs.bash.shellInit
Shell script code called during bash shell initialisation.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
- programs.bash.undistractMe.enable
Whether to enable notifications when long-running terminal commands complete.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/bash/undistract-me.nix>
- programs.bash.undistractMe.playSound
Whether to enable notification sounds when long-running terminal commands complete.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/bash/undistract-me.nix>
- programs.bash.undistractMe.timeout
Number of seconds it would take for a command to be considered long-running.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/programs/bash/undistract-me.nix>
- programs.bash.vteIntegration
Whether to enable Bash integration for VTE terminals. This allows it to preserve the current directory of the shell across terminals.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/vte.nix>
- programs.bash-my-aws.enable
Whether to enable bash-my-aws.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/bash-my-aws.nix>
- programs.bcc.enable
Whether to enable bcc.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/bcc.nix>
- programs.browserpass.enable
Whether to enable Browserpass native messaging host.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/browserpass.nix>
- programs.calls.enable
Whether to enable Whether to enable GNOME calls: a phone dialer and call handler. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/calls.nix>
- programs.captive-browser.enable
Whether to enable captive browser.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/captive-browser.nix>
- programs.captive-browser.package
Which package to use for captive-browser
Type: package
Default: pkgs.captive-browser
Declared by:
<nixpkgs/nixos/modules/programs/captive-browser.nix>
- programs.captive-browser.bindInterface
Binds captive-browser to the network interface declared in cfg.interface. This can be used to avoid collisions with private subnets.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/captive-browser.nix>
- programs.captive-browser.browser
The shell (/bin/sh) command executed once the proxy starts. When browser exits, the proxy exits. An extra env var PROXY is available.
Here, we use a separate Chrome instance in Incognito mode, so that it can run (and be waited for) alongside the default one, and that it maintains no state across runs. To configure this browser open a normal window in it, settings will be preserved.
@volth: chromium is to open a plain HTTP (not HTTPS nor redirect to HTTPS!) website. upstream uses http://example.com but I have seen captive portals whose DNS server resolves "example.com" to 127.0.0.1
Type: string
Default: ''env XDG_CONFIG_HOME="$PREV_CONFIG_HOME" ''${pkgs.chromium}/bin/chromium --user-data-dir=''${XDG_DATA_HOME:-$HOME/.local/share}/chromium-captive --proxy-server="socks5://$PROXY" --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE localhost" --no-first-run --new-window --incognito -no-default-browser-check http://cache.nixos.org/''
Declared by:
<nixpkgs/nixos/modules/programs/captive-browser.nix>
- programs.captive-browser.dhcp-dns
The shell (/bin/sh) command executed to obtain the DHCP DNS server address. The first match of an IPv4 regex is used. IPv4 only, because let's be real, it's a captive portal.
Type: string
Declared by:
<nixpkgs/nixos/modules/programs/captive-browser.nix>
- programs.captive-browser.interface
your public network interface (wlp3s0, wlan0, eth0, ...)
Type: string
Declared by:
<nixpkgs/nixos/modules/programs/captive-browser.nix>
- programs.captive-browser.socks5-addr
the listen address for the SOCKS5 proxy server
Type: string
Default: "localhost:1666"
Declared by:
<nixpkgs/nixos/modules/programs/captive-browser.nix>
- programs.ccache.enable
Whether to enable CCache.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/ccache.nix>
- programs.ccache.packageNames
Nix top-level packages to be compiled using CCache
Type: list of strings
Default: [ ]
Example: [ "wxGTK30" "ffmpeg" "libav_all" ]
Declared by:
<nixpkgs/nixos/modules/programs/ccache.nix>
- programs.ccache.cacheDir
CCache directory
Type: path
Default: "/var/cache/ccache"
Declared by:
<nixpkgs/nixos/modules/programs/ccache.nix>
- programs.cdemu.enable
cdemu for members of programs.cdemu.group.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/cdemu.nix>
- programs.cdemu.group
Group that users must be in to use cdemu.
Type: string
Default: "cdrom"
Declared by:
<nixpkgs/nixos/modules/programs/cdemu.nix>
- programs.cdemu.gui
Whether to install the cdemu GUI (gCDEmu).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/cdemu.nix>
- programs.cdemu.image-analyzer
Whether to install the image analyzer.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/cdemu.nix>
- programs.chromium.enable
Whether to enable chromium policies.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
- programs.chromium.defaultSearchProviderSearchURL
Chromium default search provider url.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
- programs.chromium.defaultSearchProviderSuggestURL
Chromium default search provider url for suggestions.
Type: null or string
Default: null
Example: "https://encrypted.google.com/complete/search?output=chrome&q={searchTerms}"
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
- programs.chromium.extensions
List of chromium extensions to install. For list of plugins ids see id in url of extensions on chrome web store page. To install a chromium extension not included in the chrome web store, append to the extension id a semicolon ";" followed by a URL pointing to an Update Manifest XML file. See ExtensionInstallForcelist for additional details.
Type: list of strings
Default: [ ]
Example:
[ "chlffgpmiacpedhhbkiomidkjlcfhogd" # pushbullet "mbniclmhobmnbdlbpiphghaielnnpgdp" # lightshot "gcbommkclmclpchllfjekcdonpmejbdp" # https everywhere "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin ]
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
- programs.chromium.extraOpts
Extra chromium policy options. A list of available policies can be found in the Chrome Enterprise documentation: https://cloud.google.com/docs/chrome-enterprise/policies/ Make sure the selected policy is supported on Linux and your browser version.
Type: attribute set
Default: { }
Example:
{ "BrowserSignin" = 0; "SyncDisabled" = true; "PasswordManagerEnabled" = false; "SpellcheckEnabled" = true; "SpellcheckLanguage" = [ "de" "en-US" ]; }Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
- programs.chromium.homepageLocation
Chromium default homepage
Type: null or string
Default: null
Example: "https://nixos.org"
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
- programs.clickshare-csc1.enable
Whether to enable Barco ClickShare CSC-1 driver/client. This allows users in the clickshare group to access and use a ClickShare USB dongle that is connected to the machine .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/clickshare.nix>
- programs.cnping.enable
Whether to enable Whether to install a setcap wrapper for cnping.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/cnping.nix>
- programs.command-not-found.enable
Whether interactive shells should show which Nix package (if any) provides a missing command.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/command-not-found/command-not-found.nix>
- programs.command-not-found.dbPath
Absolute path to programs.sqlite.
By default this file will be provided by your channel (nixexprs.tar.xz).
Type: path
Default: "/nix/var/nix/profiles/per-user/root/channels/nixos/programs.sqlite"
Declared by:
<nixpkgs/nixos/modules/programs/command-not-found/command-not-found.nix>
- programs.corectrl.enable
Whether to enable A tool to overclock amd graphics cards and processors. Add your user to the corectrl group to run corectrl without needing to enter your password .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/corectrl.nix>
- programs.corectrl.gpuOverclock.enable
Whether to enable true .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/corectrl.nix>
- programs.corectrl.gpuOverclock.ppfeaturemask
Sets the `amdgpu.ppfeaturemask` kernel option. In particular, it is used here to set the overdrive bit. Default is `0xfffd7fff` as it is less likely to cause flicker issues. Setting it to `0xffffffff` enables all features.
Type: string
Default: "0xfffd7fff"
Example: "0xffffffff"
Declared by:
<nixpkgs/nixos/modules/hardware/corectrl.nix>
- programs.criu.enable
Install criu along with necessary kernel options.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/criu.nix>
- programs.dconf.enable
Whether to enable dconf.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/dconf.nix>
- programs.dconf.packages
A list of packages which provide dconf profiles and databases in /etc/dconf.
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/programs/dconf.nix>
- programs.digitalbitbox.enable
Installs the Digital Bitbox application and enables the complementary hardware module.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/digitalbitbox/default.nix>
- programs.digitalbitbox.package
The Digital Bitbox package to use. This can be used to install a package with udev rules that differ from the defaults.
Type: package
Default: pkgs.digitalbitbox
Declared by:
<nixpkgs/nixos/modules/programs/digitalbitbox/default.nix>
- programs.dmrconfig.enable
Whether to configure system to enable use of dmrconfig. This enables the required udev rules and installs the program.
Type: boolean
Default: false
Related packages:
pkgs.dmrconfig (dmrconfig-1.1): Configuration utility for DMR radios.
DMRconfig is a utility for programming digital radios via USB programming cable.
Declared by:
<nixpkgs/nixos/modules/programs/dmrconfig.nix>
- programs.dmrconfig.package
dmrconfig derivation to use
Type: package
Default: pkgs.dmrconfig
Declared by:
<nixpkgs/nixos/modules/programs/dmrconfig.nix>
- programs.droidcam.enable
Whether to enable DroidCam client.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/droidcam.nix>
- programs.evince.enable
Whether to enable Evince, the GNOME document viewer.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/evince.nix>
- programs.evince.package
Evince derivation to use.
Type: package
Default: pkgs.evince
Declared by:
<nixpkgs/nixos/modules/programs/evince.nix>
- programs.evolution.enable
Whether to enable Evolution, a Personal information management application that provides integrated mail, calendaring and address book functionality..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/evolution-data-server.nix>
- programs.evolution.plugins
Plugins for Evolution.
Type: list of packages
Default: [ ]
Example: [ pkgs.evolution-ews ]
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/evolution-data-server.nix>
- programs.extra-container.enable
Whether to enable extra-container, a tool for running declarative NixOS containers without host system rebuilds .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/extra-container.nix>
- programs.feedbackd.enable
Whether to enable Whether to enable the feedbackd D-BUS service and udev rules.
Your user needs to be in the `feedbackd` group to trigger effects. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/feedbackd.nix>
- programs.feedbackd.package
Which feedbackd package to use.
Type: package
Default: pkgs.feedbackd
Declared by:
<nixpkgs/nixos/modules/programs/feedbackd.nix>
- programs.file-roller.enable
Whether to enable File Roller, an archive manager for GNOME.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/file-roller.nix>
- programs.file-roller.package
File Roller derivation to use.
Type: package
Default: pkgs.gnome.file-roller
Declared by:
<nixpkgs/nixos/modules/programs/file-roller.nix>
- programs.firejail.enable
Whether to enable firejail.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/firejail.nix>
- programs.firejail.wrappedBinaries
Wrap the binaries in firejail and place them in the global path.
You will get file collisions if you put the actual application binary in the global environment and applications started via .desktop files are not wrapped if they specify the absolute path to the binary.
Type: attribute set of path or submodules
Default: { }
Example:
{ firefox = { executable = "${lib.getBin pkgs.firefox}/bin/firefox"; profile = "${pkgs.firejail}/etc/firejail/firefox.profile"; }; mpv = { executable = "${lib.getBin pkgs.mpv}/bin/mpv"; profile = "${pkgs.firejail}/etc/firejail/mpv.profile"; }; }Declared by:
<nixpkgs/nixos/modules/programs/firejail.nix>
- programs.fish.enable
Whether to configure fish as an interactive shell.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
- programs.fish.interactiveShellInit
Shell script code called during interactive fish shell initialisation.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
- programs.fish.loginShellInit
Shell script code called during fish login shell initialisation.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
- programs.fish.promptInit
Shell script code used to initialise fish prompt.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
- programs.fish.shellAbbrs
Set of fish abbreviations.
Type: attribute set of strings
Default: { }
Example: { gco = "git checkout"; npu = "nix-prefetch-url"; }
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
- programs.fish.shellAliases
Set of aliases for fish shell, which overrides environment.shellAliases. See environment.shellAliases for an option format description.
Type: attribute set of null or string or paths
Default: { }
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
- programs.fish.shellInit
Shell script code called during fish shell initialisation.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
- programs.fish.useBabelfish
If enabled, the configured environment will be translated to native fish using babelfish. Otherwise, foreign-env will be used.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
- programs.fish.vendor.completions.enable
Whether fish should use completion files provided by other packages.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
- programs.fish.vendor.config.enable
Whether fish should source configuration snippets provided by other packages.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
- programs.fish.vendor.functions.enable
Whether fish should autoload fish functions provided by other packages.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
- programs.flashrom.enable
Installs flashrom and configures udev rules for programmers used by flashrom. Grants access to users in the "flashrom" group.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/flashrom.nix>
- programs.flexoptix-app.enable
Whether to enable FLEXOPTIX app + udev rules.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/flexoptix-app.nix>
- programs.flexoptix-app.package
FLEXOPTIX app package to use
Type: package
Default: pkgs.flexoptix-app
Declared by:
<nixpkgs/nixos/modules/programs/flexoptix-app.nix>
- programs.fuse.mountMax
Set the maximum number of FUSE mounts allowed to non-root users.
Type: integer between 0 and 32767 (both inclusive)
Default: 1000
Declared by:
<nixpkgs/nixos/modules/programs/fuse.nix>
- programs.fuse.userAllowOther
Allow non-root users to specify the allow_other or allow_root mount options, see mount.fuse3(8).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/fuse.nix>
- programs.gamemode.enable
Whether to enable GameMode to optimise system performance on demand.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/gamemode.nix>
- programs.gamemode.enableRenice
Whether to enable CAP_SYS_NICE on gamemoded to support lowering process niceness.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/gamemode.nix>
- programs.gamemode.settings
System-wide configuration for GameMode (/etc/gamemode.ini). See gamemoded(8) man page for available settings.
Type: attribute set of attribute set of INI atom (null, bool, int, float or string)ss
Default: { }
Example:
{ general = { renice = 10; }; # Warning: GPU optimisations have the potential to damage hardware gpu = { apply_gpu_optimisations = "accept-responsibility"; gpu_device = 0; amd_performance_level = "high"; }; custom = { start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'"; end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'"; }; }Declared by:
<nixpkgs/nixos/modules/programs/gamemode.nix>
- programs.geary.enable
Whether to enable Geary, a Mail client for GNOME 3.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/geary.nix>
- programs.git.enable
Whether to enable git.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/git.nix>
- programs.git.package
The git package to use
Type: package
Default: pkgs.git
Example: pkgs.gitFull
Declared by:
<nixpkgs/nixos/modules/programs/git.nix>
- programs.git.config
Configuration to write to /etc/gitconfig. See the CONFIGURATION FILE section of git-config(1) for more information.
Type: attribute set of attribute set of anythingss
Default: { }
Example: { init = { defaultBranch = "main"; } ; url = { https://github.com/ = { insteadOf = [ "gh:" "github:" ] ; } ; } ; }
Declared by:
<nixpkgs/nixos/modules/programs/git.nix>
- programs.git.lfs.enable
Whether to enable git-lfs.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/git.nix>
- programs.git.lfs.package
The git-lfs package to use
Type: package
Default: pkgs.git-lfs
Declared by:
<nixpkgs/nixos/modules/programs/git.nix>
- programs.gnome-disks.enable
Whether to enable GNOME Disks daemon, a program designed to be a UDisks2 graphical front-end.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/gnome-disks.nix>
- programs.gnome-documents.enable
Whether to enable GNOME Documents, a document manager application for GNOME.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/gnome-documents.nix>
- programs.gnome-terminal.enable
Whether to enable GNOME Terminal.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/gnome-terminal.nix>
- programs.gnupg.package
The gpg package that should be used.
Type: package
Default: pkgs.gnupg
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
- programs.gnupg.agent.enable
Enables GnuPG agent with socket-activation for every user session.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
- programs.gnupg.agent.enableBrowserSocket
Enable browser socket for GnuPG agent.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
- programs.gnupg.agent.enableExtraSocket
Enable extra socket for GnuPG agent.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
- programs.gnupg.agent.enableSSHSupport
Enable SSH agent support in GnuPG agent. Also sets SSH_AUTH_SOCK environment variable correctly. This will disable socket-activation and thus always start a GnuPG agent per user session.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
- programs.gnupg.agent.pinentryFlavor
Which pinentry interface to use. If not null, the path to the pinentry binary will be passed to gpg-agent via commandline and thus overrides the pinentry option in gpg-agent.conf in the user's home directory. If not set at all, it'll pick an appropriate flavor depending on the system configuration (qt flavor for lxqt and plasma5, gtk2 for xfce 4.12, gnome3 on all other systems with X enabled, ncurses otherwise).
Type: null or one of "curses", "tty", "gtk2", "emacs", "gnome3", "qt"
Default: null
Example: "gnome3"
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
- programs.gnupg.dirmngr.enable
Enables GnuPG network certificate management daemon with socket-activation for every user session.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
- programs.gpaste.enable
Whether to enable GPaste, a clipboard manager.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/gpaste.nix>
- programs.gphoto2.enable
Whether to configure system to use gphoto2. To grant digital camera access to a user, the user must be part of the camera group: users.users.alice.extraGroups = ["camera"];
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/gphoto2.nix>
- programs.hamster.enable
Whether to enable hamster, a time tracking program.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/hamster.nix>
- programs.htop.enable
Whether to enable htop process monitor.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/htop.nix>
- programs.htop.package
The htop package that should be used.
Type: package
Default: "pkgs.htop"
Declared by:
<nixpkgs/nixos/modules/programs/htop.nix>
- programs.htop.settings
Extra global default configuration for htop which is read on first startup only. Htop subsequently uses ~/.config/htop/htoprc as configuration source.
Type: attribute set of string or signed integer or boolean or list of string or signed integer or booleanss
Default: { }
Example: { hide_kernel_threads = true; hide_userland_threads = true; }
Declared by:
<nixpkgs/nixos/modules/programs/htop.nix>
- programs.iftop.enable
Whether to enable iftop + setcap wrapper.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/iftop.nix>
- programs.iotop.enable
Whether to enable iotop + setcap wrapper.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/iotop.nix>
- programs.java.enable
Install and setup the Java development kit.
Note
This adds JAVA_HOME to the global environment, by sourcing the jdk's setup-hook on shell init. It is equivalent to starting a shell through 'nix-shell -p jdk', or roughly the following system-wide configuration:environment.variables.JAVA_HOME = ${pkgs.jdk.home}/lib/openjdk; environment.systemPackages = [ pkgs.jdk ];Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/java.nix>
- programs.java.package
Java package to install. Typical values are pkgs.jdk or pkgs.jre.
Type: package
Default: pkgs.jdk
Declared by:
<nixpkgs/nixos/modules/programs/java.nix>
- programs.kbdlight.enable
Whether to enable kbdlight.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/kbdlight.nix>
- programs.kdeconnect.enable
Whether to enable kdeconnect.
Note that it will open the TCP and UDP port from 1714 to 1764 as they are needed for it to function properly. You can use the package to use gnomeExtensions.gsconnect as an alternative implementation if you use Gnome. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/kdeconnect.nix>
- programs.kdeconnect.package
The package providing the implementation for kdeconnect.
Type: package
Default: pkgs.kdeconnect
Example: pkgs.gnomeExtensions.gsconnect
Declared by:
<nixpkgs/nixos/modules/programs/kdeconnect.nix>
- programs.less.enable
Whether to enable less.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
- programs.less.clearDefaultCommands
Clear all default commands. You should remember to set the quit key. Otherwise you will not be able to leave less without killing it.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
- programs.less.commands
Defines new command keys.
Type: attribute set of strings
Default: { }
Example: { h = ''noaction 5\e(''; l = ''noaction 5\e)''; }
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
- programs.less.configFile
Path to lesskey configuration file.
configFile takes precedence over commands, clearDefaultCommands, lineEditingKeys, and envVariables.
Type: null or path
Default: null
Example: "${pkgs.my-configs}/lesskey"
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
- programs.less.envVariables
Defines environment variables.
Type: attribute set of strings
Default: { LESS = "-R"; }
Example: { LESS = "--quit-if-one-screen"; }
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
- programs.less.lessclose
When less closes a file opened in such a way, it will call another program, called the input postprocessor, which may perform any desired clean-up action (such as deleting the replacement file created by LESSOPEN).
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
- programs.less.lessopen
Before less opens a file, it first gives your input preprocessor a chance to modify the way the contents of the file are displayed.
Type: null or string
Default: "|${pkgs.lesspipe}/bin/lesspipe.sh %s"
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
- programs.less.lineEditingKeys
Defines new line-editing keys.
Type: attribute set of strings
Default: { }
Example: { e = "abort"; }
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
- programs.liboping.enable
Whether to enable liboping.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/liboping.nix>
- programs.light.enable
Whether to install Light backlight control command and udev rules granting access to members of the "video" group.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/light.nix>
- programs.mininet.enable
Whether to enable Mininet.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/mininet.nix>
- programs.mosh.enable
Whether to enable mosh. Note, this will open ports in your firewall!
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/mosh.nix>
- programs.mosh.withUtempter
Whether to enable libutempter for mosh. This is required so that mosh can write to /var/run/utmp (which can be queried with `who` to display currently connected user sessions). Note, this will add a guid wrapper for the group utmp!
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/mosh.nix>
- programs.msmtp.enable
Whether to enable msmtp - an SMTP client.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/msmtp.nix>
- programs.msmtp.accounts
Named accounts and their respective configurations. The special name "default" allows a default account to be defined. See msmtp(1) for the available options.
Use `programs.msmtp.extraConfig` instead of this attribute set-based option if ordered account inheritance is needed.
It is advised to use the `passwordeval` setting to read the password from a secret file to avoid having it written in the world-readable nix store. The password file must end with a newline (`\n`).
Type: attribute set of attribute sets
Default: { }
Example: { default = { auth = true; host = "smtp.example"; passwordeval = "cat /secrets/password.txt"; user = "someone"; } ; }
Declared by:
<nixpkgs/nixos/modules/programs/msmtp.nix>
- programs.msmtp.defaults
Default values applied to all accounts. See msmtp(1) for the available options.
Type: attribute set
Default: { }
Example: { aliases = "/etc/aliases"; port = 587; tls = true; }
Declared by:
<nixpkgs/nixos/modules/programs/msmtp.nix>
- programs.msmtp.extraConfig
Extra lines to add to the msmtp configuration verbatim. See msmtp(1) for the syntax and available options.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/msmtp.nix>
- programs.msmtp.setSendmail
Whether to set the system sendmail to msmtp's.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/msmtp.nix>
- programs.mtr.enable
Whether to add mtr to the global environment and configure a setcap wrapper for it.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/mtr.nix>
- programs.mtr.package
The package to use.
Type: package
Default: pkgs.mtr
Declared by:
<nixpkgs/nixos/modules/programs/mtr.nix>
- programs.nano.nanorc
The system-wide nano configuration. See nanorc(5).
Type: strings concatenated with "\n"
Default: ""
Example:
'' set nowrap set tabstospaces set tabsize 2 ''
Declared by:
<nixpkgs/nixos/modules/programs/nano.nix>
- programs.nano.syntaxHighlight
Whether to enable syntax highlight for various languages.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/nano.nix>
- programs.neovim.enable
Whether to enable Neovim.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
- programs.neovim.package
The package to use for the neovim binary.
Type: package
Default: pkgs.neovim-unwrapped
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
- programs.neovim.configure
Generate your init file from your list of plugins and custom commands. Neovim will then be wrapped to load nvim -u /nix/store/hash-vimrc
Type: attribute set
Default: { }
Example:
{ customRC = '' " here your custom configuration goes! ''; packages.myVimPackage = with pkgs.vimPlugins; { # loaded on launch start = [ fugitive ]; # manually loadable by calling `:packadd $plugin-name` opt = [ ]; }; }Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
- programs.neovim.defaultEditor
When enabled, installs neovim and configures neovim to be the default editor using the EDITOR environment variable.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
- programs.neovim.runtime
Set of files that have to be linked in runtime.
Type: attribute set of submodules
Default: { }
Example:
{ "ftplugin/c.vim".text = "setlocal omnifunc=v:lua.vim.lsp.omnifunc"; }Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
- programs.neovim.runtime.<name>.enable
Whether this /etc file should be generated. This option allows specific /etc files to be disabled.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
- programs.neovim.runtime.<name>.source
Path of the source file.
Type: path
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
- programs.neovim.runtime.<name>.target
Name of symlink. Defaults to the attribute name.
Type: string
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
- programs.neovim.runtime.<name>.text
Text of the file.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
- programs.neovim.viAlias
Symlink vi to nvim binary.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
- programs.neovim.vimAlias
Symlink vim to nvim binary.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
- programs.neovim.withNodeJs
Enable Node provider.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
- programs.neovim.withPython3
Enable Python 3 provider.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
- programs.neovim.withRuby
Enable Ruby provider.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
- programs.nm-applet.enable
Whether to enable nm-applet.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/nm-applet.nix>
- programs.nm-applet.indicator
Whether to use indicator instead of status icon. It is needed for Appindicator environments, like Enlightenment.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/nm-applet.nix>
- programs.noisetorch.enable
Whether to enable noisetorch + setcap wrapper.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/noisetorch.nix>
- programs.noisetorch.package
The noisetorch package to use.
Type: package
Default: pkgs.noisetorch
Declared by:
<nixpkgs/nixos/modules/programs/noisetorch.nix>
- programs.npm.enable
Whether to enable npm global config.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/npm.nix>
- programs.npm.package
The npm package version / flavor to use
Type: package
Default: pkgs.nodePackages.npm
Example: pkgs.nodePackages_13_x.npm
Declared by:
<nixpkgs/nixos/modules/programs/npm.nix>
- programs.npm.npmrc
The system-wide npm configuration. See https://docs.npmjs.com/misc/config.
Type: strings concatenated with "\n"
Default:
'' prefix = ''${HOME}/.npm ''Example:
'' prefix = ''${HOME}/.npm https-proxy=proxy.example.com init-license=MIT init-author-url=http://npmjs.org color=true ''Declared by:
<nixpkgs/nixos/modules/programs/npm.nix>
- programs.pantheon-tweaks.enable
Whether to enable Pantheon Tweaks, an unofficial system settings panel for Pantheon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/pantheon-tweaks.nix>
- programs.partition-manager.enable
Whether to enable KDE Partition Manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/partition-manager.nix>
- programs.phosh.enable
Whether to enable Whether to enable, Phosh, related packages and default configurations. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/phosh.nix>
- programs.phosh.phocConfig
Configurations for the Phoc compositor.
Type: strings concatenated with "\n" or path or submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/programs/phosh.nix>
- programs.plotinus.enable
Whether to enable the Plotinus GTK 3 plugin. Plotinus provides a popup (triggered by Ctrl-Shift-P) to search the menus of a compatible application.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/plotinus.nix>
- programs.proxychains.enable
Whether to enable installing proxychains configuration.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
- programs.proxychains.chain.length
Chain length for random chain.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
- programs.proxychains.chain.type
dynamic - Each connection will be done via chained proxies all proxies chained in the order as they appear in the list at least one proxy must be online to play in chain (dead proxies are skipped) otherwise EINTR is returned to the app.
strict - Each connection will be done via chained proxies all proxies chained in the order as they appear in the list all proxies must be online to play in chain otherwise EINTR is returned to the app.
random - Each connection will be done via random proxy (or proxy chain, see programs.proxychains.chain.length) from the list.
Type: one of "dynamic", "strict", "random"
Default: "strict"
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
- programs.proxychains.localnet
By default enable localnet for loopback address ranges.
Type: string
Default: "127.0.0.0/255.0.0.0"
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
- programs.proxychains.proxies
Proxies to be used by proxychains.
Type: attribute set of submodules
Example:
{ myproxy = { type = "socks4"; host = "127.0.0.1"; port = 1337; }; }Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
- programs.proxychains.proxies.<name>.enable
Whether to enable this proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
- programs.proxychains.proxies.<name>.host
Proxy host or IP address.
Type: string
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
- programs.proxychains.proxies.<name>.port
Proxy port
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
- programs.proxychains.proxies.<name>.type
Proxy type.
Type: one of "http", "socks4", "socks5"
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
- programs.proxychains.proxyDNS
Proxy DNS requests - no leak for DNS data.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
- programs.proxychains.quietMode
Whether to enable Quiet mode (no output from the library)..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
- programs.proxychains.remoteDNSSubnet
Set the class A subnet number to use for the internal remote DNS mapping, uses the reserved 224.x.x.x range by default.
Type: one of 10, 127, 224
Default: 224
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
- programs.proxychains.tcpConnectTimeOut
Connection time-out in milliseconds.
Type: signed integer
Default: 8000
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
- programs.proxychains.tcpReadTimeOut
Connection read time-out in milliseconds.
Type: signed integer
Default: 15000
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
- programs.qt5ct.enable
Whether to enable the Qt5 Configuration Tool (qt5ct), a program that allows users to configure Qt5 settings (theme, font, icons, etc.) under desktop environments or window manager without Qt integration.
Official home page: https://sourceforge.net/projects/qt5ct/
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/qt5ct.nix>
- programs.screen.screenrc
The contents of /etc/screenrc file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/screen.nix>
- programs.seahorse.enable
Whether to enable Seahorse, a GNOME application for managing encryption keys and passwords in the GNOME Keyring.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/seahorse.nix>
- programs.sedutil.enable
Whether to enable sedutil.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/sedutil.nix>
- programs.singularity.enable
Whether to enable Singularity.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/singularity.nix>
- programs.slock.enable
Whether to install slock screen locker with setuid wrapper.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/slock.nix>
- programs.spacefm.enable
Whether to install SpaceFM and create /etc/spacefm/spacefm.conf.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/spacefm.nix>
- programs.spacefm.settings
The system-wide spacefm configuration. Parameters to be written to /etc/spacefm/spacefm.conf. Refer to the relevant entry in the SpaceFM manual.
Type: attribute set
Default:
{ tmp_dir = "/tmp"; terminal_su = "${pkgs.sudo}/bin/sudo"; graphical_su = "${pkgs.gksu}/bin/gksu"; }Declared by:
<nixpkgs/nixos/modules/programs/spacefm.nix>
- programs.ssh.package
The package used for the openssh client and daemon.
Type: package
Default: pkgs.openssh
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
- programs.ssh.agentPKCS11Whitelist
A pattern-list of acceptable paths for PKCS#11 shared libraries that may be used with the -s option to ssh-add.
Type: null or string
Default: null
Example: "${pkgs.opensc}/lib/opensc-pkcs11.so"
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
- programs.ssh.agentTimeout
How long to keep the private keys in memory. Use null to keep them forever.
Type: null or string
Default: null
Example: "1h"
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
- programs.ssh.askPassword
Program used by SSH to ask for passwords.
Type: string
Default: "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass"
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
- programs.ssh.ciphers
Specifies the ciphers allowed and their order of preference.
Type: null or list of strings
Default: null
Example: [ "chacha20-poly1305@openssh.com" "aes256-gcm@openssh.com" ]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
- programs.ssh.extraConfig
Extra configuration text prepended to ssh_config. Other generated options will be added after a Host * pattern. See ssh_config(5) for help.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
- programs.ssh.forwardX11
Whether to request X11 forwarding on outgoing connections by default. This is useful for running graphical programs on the remote machine and have them display to your local X11 server. Historically, this value has depended on the value used by the local sshd daemon, but there really isn't a relation between the two. Note: there are some security risks to forwarding an X11 connection. NixOS's X server is built with the SECURITY extension, which prevents some obvious attacks. To enable or disable forwarding on a per-connection basis, see the -X and -x options to ssh. The -Y option to ssh enables trusted forwarding, which bypasses the SECURITY extension.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
- programs.ssh.hostKeyAlgorithms
Specifies the host key algorithms that the client wants to use in order of preference.
Type: list of strings
Default: [ ]
Example: [ "ssh-ed25519" "ssh-rsa" ]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
- programs.ssh.kexAlgorithms
Specifies the available KEX (Key Exchange) algorithms.
Type: null or list of strings
Default: null
Example: [ "curve25519-sha256@libssh.org" "diffie-hellman-group-exchange-sha256" ]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
- programs.ssh.knownHosts
The set of system-wide known SSH hosts.
Type: attribute set of submodules
Default: { }
Example:
{ myhost = { hostNames = [ "myhost" "myhost.mydomain.com" "10.10.1.4" ]; publicKeyFile = ./pubkeys/myhost_ssh_host_dsa_key.pub; }; myhost2 = { hostNames = [ "myhost2" ]; publicKeyFile = ./pubkeys/myhost2_ssh_host_dsa_key.pub; }; }Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
- programs.ssh.knownHosts.<name>.certAuthority
This public key is an SSH certificate authority, rather than an individual host's key.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
- programs.ssh.knownHosts.<name>.hostNames
A list of host names and/or IP numbers used for accessing the host's ssh service.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
- programs.ssh.knownHosts.<name>.publicKey
The public key data for the host. You can fetch a public key from a running SSH server with the ssh-keyscan command. The public key should not include any host names, only the key type and the key itself.
Type: null or string
Default: null
Example: "ecdsa-sha2-nistp521 AAAAE2VjZHN...UEPg=="
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
- programs.ssh.knownHosts.<name>.publicKeyFile
The path to the public key file for the host. The public key file is read at build time and saved in the Nix store. You can fetch a public key file from a running SSH server with the ssh-keyscan command. The content of the file should follow the same format as described for the publicKey option.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
- programs.ssh.macs
Specifies the MAC (message authentication code) algorithms in order of preference. The MAC algorithm is used for data integrity protection.
Type: null or list of strings
Default: null
Example: [ "hmac-sha2-512-etm@openssh.com" "hmac-sha1" ]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
- programs.ssh.pubkeyAcceptedKeyTypes
Specifies the key types that will be used for public key authentication.
Type: list of strings
Default: [ ]
Example: [ "ssh-ed25519" "ssh-rsa" ]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
- programs.ssh.setXAuthLocation
Whether to set the path to xauth for X11-forwarded connections. This causes a dependency on X11 packages.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
- programs.ssh.startAgent
Whether to start the OpenSSH agent when you log in. The OpenSSH agent remembers private keys for you so that you don't have to type in passphrases every time you make an SSH connection. Use ssh-add to add a key to the agent.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
- programs.steam.enable
Whether to enable steam.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/steam.nix>
- programs.steam.dedicatedServer.openFirewall
Open ports in the firewall for Source Dedicated Server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/steam.nix>
- programs.steam.remotePlay.openFirewall
Open ports in the firewall for Steam Remote Play.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/steam.nix>
- programs.sway.enable
Whether to enable Sway, the i3-compatible tiling Wayland compositor. You can manually launch Sway by executing "exec sway" on a TTY. Copy /etc/sway/config to ~/.config/sway/config to modify the default configuration. See https://github.com/swaywm/sway/wiki and "man 5 sway" for more information.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/sway.nix>
- programs.sway.extraOptions
Command line arguments passed to launch Sway. Please DO NOT report issues if you use an unsupported GPU (proprietary drivers).
Type: list of strings
Default: [ ]
Example: [ "--verbose" "--debug" "--unsupported-gpu" "--my-next-gpu-wont-be-nvidia" ]
Declared by:
<nixpkgs/nixos/modules/programs/sway.nix>
- programs.sway.extraPackages
Extra packages to be installed system wide. See https://github.com/swaywm/sway/wiki/Useful-add-ons-for-sway and https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives for a list of useful software.
Type: list of packages
Default:
with pkgs; [ swaylock swayidle alacritty dmenu ];
Example:
with pkgs; [ i3status i3status-rust termite rofi light ]
Declared by:
<nixpkgs/nixos/modules/programs/sway.nix>
- programs.sway.extraSessionCommands
Shell commands executed just before Sway is started. See https://github.com/swaywm/sway/wiki/Running-programs-natively-under-wayland and https://github.com/swaywm/wlroots/blob/master/docs/env_vars.md for some useful environment variables.
Type: strings concatenated with "\n"
Default: ""
Example:
'' # SDL: export SDL_VIDEODRIVER=wayland # QT (needs qt5.qtwayland in systemPackages): export QT_QPA_PLATFORM=wayland-egl export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" # Fix for some Java AWT applications (e.g. Android Studio), # use this if they aren't displayed properly: export _JAVA_AWT_WM_NONREPARENTING=1 ''
Declared by:
<nixpkgs/nixos/modules/programs/sway.nix>
- programs.sway.wrapperFeatures
Attribute set of features to enable in the wrapper.
Type: submodule
Default: { }
Example: { gtk = true; }
Declared by:
<nixpkgs/nixos/modules/programs/sway.nix>
- programs.sway.wrapperFeatures.base
Whether to make use of the base wrapper to execute extra session commands and prepend a dbus-run-session to the sway command.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/programs/sway.nix>
- programs.sway.wrapperFeatures.gtk
Whether to make use of the wrapGAppsHook wrapper to execute sway with required environment variables for GTK applications.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/sway.nix>
- programs.sysdig.enable
Whether to enable sysdig.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/sysdig.nix>
- programs.system-config-printer.enable
Whether to enable system-config-printer, a Graphical user interface for CUPS administration.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/system-config-printer.nix>
- programs.systemtap.enable
Install systemtap along with necessary kernel options.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/systemtap.nix>
- programs.thefuck.enable
Whether to enable thefuck.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/thefuck.nix>
programs.thefuck.alias
`thefuck` needs an alias to be configured. The default value is `fuck`, but you can use anything else as well.
Type: string
Default: "fuck"
Declared by:
<nixpkgs/nixos/modules/programs/thefuck.nix>
- programs.tilp2.enable
Enable tilp2 and udev rules for supported calculators.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/tilp2.nix>
- programs.tmux.enable
Whenever to configure tmux system-wide.
Type: boolean
Default: false
Related packages:
pkgs.tmux (tmux-3.2a): Terminal multiplexer.
tmux is intended to be a modern, BSD-licensed alternative to programs such as GNU screen. Major features include: * A powerful, consistent, well-documented and easily scriptable command interface. * A window may be split horizontally and vertically into panes. * Panes can be freely moved and resized, or arranged into preset layouts. * Support for UTF-8 and 256-colour terminals. * Copy and paste with multiple buffers. * Interactive menus to select windows, sessions or clients. * Change the current window by searching for text in the target. * Terminal locking, manually or after a timeout. * A clean, easily extended, BSD-licensed codebase, under active development.
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
- programs.tmux.aggressiveResize
Resize the window to the size of the smallest session for which it is the current window.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
- programs.tmux.baseIndex
Base index for windows and panes.
Type: signed integer
Default: 0
Example: 1
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
- programs.tmux.clock24
Use 24 hour clock.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
- programs.tmux.customPaneNavigationAndResize
Override the hjkl and HJKL bindings for pane navigation and resizing in VI mode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
- programs.tmux.escapeTime
Time in milliseconds for which tmux waits after an escape is input.
Type: signed integer
Default: 500
Example: 0
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
- programs.tmux.extraConfig
Additional contents of /etc/tmux.conf
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
- programs.tmux.historyLimit
Maximum number of lines held in window history.
Type: signed integer
Default: 2000
Example: 5000
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
- programs.tmux.keyMode
VI or Emacs style shortcuts.
Type: one of "emacs", "vi"
Default: "emacs"
Example: "vi"
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
- programs.tmux.newSession
Automatically spawn a session if trying to attach and none are running.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
- programs.tmux.resizeAmount
Number of lines/columns when resizing.
Type: signed integer
Default: 5
Example: 10
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
- programs.tmux.reverseSplit
Reverse the window split shortcuts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
- programs.tmux.secureSocket
Store tmux socket under /run, which is more secure than /tmp, but as a downside it doesn't survive user logout.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
- programs.tmux.shortcut
Ctrl following by this key is used as the main shortcut.
Type: string
Default: "b"
Example: "a"
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
- programs.tmux.terminal
Set the $TERM variable.
Type: string
Default: "screen"
Example: "screen-256color"
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
- programs.traceroute.enable
Whether to configure a setcap wrapper for traceroute.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/traceroute.nix>
- programs.tsmClient.enable
Whether to enable IBM Spectrum Protect (Tivoli Storage Manager, TSM) client command line applications with a client system-options file "dsm.sys" .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
- programs.tsmClient.package
The TSM client derivation to be added to the system environment. It will called with .override to add paths to the client system-options file.
Type: package
Default: pkgs.tsm-client
Example: pkgs.tsm-client-withGui
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
- programs.tsmClient.defaultServername
If multiple server stanzas are declared with programs.tsmClient.servers, this option may be used to name a default server stanza that IBM TSM uses in the absence of a user-defined dsm.opt file. This option translates to a defaultserver configuration line.
Type: null or string matching the pattern .{1,64}
Default: null
Example: "mainTsmServer"
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
- programs.tsmClient.dsmSysText
This configuration key contains the effective text of the client system-options file "dsm.sys". It should not be changed, but may be used to feed the configuration into other TSM-depending packages used on the system.
Type: strings concatenated with "\n" (read only)
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
- programs.tsmClient.servers
Server definitions ("stanzas") for the client system-options file.
Type: attribute set of submodules
Default: { }
Example: { mainTsmServer = { extraConfig = { compression = "yes"; } ; node = "MY-TSM-NODE"; server = "tsmserver.company.com"; } ; }
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
- programs.tsmClient.servers.<name>.extraConfig
Additional key-value pairs for the server stanza. Values must be strings, or null for the key not to be used in the stanza (e.g. to overrule values generated by other options).
Type: attribute set of null or strings
Default: { }
Example: { compression = "yes"; passwordaccess = null; }
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
- programs.tsmClient.servers.<name>.genPasswd
Whether to enable automatic client password generation. This option influences the passwordaccess directive in dsm.sys. The password will be stored in the directory given by the option passwdDir. Caution: If this option is enabled and the server forces to renew the password (e.g. on first connection), a random password will be generated and stored .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
- programs.tsmClient.servers.<name>.includeExclude
include.* and exclude.* directives to be used when sending files to the IBM TSM server. The lines will be written into a file that the inclexcl directive in dsm.sys points to.
Type: strings concatenated with "\n"
Default: ""
Example:
'' exclude.dir /nix/store include.encrypt /home/.../* ''
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
- programs.tsmClient.servers.<name>.name
Local name of the IBM TSM server, must be uncapitalized and no longer than 64 chars. The value will be used for the server directive in dsm.sys.
Type: string matching the pattern .{1,64}
Example: "mainTsmServer"
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
- programs.tsmClient.servers.<name>.node
Target node name on the IBM TSM server. The value will be used for the nodename directive in dsm.sys.
Type: string matching the pattern .+
Example: "MY-TSM-NODE"
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
- programs.tsmClient.servers.<name>.passwdDir
Directory that holds the TSM node's password information. The value will be used for the passworddir directive in dsm.sys.
Type: path
Example: "/home/alice/tsm-password"
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
- programs.tsmClient.servers.<name>.port
TCP port of the IBM TSM server. The value will be used for the tcpport directive in dsm.sys. TSM does not support ports above 32767.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1500
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
- programs.tsmClient.servers.<name>.server
Host/domain name or IP address of the IBM TSM server. The value will be used for the tcpserveraddress directive in dsm.sys.
Type: string matching the pattern .+
Example: "tsmserver.company.com"
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
- programs.tsmClient.servers.<name>.text
Additional text lines for the server stanza. This option can be used if certion configuration keys must be used multiple times or ordered in a certain way as the extraConfig option can't control the order of lines in the resulting stanza. Note that the server line at the beginning of the stanza is not part of this option's value.
Type: strings concatenated with "\n"
Example: lib.modules.mkAfter "compression no"
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
- programs.tsmClient.wrappedPackage
The TSM client derivation, wrapped with the path to the client system-options file "dsm.sys". This option is to provide the effective derivation for other modules that want to call TSM executables.
Type: package (read only)
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
- programs.turbovnc.ensureHeadlessSoftwareOpenGL
Whether to set up NixOS such that TurboVNC's built-in software OpenGL implementation works.
This will enable hardware.opengl.enable so that OpenGL programs can find Mesa's llvmpipe drivers.
Setting this option to false does not mean that software OpenGL won't work; it may still work depending on your system configuration.
This option is also intended to generate warnings if you are using some configuration that's incompatible with using headless software OpenGL in TurboVNC.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/turbovnc.nix>
- programs.udevil.enable
Whether to enable udevil.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/udevil.nix>
- programs.usbtop.enable
Whether to enable usbtop and required kernel module.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/usbtop.nix>
- programs.vim.package
vim package to use.
Type: package
Default: pkgs.vim
Example: pkgs.vimHugeX
Declared by:
<nixpkgs/nixos/modules/programs/vim.nix>
- programs.vim.defaultEditor
When enabled, installs vim and configures vim to be the default editor using the EDITOR environment variable.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/vim.nix>
- programs.wavemon.enable
Whether to add wavemon to the global environment and configure a setcap wrapper for it.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/wavemon.nix>
- programs.waybar.enable
Whether to enable waybar.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/waybar.nix>
- programs.weylus.enable
Whether to enable weylus.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/weylus.nix>
- programs.weylus.package
Weylus package to install.
Type: package
Default: "pkgs.weylus"
Declared by:
<nixpkgs/nixos/modules/programs/weylus.nix>
- programs.weylus.openFirewall
Open ports needed for the functionality of the program.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/weylus.nix>
- programs.weylus.users
To enable stylus and multi-touch support, the user you're going to use must be added to this list. These users can synthesize input events system-wide, even when another user is logged in - untrusted users should not be added.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/programs/weylus.nix>
- programs.wireshark.enable
Whether to add Wireshark to the global environment and configure a setcap wrapper for 'dumpcap' for users in the 'wireshark' group.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/wireshark.nix>
- programs.wireshark.package
Which Wireshark package to install in the global environment.
Type: package
Default: pkgs.wireshark-cli
Declared by:
<nixpkgs/nixos/modules/programs/wireshark.nix>
- programs.wshowkeys.enable
Whether to enable wshowkeys (displays keypresses on screen on supported Wayland compositors). It requires root permissions to read input events, but these permissions are dropped after startup.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/wshowkeys.nix>
- programs.xfs_quota.projects
Setup of xfs_quota projects. Make sure the filesystem is mounted with the pquota option.
Type: attribute set of submodules
Default: { }
Example: { projname = { id = 50; path = "/xfsprojects/projname"; sizeHardLimit = "50g"; } ; }
Declared by:
<nixpkgs/nixos/modules/programs/xfs_quota.nix>
- programs.xfs_quota.projects.<name>.fileSystem
XFS filesystem hosting the xfs_quota project.
Type: string
Default: "/"
Declared by:
<nixpkgs/nixos/modules/programs/xfs_quota.nix>
- programs.xfs_quota.projects.<name>.id
Project ID.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/programs/xfs_quota.nix>
- programs.xfs_quota.projects.<name>.path
Project directory.
Type: string
Declared by:
<nixpkgs/nixos/modules/programs/xfs_quota.nix>
- programs.xfs_quota.projects.<name>.sizeHardLimit
Hard limit of the project size.
Type: null or string
Default: null
Example: "50g"
Declared by:
<nixpkgs/nixos/modules/programs/xfs_quota.nix>
- programs.xfs_quota.projects.<name>.sizeSoftLimit
Soft limit of the project size
Type: null or string
Default: null
Example: "30g"
Declared by:
<nixpkgs/nixos/modules/programs/xfs_quota.nix>
- programs.xonsh.enable
Whether to configure xonsh as an interactive shell.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/xonsh.nix>
- programs.xonsh.package
xonsh package to use.
Type: package
Default: pkgs.xonsh
Example: pkgs.xonsh.override { configFile = "/path/to/xonshrc"; }
Declared by:
<nixpkgs/nixos/modules/programs/xonsh.nix>
- programs.xonsh.config
Control file to customize your shell behavior.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/xonsh.nix>
- programs.xss-lock.enable
Whether to enable xss-lock.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/xss-lock.nix>
- programs.xss-lock.extraOptions
Additional command-line arguments to pass to xss-lock.
Type: list of strings
Default: [ ]
Example: [ "--ignore-sleep" ]
Declared by:
<nixpkgs/nixos/modules/programs/xss-lock.nix>
- programs.xss-lock.lockerCommand
Locker to be used with xsslock
Type: strings concatenated with " "
Default: "${pkgs.i3lock}/bin/i3lock"
Example: "${pkgs.i3lock-fancy}/bin/i3lock-fancy"
Declared by:
<nixpkgs/nixos/modules/programs/xss-lock.nix>
- programs.xwayland.enable
Whether to enable Xwayland (an X server for interfacing X11 apps with the Wayland protocol).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/xwayland.nix>
- programs.xwayland.package
The Xwayland package to use.
Type: path
Default:
pkgs.xwayland.override (oldArgs: { inherit (config.programs.xwayland) defaultFontPath; })Declared by:
<nixpkgs/nixos/modules/programs/xwayland.nix>
- programs.xwayland.defaultFontPath
Default font path. Setting this option causes Xwayland to be rebuilt.
Type: string
Default:
optionalString config.fonts.fontDir.enable "/run/current-system/sw/share/X11/fonts"
Declared by:
<nixpkgs/nixos/modules/programs/xwayland.nix>
- programs.yabar.enable
Whether to enable yabar.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
- programs.yabar.package
The package which contains the `yabar` binary.
Nixpkgs provides the `yabar` and `yabar-unstable` derivations since 18.03, so it's possible to choose.
Type: package
Default: pkgs.yabar-unstable
Example: pkgs.yabar
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
- programs.yabar.bars
List of bars that should be rendered by yabar.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
- programs.yabar.bars.<name>.extra
An attribute set which contains further attributes of a bar.
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
- programs.yabar.bars.<name>.font
The font that will be used to draw the status bar.
Type: string
Default: "sans bold 9"
Example: "Droid Sans, FontAwesome Bold 9"
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
- programs.yabar.bars.<name>.indicators
Indicators that should be rendered by yabar.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
- programs.yabar.bars.<name>.indicators.<name>.align
Whether to align the indicator at the left or right of the bar.
Type: one of "left", "center", "right"
Default: "left"
Example: "right"
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
- programs.yabar.bars.<name>.indicators.<name>.exec
The type of the indicator to be executed.
Type: string
Example: "YABAR_DATE"
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
- programs.yabar.bars.<name>.indicators.<name>.extra
An attribute set which contains further attributes of a indicator.
Type: attribute set of string or signed integers
Default: { }
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
- programs.yabar.bars.<name>.position
The position where the bar will be rendered.
Type: one of "top", "bottom"
Default: "top"
Example: "bottom"
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
- programs.zmap.enable
Whether to enable ZMap.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/zmap.nix>
- programs.zsh.enable
Whether to configure zsh as an interactive shell. To enable zsh for a particular user, use the users.users.<name?>.shell option for that user. To enable zsh system-wide use the users.defaultUserShell option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
- programs.zsh.enableBashCompletion
Enable compatibility with bash's programmable completion system.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
- programs.zsh.enableCompletion
Enable zsh completion for all interactive zsh shells.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
- programs.zsh.enableGlobalCompInit
Enable execution of compinit call for all interactive zsh shells.
This option can be disabled if the user wants to extend its fpath and a custom compinit call in the local config is required.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
- programs.zsh.autosuggestions.enable
Whether to enable zsh-autosuggestions.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix>
- programs.zsh.autosuggestions.extraConfig
Attribute set with additional configuration values
Type: attribute set of strings
Default: { }
Example:
{ "ZSH_AUTOSUGGEST_BUFFER_MAX_SIZE" = "20"; }Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix>
- programs.zsh.autosuggestions.highlightStyle
Highlight style for suggestions ({fore,back}ground color)
Type: string
Default: "fg=8"
Example: "fg=cyan"
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix>
- programs.zsh.autosuggestions.strategy
Set ZSH_AUTOSUGGEST_STRATEGY to choose the strategy for generating suggestions. There are currently two to choose from:
* history: Chooses the most recent match. * match_prev_cmd: Chooses the most recent match whose preceding history item matches the most recently executed command (more info). Note that this strategy won't work as expected with ZSH options that don't preserve the history order such as HIST_IGNORE_ALL_DUPS or HIST_EXPIRE_DUPS_FIRST.
Type: one of "history", "match_prev_cmd"
Default: "history"
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix>
- programs.zsh.histFile
Change history file.
Type: string
Default: "$HOME/.zsh_history"
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
- programs.zsh.histSize
Change history size.
Type: signed integer
Default: 2000
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
- programs.zsh.interactiveShellInit
Shell script code called during interactive zsh shell initialisation.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
- programs.zsh.loginShellInit
Shell script code called during zsh login shell initialisation.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
- programs.zsh.ohMyZsh.enable
Enable oh-my-zsh.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
- programs.zsh.ohMyZsh.package
Package to install for `oh-my-zsh` usage.
Type: package
Default: pkgs.oh-my-zsh
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
- programs.zsh.ohMyZsh.cacheDir
Cache directory to be used by `oh-my-zsh`. Without this option it would default to the read-only nix store.
Type: string
Default: "$HOME/.cache/oh-my-zsh"
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
- programs.zsh.ohMyZsh.custom
Path to a custom oh-my-zsh package to override config of oh-my-zsh. (Can't be used along with `customPkgs`).
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
- programs.zsh.ohMyZsh.customPkgs
List of custom packages that should be loaded into `oh-my-zsh`.
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
- programs.zsh.ohMyZsh.plugins
List of oh-my-zsh plugins
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
- programs.zsh.ohMyZsh.theme
Name of the theme to be used by oh-my-zsh.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
- programs.zsh.promptInit
Shell script code used to initialise the zsh prompt.
Type: strings concatenated with "\n"
Default:
'' # Note that to manually override this in ~/.zshrc you should run `prompt off` # before setting your PS1 and etc. Otherwise this will likely to interact with # your ~/.zshrc configuration in unexpected ways as the default prompt sets # a lot of different prompt variables. autoload -U promptinit && promptinit && prompt suse && setopt prompt_sp ''
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
- programs.zsh.setOptions
Configure zsh options. See zshoptions(1).
Type: list of strings
Default: [ "HIST_IGNORE_DUPS" "SHARE_HISTORY" "HIST_FCNTL_LOCK" ]
Example: [ "EXTENDED_HISTORY" "RM_STAR_WAIT" ]
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
- programs.zsh.shellAliases
Set of aliases for zsh shell, which overrides environment.shellAliases. See environment.shellAliases for an option format description.
Type: attribute set of null or string or paths
Default: { }
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
- programs.zsh.shellInit
Shell script code called during zsh shell initialisation.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
- programs.zsh.syntaxHighlighting.enable
Whether to enable zsh-syntax-highlighting.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix>
- programs.zsh.syntaxHighlighting.highlighters
Specifies the highlighters to be used by zsh-syntax-highlighting.
The following defined options can be found here: https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters.md
Type: list of one of "main", "brackets", "pattern", "cursor", "root", "line"s
Default: [ "main" ]
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix>
- programs.zsh.syntaxHighlighting.patterns
Specifies custom patterns to be highlighted by zsh-syntax-highlighting.
Please refer to the docs for more information about the usage: https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters/pattern.md
Type: attribute set of strings
Default: { }
Example:
{ "rm -rf *" = "fg=white,bold,bg=red"; }Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix>
- programs.zsh.syntaxHighlighting.styles
Specifies custom styles to be highlighted by zsh-syntax-highlighting.
Please refer to the docs for more information about the usage: https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters/main.md
Type: attribute set of strings
Default: { }
Example:
{ "alias" = "fg=magenta,bold"; }Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix>
- programs.zsh.vteIntegration
Whether to enable Zsh integration for VTE terminals. This allows it to preserve the current directory of the shell across terminals.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/vte.nix>
- programs.zsh.zsh-autoenv.enable
Whether to enable zsh-autoenv.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autoenv.nix>
- programs.zsh.zsh-autoenv.package
Package to install for `zsh-autoenv` usage.
Type: package
Default: pkgs.zsh-autoenv
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autoenv.nix>
- qt5.enable
Whether to enable Qt5 theming configuration.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/config/qt5.nix>
- qt5.platformTheme
Selects the platform theme to use for Qt5 applications.
The options are
- gtk
Use GTK theme with qtstyleplugins
- gnome
Use GNOME theme with qgnomeplatform
- Type: one of "gtk2", "gnome"
- Example: "gnome"
- Related packages:
- pkgs.qgnomeplatform (qgnomeplatform-0.8.0): QPlatformTheme for a better Qt application inclusion in GNOME.
- pkgs.libsForQt5.qtstyleplugins (qtstyleplugins-unstable-2017-03-11): Additional style plugins for Qt5, including BB10, GTK, Cleanlooks, Motif, Plastique.
Declared by:
<nixpkgs/nixos/modules/config/qt5.nix>
- qt5.style
Selects the style to use for Qt5 applications.
The options are
- adwaita, adwaita-dark
Use Adwaita Qt style with adwaita
- cleanlooks, gtk2, motif, plastique
Use styles from qtstyleplugins
- Type: one of "adwaita", "adwaita-dark", "cleanlooks", "gtk2", "motif", "plastique"
- Example: "adwaita"
- Related packages:
- pkgs.adwaita-qt (adwaita-qt-1.4.0): A style to bend Qt applications to look like they belong into GNOME Shell.
- pkgs.libsForQt5.qtstyleplugins (qtstyleplugins-unstable-2017-03-11): Additional style plugins for Qt5, including BB10, GTK, Cleanlooks, Motif, Plastique.
Declared by:
<nixpkgs/nixos/modules/config/qt5.nix>
- security.acme.enableDebugLogs
Whether to enable debug logging for all certificates by default.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.acceptTerms
Accept the CA's terms of service. The default provider is Let's Encrypt, you can find their ToS at https://letsencrypt.org/repository/.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.certs
Attribute set of certificates to get signed and renewed. Creates acme-${cert}.{service,timer} systemd units for each certificate defined here. Other services can add dependencies to those units if they rely on the certificates being present, or trigger restarts of the service if certificates get renewed.
Type: attribute set of submodules
Default: { }
Example:
{ "example.com" = { webroot = "/var/lib/acme/acme-challenge/"; email = "foo@example.com"; extraDomainNames = [ "www.example.com" "foo.example.com" ]; }; "bar.example.com" = { webroot = "/var/lib/acme/acme-challenge/"; email = "bar@example.com"; }; }Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.certs.<name>.enableDebugLogs
Whether to enable debug logging for this certificate.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.certs.<name>.credentialsFile
Path to an EnvironmentFile for the cert's service containing any required and optional environment variables for your selected dnsProvider. To find out what values you need to set, consult the documentation at https://go-acme.github.io/lego/dns/ for the corresponding dnsProvider.
Type: path
Example: "/var/src/secrets/example.org-route53-api-token"
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.certs.<name>.directory
Directory where certificate and other state is stored.
Type: string (read only)
Default: "/var/lib/acme/‹name›"
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.certs.<name>.dnsPropagationCheck
Toggles lego DNS propagation check, which is used alongside DNS-01 challenge to ensure the DNS entries required are available.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.certs.<name>.dnsProvider
DNS Challenge provider. For a list of supported providers, see the "code" field of the DNS providers listed at https://go-acme.github.io/lego/dns/.
Type: null or string
Default: null
Example: "route53"
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.certs.<name>.dnsResolver
Set the resolver to use for performing recursive DNS queries. Supported: host:port. The default is to use the system resolvers, or Google's DNS resolvers if the system's cannot be determined.
Type: null or string
Default: null
Example: "1.1.1.1:53"
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.certs.<name>.domain
Domain to fetch certificate for (defaults to the entry name).
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.certs.<name>.email
Contact email address for the CA to be able to reach you.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.certs.<name>.extraDomainNames
A list of extra domain names, which are included in the one certificate to be issued.
Type: list of strings
Default: [ ]
Example:
[ "example.org" "mydomain.org" ]
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.certs.<name>.extraLegoFlags
Additional global flags to pass to all lego commands.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.certs.<name>.extraLegoRenewFlags
Additional flags to pass to lego renew.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.certs.<name>.extraLegoRunFlags
Additional flags to pass to lego run.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.certs.<name>.group
Group running the ACME client.
Type: string
Default: "acme"
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.certs.<name>.keyType
Key type to use for private keys. For an up to date list of supported values check the --key-type option at https://go-acme.github.io/lego/usage/cli/#usage.
Type: string
Default: "ec256"
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.certs.<name>.ocspMustStaple
Turns on the OCSP Must-Staple TLS extension. Make sure you know what you're doing! See:
- https://blog.apnic.net/2019/01/15/is-the-web-ready-for-ocsp-must-staple/
- https://blog.hboeck.de/archives/886-The-Problem-with-OCSP-Stapling-and-Must-Staple-and-why-Certificate-Revocation-is-still-broken.html
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.certs.<name>.postRun
Commands to run after new certificates go live. Note that these commands run as the root user.
Executed in the same directory with the new certificate.
Type: strings concatenated with "\n"
Default: ""
Example: "cp full.pem backup.pem"
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.certs.<name>.reloadServices
The list of systemd services to call systemctl try-reload-or-restart on.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.certs.<name>.server
ACME Directory Resource URI. Defaults to Let's Encrypt's production endpoint, https://acme-v02.api.letsencrypt.org/directory, if unset.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.certs.<name>.webroot
Where the webroot of the HTTP vhost is located. .well-known/acme-challenge/ directory will be created below the webroot if it doesn't exist. http://example.org/.well-known/acme-challenge/ must also be available (notice unencrypted HTTP).
Type: null or string
Default: null
Example: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.email
Contact email address for the CA to be able to reach you.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.preliminarySelfsigned
Whether a preliminary self-signed certificate should be generated before doing ACME requests. This can be useful when certificates are required in a webserver, but ACME needs the webserver to make its requests.
With preliminary self-signed certificate the webserver can be started and can later reload the correct ACME certificates.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.renewInterval
Systemd calendar expression when to check for renewal. See systemd.time(7).
Type: string
Default: "daily"
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.server
ACME Directory Resource URI. Defaults to Let's Encrypt's production endpoint, https://acme-v02.api.letsencrypt.org/directory, if unset.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.acme.validMinDays
Minimum remaining validity before renewal in days.
Type: signed integer
Default: 30
Declared by:
<nixpkgs/nixos/modules/security/acme.nix>
- security.allowSimultaneousMultithreading
Whether to allow SMT/hyperthreading. Disabling SMT means that only physical CPU cores will be usable at runtime, potentially at significant performance cost.
The primary motivation for disabling SMT is to mitigate the risk of leaking data between threads running on the same CPU core (due to e.g., shared caches). This attack vector is unproven.
Disabling SMT is a supplement to the L1 data cache flushing mitigation (see security.virtualisation.flushL1DataCache) versus malicious VM guests (SMT could "bring back" previously flushed data).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/misc.nix>
- security.allowUserNamespaces
Whether to allow creation of user namespaces.
The motivation for disabling user namespaces is the potential presence of code paths where the kernel's permission checking logic fails to account for namespacing, instead permitting a namespaced process to act outside the namespace with the same privileges as it would have inside it. This is particularly damaging in the common case of running as root within the namespace.
When user namespace creation is disallowed, attempting to create a user namespace fails with "no space left on device" (ENOSPC). root may re-enable user namespace creation at runtime.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/misc.nix>
- security.apparmor.enable
Whether to enable the AppArmor Mandatory Access Control system.
If you're enabling this module on a running system, note that a reboot will be required to activate AppArmor in the kernel.
Also, beware that enabling this module privileges stability over security by not trying to kill unconfined but newly confinable running processes by default, though it would be needed because AppArmor can only confine new or already confined processes of an executable. This killing would for instance be necessary when upgrading to a NixOS revision introducing for the first time an AppArmor profile for the executable of a running process.
Enable security.apparmor.killUnconfinedConfinables if you want this service to do such killing by sending a SIGTERM to those running processes.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
- security.apparmor.enableCache
Whether to enable caching of AppArmor policies in /var/cache/apparmor/.
Beware that AppArmor policies almost always contain Nix store paths, and thus produce at each change of these paths a new cached version accumulating in the cache.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
- security.apparmor.packages
List of packages to be added to AppArmor's include path
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
- security.apparmor.includes
List of paths to be added to AppArmor's searched paths when resolving include directives.
Type: attribute set of strings concatenated with "\n"s
Default: { }
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
- security.apparmor.killUnconfinedConfinables
Whether to enable killing of processes which have an AppArmor profile enabled (in security.apparmor.policies) but are not confined (because AppArmor can only confine new processes).
This is only sending a gracious SIGTERM signal to the processes, not a SIGKILL.
Beware that due to a current limitation of AppArmor, only profiles with exact paths (and no name) can enable such kills.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
- security.apparmor.policies
AppArmor policies.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
- security.apparmor.policies.<name>.enable
Whether to enable loading of the profile into the kernel.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
- security.apparmor.policies.<name>.enforce
Whether to enable enforcing of the policy or only complain in the logs.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
- security.apparmor.policies.<name>.profile
The policy of the profile.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
- security.audit.enable
Whether to enable the Linux audit system. The special `lock' value can be used to enable auditing and prevent disabling it until a restart. Be careful about locking this, as it will prevent you from changing your audit configuration until you restart. If possible, test your configuration using build-vm beforehand.
Type: one of false, true, "lock"
Default: false
Declared by:
<nixpkgs/nixos/modules/security/audit.nix>
- security.audit.backlogLimit
The maximum number of outstanding audit buffers allowed; exceeding this is considered a failure and handled in a manner specified by failureMode.
Type: signed integer
Default: 64
Declared by:
<nixpkgs/nixos/modules/security/audit.nix>
- security.audit.failureMode
How to handle critical errors in the auditing system
Type: one of "silent", "printk", "panic"
Default: "printk"
Declared by:
<nixpkgs/nixos/modules/security/audit.nix>
- security.audit.rateLimit
The maximum messages per second permitted before triggering a failure as specified by failureMode. Setting it to zero disables the limit.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/security/audit.nix>
- security.audit.rules
The ordered audit rules, with each string appearing as one line of the audit.rules file.
Type: list of strings
Default: [ ]
Example: [ "-a exit,always -F arch=b64 -S execve" ]
Declared by:
<nixpkgs/nixos/modules/security/audit.nix>
- security.auditd.enable
Whether to enable the Linux Audit daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/security/auditd.nix>
- security.chromiumSuidSandbox.enable
Whether to install the Chromium SUID sandbox which is an executable that Chromium may use in order to achieve sandboxing.
If you get the error "The SUID sandbox helper binary was found, but is not configured correctly.", turning this on might help.
Also, if the URL chrome://sandbox tells you that "You are not adequately sandboxed!", turning this on might resolve the issue.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/chromium-suid-sandbox.nix>
- security.dhparams.enable
Whether to generate new DH params and clean up old DH params.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
- security.dhparams.defaultBitSize
This allows to override the default bit size for all of the Diffie-Hellman parameters set in security.dhparams.params.
Type: integer of at least 16 bits
Default: 2048
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
- security.dhparams.params
Diffie-Hellman parameters to generate.
The value is the size (in bits) of the DH params to generate. The generated DH params path can be found in config.security.dhparams.params.name.path.
Note
The name of the DH params is taken as being the name of the service it serves and the params will be generated before the said service is started.Warning
If you are removing all dhparams from this list, you have to leave security.dhparams.enable for at least one activation in order to have them be cleaned up. This also means if you rollback to a version without any dhparams the existing ones won't be cleaned up. Of course this only applies if security.dhparams.stateful is true.For module implementers:
It's recommended to not set a specific bit size here, so that users can easily override this by setting security.dhparams.defaultBitSize.Type: attribute set of submodule or signed integer convertible to its
Default: { }
Example: { nginx.bits = 3072; }
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
- security.dhparams.params.<name>.bits
The bit size for the prime that is used during a Diffie-Hellman key exchange.
Type: integer of at least 16 bits
Default: 2048
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
- security.dhparams.params.<name>.path
The resulting path of the generated Diffie-Hellman parameters file for other services to reference. This could be either a store path or a file inside the directory specified by security.dhparams.path.
Type: path (read only)
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
- security.dhparams.path
Path to the directory in which Diffie-Hellman parameters will be stored. This only is relevant if security.dhparams.stateful is true.
Type: string
Default: "/var/lib/dhparams"
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
- security.dhparams.stateful
Whether generation of Diffie-Hellman parameters should be stateful or not. If this is enabled, PEM-encoded files for Diffie-Hellman parameters are placed in the directory specified by security.dhparams.path. Otherwise the files are created within the Nix store.
Note
If this is false the resulting store path will be non-deterministic and will be rebuilt every time the openssl package changes.Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
- security.doas.enable
Whether to enable the doas command, which allows non-root users to execute commands as root.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
- security.doas.extraConfig
Extra configuration text appended to doas.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
- security.doas.extraRules
Define specific rules to be set in the /etc/doas.conf file. More specific rules should come after more general ones in order to yield the expected behavior. You can use mkBefore and/or mkAfter to ensure this is the case when configuration options are merged.
Type: list of submodules
Default: [ ]
Example:
[ # Allow execution of any command by any user in group doas, requiring # a password and keeping any previously-defined environment variables. { groups = [ "doas" ]; noPass = false; keepEnv = true; } # Allow execution of "/home/root/secret.sh" by user `backup` OR user # `database` OR any member of the group with GID `1006`, without a # password. { users = [ "backup" "database" ]; groups = [ 1006 ]; cmd = "/home/root/secret.sh"; noPass = true; } # Allow any member of group `bar` to run `/home/baz/cmd1.sh` as user # `foo` with argument `hello-doas`. { groups = [ "bar" ]; runAs = "foo"; cmd = "/home/baz/cmd1.sh"; args = [ "hello-doas" ]; } # Allow any member of group `bar` to run `/home/baz/cmd2.sh` as user # `foo` with no arguments. { groups = [ "bar" ]; runAs = "foo"; cmd = "/home/baz/cmd2.sh"; args = [ ]; } # Allow user `abusers` to execute "nano" and unset the value of # SSH_AUTH_SOCK, override the value of ALPHA to 1, and inherit the # value of BETA from the current environment. { users = [ "abusers" ]; cmd = "nano"; setEnv = [ "-SSH_AUTH_SOCK" "ALPHA=1" "BETA" ]; } ]Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
- security.doas.extraRules.*.args
Arguments that must be provided to the command. When set to [], the command must be run without any arguments.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
- security.doas.extraRules.*.cmd
The command the user is allowed to run. When set to null (the default), all commands are allowed.
NOTE: It is best practice to specify absolute paths. If a relative path is specified, only a restricted PATH will be searched.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
- security.doas.extraRules.*.groups
The groups / GIDs this rule should apply for.
Type: list of string or signed integers
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
- security.doas.extraRules.*.keepEnv
If true, environment variables other than those listed in doas(1) are kept when creating the environment for the new process.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
- security.doas.extraRules.*.noLog
If true, successful executions will not be logged to syslogd(8).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
- security.doas.extraRules.*.noPass
If true, the user is not required to enter a password.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
- security.doas.extraRules.*.persist
If true, do not ask for a password again for some time after the user successfully authenticates.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
- security.doas.extraRules.*.runAs
Which user or group the specified command is allowed to run as. When set to null (the default), all users are allowed.
A user can be specified using just the username: "foo". It is also possible to only allow running as a specific group with ":bar".
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
- security.doas.extraRules.*.setEnv
Keep or set the specified variables. Variables may also be removed with a leading '-' or set using variable=value. If the first character of value is a '$', the value to be set is taken from the existing environment variable of the indicated name. This option is processed after the default environment has been created.
NOTE: All rules have setenv { SSH_AUTH_SOCK } by default. To prevent SSH_AUTH_SOCK from being inherited, add "-SSH_AUTH_SOCK" anywhere in this list.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
- security.doas.extraRules.*.users
The usernames / UIDs this rule should apply for.
Type: list of string or signed integers
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
- security.doas.wheelNeedsPassword
Whether users of the wheel group must provide a password to run commands as super user via doas.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
- security.duosec.acceptEnvFactor
Look for factor selection or passcode in the $DUO_PASSCODE environment variable before prompting the user for input.
When $DUO_PASSCODE is non-empty, it will override autopush. The SSH client will need SendEnv DUO_PASSCODE in its configuration, and the SSH server will similarly need AcceptEnv DUO_PASSCODE.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
- security.duosec.allowTcpForwarding
By default, when SSH forwarding, enabling Duo Security will disable TCP forwarding. By enabling this, you potentially undermine some of the SSH based login security. Note this is not needed if you use PAM.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
- security.duosec.autopush
If true, Duo Unix will automatically send a push login request to the user’s phone, falling back on a phone call if push is unavailable. If false, the user will be prompted to choose an authentication method. When configured with autopush = yes, we recommend setting prompts = 1.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
- security.duosec.failmode
On service or configuration errors that prevent Duo authentication, fail "safe" (allow access) or "secure" (deny access). The default is "safe".
Type: one of "safe", "secure"
Default: "safe"
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
- security.duosec.fallbackLocalIP
Duo Unix reports the IP address of the authorizing user, for the purposes of authorization and whitelisting. If Duo Unix cannot detect the IP address of the client, setting fallbackLocalIP = yes will cause Duo Unix to send the IP address of the server it is running on.
If you are using IP whitelisting, enabling this option could cause unauthorized logins if the local IP is listed in the whitelist.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
- security.duosec.groups
If specified, Duo authentication is required only for users whose primary group or supplementary group list matches one of the space-separated pattern lists. Refer to https://duo.com/docs/duounix for details.
Type: string
Default: ""
Example: "users,!wheel,!*admin guests"
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
- security.duosec.host
Duo API hostname.
Type: string
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
- security.duosec.integrationKey
Integration key.
Type: string
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
- security.duosec.motd
Print the contents of /etc/motd to screen after a successful login.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
- security.duosec.pam.enable
If enabled, protect logins with Duo Security using PAM support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
- security.duosec.prompts
If a user fails to authenticate with a second factor, Duo Unix will prompt the user to authenticate again. This option sets the maximum number of prompts that Duo Unix will display before denying access. Must be 1, 2, or 3. Default is 3.
For example, when prompts = 1, the user will have to successfully authenticate on the first prompt, whereas if prompts = 2, if the user enters incorrect information at the initial prompt, he/she will be prompted to authenticate again.
When configured with autopush = true, we recommend setting prompts = 1.
Type: one of 1, 2, 3
Default: 3
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
- security.duosec.pushinfo
Include information such as the command to be executed in the Duo Push message.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
- security.duosec.secretKeyFile
A file containing your secret key. The security of your Duo application is tied to the security of your secret key.
Type: null or path
Default: null
Example: "/run/keys/duo-skey"
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
- security.duosec.ssh.enable
If enabled, protect SSH logins with Duo Security.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
- security.forcePageTableIsolation
Whether to force-enable the Page Table Isolation (PTI) Linux kernel feature even on CPU models that claim to be safe from Meltdown.
This hardening feature is most beneficial to systems that run untrusted workloads that rely on address space isolation for security.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/misc.nix>
- security.googleOsLogin.enable
Whether to enable Google OS Login
The OS Login package enables the following components: AuthorizedKeysCommand to query valid SSH keys from the user's OS Login profile during ssh authentication phase. NSS Module to provide user and group information PAM Module for the sshd service, providing authorization and authentication support, allowing the system to use data stored in Google Cloud IAM permissions to control both, the ability to log into an instance, and to perform operations as root (sudo).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/google_oslogin.nix>
- security.lockKernelModules
Disable kernel module loading once the system is fully initialised. Module loading is disabled until the next reboot. Problems caused by delayed module loading can be fixed by adding the module(s) in question to boot.kernelModules.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/lock-kernel-modules.nix>
- security.pam.enableEcryptfs
Whether to enable eCryptfs PAM module (mounting ecryptfs home directory on login).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.enableOTPW
Whether to enable the OTPW (one-time password) PAM module.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.enableSSHAgentAuth
Enable sudo logins if the user's SSH agent provides a key present in ~/.ssh/authorized_keys. This allows machines to exclusively use SSH keys instead of passwords.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.loginLimits
Define resource limits that should apply to users or groups. Each item in the list should be an attribute set with a domain, type, item, and value attribute. The syntax and semantics of these attributes must be that described in the limits.conf(5) man page.
Note that these limits do not apply to systemd services, whose limits can be changed via systemd.extraConfig instead.
Type: unspecified
Default: [ ]
Example: [ { domain = "ftp"; item = "nproc"; type = "hard"; value = "0"; } { domain = "@student"; item = "maxlogins"; type = "-"; value = "4"; } ]
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.makeHomeDir.skelDirectory
Path to skeleton directory whose contents are copied to home directories newly created by pam_mkhomedir.
Type: string
Default: "/var/empty"
Example: "/etc/skel"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.mount.enable
Enable PAM mount system to mount fileystems on user login.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
- security.pam.mount.additionalSearchPaths
Additional programs to include in the search path of pam_mount. Useful for example if you want to use some FUSE filesystems like bindfs.
Type: list of packages
Default: [ ]
Example: [ pkgs.bindfs ]
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
- security.pam.mount.extraVolumes
List of volume definitions for pam_mount. For more information, visit http://pam-mount.sourceforge.net/pam_mount.conf.5.html.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
- security.pam.mount.fuseMountOptions
Global mount options that apply to every FUSE volume. You can define volume-specific options in the volume definitions.
Type: list of strings
Default: [ ]
Example:
[ "nodev" "nosuid" "force-user=%(USER)" "gid=%(USERGID)" "perms=0700" "chmod-deny" "chown-deny" "chgrp-deny" ]
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
- security.pam.oath.enable
Enable the OATH (one-time password) PAM module.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/oath.nix>
- security.pam.oath.digits
Specify the length of the one-time password in number of digits.
Type: one of 6, 7, 8
Default: 6
Declared by:
<nixpkgs/nixos/modules/security/oath.nix>
- security.pam.oath.usersFile
Set the path to file where the user's credentials are stored. This file must not be world readable!
Type: path
Default: "/etc/users.oath"
Declared by:
<nixpkgs/nixos/modules/security/oath.nix>
- security.pam.oath.window
Specify the number of one-time passwords to check in order to accommodate for situations where the system and the client are slightly out of sync (iteration for HOTP or time steps for TOTP).
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/security/oath.nix>
- security.pam.p11.enable
Enables P11 PAM (pam_p11) module.
If set, users can log in with SSH keys and PKCS#11 tokens.
More information can be found here.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.p11.control
This option sets pam "control". If you want to have multi factor authentication, use "required". If you want to use the PKCS#11 device instead of the regular password, use "sufficient".
Read pam.conf(5) for better understanding of this option.
Type: one of "required", "requisite", "sufficient", "optional"
Default: "sufficient"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services
This option defines the PAM services. A service typically corresponds to a program that uses PAM, e.g. login or passwd. Each attribute of this set defines a PAM service, with the attribute name defining the name of the service.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.enableAppArmor
Enable support for attaching AppArmor profiles at the user/group level, e.g., as part of a role based access control scheme.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.enableGnomeKeyring
If enabled, pam_gnome_keyring will attempt to automatically unlock the user's default Gnome keyring upon login. If the user login password does not match their keyring password, Gnome Keyring will prompt separately after login.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.enableKwallet
If enabled, pam_wallet will attempt to automatically unlock the user's default KDE wallet upon login. If the user has no wallet named "kdewallet", or the login password does not match their wallet password, KDE will prompt separately after login.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.allowNullPassword
Whether to allow logging into accounts that have no password set (i.e., have an empty password field in /etc/passwd or /etc/group). This does not enable logging into disabled accounts (i.e., that have the password field set to !). Note that regardless of what the pam_unix documentation says, accounts with hashed empty passwords are always allowed to log in.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.duoSecurity.enable
If set, use the Duo Security pam module pam_duo for authentication. Requires configuration of security.duosec options.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.forwardXAuth
Whether X authentication keys should be passed from the calling user to the target user (e.g. for su)
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.fprintAuth
If set, fingerprint reader will be used (if exists and your fingerprints are enrolled).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.gnupg.enable
If enabled, pam_gnupg will attempt to automatically unlock the user's GPG keys with the login password via gpg-agent. The keygrips of all keys to be unlocked should be written to ~/.pam-gnupg, and can be queried with gpg -K --with-keygrip. Presetting passphrases must be enabled by adding allow-preset-passphrase in ~/.gnupg/gpg-agent.conf.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.gnupg.noAutostart
Don't start gpg-agent if it is not running. Useful in conjunction with starting gpg-agent as a systemd user service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.gnupg.storeOnly
Don't send the password immediately after login, but store for PAM session.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.googleAuthenticator.enable
If set, users with enabled Google Authenticator (created ~/.google_authenticator) will be required to provide Google Authenticator token to log in.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.googleOsLoginAccountVerification
If set, will use the Google OS Login PAM modules (pam_oslogin_login, pam_oslogin_admin) to verify possible OS Login users and set sudoers configuration accordingly. This only makes sense to enable for the sshd PAM service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.googleOsLoginAuthentication
If set, will use the pam_oslogin_login's user authentication methods to authenticate users using 2FA. This only makes sense to enable for the sshd PAM service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.limits
Attribute set describing resource limits. Defaults to the value of security.pam.loginLimits.
Type: unspecified
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.logFailures
Whether to log authentication failures in /var/log/faillog.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.makeHomeDir
Whether to try to create home directories for users with $HOMEs pointing to nonexistent locations on session login.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.name
Name of the PAM service.
Type: string
Example: "sshd"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.nodelay
Wheather the delay after typing a wrong password should be disabled.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.oathAuth
If set, the OATH Toolkit will be used.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.otpwAuth
If set, the OTPW system will be used (if ~/.otpw exists).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.p11Auth
If set, keys listed in ~/.ssh/authorized_keys and ~/.eid/authorized_certificates can be used to log in with the associated PKCS#11 tokens.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.pamMount
Enable PAM mount (pam_mount) system to mount fileystems on user login.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.requireWheel
Whether to permit root access only to members of group wheel.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.rootOK
If set, root doesn't need to authenticate (e.g. for the useradd service).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.setEnvironment
Whether the service should set the environment variables listed in environment.sessionVariables using pam_env.so.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.setLoginUid
Set the login uid of the process (/proc/self/loginuid) for auditing purposes. The login uid is only set by ‘entry points’ like login and sshd, not by commands like sudo.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.showMotd
Whether to show the message of the day.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.sshAgentAuth
If set, the calling user's SSH agent is used to authenticate against the keys in the calling user's ~/.ssh/authorized_keys. This is useful for sudo on password-less remote systems.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.sssdStrictAccess
enforce sssd access control
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.startSession
If set, the service will register a new session with systemd's login manager. For local sessions, this will give the user access to audio devices, CD-ROM drives. In the default PolicyKit configuration, it also allows the user to reboot the system.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.text
Contents of the PAM service file.
Type: null or strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.ttyAudit.enable
Enable or disable TTY auditing for specified users
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.ttyAudit.enablePattern
For each user matching one of comma-separated glob patterns, enable TTY auditing
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.ttyAudit.disablePattern
For each user matching one of comma-separated glob patterns, disable TTY auditing
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.ttyAudit.openOnly
Set the TTY audit flag when opening the session, but do not restore it when closing the session. Using this option is necessary for some services that don't fork() to run the authenticated session, such as sudo.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.u2fAuth
If set, users listed in $XDG_CONFIG_HOME/Yubico/u2f_keys (or $HOME/.config/Yubico/u2f_keys if XDG variable is not set) are able to log in with the associated U2F key. Path can be changed using security.pam.u2f.authFile option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.unixAuth
Whether users can log in with passwords defined in /etc/shadow.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.updateWtmp
Whether to update /var/log/wtmp.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.usbAuth
If set, users listed in /etc/pamusb.conf are able to log in with the associated USB key.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.services.<name>.yubicoAuth
If set, users listed in ~/.yubico/authorized_yubikeys are able to log in with the associated Yubikey tokens.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.u2f.enable
Enables U2F PAM (pam-u2f) module.
If set, users listed in $XDG_CONFIG_HOME/Yubico/u2f_keys (or $HOME/.config/Yubico/u2f_keys if XDG variable is not set) are able to log in with the associated U2F key. The path can be changed using security.pam.u2f.authFile option.
File format is: username:first_keyHandle,first_public_key: second_keyHandle,second_public_key This file can be generated using pamu2fcfg command.
More information can be found here.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.u2f.appId
By default pam-u2f module sets the application ID to pam://$HOSTNAME.
When using pamu2fcfg, you can specify your application ID with the -i flag.
More information can be found here
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.u2f.authFile
By default pam-u2f module reads the keys from $XDG_CONFIG_HOME/Yubico/u2f_keys (or $HOME/.config/Yubico/u2f_keys if XDG variable is not set).
If you want to change auth file locations or centralize database (for example use /etc/u2f-mappings) you can set this option.
File format is: username:first_keyHandle,first_public_key: second_keyHandle,second_public_key This file can be generated using pamu2fcfg command.
More information can be found here.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.u2f.control
This option sets pam "control". If you want to have multi factor authentication, use "required". If you want to use U2F device instead of regular password, use "sufficient".
Read pam.conf(5) for better understanding of this option.
Type: one of "required", "requisite", "sufficient", "optional"
Default: "sufficient"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.u2f.cue
By default pam-u2f module does not inform user that he needs to use the u2f device, it just waits without a prompt.
If you set this option to true, cue option is added to pam-u2f module and reminder message will be displayed.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.u2f.debug
Debug output to stderr.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.u2f.interactive
Set to prompt a message and wait before testing the presence of a U2F device. Recommended if your device doesn’t have a tactile trigger.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.usb.enable
Enable USB login for all login systems that support it. For more information, visit https://github.com/aluzzardi/pam_usb/wiki/Getting-Started#setting-up-devices-and-users.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam_usb.nix>
- security.pam.yubico.enable
Enables Yubico PAM (yubico-pam) module.
If set, users listed in ~/.yubico/authorized_yubikeys are able to log in with the associated Yubikey tokens.
The file must have only one line: username:yubikey_token_id1:yubikey_token_id2 More information can be found here.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.yubico.challengeResponsePath
If not null, set the path used by yubico pam module where the challenge expected response is stored.
More information can be found here.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.yubico.control
This option sets pam "control". If you want to have multi factor authentication, use "required". If you want to use Yubikey instead of regular password, use "sufficient".
Read pam.conf(5) for better understanding of this option.
Type: one of "required", "requisite", "sufficient", "optional"
Default: "sufficient"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.yubico.debug
Debug output to stderr.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.yubico.id
client id
Type: string
Example: "42"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pam.yubico.mode
Mode of operation.
Use "client" for online validation with a YubiKey validation service such as the YubiCloud.
Use "challenge-response" for offline validation using YubiKeys with HMAC-SHA-1 Challenge-Response configurations. See the man-page ykpamcfg(1) for further details on how to configure offline Challenge-Response validation.
More information can be found here.
Type: one of "client", "challenge-response"
Default: "client"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- security.pki.caCertificateBlacklist
A list of blacklisted CA certificate names that won't be imported from the Mozilla Trust Store into /etc/ssl/certs/ca-certificates.crt. Use the names from that file.
Type: list of strings
Default: [ ]
Example: [ "WoSign" "WoSign China" "CA WoSign ECC Root" "Certification Authority of WoSign G2" ]
Declared by:
<nixpkgs/nixos/modules/security/ca.nix>
- security.pki.certificateFiles
A list of files containing trusted root certificates in PEM format. These are concatenated to form /etc/ssl/certs/ca-certificates.crt, which is used by many programs that use OpenSSL, such as curl and git.
Type: list of paths
Default: [ ]
Example: [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]
Declared by:
<nixpkgs/nixos/modules/security/ca.nix>
- security.pki.certificates
A list of trusted root certificates in PEM format.
Type: list of strings
Default: [ ]
Example:
[ '' NixOS.org ========= -----BEGIN CERTIFICATE----- MIIGUDCCBTigAwIBAgIDD8KWMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0 ... -----END CERTIFICATE----- '' ]Declared by:
<nixpkgs/nixos/modules/security/ca.nix>
- security.polkit.enable
Whether to enable PolKit.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/polkit.nix>
- security.polkit.adminIdentities
Specifies which users are considered “administrators”, for those actions that require the user to authenticate as an administrator (i.e. have an auth_admin value). By default, this is all users in the wheel group.
Type: list of strings
Default: [ "unix-group:wheel" ]
Example: [ "unix-user:alice" "unix-group:admin" ]
Declared by:
<nixpkgs/nixos/modules/security/polkit.nix>
- security.polkit.extraConfig
Any polkit rules to be added to config (in JavaScript ;-). See: http://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html#polkit-rules
Type: strings concatenated with "\n"
Default: ""
Example:
'' /* Log authorization checks. */ polkit.addRule(function(action, subject) { polkit.log("user " + subject.user + " is attempting action " + action.id + " from PID " + subject.pid); }); /* Allow any local user to do anything (dangerous!). */ polkit.addRule(function(action, subject) { if (subject.local) return "yes"; }); ''Declared by:
<nixpkgs/nixos/modules/security/polkit.nix>
- security.protectKernelImage
Whether to prevent replacing the running kernel image.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/misc.nix>
- security.rtkit.enable
Whether to enable the RealtimeKit system service, which hands out realtime scheduling priority to user processes on demand. For example, the PulseAudio server uses this to acquire realtime priority.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/rtkit.nix>
- security.sudo.enable
Whether to enable the sudo command, which allows non-root users to execute commands as root.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
- security.sudo.package
Which package to use for `sudo`.
Type: package
Default: pkgs.sudo
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
- security.sudo.configFile
This string contains the contents of the sudoers file.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
- security.sudo.execWheelOnly
Only allow members of the wheel group to execute sudo by setting the executable's permissions accordingly. This prevents users that are not members of wheel from exploiting vulnerabilities in sudo such as CVE-2021-3156.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
- security.sudo.extraConfig
Extra configuration text appended to sudoers.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
- security.sudo.extraRules
Define specific rules to be in the sudoers file. More specific rules should come after more general ones in order to yield the expected behavior. You can use mkBefore/mkAfter to ensure this is the case when configuration options are merged.
Type: list of submodules
Default: [ ]
Example:
[ # Allow execution of any command by all users in group sudo, # requiring a password. { groups = [ "sudo" ]; commands = [ "ALL" ]; } # Allow execution of "/home/root/secret.sh" by user `backup`, `database` # and the group with GID `1006` without a password. { users = [ "backup" "database" ]; groups = [ 1006 ]; commands = [ { command = "/home/root/secret.sh"; options = [ "SETENV" "NOPASSWD" ]; } ]; } # Allow all users of group `bar` to run two executables as user `foo` # with arguments being pre-set. { groups = [ "bar" ]; runAs = "foo"; commands = [ "/home/baz/cmd1.sh hello-sudo" { command = ''/home/baz/cmd2.sh ""''; options = [ "SETENV" ]; } ]; } ]Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
- security.sudo.extraRules.*.commands
The commands for which the rule should apply.
Type: list of string or submodules
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
- security.sudo.extraRules.*.groups
The groups / GIDs this rule should apply for.
Type: list of string or signed integers
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
- security.sudo.extraRules.*.host
For what host this rule should apply.
Type: string
Default: "ALL"
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
- security.sudo.extraRules.*.runAs
Under which user/group the specified command is allowed to run.
A user can be specified using just the username: "foo". It is also possible to specify a user/group combination using "foo:bar" or to only allow running as a specific group with ":bar".
Type: string
Default: "ALL:ALL"
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
- security.sudo.extraRules.*.users
The usernames / UIDs this rule should apply for.
Type: list of string or signed integers
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
- security.sudo.wheelNeedsPassword
Whether users of the wheel group must provide a password to run commands as super user via sudo.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
- security.tpm2.enable
Whether to enable Trusted Platform Module 2 support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
- security.tpm2.abrmd.enable
Whether to enable Trusted Platform 2 userspace resource manager daemon .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
- security.tpm2.abrmd.package
tpm2-abrmd package to use
Type: package
Default: pkgs.tpm2-abrmd
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
- security.tpm2.applyUdevRules
Whether to make the /dev/tpm[0-9] devices accessible by the tssUser, or the /dev/tpmrm[0-9] by tssGroup respectively
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
- security.tpm2.pkcs11.enable
Whether to enable TPM2 PKCS#11 tool and shared library in system path (/run/current-system/sw/lib/libtpm2_pkcs11.so) .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
- security.tpm2.pkcs11.package
tpm2-pkcs11 package to use
Type: package
Default: pkgs.tpm2-pkcs11
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
- security.tpm2.tctiEnvironment.enable
Set common TCTI environment variables to the specified value. The variables are
- TPM2TOOLS_TCTI
- TPM2_PKCS11_TCTI
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
- security.tpm2.tctiEnvironment.deviceConf
Configuration part of the device TCTI, e.g. the path to the TPM device. Applies if interface is set to "device". The format is specified in the tpm2-tools repository.
Type: string
Default: "/dev/tpmrm0"
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
- security.tpm2.tctiEnvironment.interface
The name of the TPM command transmission interface (TCTI) library to use.
Type: one of "tabrmd", "device"
Default: "device"
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
- security.tpm2.tctiEnvironment.tabrmdConf
Configuration part of the tabrmd TCTI, like the D-Bus bus name. Applies if interface is set to "tabrmd". The format is specified in the tpm2-tools repository.
Type: string
Default: "bus_name=com.intel.tss2.Tabrmd"
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
- security.tpm2.tssGroup
Group of the tpm kernel resource manager (tpmrm) device-group, set if applyUdevRules is set.
Type: null or string
Default: "tss"
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
- security.tpm2.tssUser
Name of the tpm device-owner and service user, set if applyUdevRules is set.
Type: null or string
Default: if config.security.tpm2.abrmd.enable then "tss" else "root"
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
- security.unprivilegedUsernsClone
When disabled, unprivileged users will not be able to create new namespaces. By default unprivileged user namespaces are disabled. This option only works in a hardened profile.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/misc.nix>
- security.virtualisation.flushL1DataCache
Whether the hypervisor should flush the L1 data cache before entering guests. See also security.allowSimultaneousMultithreading.
- null
uses the kernel default
- "never"
disables L1 data cache flushing entirely. May be appropriate if all guests are trusted.
- "cond"
flushes L1 data cache only for pre-determined code paths. May leak information about the host address space layout.
- "always"
flushes L1 data cache every time the hypervisor enters the guest. May incur significant performance cost.
Type: null or one of "never", "cond", "always"
Default: null
Declared by:
<nixpkgs/nixos/modules/security/misc.nix>
- security.wrappers
This option effectively allows adding setuid/setgid bits, capabilities, changing file ownership and permissions of a program without directly modifying it. This works by creating a wrapper program under the security.wrapperDir directory, which is then added to the shell PATH.
Type: attribute set of submodules
Default: { }
Example:
{ # a setuid root program doas = { setuid = true; owner = "root"; group = "root"; source = "${pkgs.doas}/bin/doas"; }; # a setgid program locate = { setgid = true; owner = "root"; group = "mlocate"; source = "${pkgs.locate}/bin/locate"; }; # a program with the CAP_NET_RAW capability ping = { owner = "root"; group = "root"; capabilities = "cap_net_raw+ep"; source = "${pkgs.iputils.out}/bin/ping"; }; }Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
- security.wrappers.<name>.capabilities
A comma-separated list of capabilities to be given to the wrapper program. For capabilities supported by the system check the capabilities(7) manual page.
Note
cap_setpcap, which is required for the wrapper program to be able to raise caps into the Ambient set is NOT raised to the Ambient set so that the real program cannot modify its own capabilities!! This may be too restrictive for cases in which the real program needs cap_setpcap but it at least leans on the side security paranoid vs. too relaxed.Type: strings concatenated with ","
Default: ""
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
- security.wrappers.<name>.group
The group of the wrapper program.
Type: string
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
- security.wrappers.<name>.owner
The owner of the wrapper program.
Type: string
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
- security.wrappers.<name>.permissions
The permissions of the wrapper program. The format is that of a symbolic or numeric file mode understood by chmod.
Type: file mode string
Default: "u+rx,g+x,o+x"
Example: "a+rx"
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
- security.wrappers.<name>.program
The name of the wrapper program. Defaults to the attribute name.
Type: null or string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
- security.wrappers.<name>.setgid
Whether to add the setgid bit the wrapper program.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
- security.wrappers.<name>.setuid
Whether to add the setuid bit the wrapper program.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
- security.wrappers.<name>.source
The absolute path to the program to be wrapped.
Type: path
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
- services.packagekit.enable
Whether to enable PackageKit provides a cross-platform D-Bus abstraction layer for installing software. Software utilizing PackageKit can install software regardless of the package manager. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/packagekit.nix>
- services.packagekit.settings
Additional settings passed straight through to PackageKit.conf
Type: attribute set of attribute set of INI atom (null, bool, int, float or string)ss
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/packagekit.nix>
- services.packagekit.vendorSettings
Additional settings passed straight through to Vendor.conf
Type: attribute set of attribute set of INI atom (null, bool, int, float or string)ss
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/packagekit.nix>
- services.SystemdJournal2Gelf.enable
Whether to enable SystemdJournal2Gelf.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/logging/SystemdJournal2Gelf.nix>
- services.SystemdJournal2Gelf.package
SystemdJournal2Gelf package to use.
Type: package
Default: pkgs.systemd-journal2gelf
Declared by:
<nixpkgs/nixos/modules/services/logging/SystemdJournal2Gelf.nix>
- services.SystemdJournal2Gelf.extraOptions
Any extra flags to pass to SystemdJournal2Gelf. Note that these are basically journalctl flags.
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/logging/SystemdJournal2Gelf.nix>
- services.SystemdJournal2Gelf.graylogServer
Host and port of your graylog2 input. This should be a GELF UDP input.
Type: string
Example: "graylog2.example.com:11201"
Declared by:
<nixpkgs/nixos/modules/services/logging/SystemdJournal2Gelf.nix>
- services._3proxy.enable
Whether to enable 3proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services._3proxy.confFile
Ignore all other 3proxy options and load configuration from this file.
Type: path
Example: "/var/lib/3proxy/3proxy.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services._3proxy.denyPrivate
Whether to deny access to private IP ranges including loopback.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services._3proxy.extraConfig
Extra configuration, appended to the 3proxy configuration file. Consult documentation for available options.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services._3proxy.privateRanges
What IP ranges to deny access when denyPrivate is set tu true.
Type: list of strings
Default: [ "0.0.0.0/8" "127.0.0.0/8" "10.0.0.0/8" "100.64.0.0/10" "172.16.0.0/12" "192.168.0.0/16" "::" "::1" "fc00::/7" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services._3proxy.resolution
Use this option to configure name resolution and DNS caching.
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services._3proxy.resolution.nscache
Set name cache size for IPv4.
Type: signed integer
Default: 65535
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services._3proxy.resolution.nscache6
Set name cache size for IPv6.
Type: signed integer
Default: 65535
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services._3proxy.resolution.nserver
List of nameservers to use.
Up to 5 nservers may be specified. If no nserver is configured, default system name resolution functions are used.
Type: list of strings
Default: [ ]
Example: [ "127.0.0.53" "192.168.1.3:5353/tcp" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services._3proxy.resolution.nsrecord
Adds static nsrecords.
Type: attribute set of strings
Default: { }
Example:
{ "files.local" = "192.168.1.12"; "site.local" = "192.168.1.43"; }Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services._3proxy.services
Use this option to define 3proxy services.
Type: list of submodules
Default: [ ]
Example:
[ { type = "proxy"; bindAddress = "192.168.1.24"; bindPort = 3128; auth = [ "none" ]; } { type = "proxy"; bindAddress = "10.10.1.20"; bindPort = 3128; auth = [ "iponly" ]; } { type = "socks"; bindAddress = "172.17.0.1"; bindPort = 1080; auth = [ "strong" ]; } ]Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services._3proxy.services.*.acl
Use this option to limit user access to resources.
Type: list of submodules
Default: [ ]
Example:
[ { rule = "allow"; users = [ "user1" ]; } { rule = "allow"; sources = [ "192.168.1.0/24" ]; } { rule = "deny"; } ]Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services._3proxy.services.*.acl.*.rule
ACL rule. The following values are valid:
- "allow": connections allowed.
- "deny": connections not allowed.
Type: one of "allow", "deny"
Example: "allow"
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services._3proxy.services.*.acl.*.sources
List of source IP range, use empty list for any.
Type: list of strings
Default: [ ]
Example: [ "127.0.0.1" "192.168.1.0/24" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services._3proxy.services.*.acl.*.targetPorts
List of target ports, use empty list for any.
Type: list of signed integers
Default: [ ]
Example: [ 80 443 ]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services._3proxy.services.*.acl.*.targets
List of target IP ranges, use empty list for any. May also contain host names instead of addresses. It's possible to use wildmask in the begginning and in the the end of hostname, e.g. *badsite.com or *badcontent*. Hostname is only checked if hostname presents in request.
Type: list of strings
Default: [ ]
Example: [ "127.0.0.1" "192.168.1.0/24" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services._3proxy.services.*.acl.*.users
List of users, use empty list for any.
Type: list of strings
Default: [ ]
Example: [ "user1" "user2" "user3" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services._3proxy.services.*.auth
Authentication type. The following values are valid:
- "none": disables both authentication and authorization. You can not use ACLs.
- "iponly": specifies no authentication. ACLs authorization is used.
- "strong": authentication by username/password. If user is not registered their access is denied regardless of ACLs.
Double authentication is possible, e.g.
{ auth = [ "iponly" "strong" ]; acl = [ { rule = "allow"; targets = [ "192.168.0.0/16" ]; } { rule = "allow" users = [ "user1" "user2" ]; } ]; } In this example strong username authentication is not required to access 192.168.0.0/16.
Type: list of one of "none", "iponly", "strong"s
Example: [ "iponly" "strong" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services._3proxy.services.*.bindAddress
Address used for service.
Type: string
Default: "[::]"
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services._3proxy.services.*.bindPort
Override default port used for service.
Type: null or signed integer
Default: null
Example: 3128
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services._3proxy.services.*.extraArguments
Extra arguments for service. Consult "Options" section in documentation for available arguments.
Type: null or string
Default: null
Example: "-46"
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services._3proxy.services.*.extraConfig
Extra configuration for service. Use this to configure things like bandwidth limiter or ACL-based redirection. Consult documentation for available options.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services._3proxy.services.*.maxConnections
Maximum number of simulationeous connections to this service.
Type: signed integer
Default: 100
Example: 1000
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services._3proxy.services.*.type
Service type. The following values are valid:
- "proxy": HTTP/HTTPS proxy (default port 3128).
- "socks": SOCKS 4/4.5/5 proxy (default port 1080).
- "pop3p": POP3 proxy (default port 110).
- "ftppr": FTP proxy (default port 21).
- "admin": Web interface (default port 80).
- "dnspr": Caching DNS proxy (default port 53).
- "tcppm": TCP portmapper.
- "udppm": UDP portmapper.
Type: one of "proxy", "socks", "pop3p", "ftppr", "admin", "dnspr", "tcppm", "udppm"
Example: "proxy"
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services._3proxy.usersFile
Load users and passwords from this file.
Example users file with plain-text passwords:
test1:CL:password1 test2:CL:password2
Example users file with md5-crypted passwords:
test1:CR:$1$tFkisVd2$1GA8JXkRmTXdLDytM/i3a1 test2:CR:$1$rkpibm5J$Aq1.9VtYAn0JrqZ8M.1ME.
You can generate md5-crypted passwords via https://unix4lyfe.org/crypt/ Note that htpasswd tool generates incompatible md5-crypted passwords. Consult documentation for more information.
Type: null or path
Default: null
Example: "/var/lib/3proxy/3proxy.passwd"
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
- services.accounts-daemon.enable
Whether to enable AccountsService, a DBus service for accessing the list of user accounts and information attached to those accounts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/accountsservice.nix>
- services.acpid.enable
Whether to enable the ACPI daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
- services.acpid.acEventCommands
Shell commands to execute on an ac_adapter.* event.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
- services.acpid.handlers
Event handlers.
Note
Handler can be a single command.Type: attribute set of submodules
Default: { }
Example: { ac-power = { action = "vals=($1) # space separated string to array of multiple values\ncase \${vals[3]} in\n 00000000)\n echo unplugged >> /tmp/acpi.log\n ;;\n 00000001)\n echo plugged in >> /tmp/acpi.log\n ;;\n *)\n echo unknown >> /tmp/acpi.log\n ;;\nesac\n"; event = "ac_adapter/*"; } ; }
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
- services.acpid.handlers.<name>.action
Shell commands to execute when the event is triggered.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
- services.acpid.handlers.<name>.event
Event type.
Type: string
Example: "button/power.*" "button/lid.*" "ac_adapter.*" "button/mute.*" "button/volumedown.*" "cd/play.*" "cd/next.*"
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
- services.acpid.lidEventCommands
Shell commands to execute on a button/lid.* event.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
- services.acpid.logEvents
Log all event activity.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
- services.acpid.powerEventCommands
Shell commands to execute on a button/power.* event.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
- services.activemq.enable
Enable the Apache ActiveMQ message broker service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
- services.activemq.baseDir
The base directory where ActiveMQ stores its persistent data and logs. This will be overridden if you set "activemq.base" and "activemq.data" in the javaProperties option. You can also override this in activemq.xml.
Type: string
Default: "/var/activemq"
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
- services.activemq.configurationDir
The base directory for ActiveMQ's configuration. By default, this directory is searched for a file named activemq.xml, which should contain the configuration for the broker service.
Type: string
Default: "${pkgs.activemq}/conf"
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
- services.activemq.configurationURI
The URI that is passed along to the BrokerFactory to set up the configuration of the ActiveMQ broker service. You should not need to change this. For custom configuration, set the configurationDir instead, and create an activemq.xml configuration file in it.
Type: string
Default: "xbean:activemq.xml"
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
- services.activemq.extraJavaOptions
Add extra options here that you want to be sent to the Java runtime when the broker service is started.
Type: strings concatenated with " "
Default: ""
Example: "-Xmx2G -Xms2G -XX:MaxPermSize=512M"
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
- services.activemq.javaProperties
Specifies Java properties that are sent to the ActiveMQ broker service with the "-D" option. You can set properties here to change the behaviour and configuration of the broker. All essential properties that are not set here are automatically given reasonable defaults.
Type: attribute set
Default: { }
Example:
{ "java.net.preferIPv4Stack" = "true"; }Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
- services.actkbd.enable
Whether to enable the actkbd key mapping daemon.
Turning this on will start an actkbd instance for every evdev input that has at least one key (which is okay even for systems with tiny memory footprint, since actkbd normally uses <100 bytes of memory per instance).
This allows binding keys globally without the need for e.g. X11.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
- services.actkbd.bindings
Key bindings for actkbd.
See actkbd README for documentation.
The example shows a piece of what sound.mediaKeys.enable does when enabled.
Type: list of submodules
Default: [ ]
Example:
[ { keys = [ 113 ]; events = [ "key" ]; command = "${pkgs.alsa-utils}/bin/amixer -q set Master toggle"; } ]Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
- services.actkbd.bindings.*.attributes
List of attributes.
Type: list of strings
Default: [ "exec" ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
- services.actkbd.bindings.*.command
What to run.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
- services.actkbd.bindings.*.events
List of events to match.
Type: list of one of "key", "rep", "rel"s
Default: [ "key" ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
- services.actkbd.bindings.*.keys
List of keycodes to match.
Type: list of signed integers
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
- services.actkbd.extraConfig
Literal contents to append to the end of actkbd configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
- services.adguardhome.enable
Whether to enable AdGuard Home network-wide ad blocker.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/adguardhome.nix>
- services.adguardhome.extraArgs
Extra command line parameters to be passed to the adguardhome binary.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/adguardhome.nix>
- services.adguardhome.host
Host address to bind HTTP server to.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/adguardhome.nix>
- services.adguardhome.openFirewall
Open ports in the firewall for the AdGuard Home web interface. Does not open the port needed to access the DNS resolver.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/adguardhome.nix>
- services.adguardhome.port
Port to serve HTTP pages on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/networking/adguardhome.nix>
- services.aerospike.enable
Whether to enable Aerospike server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/aerospike.nix>
- services.aerospike.package
Which Aerospike derivation to use
Type: package
Default: pkgs.aerospike
Declared by:
<nixpkgs/nixos/modules/services/databases/aerospike.nix>
- services.aerospike.extraConfig
Extra configuration
Type: strings concatenated with "\n"
Default: ""
Example:
'' namespace test { replication-factor 2 memory-size 4G default-ttl 30d storage-engine memory } ''Declared by:
<nixpkgs/nixos/modules/services/databases/aerospike.nix>
- services.aerospike.networkConfig
network section of configuration file
Type: strings concatenated with "\n"
Default:
'' service { address any port 3000 } heartbeat { address any mode mesh port 3002 interval 150 timeout 10 } fabric { address any port 3001 } info { address any port 3003 } ''Declared by:
<nixpkgs/nixos/modules/services/databases/aerospike.nix>
- services.aerospike.workDir
Location where Aerospike stores its files
Type: string
Default: "/var/lib/aerospike"
Declared by:
<nixpkgs/nixos/modules/services/databases/aerospike.nix>
- services.airsonic.enable
Whether to enable Airsonic, the Free and Open Source media streaming server (fork of Subsonic and Libresonic).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
- services.airsonic.contextPath
The context path, i.e., the last part of the Airsonic URL. Typically '/' or '/airsonic'. Default '/'
Type: path
Default: "/"
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
- services.airsonic.home
The directory where Airsonic will create files. Make sure it is writable.
Type: path
Default: "/var/lib/airsonic"
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
- services.airsonic.jre
JRE package to use.
Airsonic only supports Java 8, airsonic-advanced requires at least Java 11.
Type: package
Default: pkgs.jre8
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
- services.airsonic.jvmOptions
Extra command line options for the JVM running AirSonic. Useful for sending jukebox output to non-default alsa devices.
Type: list of strings
Default: [ ]
Example: [ "-Djavax.sound.sampled.Clip='#CODEC [plughw:1,0]'" "-Djavax.sound.sampled.Port='#Port CODEC [hw:1]'" "-Djavax.sound.sampled.SourceDataLine='#CODEC [plughw:1,0]'" "-Djavax.sound.sampled.TargetDataLine='#CODEC [plughw:1,0]'" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
- services.airsonic.listenAddress
The host name or IP address on which to bind Airsonic. Only relevant if you have multiple network interfaces and want to make Airsonic available on only one of them. The default value will bind Airsonic to all available network interfaces.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
- services.airsonic.maxMemory
The memory limit (max Java heap size) in megabytes. Default: 100
Type: signed integer
Default: 100
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
- services.airsonic.port
The port on which Airsonic will listen for incoming HTTP traffic. Set to 0 to disable.
Type: signed integer
Default: 4040
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
- services.airsonic.transcoders
List of paths to transcoder executables that should be accessible from Airsonic. Symlinks will be created to each executable inside /var/lib/airsonic/transcoders.
Type: list of paths
Default: [ "${pkgs.ffmpeg.bin}/bin/ffmpeg" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
- services.airsonic.user
User account under which airsonic runs.
Type: string
Default: "airsonic"
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
- services.airsonic.virtualHost
Name of the nginx virtualhost to use and setup. If null, do not setup any virtualhost.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
- services.airsonic.war
Airsonic war file to use.
Type: path
Default: "${pkgs.airsonic}/webapps/airsonic.war"
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
- services.alerta.enable
Whether to enable alerta.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
- services.alerta.authenticationRequired
Whether users must authenticate when using the web UI or command-line tool
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
- services.alerta.bind
Address to bind to. The default is to bind to all addresses
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
- services.alerta.corsOrigins
List of URLs that can access the API for Cross-Origin Resource Sharing (CORS)
Type: list of strings
Default: [ "http://localhost" "http://localhost:5000" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
- services.alerta.databaseName
Name of the database instance to connect to
Type: string
Default: "monitoring"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
- services.alerta.databaseUrl
URL of the MongoDB or PostgreSQL database to connect to
Type: string
Default: "mongodb://localhost"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
- services.alerta.extraConfig
These lines go into alertad.conf verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
- services.alerta.logDir
Location where the logfiles are stored
Type: path
Default: "/var/log/alerta"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
- services.alerta.port
Port of Alerta
Type: signed integer
Default: 5000
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
- services.alerta.signupEnabled
Whether to prevent sign-up of new users via the web UI
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
- services.amule.enable
Whether to run the AMule daemon. You need to manually run "amuled --ec-config" to configure the service for the first time.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/amuled.nix>
- services.amule.dataDir
The directory holding configuration, incoming and temporary files.
Type: string
Default: "/home/amule/"
Declared by:
<nixpkgs/nixos/modules/services/networking/amuled.nix>
- services.amule.user
The user the AMule daemon should run as.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/amuled.nix>
- services.ananicy.enable
Whether to enable Ananicy, an auto nice daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/ananicy.nix>
- services.ananicy.package
Which ananicy package to use.
Type: package
Default: pkgs.ananicy
Example: pkgs.ananicy-cpp
Declared by:
<nixpkgs/nixos/modules/services/misc/ananicy.nix>
- services.ananicy.extraRules
Extra rules in json format on separate lines. See: https://github.com/Nefelim4ag/Ananicy#configuration https://gitlab.com/ananicy-cpp/ananicy-cpp/#global-configuration
Type: string
Default: ""
Example:
'' { "name": "eog", "type": "Image-View" } { "name": "fdupes", "type": "BG_CPUIO" } ''Declared by:
<nixpkgs/nixos/modules/services/misc/ananicy.nix>
- services.ananicy.settings
See https://github.com/Nefelim4ag/Ananicy/blob/master/ananicy.d/ananicy.conf
Type: attribute set of signed integer or boolean or strings
Default: { }
Example: { apply_nice = false; }
Declared by:
<nixpkgs/nixos/modules/services/misc/ananicy.nix>
- services.ankisyncd.enable
Whether to enable ankisyncd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/ankisyncd.nix>
- services.ankisyncd.package
The package to use for the ankisyncd command.
Type: package
Default: pkgs.ankisyncd
Declared by:
<nixpkgs/nixos/modules/services/misc/ankisyncd.nix>
- services.ankisyncd.host
ankisyncd host
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/ankisyncd.nix>
- services.ankisyncd.openFirewall
Whether to open the firewall for the specified port.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/ankisyncd.nix>
- services.ankisyncd.port
ankisyncd port
Type: signed integer
Default: 27701
Declared by:
<nixpkgs/nixos/modules/services/misc/ankisyncd.nix>
- services.antennas.enable
Whether to enable Antennas.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/antennas.nix>
- services.antennas.antennasUrl
URL of Antennas.
Type: string
Default: "http://127.0.0.1:5004"
Declared by:
<nixpkgs/nixos/modules/services/networking/antennas.nix>
- services.antennas.deviceUUID
Device tuner UUID. Change this if you are running multiple instances.
Type: string
Default: "2f70c0d7-90a3-4429-8275-cbeeee9cd605"
Declared by:
<nixpkgs/nixos/modules/services/networking/antennas.nix>
- services.antennas.tunerCount
Numbers of tuners in tvheadend.
Type: signed integer
Default: 6
Declared by:
<nixpkgs/nixos/modules/services/networking/antennas.nix>
- services.antennas.tvheadendUrl
URL of Tvheadend.
Type: string
Default: "http://localhost:9981"
Declared by:
<nixpkgs/nixos/modules/services/networking/antennas.nix>
- services.apache-kafka.enable
Whether to enable Apache Kafka.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
- services.apache-kafka.package
The kafka package to use
Type: package
Default: pkgs.apacheKafka
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
- services.apache-kafka.brokerId
Broker ID.
Type: signed integer
Default: -1
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
- services.apache-kafka.extraProperties
Extra properties for server.properties.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
- services.apache-kafka.hostname
Hostname the broker should bind to.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
- services.apache-kafka.jre
The JRE with which to run Kafka
Type: package
Default: pkgs.apacheKafka.passthru.jre
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
- services.apache-kafka.jvmOptions
Extra command line options for the JVM running Kafka.
Type: list of strings
Default: [ ]
Example: [ "-Djava.net.preferIPv4Stack=true" "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.local.only=true" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
- services.apache-kafka.log4jProperties
Kafka log4j property configuration.
Type: strings concatenated with "\n"
Default:
'' log4j.rootLogger=INFO, stdout log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.layout=org.apache.log4j.PatternLayout log4j.appender.stdout.layout.ConversionPattern=[%d] %p %m (%c)%n ''
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
- services.apache-kafka.logDirs
Log file directories
Type: list of paths
Default: [ "/tmp/kafka-logs" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
- services.apache-kafka.port
Port number the broker should listen on.
Type: signed integer
Default: 9092
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
- services.apache-kafka.serverProperties
Complete server.properties content. Other server.properties config options will be ignored if this option is used.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
- services.apache-kafka.zookeeper
Zookeeper connection string
Type: string
Default: "localhost:2181"
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
- services.apcupsd.enable
Whether to enable the APC UPS daemon. apcupsd monitors your UPS and permits orderly shutdown of your computer in the event of a power failure. User manual: http://www.apcupsd.com/manual/manual.html. Note that apcupsd runs as root (to allow shutdown of computer). You can check the status of your UPS with the "apcaccess" command.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/apcupsd.nix>
- services.apcupsd.configText
Contents of the runtime configuration file, apcupsd.conf. The default settings makes apcupsd autodetect USB UPSes, limit network access to localhost and shutdown the system when the battery level is below 50 percent, or when the UPS has calculated that it has 5 minutes or less of remaining power-on time. See man apcupsd.conf for details.
Type: strings concatenated with "\n"
Default:
'' UPSTYPE usb NISIP 127.0.0.1 BATTERYLEVEL 50 MINUTES 5 ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/apcupsd.nix>
- services.apcupsd.hooks
Each attribute in this option names an apcupsd event and the string value it contains will be executed in a shell, in response to that event (prior to the default action). See "man apccontrol" for the list of events and what they represent.
A hook script can stop apccontrol from doing its default action by exiting with value 99. Do not do this unless you know what you're doing.
Type: attribute set of strings concatenated with "\n"s
Default: { }
Example: { doshutdown = "# shell commands to notify that the computer is shutting down"; }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/apcupsd.nix>
- services.arbtt.enable
Enable the arbtt statistics capture service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/arbtt.nix>
- services.arbtt.package
The package to use for the arbtt binaries.
Type: package
Default: pkgs.haskellPackages.arbtt
Declared by:
<nixpkgs/nixos/modules/services/monitoring/arbtt.nix>
- services.arbtt.logFile
The log file for captured samples.
Type: string
Default: "%h/.arbtt/capture.log"
Example: "/home/username/.arbtt-capture.log"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/arbtt.nix>
- services.arbtt.sampleRate
The sampling interval in seconds.
Type: signed integer
Default: 60
Example: 120
Declared by:
<nixpkgs/nixos/modules/services/monitoring/arbtt.nix>
- services.aria2.enable
Whether or not to enable the headless Aria2 daemon service.
Aria2 daemon can be controlled via the RPC interface using one of many WebUI (http://localhost:6800/ by default).
Targets are downloaded to /var/lib/aria2/Downloads by default and are accessible to users in the "aria2" group.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
- services.aria2.downloadDir
Directory to store downloaded files.
Type: path
Default: "/var/lib/aria2/Downloads"
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
- services.aria2.extraArguments
Additional arguments to be passed to Aria2.
Type: strings concatenated with " "
Default: ""
Example: "--rpc-listen-all --remote-time=true"
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
- services.aria2.listenPortRange
Set UDP listening port range used by DHT(IPv4, IPv6) and UDP tracker.
Type: list of attribute sets
Default: [ { from = 6881; to = 6999; } ]
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
- services.aria2.openPorts
Open listen and RPC ports found in listenPortRange and rpcListenPort options in the firewall.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
- services.aria2.rpcListenPort
Specify a port number for JSON-RPC/XML-RPC server to listen to. Possible Values: 1024-65535
Type: signed integer
Default: 6800
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
- services.aria2.rpcSecret
Set RPC secret authorization token. Read https://aria2.github.io/manual/en/html/aria2c.html#rpc-auth to know how this option value is used.
Type: string
Default: "aria2rpc"
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
- services.asterisk.enable
Whether to enable the Asterisk PBX server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/asterisk.nix>
- services.asterisk.package
The Asterisk package to use.
Type: package
Default: pkgs.asterisk
Declared by:
<nixpkgs/nixos/modules/services/networking/asterisk.nix>
- services.asterisk.confFiles
Sets the content of config files (typically ending with .conf) in the Asterisk configuration directory.
Note that if you want to change asterisk.conf, it is preferable to use the services.asterisk.extraConfig option over this option. If "asterisk.conf" is specified with the confFiles option (not recommended), you must be prepared to set your own astetcdir path.
See http://www.asterisk.org/community/documentation for more examples of what is possible here.
Type: attribute set of strings
Default: { }
Example:
{ "extensions.conf" = '' [tests] ; Dial 100 for "hello, world" exten => 100,1,Answer() same => n,Wait(1) same => n,Playback(hello-world) same => n,Hangup() [softphones] include => tests [unauthorized] ''; "sip.conf" = '' [general] allowguest=no ; Require authentication context=unauthorized ; Send unauthorized users to /dev/null srvlookup=no ; Don't do DNS lookup udpbindaddr=0.0.0.0 ; Listen on all interfaces nat=force_rport,comedia ; Assume device is behind NAT [softphone](!) type=friend ; Match on username first, IP second context=softphones ; Send to softphones context in ; extensions.conf file host=dynamic ; Device will register with asterisk disallow=all ; Manually specify codecs to allow allow=g722 allow=ulaw allow=alaw [myphone](softphone) secret=GhoshevFew ; Change this password! ''; "logger.conf" = '' [general] [logfiles] ; Add debug output to log syslog.local0 => notice,warning,error,debug ''; }Declared by:
<nixpkgs/nixos/modules/services/networking/asterisk.nix>
- services.asterisk.extraArguments
Additional command line arguments to pass to Asterisk.
Type: list of strings
Default: [ ]
Example: [ "-vvvddd" "-e" "1024" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/asterisk.nix>
- services.asterisk.extraConfig
Extra configuration options appended to the default asterisk.conf file.
Type: strings concatenated with "\n"
Default: ""
Example:
'' [options] verbose=3 debug=3 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/asterisk.nix>
- services.asterisk.useTheseDefaultConfFiles
Sets these config files to the default content. The default value for this option contains all necesscary files to avoid errors at startup. This does not override settings via services.asterisk.confFiles.
Type: list of strings
Default: [ "ari.conf" "acl.conf" "agents.conf" "amd.conf" "calendar.conf" "cdr.conf" "cdr_syslog.conf" "cdr_custom.conf" "cel.conf" "cel_custom.conf" "cli_aliases.conf" "confbridge.conf" "dundi.conf" "features.conf" "hep.conf" "iax.conf" "pjsip.conf" "pjsip_wizard.conf" "phone.conf" "phoneprov.conf" "queues.conf" "res_config_sqlite3.conf" "res_parking.conf" "statsd.conf" "udptl.conf" "unistim.conf" ]
Example: [ "sip.conf" "dundi.conf" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/asterisk.nix>
- services.atd.enable
Whether to enable the at daemon, a command scheduler.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/scheduling/atd.nix>
- services.atd.allowEveryone
Whether to make /var/spool/at{jobs,spool} writeable by everyone (and sticky). This is normally not needed since the at commands are setuid/setgid atd.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/scheduling/atd.nix>
- services.atftpd.enable
Whether to enable the atftpd TFTP server. By default, the server binds to address 0.0.0.0.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/atftpd.nix>
- services.atftpd.extraOptions
Extra command line arguments to pass to atftp.
Type: list of strings
Default: [ ]
Example:
[ "--bind-address 192.168.9.1" "--verbose=7" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/atftpd.nix>
- services.atftpd.root
Document root directory for the atftpd.
Type: path
Default: "/srv/tftp"
Declared by:
<nixpkgs/nixos/modules/services/networking/atftpd.nix>
- services.auto-cpufreq.enable
Whether to enable auto-cpufreq daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/auto-cpufreq.nix>
- services.autofs.enable
Mount filesystems on demand. Unmount them automatically. You may also be interested in afuse.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/autofs.nix>
- services.autofs.autoMaster
Contents of /etc/auto.master file. See auto.master(5) and autofs(5).
Type: string
Example:
let mapConf = pkgs.writeText "auto" '' kernel -ro,soft,intr ftp.kernel.org:/pub/linux boot -fstype=ext2 :/dev/hda1 windoze -fstype=smbfs ://windoze/c removable -fstype=ext2 :/dev/hdd cd -fstype=iso9660,ro :/dev/hdc floppy -fstype=auto :/dev/fd0 server -rw,hard,intr / -ro myserver.me.org:/ \ /usr myserver.me.org:/usr \ /home myserver.me.org:/home ''; in '' /auto file:${mapConf} ''Declared by:
<nixpkgs/nixos/modules/services/misc/autofs.nix>
- services.autofs.debug
Pass -d and -7 to automount and write log to the system journal.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/autofs.nix>
- services.autofs.timeout
Set the global minimum timeout, in seconds, until directories are unmounted
Type: signed integer
Default: 600
Declared by:
<nixpkgs/nixos/modules/services/misc/autofs.nix>
- services.automysqlbackup.enable
Whether to enable AutoMySQLBackup.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/automysqlbackup.nix>
- services.automysqlbackup.calendar
Configured when to run the backup service systemd unit (DayOfWeek Year-Month-Day Hour:Minute:Second).
Type: string
Default: "01:15:00"
Declared by:
<nixpkgs/nixos/modules/services/backup/automysqlbackup.nix>
- services.automysqlbackup.config
automysqlbackup configuration. Refer to ${pkgs.automysqlbackup}/etc/automysqlbackup.conf for details on supported values.
Type: attribute set of string or signed integer or boolean or list of stringss
Default: { }
Example:
{ db_names = [ "nextcloud" "matomo" ]; table_exclude = [ "nextcloud.oc_users" "nextcloud.oc_whats_new" ]; mailcontent = "log"; mail_address = "admin@example.org"; }Declared by:
<nixpkgs/nixos/modules/services/backup/automysqlbackup.nix>
- services.autorandr.enable
Whether to enable handling of hotplug and sleep events by autorandr.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
- services.autorandr.defaultTarget
Fallback if no monitor layout can be detected. See the docs (https://github.com/phillipberndt/autorandr/blob/v1.0/README.md#how-to-use) for further reference.
Type: string
Default: "default"
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
- services.autossh.sessions
List of AutoSSH sessions to start as systemd services. Each service is named 'autossh-{session.name}'.
Type: list of submodules
Default: [ ]
Example: [ { extraArguments = "-N -D4343 billremote@socks.host.net"; monitoringPort = 20000; name = "socks-peer"; user = "bill"; } ]
Declared by:
<nixpkgs/nixos/modules/services/networking/autossh.nix>
- services.autossh.sessions.*.extraArguments
Arguments to be passed to AutoSSH and retransmitted to SSH process. Some meaningful options include -N (don't run remote command), -D (open SOCKS proxy on local port), -R (forward remote port), -L (forward local port), -v (Enable debug). Check ssh manual for the complete list.
Type: strings concatenated with " "
Example: "-N -D4343 bill@socks.example.net"
Declared by:
<nixpkgs/nixos/modules/services/networking/autossh.nix>
- services.autossh.sessions.*.monitoringPort
Port to be used by AutoSSH for peer monitoring. Note, that AutoSSH also uses mport+1. Value of 0 disables the keep-alive style monitoring
Type: signed integer
Default: 0
Example: 20000
Declared by:
<nixpkgs/nixos/modules/services/networking/autossh.nix>
- services.autossh.sessions.*.name
Name of the local AutoSSH session
Type: string
Example: "socks-peer"
Declared by:
<nixpkgs/nixos/modules/services/networking/autossh.nix>
- services.autossh.sessions.*.user
Name of the user the AutoSSH session should run as
Type: string
Example: "bill"
Declared by:
<nixpkgs/nixos/modules/services/networking/autossh.nix>
- services.avahi.enable
Whether to run the Avahi daemon, which allows Avahi clients to use Avahi's service discovery facilities and also allows the local machine to advertise its presence and services (through the mDNS responder implemented by `avahi-daemon').
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
- services.avahi.allowPointToPoint
Whether to use POINTTOPOINT interfaces. Might make mDNS unreliable due to usually large latencies with such links and opens a potential security hole by allowing mDNS access from Internet connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
- services.avahi.browseDomains
List of non-local DNS domains to be browsed.
Type: list of strings
Default: [ ]
Example: [ "0pointer.de" "zeroconf.org" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
- services.avahi.cacheEntriesMax
Number of resource records to be cached per interface. Use 0 to disable caching. Avahi daemon defaults to 4096 if not set.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
- services.avahi.domainName
Domain name for all advertisements.
Type: string
Default: "local"
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
- services.avahi.extraConfig
Extra config to append to avahi-daemon.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
- services.avahi.extraServiceFiles
Specify custom service definitions which are placed in the avahi service directory. See the avahi.service(5) manpage for detailed information.
Type: attribute set of string or paths
Default: { }
Example:
{ ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service"; smb = '' <?xml version="1.0" standalone='no'?><!--*-nxml-*--> <!DOCTYPE service-group SYSTEM "avahi-service.dtd"> <service-group> <name replace-wildcards="yes">%h</name> <service> <type>_smb._tcp</type> <port>445</port> </service> </service-group> ''; }Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
- services.avahi.hostName
Host name advertised on the LAN. If not set, avahi will use the value of config.networking.hostName.
Type: string
Default: config.networking.hostName
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
- services.avahi.interfaces
List of network interfaces that should be used by the avahi-daemon. Other interfaces will be ignored. If null, all local interfaces except loopback and point-to-point will be used.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
- services.avahi.ipv4
Whether to use IPv4.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
- services.avahi.ipv6
Whether to use IPv6.
Type: boolean
Default: config.networking.enableIPv6
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
- services.avahi.nssmdns
Whether to enable the mDNS NSS (Name Service Switch) plug-in. Enabling it allows applications to resolve names in the `.local' domain by transparently querying the Avahi daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
- services.avahi.openFirewall
Whether to open the firewall for UDP port 5353.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
- services.avahi.publish.enable
Whether to allow publishing in general.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
- services.avahi.publish.addresses
Whether to register mDNS address records for all local IP addresses.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
- services.avahi.publish.domain
Whether to announce the locally used domain name for browsing by other hosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
- services.avahi.publish.hinfo
Whether to register a mDNS HINFO record which contains information about the local operating system and CPU.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
- services.avahi.publish.userServices
Whether to publish user services. Will set addresses=true.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
- services.avahi.publish.workstation
Whether to register a service of type "_workstation._tcp" on the local LAN.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
- services.avahi.reflector
Reflect incoming mDNS requests to all allowed network interfaces.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
- services.avahi.wideArea
Whether to enable wide-area service discovery.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
- services.awstats.enable
Whether to enable awstats.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
- services.awstats.configs
Attribute set of domains to collect stats for.
Type: attribute set of submodules
Default: { }
Example:
{ "mysite" = { domain = "example.com"; logFile = "/var/log/nginx/access.log"; }; }Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
- services.awstats.configs.<name>.domain
The domain name to collect stats for.
Type: string
Default: "‹name›"
Example: "example.com"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
- services.awstats.configs.<name>.extraConfig
Extra configuration to be appended to awstats.${name}.conf.
Type: attribute set of strings
Default: { }
Example:
{ "ValidHTTPCodes" = "404"; }Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
- services.awstats.configs.<name>.hostAliases
List of aliases the site has.
Type: list of strings
Default: [ ]
Example: [ "www.example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
- services.awstats.configs.<name>.logFile
The log file to be scanned.
For mail, set this to journalctl $OLD_CURSOR -u postfix.service | ${pkgs.perl}/bin/perl ${pkgs.awstats.out}/share/awstats/tools/maillogconvert.pl standard |
Type: string
Example: "/var/log/nginx/access.log"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
- services.awstats.configs.<name>.logFormat
The log format being used.
For mail, set this to %time2 %email %email_r %host %host_r %method %url %code %bytesd
Type: string
Default: "1"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
- services.awstats.configs.<name>.type
The type of log being collected.
Type: one of "mail", "web"
Default: "web"
Example: "mail"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
- services.awstats.configs.<name>.webService.enable
Whether to enable awstats web service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
- services.awstats.configs.<name>.webService.hostname
The hostname the web service appears under.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
- services.awstats.configs.<name>.webService.urlPrefix
The URL prefix under which the awstats pages appear.
Type: string
Default: "/awstats"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
- services.awstats.dataDir
The directory where awstats data will be stored.
Type: path
Default: "/var/lib/awstats"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
- services.awstats.updateAt
Specification of the time at which awstats will get updated. (in the format described by systemd.time(7))
Type: null or string
Default: null
Example: "hourly"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
- services.babeld.enable
Whether to enable the babeld network routing daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/babeld.nix>
- services.babeld.extraConfig
Options that will be copied to babeld.conf. See babeld(8) for details.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/babeld.nix>
- services.babeld.interfaceDefaults
A set describing default parameters for babeld interfaces. See babeld(8) for options.
Type: null or attribute set of unspecifieds
Default: null
Example: { split-horizon = true; type = "tunnel"; }
Declared by:
<nixpkgs/nixos/modules/services/networking/babeld.nix>
- services.babeld.interfaces
A set describing babeld interfaces. See babeld(8) for options.
Type: attribute set of attribute set of unspecifiedss
Default: { }
Example: { enp0s2 = { hello-interval = 5; split-horizon = "auto"; type = "wired"; } ; }
Declared by:
<nixpkgs/nixos/modules/services/networking/babeld.nix>
- services.bacula-dir.enable
Whether to enable Bacula Director Daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-dir.extraConfig
Extra configuration for Bacula Director Daemon.
Type: strings concatenated with "\n"
Default: ""
Example:
'' TODO ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-dir.extraDirectorConfig
Extra configuration to be passed in Director directive.
Type: strings concatenated with "\n"
Default: ""
Example:
'' Maximum Concurrent Jobs = 20; Heartbeat Interval = 30; ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-dir.extraMessagesConfig
Extra configuration to be passed in Messages directive.
Type: strings concatenated with "\n"
Default: ""
Example:
'' console = all ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-dir.name
The director name used by the system administrator. This directive is required.
Type: string
Default: "nixos-dir"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-dir.password
Specifies the password that must be supplied for a Director.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-dir.port
Specify the port (a positive integer) on which the Director daemon will listen for Bacula Console connections. This same port number must be specified in the Director resource of the Console configuration file. The default is 9101, so normally this directive need not be specified. This directive should not be used if you specify DirAddresses (N.B plural) directive.
Type: signed integer
Default: 9101
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-fd.enable
Whether to enable the Bacula File Daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-fd.director
This option defines director resources in Bacula File Daemon.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-fd.director.<name>.monitor
If Monitor is set to no, this director will have full access to this Storage daemon. If Monitor is set to yes, this director will only be able to fetch the current status of this Storage daemon.
Please note that if this director is being used by a Monitor, we highly recommend to set this directive to yes to avoid serious security problems.
Type: one of "no", "yes"
Default: "no"
Example: "yes"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-fd.director.<name>.password
Specifies the password that must be supplied for the default Bacula Console to be authorized. The same password must appear in the Director resource of the Console configuration file. For added security, the password is never passed across the network but instead a challenge response hash code created with the password. This directive is required. If you have either /dev/random or bc on your machine, Bacula will generate a random password during the configuration process, otherwise it will be left blank and you must manually supply it.
The password is plain text. It is not generated through any special process but as noted above, it is better to use random text for security reasons.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-fd.extraClientConfig
Extra configuration to be passed in Client directive.
Type: strings concatenated with "\n"
Default: ""
Example:
'' Maximum Concurrent Jobs = 20; Heartbeat Interval = 30; ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-fd.extraMessagesConfig
Extra configuration to be passed in Messages directive.
Type: strings concatenated with "\n"
Default: ""
Example:
'' console = all ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-fd.name
The client name that must be used by the Director when connecting. Generally, it is a good idea to use a name related to the machine so that error messages can be easily identified if you have multiple Clients. This directive is required.
Type: string
Default: "nixos-fd"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-fd.port
This specifies the port number on which the Client listens for Director connections. It must agree with the FDPort specified in the Client resource of the Director's configuration file.
Type: signed integer
Default: 9102
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-sd.enable
Whether to enable Bacula Storage Daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-sd.autochanger
This option defines Autochanger resources in Bacula Storage Daemon.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-sd.autochanger.<name>.changerCommand
The name-string specifies an external program to be called that will automatically change volumes as required by Bacula. Normally, this directive will be specified only in the AutoChanger resource, which is then used for all devices. However, you may also specify the different Changer Command in each Device resource. Most frequently, you will specify the Bacula supplied mtx-changer script as follows:
"/path/mtx-changer %c %o %S %a %d"
and you will install the mtx on your system (found in the depkgs release). An example of this command is in the default bacula-sd.conf file. For more details on the substitution characters that may be specified to configure your autochanger please see the AutochangersAutochangersChapter chapter of this manual. For FreeBSD users, you might want to see one of the several chio scripts in examples/autochangers.
Type: string
Default: "/etc/bacula/mtx-changer %c %o %S %a %d"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-sd.autochanger.<name>.changerDevice
The specified name-string must be the generic SCSI device name of the autochanger that corresponds to the normal read/write Archive Device specified in the Device resource. This generic SCSI device name should be specified if you have an autochanger or if you have a standard tape drive and want to use the Alert Command (see below). For example, on Linux systems, for an Archive Device name of /dev/nst0, you would specify /dev/sg0 for the Changer Device name. Depending on your exact configuration, and the number of autochangers or the type of autochanger, what you specify here can vary. This directive is optional. See the Using AutochangersAutochangersChapter chapter of this manual for more details of using this and the following autochanger directives.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-sd.autochanger.<name>.devices
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-sd.autochanger.<name>.extraAutochangerConfig
Extra configuration to be passed in Autochanger directive.
Type: strings concatenated with "\n"
Default: ""
Example:
'' ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-sd.device
This option defines Device resources in Bacula Storage Daemon.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-sd.device.<name>.archiveDevice
The specified name-string gives the system file name of the storage device managed by this storage daemon. This will usually be the device file name of a removable storage device (tape drive), for example /dev/nst0 or /dev/rmt/0mbn. For a DVD-writer, it will be for example /dev/hdc. It may also be a directory name if you are archiving to disk storage. In this case, you must supply the full absolute path to the directory. When specifying a tape device, it is preferable that the "non-rewind" variant of the device file name be given.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-sd.device.<name>.extraDeviceConfig
Extra configuration to be passed in Device directive.
Type: strings concatenated with "\n"
Default: ""
Example:
'' LabelMedia = yes Random Access = no AutomaticMount = no RemovableMedia = no MaximumOpenWait = 60 AlwaysOpen = no ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-sd.device.<name>.mediaType
The specified name-string names the type of media supported by this device, for example, DLT7000. Media type names are arbitrary in that you set them to anything you want, but they must be known to the volume database to keep track of which storage daemons can read which volumes. In general, each different storage type should have a unique Media Type associated with it. The same name-string must appear in the appropriate Storage resource definition in the Director's configuration file.
Even though the names you assign are arbitrary (i.e. you choose the name you want), you should take care in specifying them because the Media Type is used to determine which storage device Bacula will select during restore. Thus you should probably use the same Media Type specification for all drives where the Media can be freely interchanged. This is not generally an issue if you have a single Storage daemon, but it is with multiple Storage daemons, especially if they have incompatible media.
For example, if you specify a Media Type of DDS-4 then during the restore, Bacula will be able to choose any Storage Daemon that handles DDS-4. If you have an autochanger, you might want to name the Media Type in a way that is unique to the autochanger, unless you wish to possibly use the Volumes in other drives. You should also ensure to have unique Media Type names if the Media is not compatible between drives. This specification is required for all devices.
In addition, if you are using disk storage, each Device resource will generally have a different mount point or directory. In order for Bacula to select the correct Device resource, each one must have a unique Media Type.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-sd.director
This option defines Director resources in Bacula Storage Daemon.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-sd.director.<name>.monitor
If Monitor is set to no, this director will have full access to this Storage daemon. If Monitor is set to yes, this director will only be able to fetch the current status of this Storage daemon.
Please note that if this director is being used by a Monitor, we highly recommend to set this directive to yes to avoid serious security problems.
Type: one of "no", "yes"
Default: "no"
Example: "yes"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-sd.director.<name>.password
Specifies the password that must be supplied for the default Bacula Console to be authorized. The same password must appear in the Director resource of the Console configuration file. For added security, the password is never passed across the network but instead a challenge response hash code created with the password. This directive is required. If you have either /dev/random or bc on your machine, Bacula will generate a random password during the configuration process, otherwise it will be left blank and you must manually supply it.
The password is plain text. It is not generated through any special process but as noted above, it is better to use random text for security reasons.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-sd.extraMessagesConfig
Extra configuration to be passed in Messages directive.
Type: strings concatenated with "\n"
Default: ""
Example:
'' console = all ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-sd.extraStorageConfig
Extra configuration to be passed in Storage directive.
Type: strings concatenated with "\n"
Default: ""
Example:
'' Maximum Concurrent Jobs = 20; Heartbeat Interval = 30; ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-sd.name
Specifies the Name of the Storage daemon.
Type: string
Default: "nixos-sd"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bacula-sd.port
Specifies port number on which the Storage daemon listens for Director connections.
Type: signed integer
Default: 9103
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
- services.bamf.enable
Whether to enable bamf.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/bamf.nix>
- services.bazarr.enable
Whether to enable bazarr, a subtitle manager for Sonarr and Radarr.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/bazarr.nix>
- services.bazarr.group
Group under which bazarr runs.
Type: string
Default: "bazarr"
Declared by:
<nixpkgs/nixos/modules/services/misc/bazarr.nix>
- services.bazarr.listenPort
Port on which the bazarr web interface should listen
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 6767
Declared by:
<nixpkgs/nixos/modules/services/misc/bazarr.nix>
- services.bazarr.openFirewall
Open ports in the firewall for the bazarr web interface.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/bazarr.nix>
- services.bazarr.user
User account under which bazarr runs.
Type: string
Default: "bazarr"
Declared by:
<nixpkgs/nixos/modules/services/misc/bazarr.nix>
- services.beanstalkd.enable
Whether to enable the Beanstalk work queue.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/beanstalkd.nix>
- services.beanstalkd.listen.address
IP address to listen on.
Type: string
Default: "127.0.0.1"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/beanstalkd.nix>
- services.beanstalkd.listen.port
TCP port that will be used to accept client connections.
Type: signed integer
Default: 11300
Declared by:
<nixpkgs/nixos/modules/services/misc/beanstalkd.nix>
- services.beanstalkd.openFirewall
Whether to open ports in the firewall for the server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/beanstalkd.nix>
- services.bee.enable
Whether to enable Ethereum Swarm Bee.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/bee.nix>
- services.bee.package
The package providing the bee binary for the service.
Type: package
Default: pkgs.bee
Example: pkgs.bee-unstable
Declared by:
<nixpkgs/nixos/modules/services/networking/bee.nix>
- services.bee.daemonNiceLevel
Daemon process priority for bee. 0 is the default Unix process priority, 19 is the lowest.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/bee.nix>
- services.bee.group
Group the bee binary should execute under.
Type: string
Default: "bee"
Declared by:
<nixpkgs/nixos/modules/services/networking/bee.nix>
- services.bee.settings
Ethereum Swarm Bee configuration. Refer to https://gateway.ethswarm.org/bzz/docs.swarm.eth/docs/installation/configuration/ for details on supported values.
Type: YAML value
Declared by:
<nixpkgs/nixos/modules/services/networking/bee.nix>
- services.bee.user
User the bee binary should execute under.
Type: string
Default: "bee"
Declared by:
<nixpkgs/nixos/modules/services/networking/bee.nix>
- services.bee-clef.enable
Whether to enable clef external signer instance for Ethereum Swarm Bee.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/bee-clef.nix>
- services.bee-clef.dataDir
Data dir for bee-clef. Beware that some helper scripts may not work when changed! The service itself should work fine, though.
Type: null or string
Default: "/var/lib/bee-clef"
Declared by:
<nixpkgs/nixos/modules/services/networking/bee-clef.nix>
- services.bee-clef.group
Group the bee-clef daemon should execute under.
Type: string
Default: "bee-clef"
Declared by:
<nixpkgs/nixos/modules/services/networking/bee-clef.nix>
- services.bee-clef.passwordFile
Password file for bee-clef.
Type: null or string
Default: "/var/lib/bee-clef/password"
Declared by:
<nixpkgs/nixos/modules/services/networking/bee-clef.nix>
- services.bee-clef.user
User the bee-clef daemon should execute under.
Type: string
Default: "bee-clef"
Declared by:
<nixpkgs/nixos/modules/services/networking/bee-clef.nix>
- services.beesd.filesystems
BTRFS filesystems to run block-level deduplication on.
Type: attribute set of submodules
Default: { }
Example:
{ root = { spec = "LABEL=root"; hashTableSizeMB = 2048; verbosity = "crit"; extraOptions = [ "--loadavg-target" "5.0" ]; }; }Declared by:
<nixpkgs/nixos/modules/services/misc/bees.nix>
- services.beesd.filesystems.<name>.extraOptions
Extra command-line options passed to the daemon. See upstream bees documentation.
Type: list of strings
Default: [ ]
Example:
[ "--thread-count" "4" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/bees.nix>
- services.beesd.filesystems.<name>.hashTableSizeMB
Hash table size in MB; must be a multiple of 16.
A larger ratio of index size to storage size means smaller blocks of duplicate content are recognized.
If you have 1TB of data, a 4GB hash table (which is to say, a value of 4096) will permit 4KB extents (the smallest possible size) to be recognized, whereas a value of 1024 -- creating a 1GB hash table -- will recognize only aligned duplicate blocks of 16KB.
Type: signed integer
Default: 1024
Declared by:
<nixpkgs/nixos/modules/services/misc/bees.nix>
- services.beesd.filesystems.<name>.spec
Description of how to identify the filesystem to be duplicated by this instance of bees. Note that deduplication crosses subvolumes; one must not configure multiple instances for subvolumes of the same filesystem (or block devices which are part of the same filesystem), but only for completely independent btrfs filesystems.
This must be in a format usable by findmnt; that could be a key=value pair, or a bare path to a mount point.
Type: string
Example: "LABEL=MyBulkDataDrive"
Declared by:
<nixpkgs/nixos/modules/services/misc/bees.nix>
- services.beesd.filesystems.<name>.verbosity
Log verbosity (syslog keyword/level).
Type: one of "alert", "crit", "debug", "emerg", "err", "info", "notice", "warning", 1, 2, 7, 0, 3, 6, 5, 4
Default: "info"
Declared by:
<nixpkgs/nixos/modules/services/misc/bees.nix>
- services.beesd.filesystems.<name>.workDir
Name (relative to the root of the filesystem) of the subvolume where the hash table will be stored.
Type: string
Default: ".beeshome"
Declared by:
<nixpkgs/nixos/modules/services/misc/bees.nix>
- services.bepasty.enable
Whether to enable Bepasty servers.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
- services.bepasty.servers
configure a number of bepasty servers which will be started with gunicorn.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
- services.bepasty.servers.<name>.bind
Bind address to be used for this server.
Type: string
Default: "127.0.0.1:8000"
Example: "0.0.0.0:8000"
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
- services.bepasty.servers.<name>.dataDir
Path to the directory where the pastes will be saved to
Type: string
Default: "/var/lib/bepasty/data"
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
- services.bepasty.servers.<name>.defaultPermissions
default permissions for all unauthenticated accesses.
Type: string
Default: "read"
Example: "read,create,delete"
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
- services.bepasty.servers.<name>.extraConfig
Extra configuration for bepasty server to be appended on the configuration. see https://bepasty-server.readthedocs.org/en/latest/quickstart.html#configuring-bepasty for all options.
Type: strings concatenated with "\n"
Default: ""
Example:
'' PERMISSIONS = { 'myadminsecret': 'admin,list,create,read,delete', } MAX_ALLOWED_FILE_SIZE = 5 * 1000 * 1000 ''Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
- services.bepasty.servers.<name>.secretKey
server secret for safe session cookies, must be set.
Warning: this secret is stored in the WORLD-READABLE Nix store!
It's recommended to use secretKeyFile which takes precedence over secretKey.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
- services.bepasty.servers.<name>.secretKeyFile
A file that contains the server secret for safe session cookies, must be set.
secretKeyFile takes precedence over secretKey.
Warning: when secretKey is non-empty secretKeyFile defaults to a file in the WORLD-READABLE Nix store containing that secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
- services.bepasty.servers.<name>.workDir
Path to the working directory (used for config and pidfile). Defaults to the users home directory.
Type: string
Default: "/var/lib/bepasty"
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
- services.biboumi.enable
Whether to enable the Biboumi XMPP gateway to IRC.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
- services.biboumi.credentialsFile
Path to a configuration file to be merged with the settings. Beware not to surround "=" with spaces when setting biboumi's options in this file. Useful to merge a file which is better kept out of the Nix store because it contains sensible data like password.
Type: path
Default: "/dev/null"
Example: "/run/keys/biboumi.cfg"
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
- services.biboumi.openFirewall
Whether to enable opening of the identd port in the firewall.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
- services.biboumi.settings
See biboumi 8.5 for documentation.
Type: settings option
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
- services.biboumi.settings.admin
The bare JID of the gateway administrator. This JID will have more privileges than other standard users, for example some administration ad-hoc commands will only be available to that JID.
Type: list of strings
Default: [ ]
Example: [ "admin@example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
- services.biboumi.settings.ca_file
Specifies which file should be used as the list of trusted CA when negociating a TLS session.
Type: path
Default: "/etc/ssl/certs/ca-certificates.crt"
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
- services.biboumi.settings.db_name
The name of the database to use.
Type: path or string
Default: "/var/lib/biboumi/biboumi.sqlite"
Example: "postgresql://user:secret@localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
- services.biboumi.settings.hostname
The hostname served by the XMPP gateway. This domain must be configured in the XMPP server as an external component.
Type: string
Example: "biboumi.example.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
- services.biboumi.settings.identd_port
The TCP port on which to listen for identd queries.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 113
Example: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
- services.biboumi.settings.log_level
Indicate what type of log messages to write in the logs. 0 is debug, 1 is info, 2 is warning, 3 is error.
Type: integer between 0 and 3 (both inclusive)
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
- services.biboumi.settings.password
The password used to authenticate the XMPP component to your XMPP server. This password must be configured in the XMPP server, associated with the external component on hostname.
Set it to null and use credentialsFile if you do not want this password to go into the Nix store.
Type: null or string
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
- services.biboumi.settings.persistent_by_default
Whether all rooms will be persistent by default: the value of the “persistent” option in the global configuration of each user will be “true”, but the value of each individual room will still default to false. This means that a user just needs to change the global “persistent” configuration option to false in order to override this.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
- services.biboumi.settings.policy_directory
A directory that should contain the policy files, used to customize Botan’s behaviour when negociating the TLS connections with the IRC servers.
Type: path
Default: "${pkgs.biboumi}/etc/biboumi"
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
- services.biboumi.settings.port
The TCP port to use to connect to the local XMPP component.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5347
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
- services.biboumi.settings.realname_customization
Whether the users will be able to use the ad-hoc commands that lets them configure their realname and username.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
- services.biboumi.settings.realname_from_jid
Whether the realname and username of each biboumi user will be extracted from their JID. Otherwise they will be set to the nick they used to connect to the IRC server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
- services.biboumi.settings.xmpp_server_ip
The IP address to connect to the XMPP server on. The connection to the XMPP server is unencrypted, so the biboumi instance and the server should normally be on the same host.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
- services.bind.enable
Whether to enable BIND domain name server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
- services.bind.package
The BIND package to use.
Type: package
Default: pkgs.bind
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
- services.bind.blockedNetworks
What networks are just blocked.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
- services.bind.cacheNetworks
What networks are allowed to use us as a resolver. Note that this is for recursive queries -- all networks are allowed to query zones configured with the `zones` option. It is recommended that you limit cacheNetworks to avoid your server being used for DNS amplification attacks.
Type: list of strings
Default: [ "127.0.0.0/24" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
- services.bind.configFile
Overridable config file to use for named. By default, that generated by nixos.
Type: path
Default: confFile
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
- services.bind.directory
Working directory of BIND.
Type: string
Default: "/run/named"
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
- services.bind.extraConfig
Extra lines to be added verbatim to the generated named configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
- services.bind.extraOptions
Extra lines to be added verbatim to the options section of the generated named configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
- services.bind.forwarders
List of servers we should forward requests to.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
- services.bind.ipv4Only
Only use ipv4, even if the host supports ipv6.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
- services.bind.listenOn
Interfaces to listen on.
Type: list of strings
Default: [ "any" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
- services.bind.listenOnIpv6
Ipv6 interfaces to listen on.
Type: list of strings
Default: [ "any" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
- services.bind.zones
List of zones we claim authority over.
Type: attribute set of submodules or list of attribute sets convertible to it
Default: [ ]
Example: { example.com = { extraConfig = ""; file = "/var/dns/example.com"; master = false; masters = [ "192.168.0.1" ] ; slaves = [ ] ; } ; }
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
- services.bind.zones.<name>.extraConfig
Extra zone config to be appended at the end of the zone section.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
- services.bind.zones.<name>.file
Zone file resource records contain columns of data, separated by whitespace, that define the record.
Type: string or path
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
- services.bind.zones.<name>.master
Master=false means slave server
Type: boolean
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
- services.bind.zones.<name>.masters
List of servers for inclusion in stub and secondary zones.
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
- services.bind.zones.<name>.name
Name of the zone.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
- services.bind.zones.<name>.slaves
Addresses who may request zone transfers.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
- services.bird.enable
Whether to enable BIRD Internet Routing Daemon (1.6.x with IPv4 support).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
- services.bird.checkConfig
Whether the config should be checked at build time. Disabling this might become necessary if the config includes files not present during build time.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
- services.bird.config
BIRD Internet Routing Daemon configuration file. http://bird.network.cz/
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
- services.bird2.enable
Whether to enable BIRD Internet Routing Daemon (2.x).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
- services.bird2.checkConfig
Whether the config should be checked at build time. Disabling this might become necessary if the config includes files not present during build time.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
- services.bird2.config
BIRD Internet Routing Daemon configuration file. http://bird.network.cz/
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
- services.bird6.enable
Whether to enable BIRD Internet Routing Daemon (1.6.x with IPv6 support).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
- services.bird6.checkConfig
Whether the config should be checked at build time. Disabling this might become necessary if the config includes files not present during build time.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
- services.bird6.config
BIRD Internet Routing Daemon configuration file. http://bird.network.cz/
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
- services.bitcoind
Specification of one or more bitcoind instances.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
- services.bitcoind.<name>.enable
Whether to enable Bitcoin daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
- services.bitcoind.<name>.package
The package providing bitcoin binaries.
Type: package
Default: pkgs.bitcoind
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
- services.bitcoind.<name>.configFile
The configuration file path to supply bitcoind.
Type: null or path
Default: null
Example: "/var/lib/‹name›/bitcoin.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
- services.bitcoind.<name>.dataDir
The data directory for bitcoind.
Type: path
Default: "/var/lib/bitcoind-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
- services.bitcoind.<name>.dbCache
Override the default database cache size in MiB.
Type: null or integer between 4 and 16384 (both inclusive)
Default: null
Example: 4000
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
- services.bitcoind.<name>.extraCmdlineOptions
Extra command line options to pass to bitcoind. Run bitcoind --help to list all available options.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
- services.bitcoind.<name>.extraConfig
Additional configurations to be appended to bitcoin.conf.
Type: strings concatenated with "\n"
Default: ""
Example:
'' par=16 rpcthreads=16 logips=1 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
- services.bitcoind.<name>.group
The group as which to run bitcoind.
Type: string
Default: "bitcoind-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
- services.bitcoind.<name>.pidFile
Location of bitcoind pid file.
Type: path
Default: "/var/lib/bitcoind-‹name›/bitcoind.pid"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
- services.bitcoind.<name>.port
Override the default port on which to listen for connections.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
- services.bitcoind.<name>.prune
Reduce storage requirements by enabling pruning (deleting) of old blocks. This allows the pruneblockchain RPC to be called to delete specific blocks, and enables automatic pruning of old blocks if a target size in MiB is provided. This mode is incompatible with -txindex and -rescan. Warning: Reverting this setting requires re-downloading the entire blockchain. ("disable" = disable pruning blocks, "manual" = allow manual pruning via RPC, >=550 = automatically prune block files to stay under the specified target size in MiB).
Type: null or unsigned integer, meaning >=0 or one of "disable", "manual" convertible to it
Default: null
Example: 10000
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
- services.bitcoind.<name>.rpc.port
Override the default port on which to listen for JSON-RPC connections.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
- services.bitcoind.<name>.rpc.users
RPC user information for JSON-RPC connnections.
Type: attribute set of submodules
Default: { }
Example:
{ alice.passwordHMAC = "f7efda5c189b999524f151318c0c86$d5b51b3beffbc02b724e5d095828e0bc8b2456e9ac8757ae3211a5d9b16a22ae"; bob.passwordHMAC = "b2dd077cb54591a2f3139e69a897ac$4e71f08d48b4347cf8eff3815c0e25ae2e9a4340474079f55705f40574f4ec99"; }Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
- services.bitcoind.<name>.rpc.users.<name>.name
Username for JSON-RPC connections.
Type: string
Example: "alice"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
- services.bitcoind.<name>.rpc.users.<name>.passwordHMAC
Password HMAC-SHA-256 for JSON-RPC connections. Must be a string of the format <SALT-HEX>$<HMAC-HEX>.
Tool (Python script) for HMAC generation is available here: https://github.com/bitcoin/bitcoin/blob/master/share/rpcauth/rpcauth.py
Type: string matching the pattern [0-9a-f]+\$[0-9a-f]{64}
Example: "f7efda5c189b999524f151318c0c86$d5b51b3beffbc02b724e5d095828e0bc8b2456e9ac8757ae3211a5d9b16a22ae"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
- services.bitcoind.<name>.testnet
Whether to use the testnet instead of mainnet.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
- services.bitcoind.<name>.user
The user as which to run bitcoind.
Type: string
Default: "bitcoind-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
- services.bitlbee.enable
Whether to run the BitlBee IRC to other chat network gateway. Running it allows you to access the MSN, Jabber, Yahoo! and ICQ chat networks via an IRC client.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
- services.bitlbee.authBackend
How users are authenticated storage -- save passwords internally pam -- Linux PAM authentication
Type: one of "storage", "pam"
Default: "storage"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
- services.bitlbee.authMode
The following authentication modes are available: Open -- Accept connections from anyone, use NickServ for user authentication. Closed -- Require authorization (using the PASS command during login) before allowing the user to connect at all. Registered -- Only allow registered users to use this server; this disables the register- and the account command until the user identifies himself.
Type: one of "Open", "Closed", "Registered"
Default: "Open"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
- services.bitlbee.configDir
Specify an alternative directory to store all the per-user configuration files.
Type: path
Default: "/var/lib/bitlbee"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
- services.bitlbee.extraDefaults
Will be inserted in the Default section of the config file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
- services.bitlbee.extraSettings
Will be inserted in the Settings section of the config file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
- services.bitlbee.hostName
Normally, BitlBee gets a hostname using getsockname(). If you have a nicer alias for your BitlBee daemon, you can set it here and BitlBee will identify itself with that name instead.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
- services.bitlbee.interface
The interface the BitlBee deamon will be listening to. If `127.0.0.1', only clients on the local host can connect to it; if `0.0.0.0', clients can access it from any network interface.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
- services.bitlbee.libpurple_plugins
The list of libpurple plugins to install.
Type: list of packages
Default: [ ]
Example: [ pkgs.purple-matrix ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
- services.bitlbee.plugins
The list of bitlbee plugins to install.
Type: list of packages
Default: [ ]
Example: [ pkgs.bitlbee-facebook ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
- services.bitlbee.portNumber
Number of the port BitlBee will be listening to.
Type: signed integer
Default: 6667
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
- services.bitlbee.protocols
This option allows to remove the support of protocol, even if compiled in. If nothing is given, there are no restrictions.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
- services.blackfire-agent.enable
Whether to enable Blackfire profiler agent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/development/blackfire.nix>
- services.blackfire-agent.settings
See https://blackfire.io/docs/up-and-running/configuration/agent
Type: attribute set of strings
Declared by:
<nixpkgs/nixos/modules/services/development/blackfire.nix>
- services.blackfire-agent.settings.server-id
Sets the server id used to authenticate with Blackfire
You can find your personal server-id at https://blackfire.io/my/settings/credentials
Type: string
Declared by:
<nixpkgs/nixos/modules/services/development/blackfire.nix>
- services.blackfire-agent.settings.server-token
Sets the server token used to authenticate with Blackfire
You can find your personal server-token at https://blackfire.io/my/settings/credentials
Type: string
Declared by:
<nixpkgs/nixos/modules/services/development/blackfire.nix>
- services.blockbook-frontend
Specification of one or more blockbook-frontend instances.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
- services.blockbook-frontend.<name>.enable
Whether to enable blockbook-frontend application..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
- services.blockbook-frontend.<name>.package
Which blockbook package to use.
Type: package
Default: pkgs.blockbook
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
- services.blockbook-frontend.<name>.certFile
To enable SSL, specify path to the name of certificate files without extension. Expecting certFile.crt and certFile.key.
Type: null or path
Default: null
Example: "/etc/secrets/blockbook-frontend-‹name›/certFile"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
- services.blockbook-frontend.<name>.coinName
See https://github.com/trezor/blockbook/blob/master/bchain/coins/blockchain.go#L61 for current of coins supported in master (Note: may differ from release).
Type: string
Default: "Bitcoin"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
- services.blockbook-frontend.<name>.configFile
Location of the blockbook configuration file.
Type: null or path
Default: null
Example: "/var/lib/blockbook-frontend-‹name›/config.json"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
- services.blockbook-frontend.<name>.cssDir
Location of the dir with main.css CSS file. By default, the one shipped with the package is used.
Type: path
Default: "${package}/share/css/"
Example: "${dataDir}/static/css/"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
- services.blockbook-frontend.<name>.dataDir
Location of blockbook-frontend-‹name› data directory.
Type: path
Default: "/var/lib/blockbook-frontend-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
- services.blockbook-frontend.<name>.debug
Debug mode, return more verbose errors, reload templates on each request.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
- services.blockbook-frontend.<name>.extraCmdLineOptions
Extra command line options to pass to Blockbook. Run blockbook --help to list all available options.
Type: list of strings
Default: [ ]
Example: [ "-workers=1" "-dbcache=0" "-logtosderr" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
- services.blockbook-frontend.<name>.extraConfig
Additional configurations to be appended to coin.conf. Overrides any already defined configuration options. See https://github.com/trezor/blockbook/tree/master/configs/coins for current configuration options supported in master (Note: may differ from release).
Type: attribute set
Default: { }
Example:
{ "alternative_estimate_fee" = "whatthefee-disabled"; "alternative_estimate_fee_params" = "{\"url\": \"https://whatthefee.io/data.json\", \"periodSeconds\": 60}"; "fiat_rates" = "coingecko"; "fiat_rates_params" = "{\"url\": \"https://api.coingecko.com/api/v3\", \"coin\": \"bitcoin\", \"periodSeconds\": 60}"; "coin_shortcut" = "BTC"; "coin_label" = "Bitcoin"; "parse" = true; "subversion" = ""; "address_format" = ""; "xpub_magic" = 76067358; "xpub_magic_segwit_p2sh" = 77429938; "xpub_magic_segwit_native" = 78792518; "mempool_workers" = 8; "mempool_sub_workers" = 2; "block_addresses_to_keep" = 300; }Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
- services.blockbook-frontend.<name>.group
The group as which to run blockbook-frontend-‹name›.
Type: string
Default: "blockbook-frontend-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
- services.blockbook-frontend.<name>.internal
Internal http server binding [address]:port.
Type: null or string
Default: ":9030"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
- services.blockbook-frontend.<name>.messageQueueBinding
Message Queue Binding address:port.
Type: string
Default: "tcp://127.0.0.1:38330"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
- services.blockbook-frontend.<name>.public
Public http server binding [address]:port.
Type: null or string
Default: ":9130"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
- services.blockbook-frontend.<name>.rpc.password
RPC password for JSON-RPC connections. Warning: this is stored in cleartext in the Nix store!!! Use configFile or passwordFile if needed.
Type: string
Default: "rpc"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
- services.blockbook-frontend.<name>.rpc.passwordFile
File containing password of the RPC user. Note: This options is ignored when configFile is used.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
- services.blockbook-frontend.<name>.rpc.port
Port for JSON-RPC connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8030
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
- services.blockbook-frontend.<name>.rpc.url
URL for JSON-RPC connections.
Type: string
Default: "http://127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
- services.blockbook-frontend.<name>.rpc.user
Username for JSON-RPC connections.
Type: string
Default: "rpc"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
- services.blockbook-frontend.<name>.sync
Synchronizes until tip, if together with zeromq, keeps index synchronized.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
- services.blockbook-frontend.<name>.templateDir
Location of the HTML templates. By default, ones shipped with the package are used.
Type: path
Default: "${package}/share/templates/"
Example: "${dataDir}/templates/static/"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
- services.blockbook-frontend.<name>.user
The user as which to run blockbook-frontend-‹name›.
Type: string
Default: "blockbook-frontend-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
- services.bloop.extraOptions
Specifies additional command line argument to pass to bloop java process.
Type: list of strings
Default: [ ]
Example: [ "-J-Xmx2G" "-J-XX:MaxInlineLevel=20" "-J-XX:+UseParallelGC" ]
Declared by:
<nixpkgs/nixos/modules/services/development/bloop.nix>
- services.bloop.install
Whether to install a user service for the Bloop server.
The service must be manually started for each user with "systemctl --user start bloop".
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/development/bloop.nix>
- services.blueman.enable
Whether to enable blueman.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/blueman.nix>
- services.boinc.enable
Whether to enable the BOINC distributed computing client. If this option is set to true, the boinc_client daemon will be run as a background service. The boinccmd command can be used to control the daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/computing/boinc/client.nix>
- services.boinc.package
Which BOINC package to use.
Type: package
Default: pkgs.boinc
Declared by:
<nixpkgs/nixos/modules/services/computing/boinc/client.nix>
- services.boinc.allowRemoteGuiRpc
If set to true, any remote host can connect to and control this BOINC client (subject to password authentication). If instead set to false, only the hosts listed in dataDir/remote_hosts.cfg will be allowed to connect.
See also: http://boinc.berkeley.edu/wiki/Controlling_BOINC_remotely#Remote_access
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/computing/boinc/client.nix>
- services.boinc.dataDir
The directory in which to store BOINC's configuration and data files.
Type: path
Default: "/var/lib/boinc"
Declared by:
<nixpkgs/nixos/modules/services/computing/boinc/client.nix>
- services.boinc.extraEnvPackages
Additional packages to make available in the environment in which BOINC will run. Common choices are:
- pkgs.virtualbox
The VirtualBox virtual machine framework. Required by some BOINC projects, such as ATLAS@home.
- pkgs.ocl-icd
OpenCL infrastructure library. Required by BOINC projects that use OpenCL, in addition to a device-specific OpenCL driver.
- pkgs.linuxPackages.nvidia_x11
Provides CUDA libraries. Required by BOINC projects that use CUDA. Note that this requires an NVIDIA graphics device to be present on the system.
Also provides OpenCL drivers for NVIDIA GPUs; pkgs.ocl-icd is also needed in this case.
Type: list of packages
Default: [ ]
Example: [ pkgs.virtualbox ]
Declared by:
<nixpkgs/nixos/modules/services/computing/boinc/client.nix>
- services.bookstack.enable
Whether to enable BookStack.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.appKeyFile
A file containing the AppKey. Used for encryption where needed. Can be generated with head -c 32 /dev/urandom| base64 and must be prefixed with base64:.
Type: path
Example: "/run/keys/bookstack-appkey"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.appURL
The root URL that you want to host BookStack on. All URLs in BookStack will be generated using this value. If you change this in the future you may need to run a command to update stored URLs in the database. Command example: php artisan bookstack:update-url https://old.example.com https://new.example.com
Type: string
Example: "https://example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.cacheDir
BookStack cache directory
Type: path
Default: "/var/cache/bookstack"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.dataDir
BookStack data directory
Type: path
Default: "/var/lib/bookstack"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.database.createLocally
Create the database and database user locally.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.database.host
Database host address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.database.name
Database name.
Type: string
Default: "bookstack"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.database.passwordFile
A file containing the password corresponding to database.user.
Type: null or path
Default: null
Example: "/run/keys/bookstack-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.database.port
Database host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3306
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.database.user
Database username.
Type: string
Default: user
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.extraConfig
Lines to be appended verbatim to the BookStack configuration. Refer to https://www.bookstackapp.com/docs/ for details on supported values.
Type: null or strings concatenated with "\n"
Default: null
Example:
'' ALLOWED_IFRAME_HOSTS="https://example.com" WKHTMLTOPDF=/home/user/bins/wkhtmltopdf ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.group
Group bookstack runs as.
Type: string
Default: "bookstack"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.mail.driver
Mail driver to use.
Type: one of "smtp", "sendmail"
Default: "smtp"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.mail.encryption
SMTP encryption mechanism to use.
Type: null or value "tls" (singular enum)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.mail.from
Mail "from" email.
Type: string
Default: "mail@bookstackapp.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.mail.fromName
Mail "from" name.
Type: string
Default: "BookStack"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.mail.host
Mail host address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.mail.passwordFile
A file containing the password corresponding to mail.user.
Type: null or path
Default: null
Example: "/run/keys/bookstack-mailpassword"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.mail.port
Mail host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1025
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.mail.user
Mail username.
Type: null or string
Default: null
Example: "bookstack"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.maxUploadSize
The maximum size for uploads (e.g. images).
Type: string
Default: "18M"
Example: "1G"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx
With this option, you can customize the nginx virtualHost settings.
Type: submodule
Default: { }
Example:
{ serverAliases = [ "bookstack.${config.networking.domain}" ]; # To enable encryption and let let's encrypt take care of certificate forceSSL = true; enableACME = true; }Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.enableACME
Whether to ask Let's Encrypt to sign a certificate for this vhost. Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.acmeFallbackHost
Host which to proxy requests to if acme challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.acmeRoot
Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
Type: string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.addSSL
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of strings
Default: { }
Example:
{ user = "password"; };Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.basicAuthFile
Basic Auth password file for a vhost. Can be created via: htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.default
Makes this vhost the default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.extraConfig
These lines go to the end of the vhost verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.forceSSL
Whether to add a separate nginx server block that permanently redirects (301) all plain HTTP traffic to HTTPS. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.globalRedirect
If set, all requests for this host are redirected permanently to the given hostname.
Type: null or string
Default: null
Example: "newserver.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.http2
Whether to enable HTTP 2. Note that (as of writing) due to nginx's implementation, to disable HTTP 2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2,then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.http3
Whether to enable HTTP 3. This requires using pkgs.nginxQuic package which can be achieved by setting services.nginx.package = pkgs.nginxQuic;. Note that HTTP 3 support is experimental and *not* yet recommended for production. Read more at https://quic.nginx.org/
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.listen
Listen addresses and ports for this virtual host. IPv6 addresses must be enclosed in square brackets. Note: this option overrides addSSL and onlySSL.
If you only want to set the addresses manually and not the ports, take a look at listenAddresses
Type: list of submodules
Default: [ ]
Example: [ { addr = "195.154.1.1"; port = 443; ssl = true; } { addr = "192.154.1.1"; port = 80; } ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.listen.*.addr
IP address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.listen.*.extraParameters
Extra parameters of this listen directive.
Type: list of strings
Default: [ ]
Example: [ "reuseport" "deferred" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.listen.*.port
Port number.
Type: signed integer
Default: 80
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.listen.*.ssl
Enable SSL.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.listenAddresses
Listen addresses for this virtual host. Compared to listen this only sets the addreses and the ports are choosen automatically.
Note: This option overrides enableIPv6
Type: list of strings
Default: [ ]
Example: [ "127.0.0.1" "::1" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.locations
Declarative location config
Type: attribute set of submodules
Default: { }
Example:
{ "/" = { proxyPass = "http://localhost:3000"; }; };Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.locations.<name>.alias
Alias directory for requests.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.locations.<name>.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of strings
Default: { }
Example:
{ user = "password"; };Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.locations.<name>.basicAuthFile
Basic Auth password file for a vhost. Can be created via: htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.locations.<name>.extraConfig
These lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.locations.<name>.fastcgiParams
FastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won't unset the default values for other parameters.
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.locations.<name>.index
Adds index directive.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.locations.<name>.priority
Order of this location block in relation to the others in the vhost. The semantics are the same as with `lib.mkOrder`. Smaller values have a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.locations.<name>.proxyPass
Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.locations.<name>.proxyWebsockets
Whether to support proxying websocket connections with HTTP/1.1.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.locations.<name>.return
Adds a return directive, for e.g. redirections.
Type: null or string
Default: null
Example: "301 http://example.com$request_uri"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.locations.<name>.root
Root directory for requests.
Type: null or path
Default: null
Example: "/your/root/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.locations.<name>.tryFiles
Adds try_files directive.
Type: null or string
Default: null
Example: "$uri =404"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.onlySSL
Whether to enable HTTPS and reject plain HTTP connections. This will set defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.rejectSSL
Whether to listen for and reject all HTTPS connections to this vhost. Useful in default server blocks to avoid serving the certificate for another vhost. Uses the ssl_reject_handshake directive available in nginx versions 1.19.4 and above.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.root
The path of the web root directory.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of strings
Default: [ ]
Example: [ "www.example.org" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.serverName
Name of this virtual host. Defaults to attribute name in virtualHosts.
Type: null or string
Default: null
Example: "example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.sslCertificate
Path to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.sslCertificateKey
Path to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.sslTrustedCertificate
Path to root SSL certificate for stapling and client certificates.
Type: null or path
Default: null
Example: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.nginx.useACMEHost
A host of an existing Let's Encrypt certificate to use. This is useful if you have many subdomains and want to avoid hitting the rate limit. Alternately, you can generate a certificate through enableACME. Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.poolConfig
Options for the bookstack PHP pool. See the documentation on php-fpm.conf for details on configuration directives.
Type: attribute set of string or signed integer or booleans
Default: { pm = "dynamic"; pm.max_children = 32; pm.max_requests = 500; pm.max_spare_servers = 4; pm.min_spare_servers = 2; pm.start_servers = 2; }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.bookstack.user
User bookstack runs as.
Type: string
Default: "bookstack"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
- services.borgbackup.jobs
Deduplicating backups using BorgBackup. Adding a job will cause a borg-job-NAME wrapper to be added to your system path, so that you can perform maintenance easily. See also the chapter about BorgBackup in the NixOS manual.
Type: attribute set of submodules
Default: { }
Example:
{ # for a local backup rootBackup = { paths = "/"; exclude = [ "/nix" ]; repo = "/path/to/local/repo"; encryption = { mode = "repokey"; passphrase = "secret"; }; compression = "auto,lzma"; startAt = "weekly"; }; } { # Root backing each day up to a remote backup server. We assume that you have # * created a password less key: ssh-keygen -N "" -t ed25519 -f /path/to/ssh_key # best practices are: use -t ed25519, /path/to = /run/keys # * the passphrase is in the file /run/keys/borgbackup_passphrase # * you have initialized the repository manually paths = [ "/etc" "/home" ]; exclude = [ "/nix" "'**/.cache'" ]; doInit = false; repo = "user3@arep.repo.borgbase.com:repo"; encryption = { mode = "repokey-blake2"; passCommand = "cat /path/to/passphrase"; }; environment = { BORG_RSH = "ssh -i /path/to/ssh_key"; }; compression = "auto,lzma"; startAt = "daily"; };Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.appendFailedSuffix
Append a .failed suffix to the archive name, which is only removed if borg create has a zero exit status.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.archiveBaseName
How to name the created archives. A timestamp, whose format is determined by dateFormat, will be appended. The full name can be modified at runtime ($archiveName). Placeholders like {hostname} must not be used.
Type: string matching the pattern [^/{}]+
Default: "${config.networking.hostName}-<name>"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.compression
Compression method to use. Refer to borg help compression for all available options.
Type: string matching the pattern none|(auto,)?(lz4|zstd|zlib|lzma)(,[[:digit:]]{1,2})?
Default: "lz4"
Example: "auto,lzma"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.dateFormat
Arguments passed to date to create a timestamp suffix for the archive name.
Type: string
Default: "+%Y-%m-%dT%H:%M:%S"
Example: "-u +%s"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.doInit
Run borg init if the specified repo does not exist. You should set this to false if the repository is located on an external drive that might not always be mounted.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.dumpCommand
Backup the stdout of this program instead of filesystem paths. Mutually exclusive with paths.
Type: null or path
Default: null
Example: "/path/to/createZFSsend.sh"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.encryption.mode
Encryption mode to use. Setting a mode other than "none" requires you to specify a passCommand or a passphrase.
Type: one of "repokey", "keyfile", "repokey-blake2", "keyfile-blake2", "authenticated", "authenticated-blake2", "none"
Example: "repokey-blake2"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.encryption.passCommand
A command which prints the passphrase to stdout. Mutually exclusive with passphrase.
Type: null or string
Default: null
Example: "cat /path/to/passphrase_file"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.encryption.passphrase
The passphrase the backups are encrypted with. Mutually exclusive with passCommand. If you do not want the passphrase to be stored in the world-readable Nix store, use passCommand.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.environment
Environment variables passed to the backup script. You can for example specify which SSH key to use.
Type: attribute set of strings
Default: { }
Example: { BORG_RSH = "ssh -i /path/to/key"; }
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.exclude
Exclude paths matching any of the given patterns. See borg help patterns for pattern syntax.
Type: list of strings
Default: [ ]
Example: [ "/home/*/.cache" "/nix" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.extraArgs
Additional arguments for all borg calls the service has. Handle with care.
Type: string
Default: ""
Example: "--remote-path=/path/to/borg"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.extraCreateArgs
Additional arguments for borg create. Can also be set at runtime using $extraCreateArgs.
Type: string
Default: ""
Example: "--stats --checkpoint-interval 600"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.extraInitArgs
Additional arguments for borg init. Can also be set at runtime using $extraInitArgs.
Type: string
Default: ""
Example: "--append-only"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.extraPruneArgs
Additional arguments for borg prune. Can also be set at runtime using $extraPruneArgs.
Type: string
Default: ""
Example: "--save-space"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.group
The group borg is run as. User or group needs read permission for the specified paths.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.paths
Path(s) to back up. Mutually exclusive with dumpCommand.
Type: null or list of strings or string convertible to it
Default: null
Example: "/home/user"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.postCreate
Shell commands to run after borg create. The name of the created archive is stored in $archiveName.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.postHook
Shell commands to run just before exit. They are executed even if a previous command exits with a non-zero exit code. The latter is available as $exitStatus.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.postInit
Shell commands to run after borg init.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.postPrune
Shell commands to run after borg prune.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.preHook
Shell commands to run before the backup. This can for example be used to mount file systems.
Type: strings concatenated with "\n"
Default: ""
Example:
'' # To add excluded paths at runtime extraCreateArgs="$extraCreateArgs --exclude /some/path" ''
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.privateTmp
Set the PrivateTmp option for the systemd-service. Set to false if you need sockets or other files from global /tmp.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.prune.keep
Prune a repository by deleting all archives not matching any of the specified retention options. See borg help prune for the available options.
Type: attribute set of signed integer or string matching the pattern [[:digit:]]+[Hdwmy]s
Default: { }
Example:
{ within = "1d"; # Keep all archives from the last day daily = 7; weekly = 4; monthly = -1; # Keep at least one archive for each month }Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.prune.prefix
Only consider archive names starting with this prefix for pruning. By default, only archives created by this job are considered. Use "" to consider all archives.
Type: string
Default: archiveBaseName
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.readWritePaths
By default, borg cannot write anywhere on the system but $HOME/.config/borg and $HOME/.cache/borg. If, for example, your preHook script needs to dump files somewhere, put those directories here.
Type: list of paths
Default: [ ]
Example: [ "/var/backup/mysqldump" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.removableDevice
Whether the repo (which must be local) is a removable device.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.repo
Remote or local repository to back up to.
Type: string
Example: "user@machine:/path/to/repo"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.startAt
When or how often the backup should run. Must be in the format described in systemd.time(7). If you do not want the backup to start automatically, use [ ]. It will generate a systemd service borgbackup-job-NAME. You may trigger it manually via systemctl restart borgbackup-job-NAME.
Type: string or list of strings
Default: "daily"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.jobs.<name>.user
The user borg is run as. User or group need read permission for the specified paths.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.repos
Serve BorgBackup repositories to given public SSH keys, restricting their access to the repository only. See also the chapter about BorgBackup in the NixOS manual. Also, clients do not need to specify the absolute path when accessing the repository, i.e. user@machine:. is enough. (Note colon and dot.)
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.repos.<name>.allowSubRepos
Allow clients to create repositories in subdirectories of the specified path. These can be accessed using user@machine:path/to/subrepo. Note that a quota applies to repositories independently. Therefore, if this is enabled, clients can create multiple repositories and upload an arbitrary amount of data.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.repos.<name>.authorizedKeys
Public SSH keys that are given full write access to this repository. You should use a different SSH key for each repository you write to, because the specified keys are restricted to running borg serve and can only access this single repository.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.repos.<name>.authorizedKeysAppendOnly
Public SSH keys that can only be used to append new data (archives) to the repository. Note that archives can still be marked as deleted and are subsequently removed from disk upon accessing the repo with full write access, e.g. when pruning.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.repos.<name>.group
The group borg serve is run as. User or group needs write permission for the specified path.
Type: string
Default: "borg"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.repos.<name>.path
Where to store the backups. Note that the directory is created automatically, with correct permissions.
Type: path
Default: "/var/lib/borgbackup"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.repos.<name>.quota
Storage quota for the repository. This quota is ensured for all sub-repositories if allowSubRepos is enabled but not for the overall storage space used.
Type: null or string matching the pattern [[:digit:].]+[KMGTP]?
Default: null
Example: "100G"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgbackup.repos.<name>.user
The user borg serve is run as. User or group needs write permission for the specified path.
Type: string
Default: "borg"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
- services.borgmatic.enable
Whether to enable borgmatic.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/borgmatic.nix>
- services.borgmatic.settings
See https://torsion.org/borgmatic/docs/reference/configuration/
Type: attribute set of anythings
Declared by:
<nixpkgs/nixos/modules/services/backup/borgmatic.nix>
- services.borgmatic.settings.location.repositories
Paths to local or remote repositories (required). Tildes are expanded. Multiple repositories are backed up to in sequence. Borg placeholders can be used. See the output of "borg help placeholders" for details. See ssh_command for SSH options like identity file or port. If systemd service is used, then add local repository paths in the systemd service file to the ReadWritePaths list.
Type: list of strings
Example: [ "user@backupserver:sourcehostname.borg" "user@backupserver:{fqdn}" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgmatic.nix>
- services.borgmatic.settings.location.source_directories
List of source directories to backup (required). Globs and tildes are expanded.
Type: list of strings
Example: [ "/home" "/etc" "/var/log/syslog*" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgmatic.nix>
- services.bosun.enable
Whether to run bosun.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
- services.bosun.package
bosun binary to use.
Type: package
Default: pkgs.bosun
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
- services.bosun.checkFrequency
Bosun's check frequency
Type: string
Default: "5m"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
- services.bosun.extraConfig
Extra configuration options for Bosun. You should describe your desired templates, alerts, macros, etc through this configuration option.
A detailed description of the supported syntax can be found at-spi2-atk http://bosun.org/configuration.html
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
- services.bosun.group
Group account under which bosun runs.
Type: string
Default: "bosun"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
- services.bosun.influxHost
Host and port of the influxdb database.
Type: null or string
Default: null
Example: "localhost:8086"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
- services.bosun.ledisDir
Path to bosun's ledis data dir
Type: path
Default: "/var/lib/bosun/ledis_data"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
- services.bosun.listenAddress
The host address and port that bosun's web interface will listen on.
Type: string
Default: ":8070"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
- services.bosun.opentsdbHost
Host and port of the OpenTSDB database that stores bosun data. To disable opentsdb you can pass null as parameter.
Type: null or string
Default: "localhost:4242"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
- services.bosun.stateFile
Path to bosun's state file.
Type: path
Default: "/var/lib/bosun/bosun.state"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
- services.bosun.user
User account under which bosun runs.
Type: string
Default: "bosun"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
- services.botamusique.enable
Whether to enable botamusique, a bot to play audio streams on mumble.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/botamusique.nix>
- services.botamusique.package
The botamusique package to use.
Type: package
Default: pkgs.botamusique
Declared by:
<nixpkgs/nixos/modules/services/audio/botamusique.nix>
- services.botamusique.settings
Your configuration.ini as a Nix attribute set. Look up possible options in the configuration.example.ini.
Type: attribute set of attribute set of INI atom (null, bool, int, float or string)ss
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/audio/botamusique.nix>
- services.botamusique.settings.bot.comment
Comment displayed for the bot.
Type: string
Default: "Hi, I'm here to play radio, local music or youtube/soundcloud music. Have fun!"
Declared by:
<nixpkgs/nixos/modules/services/audio/botamusique.nix>
- services.botamusique.settings.bot.username
Name the bot should appear with.
Type: string
Default: "botamusique"
Declared by:
<nixpkgs/nixos/modules/services/audio/botamusique.nix>
- services.botamusique.settings.server.host
Hostname of the mumble server to connect to.
Type: string
Default: "localhost"
Example: "mumble.example.com"
Declared by:
<nixpkgs/nixos/modules/services/audio/botamusique.nix>
- services.botamusique.settings.server.port
Port of the mumble server to connect to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 64738
Declared by:
<nixpkgs/nixos/modules/services/audio/botamusique.nix>
- services.brltty.enable
Whether to enable the BRLTTY daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/brltty.nix>
- services.btrbk.extraPackages
Extra packages for btrbk, like compression utilities for stream_compress
Type: list of packages
Default: [ ]
Example: [ pkgs.xz ]
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
- services.btrbk.instances
Set of btrbk instances. The instance named btrbk is the default one.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
- services.btrbk.instances.<name>.onCalendar
How often this btrbk instance is started. See systemd.time(7) for more information about the format.
Type: string
Default: "daily"
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
- services.btrbk.instances.<name>.settings
configuration options for btrbk. Nested attrsets translate to subsections.
Type: attribute set of string or instances of this type recursivelys
Default: { }
Example: { snapshot_preserve = "14d"; snapshot_preserve_min = "2d"; volume = { /mnt/btr_pool = { subvolume = { home = { snapshot_create = "always"; } ; rootfs = { } ; } ; target = "/mnt/btr_backup/mylaptop"; } ; } ; }
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
- services.btrbk.ioSchedulingClass
IO scheduling class for btrbk (see ionice(1) for a quick description). Applies to local instances, and remote ones connecting by ssh if set to idle.
Type: one of "idle", "best-effort", "realtime"
Default: "best-effort"
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
- services.btrbk.niceness
Niceness for local instances of btrbk. Also applies to remote ones connecting via ssh when positive.
Type: integer between -20 and 19 (both inclusive)
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
- services.btrbk.sshAccess
SSH keys that should be able to make or push snapshots on this system remotely with btrbk
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
- services.btrbk.sshAccess.*.key
SSH public key allowed to login as user btrbk to run remote backups.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
- services.btrbk.sshAccess.*.roles
What actions can be performed with this SSH key. See ssh_filter_btrbk(1) for details
Type: list of one of "info", "source", "target", "delete", "snapshot", "send", "receive"s
Example: [ "source" "info" "send" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
- services.btrfs.autoScrub.enable
Whether to enable regular btrfs scrub.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/btrfs.nix>
- services.btrfs.autoScrub.fileSystems
List of paths to btrfs filesystems to regularily call btrfs scrub on. Defaults to all mount points with btrfs filesystems. If you mount a filesystem multiple times or additionally mount subvolumes, you need to manually specify this list to avoid scrubbing multiple times.
Type: list of paths
Example: [ "/" ]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/btrfs.nix>
- services.btrfs.autoScrub.interval
Systemd calendar expression for when to scrub btrfs filesystems. The recommended period is a month but could be less (btrfs-scrub(8)). See systemd.time(7) for more information on the syntax.
Type: string
Default: "monthly"
Example: "weekly"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/btrfs.nix>
- services.buildbot-master.enable
Whether to enable the Buildbot continuous integration server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
- services.buildbot-master.package
Package to use for buildbot.
Type: package
Default: pkgs.python3Packages.buildbot-full
Example: pkgs.python3Packages.buildbot
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
- services.buildbot-master.packages
Packages to add to PATH for the buildbot process.
Type: list of packages
Default: [ pkgs.git ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
- services.buildbot-master.buildbotDir
Specifies the Buildbot directory.
Type: path
Default: "/home/buildbot/master"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
- services.buildbot-master.buildbotUrl
Specifies the Buildbot URL.
Type: string
Default: "http://localhost:8010/"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
- services.buildbot-master.builders
List of Builders.
Type: list of strings
Default: [ "util.BuilderConfig(name='runtests',workernames=['example-worker'],factory=factory)" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
- services.buildbot-master.changeSource
List of Change Sources.
Type: list of strings
Default: [ ]
Example: [ "changes.GitPoller('git://github.com/buildbot/pyflakes.git', workdir='gitpoller-workdir', branch='master', pollinterval=300)" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
- services.buildbot-master.dbUrl
Specifies the database connection string.
Type: string
Default: "sqlite:///state.sqlite"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
- services.buildbot-master.extraConfig
Extra configuration to append to master.cfg
Type: string
Default: "c['buildbotNetUsageData'] = None"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
- services.buildbot-master.extraGroups
List of extra groups that the buildbot user should be a part of.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
- services.buildbot-master.factorySteps
Factory Steps
Type: list of strings
Default: [ ]
Example: [ "steps.Git(repourl='git://github.com/buildbot/pyflakes.git', mode='incremental')" "steps.ShellCommand(command=['trial', 'pyflakes'])" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
- services.buildbot-master.group
Primary group of buildbot user.
Type: string
Default: "buildbot"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
- services.buildbot-master.home
Buildbot home directory.
Type: path
Default: "/home/buildbot"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
- services.buildbot-master.listenAddress
Specifies the bind address on which the buildbot HTTP interface listens.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
- services.buildbot-master.masterCfg
Optionally pass master.cfg path. Other options in this configuration will be ignored.
Type: path
Default: generated configuration file
Example: "/etc/nixos/buildbot/master.cfg"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
- services.buildbot-master.pbPort
The buildmaster will listen on a TCP port of your choosing for connections from workers. It can also use this port for connections from remote Change Sources, status clients, and debug tools. This port should be visible to the outside world, and you’ll need to tell your worker admins about your choice. If put in (single) quotes, this can also be used as a connection string, as defined in the ConnectionStrings guide.
Type: string or signed integer
Default: 9989
Example: "'tcp:9990:interface=127.0.0.1'"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
- services.buildbot-master.port
Specifies port number on which the buildbot HTTP interface listens.
Type: signed integer
Default: 8010
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
- services.buildbot-master.pythonPackages
Packages to add the to the PYTHONPATH of the buildbot process.
Type: function that evaluates to a(n) listOf
Default: pythonPackages: with pythonPackages; [ ]
Example: pythonPackages: with pythonPackages; [ requests ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
- services.buildbot-master.reporters
List of reporter objects used to present build status to various users.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
- services.buildbot-master.schedulers
List of Schedulers.
Type: list of strings
Default: [ "schedulers.SingleBranchScheduler(name='all', change_filter=util.ChangeFilter(branch='master'), treeStableTimer=None, builderNames=['runtests'])" "schedulers.ForceScheduler(name='force',builderNames=['runtests'])" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
- services.buildbot-master.title
Specifies the Buildbot Title.
Type: string
Default: "Buildbot"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
- services.buildbot-master.titleUrl
Specifies the Buildbot TitleURL.
Type: string
Default: "Buildbot"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
- services.buildbot-master.user
User the buildbot server should execute under.
Type: string
Default: "buildbot"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
- services.buildbot-master.workers
List of Workers.
Type: list of strings
Default: [ "worker.Worker('example-worker', 'pass')" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
- services.buildbot-worker.enable
Whether to enable the Buildbot Worker.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
- services.buildbot-worker.package
Package to use for buildbot worker.
Type: package
Default: pkgs.python3Packages.buildbot-worker
Example: pkgs.python2Packages.buildbot-worker
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
- services.buildbot-worker.packages
Packages to add to PATH for the buildbot process.
Type: list of packages
Default: [ pkgs.git ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
- services.buildbot-worker.adminMessage
Name of the administrator of this worker
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
- services.buildbot-worker.buildbotDir
Specifies the Buildbot directory.
Type: path
Default: "/home/bbworker/worker"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
- services.buildbot-worker.extraGroups
List of extra groups that the Buildbot Worker user should be a part of.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
- services.buildbot-worker.group
Primary group of buildbot Worker user.
Type: string
Default: "bbworker"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
- services.buildbot-worker.home
Buildbot home directory.
Type: path
Default: "/home/bbworker"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
- services.buildbot-worker.hostMessage
Description of this worker
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
- services.buildbot-worker.keepalive
This is a number that indicates how frequently keepalive messages should be sent from the worker to the buildmaster, expressed in seconds.
Type: signed integer
Default: 600
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
- services.buildbot-worker.masterUrl
Specifies the Buildbot Worker connection string.
Type: string
Default: "localhost:9989"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
- services.buildbot-worker.user
User the buildbot Worker should execute under.
Type: string
Default: "bbworker"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
- services.buildbot-worker.workerPass
Specifies the Buildbot Worker password.
Type: string
Default: "pass"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
- services.buildbot-worker.workerPassFile
File used to store the Buildbot Worker password
Type: path
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
- services.buildbot-worker.workerUser
Specifies the Buildbot Worker user.
Type: string
Default: "example-worker"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
- services.buildkite-agents
Attribute set of buildkite agents. The attribute key is combined with the hostname and a unique integer to create the final agent name. This can be overridden by setting the `name` attribute.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
- services.buildkite-agents.<name>.enable
Whether to enable this buildkite agent
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
- services.buildkite-agents.<name>.package
Which buildkite-agent derivation to use
Type: package
Default: pkgs.buildkite-agent
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
- services.buildkite-agents.<name>.dataDir
The workdir for the agent
Type: string
Default: "/var/lib/buildkite-agent-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
- services.buildkite-agents.<name>.extraConfig
Extra lines to be added verbatim to the configuration file.
Type: strings concatenated with "\n"
Default: ""
Example: "debug=true"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
- services.buildkite-agents.<name>.hooks.checkout
The `checkout` hook script will replace the default checkout routine of the bootstrap.sh script. You can use this hook to do your own SCM checkout behaviour
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
- services.buildkite-agents.<name>.hooks.command
The `command` hook script will replace the default implementation of running the build command.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
- services.buildkite-agents.<name>.hooks.environment
The `environment` hook will run before all other commands, and can be used to set up secrets, data, etc. Anything exported in hooks will be available to the build script.
Note: the contents of this file will be copied to the world-readable Nix store.
Type: null or strings concatenated with "\n"
Default: null
Example:
'' export SECRET_VAR=`head -1 /run/keys/secret` ''
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
- services.buildkite-agents.<name>.hooks.post-artifact
The `post-artifact` hook will run just after artifacts are uploaded
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
- services.buildkite-agents.<name>.hooks.post-checkout
The `post-checkout` hook will run after the bootstrap script has checked out your projects source code.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
- services.buildkite-agents.<name>.hooks.post-command
The `post-command` hook will run after the bootstrap script has run your build commands
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
- services.buildkite-agents.<name>.hooks.pre-artifact
The `pre-artifact` hook will run just before artifacts are uploaded
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
- services.buildkite-agents.<name>.hooks.pre-checkout
The `pre-checkout` hook will run just before your projects source code is checked out from your SCM provider
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
- services.buildkite-agents.<name>.hooks.pre-command
The `pre-command` hook will run just before your build command runs
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
- services.buildkite-agents.<name>.hooks.pre-exit
The `pre-exit` hook will run just before your build job finishes
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
- services.buildkite-agents.<name>.hooksPath
Path to the directory storing the hooks. Consider using services.buildkite-agents.<name>.hooks.<name> instead.
Type: path
Default: generated from services.buildkite-agents.<name>.hooks
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
- services.buildkite-agents.<name>.name
The name of the agent as seen in the buildkite dashboard.
Type: string
Default: "%hostname-‹name›-%n"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
- services.buildkite-agents.<name>.privateSshKeyPath
OpenSSH private key
A run-time path to the key file, which is supposed to be provisioned outside of Nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
- services.buildkite-agents.<name>.runtimePackages
Add programs to the buildkite-agent environment
Type: list of packages
Default: [ pkgs.bash pkgs.gnutar pkgs.gzip pkgs.git pkgs.nix ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
- services.buildkite-agents.<name>.shell
Command that buildkite-agent 3 will execute when it spawns a shell.
Type: string
Default: "${pkgs.bash}/bin/bash -e -c"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
- services.buildkite-agents.<name>.tags
Tags for the agent.
Type: attribute set of string or list of stringss
Default: { }
Example: { docker = "true"; queue = "default"; ruby2 = "true"; }
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
- services.buildkite-agents.<name>.tokenPath
The token from your Buildkite "Agents" page.
A run-time path to the token file, which is supposed to be provisioned outside of Nix store.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
- services.cachefilesd.enable
Whether to enable cachefilesd network filesystems caching daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/cachefilesd.nix>
- services.cachefilesd.cacheDir
Directory to contain filesystem cache.
Type: string
Default: "/var/cache/fscache"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/cachefilesd.nix>
- services.cachefilesd.extraConfig
Additional configuration file entries. See cachefilesd.conf(5) for more information.
Type: strings concatenated with "\n"
Default: ""
Example: "brun 10%"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/cachefilesd.nix>
- services.caddy.enable
Whether to enable Caddy web server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
- services.caddy.package
Caddy package to use.
Type: package
Default: pkgs.caddy
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
- services.caddy.adapter
Name of the config adapter to use. See https://caddyserver.com/docs/config-adapters for the full list.
Type: string
Default: "caddyfile"
Example: "nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
- services.caddy.ca
Certificate authority ACME server. The default (Let's Encrypt production server) should be fine for most people. Set it to null if you don't want to include any authority (or if you want to write a more fine-graned configuration manually)
Type: null or string
Default: "https://acme-v02.api.letsencrypt.org/directory"
Example: "https://acme-staging-v02.api.letsencrypt.org/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
- services.caddy.config
Verbatim Caddyfile to use. Caddy v2 supports multiple config formats via adapters (see services.caddy.adapter).
Type: strings concatenated with "\n"
Default: ""
Example:
'' example.com { encode gzip log root /srv/http } ''Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
- services.caddy.dataDir
The data directory, for storing certificates. Before 17.09, this would create a .caddy directory. With 17.09 the contents of the .caddy directory are in the specified data directory instead.
Caddy v2 replaced CADDYPATH with XDG directories. See https://caddyserver.com/docs/conventions#file-locations.
Type: path
Default: "/var/lib/caddy"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
- services.caddy.email
Email address (for Let's Encrypt certificate)
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
- services.caddy.group
Group account under which caddy runs.
Type: string
Default: "caddy"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
- services.caddy.resume
Use saved config, if any (and prefer over configuration passed with services.caddy.config).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
- services.caddy.user
User account under which caddy runs.
Type: string
Default: "caddy"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
- services.caddy.virtualHosts
Declarative vhost config
Type: attribute set of submodules
Default: { }
Example:
{ "hydra.example.com" = { serverAliases = [ "www.hydra.example.com" ]; extraConfig = '''' encode gzip log root /srv/http ''''; }; };Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
- services.caddy.virtualHosts.<name>.extraConfig
These lines go into the vhost verbatim
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
- services.caddy.virtualHosts.<name>.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of strings
Default: [ ]
Example: [ "www.example.org" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
- services.cadvisor.enable
Whether to enable cadvisor service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
- services.cadvisor.extraOptions
Additional cadvisor options.
See https://github.com/google/cadvisor/blob/master/docs/runtime_options.md for available options.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
- services.cadvisor.listenAddress
Cadvisor listening host
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
- services.cadvisor.port
Cadvisor listening port
Type: signed integer
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
- services.cadvisor.storageDriver
Cadvisor storage driver.
Type: null or string
Default: null
Example: "influxdb"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
- services.cadvisor.storageDriverDb
Cadvisord storage driver database name.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
- services.cadvisor.storageDriverHost
Cadvisor storage driver host.
Type: string
Default: "localhost:8086"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
- services.cadvisor.storageDriverPassword
Cadvisor storage driver password.
Warning: this password is stored in the world-readable Nix store. It's recommended to use the storageDriverPasswordFile option since that gives you control over the security of the password. storageDriverPasswordFile also takes precedence over storageDriverPassword.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
- services.cadvisor.storageDriverPasswordFile
File that contains the cadvisor storage driver password.
storageDriverPasswordFile takes precedence over storageDriverPassword
Warning: when storageDriverPassword is non-empty this defaults to a file in the world-readable Nix store that contains the value of storageDriverPassword.
It's recommended to override this with a path not in the Nix store. Tip: use nixops key management
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
- services.cadvisor.storageDriverSecure
Cadvisor storage driver, enable secure communication.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
- services.cadvisor.storageDriverUser
Cadvisor storage driver username.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
- services.cage.enable
Whether to enable cage kiosk service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/wayland/cage.nix>
- services.cage.extraArguments
Additional command line arguments to pass to Cage.
Type: list of strings
Default: []
Example: [ "-d" ]
Declared by:
<nixpkgs/nixos/modules/services/wayland/cage.nix>
- services.cage.program
Program to run in cage.
Type: path
Default: "${pkgs.xterm}/bin/xterm"
Declared by:
<nixpkgs/nixos/modules/services/wayland/cage.nix>
- services.cage.user
User to log-in as.
Type: string
Default: "demo"
Declared by:
<nixpkgs/nixos/modules/services/wayland/cage.nix>
- services.calibre-server.enable
Whether to enable calibre-server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/calibre-server.nix>
- services.calibre-server.group
The group under which calibre-server runs.
Type: string
Default: "calibre-server"
Declared by:
<nixpkgs/nixos/modules/services/misc/calibre-server.nix>
- services.calibre-server.libraries
The directories of the libraries to serve. They must be readable for the user under which the server runs.
Type: list of paths
Declared by:
<nixpkgs/nixos/modules/services/misc/calibre-server.nix>
- services.calibre-server.user
The user under which calibre-server runs.
Type: string
Default: "calibre-server"
Declared by:
<nixpkgs/nixos/modules/services/misc/calibre-server.nix>
- services.calibre-web.enable
Whether to enable Calibre-Web.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
- services.calibre-web.dataDir
The directory below /var/lib where Calibre-Web stores its data.
Type: string
Default: "calibre-web"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
- services.calibre-web.group
Group account under which Calibre-Web runs.
Type: string
Default: "calibre-web"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
- services.calibre-web.listen.ip
IP address that Calibre-Web should listen on.
Type: string
Default: "::1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
- services.calibre-web.listen.port
Listen port for Calibre-Web.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8083
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
- services.calibre-web.openFirewall
Open ports in the firewall for the server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
- services.calibre-web.options.enableBookConversion
Configure path to the Calibre's ebook-convert in the DB.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
- services.calibre-web.options.enableBookUploading
Allow books to be uploaded via Calibre-Web UI.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
- services.calibre-web.options.calibreLibrary
Path to Calibre library.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
- services.calibre-web.options.reverseProxyAuth.enable
Enable authorization using auth proxy.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
- services.calibre-web.options.reverseProxyAuth.header
Auth proxy header name.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
- services.calibre-web.user
User account under which Calibre-Web runs.
Type: string
Default: "calibre-web"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
- services.canto-daemon.enable
Whether to enable the canto RSS daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/canto-daemon.nix>
- services.cassandra.enable
Whether to enable Apache Cassandra – Scalable and highly available database. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.package
The Apache Cassandra package to use.
Type: package
Default: pkgs.cassandra
Example: pkgs.cassandra_3_11
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.allowClients
Enables or disables the native transport server (CQL binary protocol). This server uses the same address as the rpcAddress, but the port it uses is not rpc_port but native_transport_port. See the official Cassandra docs for more information on these variables and set them using extraConfig.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.clusterName
The name of the cluster. This setting prevents nodes in one logical cluster from joining another. All nodes in a cluster must have the same value.
Type: string
Default: "Test Cluster"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.extraConfig
Extra options to be merged into cassandra.yaml as nix attribute set.
Type: attribute set
Default: { }
Example: { commitlog_sync_batch_window_in_ms = 3; }
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.extraEnvSh
Extra shell lines to be appended onto cassandra-env.sh.
Type: strings concatenated with "\n"
Default: ""
Example: "CLASSPATH=$CLASSPATH:${extraJar}"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.fullRepairInterval
Set the interval how often full repairs are run, i.e. nodetool repair --full is executed. See https://cassandra.apache.org/doc/latest/operating/repair.html for more information.
Set to null to disable full repairs.
Type: null or string
Default: "3w"
Example: null
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.fullRepairOptions
Options passed through to the full repair command.
Type: list of strings
Default: [ ]
Example: [ "--partitioner-range" ]
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.group
Run Apache Cassandra under this group.
Type: string
Default: "cassandra"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.heapNewSize
Must be left blank or set together with heapNewSize. If left blank a sensible value for the available amount of RAM and CPU cores is calculated.
Override to set the amount of memory to allocate to the JVM at start-up. For production use you may wish to adjust this for your environment. HEAP_NEWSIZE refers to the size of the young generation.
The main trade-off for the young generation is that the larger it is, the longer GC pause times will be. The shorter it is, the more expensive GC will be (usually).
The example HEAP_NEWSIZE assumes a modern 8-core+ machine for decent pause times. If in doubt, and if you do not particularly want to tweak, go with 100 MB per physical CPU core.
Type: null or string
Default: null
Example: "800M"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.homeDir
Home directory for Apache Cassandra.
Type: path
Default: "/var/lib/cassandra"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.incrementalRepairInterval
Set the interval how often incremental repairs are run, i.e. nodetool repair is executed. See https://cassandra.apache.org/doc/latest/operating/repair.html for more information.
Set to null to disable incremental repairs.
Type: null or string
Default: "3d"
Example: null
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.incrementalRepairOptions
Options passed through to the incremental repair command.
Type: list of strings
Default: [ ]
Example: [ "--partitioner-range" ]
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.jmxPort
Specifies the default port over which Cassandra will be available for JMX connections. For security reasons, you should not expose this port to the internet. Firewall it if needed.
Type: signed integer
Default: 7199
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.jmxRoles
Roles that are allowed to access the JMX (e.g. nodetool) BEWARE: The passwords will be stored world readable in the nix-store. It's recommended to use your own protected file using jmxRolesFile
Doesn't work in versions older than 3.11 because they don't like that it's world readable.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.jmxRoles.*.password
Password for JMX
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.jmxRoles.*.username
Username for JMX
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.jmxRolesFile
Specify your own jmx roles file.
Make sure the permissions forbid "others" from reading the file if you're using Cassandra below version 3.11.
Type: null or path
Default: generated configuration file if version is at least 3.11, otherwise null
Example: "/var/lib/cassandra/jmx.password"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.jvmOpts
Populate the JVM_OPT environment variable.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.listenAddress
Address or interface to bind to and tell other Cassandra nodes to connect to. You _must_ change this if you want multiple nodes to be able to communicate!
Set listenAddress OR listenInterface, not both.
Leaving it blank leaves it up to InetAddress.getLocalHost(). This will always do the Right Thing _if_ the node is properly configured (hostname, name resolution, etc), and the Right Thing is to use the address associated with the hostname (it might not be).
Setting listen_address to 0.0.0.0 is always wrong.
Type: null or string
Default: "127.0.0.1"
Example: null
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.listenInterface
Set listenAddress OR listenInterface, not both. Interfaces must correspond to a single address, IP aliasing is not supported.
Type: null or string
Default: null
Example: "eth1"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.logbackConfig
XML logback configuration for cassandra
Type: strings concatenated with "\n"
Default:
'' <configuration scan="false"> <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> <encoder> <pattern>%-5level %date{HH:mm:ss,SSS} %msg%n</pattern> </encoder> </appender> <root level="INFO"> <appender-ref ref="STDOUT" /> </root> <logger name="com.thinkaurelius.thrift" level="ERROR"/> </configuration> ''Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.mallocArenaMax
Set this to control the amount of arenas per-thread in glibc.
Type: null or signed integer
Default: null
Example: 4
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.maxHeapSize
Must be left blank or set together with heapNewSize. If left blank a sensible value for the available amount of RAM and CPU cores is calculated.
Override to set the amount of memory to allocate to the JVM at start-up. For production use you may wish to adjust this for your environment. MAX_HEAP_SIZE is the total amount of memory dedicated to the Java heap. HEAP_NEWSIZE refers to the size of the young generation.
The main trade-off for the young generation is that the larger it is, the longer GC pause times will be. The shorter it is, the more expensive GC will be (usually).
Type: null or string
Default: null
Example: "4G"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.remoteJmx
Cassandra ships with JMX accessible *only* from localhost. To enable remote JMX connections set to true.
Be sure to also enable authentication and/or TLS. See: https://wiki.apache.org/cassandra/JmxSecurity
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.rpcAddress
The address or interface to bind the native transport server to.
Set rpcAddress OR rpcInterface, not both.
Leaving rpcAddress blank has the same effect as on listenAddress (i.e. it will be based on the configured hostname of the node).
Note that unlike listenAddress, you can specify 0.0.0.0, but you must also set extraConfig.broadcast_rpc_address to a value other than 0.0.0.0.
For security reasons, you should not expose this port to the internet. Firewall it if needed.
Type: null or string
Default: "127.0.0.1"
Example: null
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.rpcInterface
Set rpcAddress OR rpcInterface, not both. Interfaces must correspond to a single address, IP aliasing is not supported.
Type: null or string
Default: null
Example: "eth1"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.seedAddresses
The addresses of hosts designated as contact points in the cluster. A joining node contacts one of the nodes in the seeds list to learn the topology of the ring. Set to 127.0.0.1 for a single node cluster.
Type: list of strings
Default: [ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.cassandra.user
Run Apache Cassandra under this user.
Type: string
Default: "cassandra"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
- services.ceph.enable
Whether to enable Ceph global configuration.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.client.enable
Whether to enable Ceph client configuration.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.client.extraConfig
Extra configuration to add to the client section. Configuration for rados gateways would be added here, with their own sections, see example.
Type: attribute set of attribute set of stringss
Default: { }
Example:
{ # This would create a section for a radosgw daemon named node0 and related # configuration for it "client.radosgw.node0" = { "some config option" = "true"; }; };Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.extraConfig
Extra configuration to add to the global section. Use for setting values that are common for all daemons in the cluster.
Type: attribute set of strings
Default: { }
Example: { ms bind ipv6 = "true"; }
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.global.authClientRequired
Enables requiring the cluster to authenticate itself to the client.
Type: one of "cephx", "none"
Default: "cephx"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.global.authClusterRequired
Enables requiring daemons to authenticate with eachother in the cluster.
Type: one of "cephx", "none"
Default: "cephx"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.global.authServiceRequired
Enables requiring clients to authenticate with the cluster to access services in the cluster (e.g. radosgw, mds or osd).
Type: one of "cephx", "none"
Default: "cephx"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.global.clusterName
Name of cluster
Type: string
Default: "ceph"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.global.clusterNetwork
A comma-separated list of subnets that will be used as cluster networks in the cluster.
Type: null or strings concatenated with ","
Default: null
Example:
'' 10.10.0.0/24, 192.168.0.0/24 ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.global.fsid
Filesystem ID, a generated uuid, its must be generated and set before attempting to start a cluster
Type: string
Example:
'' 433a2193-4f8a-47a0-95d2-209d7ca2cca5 ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.global.maxOpenFiles
Max open files for each OSD daemon.
Type: signed integer
Default: 131072
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.global.mgrModulePath
Path at which to find ceph-mgr modules.
Type: path
Default: "${pkgs.ceph.lib}/lib/ceph/mgr"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.global.monHost
List of hostname shortnames/IP addresses of the initial monitors.
Type: null or strings concatenated with ","
Default: null
Example:
'' 10.10.0.1, 10.10.0.2, 10.10.0.3 ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.global.monInitialMembers
List of hosts that will be used as monitors at startup.
Type: null or strings concatenated with ","
Default: null
Example:
'' node0, node1, node2 ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.global.publicNetwork
A comma-separated list of subnets that will be used as public networks in the cluster.
Type: null or strings concatenated with ","
Default: null
Example:
'' 10.20.0.0/24, 192.168.1.0/24 ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.global.rgwMimeTypesFile
Path to mime types used by radosgw.
Type: null or path
Default: "${pkgs.mime-types}/etc/mime.types"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.mds.enable
Whether to enable Ceph MDS daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.mds.daemons
A list of metadata service daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in mds.name1
Type: list of strings
Default: [ ]
Example: [ "name1" "name2" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.mds.extraConfig
Extra configuration to add to the MDS section.
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.mgr.enable
Whether to enable Ceph MGR daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.mgr.daemons
A list of names for manager daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in mgr.name1
Type: list of strings
Default: [ ]
Example: [ "name1" "name2" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.mgr.extraConfig
Extra configuration to add to the global section for manager daemons.
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.mon.enable
Whether to enable Ceph MON daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.mon.daemons
A list of monitor daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in mon.name1
Type: list of strings
Default: [ ]
Example: [ "name1" "name2" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.mon.extraConfig
Extra configuration to add to the monitor section.
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.osd.enable
Whether to enable Ceph OSD daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.osd.daemons
A list of OSD daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in osd.name1
Type: list of strings
Default: [ ]
Example: [ "name1" "name2" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.osd.extraConfig
Extra configuration to add to the OSD section.
Type: attribute set of strings
Default: { osd crush chooseleaf type = "1"; osd journal size = "10000"; osd pool default min size = "2"; osd pool default pg num = "200"; osd pool default pgp num = "200"; osd pool default size = "3"; }
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.rgw.enable
Whether to enable Ceph RadosGW daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.ceph.rgw.daemons
A list of rados gateway daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in client.name1, radosgw daemons aren't daemons to cluster in the sense that OSD, MGR or MON daemons are. They are simply daemons, from ceph, that uses the cluster as a backend.
Type: list of strings
Default: [ ]
Example: [ "name1" "name2" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
- services.certmgr.enable
Whether to enable certmgr.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
- services.certmgr.package
Which certmgr package to use in the service.
Type: package
Default: pkgs.certmgr
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
- services.certmgr.defaultRemote
The default CA host:port to use.
Type: string
Default: "127.0.0.1:8888"
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
- services.certmgr.metricsAddress
The address for the Prometheus HTTP endpoint.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
- services.certmgr.metricsPort
The port for the Prometheus HTTP endpoint.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9488
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
- services.certmgr.renewInterval
How often to check certificate expirations and how often to update the cert_next_expires metric.
Type: string
Default: "30m"
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
- services.certmgr.specs
Certificate specs as described by: https://github.com/cloudflare/certmgr#certificate-specs These will be added to the Nix store, so they will be world readable.
Type: attribute set of path or submodules
Default: { }
Example:
{ exampleCert = let domain = "example.com"; secret = name: "/var/lib/secrets/${name}.pem"; in { service = "nginx"; action = "reload"; authority = { file.path = secret "ca"; }; certificate = { path = secret domain; }; private_key = { owner = "root"; group = "root"; mode = "0600"; path = secret "${domain}-key"; }; request = { CN = domain; hosts = [ "mail.${domain}" "www.${domain}" ]; key = { algo = "rsa"; size = 2048; }; names = { O = "Example Organization"; C = "USA"; }; }; }; otherCert = "/var/certmgr/specs/other-cert.json"; }Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
- services.certmgr.svcManager
This specifies the service manager to use for restarting or reloading services. See: https://github.com/cloudflare/certmgr#certmgryaml. For how to use the "command" service manager in particular, see: https://github.com/cloudflare/certmgr#command-svcmgr-and-how-to-use-it.
Type: one of "circus", "command", "dummy", "openrc", "systemd", "sysv"
Default: "systemd"
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
- services.certmgr.validMin
The interval before a certificate expires to start attempting to renew it.
Type: string
Default: "72h"
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
- services.cfdyndns.enable
Whether to enable Cloudflare Dynamic DNS Client.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/cfdyndns.nix>
- services.cfdyndns.apikeyFile
The path to a file containing the API Key used to authenticate with CloudFlare.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/cfdyndns.nix>
- services.cfdyndns.email
The email address to use to authenticate to CloudFlare.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/cfdyndns.nix>
- services.cfdyndns.records
The records to update in CloudFlare.
Type: list of strings
Default: [ ]
Example: [ "host.tld" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/cfdyndns.nix>
- services.cfssl.enable
Whether to enable the CFSSL CA api-server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
- services.cfssl.address
Address to bind.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
- services.cfssl.ca
CA used to sign the new certificate -- accepts '[file:]fname' or 'env:varname'.
Type: string
Default: "${cfg.dataDir}/ca.pem"
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
- services.cfssl.caBundle
Path to root certificate store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
- services.cfssl.caKey
CA private key -- accepts '[file:]fname' or 'env:varname'.
Type: string
Default: "file:${cfg.dataDir}/ca-key.pem"
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
- services.cfssl.configFile
Path to configuration file. Do not put this in nix-store as it might contain secrets.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
- services.cfssl.dataDir
Cfssl work directory.
Type: path
Default: "/var/lib/cfssl"
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
- services.cfssl.dbConfig
Certificate db configuration file. Path must be writeable.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
- services.cfssl.intBundle
Path to intermediate certificate store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
- services.cfssl.intDir
Intermediates directory.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
- services.cfssl.logLevel
Log level (0 = DEBUG, 5 = FATAL).
Type: one of 0, 1, 2, 3, 4, 5
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
- services.cfssl.metadata
Metadata file for root certificate presence. The content of the file is a json dictionary (k,v): each key k is a SHA-1 digest of a root certificate while value v is a list of key store filenames.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
- services.cfssl.mutualTlsCa
Mutual TLS - require clients be signed by this CA.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
- services.cfssl.mutualTlsClientCert
Mutual TLS - client certificate to call remote instance requiring client certs.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
- services.cfssl.mutualTlsClientKey
Mutual TLS - client key to call remote instance requiring client certs. Do not put this in nix-store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
- services.cfssl.mutualTlsCn
Mutual TLS - regex for whitelist of allowed client CNs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
- services.cfssl.port
Port to bind.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8888
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
- services.cfssl.remote
Remote CFSSL server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
- services.cfssl.responder
Certificate for OCSP responder.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
- services.cfssl.responderKey
Private key for OCSP responder certificate. Do not put this in nix-store.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
- services.cfssl.tlsCert
Other endpoint's CA to set up TLS protocol.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
- services.cfssl.tlsKey
Other endpoint's CA private key. Do not put this in nix-store.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
- services.cfssl.tlsRemoteCa
CAs to trust for remote TLS requests.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
- services.cgminer.enable
Whether to enable cgminer, an ASIC/FPGA/GPU miner for bitcoin and litecoin.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
- services.cgminer.package
Which cgminer derivation to use.
Type: package
Default: pkgs.cgminer
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
- services.cgminer.config
Additional config
Type: attribute set of boolean or signed integers
Default: { }
Example: { auto-fan = true; auto-gpu = true; expiry = 120; failover-only = true; gpu-threads = 2; log = 5; queue = 1; scan-time = 60; temp-histeresys = 3; }
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
- services.cgminer.hardware
List of config options for every GPU
Type: list of attribute set of string or signed integerss
Default: [ ]
Example: [ { gpu-engine = "0-985"; gpu-fan = "0-85"; gpu-memclock = 860; gpu-powertune = 20; intensity = 9; temp-cutoff = 95; temp-overheat = 85; temp-target = 75; } { gpu-engine = "0-950"; gpu-fan = "0-85"; gpu-memclock = 825; gpu-powertune = 20; intensity = 9; temp-cutoff = 95; temp-overheat = 85; temp-target = 75; } ]
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
- services.cgminer.pools
List of pools where to mine
Type: list of attribute set of stringss
Default: [ ]
Example: [ { password = "X"; url = "http://p2pool.org:9332"; username = "17EUZxTvs9uRmPsjPZSYUU3zCz9iwstudk"; } ]
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
- services.cgminer.user
User account under which cgminer runs
Type: string
Default: "cgminer"
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
- services.charybdis.enable
Whether to enable Charybdis IRC daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/charybdis.nix>
- services.charybdis.config
Charybdis IRC daemon configuration file.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/charybdis.nix>
- services.charybdis.group
Charybdis IRC daemon group.
Type: string
Default: "ircd"
Declared by:
<nixpkgs/nixos/modules/services/networking/charybdis.nix>
- services.charybdis.motd
Charybdis MOTD text.
Charybdis will read its MOTD from /etc/charybdis/ircd.motd . If set, the value of this option will be written to this path.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/charybdis.nix>
- services.charybdis.statedir
Location of the state directory of charybdis.
Type: path
Default: "/var/lib/charybdis"
Declared by:
<nixpkgs/nixos/modules/services/networking/charybdis.nix>
- services.charybdis.user
Charybdis IRC daemon user.
Type: string
Default: "ircd"
Declared by:
<nixpkgs/nixos/modules/services/networking/charybdis.nix>
- services.chrony.enable
Whether to synchronise your machine's time using chrony. Make sure you disable NTP if you enable this service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
- services.chrony.enableNTS
Whether to enable Network Time Security authentication. Make sure it is supported by your selected NTP server(s).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
- services.chrony.package
Which chrony package to use.
Type: package
Default: pkgs.chrony
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
- services.chrony.directory
Directory where chrony state is stored.
Type: string
Default: "/var/lib/chrony"
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
- services.chrony.extraConfig
Extra configuration directives that should be added to chrony.conf
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
- services.chrony.extraFlags
Extra flags passed to the chronyd command.
Type: list of strings
Default: [ ]
Example: [ "-s" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
- services.chrony.initstepslew.enabled
Allow chronyd to make a rapid measurement of the system clock error at boot time, and to correct the system clock by stepping before normal operation begins.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
- services.chrony.initstepslew.threshold
The threshold of system clock error (in seconds) above which the clock will be stepped. If the correction required is less than the threshold, a slew is used instead.
Type: floating point number or signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
- services.chrony.serverOption
Set option for server directives.
Use "iburst" to rapidly poll on startup. Recommended if your machine is consistently online.
Use "offline" to prevent polling on startup. Recommended if your machine boots offline or is otherwise frequently offline.
Type: one of "iburst", "offline"
Default: "iburst"
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
- services.chrony.servers
The set of NTP servers from which to synchronise.
Type: list of strings
Default: [ "0.nixos.pool.ntp.org" "1.nixos.pool.ntp.org" "2.nixos.pool.ntp.org" "3.nixos.pool.ntp.org" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
- services.cinnamon.apps.enable
Whether to enable Cinnamon default applications.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/cinnamon.nix>
- services.cjdns.enable
Whether to enable the cjdns network encryption and routing engine. A file at /etc/cjdns.keys will be created if it does not exist to contain a random secret key that your IPv6 address will be derived from.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
- services.cjdns.ETHInterface.beacon
Auto-connect to other cjdns nodes on the same network. Options: 0: Disabled. 1: Accept beacons, this will cause cjdns to accept incoming beacon messages and try connecting to the sender. 2: Accept and send beacons, this will cause cjdns to broadcast messages on the local network which contain a randomly generated per-session password, other nodes which have this set to 1 or 2 will hear the beacon messages and connect automatically.
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
- services.cjdns.ETHInterface.bind
Bind to this device for native ethernet operation. all is a pseudo-name which will try to connect to all devices.
Type: string
Default: ""
Example: "eth0"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
- services.cjdns.ETHInterface.connectTo
Credentials for connecting look similar to UDP credientials except they begin with the mac address.
Type: attribute set of submodules
Default: { }
Example:
{ "01:02:03:04:05:06" = { hostname = "homer.hype"; password = "5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM"; publicKey = "371zpkgs8ss387tmr81q04mp0hg1skb51hw34vk1cq644mjqhup0.k"; }; }Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
- services.cjdns.ETHInterface.connectTo.<name>.hostname
Optional hostname to add to /etc/hosts; prevents reverse lookup failures.
Type: string
Default: ""
Example: "foobar.hype"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
- services.cjdns.ETHInterface.connectTo.<name>.login
(optional) name your peer has for you
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
- services.cjdns.ETHInterface.connectTo.<name>.password
Authorized password to the opposite end of the tunnel.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
- services.cjdns.ETHInterface.connectTo.<name>.peerName
(optional) human-readable name for peer
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
- services.cjdns.ETHInterface.connectTo.<name>.publicKey
Public key at the opposite end of the tunnel.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
- services.cjdns.UDPInterface.bind
Address and port to bind UDP tunnels to.
Type: string
Default: ""
Example: "192.168.1.32:43211"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
- services.cjdns.UDPInterface.connectTo
Credentials for making UDP tunnels.
Type: attribute set of submodules
Default: { }
Example:
{ "192.168.1.1:27313" = { hostname = "homer.hype"; password = "5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM"; publicKey = "371zpkgs8ss387tmr81q04mp0hg1skb51hw34vk1cq644mjqhup0.k"; }; }Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
- services.cjdns.UDPInterface.connectTo.<name>.hostname
Optional hostname to add to /etc/hosts; prevents reverse lookup failures.
Type: string
Default: ""
Example: "foobar.hype"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
- services.cjdns.UDPInterface.connectTo.<name>.login
(optional) name your peer has for you
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
- services.cjdns.UDPInterface.connectTo.<name>.password
Authorized password to the opposite end of the tunnel.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
- services.cjdns.UDPInterface.connectTo.<name>.peerName
(optional) human-readable name for peer
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
- services.cjdns.UDPInterface.connectTo.<name>.publicKey
Public key at the opposite end of the tunnel.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
- services.cjdns.addExtraHosts
Whether to add cjdns peers with an associated hostname to /etc/hosts. Beware that enabling this incurs heavy eval-time costs.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
- services.cjdns.admin.bind
Bind the administration port to this address and port.
Type: string
Default: "127.0.0.1:11234"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
- services.cjdns.authorizedPasswords
Any remote cjdns nodes that offer these passwords on connection will be allowed to route through this node.
Type: list of strings
Default: [ ]
Example: [ "snyrfgkqsc98qh1y4s5hbu0j57xw5s0" "z9md3t4p45mfrjzdjurxn4wuj0d8swv" "49275fut6tmzu354pq70sr5b95qq0vj" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
- services.cjdns.confFile
Ignore all other cjdns options and load configuration from this file.
Type: null or path
Default: null
Example: "/etc/cjdroute.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
- services.cjdns.extraConfig
Extra configuration, given as attrs, that will be merged recursively with the rest of the JSON generated by this module, at the root node.
Type: attribute set
Default: { }
Example: { router = { interface = { tunDevice = "tun10"; } ; } ; }
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
- services.clamav.daemon.enable
Whether to enable ClamAV clamd daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
- services.clamav.daemon.settings
ClamAV configuration. Refer to https://linux.die.net/man/5/clamd.conf, for details on supported values.
Type: attribute set of boolean or signed integer or string or list of stringss
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
- services.clamav.updater.enable
Whether to enable ClamAV freshclam updater.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
- services.clamav.updater.frequency
Number of database checks per day.
Type: signed integer
Default: 12
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
- services.clamav.updater.interval
How often freshclam is invoked. See systemd.time(7) for more information about the format.
Type: string
Default: "hourly"
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
- services.clamav.updater.settings
freshclam configuration. Refer to https://linux.die.net/man/5/freshclam.conf, for details on supported values.
Type: attribute set of boolean or signed integer or string or list of stringss
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
- services.clamsmtp.enable
Whether to enable clamsmtp.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
- services.clamsmtp.instances
Instances of clamsmtp to run.
Type: list of submodules
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
- services.clamsmtp.instances.*.action
Action to take when a virus is detected.
Note that viruses often spoof sender addresses, so bouncing is in most cases not a good idea.
Type: one of "bounce", "drop", "pass"
Default: "drop"
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
- services.clamsmtp.instances.*.header
A header to add to scanned messages. See clamsmtpd.conf(5) for more details. Empty means no header.
Type: string
Default: ""
Example: "X-Virus-Scanned: ClamAV using ClamSMTP"
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
- services.clamsmtp.instances.*.keepAlives
Number of seconds to wait between each NOOP sent to the sending server. 0 to disable.
This is meant for slow servers where the sending MTA times out waiting for clamd to scan the file.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
- services.clamsmtp.instances.*.listen
Address to wait for incoming SMTP connections on. See clamsmtpd.conf(5) for more details.
Type: string
Example: "127.0.0.1:10025"
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
- services.clamsmtp.instances.*.maxConnections
Maximum number of connections to accept at once.
Type: signed integer
Default: 64
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
- services.clamsmtp.instances.*.outAddress
Address of the SMTP server to send email to once it has been scanned.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
- services.clamsmtp.instances.*.quarantine
Whether to quarantine files that contain viruses by leaving them in the temporary directory.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
- services.clamsmtp.instances.*.tempDirectory
Temporary directory that needs to be accessible to both clamd and clamsmtpd.
Type: string
Default: "/tmp"
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
- services.clamsmtp.instances.*.timeout
Time-out for network connections.
Type: signed integer
Default: 180
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
- services.clamsmtp.instances.*.transparentProxy
Enable clamsmtp's transparent proxy support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
- services.clamsmtp.instances.*.virusAction
Command to run when a virus is found. Please see VIRUS ACTION in clamsmtpd(8) for a discussion of this option and its safe use.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
- services.clamsmtp.instances.*.xClient
Send the XCLIENT command to the receiving server, for forwarding client addresses and connection information if the receiving server supports this feature.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
- services.clickhouse.enable
Whether to enable ClickHouse database server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/clickhouse.nix>
- services.clickhouse.package
ClickHouse package to use.
Type: package
Default: "pkgs.clickhouse"
Declared by:
<nixpkgs/nixos/modules/services/databases/clickhouse.nix>
- services.clight.enable
Whether to enable clight or not.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/clight.nix>
- services.clight.settings
Additional configuration to extend clight.conf. See https://github.com/FedeDP/Clight/blob/master/Extra/clight.conf for a sample configuration file.
Type: attribute set of null or signed integer or string or boolean or floating point number or list of signed integer or string or boolean or floating point numbers or attribute set of signed integer or string or boolean or floating point number or list of signed integer or string or boolean or floating point numbersss
Default: { }
Example: { ac_capture_timeouts = [ 120 300 60 ] ; captures = 20; gamma_long_transition = true; }
Declared by:
<nixpkgs/nixos/modules/services/x11/clight.nix>
- services.clight.temperature.day
Colour temperature to use during the day, between 1000 and 25000 K.
Type: signed integer
Default: 5500
Declared by:
<nixpkgs/nixos/modules/services/x11/clight.nix>
- services.clight.temperature.night
Colour temperature to use at night, between 1000 and 25000 K.
Type: signed integer
Default: 3700
Declared by:
<nixpkgs/nixos/modules/services/x11/clight.nix>
- services.clipcat.enable
Whether to enable Clipcat clipboard daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/clipcat.nix>
- services.clipcat.package
clipcat derivation to use.
Type: package
Default: pkgs.clipcat
Declared by:
<nixpkgs/nixos/modules/services/misc/clipcat.nix>
- services.clipmenu.enable
Whether to enable clipmenu, the clipboard management daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/clipmenu.nix>
- services.clipmenu.package
clipmenu derivation to use.
Type: package
Default: pkgs.clipmenu
Declared by:
<nixpkgs/nixos/modules/services/misc/clipmenu.nix>
- services.cloud-init.enable
Enable the cloud-init service. This services reads configuration metadata in a cloud environment and configures the machine according to this metadata.
This configuration is not completely compatible with the NixOS way of doing configuration, as configuration done by cloud-init might be overriden by a subsequent nixos-rebuild call. However, some parts of cloud-init fall outside of NixOS's responsibility, like filesystem resizing and ssh public key provisioning, and cloud-init is useful for that parts. Thus, be wary that using cloud-init in NixOS might come as some cost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/system/cloud-init.nix>
- services.cloud-init.btrfs.enable
Allow the cloud-init service to operate `btrfs` filesystem.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/system/cloud-init.nix>
- services.cloud-init.config
cloud-init configuration.
Type: string
Default:
'' system_info: distro: nixos users: - root disable_root: false preserve_hostname: false cloud_init_modules: - migrator - seed_random - bootcmd - write-files - growpart - resizefs - update_etc_hosts - ca-certs - rsyslog - users-groups cloud_config_modules: - disk_setup - mounts - ssh-import-id - set-passwords - timezone - disable-ec2-metadata - runcmd - ssh cloud_final_modules: - rightscale_userdata - scripts-vendor - scripts-per-once - scripts-per-boot - scripts-per-instance - scripts-user - ssh-authkey-fingerprints - keys-to-console - phone-home - final-message - power-state-change ''
Declared by:
<nixpkgs/nixos/modules/services/system/cloud-init.nix>
- services.cloud-init.ext4.enable
Allow the cloud-init service to operate `ext4` filesystem.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/system/cloud-init.nix>
- services.cntlm.enable
Whether to enable cntlm, which starts a local proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
- services.cntlm.configText
Verbatim contents of cntlm.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
- services.cntlm.domain
Proxy account domain/workgroup name.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
- services.cntlm.extraConfig
Additional config appended to the end of the generated cntlm.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
- services.cntlm.netbios_hostname
The hostname of your machine.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
- services.cntlm.noproxy
A list of domains where the proxy is skipped.
Type: list of strings
Default: [ ]
Example: [ "*.example.com" "example.com" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
- services.cntlm.password
Proxy account password. Note: use chmod 0600 on /etc/cntlm.password for security.
Type: string
Default: "/etc/cntlm.password"
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
- services.cntlm.port
Specifies on which ports the cntlm daemon listens.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)s
Default: [ 3128 ]
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
- services.cntlm.proxy
A list of NTLM/NTLMv2 authenticating HTTP proxies.
Parent proxy, which requires authentication. The same as proxy on the command-line, can be used more than once to specify unlimited number of proxies. Should one proxy fail, cntlm automatically moves on to the next one. The connect request fails only if the whole list of proxies is scanned and (for each request) and found to be invalid. Command-line takes precedence over the configuration file.
Type: list of strings
Example: [ "proxy.example.com:81" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
- services.cntlm.username
Proxy account name, without the possibility to include domain name ('at' sign is interpreted literally).
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
- services.cockroachdb.enable
Whether to enable CockroachDB Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
- services.cockroachdb.package
The CockroachDB derivation to use for running the service.
This would primarily be useful to enable Enterprise Edition features in your own custom CockroachDB build (Nixpkgs CockroachDB binaries only contain open source features and open source code).
Type: package
Default: pkgs.cockroachdb
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
- services.cockroachdb.cache
The total size for caches.
This can be a percentage, expressed with a fraction sign or as a decimal-point number, or any bytes-based unit. For example, "25%", "0.25" both represent 25% of the available system memory. The values "1000000000" and "1GB" both represent 1 gigabyte of memory.
Type: string
Default: "25%"
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
- services.cockroachdb.certsDir
The path to the certificate directory.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
- services.cockroachdb.group
User account under which CockroachDB runs
Type: string
Default: "cockroachdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
- services.cockroachdb.http.address
Address to bind to for http-based Admin UI
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
- services.cockroachdb.http.port
Port to bind to for http-based Admin UI
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
- services.cockroachdb.insecure
Run in insecure mode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
- services.cockroachdb.join
The addresses for connecting the node to a cluster.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
- services.cockroachdb.listen.address
Address to bind to for intra-cluster communication
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
- services.cockroachdb.listen.port
Port to bind to for intra-cluster communication
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 26257
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
- services.cockroachdb.locality
An ordered, comma-separated list of key-value pairs that describe the topography of the machine. Topography might include country, datacenter or rack designations. Data is automatically replicated to maximize diversities of each tier. The order of tiers is used to determine the priority of the diversity, so the more inclusive localities like country should come before less inclusive localities like datacenter. The tiers and order must be the same on all nodes. Including more tiers is better than including fewer. For example:
country=us,region=us-west,datacenter=us-west-1b,rack=12 country=ca,region=ca-east,datacenter=ca-east-2,rack=4 planet=earth,province=manitoba,colo=secondary,power=3
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
- services.cockroachdb.maxSqlMemory
The maximum in-memory storage capacity available to store temporary data for SQL queries.
This can be a percentage, expressed with a fraction sign or as a decimal-point number, or any bytes-based unit. For example, "25%", "0.25" both represent 25% of the available system memory. The values "1000000000" and "1GB" both represent 1 gigabyte of memory.
Type: string
Default: "25%"
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
- services.cockroachdb.openPorts
Open firewall ports for cluster communication by default
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
- services.cockroachdb.user
User account under which CockroachDB runs
Type: string
Default: "cockroachdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
- services.code-server.enable
Whether to enable code-server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
- services.code-server.package
Which code-server derivation to use.
Type: package
Default: "pkgs.code-server"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
- services.code-server.auth
The type of authentication to use.
Type: one of "none", "password"
Default: "password"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
- services.code-server.extraArguments
Additional arguments that passed to code-server
Type: list of strings
Default: [ "--disable-telemetry" ]
Example: ''[ "--verbose" ]''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
- services.code-server.extraEnvironment
Additional environment variables to passed to code-server.
Type: attribute set of strings
Default: { }
Example: { PKG_CONFIG_PATH = "/run/current-system/sw/lib/pkgconfig"; }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
- services.code-server.extraGroups
An array of additional groups for the code-server user.
Type: list of strings
Default: [ ]
Example: [ "docker" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
- services.code-server.extraPackages
Packages that are available in the PATH of code-server.
Type: list of packages
Default: [ ]
Example: "[ pkgs.go ]"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
- services.code-server.group
The group to run code-server under. By default, a group named code-server will be created.
Type: string
Default: "code-server"
Example: "yourGroup"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
- services.code-server.hashedPassword
Create the password with: 'echo -n 'thisismypassword' | npx argon2-cli -e'.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
- services.code-server.host
The host-ip to bind to.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
- services.code-server.port
The port where code-server runs.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 4444
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
- services.code-server.user
The user to run code-server as. By default, a user named code-server will be created.
Type: string
Default: "code-server"
Example: "yourUser"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
- services.collectd.enable
Whether to enable collectd agent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
- services.collectd.package
Which collectd package to use.
Type: package
Default: pkgs.collectd
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
- services.collectd.autoLoadPlugin
Enable plugin autoloading.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
- services.collectd.buildMinimalPackage
Build a minimal collectd package with only the configured `services.collectd.plugins`
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
- services.collectd.dataDir
Data directory for collectd agent.
Type: path
Default: "/var/lib/collectd"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
- services.collectd.extraConfig
Extra configuration for collectd.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
- services.collectd.include
Additional paths to load config from.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
- services.collectd.plugins
Attribute set of plugin names to plugin config segments
Type: attribute set of strings concatenated with "\n"s
Default: { }
Example: { cpu = ""; memory = ""; network = "Server 192.168.1.1 25826"; }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
- services.collectd.user
User under which to run collectd.
Type: null or string
Default: "collectd"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
- services.colord.enable
Whether to enable colord, the color management daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/colord.nix>
- services.compton
Alias of services.picom.
Type: submodule
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
- services.confd.enable
Whether to enable confd service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
- services.confd.package
Confd package to use.
Type: package
Default: pkgs.confd
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
- services.confd.backend
Confd config storage backend to use.
Type: one of "etcd", "consul", "redis", "zookeeper"
Default: "etcd"
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
- services.confd.confDir
The path to the confd configs.
Type: path
Default: "/etc/confd"
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
- services.confd.interval
Confd check interval.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
- services.confd.logLevel
Confd log level.
Type: one of "info", "debug"
Default: "info"
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
- services.confd.nodes
Confd list of nodes to connect to.
Type: list of strings
Default: [ "http://127.0.0.1:2379" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
- services.confd.prefix
The string to prefix to keys.
Type: path
Default: "/"
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
- services.confd.watch
Confd, whether to watch etcd config for changes.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
- services.confluence.enable
Whether to enable Atlassian Confluence service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
- services.confluence.package
Atlassian Confluence package to use.
Type: package
Default: pkgs.atlassian-confluence
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
- services.confluence.catalinaOptions
Java options to pass to catalina/tomcat.
Type: list of strings
Default: [ ]
Example: [ "-Xms1024m" "-Xmx2048m" "-Dconfluence.disable.peopledirectory.all=true" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
- services.confluence.group
Group which runs confluence.
Type: string
Default: "confluence"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
- services.confluence.home
Home directory of the confluence instance.
Type: string
Default: "/var/lib/confluence"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
- services.confluence.jrePackage
Note that Atlassian only support the Oracle JRE (JRASERVER-46152).
Type: package
Default: pkgs.oraclejre8
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
- services.confluence.listenAddress
Address to listen on.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
- services.confluence.listenPort
Port to listen on.
Type: signed integer
Default: 8090
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
- services.confluence.proxy.enable
Whether to enable proxy support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
- services.confluence.proxy.name
Virtual hostname at the proxy
Type: string
Example: "confluence.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
- services.confluence.proxy.port
Port used at the proxy
Type: signed integer
Default: 443
Example: 80
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
- services.confluence.proxy.scheme
Protocol used at the proxy.
Type: string
Default: "https"
Example: "http"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
- services.confluence.sso.enable
Whether to enable SSO with Atlassian Crowd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
- services.confluence.sso.applicationName
Exact name of this Confluence instance in Crowd
Type: string
Example: "jira"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
- services.confluence.sso.applicationPassword
Application password of this Confluence instance in Crowd
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
- services.confluence.sso.crowd
Crowd Base URL without trailing slash
Type: string
Example: "http://localhost:8095/crowd"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
- services.confluence.sso.validationInterval
Set to 0, if you want authentication checks to occur on each request. Otherwise set to the number of minutes between request to validate if the user is logged in or out of the Crowd SSO server. Setting this value to 1 or higher will increase the performance of Crowd's integration.
Type: signed integer
Default: 2
Example: 0
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
- services.confluence.user
User which runs confluence.
Type: string
Default: "confluence"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
- services.connman.enable
Whether to use ConnMan for managing your network connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
- services.connman.enableVPN
Whether to enable ConnMan VPN service.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
- services.connman.package
The connman package / build flavor
Type: package
Default: pkgs.connman
Example: pkgs.connmanFull
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
- services.connman.extraConfig
Configuration lines appended to the generated connman configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
- services.connman.extraFlags
Extra flags to pass to connmand
Type: list of strings
Default: [ ]
Example: [ "--nodnsproxy" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
- services.connman.networkInterfaceBlacklist
Default blacklisted interfaces, this includes NixOS containers interfaces (ve).
Type: list of strings
Default: [ "vmnet" "vboxnet" "virbr" "ifb" "ve" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
- services.connman.wifi.backend
Specify the Wi-Fi backend used. Currently supported are wpa_supplicant or iwd.
Type: one of "wpa_supplicant", "iwd"
Default: "wpa_supplicant"
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
- services.consul.enable
Enables the consul daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
- services.consul.package
The package used for the Consul agent and CLI.
Type: package
Default: pkgs.consul
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
- services.consul.alerts.enable
Whether to enable consul-alerts.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
- services.consul.alerts.package
Package to use for consul-alerts.
Type: package
Default: pkgs.consul-alerts
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
- services.consul.alerts.consulAddr
Consul api listening adddress
Type: string
Default: "localhost:8500"
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
- services.consul.alerts.listenAddr
Api listening address.
Type: string
Default: "localhost:9000"
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
- services.consul.alerts.watchChecks
Whether to enable check watcher.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
- services.consul.alerts.watchEvents
Whether to enable event watcher.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
- services.consul.dropPrivileges
Whether the consul agent should be run as a non-root consul user.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
- services.consul.extraConfig
Extra configuration options which are serialized to json and added to the config.json file.
Type: attribute set of anythings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
- services.consul.extraConfigFiles
Additional configuration files to pass to consul NOTE: These will not trigger the service to be restarted when altered.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
- services.consul.forceIpv4
Whether we should force the interfaces to only pull ipv4 addresses.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
- services.consul.interface.advertise
The name of the interface to pull the advertise_addr from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
- services.consul.interface.bind
The name of the interface to pull the bind_addr from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
- services.consul.leaveOnStop
If enabled, causes a leave action to be sent when closing consul. This allows a clean termination of the node, but permanently removes it from the cluster. You probably don't want this option unless you are running a node which going offline in a permanent / semi-permanent fashion.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
- services.consul.webUi
Enables the web interface on the consul http port.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
- services.convos.enable
Whether to enable Convos.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/convos.nix>
- services.convos.listenAddress
Address or host the web interface should listen on
Type: string
Default: "*"
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/convos.nix>
- services.convos.listenPort
Port the web interface should listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Example: 8080
Declared by:
<nixpkgs/nixos/modules/services/web-apps/convos.nix>
- services.convos.reverseProxy
Enables reverse proxy support. This will allow Convos to automatically pick up the X-Forwarded-For and X-Request-Base HTTP headers set in your reverse proxy web server. Note that enabling this option without a reverse proxy in front will be a security issue.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/convos.nix>
- services.coredns.enable
Whether to enable Coredns dns server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/coredns.nix>
- services.coredns.package
Coredns package to use.
Type: package
Default: pkgs.coredns
Declared by:
<nixpkgs/nixos/modules/services/networking/coredns.nix>
- services.coredns.config
Verbatim Corefile to use. See https://coredns.io/manual/toc/#configuration for details.
Type: strings concatenated with "\n"
Default: ""
Example:
'' . { whoami } ''Declared by:
<nixpkgs/nixos/modules/services/networking/coredns.nix>
- services.corerad.enable
Whether to enable CoreRAD IPv6 NDP RA daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/corerad.nix>
- services.corerad.package
CoreRAD package to use.
Type: package
Default: pkgs.corerad
Declared by:
<nixpkgs/nixos/modules/services/networking/corerad.nix>
- services.corerad.configFile
Path to CoreRAD TOML configuration file.
Type: path
Example: "${pkgs.corerad}/etc/corerad/corerad.toml"
Declared by:
<nixpkgs/nixos/modules/services/networking/corerad.nix>
- services.corerad.settings
Configuration for CoreRAD, see https://github.com/mdlayher/corerad/blob/main/internal/config/reference.toml for supported values. Ignored if configFile is set.
Type: TOML value
Example:
{ interfaces = [ # eth0 is an upstream interface monitoring for IPv6 router advertisements. { name = "eth0"; monitor = true; } # eth1 is a downstream interface advertising IPv6 prefixes for SLAAC. { name = "eth1"; advertise = true; prefix = [{ prefix = "::/64"; }]; } ]; # Optionally enable Prometheus metrics. debug = { address = "localhost:9430"; prometheus = true; }; }Declared by:
<nixpkgs/nixos/modules/services/networking/corerad.nix>
- services.coturn.enable
Whether to enable coturn TURN server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.alt-listening-port
Alternative listening port for UDP and TCP listeners; default (or zero) value means "listening port plus one". This is needed for RFC 5780 support (STUN extension specs, NAT behavior discovery). The TURN Server supports RFC 5780 only if it is started with more than one listening IP address of the same family (IPv4 or IPv6). RFC 5780 is supported only by UDP protocol, other protocols are listening to that endpoint only for "symmetry".
Type: signed integer
Default: listening-port + 1
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.alt-tls-listening-port
Alternative listening port for TLS and DTLS protocols.
Type: signed integer
Default: tls-listening-port + 1
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.cert
Certificate file in PEM format.
Type: null or string
Default: null
Example: "/var/lib/acme/example.com/fullchain.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.cli-ip
Local system IP address to be used for CLI server endpoint.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.cli-password
CLI access password. For the security reasons, it is recommended to use the encrypted for of the password (see the -P command in the turnadmin utility).
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.cli-port
CLI server port.
Type: signed integer
Default: 5766
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.dh-file
Use custom DH TLS key, stored in PEM format in the file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.extraConfig
Additional configuration options
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.listening-ips
Listener IP addresses of relay server. If no IP(s) specified in the config file or in the command line options, then all IPv4 and IPv6 system IPs will be used for listening.
Type: list of strings
Default: [ ]
Example: [ "203.0.113.42" "2001:DB8::42" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.listening-port
TURN listener port for UDP and TCP. Note: actually, TLS and DTLS sessions can connect to the "plain" TCP and UDP port(s), too - if allowed by configuration.
Type: signed integer
Default: 3478
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.lt-cred-mech
Use long-term credential mechanism.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.max-port
Upper bound of UDP relay endpoints
Type: signed integer
Default: 65535
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.min-port
Lower bound of UDP relay endpoints
Type: signed integer
Default: 49152
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.no-auth
This option is opposite to lt-cred-mech. (TURN Server with no-auth option allows anonymous access). If neither option is defined, and no users are defined, then no-auth is default. If at least one user is defined, in this file or in command line or in usersdb file, then lt-cred-mech is default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.no-cli
Turn OFF the CLI support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.no-dtls
Disable DTLS client listener
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.no-tcp
Disable TCP client listener
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.no-tcp-relay
Disable TCP relay endpoints
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.no-tls
Disable TLS client listener
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.no-udp
Disable UDP client listener
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.no-udp-relay
Disable UDP relay endpoints
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.pkey
Private key file in PEM format.
Type: null or string
Default: null
Example: "/var/lib/acme/example.com/key.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.realm
The default realm to be used for the users when no explicit origin/realm relationship was found in the database, or if the TURN server is not using any database (just the commands-line settings and the userdb file). Must be used with long-term credentials mechanism or with TURN REST API.
Type: string
Default: "nixos"
Example: "example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.relay-ips
Relay address (the local IP address that will be used to relay the packets to the peer). Multiple relay addresses may be used. The same IP(s) can be used as both listening IP(s) and relay IP(s).
If no relay IP(s) specified, then the turnserver will apply the default policy: it will decide itself which relay addresses to be used, and it will always be using the client socket IP address as the relay IP address of the TURN session (if the requested relay address family is the same as the family of the client socket).
Type: list of strings
Default: [ ]
Example: [ "203.0.113.42" "2001:DB8::42" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.secure-stun
Require authentication of the STUN Binding request. By default, the clients are allowed anonymous access to the STUN Binding functionality.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
services.coturn.static-auth-secret
'Static' authentication secret value (a string) for TURN REST API only. If not set, then the turn server will try to use the 'dynamic' value in turn_secret table in user database (if present). The database-stored value can be changed on-the-fly by a separate program, so this is why that other mode is 'dynamic'.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.static-auth-secret-file
Path to the file containing the static authentication secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.tls-listening-port
TURN listener port for TLS. Note: actually, "plain" TCP and UDP sessions can connect to the TLS and DTLS port(s), too - if allowed by configuration. The TURN server "automatically" recognizes the type of traffic. Actually, two listening endpoints (the "plain" one and the "tls" one) are equivalent in terms of functionality; but we keep both endpoints to satisfy the RFC 5766 specs. For secure TCP connections, we currently support SSL version 3 and TLS version 1.0, 1.1 and 1.2. For secure UDP connections, we support DTLS version 1.
Type: signed integer
Default: 5349
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.coturn.use-auth-secret
TURN REST API flag. Flag that sets a special authorization option that is based upon authentication secret. This feature can be used with the long-term authentication mechanism, only. This feature purpose is to support "TURN Server REST API", see "TURN REST API" link in the project's page https://github.com/coturn/coturn/
This option is used with timestamp:
usercombo -> "timestamp:userid" turn user -> usercombo turn password -> base64(hmac(secret key, usercombo))
This allows TURN credentials to be accounted for a specific user id. If you don't have a suitable id, the timestamp alone can be used. This option is just turning on secret-based authentication. The actual value of the secret is defined either by option static-auth-secret, or can be found in the turn_secret table in the database.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
- services.couchdb.enable
Whether to run CouchDB Server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
- services.couchdb.package
CouchDB package to use.
Type: package
Default: pkgs.couchdb
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
- services.couchdb.adminPass
Couchdb (i.e. fauxton) account with permission for all dbs and tasks.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
- services.couchdb.adminUser
Couchdb (i.e. fauxton) account with permission for all dbs and tasks.
Type: string
Default: "admin"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
- services.couchdb.bindAddress
Defines the IP address by which CouchDB will be accessible.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
- services.couchdb.configFile
Configuration file for persisting runtime changes. File needs to be readable and writable from couchdb user/group.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
- services.couchdb.databaseDir
Specifies location of CouchDB database files (*.couch named). This location should be writable and readable for the user the CouchDB service runs as (couchdb by default).
Type: path
Default: "/var/lib/couchdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
- services.couchdb.extraConfig
Extra configuration. Overrides any other cofiguration.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
- services.couchdb.group
Group account under which couchdb runs.
Type: string
Default: "couchdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
- services.couchdb.logFile
Specifies the location of file for logging output.
Type: path
Default: "/var/log/couchdb.log"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
- services.couchdb.port
Defined the port number to listen.
Type: signed integer
Default: 5984
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
- services.couchdb.uriFile
This file contains the full URI that can be used to access this instance of CouchDB. It is used to help discover the port CouchDB is running on (if it was set to 0 (e.g. automatically assigned any free one). This file should be writable and readable for the user that runs the CouchDB service (couchdb by default).
Type: path
Default: "/run/couchdb/couchdb.uri"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
- services.couchdb.user
User account under which couchdb runs.
Type: string
Default: "couchdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
- services.couchdb.viewIndexDir
Specifies location of CouchDB view index files. This location should be writable and readable for the user that runs the CouchDB service (couchdb by default).
Type: path
Default: "/var/lib/couchdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
- services.couchpotato.enable
Whether to enable CouchPotato Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/couchpotato.nix>
- services.cpuminer-cryptonight.enable
Whether to enable the cpuminer cryptonight miner.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
- services.cpuminer-cryptonight.pass
Password for mining server
Type: string
Default: "x"
Declared by:
<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
- services.cpuminer-cryptonight.threads
Number of miner threads, defaults to available processors
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
- services.cpuminer-cryptonight.url
URL of mining server
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
- services.cpuminer-cryptonight.user
Username for mining server
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
- services.cpupower-gui.enable
Enables dbus/systemd service needed by cpupower-gui. These services are responsible for retrieving and modifying cpu power saving settings.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/cpupower-gui.nix>
- services.croc.enable
Whether to enable croc relay.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/croc.nix>
- services.croc.debug
Whether to enable debug logs.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/croc.nix>
- services.croc.openFirewall
Whether to enable opening of the peer port(s) in the firewall.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/croc.nix>
- services.croc.pass
Password or passwordfile for the relay.
Type: path or string
Default: "pass123"
Declared by:
<nixpkgs/nixos/modules/services/networking/croc.nix>
- services.croc.ports
Ports of the relay.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)s
Default: [ 9009 9010 9011 9012 9013 ]
Declared by:
<nixpkgs/nixos/modules/services/networking/croc.nix>
- services.cron.enable
Whether to enable the Vixie cron daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/scheduling/cron.nix>
- services.cron.cronFiles
A list of extra crontab files that will be read and appended to the main crontab file when the cron service starts.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/scheduling/cron.nix>
- services.cron.mailto
Email address to which job output will be mailed.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/scheduling/cron.nix>
- services.cron.systemCronJobs
A list of Cron jobs to be appended to the system-wide crontab. See the manual page for crontab for the expected format. If you want to get the results mailed you must setuid sendmail. See security.wrappers
If neither /var/cron/cron.deny nor /var/cron/cron.allow exist only root is allowed to have its own crontab file. The /var/cron/cron.deny file is created automatically for you, so every user can use a crontab.
Many nixos modules set systemCronJobs, so if you decide to disable vixie cron and enable another cron daemon, you may want it to get its system crontab based on systemCronJobs.
Type: list of strings
Default: [ ]
Example:
[ "* * * * * test ls -l / > /tmp/cronout 2>&1" "* * * * * eelco echo Hello World > /home/eelco/cronout" ]
Declared by:
<nixpkgs/nixos/modules/services/scheduling/cron.nix>
- services.crossfire-server.enable
If enabled, the Crossfire game server will be started at boot.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/crossfire-server.nix>
- services.crossfire-server.package
The package to use for the Crossfire server (and map/arch data, if you don't change dataDir).
Type: package
Default: pkgs.crossfire-server
Declared by:
<nixpkgs/nixos/modules/services/games/crossfire-server.nix>
- services.crossfire-server.configFiles
Text to append to the corresponding configuration files. Note that the files given in the example are *not* the complete set of files available to customize; look in /etc/crossfire after enabling the server to see the available files, and read the comments in each file for detailed documentation on the format and what settings are available.
Note that the motd, rules, and news files, if configured here, will overwrite the example files that come with the server, rather than being appended to them as the other configuration files are.
Type: attribute set of strings
Default: { }
Example:
{ dm_file = '' admin:secret_password:localhost jane:xyzzy:* ''; ban_file = '' # Bob is a jerk bob@* # So is everyone on 192.168.86.255/24 *@192.168.86. ''; metaserver2 = '' metaserver2_notification on localhostname crossfire.example.net ''; motd = "Welcome to CrossFire!"; news = "No news yet."; rules = "Don't be a jerk."; settings = '' # be nicer to newbies and harsher to experienced players balanced_stat_loss true # don't let players pick up and use admin-created items real_wiz false ''; }Declared by:
<nixpkgs/nixos/modules/services/games/crossfire-server.nix>
- services.crossfire-server.dataDir
Where to load readonly data from -- maps, archetypes, treasure tables, and the like. If you plan to edit the data on the live server (rather than overlaying the crossfire-maps and crossfire-arch packages and nixos-rebuilding), point this somewhere read-write and copy the data there before starting the server.
Type: string
Default: "${config.services.crossfire.package}/share/crossfire"
Declared by:
<nixpkgs/nixos/modules/services/games/crossfire-server.nix>
- services.crossfire-server.openFirewall
Whether to open ports in the firewall for the server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/crossfire-server.nix>
- services.crossfire-server.stateDir
Where to store runtime data (save files, persistent items, etc).
If left at the default, this will be automatically created on server startup if it does not already exist. If changed, it is the admin's responsibility to make sure that the directory exists and is writeable by the `crossfire` user.
Type: string
Default: "/var/lib/crossfire"
Declared by:
<nixpkgs/nixos/modules/services/games/crossfire-server.nix>
- services.crowd.enable
Whether to enable Atlassian Crowd service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
- services.crowd.package
Atlassian Crowd package to use.
Type: package
Default: pkgs.atlassian-crowd
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
- services.crowd.catalinaOptions
Java options to pass to catalina/tomcat.
Type: list of strings
Default: [ ]
Example: [ "-Xms1024m" "-Xmx2048m" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
- services.crowd.group
Group which runs Crowd.
Type: string
Default: "crowd"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
- services.crowd.home
Home directory of the Crowd instance.
Type: string
Default: "/var/lib/crowd"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
- services.crowd.jrePackage
Note that Atlassian only support the Oracle JRE (JRASERVER-46152).
Type: package
Default: pkgs.oraclejre8
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
- services.crowd.listenAddress
Address to listen on.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
- services.crowd.listenPort
Port to listen on.
Type: signed integer
Default: 8092
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
- services.crowd.openidPassword
Application password for OpenID server.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
- services.crowd.proxy.enable
Whether to enable reverse proxy support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
- services.crowd.proxy.name
Virtual hostname at the proxy
Type: string
Example: "crowd.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
- services.crowd.proxy.port
Port used at the proxy
Type: signed integer
Default: 443
Example: 80
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
- services.crowd.proxy.scheme
Protocol used at the proxy.
Type: string
Default: "https"
Example: "http"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
- services.crowd.proxy.secure
Whether the connections to the proxy should be considered secure.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
- services.crowd.user
User which runs Crowd.
Type: string
Default: "crowd"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
- services.cryptpad.enable
Whether to enable the Cryptpad service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cryptpad.nix>
- services.cryptpad.package
Cryptpad package to use.
Type: package
Default: pkgs.cryptpad
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cryptpad.nix>
- services.cryptpad.configFile
Path to the JavaScript configuration file.
See https://github.com/xwiki-labs/cryptpad/blob/master/config/config.example.js for a configuration example.
Type: path
Default: "${package}/lib/node_modules/cryptpad/config/config.example.js"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cryptpad.nix>
- services.dante.enable
Whether to enable Dante SOCKS proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/dante.nix>
- services.dante.config
Contents of Dante's configuration file. NOTE: user.privileged, user.unprivileged and logoutput are set by the service.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/networking/dante.nix>
- services.darkhttpd.enable
Whether to enable DarkHTTPd web server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/darkhttpd.nix>
- services.darkhttpd.address
Address to listen on. Pass `all` to listen on all interfaces.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/darkhttpd.nix>
- services.darkhttpd.extraArgs
Additional configuration passed to the executable.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/darkhttpd.nix>
- services.darkhttpd.hideServerId
Don't identify the server type in headers or directory listings.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/darkhttpd.nix>
- services.darkhttpd.port
Port to listen on. Pass 0 to let the system choose any free port for you.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 80
Declared by:
<nixpkgs/nixos/modules/services/web-servers/darkhttpd.nix>
- services.darkhttpd.rootDir
Path from which to serve files.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/web-servers/darkhttpd.nix>
- services.das_watchdog.enable
Whether to enable realtime watchdog.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/das_watchdog.nix>
- services.datadog-agent.enable
Whether to enable the datadog-agent v7 monitoring service
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
- services.datadog-agent.enableLiveProcessCollection
Whether to enable the live process collection agent.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
- services.datadog-agent.enableTraceAgent
Whether to enable the trace agent.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
- services.datadog-agent.package
Which DataDog v7 agent package to use. Note that the provided package is expected to have an overridable `pythonPackages`-attribute which configures the Python environment with the Datadog checks.
Type: package
Default: pkgs.datadog-agent
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
- services.datadog-agent.apiKeyFile
Path to a file containing the Datadog API key to associate the agent with your account.
Type: path
Example: "/run/keys/datadog_api_key"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
- services.datadog-agent.checks
Configuration for all Datadog checks. Keys of this attribute set will be used as the name of the check to create the appropriate configuration in `conf.d/$check.d/conf.yaml`.
The configuration is converted into JSON from the plain Nix language configuration, meaning that you should write configuration adhering to Datadog's documentation - but in Nix language.
Refer to the implementation of this module (specifically the definition of `defaultChecks`) for an example.
Note: The 'disk' and 'network' check are configured in separate options because they exist by default. Attempting to override their configuration here will have no effect.
Type: attribute set of attribute sets
Default: { }
Example: { http_check = { init_config = null; instances = [ { name = "some-service"; tags = [ "some-service" ] ; url = "http://localhost:1337/healthz"; } ] ; } ; }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
- services.datadog-agent.ddUrl
Custom dd_url to configure the agent with. Useful if traffic to datadog needs to go through a proxy. Don't use this to point to another datadog site (EU) - use site instead.
Type: null or string
Default: null
Example: "http://haproxy.example.com:3834"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
- services.datadog-agent.diskCheck
Disk check config
Type: attribute set
Default: { init_config = { } ; instances = [ { use_mount = "false"; } ] ; }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
- services.datadog-agent.extraConfig
Extra configuration options that will be merged into the main config file datadog.yaml.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
- services.datadog-agent.extraIntegrations
Extra integrations from the Datadog core-integrations repository that should be built and included.
By default the included integrations are disk, mongo, network, nginx and postgres.
To include additional integrations the name of the derivation and a function to filter its dependencies from the Python package set must be provided.
Type: attribute set
Default: { }
Example:
{ ntp = pythonPackages: [ pythonPackages.ntplib ]; }Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
- services.datadog-agent.hostname
The hostname to show in the Datadog dashboard (optional)
Type: null or string
Default: null
Example: "mymachine.mydomain"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
- services.datadog-agent.logLevel
Logging verbosity.
Type: null or one of "DEBUG", "INFO", "WARN", "ERROR"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
- services.datadog-agent.networkCheck
Network check config
Type: attribute set
Default: { init_config = { } ; instances = [ { collect_connection_state = false; excluded_interfaces = [ "lo" "lo0" ] ; } ] ; }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
- services.datadog-agent.site
The datadog site to point the agent towards. Set to datadoghq.eu to point it to their EU site.
Type: null or string
Default: null
Example: "datadoghq.eu"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
- services.datadog-agent.tags
The tags to mark this Datadog agent
Type: null or list of strings
Default: null
Example: [ "test" "service" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
- services.davfs2.enable
Whether to enable davfs2.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/davfs2.nix>
- services.davfs2.davGroup
The group of the running mount.davfs daemon. Ordinary users must be member of this group in order to mount a davfs2 file system. Value must be given as name, not as numerical id.
Type: string
Default: "davfs2"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/davfs2.nix>
- services.davfs2.davUser
When invoked by root the mount.davfs daemon will run as this user. Value must be given as name, not as numerical id.
Type: string
Default: "davfs2"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/davfs2.nix>
- services.davfs2.extraConfig
Extra lines appended to the configuration of davfs2.
Type: strings concatenated with "\n"
Default: ""
Example:
'' kernel_fs coda proxy foo.bar:8080 use_locks 0 ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/davfs2.nix>
- services.davmail.enable
Whether to enable davmail, an MS Exchange gateway.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/davmail.nix>
- services.davmail.config
Davmail configuration. Refer to http://davmail.sourceforge.net/serversetup.html and http://davmail.sourceforge.net/advanced.html for details on supported values.
Type: davmail config type (str, int, bool or attribute set thereof)
Default: { }
Example:
{ davmail.allowRemote = true; davmail.imapPort = 55555; davmail.bindAddress = "10.0.1.2"; davmail.smtpSaveInSent = true; davmail.folderSizeLimit = 10; davmail.caldavAutoSchedule = false; log4j.logger.rootLogger = "DEBUG"; }Declared by:
<nixpkgs/nixos/modules/services/mail/davmail.nix>
- services.davmail.url
Outlook Web Access URL to access the exchange server, i.e. the base webmail URL.
Type: string
Example: "https://outlook.office365.com/EWS/Exchange.asmx"
Declared by:
<nixpkgs/nixos/modules/services/mail/davmail.nix>
- services.dbus.packages
Packages whose D-Bus configuration files should be included in the configuration of the D-Bus system-wide or session-wide message bus. Specifically, files in the following directories will be included into their respective DBus configuration paths: pkg/etc/dbus-1/system.d pkg/share/dbus-1/system.d pkg/share/dbus-1/system-services pkg/etc/dbus-1/session.d pkg/share/dbus-1/session.d pkg/share/dbus-1/services
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/system/dbus.nix>
- services.dbus.apparmor
AppArmor mode for dbus.
enabled enables mediation when it's supported in the kernel, disabled always disables AppArmor even with kernel support, and required fails when AppArmor was not found in the kernel.
Type: one of "enabled", "disabled", "required"
Default: "disabled"
Declared by:
<nixpkgs/nixos/modules/services/system/dbus.nix>
- services.dd-agent.enable
Whether to enable the dd-agent v5 monitoring service. For datadog-agent v6, see services.datadog-agent.enable.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/dd-agent/dd-agent.nix>
- services.dd-agent.api_key
The Datadog API key to associate the agent with your account.
Warning: this key is stored in cleartext within the world-readable Nix store! Consider using the new v6 services.datadog-agent module instead.
Type: string
Example: "ae0aa6a8f08efa988ba0a17578f009ab"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/dd-agent/dd-agent.nix>
- services.dd-agent.hostname
The hostname to show in the Datadog dashboard (optional)
Type: null or string
Default: null
Example: "mymachine.mydomain"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/dd-agent/dd-agent.nix>
- services.dd-agent.jmxConfig
JMX integration configuration
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/dd-agent/dd-agent.nix>
- services.dd-agent.mongoConfig
MongoDB integration configuration
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/dd-agent/dd-agent.nix>
- services.dd-agent.nginxConfig
Datadog nginx integration configuration
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/dd-agent/dd-agent.nix>
- services.dd-agent.postgresqlConfig
Datadog PostgreSQL integration configuration
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/dd-agent/dd-agent.nix>
- services.dd-agent.processConfig
Process integration configuration See https://docs.datadoghq.com/integrations/process/
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/dd-agent/dd-agent.nix>
- services.dd-agent.tags
The tags to mark this Datadog agent
Type: null or list of strings
Default: null
Example: [ "test" "service" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/dd-agent/dd-agent.nix>
- services.ddccontrol.enable
Whether to enable ddccontrol for controlling displays.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/ddccontrol.nix>
- services.ddclient.enable
Whether to synchronise your machine's IP address with a dynamic DNS provider (e.g. dyndns.org).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
- services.ddclient.package
The ddclient executable package run by the service.
Type: package
Default: "pkgs.ddclient"
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
- services.ddclient.configFile
Path to configuration file. When set this overrides the generated configuration from module options.
Type: null or path
Default: null
Example: "/root/nixos/secrets/ddclient.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
- services.ddclient.domains
Domain name(s) to synchronize.
Type: list of strings
Default: [ "" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
- services.ddclient.extraConfig
Extra configuration. Contents will be added verbatim to the configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
- services.ddclient.interval
The interval at which to run the check and update. See man 7 systemd.time for the format.
Type: string
Default: "10min"
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
- services.ddclient.ipv6
Whether to use IPv6.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
- services.ddclient.passwordFile
A file containing the password.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
- services.ddclient.protocol
Protocol to use with dynamic DNS provider (see https://sourceforge.net/p/ddclient/wiki/protocols).
Type: string
Default: "dyndns2"
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
- services.ddclient.quiet
Print no messages for unnecessary updates.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
- services.ddclient.script
script as required by some providers.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
- services.ddclient.server
Server address.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
- services.ddclient.ssl
Whether to use SSL/TLS to connect to dynamic DNS provider.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
- services.ddclient.use
Method to determine the IP address to send to the dynamic DNS provider.
Type: string
Default: "web, web=checkip.dyndns.com/, web-skip='Current IP Address: '"
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
- services.ddclient.username
User name.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
- services.ddclient.verbose
Print verbose information.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
- services.ddclient.zone
zone as required by some providers.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
- services.deliantra-server.enable
If enabled, the Deliantra game server will be started at boot.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/deliantra-server.nix>
- services.deliantra-server.package
The package to use for the Deliantra server (and map/arch data, if you don't change dataDir).
Type: package
Default: pkgs.deliantra-server
Declared by:
<nixpkgs/nixos/modules/services/games/deliantra-server.nix>
- services.deliantra-server.configFiles
Contents of the server configuration files. These will be appended to the example configurations the server comes with and overwrite any default settings defined therein.
The example here is not comprehensive. See the files in /etc/deliantra-server after enabling this module for full documentation.
Type: attribute set of strings
Default: { motd = ""; }
Example:
{ dm_file = '' admin:secret_password:localhost jane:xyzzy:* ''; motd = "Welcome to Deliantra!"; settings = '' # Settings for game mechanics. stat_loss_on_death true armor_max_enchant 7 ''; config = '' # Settings for the server daemon. hiscore_url https://deliantra.example.net/scores/ max_map_reset 86400 ''; }Declared by:
<nixpkgs/nixos/modules/services/games/deliantra-server.nix>
- services.deliantra-server.dataDir
Where to store readonly data (maps, archetypes, sprites, etc). Note that if you plan to use the live map editor (rather than editing the maps offline and then nixos-rebuilding), THIS MUST BE WRITEABLE -- copy the deliantra-data someplace writeable (say, /var/lib/deliantra/data) and update this option accordingly.
Type: string
Default: "${pkgs.deliantra-data}"
Declared by:
<nixpkgs/nixos/modules/services/games/deliantra-server.nix>
- services.deliantra-server.openFirewall
Whether to open ports in the firewall for the server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/deliantra-server.nix>
- services.deliantra-server.stateDir
Where to store runtime data (save files, persistent items, etc).
If left at the default, this will be automatically created on server startup if it does not already exist. If changed, it is the admin's responsibility to make sure that the directory exists and is writeable by the `crossfire` user.
Type: string
Default: "/var/lib/deliantra"
Declared by:
<nixpkgs/nixos/modules/services/games/deliantra-server.nix>
- services.deluge.enable
Whether to enable Deluge daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
- services.deluge.package
Deluge package to use.
Type: package
Example: pkgs.deluge-2_x
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
- services.deluge.authFile
The file managing the authentication for deluge, the format of this file is straightforward, each line contains a username:password:level tuple in plaintext. It only has an effect when services.deluge.declarative is set to true. See https://dev.deluge-torrent.org/wiki/UserGuide/Authentication for more informations.
Type: path
Example: "/run/keys/deluge-auth"
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
- services.deluge.config
Deluge core configuration for the core.conf file. Only has an effect when services.deluge.declarative is set to true. String values must be quoted, integer and boolean values must not. See https://git.deluge-torrent.org/deluge/tree/deluge/core/preferencesmanager.py#n41 for the availaible options.
Type: attribute set
Default: { }
Example:
{ download_location = "/srv/torrents/"; max_upload_speed = "1000.0"; share_ratio_limit = "2.0"; allow_remote = true; daemon_port = 58846; listen_ports = [ 6881 6889 ]; }Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
- services.deluge.dataDir
The directory where deluge will create files.
Type: path
Default: "/var/lib/deluge"
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
- services.deluge.declarative
Whether to use a declarative deluge configuration. Only if set to true, the options services.deluge.config, services.deluge.openFirewall and services.deluge.authFile will be applied.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
- services.deluge.extraPackages
Extra packages available at runtime to enable Deluge's plugins. For example, extraction utilities are required for the built-in "Extractor" plugin. This always contains unzip, gnutar, xz and bzip2.
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
- services.deluge.group
Group under which deluge runs.
Type: string
Default: "deluge"
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
- services.deluge.openFilesLimit
Number of files to allow deluged to open.
Type: signed integer or string
Default: 4096
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
- services.deluge.openFirewall
Whether to open the firewall for the ports in services.deluge.config.listen_ports. It only takes effet if services.deluge.declarative is set to true.
It does NOT apply to the daemon port nor the web UI port. To access those ports secuerly check the documentation https://dev.deluge-torrent.org/wiki/UserGuide/ThinClient#CreateSSHTunnel or use a VPN or configure certificates for deluge.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
- services.deluge.user
User account under which deluge runs.
Type: string
Default: "deluge"
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
- services.deluge.web.enable
Whether to enable Deluge Web daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
- services.deluge.web.openFirewall
Open ports in the firewall for deluge web daemon
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
- services.deluge.web.port
Deluge web UI port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8112
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
- services.dendrite.enable
Whether to enable matrix.org dendrite.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/dendrite.nix>
- services.dendrite.environmentFile
Environment file as defined in systemd.exec(5). Secrets may be passed to the service without adding them to the world-readable Nix store, by specifying placeholder variables as the option value in Nix and setting these variables accordingly in the environment file. Currently only used for the registration secret to allow secure registration when client_api.registration_disabled is true.
# snippet of dendrite-related config services.dendrite.settings.client_api.registration_shared_secret = "$REGISTRATION_SHARED_SECRET";
# content of the environment file REGISTRATION_SHARED_SECRET=verysecretpassword
Note that this file needs to be available on the host on which dendrite is running.
Type: null or path
Default: null
Example: "/var/lib/dendrite/registration_secret"
Declared by:
<nixpkgs/nixos/modules/services/misc/dendrite.nix>
- services.dendrite.httpPort
The port to listen for HTTP requests on.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8008
Declared by:
<nixpkgs/nixos/modules/services/misc/dendrite.nix>
- services.dendrite.httpsPort
The port to listen for HTTPS requests on.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/dendrite.nix>
- services.dendrite.settings
Configuration for dendrite, see: https://github.com/matrix-org/dendrite/blob/master/dendrite-config.yaml for available options with which to populate settings.
Type: YAML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/dendrite.nix>
- services.dendrite.settings.client_api.registration_disabled
Whether to disable user registration to the server without the shared secret.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/dendrite.nix>
- services.dendrite.settings.global.private_key
The path to the signing private key file, used to sign requests and events.
nix-shell -p dendrite --command "generate-keys --private-key matrix_key.pem"
Type: path
Example: "/var/lib/dendrite/matrix_key.pem"
Declared by:
<nixpkgs/nixos/modules/services/misc/dendrite.nix>
- services.dendrite.settings.global.server_name
The domain name of the server, with optional explicit port. This is used by remote servers to connect to this server. This is also the last part of your UserID.
Type: string
Example: "example.com"
Declared by:
<nixpkgs/nixos/modules/services/misc/dendrite.nix>
- services.dendrite.settings.global.trusted_third_party_id_servers
Lists of domains that the server will trust as identity servers to verify third party identifiers such as phone numbers and email addresses
Type: list of strings
Default: [ "matrix.org" "vector.im" ]
Example: [ "matrix.org" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/dendrite.nix>
- services.dendrite.tlsCert
The path to the TLS certificate.
nix-shell -p dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"
Type: null or path
Default: null
Example: "/var/lib/dendrite/server.cert"
Declared by:
<nixpkgs/nixos/modules/services/misc/dendrite.nix>
- services.dendrite.tlsKey
The path to the TLS key.
nix-shell -p dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"
Type: null or path
Default: null
Example: "/var/lib/dendrite/server.key"
Declared by:
<nixpkgs/nixos/modules/services/misc/dendrite.nix>
- services.devmon.enable
Whether to enable devmon, an automatic device mounting daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/devmon.nix>
- services.dex.enable
Whether to enable the OpenID Connect and OAuth2 identity provider.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dex.nix>
- services.dex.settings
The available options can be found in the example configuration.
Type: YAML value
Default: { }
Example:
{ # External url issuer = "http://127.0.0.1:5556/dex"; storage = { type = "postgres"; config.host = "/var/run/postgres"; }; web = { http = "127.0.0.1:5556"; }; enablePasswordDB = true; staticClients = [ { id = "oidcclient"; name = "Client"; redirectURIs = [ "https://example.com/callback" ]; secretFile = "/etc/dex/oidcclient"; # The content of `secretFile` will be written into to the config as `secret`. } ]; }Declared by:
<nixpkgs/nixos/modules/services/web-apps/dex.nix>
- services.dhcpd4.enable
Whether to enable the DHCPv4 server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
- services.dhcpd4.authoritative
Whether the DHCP server shall send DHCPNAK messages to misconfigured clients. If this is not done, clients may be unable to get a correct IP address after changing subnets until their old lease has expired.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
- services.dhcpd4.configFile
The path of the DHCP server configuration file. If no file is specified, a file is generated using the other options.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
- services.dhcpd4.extraConfig
Extra text to be appended to the DHCP server configuration file. Currently, you almost certainly need to specify something there, such as the options specifying the subnet mask, DNS servers, etc.
Type: strings concatenated with "\n"
Default: ""
Example:
'' option subnet-mask 255.255.255.0; option broadcast-address 192.168.1.255; option routers 192.168.1.5; option domain-name-servers 130.161.158.4, 130.161.33.17, 130.161.180.1; option domain-name "example.org"; subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.100 192.168.1.200; } ''Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
- services.dhcpd4.extraFlags
Additional command line flags to be passed to the dhcpd daemon.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
- services.dhcpd4.interfaces
The interfaces on which the DHCP server should listen.
Type: list of strings
Default: [ "eth0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
- services.dhcpd4.machines
A list mapping Ethernet addresses to IPv4 addresses for the DHCP server.
Type: list of submodules
Default: [ ]
Example: [ { ethernetAddress = "00:16:76:9a:32:1d"; hostName = "foo"; ipAddress = "192.168.1.10"; } { ethernetAddress = "00:19:d1:1d:c4:9a"; hostName = "bar"; ipAddress = "192.168.1.11"; } ]
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
- services.dhcpd4.machines.*.ethernetAddress
MAC address of the machine.
Type: string
Example: "00:16:76:9a:32:1d"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
- services.dhcpd4.machines.*.hostName
Hostname which is assigned statically to the machine.
Type: string
Example: "foo"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
- services.dhcpd4.machines.*.ipAddress
IP address of the machine.
Type: string
Example: "192.168.1.10"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
- services.dhcpd4.stateDir
State directory for the DHCP server.
Type: path
Default: "/var/lib/dhcp"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
- services.dhcpd6.enable
Whether to enable the DHCPv6 server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
- services.dhcpd6.authoritative
Whether the DHCP server shall send DHCPNAK messages to misconfigured clients. If this is not done, clients may be unable to get a correct IP address after changing subnets until their old lease has expired.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
- services.dhcpd6.configFile
The path of the DHCP server configuration file. If no file is specified, a file is generated using the other options.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
- services.dhcpd6.extraConfig
Extra text to be appended to the DHCP server configuration file. Currently, you almost certainly need to specify something there, such as the options specifying the subnet mask, DNS servers, etc.
Type: strings concatenated with "\n"
Default: ""
Example:
'' option subnet-mask 255.255.255.0; option broadcast-address 192.168.1.255; option routers 192.168.1.5; option domain-name-servers 130.161.158.4, 130.161.33.17, 130.161.180.1; option domain-name "example.org"; subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.100 192.168.1.200; } ''Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
- services.dhcpd6.extraFlags
Additional command line flags to be passed to the dhcpd daemon.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
- services.dhcpd6.interfaces
The interfaces on which the DHCP server should listen.
Type: list of strings
Default: [ "eth0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
- services.dhcpd6.machines
A list mapping Ethernet addresses to IPv6 addresses for the DHCP server.
Type: list of submodules
Default: [ ]
Example: [ { ethernetAddress = "00:16:76:9a:32:1d"; hostName = "foo"; ipAddress = "192.168.1.10"; } { ethernetAddress = "00:19:d1:1d:c4:9a"; hostName = "bar"; ipAddress = "192.168.1.11"; } ]
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
- services.dhcpd6.machines.*.ethernetAddress
MAC address of the machine.
Type: string
Example: "00:16:76:9a:32:1d"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
- services.dhcpd6.machines.*.hostName
Hostname which is assigned statically to the machine.
Type: string
Example: "foo"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
- services.dhcpd6.machines.*.ipAddress
IP address of the machine.
Type: string
Example: "192.168.1.10"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
- services.dhcpd6.stateDir
State directory for the DHCP server.
Type: path
Default: "/var/lib/dhcp6"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
- services.dictd.enable
Whether to enable the DICT.org dictionary server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/dictd.nix>
- services.dictd.DBs
List of databases to make available.
Type: list of packages
Default: with pkgs.dictdDBs; [ wiktionary wordnet ]
Example: [ pkgs.dictdDBs.nld2eng ]
Declared by:
<nixpkgs/nixos/modules/services/misc/dictd.nix>
- services.diod.enable
Whether to enable the diod 9P file server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
- services.diod.allsquash
Remap all users to "nobody". The attaching user need not be present in the password file.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
- services.diod.authRequired
Allow clients to connect without authentication, i.e. without a valid MUNGE credential.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
- services.diod.exportall
Export all file systems listed in /proc/mounts. If new file systems are mounted after diod has started, they will become immediately mountable. If there is a duplicate entry for a file system in the exports list, any options listed in the exports entry will apply.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
- services.diod.exportopts
Establish a default set of export options. These are overridden, not appended to, by opts attributes in an "exports" entry.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
- services.diod.exports
List the file systems that clients will be allowed to mount. All paths should be fully qualified. The exports table can include two types of element: a string element (as above), or an alternate table element form { path="/path", opts="ro" }. In the alternate form, the (optional) opts attribute is a comma-separated list of export options. The two table element forms can be mixed in the exports table. Note that although diod will not traverse file system boundaries for a given mount due to inode uniqueness constraints, subdirectories of a file system can be separately exported.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
- services.diod.extraConfig
Extra configuration options for diod.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
services.diod.listen
[ "IP:PORT" [,"IP:PORT",...] ] List the interfaces and ports that diod should listen on.
Type: list of strings
Default: [ "0.0.0.0:564" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
- services.diod.logdest
Set the destination for logging. The value has the form of "syslog:facility:level" or "filename".
Type: string
Default: "syslog:daemon:err"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
- services.diod.nwthreads
Sets the (fixed) number of worker threads created to handle 9P requests for a unique aname.
Type: signed integer
Default: 16
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
- services.diod.squashuser
Change the squash user. The squash user must be present in the password file.
Type: string
Default: "nobody"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
- services.diod.statfsPassthru
This option configures statfs to return the host file system's type rather than V9FS_MAGIC.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
- services.diod.userdb
This option disables password/group lookups. It allows any uid to attach and assumes gid=uid, and supplementary groups contain only the primary gid.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
- services.discourse.enable
Whether to enable Discourse, an open source discussion platform.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.enableACME
Whether an ACME certificate should be used to secure connections to the server.
Type: boolean
Default: true, unless services.discourse.sslCertificate and services.discourse.sslCertificateKey are set.
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.package
The discourse package to use.
Type: package
Default: pkgs.discourse
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.admin.email
The admin user email address.
Type: string
Example: "admin@example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.admin.fullName
The admin user's full name.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.admin.passwordFile
A path to a file containing the admin user's password.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.admin.skipCreate
Do not create the admin account, instead rely on other existing admin accounts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.admin.username
The admin user username.
Type: string
Example: "admin"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.backendSettings
Additional settings to put in the discourse.conf file.
Look in the discourse_defaults.conf file in the upstream distribution to find available options.
Setting an option to null means “define variable, but leave right-hand side empty”.
Type: attribute set of null or string or signed integer or boolean or floating point numbers
Default: { }
Example:
{ max_reqs_per_ip_per_minute = 300; max_reqs_per_ip_per_10_seconds = 60; max_asset_reqs_per_ip_per_10_seconds = 250; max_reqs_per_ip_mode = "warn+block"; };Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.database.createLocally
Whether a database should be automatically created on the local host. Set this to false if you plan on provisioning a local database yourself. This has no effect if services.discourse.database.host is customized.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.database.host
Discourse database hostname. null means “prefer local unix socket connection”.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.database.ignorePostgresqlVersion
Whether to allow other versions of PostgreSQL than the recommended one. Only effective when services.discourse.database.createLocally is enabled.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.database.name
Discourse database name.
Type: string
Default: "discourse"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.database.passwordFile
File containing the Discourse database user password.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.database.pool
Database connection pool size.
Type: signed integer
Default: 8
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.database.username
Discourse database user.
Type: string
Default: "discourse"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.hostname
The hostname to serve Discourse on.
Type: string
Default: config.networking.fqdn
Example: "discourse.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.mail.contactEmailAddress
Email address of key contact responsible for this site. Used for critical notifications, as well as on the /about contact form for urgent matters.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.mail.incoming.enable
Whether to set up Postfix to receive incoming mail.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.mail.incoming.apiKeyFile
A file containing the Discourse API key used to add posts and messages from mail. If left at its default value null, one will be automatically generated.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.mail.incoming.mailReceiverPackage
The discourse-mail-receiver package to use.
Type: package
Default: pkgs.discourse-mail-receiver
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.mail.incoming.replyEmailAddress
Template for reply by email incoming email address, for example: %{reply_key}@reply.example.com or replies+%{reply_key}@example.com
Type: string
Default: "%{reply_key}@${config.services.discourse.hostname}"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.mail.notificationEmailAddress
The from: email address used when sending all essential system emails. The domain specified here must have SPF, DKIM and reverse PTR records set correctly for email to arrive.
Type: string
Default:
"${if config.services.discourse.mail.incoming.enable then "notifications" else "noreply"}@${config.services.discourse.hostname}"Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.mail.outgoing.enableStartTLSAuto
Whether to try to use StartTLS.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.mail.outgoing.authentication
Authentication type to use, see http://api.rubyonrails.org/classes/ActionMailer/Base.html
Type: null or one of "plain", "login", "cram_md5"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.mail.outgoing.domain
HELO domain to use for outgoing mail.
Type: string
Default: "nixos"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.mail.outgoing.forceTLS
Force implicit TLS as per RFC 8314 3.3.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.mail.outgoing.opensslVerifyMode
How OpenSSL checks the certificate, see http://api.rubyonrails.org/classes/ActionMailer/Base.html
Type: string
Default: "peer"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.mail.outgoing.passwordFile
A file containing the password of the SMTP server account.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.mail.outgoing.port
The port of the SMTP server Discourse should use to send email.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 25
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.mail.outgoing.serverAddress
The address of the SMTP server Discourse should use to send email.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.mail.outgoing.username
The username of the SMTP server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.nginx.enable
Whether an nginx virtual host should be set up to serve Discourse. Only disable if you're planning to use a different web server, which is not recommended.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.plugins
Plugins to install as part of Discourse, expressed as a list of derivations.
Type: list of packages
Default: [ ]
Example:
with config.services.discourse.package.plugins; [ discourse-canned-replies discourse-github ];
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.redis.dbNumber
Redis database number.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.redis.host
Redis server hostname.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.redis.passwordFile
File containing the Redis password.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.redis.useSSL
Connect to Redis with SSL.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.secretKeyBaseFile
The path to a file containing the secret_key_base secret.
Discourse uses secret_key_base to encrypt the cookie store, which contains session data, and to digest user auth tokens.
Needs to be a 64 byte long string of hexadecimal characters. You can generate one by running
$ openssl rand -hex 64 >/path/to/secret_key_base_file
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Example: "/run/keys/secret_key_base"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.sidekiqProcesses
How many Sidekiq processes should be spawned.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.siteSettings
Discourse site settings. These are the settings that can be changed from the UI. This only defines their default values: they can still be overridden from the UI.
Available settings can be found by looking in the site_settings.yml file of the upstream distribution. To find a setting's path, you only need to care about the first two levels; i.e. its category and name. See the example.
Settings containing secret data should be set to an attribute set containing the attribute _secret - a string pointing to a file containing the value the option should be set to. See the example to get a better picture of this: in the resulting config/nixos_site_settings.json file, the login.github_client_secret key will be set to the contents of the /run/keys/discourse_github_client_secret file.
Type: JSON value
Default: { }
Example:
{ required = { title = "My Cats"; site_description = "Discuss My Cats (and be nice plz)"; }; login = { enable_github_logins = true; github_client_id = "a2f6dfe838cb3206ce20"; github_client_secret._secret = /run/keys/discourse_github_client_secret; }; };Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.sslCertificate
The path to the server SSL certificate. Set this to enable SSL.
Type: null or path
Default: null
Example: "/run/keys/ssl.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.sslCertificateKey
The path to the server SSL certificate key. Set this to enable SSL.
Type: null or path
Default: null
Example: "/run/keys/ssl.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.discourse.unicornTimeout
Time in seconds before a request to Unicorn times out.
This can be raised if the system Discourse is running on is too slow to handle many requests within 30 seconds.
Type: signed integer
Default: 30
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
- services.disnix.enable
Whether to enable Disnix.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
- services.disnix.enableMultiUser
Whether to support multi-user mode by enabling the Disnix D-Bus service
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
- services.disnix.enableProfilePath
Whether to enable exposing the Disnix profiles in the system's PATH.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
- services.disnix.package
The Disnix package
Type: path
Default: pkgs.disnix
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
- services.disnix.profiles
Names of the Disnix profiles to expose in the system's PATH
Type: list of strings
Default: [ "default" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
- services.disnix.useWebServiceInterface
Whether to enable the DisnixWebService interface running on Apache Tomcat.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
- services.distccd.enable
Whether to enable distccd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
- services.distccd.package
The distcc package to use.
Type: package
Default: pkgs.distcc
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
- services.distccd.allowedClients
Client IPs which are allowed to connect to distccd in CIDR notation.
Anyone who can connect to the distccd server can run arbitrary commands on that system as the distcc user, therefore you should use this judiciously.
Type: list of strings
Default: [ "127.0.0.1" ]
Example: [ "127.0.0.1" "192.168.0.0/24" "10.0.0.0/24" ]
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
- services.distccd.jobTimeout
Maximum duration, in seconds, of a single compilation request.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
- services.distccd.logLevel
Set the minimum severity of error that will be included in the log file. Useful if you only want to see error messages rather than an entry for each connection.
Type: null or one of "critical", "error", "warning", "notice", "info", "debug"
Default: "warning"
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
- services.distccd.maxJobs
Maximum number of tasks distccd should execute at any time.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
- services.distccd.nice
Niceness of the compilation tasks.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
- services.distccd.openFirewall
Opens the specified TCP port for distcc.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
- services.distccd.port
The TCP port which distccd will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3632
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
- services.distccd.stats.enable
Whether to enable statistics reporting via HTTP server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
- services.distccd.stats.port
The TCP port which the distccd statistics HTTP server will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3633
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
- services.distccd.zeroconf
Whether to register via mDNS/DNS-SD
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
- services.dkimproxy-out.enable
Whether to enable dkimproxy_out.
Note that a key will be auto-generated, and can be found in /var/lib/dkimproxy-out.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix>
- services.dkimproxy-out.domains
List of domains DKIMproxy can sign for.
Type: list of strings
Example: [ "example.org" "example.com" ]
Declared by:
<nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix>
- services.dkimproxy-out.keySize
Size of the RSA key to use to sign outgoing emails. Note that the maximum mandatorily verified as per RFC6376 is 2048.
Type: signed integer
Default: 2048
Declared by:
<nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix>
- services.dkimproxy-out.listen
Address:port DKIMproxy should listen on.
Type: string
Example: "127.0.0.1:10027"
Declared by:
<nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix>
- services.dkimproxy-out.relay
Address:port DKIMproxy should forward mail to.
Type: string
Example: "127.0.0.1:10028"
Declared by:
<nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix>
- services.dkimproxy-out.selector
The selector to use for DKIM key identification.
For example, if 'selector1' is used here, then for each domain 'example.org' given in `domain`, 'selector1._domainkey.example.org' should contain the TXT record indicating the public key is the one in /var/lib/dkimproxy-out/public.key: "v=DKIM1; t=s; p=[THE PUBLIC KEY]".
Type: string
Example: "selector1"
Declared by:
<nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix>
- services.dleyna-renderer.enable
Whether to enable dleyna-renderer service, a DBus service for handling DLNA renderers.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/dleyna-renderer.nix>
- services.dleyna-server.enable
Whether to enable dleyna-server service, a DBus service for handling DLNA servers.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/dleyna-server.nix>
- services.dnscache.enable
Whether to run the dnscache caching dns server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscache.nix>
- services.dnscache.clientIps
Client IP addresses (or prefixes) from which to accept connections.
Type: list of strings
Default: [ "127.0.0.1" ]
Example: [ "192.168" "172.23.75.82" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscache.nix>
- services.dnscache.domainServers
Table of {hostname: server} pairs to use as authoritative servers for hosts (and subhosts). If entry for @ is not specified predefined list of root servers is used.
Type: attribute set of list of stringss
Default: { }
Example:
{ "@" = ["8.8.8.8" "8.8.4.4"]; "example.com" = ["192.168.100.100"]; }Declared by:
<nixpkgs/nixos/modules/services/networking/dnscache.nix>
- services.dnscache.forwardOnly
Whether to treat root servers (for @) as caching servers, requesting addresses the same way a client does. This is needed if you want to use e.g. Google DNS as your upstream DNS.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscache.nix>
- services.dnscache.ip
IP address on which to listen for connections.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscache.nix>
- services.dnscrypt-proxy2.enable
Whether to enable dnscrypt-proxy2.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy2.nix>
- services.dnscrypt-proxy2.configFile
Path to TOML config file. See: https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml If this option is set, it will override any configuration done in options.services.dnscrypt-proxy2.settings.
Type: path
Default: TOML file generated from services.dnscrypt-proxy2.settings
Example: "/etc/dnscrypt-proxy/dnscrypt-proxy.toml"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy2.nix>
- services.dnscrypt-proxy2.settings
Attrset that is converted and passed as TOML config file. For available params, see: https://github.com/DNSCrypt/dnscrypt-proxy/blob/2.1.1/dnscrypt-proxy/example-dnscrypt-proxy.toml
Type: attribute set
Default: { }
Example:
{ sources.public-resolvers = { urls = [ "https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md" ]; cache_file = "public-resolvers.md"; minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"; refresh_delay = 72; }; }Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy2.nix>
- services.dnscrypt-proxy2.upstreamDefaults
Whether to base the config declared in services.dnscrypt-proxy2.settings on the upstream example config (https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml)
Disable this if you want to declare your dnscrypt config from scratch.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy2.nix>
- services.dnscrypt-wrapper.enable
Whether to enable DNSCrypt wrapper.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
- services.dnscrypt-wrapper.address
The DNSCrypt wrapper will bind to this IP address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
- services.dnscrypt-wrapper.keys.checkInterval
The time interval (in minutes) between key expiration checks.
Type: signed integer
Default: 1440
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
- services.dnscrypt-wrapper.keys.expiration
The duration (in days) of the time-limited secret key. This will be automatically rotated before expiration.
Type: signed integer
Default: 30
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
- services.dnscrypt-wrapper.port
The DNSCrypt wrapper will listen for DNS queries on this port.
Type: signed integer
Default: 5353
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
- services.dnscrypt-wrapper.providerKey.public
The filepath to the provider public key. If not given a new provider key pair will be generated on the first run.
Type: null or path
Default: null
Example: "/etc/secrets/public.key"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
- services.dnscrypt-wrapper.providerKey.secret
The filepath to the provider secret key. If not given a new provider key pair will be generated on the first run.
Type: null or path
Default: null
Example: "/etc/secrets/secret.key"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
- services.dnscrypt-wrapper.providerName
The name that will be given to this DNSCrypt resolver. Note: the resolver name must start with 2.dnscrypt-cert..
Type: string
Default: "2.dnscrypt-cert.nixos"
Example: "2.dnscrypt-cert.myresolver"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
- services.dnscrypt-wrapper.upstream.address
The IP address of the upstream DNS server DNSCrypt will "wrap".
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
- services.dnscrypt-wrapper.upstream.port
The port of the upstream DNS server DNSCrypt will "wrap".
Type: signed integer
Default: 53
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
- services.dnsdist.enable
Whether to enable dnsdist domain name server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsdist.nix>
- services.dnsdist.extraConfig
Extra lines to be added verbatim to dnsdist.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsdist.nix>
- services.dnsdist.listenAddress
Listen IP Address
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsdist.nix>
- services.dnsdist.listenPort
Listen port
Type: signed integer
Default: 53
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsdist.nix>
- services.dnsmasq.enable
Whether to run dnsmasq.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
- services.dnsmasq.alwaysKeepRunning
If enabled, systemd will always respawn dnsmasq even if shut down manually. The default, disabled, will only restart it on error.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
- services.dnsmasq.extraConfig
Extra configuration directives that should be added to dnsmasq.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
- services.dnsmasq.resolveLocalQueries
Whether dnsmasq should resolve local queries (i.e. add 127.0.0.1 to /etc/resolv.conf).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
- services.dnsmasq.servers
The DNS servers which dnsmasq should query.
Type: list of strings
Default: [ ]
Example: [ "8.8.8.8" "8.8.4.4" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
- services.do-agent.enable
Whether to enable do-agent, the DigitalOcean droplet metrics agent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/do-agent.nix>
- services.dockerRegistry.enable
Whether to enable Docker Registry.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
- services.dockerRegistry.enableDelete
Enable delete for manifests and blobs.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
- services.dockerRegistry.enableGarbageCollect
Whether to enable garbage collect.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
- services.dockerRegistry.enableRedisCache
Whether to enable redis as blob cache.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
- services.dockerRegistry.extraConfig
Docker extra registry configuration via environment variables.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
- services.dockerRegistry.garbageCollectDates
Specification (in the format described by systemd.time(7)) of the time at which the garbage collect will occur.
Type: string
Default: "daily"
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
- services.dockerRegistry.listenAddress
Docker registry host or ip to bind to.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
- services.dockerRegistry.port
Docker registry port to bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5000
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
- services.dockerRegistry.redisPassword
Set redis password.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
- services.dockerRegistry.redisUrl
Set redis host and port.
Type: string
Default: "localhost:6379"
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
- services.dockerRegistry.storagePath
Docker registry storage path for the filesystem storage backend. Set to null to configure another backend via extraConfig.
Type: null or path
Default: "/var/lib/docker-registry"
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
- services.documize.enable
Whether to enable Documize Wiki.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
- services.documize.package
Which package to use for documize.
Type: package
Default: pkgs.documize-community
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
- services.documize.cert
The cert.pem file used for https.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
- services.documize.db
Database specific connection string for example:
- MySQL/Percona/MariaDB: user:password@tcp(host:3306)/documize
- MySQLv8+: user:password@tcp(host:3306)/documize?allowNativePasswords=true
- PostgreSQL: host=localhost port=5432 dbname=documize user=admin password=secret sslmode=disable
- MSSQL: sqlserver://username:password@localhost:1433?database=Documize or sqlserver://sa@localhost/SQLExpress?database=Documize
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
- services.documize.dbtype
Specify the database provider: mysql, percona, mariadb, postgresql, sqlserver
Type: one of "mysql", "percona", "mariadb", "postgresql", "sqlserver"
Default: "postgresql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
- services.documize.forcesslport
Redirect given http port number to TLS.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
- services.documize.key
The key.pem file used for https.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
- services.documize.location
reserved
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
- services.documize.offline
Set true for offline mode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
- services.documize.port
The http/https port number.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5001
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
- services.documize.salt
The salt string used to encode JWT tokens, if not set a random value will be generated.
Type: null or string
Default: null
Example: "3edIYV6c8B28b19fh"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
- services.documize.stateDirectoryName
The name of the directory below /var/lib/private where documize runs in and stores, for example, backups.
Type: string
Default: "documize"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
- services.doh-proxy-rust.enable
Whether to enable doh-proxy-rust.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/doh-proxy-rust.nix>
- services.doh-proxy-rust.flags
A list of command-line flags to pass to doh-proxy. For details on the available options, see https://github.com/jedisct1/doh-server#usage.
Type: list of strings
Default: [ ]
Example: [ "--server-address=9.9.9.9:53" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/doh-proxy-rust.nix>
- services.dokuwiki
DokuWiki configuration
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
- services.dokuwiki.<name>.enable
Whether to enable DokuWiki web application..
Type: boolean
Default: false
Example: true
- services.dokuwiki.<name>.package
Which DokuWiki package to use.
Type: package
Default: pkgs.dokuwiki
- services.dokuwiki.<name>.acl
Access Control Lists: see https://www.dokuwiki.org/acl Mutually exclusive with services.dokuwiki.aclFile Set this to a value other than null to take precedence over aclFile option.
Warning: Consider using aclFile instead if you do not want to store the ACL in the world-readable Nix store.
Type: null or strings concatenated with "\n"
Default: null
Example: "* @ALL 8"
- services.dokuwiki.<name>.aclFile
Location of the dokuwiki acl rules. Mutually exclusive with services.dokuwiki.acl Mutually exclusive with services.dokuwiki.acl which is preferred. Consult documentation https://www.dokuwiki.org/acl for further instructions. Example: https://github.com/splitbrain/dokuwiki/blob/master/conf/acl.auth.php.dist
Type: null or string
Default: "/var/lib/dokuwiki/‹name›/acl.auth.php"
Example: "/var/lib/dokuwiki/‹name›/acl.auth.php"
- services.dokuwiki.<name>.aclUse
Necessary for users to log in into the system. Also limits anonymous users. When disabled, everyone is able to create and edit content.
Type: boolean
Default: true
- services.dokuwiki.<name>.disableActions
Disable individual action modes. Refer to https://www.dokuwiki.org/config:action_modes for details on supported values.
Type: null or string
Default: ""
Example: "search,register"
- services.dokuwiki.<name>.extraConfig
DokuWiki configuration. Refer to https://www.dokuwiki.org/config for details on supported values.
Type: null or strings concatenated with "\n"
Default: null
Example:
'' $conf['title'] = 'My Wiki'; $conf['userewrite'] = 1; ''
- services.dokuwiki.<name>.plugins
List of path(s) to respective plugin(s) which are copied from the 'plugin' directory.
Note
These plugins need to be packaged before use, see example.Type: list of paths
Default: [ ]
Example:
let # Let's package the icalevents plugin plugin-icalevents = pkgs.stdenv.mkDerivation { name = "icalevents"; # Download the plugin from the dokuwiki site src = pkgs.fetchurl { url = "https://github.com/real-or-random/dokuwiki-plugin-icalevents/releases/download/2017-06-16/dokuwiki-plugin-icalevents-2017-06-16.zip"; sha256 = "e40ed7dd6bbe7fe3363bbbecb4de481d5e42385b5a0f62f6a6ce6bf3a1f9dfa8"; }; sourceRoot = "."; # We need unzip to build this package buildInputs = [ pkgs.unzip ]; # Installing simply means copying all files to the output directory installPhase = "mkdir -p $out; cp -R * $out/"; }; # And then pass this theme to the plugin list like this: in [ plugin-icalevents ]- services.dokuwiki.<name>.pluginsConfig
List of the dokuwiki (un)loaded plugins.
Type: strings concatenated with "\n"
Default:
'' $plugins['authad'] = 0; $plugins['authldap'] = 0; $plugins['authmysql'] = 0; $plugins['authpgsql'] = 0; ''
- services.dokuwiki.<name>.poolConfig
Options for the DokuWiki PHP pool. See the documentation on php-fpm.conf for details on configuration directives.
Type: attribute set of string or signed integer or booleans
Default: { pm = "dynamic"; pm.max_children = 32; pm.max_requests = 500; pm.max_spare_servers = 4; pm.min_spare_servers = 2; pm.start_servers = 2; }
- services.dokuwiki.<name>.stateDir
Location of the DokuWiki state directory.
Type: path
Default: "/var/lib/dokuwiki/‹name›/data"
- services.dokuwiki.<name>.superUser
You can set either a username, a list of usernames (“admin1,admin2”), or the name of a group by prepending an @ char to the groupname Consult documentation https://www.dokuwiki.org/config:superuser for further instructions.
Type: null or string
Default: "@admin"
- services.dokuwiki.<name>.templates
List of path(s) to respective template(s) which are copied from the 'tpl' directory.
Note
These templates need to be packaged before use, see example.Type: list of paths
Default: [ ]
Example:
let # Let's package the bootstrap3 theme template-bootstrap3 = pkgs.stdenv.mkDerivation { name = "bootstrap3"; # Download the theme from the dokuwiki site src = pkgs.fetchurl { url = "https://github.com/giterlizzi/dokuwiki-template-bootstrap3/archive/v2019-05-22.zip"; sha256 = "4de5ff31d54dd61bbccaf092c9e74c1af3a4c53e07aa59f60457a8f00cfb23a6"; }; # We need unzip to build this package buildInputs = [ pkgs.unzip ]; # Installing simply means copying all files to the output directory installPhase = "mkdir -p $out; cp -R * $out/"; }; # And then pass this theme to the template list like this: in [ template-bootstrap3 ]- services.dokuwiki.<name>.usersFile
Location of the dokuwiki users file. List of users. Format: login:passwordhash:Real Name:email:groups,comma,separated Create passwordHash easily by using:$ mkpasswd -5 password `pwgen 8 1` Example: https://github.com/splitbrain/dokuwiki/blob/master/conf/users.auth.php.dist
Type: null or string
Default: "/var/lib/dokuwiki/‹name›/users.auth.php"
Example: "/var/lib/dokuwiki/‹name›/users.auth.php"
- services.dokuwiki.sites
Specification of one or more DokuWiki sites to serve
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
- services.dokuwiki.sites.<name>.enable
Whether to enable DokuWiki web application..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
- services.dokuwiki.sites.<name>.package
Which DokuWiki package to use.
Type: package
Default: pkgs.dokuwiki
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
- services.dokuwiki.sites.<name>.acl
Access Control Lists: see https://www.dokuwiki.org/acl Mutually exclusive with services.dokuwiki.aclFile Set this to a value other than null to take precedence over aclFile option.
Warning: Consider using aclFile instead if you do not want to store the ACL in the world-readable Nix store.
Type: null or strings concatenated with "\n"
Default: null
Example: "* @ALL 8"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
- services.dokuwiki.sites.<name>.aclFile
Location of the dokuwiki acl rules. Mutually exclusive with services.dokuwiki.acl Mutually exclusive with services.dokuwiki.acl which is preferred. Consult documentation https://www.dokuwiki.org/acl for further instructions. Example: https://github.com/splitbrain/dokuwiki/blob/master/conf/acl.auth.php.dist
Type: null or string
Default: "/var/lib/dokuwiki/‹name›/acl.auth.php"
Example: "/var/lib/dokuwiki/‹name›/acl.auth.php"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
- services.dokuwiki.sites.<name>.aclUse
Necessary for users to log in into the system. Also limits anonymous users. When disabled, everyone is able to create and edit content.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
- services.dokuwiki.sites.<name>.disableActions
Disable individual action modes. Refer to https://www.dokuwiki.org/config:action_modes for details on supported values.
Type: null or string
Default: ""
Example: "search,register"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
- services.dokuwiki.sites.<name>.extraConfig
DokuWiki configuration. Refer to https://www.dokuwiki.org/config for details on supported values.
Type: null or strings concatenated with "\n"
Default: null
Example:
'' $conf['title'] = 'My Wiki'; $conf['userewrite'] = 1; ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
- services.dokuwiki.sites.<name>.plugins
List of path(s) to respective plugin(s) which are copied from the 'plugin' directory.
Note
These plugins need to be packaged before use, see example.Type: list of paths
Default: [ ]
Example:
let # Let's package the icalevents plugin plugin-icalevents = pkgs.stdenv.mkDerivation { name = "icalevents"; # Download the plugin from the dokuwiki site src = pkgs.fetchurl { url = "https://github.com/real-or-random/dokuwiki-plugin-icalevents/releases/download/2017-06-16/dokuwiki-plugin-icalevents-2017-06-16.zip"; sha256 = "e40ed7dd6bbe7fe3363bbbecb4de481d5e42385b5a0f62f6a6ce6bf3a1f9dfa8"; }; sourceRoot = "."; # We need unzip to build this package buildInputs = [ pkgs.unzip ]; # Installing simply means copying all files to the output directory installPhase = "mkdir -p $out; cp -R * $out/"; }; # And then pass this theme to the plugin list like this: in [ plugin-icalevents ]Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
- services.dokuwiki.sites.<name>.pluginsConfig
List of the dokuwiki (un)loaded plugins.
Type: strings concatenated with "\n"
Default:
'' $plugins['authad'] = 0; $plugins['authldap'] = 0; $plugins['authmysql'] = 0; $plugins['authpgsql'] = 0; ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
- services.dokuwiki.sites.<name>.poolConfig
Options for the DokuWiki PHP pool. See the documentation on php-fpm.conf for details on configuration directives.
Type: attribute set of string or signed integer or booleans
Default: { pm = "dynamic"; pm.max_children = 32; pm.max_requests = 500; pm.max_spare_servers = 4; pm.min_spare_servers = 2; pm.start_servers = 2; }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
- services.dokuwiki.sites.<name>.stateDir
Location of the DokuWiki state directory.
Type: path
Default: "/var/lib/dokuwiki/‹name›/data"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
- services.dokuwiki.sites.<name>.superUser
You can set either a username, a list of usernames (“admin1,admin2”), or the name of a group by prepending an @ char to the groupname Consult documentation https://www.dokuwiki.org/config:superuser for further instructions.
Type: null or string
Default: "@admin"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
- services.dokuwiki.sites.<name>.templates
List of path(s) to respective template(s) which are copied from the 'tpl' directory.
Note
These templates need to be packaged before use, see example.Type: list of paths
Default: [ ]
Example:
let # Let's package the bootstrap3 theme template-bootstrap3 = pkgs.stdenv.mkDerivation { name = "bootstrap3"; # Download the theme from the dokuwiki site src = pkgs.fetchurl { url = "https://github.com/giterlizzi/dokuwiki-template-bootstrap3/archive/v2019-05-22.zip"; sha256 = "4de5ff31d54dd61bbccaf092c9e74c1af3a4c53e07aa59f60457a8f00cfb23a6"; }; # We need unzip to build this package buildInputs = [ pkgs.unzip ]; # Installing simply means copying all files to the output directory installPhase = "mkdir -p $out; cp -R * $out/"; }; # And then pass this theme to the template list like this: in [ template-bootstrap3 ]Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
- services.dokuwiki.sites.<name>.usersFile
Location of the dokuwiki users file. List of users. Format: login:passwordhash:Real Name:email:groups,comma,separated Create passwordHash easily by using:$ mkpasswd -5 password `pwgen 8 1` Example: https://github.com/splitbrain/dokuwiki/blob/master/conf/users.auth.php.dist
Type: null or string
Default: "/var/lib/dokuwiki/‹name›/users.auth.php"
Example: "/var/lib/dokuwiki/‹name›/users.auth.php"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
- services.dokuwiki.webserver
Whether to use nginx or caddy for virtual host management.
Further nginx configuration can be done by adapting services.nginx.virtualHosts.<name>. See services.nginx.virtualHosts for further information.
Further apache2 configuration can be done by adapting services.httpd.virtualHosts.<name>. See services.httpd.virtualHosts for further information.
Type: one of "nginx", "caddy"
Default: "nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
- services.domoticz.enable
Whether to enable Domoticz home automation.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/domoticz.nix>
- services.domoticz.bind
IP address to bind to.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/domoticz.nix>
- services.domoticz.port
Port to bind to for HTTP, set to 0 to disable HTTP.
Type: signed integer
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/misc/domoticz.nix>
- services.dovecot2.enable
Whether to enable Dovecot 2.x POP3/IMAP server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.enableImap
Start the IMAP listener (when Dovecot is enabled).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.enableLmtp
Start the LMTP listener (when Dovecot is enabled).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.enablePAM
Whether to create a own Dovecot PAM service and configure PAM user logins.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.enablePop3
Start the POP3 listener (when Dovecot is enabled).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.enableQuota
Whether to enable the dovecot quota service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.configFile
Config file used for the whole dovecot configuration.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.createMailUser
Whether to automatically create the user given in services.dovecot.user and the group given in services.dovecot.group.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.extraConfig
Additional entries to put verbatim into Dovecot's config file.
Type: strings concatenated with "\n"
Default: ""
Example: "mail_debug = yes"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.group
Dovecot group name.
Type: string
Default: "dovecot2"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.mailGroup
Default group to store mail for virtual users.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.mailLocation
Location that dovecot will use for mail folders. Dovecot mail_location option.
Type: string
Default: "maildir:/var/spool/mail/%u"
Example: "maildir:~/mail:INBOX=/var/spool/mail/%u"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.mailPlugins
Additional entries to add to the mail_plugins variable, globally and per protocol
Type: submodule
Default: { globally = { enable = [ ] ; } ; perProtocol = { } ; }
Example: { globally = { enable = [ "acl" ] ; } ; perProtocol = { imap = { enable = [ "imap_acl" ] ; } ; } ; }
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.mailPlugins.globally
Additional entries to add to the mail_plugins variable for all protocols
Type: submodule
Default: { enable = [ ] ; }
Example: { enable = [ "virtual" ] ; }
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.mailPlugins.globally.enable
mail plugins to enable as a list of strings to append to the top-level $mail_plugins configuration variable
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.mailPlugins.perProtocol
Additional entries to add to the mail_plugins variable, per protocol
Type: attribute set of submodules
Default: { }
Example: { imap = [ "imap_acl" ] ; }
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.mailPlugins.perProtocol.<name>.enable
mail plugins to enable as a list of strings to append to the corresponding per-protocol $mail_plugins configuration variable
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.mailUser
Default user to store mail for virtual users.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.mailboxes
Configure mailboxes and auto create or subscribe them.
Type: attribute set of submodules or list of unspecifieds convertible to it
Default: { }
Example:
{ Spam = { specialUse = "Junk"; auto = "create"; }; }Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.mailboxes.<name>.auto
Whether to automatically create or create and subscribe to the mailbox or not.
Type: one of "no", "create", "subscribe"
Default: "no"
Example: "subscribe"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.mailboxes.<name>.autoexpunge
To automatically remove all email from the mailbox which is older than the specified time.
Type: null or string
Default: null
Example: "60d"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.mailboxes.<name>.name
The name of the mailbox.
Type: string matching the pattern [^"]+ (read only)
Default: "‹name›"
Example: "Spam"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.mailboxes.<name>.specialUse
Null if no special use flag is set. Other than that every use flag mentioned in the RFC is valid.
Type: null or one of "All", "Archive", "Drafts", "Flagged", "Junk", "Sent", "Trash"
Default: null
Example: "Junk"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.modules
Symlinks the contents of lib/dovecot of every given package into /etc/dovecot/modules. This will make the given modules available if a dovecot package with the module_dir patch applied is being used.
Type: list of packages
Default: [ ]
Example: [ pkgs.dovecot_pigeonhole ]
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.protocols
Additional listeners to start when Dovecot is enabled.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.quotaGlobalPerUser
Quota limit for the user in bytes. Supports suffixes b, k, M, G, T and %.
Type: string
Default: "100G"
Example: "10G"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.quotaPort
The Port the dovecot quota service binds to. If using postfix, add check_policy_service inet:localhost:12340 to your smtpd_recipient_restrictions in your postfix config.
Type: string
Default: "12340"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.showPAMFailure
Show the PAM failure message on authentication error (useful for OTPW).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.sieveScripts
Sieve scripts to be executed. Key is a sequence, e.g. 'before2', 'after' etc.
Type: attribute set of paths
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.sslCACert
Path to the server's CA certificate key.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.sslServerCert
Path to the server's public key.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.sslServerKey
Path to the server's private key.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.dovecot2.user
Dovecot user name.
Type: string
Default: "dovecot2"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
- services.drbd.enable
Whether to enable support for DRBD, the Distributed Replicated Block Device.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/drbd.nix>
- services.drbd.config
Contents of the drbd.conf configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/drbd.nix>
- services.dspam.enable
Whether to enable the dspam spam filter.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/dspam.nix>
- services.dspam.domainSocket
Path to local domain socket which is used for communication with the daemon. Set to null to disable UNIX socket.
Type: null or path
Default: "/run/dspam/dspam.sock"
Declared by:
<nixpkgs/nixos/modules/services/mail/dspam.nix>
- services.dspam.extraConfig
Additional dspam configuration.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/dspam.nix>
- services.dspam.group
Group for the dspam daemon.
Type: string
Default: "dspam"
Declared by:
<nixpkgs/nixos/modules/services/mail/dspam.nix>
- services.dspam.maintenanceInterval
If set, maintenance script will be run at specified (in systemd.timer format) interval
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/dspam.nix>
- services.dspam.storageDriver
Storage driver backend to use for dspam.
Type: string
Default: "hash"
Declared by:
<nixpkgs/nixos/modules/services/mail/dspam.nix>
- services.dspam.user
User for the dspam daemon.
Type: string
Default: "dspam"
Declared by:
<nixpkgs/nixos/modules/services/mail/dspam.nix>
- services.duckling.enable
Whether to enable duckling.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/duckling.nix>
- services.duckling.port
Port on which duckling will run.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/misc/duckling.nix>
- services.duplicati.enable
Whether to enable Duplicati.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicati.nix>
- services.duplicati.interface
Listening interface for the web UI Set it to "any" to listen on all available interfaces
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicati.nix>
- services.duplicati.port
Port serving the web interface
Type: signed integer
Default: 8200
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicati.nix>
- services.duplicati.user
Duplicati runs as it's own user. It will only be able to backup world-readable files. Run as root with special care.
Type: string
Default: "duplicati"
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicati.nix>
- services.duplicity.enable
Whether to enable backups with duplicity.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicity.nix>
- services.duplicity.cleanup.maxAge
If non-null, delete all backup sets older than the given time. Old backup sets will not be deleted if backup sets newer than time depend on them.
Type: null or string
Default: null
Example: "6M"
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicity.nix>
- services.duplicity.cleanup.maxFull
If non-null, delete all backups sets that are older than the count:th last full backup (in other words, keep the last count full backups and associated incremental sets).
Type: null or signed integer
Default: null
Example: 2
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicity.nix>
- services.duplicity.cleanup.maxIncr
If non-null, delete incremental sets of all backups sets that are older than the count:th last full backup (in other words, keep only old full backups and not their increments).
Type: null or signed integer
Default: null
Example: 1
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicity.nix>
- services.duplicity.exclude
List of paths to exclude from backups. See the FILE SELECTION section in duplicity(1) for details on the syntax.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicity.nix>
- services.duplicity.extraFlags
Extra command-line flags passed to duplicity. See duplicity(1).
Type: list of strings
Default: [ ]
Example: [ "--backend-retry-delay" "100" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicity.nix>
- services.duplicity.frequency
Run duplicity with the given frequency (see systemd.time(7) for the format). If null, do not run automatically.
Type: null or string
Default: "daily"
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicity.nix>
- services.duplicity.fullIfOlderThan
If "never" (the default) always do incremental backups (the first backup will be a full backup, of course). If "always" always do full backups. Otherwise, this must be a string representing a duration. Full backups will be made when the latest full backup is older than this duration. If this is not the case, an incremental backup is performed.
Type: string
Default: "never"
Example: "1M"
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicity.nix>
- services.duplicity.include
List of paths to include into the backups. See the FILE SELECTION section in duplicity(1) for details on the syntax.
Type: list of strings
Default: [ ]
Example: [ "/home" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicity.nix>
- services.duplicity.root
Root directory to backup.
Type: path
Default: "/"
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicity.nix>
- services.duplicity.secretFile
Path of a file containing secrets (gpg passphrase, access key...) in the format of EnvironmentFile as described by systemd.exec(5). For example:
PASSPHRASE=... AWS_ACCESS_KEY_ID=... AWS_SECRET_ACCESS_KEY=...
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicity.nix>
- services.duplicity.targetUrl
Target url to backup to. See the URL FORMAT section in duplicity(1) for supported urls.
Type: string
Example: "s3://host:port/prefix"
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicity.nix>
- services.dwm-status.enable
Whether to enable dwm-status user service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/dwm-status.nix>
- services.dwm-status.package
Which dwm-status package to use.
Type: package
Default: pkgs.dwm-status
Example: pkgs.dwm-status.override { enableAlsaUtils = false; }
Declared by:
<nixpkgs/nixos/modules/services/misc/dwm-status.nix>
- services.dwm-status.extraConfig
Extra config in TOML format.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/dwm-status.nix>
- services.dwm-status.order
List of enabled features in order.
Type: list of one of "audio", "backlight", "battery", "cpu_load", "network", "time"s
Declared by:
<nixpkgs/nixos/modules/services/misc/dwm-status.nix>
- services.earlyoom.enable
Enable early out of memory killing.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/system/earlyoom.nix>
- services.earlyoom.enableDebugInfo
Enable debugging messages.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/system/earlyoom.nix>
- services.earlyoom.enableNotifications
Send notifications about killed processes via the system d-bus. To actually see the notifications in your GUI session, you need to have systembus-notify running as your user.
See README for details.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/system/earlyoom.nix>
- services.earlyoom.freeMemThreshold
Minimum of availabe memory (in percent). If the free memory falls below this threshold and the analog is true for services.earlyoom.freeSwapThreshold the killing begins.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/system/earlyoom.nix>
- services.earlyoom.freeSwapThreshold
Minimum of availabe swap space (in percent). If the available swap space falls below this threshold and the analog is true for services.earlyoom.freeMemThreshold the killing begins.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/system/earlyoom.nix>
- services.earlyoom.ignoreOOMScoreAdjust
Ignore oom_score_adjust values of processes. User-space implementation only.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/system/earlyoom.nix>
- services.earlyoom.notificationsCommand
This option is deprecated and ignored by earlyoom since 1.6. Use services.earlyoom.enableNotifications instead.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/system/earlyoom.nix>
- services.earlyoom.useKernelOOMKiller
Use kernel OOM killer instead of own user-space implementation.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/system/earlyoom.nix>
- services.ecs-agent.enable
Whether to enable Amazon ECS agent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/ecs-agent.nix>
- services.ecs-agent.package
The ECS agent package to use
Type: path
Default: pkgs.ecs-agent
Declared by:
<nixpkgs/nixos/modules/virtualisation/ecs-agent.nix>
- services.ecs-agent.extra-environment
The environment the ECS agent should run with. See the ECS agent documentation for keys that work here.
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/ecs-agent.nix>
- services.ejabberd.enable
Whether to enable ejabberd server
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
- services.ejabberd.package
ejabberd server package to use
Type: package
Default: pkgs.ejabberd
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
- services.ejabberd.configFile
Configuration file for ejabberd in YAML format
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
- services.ejabberd.ctlConfig
Configuration of ejabberdctl
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
- services.ejabberd.group
Group under which ejabberd is ran
Type: string
Default: "ejabberd"
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
- services.ejabberd.imagemagick
Add ImageMagick to server's path; allows for image thumbnailing
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
- services.ejabberd.loadDumps
Configuration dumps that should be loaded on the first startup
Type: list of paths
Default: [ ]
Example: [ ./myejabberd.dump ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
- services.ejabberd.logsDir
Location of the logfile directory of ejabberd
Type: path
Default: "/var/log/ejabberd"
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
- services.ejabberd.spoolDir
Location of the spooldir of ejabberd
Type: path
Default: "/var/lib/ejabberd"
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
- services.ejabberd.user
User under which ejabberd is ran
Type: string
Default: "ejabberd"
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
- services.elasticsearch.enable
Whether to enable elasticsearch.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
- services.elasticsearch.package
Elasticsearch package to use.
Type: package
Default: pkgs.elasticsearch
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
- services.elasticsearch.cluster_name
Elasticsearch name that identifies your cluster for auto-discovery.
Type: string
Default: "elasticsearch"
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
- services.elasticsearch.dataDir
Data directory for elasticsearch.
Type: path
Default: "/var/lib/elasticsearch"
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
- services.elasticsearch.extraCmdLineOptions
Extra command line options for the elasticsearch launcher.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
- services.elasticsearch.extraConf
Extra configuration for elasticsearch.
Type: string
Default: ""
Example:
'' node.name: "elasticsearch" node.master: true node.data: false ''
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
- services.elasticsearch.extraJavaOptions
Extra command line options for Java.
Type: list of strings
Default: [ ]
Example: [ "-Djava.net.preferIPv4Stack=true" ]
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
- services.elasticsearch.listenAddress
Elasticsearch listen address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
- services.elasticsearch.logging
Elasticsearch logging configuration.
Type: string
Default:
'' logger.action.name = org.elasticsearch.action logger.action.level = info appender.console.type = Console appender.console.name = console appender.console.layout.type = PatternLayout appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n rootLogger.level = info rootLogger.appenderRef.console.ref = console ''Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
- services.elasticsearch.plugins
Extra elasticsearch plugins
Type: list of packages
Default: [ ]
Example: [ pkgs.elasticsearchPlugins.discovery-ec2 ]
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
- services.elasticsearch.port
Elasticsearch port to listen for HTTP traffic.
Type: signed integer
Default: 9200
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
- services.elasticsearch.single_node
Start a single-node cluster
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
- services.elasticsearch.tcp_port
Elasticsearch port for the node to node communication.
Type: signed integer
Default: 9300
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
- services.elasticsearch-curator.enable
Whether to enable elasticsearch curator.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch-curator.nix>
- services.elasticsearch-curator.actionYAML
curator action.yaml file contents, alternatively use curator-cli which takes a simple action command
Type: strings concatenated with "\n"
Example:
'' --- actions: 1: action: delete_indices description: >- Delete indices older than 45 days (based on index name), for logstash- prefixed indices. Ignore the error if the filter does not result in an actionable list of indices (ignore_empty_list) and exit cleanly. options: ignore_empty_list: True disable_action: False filters: - filtertype: pattern kind: prefix value: logstash- - filtertype: age source: name direction: older timestring: '%Y.%m.%d' unit: days unit_count: 45 ''Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch-curator.nix>
- services.elasticsearch-curator.hosts
a list of elasticsearch hosts to connect to
Type: list of strings
Default: [ "localhost" ]
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch-curator.nix>
- services.elasticsearch-curator.interval
The frequency to run curator, a systemd.time such as 'hourly'
Type: string
Default: "hourly"
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch-curator.nix>
- services.elasticsearch-curator.port
the port that elasticsearch is listening on
Type: signed integer
Default: 9200
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch-curator.nix>
- services.emacs.enable
Whether to enable a user service for the Emacs daemon. Use emacsclient to connect to the daemon. If true, services.emacs.install is considered true, whatever its value.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/editors/emacs.nix>
- services.emacs.package
emacs derivation to use.
Type: package
Default: pkgs.emacs
Declared by:
<nixpkgs/nixos/modules/services/editors/emacs.nix>
- services.emacs.defaultEditor
When enabled, configures emacsclient to be the default editor using the EDITOR environment variable.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/editors/emacs.nix>
- services.emacs.install
Whether to install a user service for the Emacs daemon. Once the service is started, use emacsclient to connect to the daemon.
The service must be manually started for each user with "systemctl --user start emacs" or globally through services.emacs.enable.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/editors/emacs.nix>
- services.engelsystem.enable
Whether to enable engelsystem, an online tool for coordinating volunteers and shifts on large events.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/engelsystem.nix>
- services.engelsystem.package
Engelsystem package used for the service.
Type: package
Default: pkgs.engelsystem
Declared by:
<nixpkgs/nixos/modules/services/web-apps/engelsystem.nix>
- services.engelsystem.config
Options to be added to config.php, as a nix attribute set. Options containing secret data should be set to an attribute set containing the attribute _secret - a string pointing to a file containing the value the option should be set to. See the example to get a better picture of this: in the resulting config.php file, the email.password key will be set to the contents of the /var/keys/engelsystem/mail file.
See https://engelsystem.de/doc/admin/configuration/ for available options.
Note that the admin user login credentials cannot be set here - they always default to admin:asdfasdf. Log in and change them immediately.
Type: attribute set
Default: { database = { database = "engelsystem"; host = "localhost"; username = "engelsystem"; } ; }
Example: { autoarrive = true; database = { database = "engelsystem"; host = "database.example.com"; password = { _secret = "/var/keys/engelsystem/database"; } ; username = "engelsystem"; } ; default_locale = "de_DE"; email = { driver = "smtp"; encryption = "tls"; from = { address = "engelsystem@example.com"; name = "example engelsystem"; } ; host = "smtp.example.com"; password = { _secret = "/var/keys/engelsystem/mail"; } ; port = 587; username = "engelsystem@example.com"; } ; maintenance = false; min_password_length = 6; }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/engelsystem.nix>
- services.engelsystem.createDatabase
Whether to create a local database automatically. This will override every database setting in services.engelsystem.config.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/engelsystem.nix>
- services.engelsystem.domain
Domain to serve on.
Type: string
Example: "engelsystem.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/engelsystem.nix>
- services.epgstation.enable
Whether to enable DTV Software in Japan..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
- services.epgstation.basicAuth.passwordFile
A file containing the password for basicAuth.user.
Type: path
Default: a file containing INSECURE_GO_CHECK_CONFIGURATION_NIX
Example: "/run/keys/epgstation-password"
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
- services.epgstation.basicAuth.user
Basic auth username for EPGStation. If null, basic auth will be disabled.
Warning
Basic authentication has known weaknesses, the most critical being that it sends passwords over the network in clear text. Use this feature to control access to EPGStation within your family and friends, but don't rely on it for security.Type: null or string
Default: null
Example: "epgstation"
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
- services.epgstation.clientSocketioPort
Socket.io port that the web client is going to connect to. This may be different from socketioPort if EPGStation is hidden behind a reverse proxy.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 20773
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
- services.epgstation.database.name
Name of the MySQL database that holds EPGStation's data.
Type: string
Default: "epgstation"
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
- services.epgstation.database.passwordFile
A file containing the password for the database named database.name.
Type: path
Default: a file containing INSECURE_GO_CHECK_CONFIGURATION_NIX
Example: "/run/keys/epgstation-db-password"
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
- services.epgstation.openFirewall
Open ports in the firewall for the EPGStation web interface.
Warning
Exposing EPGStation to the open internet is generally advised against. Only use it inside a trusted local network, or consider putting it behind a VPN if you want remote access.Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
- services.epgstation.port
HTTP port for EPGStation to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 20772
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
- services.epgstation.settings
Options to add to config.json.
Documentation: https://github.com/l3tnun/EPGStation/blob/master/doc/conf-manual.md
Type: JSON value
Default: { }
Example: { conflictPriority = 10; recPriority = 20; }
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
- services.epgstation.settings.encode
Encoding presets for recorded videos.
Type: list of attribute sets
Default:
[ { name = "H264"; cmd = "${pkgs.epgstation}/libexec/enc.sh main"; suffix = ".mp4"; default = true; } { name = "H264-sub"; cmd = "${pkgs.epgstation}/libexec/enc.sh sub"; suffix = "-sub.mp4"; } ]Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
- services.epgstation.settings.mirakurunPath
URL to connect to Mirakurun.
Type: string
Default: "http+unix://%2Fvar%2Frun%2Fmirakurun%2Fmirakurun.sock"
Example: "http://localhost:40772"
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
- services.epgstation.settings.readOnlyOnce
Don't reload configuration files at runtime.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
- services.epgstation.socketioPort
Socket.io port for EPGStation to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 20773
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
- services.epgstation.usePreconfiguredStreaming
Use preconfigured default streaming options.
Upstream defaults: https://github.com/l3tnun/EPGStation/blob/master/config/config.sample.json
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
- services.epmd.enable
Whether to enable socket activation for Erlang Port Mapper Daemon (epmd), which acts as a name server on all hosts involved in distributed Erlang computations.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/epmd.nix>
- services.epmd.package
The Erlang package to use to get epmd binary. That way you can re-use an Erlang runtime that is already installed for other purposes.
Type: package
Default: pkgs.erlang
Declared by:
<nixpkgs/nixos/modules/services/networking/epmd.nix>
- services.epmd.listenStream
the listenStream used by the systemd socket. see https://www.freedesktop.org/software/systemd/man/systemd.socket.html#ListenStream= for more informations. use this to change the port epmd will run on. if not defined, epmd will use "[::]:4369"
Type: string
Default: "[::]:4369"
Declared by:
<nixpkgs/nixos/modules/services/networking/epmd.nix>
- services.ergo.enable
Whether to enable Ergo service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ergo.nix>
- services.ergo.api.keyHash
Hex-encoded Blake2b256 hash of an API key as a 64-chars long Base16 string.
Type: null or string
Default: null
Example: "324dcf027dd4a30a932c441f365a25e86b173defa4b8e58948253471b81b72cf"
Declared by:
<nixpkgs/nixos/modules/services/networking/ergo.nix>
- services.ergo.api.listen.ip
IP address that the Ergo node API should listen on if api.keyHash is defined.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/ergo.nix>
- services.ergo.api.listen.port
Listen port for the API endpoint if api.keyHash is defined.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9052
Declared by:
<nixpkgs/nixos/modules/services/networking/ergo.nix>
- services.ergo.dataDir
The data directory for the Ergo node.
Type: path
Default: "/var/lib/ergo"
Declared by:
<nixpkgs/nixos/modules/services/networking/ergo.nix>
- services.ergo.group
The group as which to run the Ergo node.
Type: string
Default: "ergo"
Declared by:
<nixpkgs/nixos/modules/services/networking/ergo.nix>
- services.ergo.listen.ip
IP address on which the Ergo node should listen.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/ergo.nix>
- services.ergo.listen.port
Listen port for the Ergo node.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9006
Declared by:
<nixpkgs/nixos/modules/services/networking/ergo.nix>
- services.ergo.openFirewall
Open ports in the firewall for the Ergo node as well as the API.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ergo.nix>
- services.ergo.testnet
Connect to testnet network instead of the default mainnet.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ergo.nix>
- services.ergo.user
The user as which to run the Ergo node.
Type: string
Default: "ergo"
Declared by:
<nixpkgs/nixos/modules/services/networking/ergo.nix>
- services.errbot.instances
Errbot instance configs
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/errbot.nix>
- services.errbot.instances.<name>.admins
List of identifiers of errbot admins.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/errbot.nix>
- services.errbot.instances.<name>.backend
Errbot backend name.
Type: string
Default: "XMPP"
Declared by:
<nixpkgs/nixos/modules/services/misc/errbot.nix>
- services.errbot.instances.<name>.dataDir
Data directory for errbot instance.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/errbot.nix>
- services.errbot.instances.<name>.extraConfig
String to be appended to the config verbatim
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/errbot.nix>
- services.errbot.instances.<name>.identity
Errbot identity configuration
Type: attribute set
Declared by:
<nixpkgs/nixos/modules/services/misc/errbot.nix>
- services.errbot.instances.<name>.logLevel
Errbot log level
Type: string
Default: "INFO"
Declared by:
<nixpkgs/nixos/modules/services/misc/errbot.nix>
- services.errbot.instances.<name>.plugins
List of errbot plugin derivations.
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/errbot.nix>
- services.espanso.enable
Whether to enable Espanso.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/espanso.nix>
- services.etcd.enable
Whether to enable etcd.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
- services.etcd.advertiseClientUrls
Etcd list of this member's client URLs to advertise to the rest of the cluster.
Type: list of strings
Default: [ "http://127.0.0.1:2379" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
- services.etcd.certFile
Cert file to use for clients
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
- services.etcd.clientCertAuth
Whether to use certs for client authentication
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
- services.etcd.dataDir
Etcd data directory.
Type: path
Default: "/var/lib/etcd"
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
- services.etcd.discovery
Etcd discovery url
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
- services.etcd.extraConf
Etcd extra configuration. See https://github.com/coreos/etcd/blob/master/Documentation/op-guide/configuration.md#configuration-flags
Type: attribute set of strings
Default: { }
Example:
{ "CORS" = "*"; "NAME" = "default-name"; "MAX_RESULT_BUFFER" = "1024"; "MAX_CLUSTER_SIZE" = "9"; "MAX_RETRY_ATTEMPTS" = "3"; }Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
- services.etcd.initialAdvertisePeerUrls
Etcd list of this member's peer URLs to advertise to rest of the cluster.
Type: list of strings
Default: [ "http://127.0.0.1:2380" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
- services.etcd.initialCluster
Etcd initial cluster configuration for bootstrapping.
Type: list of strings
Default: [ "nixos=http://127.0.0.1:2380" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
- services.etcd.initialClusterState
Etcd initial cluster configuration for bootstrapping.
Type: one of "new", "existing"
Default: "new"
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
- services.etcd.initialClusterToken
Etcd initial cluster token for etcd cluster during bootstrap.
Type: string
Default: "etcd-cluster"
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
- services.etcd.keyFile
Key file to use for clients
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
- services.etcd.listenClientUrls
Etcd list of URLs to listen on for client traffic.
Type: list of strings
Default: [ "http://127.0.0.1:2379" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
- services.etcd.listenPeerUrls
Etcd list of URLs to listen on for peer traffic.
Type: list of strings
Default: [ "http://127.0.0.1:2380" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
- services.etcd.name
Etcd unique node name.
Type: string
Default: "nixos"
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
- services.etcd.peerCertFile
Cert file to use for peer to peer communication
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
- services.etcd.peerClientCertAuth
Whether to check all incoming peer requests from the cluster for valid client certificates signed by the supplied CA
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
- services.etcd.peerKeyFile
Key file to use for peer to peer communication
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
- services.etcd.peerTrustedCaFile
Certificate authority file to use for peer to peer communication
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
- services.etcd.trustedCaFile
Certificate authority file to use for clients
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
- services.etebase-server.enable
Whether to enable the Etebase server.
Once enabled you need to create an admin user by invoking the shell command etebase-server createsuperuser with the user specified by the user option or a superuser. Then you can login and create accounts on your-etebase-server.com/admin
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
- services.etebase-server.dataDir
Directory to store the Etebase server data.
Type: string
Default: "/var/lib/etebase-server"
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
- services.etebase-server.openFirewall
Whether to open ports in the firewall for the server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
- services.etebase-server.port
Port to listen on.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8001
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
- services.etebase-server.settings
Configuration for etebase-server. Refer to https://github.com/etesync/server/blob/master/etebase-server.ini.example and https://github.com/etesync/server/wiki for details on supported values.
Type: attribute set of attribute set of INI atom (null, bool, int, float or string)ss
Default: { }
Example: { allowed_hosts = { allowed_host2 = "localhost"; } ; global = { debug = true; media_root = "/path/to/media"; } ; }
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
- services.etebase-server.settings.allowed_hosts.allowed_host1
The main host that is allowed access.
Type: string
Default: "0.0.0.0"
Example: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
- services.etebase-server.settings.database.engine
The database engine to use.
Type: one of "django.db.backends.sqlite3", "django.db.backends.postgresql"
Default: "django.db.backends.sqlite3"
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
- services.etebase-server.settings.database.name
The database name.
Type: string
Default: "${config.services.etebase-server.dataDir}/db.sqlite3"
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
- services.etebase-server.settings.global.debug
Whether to set django's DEBUG flag.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
- services.etebase-server.settings.global.media_root
The media directory.
Type: string
Default: "${config.services.etebase-server.dataDir}/media"
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
- services.etebase-server.settings.global.secret_file
The path to a file containing the secret used as django's SECRET_KEY.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
- services.etebase-server.settings.global.static_root
The directory for static files.
Type: string
Default: "${config.services.etebase-server.dataDir}/static"
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
- services.etebase-server.unixSocket
The path to the socket to bind to.
Type: null or string
Default: null
Example: "/run/etebase-server/etebase-server.sock"
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
- services.etebase-server.user
User under which Etebase server runs.
Type: string
Default: "etebase-server"
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
- services.eternal-terminal.enable
Whether to enable Eternal Terminal server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/eternal-terminal.nix>
- services.eternal-terminal.logSize
The maximum log size.
Type: signed integer
Default: 20971520
Declared by:
<nixpkgs/nixos/modules/services/networking/eternal-terminal.nix>
- services.eternal-terminal.port
The port the server should listen on. Will use the server's default (2022) if not specified.
Make sure to open this port in the firewall if necessary.
Type: signed integer
Default: 2022
Declared by:
<nixpkgs/nixos/modules/services/networking/eternal-terminal.nix>
- services.eternal-terminal.silent
If enabled, disables all logging.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/eternal-terminal.nix>
- services.eternal-terminal.verbosity
The verbosity level (0-9).
Type: one of 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/eternal-terminal.nix>
- services.etesync-dav.enable
Whether to enable etesync-dav.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/etesync-dav.nix>
- services.etesync-dav.apiUrl
The url to the etesync API.
Type: string
Default: "https://api.etesync.com/"
Declared by:
<nixpkgs/nixos/modules/services/misc/etesync-dav.nix>
- services.etesync-dav.host
The server host address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/etesync-dav.nix>
- services.etesync-dav.openFirewall
Whether to open the firewall for the specified port.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/etesync-dav.nix>
- services.etesync-dav.port
The server host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 37358
Declared by:
<nixpkgs/nixos/modules/services/misc/etesync-dav.nix>
- services.etesync-dav.sslCertificate
Path to server SSL certificate. It will be copied into etesync-dav's data directory.
Type: null or path
Default: null
Example: "/var/etesync.crt"
Declared by:
<nixpkgs/nixos/modules/services/misc/etesync-dav.nix>
- services.etesync-dav.sslCertificateKey
Path to server SSL certificate key. It will be copied into etesync-dav's data directory.
Type: null or path
Default: null
Example: "/var/etesync.key"
Declared by:
<nixpkgs/nixos/modules/services/misc/etesync-dav.nix>
- services.ethminer.enable
Enable ethminer ether mining.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/ethminer.nix>
- services.ethminer.apiPort
Ethminer api port. minus sign puts api in read-only mode.
Type: signed integer
Default: -3333
Declared by:
<nixpkgs/nixos/modules/services/misc/ethminer.nix>
- services.ethminer.maxPower
Miner max watt usage.
Type: signed integer
Default: 113
Declared by:
<nixpkgs/nixos/modules/services/misc/ethminer.nix>
- services.ethminer.pool
Mining pool address.
Type: string
Example: "eth-us-east1.nanopool.org"
Declared by:
<nixpkgs/nixos/modules/services/misc/ethminer.nix>
- services.ethminer.recheckInterval
Interval in milliseconds between farm rechecks.
Type: signed integer
Default: 2000
Declared by:
<nixpkgs/nixos/modules/services/misc/ethminer.nix>
- services.ethminer.registerMail
Url encoded email address to register with pool.
Type: string
Example: "email%40example.org"
Declared by:
<nixpkgs/nixos/modules/services/misc/ethminer.nix>
- services.ethminer.rig
Mining rig name.
Type: string
Default: "mining-rig-name"
Declared by:
<nixpkgs/nixos/modules/services/misc/ethminer.nix>
- services.ethminer.stratumPort
Stratum protocol tcp port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9999
Declared by:
<nixpkgs/nixos/modules/services/misc/ethminer.nix>
- services.ethminer.toolkit
Cuda or opencl toolkit.
Type: one of "cuda", "opencl"
Default: "cuda"
Declared by:
<nixpkgs/nixos/modules/services/misc/ethminer.nix>
- services.ethminer.wallet
Ethereum wallet address.
Type: string
Example: "0x0123456789abcdef0123456789abcdef01234567"
Declared by:
<nixpkgs/nixos/modules/services/misc/ethminer.nix>
- services.exhibitor.enable
Whether to enable the exhibitor server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.autoManageInstances
Automatically manage ZooKeeper instances in the ensemble
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.baseDir
Baseline directory for exhibitor runtime config.
Type: string
Default: "/var/exhibitor"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.configCheckMs
Period (ms) to check for shared config updates.
Type: signed integer
Default: 30000
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.configType
Which configuration type you want to use. Additional config will be required depending on which type you are using.
Type: one of "file", "s3", "zookeeper", "none"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.extraConf
Extra Exhibitor configuration to put in the ZooKeeper config file.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.fileSystemBackup
Enables file system backup of ZooKeeper log files
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.fsConfigDir
Directory to store Exhibitor properties (cannot be used with s3config). Exhibitor uses file system locks so you can specify a shared location so as to enable complete ensemble management.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.fsConfigLockPrefix
A prefix for a locking mechanism used in conjunction with fsconfigdir
Type: string
Default: "exhibitor-lock-"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.fsConfigName
The name of the file to store config in
Type: string
Default: "exhibitor.properties"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.headingText
Extra text to display in UI header
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.hostname
Hostname to use and advertise
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.jqueryStyle
Styling used for the JQuery-based UI.
Type: one of "red", "black", "custom"
Default: "red"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.logLines
Max lines of logging to keep in memory for display.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.nodeModification
Whether the Explorer UI will allow nodes to be modified (use with caution).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.port
The port for exhibitor to listen on and communicate with other exhibitors.
Type: signed integer
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.s3Backup
Whether to enable backups to S3
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.s3Config.bucketName
Bucket name to store config
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.s3Config.configPrefix
When using AWS S3 shared config files, the prefix to use for values such as locks
Type: string
Default: "exhibitor-"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.s3Config.objectKey
S3 key name to store the config
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.s3Credentials
Optional credentials to use for s3backup or s3config. Argument is the path to an AWS credential properties file with two properties: com.netflix.exhibitor.s3.access-key-id and com.netflix.exhibitor.s3.access-secret-key
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.s3Region
Optional region for S3 calls
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.servo
ZooKeeper will be queried once a minute for its state via the 'mntr' four letter word (this requires ZooKeeper 3.4.x+). Servo will be used to publish this data via JMX.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.timeout
Connection timeout (ms) for ZK connections.
Type: signed integer
Default: 30000
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.zkCleanupPeriod
How often (in milliseconds) to run the Zookeeper log cleanup task.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.zkClientPort
Zookeeper client port
Type: signed integer
Default: 2181
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.zkConfigConnect
The initial connection string for ZooKeeper shared config storage
Type: list of strings
Example: [ "host1:2181" "host2:2181" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.zkConfigExhibitorPath
If the ZooKeeper shared config is also running Exhibitor, the URI path for the REST call
Type: string
Default: "/"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.zkConfigExhibitorPort
If the ZooKeeper shared config is also running Exhibitor, the port that Exhibitor is listening on. IMPORTANT: if this value is not set it implies that Exhibitor is not being used on the ZooKeeper shared config.
Type: null or signed integer
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.zkConfigPollMs
The period in ms to check for changes in the config ensemble
Type: signed integer
Default: 10000
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.zkConfigRetry.retryQuantity
Retries connecting to the ZooKeeper config
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.zkConfigRetry.sleepMs
Retry sleep time connecting to the ZooKeeper config
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.zkConfigZPath
The base ZPath that Exhibitor should use
Type: string
Example: "/exhibitor/config"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.zkConnectPort
The port to use for followers to talk to each other.
Type: signed integer
Default: 2888
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.zkDataDir
The Zookeeper data directory
Type: string
Default: "/var/exhibitor/zkData"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.zkElectionPort
The port for Zookeepers to use for leader election.
Type: signed integer
Default: 3888
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.zkExtraCfg
Extra options to pass into Zookeeper
Type: string
Default: "initLimit=5&syncLimit=2&tickTime=2000"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.zkLogDir
The Zookeeper logs directory
Type: path
Default: "/var/exhibitor/zkLogs"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exhibitor.zkServersSpec
Zookeeper server spec for all servers in the ensemble.
Type: list of strings
Default: [ ]
Example: [ "S:1:zk1.example.com" "S:2:zk2.example.com" "S:3:zk3.example.com" "O:4:zk-observer.example.com" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
- services.exim.enable
Whether to enable the Exim mail transfer agent.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/exim.nix>
- services.exim.package
The Exim derivation to use. This can be used to enable features such as LDAP or PAM support.
Type: package
Default: pkgs.exim
Declared by:
<nixpkgs/nixos/modules/services/mail/exim.nix>
- services.exim.config
Verbatim Exim configuration. This should not contain exim_user, exim_group, exim_path, or spool_directory.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/exim.nix>
- services.exim.group
Group to use when no root privileges are required.
Type: string
Default: "exim"
Declared by:
<nixpkgs/nixos/modules/services/mail/exim.nix>
- services.exim.queueRunnerInterval
How often to spawn a new queue runner.
Type: string
Default: "5m"
Declared by:
<nixpkgs/nixos/modules/services/mail/exim.nix>
- services.exim.spoolDir
Location of the spool directory of exim.
Type: path
Default: "/var/spool/exim"
Declared by:
<nixpkgs/nixos/modules/services/mail/exim.nix>
- services.exim.user
User to use when no root privileges are required. In particular, this applies when receiving messages and when doing remote deliveries. (Local deliveries run as various non-root users, typically as the owner of a local mailbox.) Specifying this value as root is not supported.
Type: string
Default: "exim"
Declared by:
<nixpkgs/nixos/modules/services/mail/exim.nix>
- services.factorio.enable
Whether to enable Factorio.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
- services.factorio.package
Factorio version to use. This defaults to the stable channel.
Type: package
Default: pkgs.factorio-headless
Example: pkgs.factorio-headless-experimental
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
- services.factorio.admins
List of player names which will be admin.
Type: list of strings
Default: [ ]
Example: [ "username" ]
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
- services.factorio.autosave-interval
Autosave interval in minutes.
Type: null or signed integer
Default: null
Example: 10
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
- services.factorio.configFile
The server's configuration file.
The default file generated by this module contains lines essential to the server's operation. Use its contents as a basis for any customizations.
Type: path
Default: configFile
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
- services.factorio.description
Description of the game that will appear in the listing.
Type: null or string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
- services.factorio.extraSettings
Extra game configuration that will go into server-settings.json
Type: attribute set
Default: { }
Example: { admins = [ "username" ] ; }
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
- services.factorio.game-name
Name of the game as it will appear in the game listing.
Type: null or string
Default: "Factorio Game"
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
- services.factorio.game-password
Game password.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
- services.factorio.lan
Game will be broadcast on LAN.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
- services.factorio.mods
Mods the server should install and activate.
The derivations in this list must "build" the mod by simply copying the .zip, named correctly, into the output directory. Eventually, there will be a way to pull in the most up-to-date list of derivations via nixos-channel. Until then, this is for experts only.
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
- services.factorio.nonBlockingSaving
Highly experimental feature, enable only at your own risk of losing your saves. On UNIX systems, server will fork itself to create an autosave. Autosaving on connected Windows clients will be disabled regardless of autosave_only_on_server option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
- services.factorio.openFirewall
Whether to automatically open the specified UDP port in the firewall.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
- services.factorio.password
Your factorio.com login credentials. Required for games with visibility public.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
- services.factorio.port
The port to which the service should bind.
Type: signed integer
Default: 34197
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
- services.factorio.public
Game will be published on the official Factorio matching server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
- services.factorio.requireUserVerification
When set to true, the server will only allow clients that have a valid factorio.com account.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
- services.factorio.saveName
The name of the savegame that will be used by the server.
When not present in /var/lib/factorio/saves, a new map with default settings will be generated before starting the service.
Type: string
Default: "default"
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
- services.factorio.stateDirName
Name of the directory under /var/lib holding the server's data.
The configuration and map will be stored here.
Type: string
Default: "factorio"
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
- services.factorio.token
Authentication token. May be used instead of 'password' above.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
- services.factorio.username
Your factorio.com login credentials. Required for games with visibility public.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
- services.fail2ban.enable
Whether to enable the fail2ban service.
See the documentation of services.fail2ban.jails for what jails are enabled by default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
- services.fail2ban.package
The fail2ban package to use for running the fail2ban service.
Type: package
Default: pkgs.fail2ban
Example: pkgs.fail2ban_0_11
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
- services.fail2ban.packageFirewall
The firewall package used by fail2ban service.
Type: package
Default: pkgs.iptables
Example: pkgs.nftables
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
- services.fail2ban.banaction
Default banning action (e.g. iptables, iptables-new, iptables-multiport, shorewall, etc) It is used to define action_* variables. Can be overridden globally or per section within jail.local file
Type: string
Default: "iptables-multiport"
Example: "nftables-multiport"
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
- services.fail2ban.banaction-allports
Default banning action (e.g. iptables, iptables-new, iptables-multiport, shorewall, etc) It is used to define action_* variables. Can be overridden globally or per section within jail.local file
Type: string
Default: "iptables-allport"
Example: "nftables-allport"
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
- services.fail2ban.bantime-increment.enable
Allows to use database for searching of previously banned ip's to increase a default ban time using special formula, default it is banTime * 1, 2, 4, 8, 16, 32...
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
services.fail2ban.bantime-increment.factor
"bantime-increment.factor" is a coefficient to calculate exponent growing of the formula or common multiplier, default value of factor is 1 and with default value of formula, the ban time grows by 1, 2, 4, 8, 16 ...
Type: string
Default: "1"
Example: "4"
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
services.fail2ban.bantime-increment.formula
"bantime-increment.formula" used by default to calculate next value of ban time, default value bellow, the same ban time growing will be reached by multipliers 1, 2, 4, 8, 16, 32...
Type: string
Default: "ban.Time * (1<<(ban.Count if ban.Count<20 else 20)) * banFactor"
Example: "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
services.fail2ban.bantime-increment.maxtime
"bantime-increment.maxtime" is the max number of seconds using the ban time can reach (don't grows further)
Type: string
Default: "10h"
Example: "48h"
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
services.fail2ban.bantime-increment.multipliers
"bantime-increment.multipliers" used to calculate next value of ban time instead of formula, coresponding previously ban count and given "bantime.factor" (for multipliers default is 1); following example grows ban time by 1, 2, 4, 8, 16 ... and if last ban count greater as multipliers count, always used last multiplier (64 in example), for factor '1' and original ban time 600 - 10.6 hours
Type: string
Default: "1 2 4 8 16 32 64"
Example: "2 4 16 128"
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
services.fail2ban.bantime-increment.overalljails
"bantime-increment.overalljails" (if true) specifies the search of IP in the database will be executed cross over all jails, if false (dafault), only current jail of the ban IP will be searched
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
services.fail2ban.bantime-increment.rndtime
"bantime-increment.rndtime" is the max number of seconds using for mixing with random time to prevent "clever" botnets calculate exact time IP can be unbanned again
Type: string
Default: "4m"
Example: "8m"
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
- services.fail2ban.daemonConfig
The contents of Fail2ban's main configuration file. It's generally not necessary to change it.
Type: strings concatenated with "\n"
Default:
'' [Definition] logtarget = SYSLOG socket = /run/fail2ban/fail2ban.sock pidfile = /run/fail2ban/fail2ban.pid dbfile = /var/lib/fail2ban/fail2ban.sqlite3 ''
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
- services.fail2ban.extraPackages
Extra packages to be made available to the fail2ban service. The example contains the packages needed by the `iptables-ipset-proto6` action.
Type: list of packages
Default: [ ]
Example: [ pkgs.ipset ]
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
services.fail2ban.ignoreIP
"ignoreIP" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban will not ban a host which matches an address in this list. Several addresses can be defined using space (and/or comma) separator.
Type: list of strings
Default: [ ]
Example: [ "192.168.0.0/16" "2001:DB8::42" ]
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
- services.fail2ban.jails
The configuration of each Fail2ban “jail”. A jail consists of an action (such as blocking a port using iptables) that is triggered when a filter applied to a log file triggers more than a certain number of times in a certain time period. Actions are defined in /etc/fail2ban/action.d, while filters are defined in /etc/fail2ban/filter.d.
NixOS comes with a default sshd jail; for it to work well, services.openssh.logLevel should be set to "VERBOSE" or higher so that fail2ban can observe failed login attempts. This module sets it to "VERBOSE" if not set otherwise, so enabling fail2ban can make SSH logs more verbose.
Type: attribute set of strings concatenated with "\n"s
Default: { }
Example:
{ apache-nohome-iptables = '' # Block an IP address if it accesses a non-existent # home directory more than 5 times in 10 minutes, # since that indicates that it's scanning. filter = apache-nohome action = iptables-multiport[name=HTTP, port="http,https"] logpath = /var/log/httpd/error_log* findtime = 600 bantime = 600 maxretry = 5 ''; }Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
- services.fail2ban.maxretry
Number of failures before a host gets banned.
Type: unsigned integer, meaning >=0
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
- services.fakeroute.enable
Whether to enable the fakeroute service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/fakeroute.nix>
- services.fakeroute.route
Fake route that will appear after the real one to any host running a traceroute.
Type: list of strings
Default: [ ]
Example: [ "216.102.187.130" "4.0.1.122" "198.116.142.34" "63.199.8.242" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/fakeroute.nix>
- services.fcgiwrap.enable
Whether to enable fcgiwrap, a server for running CGI applications over FastCGI.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix>
- services.fcgiwrap.group
Group permissions for the socket.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix>
- services.fcgiwrap.preforkProcesses
Number of processes to prefork.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix>
- services.fcgiwrap.socketAddress
Socket address. In case of a UNIX socket, this should be its filesystem path.
Type: string
Default: "/run/fcgiwrap.sock"
Example: "1.2.3.4:5678"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix>
- services.fcgiwrap.socketType
Socket type: 'unix', 'tcp' or 'tcp6'.
Type: one of "unix", "tcp", "tcp6"
Default: "unix"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix>
- services.fcgiwrap.user
User permissions for the socket.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix>
- services.fcron.enable
Whether to enable the fcron daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
- services.fcron.allow
Users allowed to use fcrontab and fcrondyn (one name per line, all for everyone).
Type: list of strings
Default: [ "all" ]
Declared by:
<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
- services.fcron.deny
Users forbidden from using fcron.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
- services.fcron.maxSerialJobs
Maximum number of serial jobs which can run simultaneously.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
- services.fcron.queuelen
Number of jobs the serial queue and the lavg queue can contain.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
- services.fcron.systab
The "system" crontab contents.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
- services.felix.enable
Whether to enable the Apache Felix OSGi service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/felix.nix>
- services.felix.bundles
List of bundles that should be activated on startup
Type: list of packages
Default: [ pkgs.felix_remoteshell ]
Declared by:
<nixpkgs/nixos/modules/services/misc/felix.nix>
- services.felix.group
Group account under which Apache Felix runs.
Type: string
Default: "osgi"
Declared by:
<nixpkgs/nixos/modules/services/misc/felix.nix>
- services.felix.user
User account under which Apache Felix runs.
Type: string
Default: "osgi"
Declared by:
<nixpkgs/nixos/modules/services/misc/felix.nix>
- services.ferm.enable
Whether to enable Ferm Firewall. *Warning*: Enabling this service WILL disable the existing NixOS firewall! Default firewall rules provided by packages are not considered at the moment.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ferm.nix>
- services.ferm.package
The ferm package.
Type: package
Default: pkgs.ferm
Declared by:
<nixpkgs/nixos/modules/services/networking/ferm.nix>
- services.ferm.config
Verbatim ferm.conf configuration.
Type: strings concatenated with "\n"
Default: empty firewall, allows any traffic
Declared by:
<nixpkgs/nixos/modules/services/networking/ferm.nix>
- services.filebeat.enable
Whether to enable filebeat.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/logging/filebeat.nix>
- services.filebeat.package
The filebeat package to use.
Type: package
Default: pkgs.filebeat
Example: pkgs.filebeat7
Declared by:
<nixpkgs/nixos/modules/services/logging/filebeat.nix>
- services.filebeat.inputs
Inputs specify how Filebeat locates and processes input data.
This is like services.filebeat.settings.filebeat.inputs, but structured as an attribute set. This has the benefit that multiple NixOS modules can contribute settings to a single filebeat input.
An input type can be specified multiple times by choosing a different <name> for each, but setting services.filebeat.inputs.<name>.type to the same value.
See https://www.elastic.co/guide/en/beats/filebeat/current/configuration-filebeat-options.html.
Type: attribute set of JSON values
Default: { }
Example:
{ journald.id = "everything"; # Only for filebeat7 log = { enabled = true; paths = [ "/var/log/*.log" ]; }; };Declared by:
<nixpkgs/nixos/modules/services/logging/filebeat.nix>
- services.filebeat.inputs.<name>.type
The input type.
Look for the value after type: on the individual input pages linked from https://www.elastic.co/guide/en/beats/filebeat/current/configuration-filebeat-options.html.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/logging/filebeat.nix>
- services.filebeat.modules
Filebeat modules provide a quick way to get started processing common log formats. They contain default configurations, Elasticsearch ingest pipeline definitions, and Kibana dashboards to help you implement and deploy a log monitoring solution.
This is like services.filebeat.settings.filebeat.modules, but structured as an attribute set. This has the benefit that multiple NixOS modules can contribute settings to a single filebeat module.
A module can be specified multiple times by choosing a different <name> for each, but setting services.filebeat.modules.<name>.module to the same value.
See https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-modules.html.
Type: attribute set of JSON values
Default: { }
Example:
{ nginx = { access = { enabled = true; var.paths = [ "/path/to/log/nginx/access.log*" ]; }; error = { enabled = true; var.paths = [ "/path/to/log/nginx/error.log*" ]; }; }; };Declared by:
<nixpkgs/nixos/modules/services/logging/filebeat.nix>
- services.filebeat.modules.<name>.module
The name of the module.
Look for the value after module: on the individual input pages linked from https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-modules.html.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/logging/filebeat.nix>
- services.filebeat.settings
Configuration for filebeat. See https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-reference-yml.html for supported values.
Options containing secret data should be set to an attribute set containing the attribute _secret - a string pointing to a file containing the value the option should be set to. See the example to get a better picture of this: in the resulting filebeat.yml file, the output.elasticsearch.password key will be set to the contents of the /var/keys/elasticsearch_password file.
Type: JSON value
Default: { }
Example:
{ settings = { output.elasticsearch = { hosts = [ "myEShost:9200" ]; username = "filebeat_internal"; password = { _secret = "/var/keys/elasticsearch_password"; }; }; logging.level = "info"; }; };Declared by:
<nixpkgs/nixos/modules/services/logging/filebeat.nix>
- services.filebeat.settings.output.elasticsearch.hosts
The list of Elasticsearch nodes to connect to.
The events are distributed to these nodes in round robin order. If one node becomes unreachable, the event is automatically sent to another node. Each Elasticsearch node can be defined as a URL or IP:PORT. For example: http://192.15.3.2, https://es.found.io:9230 or 192.24.3.2:9300. If no port is specified, 9200 is used.
Type: list of strings
Default: [ "127.0.0.1:9200" ]
Example: [ "myEShost:9200" ]
Declared by:
<nixpkgs/nixos/modules/services/logging/filebeat.nix>
- services.firebird.enable
Whether to enable the Firebird super server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/firebird.nix>
- services.firebird.package
Which Firebird package to be installed: pkgs.firebird_3 For SuperServer use override: pkgs.firebird_3.override { superServer = true; };
Type: package
Default: pkgs.firebird
Example: pkgs.firebird_3
Declared by:
<nixpkgs/nixos/modules/services/databases/firebird.nix>
- services.firebird.baseDir
Location containing data/ and system/ directories. data/ stores the databases, system/ stores the password database security2.fdb.
Type: string
Default: "/var/lib/firebird"
Declared by:
<nixpkgs/nixos/modules/services/databases/firebird.nix>
- services.firebird.port
Port Firebird uses.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3050
Declared by:
<nixpkgs/nixos/modules/services/databases/firebird.nix>
- services.firebird.user
User account under which firebird runs.
Type: string
Default: "firebird"
Declared by:
<nixpkgs/nixos/modules/services/databases/firebird.nix>
- services.firefox.syncserver.enable
Whether to enable a Firefox Sync Server, this give the opportunity to Firefox users to store all synchronized data on their own server. To use this server, Firefox users should visit the about:config, and replicate the following change
services.sync.tokenServerURI: http://localhost:5000/token/1.0/sync/1.5
where http://localhost:5000/ corresponds to the public url of the server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox/sync-server.nix>
- services.firefox.syncserver.allowNewUsers
Whether to allow new-user signups on the server. Only request by existing accounts will be honored.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox/sync-server.nix>
- services.firefox.syncserver.listen.address
Address on which the sync server listen to.
Type: string
Default: "127.0.0.1"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox/sync-server.nix>
- services.firefox.syncserver.listen.port
Port on which the sync server listen to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5000
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox/sync-server.nix>
- services.firefox.syncserver.privateConfig
The private config file is used to extend the generated config with confidential information, such as the syncserver.sqlUri setting if it contains a password, and the syncserver.secret setting is used by the server to generate cryptographically-signed authentication tokens.
If this file does not exist, then it is created with a generated syncserver.secret settings.
Type: string
Default: "/etc/firefox/syncserver-secret.ini"
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox/sync-server.nix>
- services.firefox.syncserver.publicUrl
Public URL with which firefox users can use to access the sync server.
Type: string
Default: "http://localhost:5000/"
Example: "http://sync.example.com/"
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox/sync-server.nix>
- services.firefox.syncserver.sqlUri
The location of the database. This URL is composed of dialect[+driver]://user:password@host/dbname[?key=value..], where dialect is a database name such as mysql, oracle, postgresql, etc., and driver the name of a DBAPI, such as psycopg2, pyodbc, cx_oracle, etc. The SQLAlchemy documentation provides more examples and describe the syntax of the expected URL.
Type: string
Default: "sqlite:////var/db/firefox-sync-server/firefox-sync-server.db"
Example: "postgresql://scott:tiger@localhost/test"
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox/sync-server.nix>
- services.fireqos.enable
If enabled, FireQOS will be launched with the specified configuration given in `config`.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/fireqos.nix>
- services.fireqos.config
The FireQOS configuration goes here.
Type: string
Default: ""
Example:
'' interface wlp3s0 world-in input rate 10mbit ethernet class web commit 50kbit match tcp ports 80,443 interface wlp3s0 world-out input rate 10mbit ethernet class web commit 50kbit match tcp ports 80,443 ''Declared by:
<nixpkgs/nixos/modules/services/networking/fireqos.nix>
- services.flannel.enable
Whether to enable flannel.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
- services.flannel.package
Package to use for flannel
Type: package
Default: pkgs.flannel
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
- services.flannel.backend
Type of backend to use and specific configurations for that backend.
Type: attribute set
Default: { Type = "vxlan"; }
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
- services.flannel.etcd.caFile
Etcd certificate authority file
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
- services.flannel.etcd.certFile
Etcd cert file
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
- services.flannel.etcd.endpoints
Etcd endpoints
Type: list of strings
Default: [ "http://127.0.0.1:2379" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
- services.flannel.etcd.keyFile
Etcd key file
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
- services.flannel.etcd.prefix
Etcd key prefix
Type: string
Default: "/coreos.com/network"
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
- services.flannel.iface
Interface to use (IP or name) for inter-host communication. Defaults to the interface for the default route on the machine.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
- services.flannel.kubeconfig
Path to kubeconfig to use for storing flannel config using the Kubernetes API
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
- services.flannel.network
IPv4 network in CIDR format to use for the entire flannel network.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
- services.flannel.nodeName
Needed when running with Kubernetes as backend as this cannot be auto-detected";
Type: null or string
Default: "nixos"
Example: "node1.example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
- services.flannel.publicIp
IP accessible by other nodes for inter-host communication. Defaults to the IP of the interface being used for communication.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
- services.flannel.storageBackend
Determines where flannel stores its configuration at runtime
Type: one of "etcd", "kubernetes"
Default: "etcd"
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
- services.flannel.subnetLen
The size of the subnet allocated to each host. Defaults to 24 (i.e. /24) unless the Network was configured to be smaller than a /24 in which case it is one less than the network.
Type: signed integer
Default: 24
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
- services.flannel.subnetMax
The end of IP range which the subnet allocation should start with. Defaults to the last subnet of Network.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
- services.flannel.subnetMin
The beginning of IP range which the subnet allocation should start with. Defaults to the first subnet of Network.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
- services.flatpak.enable
Whether to enable flatpak.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/flatpak.nix>
- services.flexget.enable
Whether to enable Run FlexGet Daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/torrent/flexget.nix>
- services.flexget.config
The YAML configuration for FlexGet.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/torrent/flexget.nix>
- services.flexget.homeDir
Where files live.
Type: path
Default: "/var/lib/deluge"
Example: "/home/flexget"
Declared by:
<nixpkgs/nixos/modules/services/torrent/flexget.nix>
- services.flexget.interval
When to perform a flexget run. See man 7 systemd.time for the format.
Type: string
Default: "10m"
Example: "1h"
Declared by:
<nixpkgs/nixos/modules/services/torrent/flexget.nix>
- services.flexget.systemScheduler
When true, execute the runs via the flexget-runner.timer. If false, you have to specify the settings yourself in the YML file.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/torrent/flexget.nix>
- services.flexget.user
The user under which to run flexget.
Type: string
Default: "deluge"
Example: "some_user"
Declared by:
<nixpkgs/nixos/modules/services/torrent/flexget.nix>
- services.fluentd.enable
Whether to enable fluentd.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/logging/fluentd.nix>
- services.fluentd.package
The fluentd package to use.
Type: path
Default: pkgs.fluentd
Declared by:
<nixpkgs/nixos/modules/services/logging/fluentd.nix>
- services.fluentd.config
Fluentd config.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/logging/fluentd.nix>
- services.fluentd.plugins
A list of plugin paths to pass into fluentd. It will make plugins defined in ruby files there available in your config.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/logging/fluentd.nix>
- services.fluidd.enable
Whether to enable Fluidd, a Klipper web interface for managing your 3d printer.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.package
Fluidd package to be used in the module
Type: package
Default: pkgs.fluidd
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.hostName
Hostname to serve fluidd on
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx
Extra configuration for the nginx virtual host of fluidd.
Type: submodule
Default: { }
Example:
{ serverAliases = [ "fluidd.${config.networking.domain}" ]; }Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.enableACME
Whether to ask Let's Encrypt to sign a certificate for this vhost. Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.acmeFallbackHost
Host which to proxy requests to if acme challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.acmeRoot
Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
Type: string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.addSSL
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of strings
Default: { }
Example:
{ user = "password"; };Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.basicAuthFile
Basic Auth password file for a vhost. Can be created via: htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.default
Makes this vhost the default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.extraConfig
These lines go to the end of the vhost verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.forceSSL
Whether to add a separate nginx server block that permanently redirects (301) all plain HTTP traffic to HTTPS. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.globalRedirect
If set, all requests for this host are redirected permanently to the given hostname.
Type: null or string
Default: null
Example: "newserver.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.http2
Whether to enable HTTP 2. Note that (as of writing) due to nginx's implementation, to disable HTTP 2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2,then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.http3
Whether to enable HTTP 3. This requires using pkgs.nginxQuic package which can be achieved by setting services.nginx.package = pkgs.nginxQuic;. Note that HTTP 3 support is experimental and *not* yet recommended for production. Read more at https://quic.nginx.org/
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.listen
Listen addresses and ports for this virtual host. IPv6 addresses must be enclosed in square brackets. Note: this option overrides addSSL and onlySSL.
If you only want to set the addresses manually and not the ports, take a look at listenAddresses
Type: list of submodules
Default: [ ]
Example: [ { addr = "195.154.1.1"; port = 443; ssl = true; } { addr = "192.154.1.1"; port = 80; } ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.listen.*.addr
IP address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.listen.*.extraParameters
Extra parameters of this listen directive.
Type: list of strings
Default: [ ]
Example: [ "reuseport" "deferred" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.listen.*.port
Port number.
Type: signed integer
Default: 80
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.listen.*.ssl
Enable SSL.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.listenAddresses
Listen addresses for this virtual host. Compared to listen this only sets the addreses and the ports are choosen automatically.
Note: This option overrides enableIPv6
Type: list of strings
Default: [ ]
Example: [ "127.0.0.1" "::1" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.locations
Declarative location config
Type: attribute set of submodules
Default: { }
Example:
{ "/" = { proxyPass = "http://localhost:3000"; }; };Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.locations.<name>.alias
Alias directory for requests.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.locations.<name>.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of strings
Default: { }
Example:
{ user = "password"; };Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.locations.<name>.basicAuthFile
Basic Auth password file for a vhost. Can be created via: htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.locations.<name>.extraConfig
These lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.locations.<name>.fastcgiParams
FastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won't unset the default values for other parameters.
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.locations.<name>.index
Adds index directive.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.locations.<name>.priority
Order of this location block in relation to the others in the vhost. The semantics are the same as with `lib.mkOrder`. Smaller values have a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.locations.<name>.proxyPass
Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.locations.<name>.proxyWebsockets
Whether to support proxying websocket connections with HTTP/1.1.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.locations.<name>.return
Adds a return directive, for e.g. redirections.
Type: null or string
Default: null
Example: "301 http://example.com$request_uri"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.locations.<name>.root
Root directory for requests.
Type: null or path
Default: null
Example: "/your/root/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.locations.<name>.tryFiles
Adds try_files directive.
Type: null or string
Default: null
Example: "$uri =404"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.onlySSL
Whether to enable HTTPS and reject plain HTTP connections. This will set defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.rejectSSL
Whether to listen for and reject all HTTPS connections to this vhost. Useful in default server blocks to avoid serving the certificate for another vhost. Uses the ssl_reject_handshake directive available in nginx versions 1.19.4 and above.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.root
The path of the web root directory.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of strings
Default: [ ]
Example: [ "www.example.org" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.serverName
Name of this virtual host. Defaults to attribute name in virtualHosts.
Type: null or string
Default: null
Example: "example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.sslCertificate
Path to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.sslCertificateKey
Path to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.sslTrustedCertificate
Path to root SSL certificate for stapling and client certificates.
Type: null or path
Default: null
Example: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.fluidd.nginx.useACMEHost
A host of an existing Let's Encrypt certificate to use. This is useful if you have many subdomains and want to avoid hitting the rate limit. Alternately, you can generate a certificate through enableACME. Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
- services.foldingathome.enable
Whether to enable Enable the Folding@home client.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/computing/foldingathome/client.nix>
- services.foldingathome.package
Which Folding@home client to use.
Type: package
Default: pkgs.fahclient
Declared by:
<nixpkgs/nixos/modules/services/computing/foldingathome/client.nix>
- services.foldingathome.daemonNiceLevel
Daemon process priority for FAHClient. 0 is the default Unix process priority, 19 is the lowest.
Type: integer between -20 and 19 (both inclusive)
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/computing/foldingathome/client.nix>
- services.foldingathome.extraArgs
Extra startup options for the FAHClient. Run FAHClient --help to find all the available options.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/computing/foldingathome/client.nix>
- services.foldingathome.team
The team ID associated with the reported computation results. This will be used in the ranking statistics.
By default, use the NixOS folding@home team ID is being used.
Type: signed integer
Default: 236565
Declared by:
<nixpkgs/nixos/modules/services/computing/foldingathome/client.nix>
- services.foldingathome.user
The user associated with the reported computation results. This will be used in the ranking statistics.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/computing/foldingathome/client.nix>
- services.foundationdb.enable
Whether to enable FoundationDB Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.package
The FoundationDB package to use for this server. This must be specified by the user in order to ensure migrations and upgrades are controlled appropriately.
Type: package
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.backupProcesses
Number of backup_agent processes to run for snapshots.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.class
Process class
Type: null or one of "storage", "transaction", "stateless"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.dataDir
Data directory. All cluster data will be put under here.
Type: path
Default: "/var/lib/foundationdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.extraReadWritePaths
An extra set of filesystem paths that FoundationDB can read to and write from. By default, FoundationDB runs under a heavily namespaced systemd environment without write access to most of the filesystem outside of its data and log directories. By adding paths to this list, the set of writeable paths will be expanded. This is useful for allowing e.g. backups to local files, which must be performed on behalf of the foundationdb service.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.group
Group account under which FoundationDB runs.
Type: string
Default: "foundationdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.listenAddress
Publicly visible IP address of the process. Port is determined by process ID
Type: string
Default: "public"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.listenPortStart
Starting port number for database listening sockets. Every FDB process binds to a subsequent port, to this number reflects the start of the overall range. e.g. having 8 server processes will use all ports between 4500 and 4507.
Type: signed integer
Default: 4500
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.locality
FoundationDB locality settings.
Type: submodule
Default: { dataHall = null; datacenterId = null; machineId = null; zoneId = null; }
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.locality.dataHall
Data hall identifier key. All processes physically located in a data hall should share the id. If you are depending on data hall based replication this must be set on all processes.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.locality.datacenterId
Data center identifier key. All processes physically located in a data center should share the id. If you are depending on data center based replication this must be set on all processes.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.locality.machineId
Machine identifier key. All processes on a machine should share a unique id. By default, processes on a machine determine a unique id to share. This does not generally need to be set.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.locality.zoneId
Zone identifier key. Processes that share a zone id are considered non-unique for the purposes of data replication. If unset, defaults to machine id.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.logDir
Log directory.
Type: path
Default: "/var/log/foundationdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.logSize
Roll over to a new log file after the current log file reaches the specified size.
Type: string
Default: "10MiB"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.maxLogSize
Delete the oldest log file when the total size of all log files exceeds the specified size. If set to 0, old log files will not be deleted.
Type: string
Default: "100MiB"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.memory
Maximum memory used by the process. The default value is 8GiB. When specified without a unit, MiB is assumed. This parameter does not change the memory allocation of the program. Rather, it sets a hard limit beyond which the process will kill itself and be restarted. The default value of 8GiB is double the intended memory usage in the default configuration (providing an emergency buffer to deal with memory leaks or similar problems). It is not recommended to decrease the value of this parameter below its default value. It may be increased if you wish to allocate a very large amount of storage engine memory or cache. In particular, when the storageMemory parameter is increased, the memory parameter should be increased by an equal amount.
Type: string
Default: "8GiB"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.openFirewall
Open the firewall ports corresponding to FoundationDB processes and coordinators using config.networking.firewall.*.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.pidfile
Path to pidfile for fdbmonitor.
Type: path
Default: "/run/foundationdb.pid"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.publicAddress
Publicly visible IP address of the process. Port is determined by process ID
Type: string
Default: "auto"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.restartDelay
Number of seconds to wait before restarting servers.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.serverProcesses
Number of fdbserver processes to run.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.storageMemory
Maximum memory used for data storage. The default value is 1GiB. When specified without a unit, MB is assumed. Clusters using the memory storage engine will be restricted to using this amount of memory per process for purposes of data storage. Memory overhead associated with storing the data is counted against this total. If you increase the storageMemory, you should also increase the memory parameter by the same amount.
Type: string
Default: "1GiB"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.tls
FoundationDB Transport Security Layer (TLS) settings.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
services.foundationdb.tls.allowedPeers
"Peer verification string". This may be used to adjust which TLS client certificates a server will accept, as a form of user authorization; for example, it may only accept TLS clients who offer a certificate abiding by some locality or organization name.
For more information, please see the FoundationDB documentation.
Type: string
Default: "Check.Valid=1,Check.Unexpired=1"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.tls.certificate
Path to the TLS certificate file. This certificate will be offered to, and may be verified by, clients.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.tls.key
Private key file for the certificate.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.traceFormat
Trace logging format.
Type: one of "xml", "json"
Default: "xml"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.foundationdb.user
User account under which FoundationDB runs.
Type: string
Default: "foundationdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
- services.fprintd.enable
Whether to enable fprintd daemon and PAM module for fingerprint readers handling.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/fprintd.nix>
- services.fprintd.package
fprintd package to use.
Type: package
Default: if config.services.fprintd.tod.enable then pkgs.fprintd-tod else pkgs.fprintd
Declared by:
<nixpkgs/nixos/modules/services/security/fprintd.nix>
- services.fprintd.tod.enable
Whether to enable Touch OEM Drivers library support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/fprintd.nix>
- services.fprintd.tod.driver
Touch OEM Drivers (TOD) package to use.
Type: package
Example: pkgs.libfprint-2-tod1-goodix
Declared by:
<nixpkgs/nixos/modules/services/security/fprintd.nix>
- services.fprot.updater.enable
Whether to enable automatic F-Prot virus definitions database updates.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/fprot.nix>
- services.fprot.updater.frequency
Update virus definitions every X minutes.
Type: signed integer
Default: 30
Declared by:
<nixpkgs/nixos/modules/services/security/fprot.nix>
- services.fprot.updater.licenseKeyfile
License keyfile. Defaults to the one supplied with installation package.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/security/fprot.nix>
- services.fprot.updater.productData
product.data file. Defaults to the one supplied with installation package.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/security/fprot.nix>
- services.fractalart.enable
Enable FractalArt for generating colorful wallpapers on login
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/fractalart.nix>
- services.fractalart.height
Screen height
Type: null or signed integer
Default: null
Example: 1080
Declared by:
<nixpkgs/nixos/modules/services/x11/fractalart.nix>
- services.fractalart.width
Screen width
Type: null or signed integer
Default: null
Example: 1920
Declared by:
<nixpkgs/nixos/modules/services/x11/fractalart.nix>
- services.freeciv.enable
Whether to enable freeciv.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
- services.freeciv.openFirewall
Whether to enable opening the firewall for the port listening for clients.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
- services.freeciv.settings
Parameters of freeciv-server.
Type: freeciv-server params
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
- services.freeciv.settings.Announce
Announce game in LAN using given protocol.
Type: one of "IPv4", "IPv6", "none"
Default: "none"
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
- services.freeciv.settings.Database
Enable database connection with given configuration.
Type: null or string
Default:
'' [fcdb] backend="sqlite" database="/var/lib/freeciv/auth.sqlite" ''
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
- services.freeciv.settings.Guests
Whether to enable guests to login if auth is enabled.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
- services.freeciv.settings.Newusers
Whether to enable new users to login if auth is enabled.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
- services.freeciv.settings.auth
Whether to enable server authentication.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
- services.freeciv.settings.debug
Set debug log level.
Type: integer between 0 and 3 (both inclusive)
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
- services.freeciv.settings.exit-on-end
Whether to enable exit instead of restarting when a game ends..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
- services.freeciv.settings.port
Listen for clients on given port
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5556
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
- services.freeciv.settings.quitidle
Quit if no players for given time in seconds.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
- services.freeciv.settings.read
Startup script.
Type: strings concatenated with "\n"
Default:
'' /fcdb lua sqlite_createdb() ''
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
- services.freeciv.settings.saves
Save games to given directory, a sub-directory named after the starting date of the service will me inserted to preserve older saves.
Type: null or string
Default: "/var/lib/freeciv/saves/"
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
- services.freefall.enable
Whether to protect HP/Dell laptop hard drives (not SSDs) in free fall.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/freefall.nix>
- services.freefall.package
freefall derivation to use.
Type: package
Default: pkgs.freefall
Declared by:
<nixpkgs/nixos/modules/services/hardware/freefall.nix>
- services.freefall.devices
Device paths to all internal spinning hard drives.
Type: list of strings
Default: [ "/dev/sda" ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/freefall.nix>
- services.freenet.enable
Enable the Freenet daemon
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/freenet.nix>
- services.freenet.nice
Set the nice level for the Freenet daemon
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/networking/freenet.nix>
- services.freeradius.enable
Whether to enable the freeradius server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/freeradius.nix>
- services.freeradius.configDir
The path of the freeradius server configuration directory.
Type: path
Default: "/etc/raddb"
Declared by:
<nixpkgs/nixos/modules/services/networking/freeradius.nix>
- services.freeradius.debug
Whether to enable debug logging for freeradius (-xx option). This should not be left on, since it includes sensitive data such as passwords in the logs.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/freeradius.nix>
- services.freeswitch.enable
Whether to enable FreeSWITCH.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/freeswitch.nix>
- services.freeswitch.enableReload
Issue the reloadxml command to FreeSWITCH when configuration directory changes (instead of restart). See FreeSWITCH documentation for more info. The configuration directory is exposed at /etc/freeswitch. See also systemd.services.*.restartIfChanged.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/freeswitch.nix>
- services.freeswitch.package
FreeSWITCH package.
Type: package
Default: pkgs.freeswitch
Declared by:
<nixpkgs/nixos/modules/services/misc/freeswitch.nix>
- services.freeswitch.configDir
Override file in FreeSWITCH config template directory. Each top-level attribute denotes a file path in the configuration directory, its value is the file path. See FreeSWITCH documentation for more info. Also check available templates in FreeSWITCH repository.
Type: attribute set of paths
Default: { }
Example:
{ "freeswitch.xml" = ./freeswitch.xml; "dialplan/default.xml" = pkgs.writeText "dialplan-default.xml" '' [xml lines] ''; }Declared by:
<nixpkgs/nixos/modules/services/misc/freeswitch.nix>
- services.freeswitch.configTemplate
Configuration template to use. See available templates in FreeSWITCH repository. You can also set your own configuration directory.
Type: path
Default: "${config.services.freeswitch.package}/share/freeswitch/conf/vanilla"
Example: "${config.services.freeswitch.package}/share/freeswitch/conf/minimal"
Declared by:
<nixpkgs/nixos/modules/services/misc/freeswitch.nix>
- services.fstrim.enable
Whether to enable periodic SSD TRIM of mounted partitions in background.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/fstrim.nix>
- services.fstrim.interval
How often we run fstrim. For most desktop and server systems a sufficient trimming frequency is once a week.
The format is described in systemd.time(7).
Type: string
Default: "weekly"
Declared by:
<nixpkgs/nixos/modules/services/misc/fstrim.nix>
- services.fusionInventory.enable
Whether to enable Fusion Inventory Agent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/fusion-inventory.nix>
- services.fusionInventory.extraConfig
Configuration that is injected verbatim into the configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/fusion-inventory.nix>
- services.fusionInventory.servers
The urls of the OCS/GLPI servers to connect to.
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/monitoring/fusion-inventory.nix>
- services.fwupd.enable
Whether to enable fwupd, a DBus service that allows applications to update firmware.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/fwupd.nix>
- services.fwupd.enableTestRemote
Whether to enable test remote. This is used by installed tests.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/fwupd.nix>
- services.fwupd.package
Which fwupd package to use.
Type: package
Default: pkgs.fwupd
Declared by:
<nixpkgs/nixos/modules/services/hardware/fwupd.nix>
- services.fwupd.disabledDevices
Allow disabling specific devices by their GUID
Type: list of strings
Default: [ ]
Example: [ "2082b5e0-7a64-478a-b1b2-e3404fab6dad" ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/fwupd.nix>
- services.fwupd.disabledPlugins
Allow disabling specific plugins
Type: list of strings
Default: [ ]
Example: [ "udev" ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/fwupd.nix>
- services.fwupd.extraTrustedKeys
Installing a public key allows firmware signed with a matching private key to be recognized as trusted, which may require less authentication to install than for untrusted files. By default trusted firmware can be upgraded (but not downgraded) without the user or administrator password. Only very few keys are installed by default.
Type: list of paths
Default: [ ]
Example: [ /etc/nixos/fwupd/myfirmware.pem ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/fwupd.nix>
- services.galene.enable
Whether to enable Galene Service..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
- services.galene.package
Package for running Galene.
Type: package
Default: pkgs.galene
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
- services.galene.certFile
Path to the server's certificate. The file is copied at runtime to Galene's data directory where it needs to reside.
Type: null or string
Default: null
Example: "/path/to/your/cert.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
- services.galene.dataDir
Data directory.
Type: string
Default: "/var/lib/galene/data"
Example: "/var/lib/galene/data"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
- services.galene.group
Group under which galene runs.
Type: string
Default: "galene"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
- services.galene.groupsDir
Web server directory.
Type: string
Default: "/var/lib/galene/groups"
Example: "/var/lib/galene/groups"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
- services.galene.httpAddress
HTTP listen address for galene.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
- services.galene.httpPort
HTTP listen port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8443
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
- services.galene.insecure
Whether Galene should listen in http or in https. If left as the default value (false), Galene needs to be fed a private key and a certificate.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
- services.galene.keyFile
Path to the server's private key. The file is copied at runtime to Galene's data directory where it needs to reside.
Type: null or string
Default: null
Example: "/path/to/your/key.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
- services.galene.recordingsDir
Recordings directory.
Type: string
Default: "/var/lib/galene/recordings"
Example: "/var/lib/galene/recordings"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
- services.galene.stateDir
The directory where Galene stores its internal state. If left as the default value this directory will automatically be created before the Galene server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: string
Default: "/var/lib/galene"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
- services.galene.staticDir
Web server directory.
Type: string
Default: "${package.static}/static"
Example: "/var/lib/galene/static"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
- services.galene.user
User account under which galene runs.
Type: string
Default: "galene"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
- services.gammu-smsd.enable
Whether to enable gammu-smsd daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
- services.gammu-smsd.backend.files.errorSMSPath
Where SMSes with error in transmission is placed
Type: path
Default: "/var/spool/sms/error/"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
- services.gammu-smsd.backend.files.inboxPath
Where the received SMSes are stored
Type: path
Default: "/var/spool/sms/inbox/"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
- services.gammu-smsd.backend.files.outboxPath
Where SMSes to be sent should be placed
Type: path
Default: "/var/spool/sms/outbox/"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
- services.gammu-smsd.backend.files.sentSMSPath
Where the transmitted SMSes are placed
Type: path
Default: "/var/spool/sms/sent/"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
- services.gammu-smsd.backend.service
Service to use to store sms data.
Type: one of "null", "files", "sql"
Default: "null"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
- services.gammu-smsd.backend.sql.database
Database name to store sms data
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
- services.gammu-smsd.backend.sql.driver
DB driver to use
Type: one of "native_mysql", "native_pgsql", "odbc", "dbi"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
- services.gammu-smsd.backend.sql.host
Database server address
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
- services.gammu-smsd.backend.sql.password
User password used for connetion to the database
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
- services.gammu-smsd.backend.sql.sqlDialect
SQL dialect to use (odbc driver only)
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
- services.gammu-smsd.backend.sql.user
User name used for connection to the database
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
- services.gammu-smsd.device.connection
Protocol which will be used to talk to the phone
Type: string
Default: "at"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
- services.gammu-smsd.device.group
Owner group of the device
Type: string
Default: "root"
Example: "dialout"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
- services.gammu-smsd.device.path
Device node or address of the phone
Type: path
Example: "/dev/ttyUSB2"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
- services.gammu-smsd.device.pin
PIN code for the simcard
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
- services.gammu-smsd.device.synchronizeTime
Whether to set time from computer to the phone during starting connection
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
- services.gammu-smsd.extraConfig.gammu
Extra config lines to be added into [gammu] section
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
- services.gammu-smsd.extraConfig.smsd
Extra config lines to be added into [smsd] section
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
- services.gammu-smsd.log.file
Path to file where information about communication will be stored
Type: string
Default: "syslog"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
- services.gammu-smsd.log.format
Determines what will be logged to the LogFile
Type: one of "nothing", "text", "textall", "textalldate", "errors", "errorsdate", "binary"
Default: "errors"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
- services.gammu-smsd.user
User that has access to the device
Type: string
Default: "smsd"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
- services.gateone.enable
Whether to enable GateOne server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/gateone.nix>
- services.gateone.pidDir
Path of pid files for GateOne.
Type: path
Default: "/run/gateone"
Declared by:
<nixpkgs/nixos/modules/services/networking/gateone.nix>
- services.gateone.settingsDir
Path of configuration files for GateOne.
Type: path
Default: "/var/lib/gateone"
Declared by:
<nixpkgs/nixos/modules/services/networking/gateone.nix>
- services.gdomap.enable
Whether to enable GNUstep Distributed Objects name server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/gdomap.nix>
- services.geoclue2.enable
Whether to enable GeoClue 2 daemon, a DBus service that provides location information for accessing.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
- services.geoclue2.enable3G
Whether to enable 3G source.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
- services.geoclue2.enableCDMA
Whether to enable CDMA source.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
- services.geoclue2.enableDemoAgent
Whether to use the GeoClue demo agent. This should be overridden by desktop environments that provide their own agent.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
- services.geoclue2.enableModemGPS
Whether to enable Modem-GPS source.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
- services.geoclue2.enableNmea
Whether to fetch location from NMEA sources on local network.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
- services.geoclue2.enableWifi
Whether to enable WiFi source.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
- services.geoclue2.appConfig
Specify extra settings per application.
Type: attribute set of submodules
Default: { }
Example:
"com.github.app" = { isAllowed = true; isSystem = true; users = [ "300" ]; };Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
- services.geoclue2.appConfig.<name>.desktopID
Desktop ID of the application.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
- services.geoclue2.appConfig.<name>.isAllowed
Whether the application will be allowed access to location information.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
- services.geoclue2.appConfig.<name>.isSystem
Whether the application is a system component or not.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
- services.geoclue2.appConfig.<name>.users
List of UIDs of all users for which this application is allowed location info access, Defaults to an empty string to allow it for all users.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
- services.geoclue2.geoProviderUrl
The url to the wifi GeoLocation Service.
Type: string
Default: "https://location.services.mozilla.com/v1/geolocate?key=geoclue"
Example: "https://www.googleapis.com/geolocation/v1/geolocate?key=YOUR_KEY"
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
- services.geoclue2.submissionNick
A nickname to submit network data with. Must be 2-32 characters long.
Type: string
Default: "geoclue"
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
- services.geoclue2.submissionUrl
The url to submit data to a GeoLocation Service.
Type: string
Default: "https://location.services.mozilla.com/v1/submit?key=geoclue"
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
- services.geoclue2.submitData
Whether to submit data to a GeoLocation Service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
- services.geoipupdate.enable
Whether to enable periodic downloading of GeoIP databases using geoipupdate. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/geoipupdate.nix>
- services.geoipupdate.interval
Update the GeoIP databases at this time / interval. The format is described in systemd.time(7).
Type: string
Default: "weekly"
Declared by:
<nixpkgs/nixos/modules/services/misc/geoipupdate.nix>
- services.geoipupdate.settings
geoipupdate configuration options. See https://github.com/maxmind/geoipupdate/blob/main/doc/GeoIP.conf.md for a full list of available options.
Type: attribute set of string or signed integer or boolean or list of string or signed integer or booleanss
Declared by:
<nixpkgs/nixos/modules/services/misc/geoipupdate.nix>
- services.geoipupdate.settings.AccountID
Your MaxMind account ID.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/misc/geoipupdate.nix>
- services.geoipupdate.settings.DatabaseDirectory
The directory to store the database files in. The directory will be automatically created, the owner changed to geoip and permissions set to world readable. This applies if the directory already exists as well, so don't use a directory with sensitive contents.
Type: path
Default: "/var/lib/GeoIP"
Example: "/run/GeoIP"
Declared by:
<nixpkgs/nixos/modules/services/misc/geoipupdate.nix>
- services.geoipupdate.settings.EditionIDs
List of database edition IDs. This includes new string IDs like GeoIP2-City and old numeric IDs like 106.
Type: list of string or signed integers
Example: [ "GeoLite2-ASN" "GeoLite2-City" "GeoLite2-Country" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/geoipupdate.nix>
- services.geoipupdate.settings.LicenseKey
A file containing the MaxMind license key.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/geoipupdate.nix>
- services.gerrit.enable
Whether to enable Gerrit service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gerrit.nix>
- services.gerrit.package
Gerrit package to use
Type: package
Default: pkgs.gerrit
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gerrit.nix>
- services.gerrit.builtinPlugins
List of builtins plugins to install. Those are shipped in the gerrit.war file.
Type: list of one of "codemirror-editor", "commit-message-length-validator", "delete-project", "download-commands", "gitiles", "hooks", "plugin-manager", "replication", "reviewnotes", "singleusergroup", "webhooks"s
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gerrit.nix>
- services.gerrit.jvmHeapLimit
How much memory to allocate to the JVM heap
Type: string
Default: "1024m"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gerrit.nix>
- services.gerrit.jvmOpts
A list of JVM options to start gerrit with.
Type: list of strings
Default: [ "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance" "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gerrit.nix>
- services.gerrit.jvmPackage
Java Runtime Environment package to use
Type: package
Default: pkgs.jre_headless
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gerrit.nix>
- services.gerrit.listenAddress
hostname:port to listen for HTTP traffic.
This is bound using the systemd socket activation.
Type: string
Default: "[::]:8080"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gerrit.nix>
- services.gerrit.plugins
List of plugins to add to Gerrit. Each derivation is a jar file itself where the name of the derivation is the name of plugin.
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gerrit.nix>
- services.gerrit.replicationSettings
Replication configuration. This will be generated to the etc/replication.config file.
Type: lazy attribute set of lazy attribute set of string or boolean or signed integer or list of string or boolean or signed integers or lazy attribute set of string or boolean or signed integer or list of string or boolean or signed integerssss
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gerrit.nix>
- services.gerrit.serverId
Set a UUID that uniquely identifies the server.
This can be generated with nix-shell -p util-linux --run uuidgen.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gerrit.nix>
- services.gerrit.settings
Gerrit configuration. This will be generated to the etc/gerrit.config file.
Type: lazy attribute set of lazy attribute set of string or boolean or signed integer or list of string or boolean or signed integers or lazy attribute set of string or boolean or signed integer or list of string or boolean or signed integerssss
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gerrit.nix>
- services.geth
Specification of one or more geth instances.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
- services.geth.<name>.enable
Whether to enable Go Ethereum Node.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
- services.geth.<name>.package
Package to use as Go Ethereum node.
Type: package
Default: pkgs.go-ethereum.geth
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
- services.geth.<name>.extraArgs
Additional arguments passed to Go Ethereum.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
- services.geth.<name>.gcmode
Blockchain garbage collection mode.
Type: one of "full", "archive"
Default: "full"
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
- services.geth.<name>.http.enable
Whether to enable Go Ethereum HTTP API.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
- services.geth.<name>.http.address
Listen address of Go Ethereum HTTP API.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
- services.geth.<name>.http.apis
APIs to enable over WebSocket
Type: null or list of strings
Default: null
Example: [ "net" "eth" ]
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
- services.geth.<name>.http.port
Port number of Go Ethereum HTTP API.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8545
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
- services.geth.<name>.maxpeers
Maximum peers to connect to.
Type: signed integer
Default: 50
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
- services.geth.<name>.metrics.enable
Whether to enable Go Ethereum prometheus metrics.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
- services.geth.<name>.metrics.address
Listen address of Go Ethereum metrics service.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
- services.geth.<name>.metrics.port
Port number of Go Ethereum metrics service.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 6060
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
- services.geth.<name>.network
The network to connect to. Mainnet (null) is the default ethereum network.
Type: null or one of "goerli", "rinkeby", "yolov2", "ropsten"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
- services.geth.<name>.port
Port number Go Ethereum will be listening on, both TCP and UDP.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 30303
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
- services.geth.<name>.syncmode
Blockchain sync mode.
Type: one of "snap", "fast", "full", "light"
Default: "snap"
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
- services.geth.<name>.websocket.enable
Whether to enable Go Ethereum WebSocket API.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
- services.geth.<name>.websocket.address
Listen address of Go Ethereum WebSocket API.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
- services.geth.<name>.websocket.apis
APIs to enable over WebSocket
Type: null or list of strings
Default: null
Example: [ "net" "eth" ]
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
- services.geth.<name>.websocket.port
Port number of Go Ethereum WebSocket API.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8546
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
- services.getty.autologinUser
Username of the account that will be automatically logged in at the console. If unspecified, a login prompt is shown as usual.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/ttys/getty.nix>
- services.getty.extraArgs
Additional arguments passed to agetty.
Type: list of strings
Default: [ ]
Example: [ "--nohostname" ]
Declared by:
<nixpkgs/nixos/modules/services/ttys/getty.nix>
- services.getty.greetingLine
Welcome line printed by agetty. The default shows current NixOS version label, machine type and tty.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/ttys/getty.nix>
- services.getty.helpLine
Help line printed by agetty below the welcome line. Used by the installation CD to give some hints on how to proceed.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/ttys/getty.nix>
- services.getty.loginOptions
Template for arguments to be passed to login(1).
See agetty(1) for details, including security considerations. If unspecified, agetty will not be invoked with a --login-options option.
Type: null or string
Default: null
Example: ''-h darkstar -- \u''
Declared by:
<nixpkgs/nixos/modules/services/ttys/getty.nix>
- services.getty.loginProgram
Path to the login binary executed by agetty.
Type: path
Default: "${pkgs.shadow}/bin/login"
Declared by:
<nixpkgs/nixos/modules/services/ttys/getty.nix>
- services.ghostunnel.enable
Whether to enable ghostunnel.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
- services.ghostunnel.package
The ghostunnel package to use.
Type: package
Default: pkgs.ghostunnel
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
- services.ghostunnel.servers
Server mode ghostunnels (TLS listener -> plain TCP/UNIX target)
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
- services.ghostunnel.servers.<name>.allowAll
If true, allow all clients, do not check client cert subject.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
- services.ghostunnel.servers.<name>.allowCN
Allow client if common name appears in the list.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
- services.ghostunnel.servers.<name>.allowDNS
Allow client if DNS subject alternative name appears in the list.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
- services.ghostunnel.servers.<name>.allowOU
Allow client if organizational unit name appears in the list.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
- services.ghostunnel.servers.<name>.allowURI
Allow client if URI subject alternative name appears in the list.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
- services.ghostunnel.servers.<name>.cacert
Path to CA bundle file (PEM/X509). Uses system trust store if null.
Type: null or string
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
- services.ghostunnel.servers.<name>.cert
Path to certificate (PEM with certificate chain).
Not required if keystore is set.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
- services.ghostunnel.servers.<name>.disableAuthentication
Disable client authentication, no client certificate will be required.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
- services.ghostunnel.servers.<name>.extraArguments
Extra arguments to pass to ghostunnel server
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
- services.ghostunnel.servers.<name>.key
Path to certificate private key (PEM with private key).
Not required if keystore is set.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
- services.ghostunnel.servers.<name>.keystore
Path to keystore (combined PEM with cert/key, or PKCS12 keystore).
NB: storepass is not supported because it would expose credentials via /proc/*/cmdline.
Specify this or cert and key.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
- services.ghostunnel.servers.<name>.listen
Address and port to listen on (can be HOST:PORT, unix:PATH).
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
- services.ghostunnel.servers.<name>.target
Address to forward connections to (can be HOST:PORT or unix:PATH).
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
- services.ghostunnel.servers.<name>.unsafeTarget
If set, does not limit target to localhost, 127.0.0.1, [::1], or UNIX sockets.
This is meant to protect against accidental unencrypted traffic on untrusted networks.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
- services.gitDaemon.enable
Enable Git daemon, which allows public hosting of git repositories without any access controls. This is mostly intended for read-only access.
You can allow write access by setting daemon.receivepack configuration item of the repository to true. This is solely meant for a closed LAN setting where everybody is friendly.
If you need any access controls, use something else.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
- services.gitDaemon.basePath
Remap all the path requests as relative to the given path. For example, if you set base-path to /srv/git, then if you later try to pull git://example.com/hello.git, Git daemon will interpret the path as /srv/git/hello.git.
Type: string
Default: ""
Example: "/srv/git/"
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
- services.gitDaemon.exportAll
Publish all directories that look like Git repositories (have the objects and refs subdirectories), even if they do not have the git-daemon-export-ok file.
If disabled, you need to touch .git/git-daemon-export-ok in each repository you want the daemon to publish.
Warning: enabling this without a repository whitelist or basePath publishes every git repository you have.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
- services.gitDaemon.group
Group under which Git daemon would be running.
Type: string
Default: "git"
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
- services.gitDaemon.listenAddress
Listen on a specific IP address or hostname.
Type: string
Default: ""
Example: "example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
- services.gitDaemon.options
Extra configuration options to be passed to Git daemon.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
- services.gitDaemon.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9418
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
- services.gitDaemon.repositories
A whitelist of paths of git repositories, or directories containing repositories all of which would be published. Paths must not end in "/".
Warning: leaving this empty and enabling exportAll publishes all repositories in your filesystem or basePath if specified.
Type: list of strings
Default: [ ]
Example: [ "/srv/git" "/home/user/git/repo2" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
- services.gitDaemon.user
User under which Git daemon would be running.
Type: string
Default: "git"
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
- services.gitea.enable
Enable Gitea Service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.enableUnixSocket
Configure Gitea to listen on a unix socket instead of the default TCP port.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.package
gitea derivation to use
Type: package
Default: pkgs.gitea
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.appName
Application name.
Type: string
Default: "gitea: Gitea Service"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.cookieSecure
Marks session cookies as "secure" as a hint for browsers to only send them via HTTPS. This option is recommend, if gitea is being served over HTTPS.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.database.createDatabase
Whether to create a local database automatically.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.database.host
Database host address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.database.name
Database name.
Type: string
Default: "gitea"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.database.password
The password corresponding to database.user. Warning: this is stored in cleartext in the Nix store! Use database.passwordFile instead.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.database.passwordFile
A file containing the password corresponding to database.user.
Type: null or path
Default: null
Example: "/run/keys/gitea-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.database.path
Path to the sqlite3 database file.
Type: string
Default: "/var/lib/gitea/data/gitea.db"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.database.port
Database host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3306
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.database.socket
Path to the unix socket file to use for authentication.
Type: null or path
Default: null
Example: "/run/mysqld/mysqld.sock"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.database.type
Database engine to use.
Type: one of "sqlite3", "mysql", "postgres"
Default: "sqlite3"
Example: "mysql"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.database.user
Database user.
Type: string
Default: "gitea"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.disableRegistration
By default any user can create an account on this gitea instance. This can be disabled by using this option.
Note: please keep in mind that this should be added after the initial deploy unless services.gitea.useWizard is true as the first registered user will be the administrator if no install wizard is used.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.domain
Domain name of your server.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.dump.enable
Enable a timer that runs gitea dump to generate backup-files of the current gitea database and repositories.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.dump.backupDir
Path to the dump files.
Type: string
Default: "/var/lib/gitea/dump"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.dump.interval
Run a gitea dump at this interval. Runs by default at 04:31 every day.
The format is described in systemd.time(7).
Type: string
Default: "04:31"
Example: "hourly"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.extraConfig
Configuration lines appended to the generated gitea configuration file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.httpAddress
HTTP listen address.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.httpPort
HTTP listen port.
Type: signed integer
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.lfs.enable
Enables git-lfs support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.lfs.contentDir
Where to store LFS files.
Type: string
Default: "/var/lib/gitea/data/lfs"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.log.level
General log level.
Type: one of "Trace", "Debug", "Info", "Warn", "Error", "Critical"
Default: "Info"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.log.rootPath
Root path for log files.
Type: string
Default: "/var/lib/gitea/log"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.mailerPasswordFile
Path to a file containing the SMTP password.
Type: null or string
Default: null
Example: "/var/lib/secrets/gitea/mailpw"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.repositoryRoot
Path to the git repositories.
Type: string
Default: "/var/lib/gitea/repositories"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.rootUrl
Full public URL of gitea server.
Type: string
Default: "http://localhost:3000/"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.settings
Gitea configuration. Refer to https://docs.gitea.io/en-us/config-cheat-sheet/ for details on supported values.
Type: attribute set of attribute set of boolean or signed integer or stringss
Default: { }
Example:
{ "cron.sync_external_users" = { RUN_AT_START = true; SCHEDULE = "@every 24h"; UPDATE_EXISTING = true; }; mailer = { ENABLED = true; MAILER_TYPE = "sendmail"; FROM = "do-not-reply@example.org"; SENDMAIL_PATH = "${pkgs.system-sendmail}/bin/sendmail"; }; other = { SHOW_FOOTER_VERSION = false; }; }Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.ssh.enable
Enable external SSH feature.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.ssh.clonePort
SSH port displayed in clone URL. The option is required to configure a service when the external visible port differs from the local listening port i.e. if port forwarding is used.
Type: signed integer
Default: 22
Example: 2222
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.stateDir
gitea data directory.
Type: string
Default: "/var/lib/gitea"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.staticRootPath
Upper level of template and static files path.
Type: string or path
Default: package.data
Example: "/var/lib/gitea/data"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.useWizard
Do not generate a configuration and use gitea' installation wizard instead. The first registered user will be administrator.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.gitea.user
User account under which gitea runs.
Type: string
Default: "gitea"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
- services.github-runner.enable
Whether to enable GitHub Actions runner.
Note: GitHub recommends using self-hosted runners with private repositories only. Learn more here: About self-hosted runners.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix>
- services.github-runner.package
Which github-runner derivation to use.
Type: package
Default: pkgs.github-runner
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix>
- services.github-runner.extraLabels
Extra labels in addition to the default (["self-hosted", "Linux", "X64"]).
Changing this option triggers a new runner registration.
Type: list of strings
Default: [ ]
Example: [ "nixos" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix>
- services.github-runner.extraPackages
Extra packages to add to PATH of the service to make them available to workflows.
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix>
- services.github-runner.name
Name of the runner to configure. Defaults to the hostname.
Changing this option triggers a new runner registration.
Type: string matching the pattern ^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$
Default: "nixos"
Example: "nixos"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix>
- services.github-runner.replace
Replace any existing runner with the same name.
Without this flag, registering a new runner with the same name fails.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix>
- services.github-runner.runnerGroup
Name of the runner group to add this runner to (defaults to the default runner group).
Changing this option triggers a new runner registration.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix>
- services.github-runner.tokenFile
The full path to a file which contains the runner registration token. The file should contain exactly one line with the token without any newline. The token can be used to re-register a runner of the same name but is time-limited.
Changing this option or the file's content triggers a new runner registration.
Type: path
Example: "/run/secrets/github-runner/nixos.token"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix>
- services.github-runner.url
Repository to add the runner to.
Changing this option triggers a new runner registration.
Type: string
Example: "https://github.com/nixos/nixpkgs"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix>
- services.gitlab.enable
Enable the gitlab service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.packages.gitaly
Reference to the gitaly package
Type: package
Default: pkgs.gitaly
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.packages.gitlab
Reference to the gitlab package
Type: package
Default: pkgs.gitlab
Example: pkgs.gitlab-ee
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.packages.gitlab-shell
Reference to the gitlab-shell package
Type: package
Default: pkgs.gitlab-shell
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.packages.gitlab-workhorse
Reference to the gitlab-workhorse package
Type: package
Default: pkgs.gitlab-workhorse
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.packages.pages
Reference to the gitlab-pages package
Type: package
Default: pkgs.gitlab-pages
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.backup.keepTime
How long to keep the backups around, in hours. 0 means “keep forever”.
Type: signed integer
Default: 0
Example: 48
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.backup.path
GitLab path for backups.
Type: string
Default: "/var/gitlab/state/backup"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.backup.skip
Directories to exclude from the backup. The example excludes CI artifacts and LFS objects from the backups. The tar option skips the creation of a tar file.
Refer to https://docs.gitlab.com/ee/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup for more information.
Type: one of "db", "uploads", "builds", "artifacts", "lfs", "registry", "pages", "repositories", "tar" or list of one of "db", "uploads", "builds", "artifacts", "lfs", "registry", "pages", "repositories", "tar"s
Default: [ ]
Example: [ "artifacts" "lfs" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.backup.startAt
The time(s) to run automatic backup of GitLab state. Specified in systemd's time format; see systemd.time(7).
Type: string or list of strings
Default: [ ]
Example: "03:00"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.backup.uploadOptions
GitLab automatic upload specification. Tells GitLab to upload the backup to a remote location when done.
Attributes specified here are added under production -> backup -> upload in config/gitlab.yml.
Type: attribute set
Default: { }
Example:
{ # Fog storage connection settings, see http://fog.io/storage/ connection = { provider = "AWS"; region = "eu-north-1"; aws_access_key_id = "AKIAXXXXXXXXXXXXXXXX"; aws_secret_access_key = { _secret = config.deployment.keys.aws_access_key.path; }; }; # The remote 'directory' to store your backups in. # For S3, this would be the bucket name. remote_directory = "my-gitlab-backups"; # Use multipart uploads when file size reaches 100MB, see # http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html multipart_chunk_size = 104857600; # Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional encryption = "AES256"; # Specifies Amazon S3 storage class to use for backups, this is optional storage_class = "STANDARD"; };Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.databaseCreateLocally
Whether a database should be automatically created on the local host. Set this to false if you plan on provisioning a local database yourself. This has no effect if services.gitlab.databaseHost is customized.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.databaseHost
GitLab database hostname. An empty string means “use local unix socket connection”.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.databaseName
GitLab database name.
Type: string
Default: "gitlab"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.databasePasswordFile
File containing the GitLab database user password.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.databasePool
Database connection pool size.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.databaseUsername
GitLab database user.
Type: string
Default: "gitlab"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.extraConfig
Extra options to be added under production in config/gitlab.yml, as a nix attribute set.
Options containing secret data should be set to an attribute set containing the attribute _secret - a string pointing to a file containing the value the option should be set to. See the example to get a better picture of this: in the resulting config/gitlab.yml file, the production.omniauth.providers[0].args.client_options.secret key will be set to the contents of the /var/keys/gitlab_oidc_secret file.
Type: attribute set
Default: { }
Example:
{ gitlab = { default_projects_features = { builds = false; }; }; omniauth = { enabled = true; auto_sign_in_with_provider = "openid_connect"; allow_single_sign_on = ["openid_connect"]; block_auto_created_users = false; providers = [ { name = "openid_connect"; label = "OpenID Connect"; args = { name = "openid_connect"; scope = ["openid" "profile"]; response_type = "code"; issuer = "https://keycloak.example.com/auth/realms/My%20Realm"; discovery = true; client_auth_method = "query"; uid_field = "preferred_username"; client_options = { identifier = "gitlab"; secret = { _secret = "/var/keys/gitlab_oidc_secret"; }; redirect_uri = "https://git.example.com/users/auth/openid_connect/callback"; }; }; } ]; }; };Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.extraDatabaseConfig
Extra configuration in config/database.yml.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.extraEnv
Additional environment variables for the GitLab environment.
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.extraGitlabRb
Extra configuration to be placed in config/extra-gitlab.rb. This can be used to add configuration not otherwise exposed through this module's options.
Type: string
Default: ""
Example:
'' if Rails.env.production? Rails.application.config.action_mailer.delivery_method = :sendmail ActionMailer::Base.delivery_method = :sendmail ActionMailer::Base.sendmail_settings = { location: "/run/wrappers/bin/sendmail", arguments: "-i -t" } end ''Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.extraShellConfig
Extra configuration to merge into shell-config.yml
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.group
Group to run gitlab and all related services.
Type: string
Default: "gitlab"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.host
GitLab host name. Used e.g. for copy-paste URLs.
Type: string
Default: "nixos"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.https
Whether gitlab prints URLs with https as scheme.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.initialRootEmail
Initial email address of the root account if this is a new install.
Type: string
Default: "admin@local.host"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.initialRootPasswordFile
File containing the initial password of the root account if this is a new install.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.logrotate.enable
Enable rotation of log files.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.logrotate.extraConfig
Extra logrotate config options for this path. Refer to https://linux.die.net/man/8/logrotate for details.
Type: strings concatenated with "\n"
Default:
'' copytruncate compress ''
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.logrotate.frequency
How often to rotate the logs.
Type: string
Default: "daily"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.logrotate.keep
How many rotations to keep.
Type: signed integer
Default: 30
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.pagesExtraArgs
Arguments to pass to the gitlab-pages daemon
Type: list of strings
Default: [ "-listen-proxy" "127.0.0.1:8090" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.port
GitLab server port for copy-paste URLs, e.g. 80 or 443 if you're service over https.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.puma.threadsMax
The maximum number of threads Puma should use per worker. This limits how many threads Puma will automatically spawn in response to requests. In contrast to workers, threads will never be able to run Ruby code in parallel, but give higher IO parallelism.
Note
Each thread consumes memory and contributes to Global VM Lock contention, so be careful when increasing this.Type: signed integer
Default: 4
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.puma.threadsMin
The minimum number of threads Puma should use per worker.
Note
Each thread consumes memory and contributes to Global VM Lock contention, so be careful when increasing this.Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.puma.workers
The number of worker processes Puma should spawn. This controls the amount of parallel Ruby code can be executed. GitLab recommends “Number of CPU cores - 1”, but at least two.
Note
Each worker consumes quite a bit of memory, so be careful when increasing this.Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.redisUrl
Redis URL for all GitLab services except gitlab-shell
Type: string
Default: "redis://localhost:6379/"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.registry.enable
Enable GitLab container registry.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.registry.certFile
Path to GitLab container registry certificate.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.registry.defaultForProjects
If GitLab container registry should be enabled by default for projects.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.registry.externalAddress
External address used to access registry from the internet
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.registry.externalPort
External port used to access registry from the internet
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.registry.host
GitLab container registry host name.
Type: string
Default: "nixos"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.registry.issuer
GitLab container registry issuer.
Type: string
Default: "gitlab-issuer"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.registry.keyFile
Path to GitLab container registry certificate-key.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.registry.port
GitLab container registry port.
Type: signed integer
Default: 4567
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.registry.serviceName
GitLab container registry service name.
Type: string
Default: "container_registry"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.secrets.dbFile
A file containing the secret used to encrypt variables in the DB. If you change or lose this key you will be unable to access variables stored in database.
Make sure the secret is at least 32 characters and all random, no regular words or you'll be exposed to dictionary attacks.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.secrets.jwsFile
A file containing the secret used to encrypt session keys. If you change or lose this key, users will be disconnected.
Make sure the secret is an RSA private key in PEM format. You can generate one with
openssl genrsa 2048
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.secrets.otpFile
A file containing the secret used to encrypt secrets for OTP tokens. If you change or lose this key, users which have 2FA enabled for login won't be able to login anymore.
Make sure the secret is at least 32 characters and all random, no regular words or you'll be exposed to dictionary attacks.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.secrets.secretFile
A file containing the secret used to encrypt variables in the DB. If you change or lose this key you will be unable to access variables stored in database.
Make sure the secret is at least 32 characters and all random, no regular words or you'll be exposed to dictionary attacks.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.sidekiq.memoryKiller.enable
Whether the Sidekiq MemoryKiller should be turned on. MemoryKiller kills Sidekiq when its memory consumption exceeds a certain limit.
See https://docs.gitlab.com/ee/administration/operations/sidekiq_memory_killer.html for details.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.sidekiq.memoryKiller.graceTime
The time MemoryKiller waits after noticing excessive memory consumption before killing Sidekiq.
Type: signed integer
Default: 900
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.sidekiq.memoryKiller.maxMemory
The maximum amount of memory, in MiB, a Sidekiq worker is allowed to consume before being killed.
Type: signed integer
Default: 2000
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.sidekiq.memoryKiller.shutdownWait
The time allowed for all jobs to finish before Sidekiq is killed forcefully.
Type: signed integer
Default: 30
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.smtp.enable
Enable gitlab mail delivery over SMTP.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.smtp.enableStartTLSAuto
Whether to try to use StartTLS.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.smtp.address
Address of the SMTP server for GitLab.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.smtp.authentication
Authentication type to use, see http://api.rubyonrails.org/classes/ActionMailer/Base.html
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.smtp.domain
HELO domain to use for outgoing mail.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.smtp.opensslVerifyMode
How OpenSSL checks the certificate, see http://api.rubyonrails.org/classes/ActionMailer/Base.html
Type: string
Default: "peer"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.smtp.passwordFile
File containing the password of the SMTP server for GitLab.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.smtp.port
Port of the SMTP server for GitLab.
Type: signed integer
Default: 25
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.smtp.tls
Whether to use TLS wrapper-mode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.smtp.username
Username of the SMTP server for GitLab.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.statePath
GitLab state directory. Configuration, repositories and logs, among other things, are stored here.
The directory will be created automatically if it doesn't exist already. Its parent directories must be owned by either root or the user set in services.gitlab.user.
Type: string
Default: "/var/gitlab/state"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab.user
User to run gitlab and all related services.
Type: string
Default: "gitlab"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
- services.gitlab-runner.enable
Whether to enable Gitlab Runner.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.package
Gitlab Runner package to use.
Type: package
Default: pkgs.gitlab-runner
Example: pkgs.gitlab-runner_1_11
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.checkInterval
Defines the interval length, in seconds, between new jobs check. The default value is 3; if set to 0 or lower, the default value will be used. See runner documentation for more information.
Type: signed integer
Default: 0
Example: with lib; (length (attrNames config.services.gitlab-runner.services)) * 3
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.concurrent
Limits how many jobs globally can be run concurrently. The most upper limit of jobs using all defined runners. 0 does not mean unlimited.
Type: signed integer
Default: 1
Example: config.nix.maxJobs
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.configFile
Configuration file for gitlab-runner.
configFile takes precedence over services. checkInterval and concurrent will be ignored too.
This option is deprecated, please use services instead. You can use registrationConfigFile and registrationFlags for settings not covered by this module.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.extraPackages
Extra packages to add to PATH for the gitlab-runner process.
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.gracefulTermination
Finish all remaining jobs before stopping. If not set gitlab-runner will stop immediatly without waiting for jobs to finish, which will lead to failed builds.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.gracefulTimeout
Time to wait until a graceful shutdown is turned into a forceful one.
Type: string
Default: "infinity"
Example: "5min 20s"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.prometheusListenAddress
Address (<host>:<port>) on which the Prometheus metrics HTTP server should be listening.
Type: null or string
Default: null
Example: "localhost:8080"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.sentryDSN
Data Source Name for tracking of all system level errors to Sentry.
Type: null or string
Default: null
Example: "https://public:private@host:port/1"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.services
GitLab Runner services.
Type: attribute set of submodules
Default: { }
Example:
{ # runner for building in docker via host's nix-daemon # nix store will be readable in runner, might be insecure nix = { # File should contain at least these two variables: # `CI_SERVER_URL` # `REGISTRATION_TOKEN` registrationConfigFile = "/run/secrets/gitlab-runner-registration"; dockerImage = "alpine"; dockerVolumes = [ "/nix/store:/nix/store:ro" "/nix/var/nix/db:/nix/var/nix/db:ro" "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" ]; dockerDisableCache = true; preBuildScript = pkgs.writeScript "setup-container" '' mkdir -p -m 0755 /nix/var/log/nix/drvs mkdir -p -m 0755 /nix/var/nix/gcroots mkdir -p -m 0755 /nix/var/nix/profiles mkdir -p -m 0755 /nix/var/nix/temproots mkdir -p -m 0755 /nix/var/nix/userpool mkdir -p -m 1777 /nix/var/nix/gcroots/per-user mkdir -p -m 1777 /nix/var/nix/profiles/per-user mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root mkdir -p -m 0700 "$HOME/.nix-defexpr" . ${pkgs.nix}/etc/profile.d/nix.sh ${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [ nix cacert git openssh ])} ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable ${pkgs.nix}/bin/nix-channel --update nixpkgs ''; environmentVariables = { ENV = "/etc/profile"; USER = "root"; NIX_REMOTE = "daemon"; PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin"; NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"; }; tagList = [ "nix" ]; }; # runner for building docker images docker-images = { # File should contain at least these two variables: # `CI_SERVER_URL` # `REGISTRATION_TOKEN` registrationConfigFile = "/run/secrets/gitlab-runner-registration"; dockerImage = "docker:stable"; dockerVolumes = [ "/var/run/docker.sock:/var/run/docker.sock" ]; tagList = [ "docker-images" ]; }; # runner for executing stuff on host system (very insecure!) # make sure to add required packages (including git!) # to `environment.systemPackages` shell = { # File should contain at least these two variables: # `CI_SERVER_URL` # `REGISTRATION_TOKEN` registrationConfigFile = "/run/secrets/gitlab-runner-registration"; executor = "shell"; tagList = [ "shell" ]; }; # runner for everything else default = { # File should contain at least these two variables: # `CI_SERVER_URL` # `REGISTRATION_TOKEN` registrationConfigFile = "/run/secrets/gitlab-runner-registration"; dockerImage = "debian:stable"; }; }Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.services.<name>.buildsDir
Absolute path to a directory where builds will be stored in context of selected executor (Locally, Docker, SSH).
Type: null or path
Default: null
Example: "/var/lib/gitlab-runner/builds"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.services.<name>.cloneUrl
Overwrite the URL for the GitLab instance. Used if the Runner can’t connect to GitLab on the URL GitLab exposes itself.
Type: null or string
Default: null
Example: "http://gitlab.example.local"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.services.<name>.debugTraceDisabled
When set to true Runner will disable the possibility of using the CI_DEBUG_TRACE feature.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.services.<name>.dockerAllowedImages
Whitelist allowed images.
Type: list of strings
Default: [ ]
Example: [ "ruby:*" "python:*" "php:*" "my.registry.tld:5000/*:*" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.services.<name>.dockerAllowedServices
Whitelist allowed services.
Type: list of strings
Default: [ ]
Example: [ "postgres:9" "redis:*" "mysql:*" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.services.<name>.dockerDisableCache
Disable all container caching.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.services.<name>.dockerExtraHosts
Add a custom host-to-IP mapping.
Type: list of strings
Default: [ ]
Example: [ "other-host:127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.services.<name>.dockerImage
Docker image to be used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.services.<name>.dockerPrivileged
Give extended privileges to container.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.services.<name>.dockerVolumes
Bind-mount a volume and create it if it doesn't exist prior to mounting.
Type: list of strings
Default: [ ]
Example: [ "/var/run/docker.sock:/var/run/docker.sock" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.services.<name>.environmentVariables
Custom environment variables injected to build environment. For secrets you can use registrationConfigFile with RUNNER_ENV variable set.
Type: attribute set of strings
Default: { }
Example: { NAME = "value"; }
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.services.<name>.executor
Select executor, eg. shell, docker, etc. See runner documentation for more information.
Type: string
Default: "docker"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.services.<name>.limit
Limit how many jobs can be handled concurrently by this service. 0 (default) simply means don't limit.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.services.<name>.maximumTimeout
What is the maximum timeout (in seconds) that will be set for job when using this Runner. 0 (default) simply means don't limit.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.services.<name>.postBuildScript
Runner-specific command script executed after code is pulled and just after build executes.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.services.<name>.preBuildScript
Runner-specific command script executed after code is pulled, just before build executes.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.services.<name>.preCloneScript
Runner-specific command script executed before code is pulled.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.services.<name>.protected
When set to true Runner will only run on pipelines triggered on protected branches.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.services.<name>.registrationConfigFile
Absolute path to a file with environment variables used for gitlab-runner registration. A list of all supported environment variables can be found in gitlab-runner register --help.
Ones that you probably want to set is
CI_SERVER_URL=<CI server URL>
REGISTRATION_TOKEN=<registration secret>
WARNING: make sure to use quoted absolute path, or it is going to be copied to Nix Store.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.services.<name>.registrationFlags
Extra command-line flags passed to gitlab-runner register. Execute gitlab-runner register --help for a list of supported flags.
Type: list of strings
Default: [ ]
Example: [ "--docker-helper-image my/gitlab-runner-helper" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.services.<name>.requestConcurrency
Limit number of concurrent requests for new jobs from GitLab.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.services.<name>.runUntagged
Register to run untagged builds; defaults to true when tagList is empty.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.services.<name>.tagList
Tag list.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.sessionServer
The session server allows the user to interact with jobs that the Runner is responsible for. A good example of this is the interactive web terminal.
Type: submodule
Default: { }
Example:
{ listenAddress = "0.0.0.0:8093"; }Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.sessionServer.advertiseAddress
The URL that the Runner will expose to GitLab to be used to access the session server. Fallbacks to listenAddress if not defined.
Type: null or string
Default: null
Example: "runner-host-name.tld:8093"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.sessionServer.listenAddress
An internal URL to be used for the session server.
Type: null or string
Default: null
Example: "0.0.0.0:8093"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitlab-runner.sessionServer.sessionTimeout
How long in seconds the session can stay active after the job completes (which will block the job from finishing).
Type: signed integer
Default: 1800
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
- services.gitolite.enable
Enable gitolite management under the gitolite user. After switching to a configuration with Gitolite enabled, you can then run git clone gitolite@host:gitolite-admin.git to manage it further.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
- services.gitolite.enableGitAnnex
Enable git-annex support. Uses the extraGitoliteRc option to apply the necessary configuration.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
- services.gitolite.adminPubkey
Initial administrative public key for Gitolite. This should be an SSH Public Key. Note that this key will only be used once, upon the first initialization of the Gitolite user. The key string cannot have any line breaks in it.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
- services.gitolite.commonHooks
A list of custom git hooks that get copied to ~/.gitolite/hooks/common.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
- services.gitolite.dataDir
The gitolite home directory used to store all repositories. If left as the default value this directory will automatically be created before the gitolite server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: string
Default: "/var/lib/gitolite"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
- services.gitolite.extraGitoliteRc
Extra configuration to append to the default ~/.gitolite.rc.
This should be Perl code that modifies the %RC configuration variable. The default ~/.gitolite.rc content is generated by invoking gitolite print-default-rc, and extra configuration from this option is appended to it. The result is placed to Nix store, and the ~/.gitolite.rc file becomes a symlink to it.
If you already have a customized (or otherwise changed) ~/.gitolite.rc file, NixOS will refuse to replace it with a symlink, and the `gitolite-init` initialization service will fail. In this situation, in order to use this option, you will need to take any customizations you may have in ~/.gitolite.rc, convert them to appropriate Perl statements, add them to this option, and remove the file.
See also the enableGitAnnex option.
Type: strings concatenated with "\n"
Default: ""
Example:
'' $RC{UMASK} = 0027; $RC{SITE_INFO} = 'This is our private repository host'; push( @{$RC{ENABLE}}, 'Kindergarten' ); # enable the command/feature @{$RC{ENABLE}} = grep { $_ ne 'desc' } @{$RC{ENABLE}}; # disable the command/feature ''Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
- services.gitolite.group
Primary group of the Gitolite user account.
Type: string
Default: "gitolite"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
- services.gitolite.user
Gitolite user account. This is the username of the gitolite endpoint.
Type: string
Default: "gitolite"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
- services.gitweb.extraConfig
Verbatim configuration text appended to the generated gitweb.conf file.
Type: strings concatenated with "\n"
Default: ""
Example:
'' $feature{'highlight'}{'default'} = [1]; $feature{'ctags'}{'default'} = [1]; $feature{'avatar'}{'default'} = ['gravatar']; ''Declared by:
<nixpkgs/nixos/modules/services/misc/gitweb.nix>
- services.gitweb.gitwebTheme
Use an alternative theme for gitweb, strongly inspired by GitHub.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitweb.nix>
- services.gitweb.projectroot
Path to git projects (bare repositories) that should be served by gitweb. Must not end with a slash.
Type: path
Default: "/srv/git"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitweb.nix>
- services.globalprotect.enable
Whether to enable globalprotect.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/globalprotect-vpn.nix>
- services.globalprotect.csdWrapper
A script that will produce a Host Integrity Protection (HIP) report, as described at https://www.infradead.org/openconnect/hip.html
Type: null or path
Default: null
Example: "${pkgs.openconnect}/libexec/openconnect/hipreport.sh"
Declared by:
<nixpkgs/nixos/modules/services/networking/globalprotect-vpn.nix>
- services.glusterfs.enable
Whether to enable GlusterFS Daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
- services.glusterfs.enableGlustereventsd
Whether to enable the GlusterFS Events Daemon
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
- services.glusterfs.extraFlags
Extra flags passed to the GlusterFS daemon
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
- services.glusterfs.killMode
The systemd KillMode to use for glusterd.
glusterd spawns other daemons like gsyncd. If you want these to stop when glusterd is stopped (e.g. to ensure that NixOS config changes are reflected even for these sub-daemons), set this to 'control-group'. If however you want running volume processes (glusterfsd) and thus gluster mounts not be interrupted when glusterd is restarted (for example, when you want to restart them manually at a later time), set this to 'process'.
Type: one of "control-group", "process", "mixed", "none"
Default: "control-group"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
- services.glusterfs.logLevel
Log level used by the GlusterFS daemon
Type: one of "DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL", "TRACE", "NONE"
Default: "INFO"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
- services.glusterfs.stopKillTimeout
The systemd TimeoutStopSec to use.
After this time after having been asked to shut down, glusterd (and depending on the killMode setting also its child processes) are killed by systemd.
The default is set low because GlusterFS (as of 3.10) is known to not tell its children (like gsyncd) to terminate at all.
Type: string
Default: "5s"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
- services.glusterfs.tlsSettings
Make the server communicate via TLS. This means it will only connect to other gluster servers having certificates signed by the same CA.
Enabling this will create a file /var/lib/glusterd/secure-access. Disabling will delete this file again.
See also: https://gluster.readthedocs.io/en/latest/Administrator%20Guide/SSL/
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
- services.glusterfs.tlsSettings.caCert
Path certificate authority used to sign the cluster certificates.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
- services.glusterfs.tlsSettings.tlsKeyPath
Path to the private key used for TLS.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
- services.glusterfs.tlsSettings.tlsPem
Path to the certificate used for TLS.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
- services.glusterfs.useRpcbind
Enable use of rpcbind. This is required for Gluster's NFS functionality.
You may want to turn it off to reduce the attack surface for DDoS reflection attacks.
See https://davelozier.com/glusterfs-and-rpcbind-portmap-ddos-reflection-attacks/ and https://bugzilla.redhat.com/show_bug.cgi?id=1426842 for details.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
- services.gnome.at-spi2-core.enable
Whether to enable at-spi2-core, a service for the Assistive Technologies available on the GNOME platform.
Enable this if you get the error or warning The name org.a11y.Bus was not provided by any .service files.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/at-spi2-core.nix>
- services.gnome.chrome-gnome-shell.enable
Whether to enable Chrome GNOME Shell native host connector, a DBus service allowing to install GNOME Shell extensions from a web browser. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/chrome-gnome-shell.nix>
- services.gnome.core-developer-tools.enable
Whether to enable GNOME core developer tools.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
- services.gnome.core-os-services.enable
Whether to enable essential services for GNOME3.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
- services.gnome.core-shell.enable
Whether to enable GNOME Shell services.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
- services.gnome.core-utilities.enable
Whether to enable GNOME core utilities.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
- services.gnome.evolution-data-server.enable
Whether to enable Evolution Data Server, a collection of services for storing addressbooks and calendars..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/evolution-data-server.nix>
- services.gnome.evolution-data-server.plugins
Plugins for Evolution Data Server.
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/evolution-data-server.nix>
- services.gnome.experimental-features.realtime-scheduling
Makes mutter (which propagates to gnome-shell) request a low priority real-time scheduling which is only available on the wayland session. To enable this experimental feature it requires a restart of the compositor. Note that enabling this option only enables the capability for realtime-scheduling to be used. It doesn't automatically set the gsetting so that mutter actually uses realtime-scheduling. This would require adding rt-scheduler to /org/gnome/mutter/experimental-features with dconf-editor. You cannot use extraGSettingsOverrides because that will only change the default value of the setting.
Please be aware of these known issues with the feature in nixos:
- NixOS/nixpkgs#90201
- NixOS/nixpkgs#86730
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
- services.gnome.games.enable
Whether to enable GNOME games.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
- services.gnome.glib-networking.enable
Whether to enable network extensions for GLib.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/glib-networking.nix>
- services.gnome.gnome-initial-setup.enable
Whether to enable GNOME Initial Setup, a Simple, easy, and safe way to prepare a new system.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/gnome-initial-setup.nix>
- services.gnome.gnome-keyring.enable
Whether to enable GNOME Keyring daemon, a service designed to take care of the user's security credentials, such as user names and passwords.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/gnome-keyring.nix>
- services.gnome.gnome-online-accounts.enable
Whether to enable GNOME Online Accounts daemon, a service that provides a single sign-on framework for the GNOME desktop.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/gnome-online-accounts.nix>
- services.gnome.gnome-online-miners.enable
Whether to enable GNOME Online Miners, a service that crawls through your online content.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/gnome-online-miners.nix>
- services.gnome.gnome-remote-desktop.enable
Whether to enable Remote Desktop support using Pipewire.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/gnome-remote-desktop.nix>
- services.gnome.gnome-settings-daemon.enable
Whether to enable GNOME Settings Daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/gnome-settings-daemon.nix>
- services.gnome.gnome-user-share.enable
Whether to enable GNOME User Share, a user-level file sharing service for GNOME.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/gnome-user-share.nix>
- services.gnome.rygel.enable
Whether to enable Rygel UPnP Mediaserver.
You will need to also allow UPnP connections in firewall, see the following comment.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/rygel.nix>
- services.gnome.sushi.enable
Whether to enable Sushi, a quick previewer for nautilus.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/sushi.nix>
- services.gnome.tracker.enable
Whether to enable Tracker services, a search engine, search tool and metadata storage system.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/tracker.nix>
- services.gnome.tracker-miners.enable
Whether to enable Tracker miners, indexing services for Tracker search engine and metadata storage system.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/tracker-miners.nix>
- services.gnunet.enable
Whether to run the GNUnet daemon. GNUnet is GNU's anonymous peer-to-peer communication and file sharing framework.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
- services.gnunet.package
Overridable attribute of the gnunet package to use.
Type: package
Default: pkgs.gnunet
Example: pkgs.gnunet_git
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
- services.gnunet.extraOptions
Additional options that will be copied verbatim in `gnunet.conf'. See `gnunet.conf(5)' for details.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
- services.gnunet.fileSharing.quota
Maximum file system usage (in MiB) for file sharing.
Type: signed integer
Default: 1024
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
- services.gnunet.load.hardNetUpBandwidth
Hard bandwidth limit (in bits per second) when uploading data.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
- services.gnunet.load.maxNetDownBandwidth
Maximum bandwidth usage (in bits per second) for GNUnet when downloading data.
Type: signed integer
Default: 50000
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
- services.gnunet.load.maxNetUpBandwidth
Maximum bandwidth usage (in bits per second) for GNUnet when downloading data.
Type: signed integer
Default: 50000
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
- services.gnunet.tcp.port
The TCP port for use by GNUnet.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 2086
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
- services.gnunet.udp.port
The UDP port for use by GNUnet.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 2086
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
- services.go-neb.enable
Whether to enable Extensible matrix bot written in Go.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/go-neb.nix>
- services.go-neb.baseUrl
Public-facing endpoint that can receive webhooks.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/go-neb.nix>
- services.go-neb.bindAddress
Port (and optionally address) to listen on.
Type: string
Default: ":4050"
Declared by:
<nixpkgs/nixos/modules/services/networking/go-neb.nix>
- services.go-neb.config
Your config.yaml as a Nix attribute set. See config.sample.yaml for possible options.
Type: YAML value
Declared by:
<nixpkgs/nixos/modules/services/networking/go-neb.nix>
- services.go-neb.secretFile
Environment variables from this file will be interpolated into the final config file using envsubst with this syntax: $ENVIRONMENT or ${VARIABLE}. The file should contain lines formatted as SECRET_VAR=SECRET_VALUE. This is useful to avoid putting secrets into the nix store.
Type: null or path
Default: null
Example: "/run/keys/go-neb.env"
Declared by:
<nixpkgs/nixos/modules/services/networking/go-neb.nix>
- services.go-shadowsocks2.server.enable
Whether to enable go-shadowsocks2 server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/go-shadowsocks2.nix>
- services.go-shadowsocks2.server.listenAddress
Server listen address or URL
Type: string
Example: "ss://AEAD_CHACHA20_POLY1305:your-password@:8488"
Declared by:
<nixpkgs/nixos/modules/services/networking/go-shadowsocks2.nix>
- services.gobgpd.enable
Whether to enable GoBGP Routing Daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/gobgpd.nix>
- services.gobgpd.settings
GoBGP configuration. Refer to https://github.com/osrg/gobgp#documentation for details on supported values.
Type: TOML value
Default: { }
Example:
{ global = { config = { as = 64512; router-id = "192.168.255.1"; }; }; neighbors = [ { config = { neighbor-address = "10.0.255.1"; peer-as = 65001; }; } { config = { neighbor-address = "10.0.255.2"; peer-as = 65002; }; } ]; }Declared by:
<nixpkgs/nixos/modules/services/networking/gobgpd.nix>
- services.gocd-agent.enable
Whether to enable gocd-agent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
- services.gocd-agent.packages
Packages to add to PATH for the Go.CD agent process.
Type: list of packages
Default: [ pkgs.stdenv pkgs.jre pkgs.git config.programs.ssh.package pkgs.nix ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
- services.gocd-agent.agentConfig
Agent registration configuration.
Type: string
Default: ""
Example:
'' agent.auto.register.resources=ant,java agent.auto.register.environments=QA,Performance agent.auto.register.hostname=Agent01 ''
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
- services.gocd-agent.environment
Additional environment variables to be passed to the Go.CD agent process. As a base environment, Go.CD agent receives NIX_PATH from environment.sessionVariables, NIX_REMOTE is set to "daemon".
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
- services.gocd-agent.extraGroups
List of extra groups that the "gocd-agent" user should be a part of.
Type: list of strings
Default: [ ]
Example: [ "wheel" "docker" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
- services.gocd-agent.extraOptions
Specifies additional command line arguments to pass to Go.CD agent java process. Example contains debug and gcLog arguments.
Type: list of strings
Default: [ ]
Example: [ "-X debug" "-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5006" "-verbose:gc" "-Xloggc:go-agent-gc.log" "-XX:+PrintGCTimeStamps" "-XX:+PrintTenuringDistribution" "-XX:+PrintGCDetails" "-XX:+PrintGC" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
- services.gocd-agent.goServer
URL of the GoCD Server to attach the Go.CD Agent to.
Type: string
Default: "https://127.0.0.1:8154/go"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
- services.gocd-agent.group
If the default user "gocd-agent" is configured then this is the primary group of that user.
Type: string
Default: "gocd-agent"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
- services.gocd-agent.initialJavaHeapSize
Specifies the initial java heap memory size for the Go.CD agent java process.
Type: string
Default: "128m"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
- services.gocd-agent.maxJavaHeapMemory
Specifies the java maximum heap memory size for the Go.CD agent java process.
Type: string
Default: "256m"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
- services.gocd-agent.startupOptions
Specifies startup command line arguments to pass to Go.CD agent java process.
Type: list of strings
Default: [ "-Xms128m" "-Xmx256m" "-Djava.io.tmpdir=/tmp" "-Dcruise.console.publish.interval=10" "-Djava.security.egd=file:/dev/./urandom" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
- services.gocd-agent.user
User the Go.CD agent should execute under.
Type: string
Default: "gocd-agent"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
- services.gocd-agent.workDir
Specifies the working directory in which the Go.CD agent java archive resides.
Type: string
Default: "/var/lib/go-agent"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
- services.gocd-server.enable
Whether to enable gocd-server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
- services.gocd-server.packages
Packages to add to PATH for the Go.CD server's process.
Type: list of packages
Default: [ pkgs.stdenv pkgs.jre pkgs.git config.programs.ssh.package pkgs.nix ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
- services.gocd-server.environment
Additional environment variables to be passed to the gocd-server process. As a base environment, gocd-server receives NIX_PATH from environment.sessionVariables, NIX_REMOTE is set to "daemon".
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
- services.gocd-server.extraGroups
List of extra groups that the "gocd-server" user should be a part of.
Type: list of strings
Default: [ ]
Example: [ "wheel" "docker" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
- services.gocd-server.extraOptions
Specifies additional command line arguments to pass to Go.CD server's java process. Example contains debug and gcLog arguments.
Type: list of strings
Default: [ ]
Example: [ "-X debug" "-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005" "-verbose:gc" "-Xloggc:go-server-gc.log" "-XX:+PrintGCTimeStamps" "-XX:+PrintTenuringDistribution" "-XX:+PrintGCDetails" "-XX:+PrintGC" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
- services.gocd-server.group
If the default user "gocd-server" is configured then this is the primary group of that user.
Type: string
Default: "gocd-server"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
- services.gocd-server.initialJavaHeapSize
Specifies the initial java heap memory size for the Go.CD server's java process.
Type: string
Default: "512m"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
- services.gocd-server.listenAddress
Specifies the bind address on which the Go.CD server HTTP interface listens.
Type: string
Default: "0.0.0.0"
Example: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
- services.gocd-server.maxJavaHeapMemory
Specifies the java maximum heap memory size for the Go.CD server's java process.
Type: string
Default: "1024m"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
- services.gocd-server.port
Specifies port number on which the Go.CD server HTTP interface listens.
Type: signed integer
Default: 8153
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
- services.gocd-server.sslPort
Specifies port number on which the Go.CD server HTTPS interface listens.
Type: signed integer
Default: 8154
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
- services.gocd-server.startupOptions
Specifies startup command line arguments to pass to Go.CD server java process.
Type: list of strings
Default: [ "-Xms512m" "-Xmx1024m" "-Dcruise.listen.host=0.0.0.0" "-Duser.language=en" "-Djruby.rack.request.size.threshold.bytes=30000000" "-Duser.country=US" "-Dcruise.config.dir=/var/lib/go-server/conf" "-Dcruise.config.file=/var/lib/go-server/conf/cruise-config.xml" "-Dcruise.server.port=8153" "-Dcruise.server.ssl.port=8154" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
- services.gocd-server.user
User the Go.CD server should execute under.
Type: string
Default: "gocd-server"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
- services.gocd-server.workDir
Specifies the working directory in which the Go.CD server java archive resides.
Type: string
Default: "/var/lib/go-server"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
- services.gogoclient.enable
Enable the gogoCLIENT IPv6 tunnel.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/gogoclient.nix>
- services.gogoclient.autorun
Whether to automatically start the tunnel.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/gogoclient.nix>
- services.gogoclient.password
Path to a file (as a string), containing your gogoNET password, if any.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/gogoclient.nix>
- services.gogoclient.server
The Gateway6 server to be used.
Type: string
Default: "anonymous.freenet6.net"
Example: "broker.freenet6.net"
Declared by:
<nixpkgs/nixos/modules/services/networking/gogoclient.nix>
- services.gogoclient.username
Your Gateway6 login name, if any.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/gogoclient.nix>
- services.gogs.enable
Enable Go Git Service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
- services.gogs.appName
Application name.
Type: string
Default: "Gogs: Go Git Service"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
- services.gogs.cookieSecure
Marks session cookies as "secure" as a hint for browsers to only send them via HTTPS. This option is recommend, if Gogs is being served over HTTPS.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
- services.gogs.database.host
Database host address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
- services.gogs.database.name
Database name.
Type: string
Default: "gogs"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
- services.gogs.database.password
The password corresponding to database.user. Warning: this is stored in cleartext in the Nix store! Use database.passwordFile instead.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
- services.gogs.database.passwordFile
A file containing the password corresponding to database.user.
Type: null or path
Default: null
Example: "/run/keys/gogs-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
- services.gogs.database.path
Path to the sqlite3 database file.
Type: string
Default: "/var/lib/gogs/data/gogs.db"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
- services.gogs.database.port
Database host port.
Type: signed integer
Default: 3306
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
- services.gogs.database.type
Database engine to use.
Type: one of "sqlite3", "mysql", "postgres"
Default: "sqlite3"
Example: "mysql"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
- services.gogs.database.user
Database user.
Type: string
Default: "gogs"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
- services.gogs.domain
Domain name of your server.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
- services.gogs.extraConfig
Configuration lines appended to the generated Gogs configuration file.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
- services.gogs.group
Group account under which Gogs runs.
Type: string
Default: "gogs"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
- services.gogs.httpAddress
HTTP listen address.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
- services.gogs.httpPort
HTTP listen port.
Type: signed integer
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
- services.gogs.repositoryRoot
Path to the git repositories.
Type: string
Default: "/var/lib/gogs/repositories"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
- services.gogs.rootUrl
Full public URL of Gogs server.
Type: string
Default: "http://localhost:3000/"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
- services.gogs.stateDir
Gogs data directory.
Type: string
Default: "/var/lib/gogs"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
- services.gogs.useWizard
Do not generate a configuration and use Gogs' installation wizard instead. The first registered user will be administrator.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
- services.gogs.user
User account under which Gogs runs.
Type: string
Default: "gogs"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
- services.gollum.enable
Enable the Gollum service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
- services.gollum.address
IP address on which the web server will listen.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
- services.gollum.allowUploads
Enable uploads of external files
Type: null or one of "dir", "page"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
- services.gollum.branch
Git branch to serve
Type: string
Default: "master"
Example: "develop"
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
- services.gollum.emoji
Parse and interpret emoji tags
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
- services.gollum.extraConfig
Content of the configuration file
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
- services.gollum.h1-title
Use the first h1 as page title
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
- services.gollum.mathjax
Enable support for math rendering using MathJax
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
- services.gollum.port
Port on which the web server will run.
Type: signed integer
Default: 4567
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
- services.gollum.stateDir
Specifies the path of the repository directory. If it does not exist, Gollum will create it on startup.
Type: path
Default: "/var/lib/gollum"
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
- services.gotify.enable
Whether to enable Gotify webserver.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gotify-server.nix>
- services.gotify.port
Port the server listens to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gotify-server.nix>
- services.gotify.stateDirectoryName
The name of the directory below /var/lib where gotify stores its runtime data.
Type: string
Default: "gotify-server"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gotify-server.nix>
- services.gpm.enable
Whether to enable GPM, the General Purpose Mouse daemon, which enables mouse support in virtual consoles.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/ttys/gpm.nix>
- services.gpm.protocol
Mouse protocol to use.
Type: string
Default: "ps/2"
Declared by:
<nixpkgs/nixos/modules/services/ttys/gpm.nix>
- services.gpsd.enable
Whether to enable `gpsd', a GPS service daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gpsd.nix>
- services.gpsd.debugLevel
The debugging level.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/misc/gpsd.nix>
- services.gpsd.device
A device may be a local serial device for GPS input, or a URL of the form: [{dgpsip|ntrip}://][user:passwd@]host[:port][/stream] in which case it specifies an input source for DGPS or ntrip data.
Type: string
Default: "/dev/ttyUSB0"
Declared by:
<nixpkgs/nixos/modules/services/misc/gpsd.nix>
- services.gpsd.nowait
don't wait for client connects to poll GPS
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gpsd.nix>
- services.gpsd.port
The port where to listen for TCP connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 2947
Declared by:
<nixpkgs/nixos/modules/services/misc/gpsd.nix>
- services.gpsd.readonly
Whether to enable the broken-device-safety, otherwise known as read-only mode. Some popular bluetooth and USB receivers lock up or become totally inaccessible when probed or reconfigured. This switch prevents gpsd from writing to a receiver. This means that gpsd cannot configure the receiver for optimal performance, but it also means that gpsd cannot break the receiver. A better solution would be for Bluetooth to not be so fragile. A platform independent method to identify serial-over-Bluetooth devices would also be nice.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/gpsd.nix>
- services.grafana.enable
Whether to enable grafana.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.package
Package to use.
Type: package
Default: pkgs.grafana
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.addr
Listening address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.analytics.reporting.enable
Whether to allow anonymous usage reporting to stats.grafana.net.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.auth.anonymous.enable
Whether to allow anonymous access.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.auth.anonymous.org_name
Which organization to allow anonymous access to.
Type: string
Default: "Main Org."
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.auth.anonymous.org_role
Which role anonymous users have in the organization.
Type: string
Default: "Viewer"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.auth.google.enable
Whether to allow Google OAuth2.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.auth.google.allowSignUp
Whether to allow sign up with Google OAuth2.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.auth.google.clientId
Google OAuth2 client ID.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.auth.google.clientSecretFile
Google OAuth2 client secret.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.certFile
Cert file for ssl.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.certKey
Cert key for ssl.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.dataDir
Data directory.
Type: path
Default: "/var/lib/grafana"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.database.connMaxLifetime
Sets the maximum amount of time (in seconds) a connection may be reused. For MySQL this setting should be shorter than the `wait_timeout' variable.
Type: signed integer or value "unlimited" (singular enum)
Default: "unlimited"
Example: 14400
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.database.host
Database host.
Type: string
Default: "127.0.0.1:3306"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.database.name
Database name.
Type: string
Default: "grafana"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.database.password
Database password. This option is mutual exclusive with the passwordFile option.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.database.passwordFile
File that containts the database password. This option is mutual exclusive with the password option.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.database.path
Database path.
Type: path
Default: "/var/lib/grafana/data/grafana.db"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.database.type
Database type.
Type: one of "mysql", "sqlite3", "postgres"
Default: "sqlite3"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.database.user
Database user.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.declarativePlugins
If non-null, then a list of packages containing Grafana plugins to install. If set, plugins cannot be manually installed.
Type: null or list of paths
Default: null
Example: with pkgs.grafanaPlugins; [ grafana-piechart-panel ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.domain
The public facing domain name used to access grafana from a browser.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.extraOptions
Extra configuration options passed as env variables as specified in documentation, but without GF_ prefix
Type: attribute set of string or paths
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.port
Listening port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.protocol
Which protocol to listen.
Type: one of "http", "https", "socket"
Default: "http"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.enable
Whether to enable provision.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.dashboards
Grafana dashboard configuration.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.dashboards.*.disableDeletion
Disable deletion when JSON file is removed.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.dashboards.*.folder
Add dashboards to the specified folder.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.dashboards.*.name
Provider name.
Type: string
Default: "default"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.dashboards.*.options.path
Path grafana will watch for dashboards.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.dashboards.*.orgId
Organization ID.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.dashboards.*.type
Dashboard provider type.
Type: string
Default: "file"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.dashboards.*.updateIntervalSeconds
How often Grafana will scan for changed dashboards.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.datasources
Grafana datasources configuration.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.datasources.*.access
Access mode. proxy or direct (Server or Browser in the UI). Required.
Type: one of "proxy", "direct"
Default: "proxy"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.datasources.*.basicAuth
Enable/disable basic auth.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.datasources.*.basicAuthPassword
Basic auth password.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.datasources.*.basicAuthUser
Basic auth username.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.datasources.*.database
Database name, if used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.datasources.*.editable
Allow users to edit datasources from the UI.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.datasources.*.isDefault
Mark as default datasource. Max one per org.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.datasources.*.jsonData
Datasource specific configuration.
Type: null or attribute set
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.datasources.*.name
Name of the datasource. Required.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.datasources.*.orgId
Org id. will default to orgId 1 if not specified.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.datasources.*.password
Database password, if used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.datasources.*.secureJsonData
Datasource specific secure configuration.
Type: null or attribute set
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.datasources.*.type
Datasource type. Required.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.datasources.*.url
Url of the datasource.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.datasources.*.user
Database user, if used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.datasources.*.version
Version.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.datasources.*.withCredentials
Enable/disable with credentials headers.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.notifiers
Grafana notifier configuration.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.notifiers.*.disable_resolve_message
Turn off the message that sends when an alert returns to OK.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.notifiers.*.frequency
How frequently should the notifier be sent reminders.
Type: string
Default: "5m"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.notifiers.*.is_default
Is the default notifier.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.notifiers.*.name
Notifier name.
Type: string
Default: "default"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.notifiers.*.org_id
Organization ID.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.notifiers.*.org_name
Organization name.
Type: string
Default: "Main Org."
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.notifiers.*.secure_settings
Secure settings for the notifier type.
Type: null or attribute set
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.notifiers.*.send_reminder
Should the notifier be sent reminder notifications while alerts continue to fire.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.notifiers.*.settings
Settings for the notifier type.
Type: null or attribute set
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.notifiers.*.type
Notifier type.
Type: one of "dingding", "discord", "email", "googlechat", "hipchat", "kafka", "line", "teams", "opsgenie", "pagerduty", "prometheus-alertmanager", "pushover", "sensu", "sensugo", "slack", "telegram", "threema", "victorops", "webhook"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.provision.notifiers.*.uid
Unique notifier identifier.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.rootUrl
Full public facing url.
Type: string
Default: "%(protocol)s://%(domain)s:%(http_port)s/"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.security.adminPassword
Default admin password. This option is mutual exclusive with the adminPasswordFile option.
Type: string
Default: "admin"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.security.adminPasswordFile
Default admin password. This option is mutual exclusive with the adminPassword option.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.security.adminUser
Default admin username.
Type: string
Default: "admin"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.security.secretKey
Secret key used for signing.
Type: string
Default: "SW2YcwTIb9zpOOhoPsMm"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.security.secretKeyFile
Secret key used for signing.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.smtp.enable
Whether to enable smtp.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.smtp.fromAddress
Email address used for sending.
Type: string
Default: "admin@grafana.localhost"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.smtp.host
Host to connect to.
Type: string
Default: "localhost:25"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.smtp.password
Password used for authentication. This option is mutual exclusive with the passwordFile option.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.smtp.passwordFile
Password used for authentication. This option is mutual exclusive with the password option.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.smtp.user
User used for authentication.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.socket
Listening socket.
Type: string
Default: "/run/grafana/grafana.sock"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.staticRootPath
Root path for static assets.
Type: string
Default: "${package}/share/grafana/public"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.users.allowOrgCreate
Whether user is allowed to create organizations.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.users.allowSignUp
Disable user signup / registration.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.users.autoAssignOrg
Whether to automatically assign new users to default org.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana.users.autoAssignOrgRole
Default role new users will be auto assigned.
Type: one of "Viewer", "Editor"
Default: "Viewer"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
- services.grafana-image-renderer.enable
Whether to enable grafana-image-renderer.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix>
- services.grafana-image-renderer.chromium
The chromium to use for image rendering.
Type: package
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix>
- services.grafana-image-renderer.provisionGrafana
Whether to enable Grafana configuration for grafana-image-renderer.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix>
- services.grafana-image-renderer.settings
Configuration attributes for grafana-image-renderer.
See https://github.com/grafana/grafana-image-renderer/blob/ce1f81438e5f69c7fd7c73ce08bab624c4c92e25/default.json for supported values.
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix>
- services.grafana-image-renderer.settings.rendering.args
List of CLI flags passed to chromium.
Type: list of strings
Default: [ "--no-sandbox" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix>
- services.grafana-image-renderer.settings.rendering.height
Height of the PNG used to display the alerting graph.
Type: positive integer, meaning >0
Default: 500
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix>
- services.grafana-image-renderer.settings.rendering.mode
Rendering mode of grafana-image-renderer:
- default: Creates on browser-instance per rendering request.
- reusable: One browser instance will be started and reused for each rendering request.
- clustered: allows to precisely configure how many browser-instances are supposed to be used. The values for that mode can be declared in rendering.clustering.
Type: one of "default", "reusable", "clustered"
Default: "default"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix>
- services.grafana-image-renderer.settings.rendering.width
Width of the PNG used to display the alerting graph.
Type: positive integer, meaning >0
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix>
- services.grafana-image-renderer.settings.service.logging.level
The log-level of the grafana-image-renderer.service-unit.
Type: one of "error", "warning", "info", "debug"
Default: "info"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix>
- services.grafana-image-renderer.settings.service.port
The TCP port to use for the rendering server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8081
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix>
- services.grafana-image-renderer.verbose
Whether to enable verbosity for the service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix>
- services.grafana_reporter.enable
Whether to enable grafana_reporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-reporter.nix>
- services.grafana_reporter.addr
Listening address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-reporter.nix>
- services.grafana_reporter.grafana.addr
Grafana address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-reporter.nix>
- services.grafana_reporter.grafana.port
Grafana port.
Type: signed integer
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-reporter.nix>
- services.grafana_reporter.grafana.protocol
Grafana protocol.
Type: one of "http", "https"
Default: "http"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-reporter.nix>
- services.grafana_reporter.port
Listening port.
Type: signed integer
Default: 8686
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-reporter.nix>
- services.grafana_reporter.templateDir
Optional template directory to use custom tex templates
Type: string or path
Default: pkgs.grafana_reporter
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-reporter.nix>
- services.graphite.api.enable
Whether to enable graphite api. Graphite api is lightweight alternative to graphite web, with api and without dashboard. It's advised to use grafana as alternative dashboard and influxdb as alternative to graphite carbon.
For more information visit https://graphite-api.readthedocs.org/en/latest/
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.api.package
Package to use for graphite api.
Type: package
Default: pkgs.python3Packages.graphite_api
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.api.extraConfig
Extra configuration for graphite api.
Type: strings concatenated with "\n"
Default:
'' whisper: directories: - /var/db/graphite/whisper ''Example:
'' allowed_origins: - dashboard.example.com cheat_times: true influxdb: host: localhost port: 8086 user: influxdb pass: influxdb db: metrics cache: CACHE_TYPE: 'filesystem' CACHE_DIR: '/tmp/graphite-api-cache' ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.api.finders
List of finder plugins to load.
Type: list of packages
Default: [ ]
Example: [ pkgs.python3Packages.influxgraph ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.api.functions
List of functions to load.
Type: list of strings
Default: [ "graphite_api.functions.SeriesFunctions" "graphite_api.functions.PieFunctions" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.api.listenAddress
Graphite web service listen address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.api.port
Graphite api service port.
Type: signed integer
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.beacon.enable
Whether to enable graphite beacon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.beacon.config
Graphite beacon configuration.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.carbon.enableAggregator
Whether to enable carbon aggregator, the carbon buffering service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.carbon.enableCache
Whether to enable carbon cache, the graphite storage daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.carbon.enableRelay
Whether to enable carbon relay, the carbon replication and sharding service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.carbon.aggregationRules
Defines if and how received metrics will be aggregated.
Type: null or string
Default: null
Example:
'' <env>.applications.<app>.all.requests (60) = sum <env>.applications.<app>.*.requests <env>.applications.<app>.all.latency (60) = avg <env>.applications.<app>.*.latency ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.carbon.blacklist
Any metrics received which match one of the experssions will be dropped.
Type: null or string
Default: null
Example: ''^some\.noisy\.metric\.prefix\..*''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.carbon.config
Content of carbon configuration file.
Type: string
Default:
'' [cache] # Listen on localhost by default for security reasons UDP_RECEIVER_INTERFACE = 127.0.0.1 PICKLE_RECEIVER_INTERFACE = 127.0.0.1 LINE_RECEIVER_INTERFACE = 127.0.0.1 CACHE_QUERY_INTERFACE = 127.0.0.1 # Do not log every update LOG_UPDATES = False LOG_CACHE_HITS = False ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.carbon.relayRules
Relay rules are used to send certain metrics to a certain backend.
Type: null or string
Default: null
Example:
'' [example] pattern = ^mydata\.foo\..+ servers = 10.1.2.3, 10.1.2.4:2004, myserver.mydomain.com ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.carbon.rewriteRules
Regular expression patterns that can be used to rewrite metric names in a search and replace fashion.
Type: null or string
Default: null
Example:
'' [post] _sum$ = _avg$ = ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.carbon.storageAggregation
Defines how to aggregate data to lower-precision retentions.
Type: null or string
Default: null
Example:
'' [all_min] pattern = \.min$ xFilesFactor = 0.1 aggregationMethod = min ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.carbon.storageSchemas
Defines retention rates for storing metrics.
Type: null or string
Default: ""
Example:
'' [apache_busyWorkers] pattern = ^servers\.www.*\.workers\.busyWorkers$ retentions = 15s:7d,1m:21d,15m:5y ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.carbon.whitelist
Only metrics received which match one of the experssions will be persisted.
Type: null or string
Default: null
Example: ".*"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.dataDir
Data directory for graphite.
Type: path
Default: "/var/db/graphite"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.seyren.enable
Whether to enable seyren service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.seyren.extraConfig
Extra seyren configuration. See https://github.com/scobal/seyren#config
Type: attribute set of strings
Default: { }
Example:
{ GRAPHITE_USERNAME = "user"; GRAPHITE_PASSWORD = "pass"; }Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.seyren.graphiteUrl
Host where graphite service runs.
Type: string
Default: "http://127.0.0.1:8080"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.seyren.mongoUrl
Mongodb connection string.
Type: string
Default: "mongodb://127.0.0.1:27017/seyren"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.seyren.port
Seyren listening port.
Type: signed integer
Default: 8081
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.seyren.seyrenUrl
Host where seyren is accessible.
Type: string
Default: "http://localhost:8081/"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.web.enable
Whether to enable graphite web frontend.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.web.extraConfig
Graphite webapp settings. See: http://graphite.readthedocs.io/en/latest/config-local-settings.html
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.web.listenAddress
Graphite web frontend listen address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graphite.web.port
Graphite web frontend port.
Type: signed integer
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
- services.graylog.enable
Whether to enable Graylog.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
- services.graylog.package
Graylog package to use.
Type: package
Default: pkgs.graylog
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
- services.graylog.elasticsearchHosts
List of valid URIs of the http ports of your elastic nodes. If one or more of your elasticsearch hosts require authentication, include the credentials in each node URI that requires authentication
Type: list of strings
Example: [ "http://node1:9200" "http://user:password@node2:19200" ]
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
- services.graylog.extraConfig
Any other configuration options you might want to add
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
- services.graylog.isMaster
Whether this is the master instance of your Graylog cluster
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
- services.graylog.messageJournalDir
The directory which will be used to store the message journal. The directory must be exclusively used by Graylog and must not contain any other files than the ones created by Graylog itself
Type: string
Default: "/var/lib/graylog/data/journal"
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
- services.graylog.mongodbUri
MongoDB connection string. See http://docs.mongodb.org/manual/reference/connection-string/ for details
Type: string
Default: "mongodb://localhost/graylog"
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
- services.graylog.nodeIdFile
Path of the file containing the graylog node-id
Type: string
Default: "/var/lib/graylog/server/node-id"
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
- services.graylog.passwordSecret
You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters. Generate one by using for example: pwgen -N 1 -s 96
Type: string
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
- services.graylog.plugins
Extra graylog plugins
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
- services.graylog.rootPasswordSha2
You MUST specify a hash password for the root user (which you only need to initially set up the system and in case you lose connectivity to your authentication backend) This password cannot be changed using the API or via the web interface. If you need to change it, modify it here. Create one by using for example: echo -n yourpassword | shasum -a 256 and use the resulting hash value as string for the option
Type: string
Example: "e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e952"
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
- services.graylog.rootUsername
Name of the default administrator user
Type: string
Default: "admin"
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
- services.graylog.user
User account under which graylog runs
Type: string
Default: "graylog"
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
- services.greenclip.enable
Whether to enable Greenclip daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/greenclip.nix>
- services.greenclip.package
greenclip derivation to use.
Type: package
Default: pkgs.haskellPackages.greenclip
Declared by:
<nixpkgs/nixos/modules/services/misc/greenclip.nix>
- services.greetd.enable
Whether to enable greetd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/display-managers/greetd.nix>
- services.greetd.package
The greetd package that should be used.
Type: package
Default: pkgs.greetd.greetd
Declared by:
<nixpkgs/nixos/modules/services/display-managers/greetd.nix>
- services.greetd.restart
Wether to restart greetd when it terminates (e.g. on failure). This is usually desirable so a user can always log in, but should be disabled when using 'settings.initial_session' (autologin), because every greetd restart will trigger the autologin again.
Type: boolean
Default: !(config.services.greetd.settings ? initial_session)
Declared by:
<nixpkgs/nixos/modules/services/display-managers/greetd.nix>
- services.greetd.settings
greetd configuration (documentation) as a Nix attribute set.
Type: TOML value
Example:
{ default_session = { command = "${pkgs.greetd.greetd}/bin/agreety --cmd sway"; }; }Declared by:
<nixpkgs/nixos/modules/services/display-managers/greetd.nix>
- services.greetd.vt
The virtual console (tty) that greetd should use. This option also disables getty on that tty.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/display-managers/greetd.nix>
- services.grocy.enable
Whether to enable grocy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/grocy.nix>
- services.grocy.dataDir
Home directory of the grocy user which contains the application's state.
Type: string
Default: "/var/lib/grocy"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/grocy.nix>
- services.grocy.hostName
FQDN for the grocy instance.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/grocy.nix>
- services.grocy.nginx.enableSSL
Whether or not to enable SSL (with ACME and let's encrypt) for the grocy vhost.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/grocy.nix>
- services.grocy.phpfpm.settings
Options for grocy's PHPFPM pool.
Type: attribute set of signed integer or string or booleans
Default: { catch_workers_output = true; listen.owner = "nginx"; php_admin_flag[log_errors] = true; php_admin_value[error_log] = "stderr"; pm = "dynamic"; pm.max_children = "32"; pm.max_requests = "500"; pm.max_spare_servers = "4"; pm.min_spare_servers = "2"; pm.start_servers = "2"; }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/grocy.nix>
- services.grocy.settings.calendar.firstDayOfWeek
Which day of the week (0=Sunday, 1=Monday etc.) should be the first day.
Type: null or one of 0, 1, 2, 3, 4, 5, 6
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/grocy.nix>
- services.grocy.settings.calendar.showWeekNumber
Show the number of the weeks in the calendar views.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/grocy.nix>
- services.grocy.settings.culture
Display language of the frontend.
Type: one of "de", "en", "da", "en_GB", "es", "fr", "hu", "it", "nl", "no", "pl", "pt_BR", "ru", "sk_SK", "sv_SE", "tr"
Default: "en"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/grocy.nix>
- services.grocy.settings.currency
ISO 4217 code for the currency to display.
Type: string
Default: "USD"
Example: "EUR"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/grocy.nix>
- services.gsignond.enable
Whether to enable gSignOn daemon, a DBus service which performs user authentication on behalf of its clients.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gsignond.nix>
- services.gsignond.plugins
What plugins to use with the gSignOn daemon.
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/desktops/gsignond.nix>
- services.gvfs.enable
Whether to enable GVfs, a userspace virtual filesystem.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/gvfs.nix>
- services.gvfs.package
Which GVfs package to use.
Type: package
Default: pkgs.gnome.gvfs
Declared by:
<nixpkgs/nixos/modules/services/desktops/gvfs.nix>
- services.gvpe.enable
Whether to enable gvpe.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
- services.gvpe.configFile
GVPE config file, if already present
Type: null or path
Default: null
Example: "/root/my-gvpe-conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
- services.gvpe.configText
GVPE config contents
Type: null or strings concatenated with "\n"
Default: null
Example:
'' tcp-port = 655 udp-port = 655 mtu = 1480 ifname = vpn0 node = alpha hostname = alpha.example.org connect = always enable-udp = true enable-tcp = true on alpha if-up = if-up-0 on alpha pid-file = /var/gvpe/gvpe.pid ''
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
- services.gvpe.customIFSetup
Additional commands to apply in ifup script
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
- services.gvpe.ipAddress
IP address to assign to GVPE interface
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
- services.gvpe.nodename
GVPE node name
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
- services.gvpe.subnet
IP subnet assigned to GVPE network
Type: null or string
Default: null
Example: "10.0.0.0/8"
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
- services.hadoop.package
Type: package
Default: pkgs.hadoop
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
- services.hadoop.containerExecutorCfg
Yarn container-executor.cfg definition https://hadoop.apache.org/docs/r2.7.2/hadoop-yarn/hadoop-yarn-site/SecureContainer.html
Type: attribute set of anythings
Default: { feature.terminal.enabled = 1; min.user.id = 1000; yarn.nodemanager.linux-container-executor.group = "hadoop"; }
Example:
options.services.hadoop.containerExecutorCfg.default // { "feature.terminal.enabled" = 0; }Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
- services.hadoop.coreSite
Hadoop core-site.xml definition https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/core-default.xml
Type: attribute set of anythings
Default: { }
Example:
{ "fs.defaultFS" = "hdfs://localhost"; }Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
- services.hadoop.extraConfDirs
Directories containing additional config files to be added to HADOOP_CONF_DIR
Type: list of paths
Default: [ ]
Example:
[ ./extraHDFSConfs ./extraYARNConfs ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
- services.hadoop.hdfs.datanode.enable
Whether to enable Whether to run the HDFS DataNode.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
- services.hadoop.hdfs.datanode.openFirewall
Open firewall ports for datanode
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
- services.hadoop.hdfs.datanode.restartIfChanged
Automatically restart the service on config change. This can be set to false to defer restarts on clusters running critical applications. Please consider the security implications of inadvertently running an older version, and the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
- services.hadoop.hdfs.httpfs.enable
Whether to enable Whether to run the HDFS HTTPfs server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
- services.hadoop.hdfs.httpfs.openFirewall
Open firewall ports for HTTPFS
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
- services.hadoop.hdfs.httpfs.restartIfChanged
Automatically restart the service on config change. This can be set to false to defer restarts on clusters running critical applications. Please consider the security implications of inadvertently running an older version, and the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
- services.hadoop.hdfs.httpfs.tempPath
HTTPFS_TEMP path used by HTTPFS
Type: path
Default: "/tmp/hadoop/httpfs"
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
- services.hadoop.hdfs.journalnode.enable
Whether to enable Whether to run the HDFS JournalNode.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
- services.hadoop.hdfs.journalnode.openFirewall
Open firewall ports for journalnode
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
- services.hadoop.hdfs.journalnode.restartIfChanged
Automatically restart the service on config change. This can be set to false to defer restarts on clusters running critical applications. Please consider the security implications of inadvertently running an older version, and the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
- services.hadoop.hdfs.namenode.enable
Whether to enable Whether to run the HDFS NameNode.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
- services.hadoop.hdfs.namenode.formatOnInit
Format HDFS namenode on first start. This is useful for quickly spinning up ephemeral HDFS clusters with a single namenode. For HA clusters, initialization involves multiple steps across multiple nodes. Follow [this guide](https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/HDFSHighAvailabilityWithQJM.html) to initialize an HA cluster manually.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
- services.hadoop.hdfs.namenode.openFirewall
Open firewall ports for namenode
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
- services.hadoop.hdfs.namenode.restartIfChanged
Automatically restart the service on config change. This can be set to false to defer restarts on clusters running critical applications. Please consider the security implications of inadvertently running an older version, and the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
- services.hadoop.hdfs.zkfc.enable
Whether to enable Whether to run the HDFS ZooKeeper failover controller.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
- services.hadoop.hdfs.zkfc.restartIfChanged
Automatically restart the service on config change. This can be set to false to defer restarts on clusters running critical applications. Please consider the security implications of inadvertently running an older version, and the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
- services.hadoop.hdfsSite
Hadoop hdfs-site.xml definition https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/hdfs-default.xml
Type: attribute set of anythings
Default: { dfs.namenode.rpc-bind-host = "0.0.0.0"; }
Example:
{ "dfs.nameservices" = "namenode1"; }Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
- services.hadoop.httpfsSite
Hadoop httpfs-site.xml definition https://hadoop.apache.org/docs/current/hadoop-hdfs-httpfs/httpfs-default.html
Type: attribute set of anythings
Default: { }
Example:
{ "hadoop.http.max.threads" = 500; }Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
- services.hadoop.log4jProperties
log4j.properties file added to HADOOP_CONF_DIR
Type: path
Default: "\${pkgs.hadoop}/lib/hadoop-3.3.1/etc/hadoop/log4j.properties"
Example:
"${pkgs.hadoop}/lib/${pkgs.hadoop.untarDir}/etc/hadoop/log4j.properties";Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
- services.hadoop.mapredSite
Hadoop mapred-site.xml definition https://hadoop.apache.org/docs/current/hadoop-mapreduce-client/hadoop-mapreduce-client-core/mapred-default.xml
Type: attribute set of anythings
Default: { mapreduce.framework.name = "yarn"; mapreduce.map.env = "HADOOP_MAPRED_HOME=\${pkgs.hadoop}/lib/hadoop-3.3.1"; mapreduce.reduce.env = "HADOOP_MAPRED_HOME=\${pkgs.hadoop}/lib/hadoop-3.3.1"; yarn.app.mapreduce.am.env = "HADOOP_MAPRED_HOME=\${pkgs.hadoop}/lib/hadoop-3.3.1"; }
Example:
options.services.hadoop.mapredSite.default // { "mapreduce.map.java.opts" = "-Xmx900m -XX:+UseParallelGC"; }Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
- services.hadoop.yarn.nodemanager.enable
Whether to enable Whether to run the Hadoop YARN NodeManager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
- services.hadoop.yarn.nodemanager.addBinBash
Add /bin/bash. This is needed by the linux container executor's launch script.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
- services.hadoop.yarn.nodemanager.openFirewall
Open firewall ports for nodemanager. Because containers can listen on any ephemeral port, TCP ports 1024–65535 will be opened.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
- services.hadoop.yarn.nodemanager.restartIfChanged
Automatically restart the service on config change. This can be set to false to defer restarts on clusters running critical applications. Please consider the security implications of inadvertently running an older version, and the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
- services.hadoop.yarn.resourcemanager.enable
Whether to enable Whether to run the Hadoop YARN ResourceManager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
- services.hadoop.yarn.resourcemanager.openFirewall
Open firewall ports for resourcemanager
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
- services.hadoop.yarn.resourcemanager.restartIfChanged
Automatically restart the service on config change. This can be set to false to defer restarts on clusters running critical applications. Please consider the security implications of inadvertently running an older version, and the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
- services.hadoop.yarnSite
Hadoop yarn-site.xml definition https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-common/yarn-default.xml
Type: attribute set of anythings
Default: { yarn.nodemanager.admin-env = "PATH=$PATH"; yarn.nodemanager.aux-services = "mapreduce_shuffle"; yarn.nodemanager.aux-services.mapreduce_shuffle.class = "org.apache.hadoop.mapred.ShuffleHandler"; yarn.nodemanager.bind-host = "0.0.0.0"; yarn.nodemanager.container-executor.class = "org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor"; yarn.nodemanager.env-whitelist = "JAVA_HOME,HADOOP_COMMON_HOME,HADOOP_HDFS_HOME,HADOOP_CONF_DIR,CLASSPATH_PREPEND_DISTCACHE,HADOOP_YARN_HOME,HADOOP_HOME,LANG,TZ"; yarn.nodemanager.linux-container-executor.group = "hadoop"; yarn.nodemanager.linux-container-executor.path = "/run/wrappers/yarn-nodemanager/bin/container-executor"; yarn.nodemanager.log-dirs = "/var/log/hadoop/yarn/nodemanager"; yarn.resourcemanager.bind-host = "0.0.0.0"; yarn.resourcemanager.scheduler.class = "org.apache.hadoop.yarn.server.resourcemanager.scheduler.fifo.FifoScheduler"; }
Example:
options.services.hadoop.yarnSite.default // { "yarn.resourcemanager.hostname" = "${config.networking.hostName}"; }Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
- services.hail.enable
Enables the Hail Auto Update Service. Hail can automatically deploy artifacts built by a Hydra Continous Integration server. A common use case is to provide continous deployment for single services or a full NixOS configuration.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hail.nix>
- services.hail.package
Hail package to use.
Type: package
Default: pkgs.haskellPackages.hail
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hail.nix>
- services.hail.hydraJobUri
The URI of the Hydra Job.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hail.nix>
- services.hail.netrc
The netrc file to use when fetching data from Hydra.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hail.nix>
- services.hail.profile
The name of the Nix profile used by Hail.
Type: string
Default: "hail-profile"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hail.nix>
- services.haka.enable
Whether to enable Haka.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
- services.haka.package
Which Haka derivation to use.
Type: package
Default: pkgs.haka
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
- services.haka.configFile
Specify which configuration file Haka uses. It can be absolute path or a path relative to the sample directory of the haka git repo.
Type: string
Default: "empty.lua"
Example: "/srv/haka/myfilter.lua"
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
- services.haka.dump.enable
Whether to enable dump.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
- services.haka.dump.input
Path to file where incoming packets are dumped
Type: path
Default: "/tmp/input.pcap"
Example: "/path/to/file.pcap"
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
- services.haka.dump.output
Path to file where outgoing packets are dumped
Type: path
Default: "/tmp/output.pcap"
Example: "/path/to/file.pcap"
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
- services.haka.interfaces
Specify which interface(s) Haka listens to. Use 'any' to listen to all interfaces.
Type: list of strings
Default: [ "eth0" ]
Example: [ "any" ]
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
- services.haka.nfqueue
Whether to enable nfqueue.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
- services.haka.pcap
Whether to enable pcap
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
- services.haka.threads
The number of threads that will be used. All system threads are used by default.
Type: signed integer
Default: 0
Example: 4
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
- services.hans.clients
Each attribute of this option defines a systemd service that runs hans. Many or none may be defined. The name of each service is hans-name where name is the name of the corresponding attribute name.
Type: attribute set of submodules
Default: { }
Example:
{ foo = { server = "192.0.2.1"; extraConfig = "-v"; } }Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
- services.hans.clients.<name>.extraConfig
Additional command line parameters
Type: string
Default: ""
Example: "-v"
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
- services.hans.clients.<name>.passwordFile
File that containts password
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
- services.hans.clients.<name>.server
IP address of server running hans
Type: string
Default: ""
Example: "192.0.2.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
- services.hans.server.enable
enable hans server
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
- services.hans.server.extraConfig
Additional command line parameters
Type: string
Default: ""
Example: "-v"
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
- services.hans.server.ip
The assigned ip range
Type: string
Default: ""
Example: "198.51.100.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
- services.hans.server.passwordFile
File that containts password
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
- services.hans.server.respondToSystemPings
Force hans respond to ordinary pings
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
- services.haproxy.enable
Whether to enable HAProxy, the reliable, high performance TCP/HTTP load balancer.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/haproxy.nix>
- services.haproxy.config
Contents of the HAProxy configuration file, haproxy.conf.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/haproxy.nix>
- services.haproxy.group
Group account under which haproxy runs.
Type: string
Default: "haproxy"
Declared by:
<nixpkgs/nixos/modules/services/networking/haproxy.nix>
- services.haproxy.user
User account under which haproxy runs.
Type: string
Default: "haproxy"
Declared by:
<nixpkgs/nixos/modules/services/networking/haproxy.nix>
- services.hardware.bolt.enable
Whether to enable Bolt, a userspace daemon to enable security levels for Thunderbolt 3 on GNU/Linux.
Bolt is used by GNOME 3 to handle Thunderbolt settings.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/bolt.nix>
- services.hardware.lcd.client.enable
Enable the LCD panel client (LCDproc)
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
- services.hardware.lcd.client.extraConfig
Additional configuration added verbatim to the client config.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
- services.hardware.lcd.client.restartForever
Try restarting the client forever.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
- services.hardware.lcd.server.enable
Enable the LCD panel server (LCDd)
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
- services.hardware.lcd.server.extraConfig
Additional configuration added verbatim to the server config.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
- services.hardware.lcd.server.openPorts
Open the ports in the firewall
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
- services.hardware.lcd.server.usbGroup
The group to use for settings permissions. This group must exist or you will have to create it.
Type: string
Default: "dialout"
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
- services.hardware.lcd.server.usbPermissions
Set group-write permissions on a USB device.
A USB connected LCD panel will most likely require having its permissions modified for lcdd to write to it. Enabling this option sets group-write permissions on the device identified by services.hardware.lcd.usbVid and services.hardware.lcd.usbPid. In order to find the values, you can run the lsusb command. Example output:
Bus 005 Device 002: ID 0403:c630 Future Technology Devices International, Ltd lcd2usb interface
In this case the vendor id is 0403 and the product id is c630.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
- services.hardware.lcd.server.usbPid
The product ID of the USB device to claim.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
- services.hardware.lcd.server.usbVid
The vendor ID of the USB device to claim.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
- services.hardware.lcd.serverHost
Host on which LCDd is listening.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
- services.hardware.lcd.serverPort
Port on which LCDd is listening.
Type: signed integer
Default: 13666
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
- services.hardware.pommed.enable
Whether to use the pommed tool to handle Apple laptop keyboard hotkeys.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/pommed.nix>
- services.hardware.pommed.configFile
The path to the pommed.conf file. Leave to null to use the default config file (/etc/pommed.conf.mactel). See the files /etc/pommed.conf.mactel and /etc/pommed.conf.pmac for examples to build on.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/pommed.nix>
- services.hardware.xow.enable
Whether to enable xow as a systemd service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/xow.nix>
- services.haveged.enable
Whether to enable to haveged entropy daemon, which refills /dev/random when low.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/haveged.nix>
- services.haveged.refill_threshold
The number of bits of available entropy beneath which haveged should refill the entropy pool.
Type: signed integer
Default: 1024
Declared by:
<nixpkgs/nixos/modules/services/security/haveged.nix>
- services.hbase.enable
Whether to run HBase.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/hbase.nix>
- services.hbase.package
HBase package to use.
Type: package
Default: pkgs.hbase
Declared by:
<nixpkgs/nixos/modules/services/databases/hbase.nix>
- services.hbase.dataDir
Specifies location of HBase database files. This location should be writable and readable for the user the HBase service runs as (hbase by default).
Type: path
Default: "/var/lib/hbase"
Declared by:
<nixpkgs/nixos/modules/services/databases/hbase.nix>
- services.hbase.group
Group account under which HBase runs.
Type: string
Default: "hbase"
Declared by:
<nixpkgs/nixos/modules/services/databases/hbase.nix>
- services.hbase.logDir
Specifies the location of HBase log files.
Type: path
Default: "/var/log/hbase"
Declared by:
<nixpkgs/nixos/modules/services/databases/hbase.nix>
- services.hbase.settings
configurations in hbase-site.xml, see https://github.com/apache/hbase/blob/master/hbase-server/src/test/resources/hbase-site.xml for details.
Type: attribute set of string or signed integer or booleans
Default: { hbase.rootdir = "file:///var/lib/hbase/hbase"; hbase.zookeeper.property.dataDir = "/var/lib/hbase/zookeeper"; }
Declared by:
<nixpkgs/nixos/modules/services/databases/hbase.nix>
- services.hbase.user
User account under which HBase runs.
Type: string
Default: "hbase"
Declared by:
<nixpkgs/nixos/modules/services/databases/hbase.nix>
- services.hdapsd.enable
Whether to enable Hard Drive Active Protection System Daemon, devices are detected and managed automatically by udev and systemd .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/hdaps.nix>
- services.headphones.enable
Whether to enable the headphones server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/headphones.nix>
- services.headphones.configFile
Path to config file.
Type: path
Default: "/var/lib/headphones/config.ini"
Declared by:
<nixpkgs/nixos/modules/services/misc/headphones.nix>
- services.headphones.dataDir
Path where to store data files.
Type: path
Default: "/var/lib/headphones"
Declared by:
<nixpkgs/nixos/modules/services/misc/headphones.nix>
- services.headphones.group
Group to run the service as
Type: string
Default: "headphones"
Declared by:
<nixpkgs/nixos/modules/services/misc/headphones.nix>
- services.headphones.host
Host to listen on.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/headphones.nix>
- services.headphones.port
Port to bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8181
Declared by:
<nixpkgs/nixos/modules/services/misc/headphones.nix>
- services.headphones.user
User to run the service as
Type: string
Default: "headphones"
Declared by:
<nixpkgs/nixos/modules/services/misc/headphones.nix>
- services.heapster.enable
Whether to enable heapster monitoring
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/heapster.nix>
- services.heapster.package
Package to use by heapster
Type: package
Default: pkgs.heapster
Declared by:
<nixpkgs/nixos/modules/services/monitoring/heapster.nix>
- services.heapster.extraOpts
Heapster extra options
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/heapster.nix>
- services.heapster.sink
Heapster metic sink
Type: string
Example: "influxdb:http://localhost:8086"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/heapster.nix>
- services.heapster.source
Heapster metric source
Type: string
Example: "kubernetes:https://kubernetes.default"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/heapster.nix>
- services.heartbeat.enable
Whether to enable heartbeat.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/logging/heartbeat.nix>
- services.heartbeat.extraConfig
Any other configuration options you want to add
Type: strings concatenated with "\n"
Default:
'' heartbeat.monitors: - type: http urls: ["http://localhost:9200"] schedule: '@every 10s' ''
Declared by:
<nixpkgs/nixos/modules/services/logging/heartbeat.nix>
- services.heartbeat.name
Name of the beat
Type: string
Default: "heartbeat"
Declared by:
<nixpkgs/nixos/modules/services/logging/heartbeat.nix>
- services.heartbeat.stateDir
The state directory. heartbeat's own logs and other data are stored here.
Type: string
Default: "/var/lib/heartbeat"
Declared by:
<nixpkgs/nixos/modules/services/logging/heartbeat.nix>
- services.heartbeat.tags
Tags to place on the shipped log messages
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/logging/heartbeat.nix>
- services.hedgedoc.enable
Whether to enable the HedgeDoc Markdown Editor.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.package
Package that provides HedgeDoc.
Type: package
Default: pkgs.hedgedoc
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.allowAnonymous
Whether to allow anonymous usage.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.allowAnonymousEdits
Whether to allow guests to edit existing notes with the `freely' permission, when allowAnonymous is enabled.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.allowEmailRegister
Whether to enable email registration.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.allowFreeURL
Whether to allow note creation by accessing a nonexistent note URL.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.allowGravatar
Whether to use gravatar as profile picture source.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.allowOrigin
List of domains to whitelist.
Type: list of strings
Default: [ ]
Example: [ "localhost" "hedgedoc.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.allowPDFExport
Whether to enable PDF exports.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.azure
Configure the azure third-party integration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.azure.connectionString
Azure Blob Storage connection string.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.azure.container
Azure Blob Storage container name. It will be created if non-existent.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.csp
Specify the Content Security Policy which is passed to Helmet. For configuration details see https://helmetjs.github.io/docs/csp/.
Type: null or attribute set
Default: null
Example:
{ enable = true; directives = { scriptSrc = "trustworthy.scripts.example.com"; }; upgradeInsecureRequest = "auto"; addDefaults = true; }Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.db
Specify the configuration for sequelize. HedgeDoc supports mysql, postgres, sqlite and mssql. See https://sequelize.readthedocs.io/en/v3/ for more information. Note: This option overrides db.
Type: attribute set
Default: { }
Example:
{ dialect = "sqlite"; storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite"; }Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.dbURL
Specify which database to use. HedgeDoc supports mysql, postgres, sqlite and mssql. See https://sequelize.readthedocs.io/en/v3/ for more information. Note: This option overrides db.
Type: null or string
Default: null
Example:
'' postgres://user:pass@host:5432/dbname ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.debug
Whether to enable debug mode.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.defaultNotePath
Path to the default Note file. (Non-canonical paths are relative to HedgeDoc's base directory)
Type: null or string
Default: "./public/default.md"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.defaultPermission
Default permissions for notes. This only applies for signed-in users.
Type: one of "freely", "editable", "limited", "locked", "private"
Default: "editable"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.dhParamPath
Path to the SSL dh params. Needed when useSSL is enabled.
Type: null or string
Default: null
Example: "/var/lib/hedgedoc/dhparam.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.docsPath
Path to the docs directory. (Non-canonical paths are relative to HedgeDoc's base directory)
Type: null or string
Default: "./public/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.documentMaxLength
Specify the maximum document length.
Type: signed integer
Default: 100000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.domain
Domain name for the HedgeDoc instance.
Type: null or string
Default: null
Example: "hedgedoc.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.dropbox
Configure the Dropbox third-party integration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.dropbox.appKey
Dropbox app key.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.dropbox.clientID
Dropbox API client ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.dropbox.clientSecret
Dropbox API client secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.email
Whether to enable email sign-in.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.errorPath
Path to the error template file. (Non-canonical paths are relative to HedgeDoc's base directory)
Type: null or string
Default: ./public/views/error.ejs
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.facebook
Configure the facebook third-party integration
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.facebook.clientID
Facebook API client ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.facebook.clientSecret
Facebook API client secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.github
Configure the GitHub third-party integration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.github.clientID
GitHub API client ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.github.clientSecret
Github API client secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.gitlab
Configure the GitLab third-party integration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.gitlab.baseURL
GitLab API authentication endpoint. Only needed for other endpoints than gitlab.com.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.gitlab.clientID
GitLab API client ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.gitlab.clientSecret
GitLab API client secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.gitlab.scope
GitLab API requested scope. GitLab snippet import/export requires api scope.
Type: one of "api", "read_user"
Default: "api"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.google
Configure the Google third-party integration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.google.clientID
Google API client ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.google.clientSecret
Google API client secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.hackmdPath
Path to the hackmd template file. (Non-canonical paths are relative to HedgeDoc's base directory)
Type: null or string
Default: "./public/views/hackmd.ejs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.heartbeatInterval
Specify the socket.io heartbeat interval.
Type: signed integer
Default: 5000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.heartbeatTimeout
Specify the socket.io heartbeat timeout.
Type: signed integer
Default: 10000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.host
Address to listen on.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.hsts.enable
Whether to enable HSTS if HTTPS is also enabled.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.hsts.includeSubdomains
Whether to include subdomains in HSTS.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.hsts.maxAgeSeconds
Max duration for clients to keep the HSTS status.
Type: signed integer
Default: 31536000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.hsts.preload
Whether to allow preloading of the site's HSTS status.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.imageUploadType
Specify where to upload images.
Type: one of "imgur", "s3", "minio", "filesystem"
Default: "filesystem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.imgur.clientId
Imgur API client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.indexPath
Path to the index template file. (Non-canonical paths are relative to HedgeDoc's base directory)
Type: null or string
Default: "./public/views/index.ejs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.ldap
Configure the LDAP integration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.ldap.bindCredentials
Bind credentials for LDAP access.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.ldap.bindDn
Bind DN for LDAP access.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.ldap.providerName
Optional name to be displayed at login form, indicating the LDAP provider.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.ldap.searchAttributes
LDAP attributes to search with.
Type: list of strings
Example: [ "displayName" "mail" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.ldap.searchBase
LDAP directory to begin search from.
Type: string
Example: "o=users,dc=example,dc=com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.ldap.searchFilter
LDAP filter to search with.
Type: string
Example: "(uid={{username}})"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.ldap.tlsca
Root CA for LDAP TLS in PEM format.
Type: string
Example: "server-cert.pem,root.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.ldap.url
URL of LDAP server.
Type: string
Example: "ldap://localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.ldap.userNameField
LDAP field which is used as the username on HedgeDoc. By default useridField is used.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.ldap.useridField
LDAP field which is a unique identifier for users on HedgeDoc.
Type: string
Example: "uid"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.mattermost
Configure the Mattermost third-party integration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.mattermost.baseURL
Mattermost authentication endpoint.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.mattermost.clientID
Mattermost API client ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.mattermost.clientSecret
Mattermost API client secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.minio
Configure the minio third-party integration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.minio.accessKey
Minio access key.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.minio.endpoint
Minio endpoint.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.minio.port
Minio listen port.
Type: signed integer
Default: 9000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.minio.secretKey
Minio secret key.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.minio.secure
Whether to use HTTPS for Minio.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.oauth2
Configure the OAuth integration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.oauth2.accessRole
Specify role which should be included in the ID token roles claim to grant access
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.oauth2.authorizationURL
Specify the OAuth authorization URL.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.oauth2.baseURL
Specify the OAuth base URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.oauth2.clientID
Specify the OAuth client ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.oauth2.clientSecret
Specify the OAuth client secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.oauth2.providerName
Specify the name to be displayed for this strategy.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.oauth2.rolesClaim
Specify the role claim name.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.oauth2.scope
Specify the OAuth scope.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.oauth2.tokenURL
Specify the OAuth token URL.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.oauth2.userProfileDisplayNameAttr
Specify the name of the attribute for the display name from the claim.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.oauth2.userProfileEmailAttr
Specify the name of the attribute for the email from the claim.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.oauth2.userProfileURL
Specify the OAuth userprofile URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.oauth2.userProfileUsernameAttr
Specify the name of the attribute for the username from the claim.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.path
Specify where a UNIX domain socket should be placed.
Type: null or string
Default: null
Example: "/run/hedgedoc.sock"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.port
Port to listen on.
Type: signed integer
Default: 3000
Example: 80
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.prettyPath
Path to the pretty template file. (Non-canonical paths are relative to HedgeDoc's base directory)
Type: null or string
Default: ./public/views/pretty.ejs
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.protocolUseSSL
Enable to use TLS for resource paths. This only applies when domain is set.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.s3
Configure the s3 third-party integration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.s3.accessKeyId
AWS access key id.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.s3.region
AWS S3 region.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.s3.secretAccessKey
AWS access key.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.s3bucket
Specify the bucket name for upload types s3 and minio.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.saml
Configure the SAML integration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.saml.attribute.email
Attribute map for `email'. Defaults to `NameID' of SAML response if identifierFormat has the default value.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.saml.attribute.id
Attribute map for `id'. Defaults to `NameID' of SAML response.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.saml.attribute.username
Attribute map for `username'. Defaults to `NameID' of SAML response.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.saml.externalGroups
Excluded group names.
Type: list of strings
Default: [ ]
Example: [ "Temporary-staff" "External-users" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.saml.groupAttribute
Optional attribute name for group list.
Type: string
Default: ""
Example: "memberOf"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.saml.identifierFormat
Optional name identifier format.
Type: string
Default: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.saml.idpCert
Path to IdP certificate file in PEM format.
Type: path
Example: "/path/to/cert.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.saml.idpSsoUrl
IdP authentication endpoint.
Type: string
Example: "https://idp.example.com/sso"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.saml.issuer
Optional identity of the service provider. This defaults to the server URL.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.saml.requiredGroups
Required group names.
Type: list of strings
Default: [ ]
Example: [ "Hedgedoc-Users" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.sessionLife
Session life time in milliseconds.
Type: signed integer
Default: 1209600000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.sessionName
Specify the name of the session cookie.
Type: string
Default: "connect.sid"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.sessionSecret
Specify the secret used to sign the session cookie. If unset, one will be generated on startup.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.slidePath
Path to the slide template file. (Non-canonical paths are relative to HedgeDoc's base directory)
Type: null or string
Default: ./public/views/slide.hbs
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.sslCAPath
SSL ca chain. Needed when useSSL is enabled.
Type: list of strings
Default: [ ]
Example: [ "/var/lib/hedgedoc/ca.crt" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.sslCertPath
Path to the SSL cert. Needed when useSSL is enabled.
Type: null or string
Default: null
Example: "/var/lib/hedgedoc/hedgedoc.crt"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.sslKeyPath
Path to the SSL key. Needed when useSSL is enabled.
Type: null or string
Default: null
Example: "/var/lib/hedgedoc/hedgedoc.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.tmpPath
Path to the temp directory HedgeDoc should use. Note that serviceConfig.PrivateTmp is enabled for the HedgeDoc systemd service by default. (Non-canonical paths are relative to HedgeDoc's base directory)
Type: string
Default: "/tmp"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.twitter
Configure the Twitter third-party integration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.twitter.consumerKey
Twitter API consumer key.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.twitter.consumerSecret
Twitter API consumer secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.uploadsPath
Path under which uploaded files are saved.
Type: string
Default: /var/lib/hedgedoc/uploads
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.urlAddPort
Enable to add the port to callback URLs. This only applies when domain is set and only for ports other than 80 and 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.urlPath
Path under which HedgeDoc is accessible.
Type: null or string
Default: null
Example: "/url/path/to/hedgedoc"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.useCDN
Whether to use CDN resources or not.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.configuration.useSSL
Enable to use SSL server. This will also enable protocolUseSSL.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.environmentFile
Environment file as defined in systemd.exec(5).
Secrets may be passed to the service without adding them to the world-readable Nix store, by specifying placeholder variables as the option value in Nix and setting these variables accordingly in the environment file.
# snippet of HedgeDoc-related config services.hedgedoc.configuration.dbURL = "postgres://hedgedoc:\${DB_PASSWORD}@db-host:5432/hedgedocdb"; services.hedgedoc.configuration.minio.secretKey = "$MINIO_SECRET_KEY";# content of the environment file DB_PASSWORD=verysecretdbpassword MINIO_SECRET_KEY=verysecretminiokey
Note that this file needs to be available on the host on which HedgeDoc is running.
Type: null or path
Default: null
Example: "/var/lib/hedgedoc/hedgedoc.env"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.groups
Groups to which the user hedgedoc should be added.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hedgedoc.workDir
Working directory for the HedgeDoc service.
Type: path
Default: "/var/lib/hedgedoc"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
- services.hercules-ci-agent.enable
Enable to run Hercules CI Agent as a system service.
Hercules CI is a continuous integation service that is centered around Nix.
Support is available at help@hercules-ci.com.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
- services.hercules-ci-agent.package
Package containing the bin/hercules-ci-agent executable.
Type: package
Default: pkgs.hercules-ci-agent
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
- services.hercules-ci-agent.checkNix
Whether to make sure that the system's Nix (nix-daemon) is compatible.
If you set this to false, please keep up with the change log.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
- services.hercules-ci-agent.settings
These settings are written to the agent.toml file.
Not all settings are listed as options, can be set nonetheless.
For the exhaustive list of settings, see https://docs.hercules-ci.com/hercules-ci/reference/agent-config/.
Type: TOML value
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
- services.hercules-ci-agent.settings.apiBaseUrl
API base URL that the agent will connect to.
When using Hercules CI Enterprise, set this to the URL where your Hercules CI server is reachable.
Type: string
Default: "https://hercules-ci.com"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
- services.hercules-ci-agent.settings.baseDirectory
State directory (secrets, work directory, etc) for agent
Type: path
Default: "/var/lib/hercules-ci-agent"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
- services.hercules-ci-agent.settings.binaryCachesPath
Path to a JSON file containing binary cache secret keys.
As these values are confidential, they should not be in the store, but copied over using other means, such as agenix, NixOps deployment.keys, or manual installation.
The format is described on https://docs.hercules-ci.com/hercules-ci-agent/binary-caches-json/.
Type: path
Default: staticSecretsDirectory + "/binary-caches.json"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
- services.hercules-ci-agent.settings.clusterJoinTokenPath
Location of the cluster-join-token.key file.
You can retrieve the contents of the file when creating a new agent via https://hercules-ci.com/dashboard.
As this value is confidential, it should not be in the store, but installed using other means, such as agenix, NixOps deployment.keys, or manual installation.
The contents of the file are used for authentication between the agent and the API.
Type: path
Default: staticSecretsDirectory + "/cluster-join-token.key"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
- services.hercules-ci-agent.settings.concurrentTasks
Number of tasks to perform simultaneously.
A task is a single derivation build, an evaluation or an effect run. At minimum, you need 2 concurrent tasks for x86_64-linux in your cluster, to allow for import from derivation.
concurrentTasks can be around the CPU core count or lower if memory is the bottleneck.
The optimal value depends on the resource consumption characteristics of your workload, including memory usage and in-task parallelism. This is typically determined empirically.
When scaling, it is generally better to have a double-size machine than two machines, because each split of resources causes inefficiencies; particularly with regards to build latency because of extra downloads.
Type: positive integer, meaning >0 or value "auto" (singular enum)
Default: "auto"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
- services.hercules-ci-agent.settings.labels
A key-value map of user data.
This data will be available to organization members in the dashboard and API.
The values can be of any TOML type that corresponds to a JSON type, but arrays can not contain tables/objects due to limitations of the TOML library. Values involving arrays of non-primitive types may not be representable currently.
Type: TOML value
Default:
{ agent.source = "..."; # One of "nixpkgs", "flake", "override" lib.version = "..."; pkgs.version = "..."; }Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
- services.hercules-ci-agent.settings.secretsJsonPath
Path to a JSON file containing secrets for effects.
As these values are confidential, they should not be in the store, but copied over using other means, such as agenix, NixOps deployment.keys, or manual installation.
The format is described on https://docs.hercules-ci.com/hercules-ci-agent/secrets-json/.
Type: path
Default: staticSecretsDirectory + "/secrets.json"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
- services.hercules-ci-agent.settings.staticSecretsDirectory
This is the default directory to look for statically configured secrets like cluster-join-token.key.
See also clusterJoinTokenPath and binaryCachesPath for fine-grained configuration.
Type: path
Default: baseDirectory + "/secrets"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
- services.hercules-ci-agent.settings.workDirectory
The directory in which temporary subdirectories are created for task state. This includes sources for Nix evaluation.
Type: path
Default: baseDirectory + "/work"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
- services.hitch.enable
Whether to enable Hitch Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
- services.hitch.backend
The host and port Hitch connects to when receiving a connection in the form [HOST]:PORT
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
- services.hitch.ciphers
The list of ciphers to use
Type: string
Default: "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
- services.hitch.extraConfig
Additional configuration lines
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
- services.hitch.frontend
The port and interface of the listen endpoint in the + form [HOST]:PORT[+CERT].
Type: string or list of strings
Default: "[127.0.0.1]:443"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
- services.hitch.group
The group to run as
Type: string
Default: "hitch"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
- services.hitch.ocsp-stapling.enabled
Whether to enable OCSP Stapling
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
- services.hitch.pem-files
PEM files to use
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
- services.hitch.user
The user to run as
Type: string
Default: "hitch"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
- services.hledger-web.enable
Whether to enable hledger-web service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hledger-web.nix>
- services.hledger-web.baseUrl
Base URL, when sharing over a network.
Type: null or string
Default: null
Example: "https://example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hledger-web.nix>
- services.hledger-web.capabilities.add
Enable the add capability.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hledger-web.nix>
- services.hledger-web.capabilities.manage
Enable the manage capability.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hledger-web.nix>
- services.hledger-web.capabilities.view
Enable the view capability.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hledger-web.nix>
- services.hledger-web.extraOptions
Extra command line arguments to pass to hledger-web.
Type: list of strings
Default: [ ]
Example: [ "--forecast" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hledger-web.nix>
- services.hledger-web.host
Address to listen on.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hledger-web.nix>
- services.hledger-web.journalFiles
Paths to journal files relative to services.hledger-web.stateDir.
Type: list of strings
Default: [ ".hledger.journal" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hledger-web.nix>
- services.hledger-web.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5000
Example: 80
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hledger-web.nix>
- services.hledger-web.serveApi
Whether to enable Serve only the JSON web API, without the web UI..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hledger-web.nix>
- services.hledger-web.stateDir
Path the service has access to. If left as the default value this directory will automatically be created before the hledger-web server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: path
Default: "/var/lib/hledger-web"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hledger-web.nix>
- services.hockeypuck.enable
Whether to enable Hockeypuck OpenPGP Key Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/hockeypuck.nix>
- services.hockeypuck.port
HKP port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 11371
Declared by:
<nixpkgs/nixos/modules/services/security/hockeypuck.nix>
- services.hockeypuck.settings
Configuration file for hockeypuck, here you can override certain settings (loglevel and openpgp.db.dsn) by just setting those values.
For other settings you need to use lib.mkForce to override them.
This service doesn't provision or enable postgres on your system, it rather assumes that you enable postgres and create the database yourself.
Example: services.postgresql = { enable = true; ensureDatabases = [ "hockeypuck" ]; ensureUsers = [{ name = "hockeypuck"; ensurePermissions."DATABASE hockeypuck" = "ALL PRIVILEGES"; }]; };
Type: TOML value
Default: { }
Example:
{ hockeypuck = { loglevel = "INFO"; logfile = "/var/log/hockeypuck/hockeypuck.log"; indexTemplate = "${pkgs.hockeypuck-web}/share/templates/index.html.tmpl"; vindexTemplate = "${pkgs.hockeypuck-web}/share/templates/index.html.tmpl"; statsTemplate = "${pkgs.hockeypuck-web}/share/templates/stats.html.tmpl"; webroot = "${pkgs.hockeypuck-web}/share/webroot"; hkp.bind = ":${toString cfg.port}"; openpgp.db = { driver = "postgres-jsonb"; dsn = "database=hockeypuck host=/var/run/postgresql sslmode=disable"; }; }; }Declared by:
<nixpkgs/nixos/modules/services/security/hockeypuck.nix>
- services.hologram-agent.enable
Whether to enable the Hologram agent for AWS instance credentials
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-agent.nix>
- services.hologram-agent.dialAddress
Hologram server and port.
Type: string
Default: "localhost:3100"
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-agent.nix>
- services.hologram-agent.httpPort
Port for metadata service to listen on.
Type: string
Default: "80"
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-agent.nix>
- services.hologram-server.enable
Whether to enable the Hologram server for AWS instance credentials
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
- services.hologram-server.enableLdapRoles
Whether to assign user roles based on the user's LDAP group memberships
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
- services.hologram-server.awsAccount
AWS account number
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
- services.hologram-server.awsDefaultRole
AWS default role
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
- services.hologram-server.cacheTimeoutSeconds
How often (in seconds) to refresh the LDAP cache
Type: signed integer
Default: 3600
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
- services.hologram-server.groupClassAttr
The objectclass attribute to search for groups when enableLdapRoles is true
Type: string
Default: "groupOfNames"
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
- services.hologram-server.ldapBaseDN
The base DN for your Hologram users
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
- services.hologram-server.ldapBindDN
DN of account to use to query the LDAP server
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
- services.hologram-server.ldapBindPassword
Password of account to use to query the LDAP server
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
- services.hologram-server.ldapHost
Address of the LDAP server to use
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
- services.hologram-server.ldapInsecure
Whether to connect to LDAP over SSL or not
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
- services.hologram-server.ldapUserAttr
The LDAP attribute for usernames
Type: string
Default: "cn"
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
- services.hologram-server.listenAddress
Address and port to listen on
Type: string
Default: "0.0.0.0:3100"
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
- services.hologram-server.roleAttr
Which LDAP group attribute to search for authorized role ARNs
Type: string
Default: "businessCategory"
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
- services.hologram-server.statsAddress
Address of statsd server
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
- services.home-assistant.enable
Whether to enable Home Assistant. Please note that this installation method is unsupported upstream.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/home-assistant.nix>
- services.home-assistant.package
Home Assistant package to use. By default the tests are disabled, as they take a considerable amout of time to complete. Override extraPackages or extraComponents in order to add additional dependencies. If you specify config and do not set autoExtraComponents to false, overriding extraComponents will have no effect. Avoid home-assistant.overridePythonAttrs if you use autoExtraComponents.
Type: package
Default:
pkgs.home-assistant.overrideAttrs (oldAttrs: { doInstallCheck = false; })Example:
pkgs.home-assistant.override { extraPackages = ps: with ps; [ colorlog ]; }Declared by:
<nixpkgs/nixos/modules/services/misc/home-assistant.nix>
- services.home-assistant.applyDefaultConfig
Setting this option enables a few configuration options for HA based on NixOS configuration (such as time zone) to avoid having to manually specify configuration we already have.
Currently one side effect of enabling this is that the http component will be enabled.
This only takes effect if config != null in order to ensure that a manually managed configuration.yaml is not overwritten.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/home-assistant.nix>
- services.home-assistant.autoExtraComponents
If set to true, the components used in config are set as the specified package's extraComponents. This in turn adds all packaged dependencies to the derivation. You might still see import errors in your log. In this case, you will need to package the necessary dependencies yourself or ask for someone else to package them. If a dependency is packaged but not automatically added to this list, you might need to specify it in extraPackages.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/home-assistant.nix>
- services.home-assistant.config
Your configuration.yaml as a Nix attribute set. Beware that setting this option will delete your previous configuration.yaml. Secrets are encoded as strings as shown in the example.
Type: Yaml value
Default: null
Example:
{ homeassistant = { name = "Home"; latitude = "!secret latitude"; longitude = "!secret longitude"; elevation = "!secret elevation"; unit_system = "metric"; time_zone = "UTC"; }; frontend = { themes = "!include_dir_merge_named themes"; }; http = { }; feedreader.urls = [ "https://nixos.org/blogs.xml" ]; }Declared by:
<nixpkgs/nixos/modules/services/misc/home-assistant.nix>
- services.home-assistant.configDir
The config directory, where your configuration.yaml is located.
Type: path
Default: "/var/lib/hass"
Declared by:
<nixpkgs/nixos/modules/services/misc/home-assistant.nix>
- services.home-assistant.configWritable
Whether to make configuration.yaml writable. This only has an effect if config is set. This will allow you to edit it from Home Assistant's web interface. However, bear in mind that it will be overwritten at every start of the service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/home-assistant.nix>
- services.home-assistant.lovelaceConfig
Your ui-lovelace.yaml as a Nix attribute set. Setting this option will automatically add lovelace.mode = "yaml"; to your config. Beware that setting this option will delete your previous ui-lovelace.yaml
Type: null or attribute set
Default: null
Example:
{ title = "My Awesome Home"; views = [ { title = "Example"; cards = [ { type = "markdown"; title = "Lovelace"; content = "Welcome to your **Lovelace UI**."; } ]; } ]; }Declared by:
<nixpkgs/nixos/modules/services/misc/home-assistant.nix>
- services.home-assistant.lovelaceConfigWritable
Whether to make ui-lovelace.yaml writable. This only has an effect if lovelaceConfig is set. This will allow you to edit it from Home Assistant's web interface. However, bear in mind that it will be overwritten at every start of the service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/home-assistant.nix>
- services.home-assistant.openFirewall
Whether to open the firewall for the specified port.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/home-assistant.nix>
- services.home-assistant.port
The port on which to listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8123
Declared by:
<nixpkgs/nixos/modules/services/misc/home-assistant.nix>
- services.hoogle.enable
Whether to enable Haskell documentation server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/development/hoogle.nix>
- services.hoogle.packages
The Haskell packages to generate documentation for.
The option value is a function that takes the package set specified in the haskellPackages option as its sole parameter and returns a list of packages.
Type: function that evaluates to a(n) listOf
Default: hp: []
Example: hp: with hp; [ text lens ]
Declared by:
<nixpkgs/nixos/modules/services/development/hoogle.nix>
- services.hoogle.haskellPackages
Which haskell package set to use.
Type: unspecified
Default: pkgs.haskellPackages
Declared by:
<nixpkgs/nixos/modules/services/development/hoogle.nix>
- services.hoogle.home
Url for hoogle logo
Type: string
Default: "https://hoogle.haskell.org"
Declared by:
<nixpkgs/nixos/modules/services/development/hoogle.nix>
- services.hoogle.host
Set the host to bind on.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/development/hoogle.nix>
- services.hoogle.port
Port number Hoogle will be listening to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/development/hoogle.nix>
- services.hostapd.enable
Enable putting a wireless interface into infrastructure mode, allowing other wireless devices to associate with the wireless interface and do wireless networking. A simple access point will enable hostapd.wpa, hostapd.wpaPassphrase, and hostapd.ssid, as well as DHCP on the wireless interface to provide IP addresses to the associated stations, and NAT (from the wireless interface to an upstream interface).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
- services.hostapd.channel
Channel number (IEEE 802.11) Please note that some drivers do not use this value from hostapd and the channel will need to be configured separately with iwconfig.
Type: signed integer
Default: 7
Example: 11
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
- services.hostapd.countryCode
Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which device is operating. This can limit available channels and transmit power. These two octets are used as the first two octets of the Country String (dot11CountryString). If set this enables IEEE 802.11d. This advertises the countryCode and the set of allowed channels and transmit power levels based on the regulatory limits.
Type: null or string
Default: null
Example: "US"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
- services.hostapd.driver
Which driver hostapd will use. Most applications will probably use the default.
Type: string
Default: "nl80211"
Example: "hostapd"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
- services.hostapd.extraConfig
Extra configuration options to put in hostapd.conf.
Type: strings concatenated with "\n"
Default: ""
Example:
'' auth_algo=0 ieee80211n=1 ht_capab=[HT40-][SHORT-GI-40][DSSS_CCK-40] ''
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
- services.hostapd.group
Members of this group can control hostapd.
Type: string
Default: "wheel"
Example: "network"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
- services.hostapd.hwMode
Operation mode. (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g).
Type: one of "a", "b", "g"
Default: "g"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
- services.hostapd.interface
The interfaces hostapd will use.
Type: string
Default: ""
Example: "wlp2s0"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
- services.hostapd.logLevel
Levels (minimum value for logged events): 0 = verbose debugging 1 = debugging 2 = informational messages 3 = notification 4 = warning
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
- services.hostapd.noScan
Do not scan for overlapping BSSs in HT40+/- mode. Caution: turning this on will violate regulatory requirements!
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
- services.hostapd.ssid
SSID to be used in IEEE 802.11 management frames.
Type: string
Default: "nixos"
Example: "mySpecialSSID"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
- services.hostapd.wpa
Enable WPA (IEEE 802.11i/D3.0) to authenticate with the access point.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
- services.hostapd.wpaPassphrase
WPA-PSK (pre-shared-key) passphrase. Clients will need this passphrase to associate with this access point. Warning: This passphrase will get put into a world-readable file in the Nix store!
Type: string
Default: "my_sekret"
Example: "any_64_char_string"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
- services.hound.enable
Whether to enable the hound code search daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/search/hound.nix>
- services.hound.package
Package for running hound.
Type: package
Default: pkgs.hound
Declared by:
<nixpkgs/nixos/modules/services/search/hound.nix>
- services.hound.config
The full configuration of the Hound daemon. Note the dbpath should be an absolute path to a writable location on disk.
Type: string
Example:
'' { "max-concurrent-indexers" : 2, "dbpath" : "${services.hound.home}/data", "repos" : { "nixpkgs": { "url" : "https://www.github.com/NixOS/nixpkgs.git" } } } ''Declared by:
<nixpkgs/nixos/modules/services/search/hound.nix>
- services.hound.extraGroups
List of extra groups that the "hound" user should be a part of.
Type: list of strings
Default: [ ]
Example: [ "dialout" ]
Declared by:
<nixpkgs/nixos/modules/services/search/hound.nix>
- services.hound.group
Group the hound daemon should execute under.
Type: string
Default: "hound"
Declared by:
<nixpkgs/nixos/modules/services/search/hound.nix>
- services.hound.home
The path to use as hound's $HOME. If the default user "hound" is configured then this is the home of the "hound" user.
Type: path
Default: "/var/lib/hound"
Declared by:
<nixpkgs/nixos/modules/services/search/hound.nix>
- services.hound.listen
Listen on this IP:port / :port
Type: string
Default: "0.0.0.0:6080"
Example: "127.0.0.1:6080 or just :6080"
Declared by:
<nixpkgs/nixos/modules/services/search/hound.nix>
- services.hound.user
User the hound daemon should execute under.
Type: string
Default: "hound"
Declared by:
<nixpkgs/nixos/modules/services/search/hound.nix>
- services.hqplayerd.enable
Whether to enable HQPlayer Embedded.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/hqplayerd.nix>
- services.hqplayerd.auth.password
Password used for HQPlayer's WebUI.
Without this you will need to manually create the credentials after first start by going to http://your.ip/8088/auth
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/audio/hqplayerd.nix>
- services.hqplayerd.auth.username
Username used for HQPlayer's WebUI.
Without this you will need to manually create the credentials after first start by going to http://your.ip/8088/auth
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/audio/hqplayerd.nix>
- services.hqplayerd.config
HQplayer daemon configuration, written to /etc/hqplayer/hqplayerd.xml.
Refer to share/doc/hqplayerd/readme.txt in the hqplayerd derivation for possible values.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/audio/hqplayerd.nix>
- services.hqplayerd.licenseFile
Path to the HQPlayer license key file.
Without this, the service will run in trial mode and restart every 30 minutes.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/audio/hqplayerd.nix>
- services.hqplayerd.openFirewall
Opens ports needed for the WebUI and controller API.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/hqplayerd.nix>
- services.htpdate.enable
Enable htpdate daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/htpdate.nix>
- services.htpdate.extraOptions
Additional command line arguments to pass to htpdate.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/htpdate.nix>
- services.htpdate.proxy
HTTP proxy used for requests.
Type: string
Default: ""
Example: "127.0.0.1:8118"
Declared by:
<nixpkgs/nixos/modules/services/networking/htpdate.nix>
- services.htpdate.servers
HTTP servers to use for time synchronization.
Type: list of strings
Default: [ "www.google.com" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/htpdate.nix>
- services.httpd.enable
Whether to enable the Apache HTTP Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.enableMellon
Whether to enable the mod_auth_mellon module.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.enablePHP
Whether to enable the PHP module.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.enablePerl
Whether to enable the Perl module (mod_perl).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.package
Overridable attribute of the Apache HTTP Server package to use.
Type: package
Default: pkgs.apacheHttpd
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.adminAddr
E-mail address of the server administrator.
Type: string
Example: "admin@example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.configFile
Override the configuration file used by Apache. By default, NixOS generates one automatically.
Type: path
Default: confFile
Example: pkgs.writeText "httpd.conf" "# my custom config file ..."
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.extraConfig
Configuration lines appended to the generated Apache configuration file. Note that this mechanism will not work when configFile is overridden.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.extraModules
Additional Apache modules to be used. These can be specified as a string in the case of modules distributed with Apache, or as an attribute set specifying the name and path of the module.
Type: list of unspecifieds
Default: [ ]
Example:
[ "proxy_connect" { name = "jk"; path = "${pkgs.tomcat_connectors}/modules/mod_jk.so"; } ]Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.group
Group under which httpd children processes run.
Type: string
Default: "wwwrun"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.logDir
Directory for Apache's log files. It is created automatically.
Type: path
Default: "/var/log/httpd"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.logFormat
Log format for log files. Possible values are: combined, common, referer, agent, none. See https://httpd.apache.org/docs/2.4/logs.html for more details.
Type: string
Default: "common"
Example: "combined"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.logPerVirtualHost
If enabled, each virtual host gets its own access.log and error.log, namely suffixed by the hostName of the virtual host.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.maxClients
Maximum number of httpd processes (prefork)
Type: signed integer
Default: 150
Example: 8
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.maxRequestsPerChild
Maximum number of httpd requests answered per httpd child (prefork), 0 means unlimited.
Type: signed integer
Default: 0
Example: 500
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.mpm
Multi-processing module to be used by Apache. Available modules are prefork (handles each request in a separate child process), worker (hybrid approach that starts a number of child processes each running a number of threads) and event (the default; a recent variant of worker that handles persistent connections more efficiently).
Type: one of "event", "prefork", "worker"
Default: "event"
Example: "worker"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.phpOptions
Options appended to the PHP configuration file php.ini.
Type: strings concatenated with "\n"
Default: ""
Example:
'' date.timezone = "CET" ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.phpPackage
Overridable attribute of the PHP package to use.
Type: package
Default: pkgs.php
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.sslCiphers
Cipher Suite available for negotiation in SSL proxy handshake.
Type: string
Default: "HIGH:!aNULL:!MD5:!EXP"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.sslProtocols
Allowed SSL/TLS protocol versions.
Type: string
Default: "All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1"
Example: "All -SSLv2 -SSLv3"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.user
User account under which httpd children processes run.
If you require the main httpd process to run as root add the following configuration:
systemd.services.httpd.serviceConfig.User = lib.mkForce "root";
Type: string
Default: "wwwrun"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts
Specification of the virtual hosts served by Apache. Each element should be an attribute set specifying the configuration of the virtual host.
Type: attribute set of submodules
Default:
{ localhost = { documentRoot = "${package.out}/htdocs"; }; }Example:
{ "foo.example.com" = { forceSSL = true; documentRoot = "/var/www/foo.example.com" }; "bar.example.com" = { addSSL = true; documentRoot = "/var/www/bar.example.com"; }; }Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.enableACME
Whether to ask Let's Encrypt to sign a certificate for this vhost. Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.enableUserDir
Whether to enable serving ~/public_html as /~username.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.acmeRoot
Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
Type: string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.addSSL
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.adminAddr
E-mail address of the server administrator.
Type: null or string
Default: null
Example: "admin@example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.documentRoot
The path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.extraConfig
These lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default.
Type: strings concatenated with "\n"
Default: ""
Example:
'' <Directory /home> Options FollowSymlinks AllowOverride All </Directory> ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.forceSSL
Whether to add a separate nginx server block that permanently redirects (301) all plain HTTP traffic to HTTPS. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.globalRedirect
If set, all requests for this host are redirected permanently to the given URL.
Type: null or string
Default: null
Example: "http://newserver.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.hostName
Canonical hostname for the server.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.http2
Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. However, if you use the prefork mpm, there will be severe restrictions. Refer to https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config for details.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.listen
Listen addresses and ports for this virtual host.
Note
This option overrides addSSL, forceSSL and onlySSL.If you only want to set the addresses manually and not the ports, take a look at listenAddresses.
Type: list of submodules
Default: [ ]
Example: [ { ip = "195.154.1.1"; port = 443; ssl = true; } { ip = "192.154.1.1"; port = 80; } { ip = "*"; port = 8080; } ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.listen.*.ip
IP to listen on. 0.0.0.0 for IPv4 only, * for all.
Type: string
Default: "*"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.listen.*.port
Port to listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.listen.*.ssl
Whether to enable SSL (https) support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.listenAddresses
Listen addresses for this virtual host. Compared to listen this only sets the addreses and the ports are chosen automatically.
Type: non-empty list of strings
Default: [ "*" ]
Example: [ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.locations
Declarative location config. See https://httpd.apache.org/docs/2.4/mod/core.html#location for details.
Type: attribute set of submodules
Default: { }
Example:
{ "/" = { proxyPass = "http://localhost:3000"; }; "/foo/bar.png" = { alias = "/home/eelco/some-file.png"; }; };Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.locations.<name>.alias
Alias directory for requests. See https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.locations.<name>.extraConfig
These lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.locations.<name>.index
Adds DirectoryIndex directive. See https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.locations.<name>.priority
Order of this location block in relation to the others in the vhost. The semantics are the same as with `lib.mkOrder`. Smaller values have a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.locations.<name>.proxyPass
Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.logFormat
Log format for Apache's log files. Possible values are: combined, common, referer, agent.
Type: string
Default: "common"
Example: "combined"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.onlySSL
Whether to enable HTTPS and reject plain HTTP connections. This will set defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.robotsEntries
Specification of pages to be ignored by web crawlers. See http://www.robotstxt.org/ for details.
Type: strings concatenated with "\n"
Default: ""
Example: "Disallow: /foo/"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.servedDirs
This option provides a simple way to serve static directories.
Type: list of attribute sets
Default: [ ]
Example: [ { dir = "/home/eelco/Dev/nix-homepage"; urlPath = "/nix"; } ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.servedFiles
This option provides a simple way to serve individual, static files.
Note
This option has been deprecated and will be removed in a future version of NixOS. You can achieve the same result by making use of the locations.<name>.alias option.Type: list of attribute sets
Default: [ ]
Example: [ { file = "/home/eelco/some-file.png"; urlPath = "/foo/bar.png"; } ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of strings
Default: [ ]
Example: [ "www.example.org" "www.example.org:8080" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.sslServerCert
Path to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.sslServerChain
Path to server SSL chain file.
Type: null or path
Default: null
Example: "/var/ca.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.sslServerKey
Path to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.httpd.virtualHosts.<name>.useACMEHost
A host of an existing Let's Encrypt certificate to use. This is useful if you have many subdomains and want to avoid hitting the rate limit. Alternately, you can generate a certificate through enableACME. Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
- services.hydra.enable
Whether to run Hydra services.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
- services.hydra.package
The Hydra package.
Type: package
Default: pkgs.hydra-unstable
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
- services.hydra.buildMachinesFiles
List of files containing build machines.
Type: list of paths
Default: [ ]
Example: [ "/etc/nix/machines" "/var/lib/hydra/provisioner/machines" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
- services.hydra.dbi
The DBI string for Hydra database connection.
NOTE: Attempts to set `application_name` will be overridden by `hydra-TYPE` (where TYPE is e.g. `evaluator`, `queue-runner`, etc.) in all hydra services to more easily distinguish where queries are coming from.
Type: string
Default: "dbi:Pg:dbname=hydra;user=hydra;"
Example: "dbi:Pg:dbname=hydra;host=postgres.example.org;user=foo;"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
- services.hydra.debugServer
Whether to run the server in debug mode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
- services.hydra.extraConfig
Extra lines for the Hydra configuration.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
- services.hydra.extraEnv
Extra environment variables for Hydra.
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
- services.hydra.gcRootsDir
Directory that holds Hydra garbage collector roots.
Type: path
Default: "/nix/var/nix/gcroots/hydra"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
- services.hydra.hydraURL
The base URL for the Hydra webserver instance. Used for links in emails.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
- services.hydra.listenHost
The hostname or address to listen on or * to listen on all interfaces.
Type: string
Default: "*"
Example: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
- services.hydra.logo
Path to a file containing the logo of your Hydra instance.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
- services.hydra.minimumDiskFree
Threshold of minimum disk space (GiB) to determine if the queue runner should run or not.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
- services.hydra.minimumDiskFreeEvaluator
Threshold of minimum disk space (GiB) to determine if the evaluator should run or not.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
- services.hydra.notificationSender
Sender email address used for email notifications.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
- services.hydra.port
TCP port the web server should listen to.
Type: signed integer
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
- services.hydra.smtpHost
Hostname of the SMTP server to use to send email.
Type: null or string
Default: null
Example: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
- services.hydra.tracker
Piece of HTML that is included on all pages.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
- services.hydra.useSubstitutes
Whether to use binary caches for downloading store paths. Note that binary substitutions trigger (a potentially large number of) additional HTTP requests that slow down the queue monitor thread significantly. Also, this Hydra instance will serve those downloaded store paths to its users with its own signature attached as if it had built them itself, so don't enable this feature unless your active binary caches are absolute trustworthy.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
- services.hydron.enable
Whether to enable hydron.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
- services.hydron.dataDir
Location where hydron runs and stores data.
Type: path
Default: "/var/lib/hydron"
Example: "/home/okina/hydron"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
- services.hydron.fetchTags
Fetch tags for imported images and webm from gelbooru.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
- services.hydron.importPaths
Paths that hydron will recursively import.
Type: list of paths
Default: [ ]
Example: [ "/home/okina/Pictures" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
- services.hydron.interval
How often we run hydron import and possibly fetch tags. Runs by default every week.
The format is described in systemd.time(7).
Type: string
Default: "weekly"
Example: "06:00"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
- services.hydron.listenAddress
Listen on a specific IP address and port.
Type: null or string
Default: null
Example: "127.0.0.1:8010"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
- services.hydron.password
Password for the hydron database.
Type: string
Default: "hydron"
Example: "dumbpass"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
- services.hydron.passwordFile
Password file for the hydron database.
Type: path
Default: "/run/keys/hydron-password-file"
Example: "/home/okina/hydron/keys/pass"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
- services.hydron.postgresArgs
Postgresql connection arguments.
Type: string
Example:
'' { "driver": "postgres", "connection": "user=hydron password=dumbpass dbname=hydron sslmode=disable" } ''Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
- services.hydron.postgresArgsFile
Postgresql connection arguments file.
Type: path
Default: "/run/keys/hydron-postgres-args"
Example: "/home/okina/hydron/keys/postgres"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
- services.hylafax.enable
Whether to enable HylaFAX server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.areaCode
Area code for server and all modems.
Type: null or string
Default: null
Example: "30"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.autostart
Autostart the HylaFAX queue manager at system start. If this is false, the queue manager will still be started if there are pending jobs or if a user tries to connect to it.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.commonModemConfig
Attribute set of default values for modem config files etc/config.*. Values can be either strings or integers (which will be added to the config file verbatimly) or lists thereof (which will be translated to multiple lines with the same configuration key). Boolean values are translated to "Yes" or "No". The default contains some reasonable configuration to yield an operational system.
Think twice before changing paths of fax-processing scripts.
Type: attribute set of list of string or signed integer convertible to it or boolean convertible to its or string or signed integer convertible to it or boolean convertible to it convertible to its
Example: { InternationalPrefix = "00"; LongDistancePrefix = "0"; }
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.countryCode
Country code for server and all modems.
Type: null or string
Default: null
Example: "49"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.faxcron.enable.frequency
Purge old files from the spooling area with faxcron with the given frequency (see systemd.time(7)).
Type: null or string
Default: null
Example: "daily"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.faxcron.enable.spoolInit
Whether to enable Purge old files from the spooling area with faxcron each time the spooling area is initialized. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.faxcron.infoDays
Set the expiration time for data in the remote machine information directory in days.
Type: positive integer, meaning >0
Default: 30
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.faxcron.logDays
Set the expiration time for session trace log files in days.
Type: positive integer, meaning >0
Default: 30
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.faxcron.rcvDays
Set the expiration time for files in the received facsimile queue in days.
Type: positive integer, meaning >0
Default: 7
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.faxqConfig
Attribute set of lines for the global faxq config file etc/config. Values can be either strings or integers (which will be added to the config file verbatimly) or lists thereof (which will be translated to multiple lines with the same configuration key). Boolean values are translated to "Yes" or "No". The default contains some reasonable configuration to yield an operational system.
Type: attribute set of list of string or signed integer convertible to it or boolean convertible to its or string or signed integer convertible to it or boolean convertible to it convertible to its
Example: { InternationalPrefix = "00"; LongDistancePrefix = "0"; }
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.faxqclean.enable.frequency
Purge old files from the spooling area with faxcron with the given frequency (see systemd.time(7)).
Type: null or string
Default: null
Example: "daily"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.faxqclean.enable.spoolInit
Whether to enable Purge old files from the spooling area with faxqclean each time the spooling area is initialized. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.faxqclean.archiving
Enable or suppress job archiving: never disables job archiving, as-flagged archives jobs that have been flagged for archiving by sendfax, always forces archiving of all jobs. See also sendfax(1) and faxqclean(8).
Type: one of "never", "as-flagged", "always"
Default: "as-flagged"
Example: "always"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.faxqclean.docqMinutes
Set the document age threshold (in minutes) that controls how long unreferenced files may reside in the docq directory.
Type: positive integer, meaning >0
Default: 60
Example: 24*60
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.faxqclean.doneqMinutes
Set the job age threshold (in minutes) that controls how long jobs may reside in the doneq directory.
Type: positive integer, meaning >0
Default: 15
Example: 24*60
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.hfaxdConfig
Attribute set of lines for the global hfaxd config file etc/hfaxd.conf. Values can be either strings or integers (which will be added to the config file verbatimly) or lists thereof (which will be translated to multiple lines with the same configuration key). Boolean values are translated to "Yes" or "No". The default contains some reasonable configuration to yield an operational system.
Type: attribute set of list of string or signed integer convertible to it or boolean convertible to its or string or signed integer convertible to it or boolean convertible to it convertible to its
Example: { RecvqProtection = "0400"; }
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.internationalPrefix
International prefix for server and all modems.
Type: null or string
Default: null
Example: "00"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.longDistancePrefix
Long distance prefix for server and all modems.
Type: null or string
Default: null
Example: "0"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.modems
Description of installed modems. At least on modem must be defined to enable the HylaFAX server.
Type: attribute set of submodules
Default: { }
Example: { ttyS1 = { config = { FAXNumber = "123456"; LocalIdentifier = "Smith"; } ; type = "cirrus"; } ; }
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.modems.<name>.config
Attribute set of values for the given modem. Values can be either strings or integers (which will be added to the config file verbatimly) or lists thereof (which will be translated to multiple lines with the same configuration key). Boolean values are translated to "Yes" or "No". The default contains some reasonable configuration to yield an operational system.
Options defined here override options in commonModemConfig for this modem.
Type: attribute set of list of string or signed integer convertible to it or boolean convertible to its or string or signed integer convertible to it or boolean convertible to it convertible to its
Example: { AreaCode = "49"; FAXNumber = "123456"; LocalCode = "30"; LocalIdentifier = "LostInBerlin"; }
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.modems.<name>.name
Name of modem device, will be searched for in /dev.
Type: string
Example: "ttyS1"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.modems.<name>.type
Name of modem configuration file, will be searched for in config in the spooling area directory.
Type: string
Example: "cirrus"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.sendmailPath
Path to sendmail program. The default uses the local sendmail wrapper (see config.services.mail.sendmailSetuidWrapper), otherwise the false binary to cause an error if used.
Type: path
Example: "${pkgs.postfix}/bin/sendmail"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.spoolAreaPath
The spooling area will be created/maintained at the location given here.
Type: path
Default: "/var/spool/fax"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.spoolExtraInit
Additional shell code that is executed within the spooling area directory right after its setup.
Type: strings concatenated with "\n"
Default: ""
Example: "chmod 0755 . # everyone may read my faxes"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.hylafax.userAccessFile
The hosts.hfaxd file entry in the spooling area will be symlinked to the location given here. This file must exist and be readable only by the uucp user. See hosts.hfaxd(5) for details. This configuration permits access for all users: environment.etc."hosts.hfaxd" = { mode = "0600"; user = "uucp"; text = ".*"; }; Note that host-based access can be controlled with config.systemd.sockets.hylafax-hfaxd.listenStreams; by default, only 127.0.0.1 is permitted to connect.
Type: path
Default: "/etc/hosts.hfaxd"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
- services.i2p.enable
Whether to enable I2P router.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2p.nix>
- services.i2pd.enable
Enables I2Pd as a running service upon activation. Please read http://i2pd.readthedocs.io/en/latest/ for further configuration help.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.enableIPv4
Whether to enable IPv4 connectivity.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.enableIPv6
Whether to enable IPv6 connectivity.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.address
Your external IP or hostname.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.addressbook.defaulturl
AddressBook subscription URL for initial setup
Type: string
Default: "http://joajgazyztfssty4w2on5oaqksz6tqoxbduy553y34mf4byv6gpq.b32.i2p/export/alive-hosts.txt"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.addressbook.subscriptions
AddressBook subscription URLs
Type: list of strings
Default: [ "http://inr.i2p/export/alive-hosts.txt" "http://i2p-projekt.i2p/hosts.txt" "http://stats.i2p/cgi-bin/newhosts.txt" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.bandwidth
Set a router bandwidth limit integer in KBps. If not set, i2pd defaults to 32KBps.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.dataDir
Alternative path to storage of i2pd data (RI, keys, peer profiles, ...)
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.exploratory.inbound.length
Guaranteed minimum hops for exploratory tunnels.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.exploratory.inbound.quantity
Number of simultaneous exploratory tunnels.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.exploratory.outbound.length
Guaranteed minimum hops for exploratory tunnels.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.exploratory.outbound.quantity
Number of simultaneous exploratory tunnels.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.family
Specify a family the router belongs to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.floodfill
If the router is declared to be unreachable and needs introduction nodes.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.ifname
Network interface to bind to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.ifname4
IPv4 interface to bind to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.ifname6
IPv6 interface to bind to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.inTunnels
Serve something on I2P network at port and delegate requests to address inPort.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.inTunnels.<name>.enable
Whether to enable ‹name›.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.inTunnels.<name>.accessList
I2P nodes that are allowed to connect to this service.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.inTunnels.<name>.address
Bind address for ‹name› endpoint.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.inTunnels.<name>.crypto.tagsToSend
Number of ElGamal/AES tags to send.
Type: signed integer
Default: 40
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.inTunnels.<name>.destination
Remote endpoint, I2P hostname or b32.i2p address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.inTunnels.<name>.inPort
Service port. Default to the tunnel's listen port.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.inTunnels.<name>.inbound.length
Guaranteed minimum hops for ‹name› tunnels.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.inTunnels.<name>.inbound.quantity
Number of simultaneous ‹name› tunnels.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.inTunnels.<name>.keys
Keyset used for tunnel identity.
Type: string
Default: "‹name›-keys.dat"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.inTunnels.<name>.name
The endpoint name.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.inTunnels.<name>.outbound.length
Guaranteed minimum hops for ‹name› tunnels.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.inTunnels.<name>.outbound.quantity
Number of simultaneous ‹name› tunnels.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.inTunnels.<name>.port
Bind port for ‹name› endpoint.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.limits.coreSize
Maximum size of corefile in Kb (0 - use system limit).
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.limits.ntcpHard
Maximum number of active transit sessions.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.limits.ntcpSoft
Threshold to start probabalistic backoff with ntcp sessions (default: use system limit).
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.limits.ntcpThreads
Maximum number of threads used by NTCP DH worker.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.limits.openFiles
Maximum number of open files (0 - use system default).
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.limits.transittunnels
Maximum number of active transit sessions.
Type: signed integer
Default: 2500
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.logCLFTime
Whether to enable Full CLF-formatted date and time to log.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.logLevel
The log level. i2pd defaults to "info" but that generates copious amounts of log messages.
We default to "error" which is similar to the default log level of tor.
Type: one of "debug", "info", "warn", "error"
Default: "error"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.nat
Whether to enable NAT bypass.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.netid
I2P overlay netid.
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.notransit
Tells the router to not accept transit tunnels during startup.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.ntcp
Whether to enable ntcp.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.ntcp2.enable
Whether to enable NTCP2.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.ntcp2.port
Port to listen for incoming NTCP2 connections (0=auto).
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.ntcp2.published
Whether to enable NTCP2 publication.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.ntcpProxy
Proxy URL for NTCP transport.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.outTunnels
Connect to someone as a client and establish a local accept endpoint
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.outTunnels.<name>.enable
Whether to enable ‹name›.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.outTunnels.<name>.address
Bind address for ‹name› endpoint.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.outTunnels.<name>.crypto.tagsToSend
Number of ElGamal/AES tags to send.
Type: signed integer
Default: 40
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.outTunnels.<name>.destination
Remote endpoint, I2P hostname or b32.i2p address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.outTunnels.<name>.destinationPort
Connect to particular port at destination.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.outTunnels.<name>.inbound.length
Guaranteed minimum hops for ‹name› tunnels.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.outTunnels.<name>.inbound.quantity
Number of simultaneous ‹name› tunnels.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.outTunnels.<name>.keys
Keyset used for tunnel identity.
Type: string
Default: "‹name›-keys.dat"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.outTunnels.<name>.name
The endpoint name.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.outTunnels.<name>.outbound.length
Guaranteed minimum hops for ‹name› tunnels.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.outTunnels.<name>.outbound.quantity
Number of simultaneous ‹name› tunnels.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.outTunnels.<name>.port
Bind port for ‹name› endpoint.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.port
I2P listen port. If no one is given the router will pick between 9111 and 30777.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.precomputation.elgamal
Whenever to use precomputated tables for ElGamal. i2pd defaults to false to save 64M of memory (and looses some performance).
We default to true as that is what most users want anyway.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.bob.enable
Whether to enable bob.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.bob.address
Bind address for bob endpoint.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.bob.name
The endpoint name.
Type: string
Default: "bob"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.bob.port
Bind port for bob endpoint.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 2827
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.http.enable
Whether to enable http.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.http.address
Bind address for http endpoint.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.http.auth
Whether to enable Webconsole authentication.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.http.hostname
Expected hostname for WebUI.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.http.name
The endpoint name.
Type: string
Default: "http"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.http.pass
Password for webconsole access.
Type: string
Default: "i2pd"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.http.port
Bind port for http endpoint.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 7070
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.http.strictHeaders
Enable strict host checking on WebUI.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.http.user
Username for webconsole access
Type: string
Default: "i2pd"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.httpProxy.enable
Whether to enable httpproxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.httpProxy.address
Bind address for httpproxy endpoint.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.httpProxy.inbound.length
Guaranteed minimum hops for httpproxy tunnels.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.httpProxy.inbound.quantity
Number of simultaneous httpproxy tunnels.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.httpProxy.keys
File to persist HTTPPROXY keys.
Type: null or string
Default: "httpproxy-keys.dat"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.httpProxy.latency.max
Max latency for tunnels.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.httpProxy.latency.min
Min latency for tunnels.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.httpProxy.name
The endpoint name.
Type: string
Default: "httpproxy"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.httpProxy.outbound.length
Guaranteed minimum hops for httpproxy tunnels.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.httpProxy.outbound.quantity
Number of simultaneous httpproxy tunnels.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.httpProxy.outproxy
Upstream outproxy bind address.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.httpProxy.port
Bind port for httpproxy endpoint.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 4444
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.i2cp.enable
Whether to enable i2cp.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.i2cp.address
Bind address for i2cp endpoint.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.i2cp.name
The endpoint name.
Type: string
Default: "i2cp"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.i2cp.port
Bind port for i2cp endpoint.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 7654
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.i2pControl.enable
Whether to enable i2pcontrol.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.i2pControl.address
Bind address for i2pcontrol endpoint.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.i2pControl.name
The endpoint name.
Type: string
Default: "i2pcontrol"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.i2pControl.port
Bind port for i2pcontrol endpoint.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 7650
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.sam.enable
Whether to enable sam.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.sam.address
Bind address for sam endpoint.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.sam.name
The endpoint name.
Type: string
Default: "sam"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.sam.port
Bind port for sam endpoint.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 7656
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.socksProxy.enable
Whether to enable socksproxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.socksProxy.address
Bind address for socksproxy endpoint.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.socksProxy.inbound.length
Guaranteed minimum hops for socksproxy tunnels.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.socksProxy.inbound.quantity
Number of simultaneous socksproxy tunnels.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.socksProxy.keys
File to persist SOCKSPROXY keys.
Type: null or string
Default: "socksproxy-keys.dat"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.socksProxy.latency.max
Max latency for tunnels.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.socksProxy.latency.min
Min latency for tunnels.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.socksProxy.name
The endpoint name.
Type: string
Default: "socksproxy"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.socksProxy.outbound.length
Guaranteed minimum hops for socksproxy tunnels.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.socksProxy.outbound.quantity
Number of simultaneous socksproxy tunnels.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.socksProxy.outproxy
Upstream outproxy bind address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.socksProxy.outproxyEnable
Whether to enable SOCKS outproxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.socksProxy.outproxyPort
Upstream outproxy bind port.
Type: signed integer
Default: 4444
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.proto.socksProxy.port
Bind port for socksproxy endpoint.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 4447
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.reseed.file
Full path to SU3 file to reseed from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.reseed.floodfill
Path to router info of floodfill to reseed from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.reseed.proxy
URL for reseed proxy, supports http/socks.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.reseed.urls
Reseed URLs.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.reseed.verify
Whether to enable SU3 signature verification.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.reseed.zipfile
Path to local .zip file to reseed from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.share
Limit of transit traffic from max bandwidth in percents.
Type: signed integer
Default: 100
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.ssu
Whether to enable ssu.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.trust.enable
Whether to enable Explicit trust options.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.trust.family
Router Familiy to trust for first hops.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.trust.hidden
Whether to enable Router concealment.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.trust.routers
Only connect to the listed routers.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.upnp.enable
Whether to enable UPnP service discovery.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.upnp.name
Name i2pd appears in UPnP forwardings list.
Type: string
Default: "I2Pd"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.websocket.enable
Whether to enable websockets.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.websocket.address
Bind address for websockets endpoint.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.websocket.name
The endpoint name.
Type: string
Default: "websockets"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.i2pd.websocket.port
Bind port for websockets endpoint.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 7666
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
- services.icecast.enable
Whether to enable Icecast server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
- services.icecast.admin.password
Password used for all administration functions.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
- services.icecast.admin.user
Username used for all administration functions.
Type: string
Default: "admin"
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
- services.icecast.extraConf
icecast.xml content.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
- services.icecast.group
Group privileges for the server.
Type: string
Default: "nogroup"
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
- services.icecast.hostname
DNS name or IP address that will be used for the stream directory lookups or possibily the playlist generation if a Host header is not provided.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
- services.icecast.listen.address
Address Icecast will listen on.
Type: string
Default: "::"
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
- services.icecast.listen.port
TCP port that will be used to accept client connections.
Type: signed integer
Default: 8000
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
- services.icecast.logDir
Base directory used for logging.
Type: path
Default: "/var/log/icecast"
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
- services.icecast.user
User privileges for the server.
Type: string
Default: "nobody"
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
- services.icecream.daemon.enable
Whether to enable Icecream Daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
- services.icecream.daemon.package
Icecream package to use.
Type: package
Default: pkgs.icecream
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
- services.icecream.daemon.cacheLimit
Maximum size in Megabytes of cache used to store compile environments of compile clients.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 256
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
- services.icecream.daemon.extraArgs
Additional command line parameters.
Type: list of strings
Default: [ ]
Example: [ "-v" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
- services.icecream.daemon.hostname
Hostname of the daemon in the icecream infrastructure.
Uses the hostname retrieved via uname if set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
- services.icecream.daemon.maxProcesses
Maximum number of compile jobs started in parallel for this daemon.
Uses the number of CPUs if set to null.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
- services.icecream.daemon.netName
Network name to connect to. A scheduler with the same name needs to be running.
Type: string
Default: "ICECREAM"
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
- services.icecream.daemon.nice
The level of niceness to use.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
- services.icecream.daemon.noRemote
Prevent jobs from other nodes being scheduled on this daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
- services.icecream.daemon.openBroadcast
Whether to automatically open the firewall for scheduler discovery.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
- services.icecream.daemon.openFirewall
Whether to automatically open receive port in the firewall.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
- services.icecream.daemon.schedulerHost
Explicit scheduler hostname, useful in firewalled environments.
Uses scheduler autodiscovery via broadcast if set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
- services.icecream.daemon.user
User to run the icecream daemon as. Set to root to enable receive of remote compile environments.
Type: string
Default: "icecc"
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
- services.icecream.scheduler.enable
Whether to enable Icecream Scheduler.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/scheduler.nix>
- services.icecream.scheduler.package
Icecream package to use.
Type: package
Default: pkgs.icecream
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/scheduler.nix>
- services.icecream.scheduler.extraArgs
Additional command line parameters
Type: list of strings
Default: [ ]
Example: [ "-v" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/scheduler.nix>
- services.icecream.scheduler.netName
Network name for the icecream scheduler.
Uses the default ICECREAM if null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/scheduler.nix>
- services.icecream.scheduler.openFirewall
Whether to automatically open the daemon port in the firewall.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/scheduler.nix>
- services.icecream.scheduler.openTelnet
Whether to open the telnet TCP port on 8766.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/scheduler.nix>
- services.icecream.scheduler.persistentClientConnection
Whether to prevent clients from connecting to a better scheduler.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/scheduler.nix>
- services.icecream.scheduler.port
Server port to listen for icecream daemon requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8765
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/scheduler.nix>
- services.icingaweb2.enable
Whether to enable the icingaweb2 web interface.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
- services.icingaweb2.authentications
authentication.ini contents. Will automatically be converted to a .ini file.
If the value is null, no authentication.ini is created and you can modify it manually (e.g. via the web interface).
Type: null or attribute set
Default: null
Example: { icingaweb = { backend = "db"; resource = "icingaweb_db"; } ; }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
- services.icingaweb2.generalConfig
config.ini contents. Will automatically be converted to a .ini file. If you don't set global.module_path, the module will take care of it.
If the value is null, no config.ini is created and you can modify it manually (e.g. via the web interface). Note that you need to update module_path manually.
Type: null or attribute set
Default: null
Example: { general = { config_resource = "icingaweb_db"; showStacktraces = 1; } ; logging = { level = "CRITICAL"; log = "syslog"; } ; }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
- services.icingaweb2.groupBackends
groups.ini contents. Will automatically be converted to a .ini file.
If the value is null, no groups.ini is created and you can modify it manually (e.g. via the web interface).
Type: null or attribute set
Default: null
Example: { icingaweb = { backend = "db"; resource = "icingaweb_db"; } ; }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
- services.icingaweb2.libraryPaths
Libraries to add to the Icingaweb2 library path. The name of the attribute is the name of the library, the value is the package to add.
Type: attribute set of packages
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
- services.icingaweb2.modulePackages
Name-package attrset of Icingaweb 2 modules packages to enable.
If you enable modules manually (e.g. via the web ui), they will not be touched.
Type: attribute set of packages
Default: { }
Example:
{ "snow" = icingaweb2Modules.theme-snow; }Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
- services.icingaweb2.modules.doc.enable
Whether to enable the icingaweb2 doc module.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
- services.icingaweb2.modules.migrate.enable
Whether to enable the icingaweb2 migrate module.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
- services.icingaweb2.modules.monitoring.enable
Whether to enable the icingaweb2 monitoring module.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
- services.icingaweb2.modules.monitoring.backends
Monitoring backends to define
Type: attribute set of submodules
Default: { icinga = { resource = "icinga_ido"; } ; }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
- services.icingaweb2.modules.monitoring.backends.<name>.disabled
Disable this backend
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
- services.icingaweb2.modules.monitoring.backends.<name>.resource
Name of the IDO resource
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
- services.icingaweb2.modules.monitoring.generalConfig.mutable
Make config.ini of the monitoring module mutable (e.g. via the web interface).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
- services.icingaweb2.modules.monitoring.generalConfig.protectedVars
List of string patterns for custom variables which should be excluded from user’s view.
Type: list of strings
Default: [ "*pw*" "*pass*" "community" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
- services.icingaweb2.modules.monitoring.mutableBackends
Make backends.ini of the monitoring module mutable (e.g. via the web interface).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
- services.icingaweb2.modules.monitoring.mutableTransports
Make commandtransports.ini of the monitoring module mutable (e.g. via the web interface).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
- services.icingaweb2.modules.monitoring.transports
Command transports to define
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
- services.icingaweb2.modules.monitoring.transports.<name>.host
Host for the api or remote transport
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
- services.icingaweb2.modules.monitoring.transports.<name>.instance
Assign a icinga instance to this transport
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
- services.icingaweb2.modules.monitoring.transports.<name>.password
Password for the api transport
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
- services.icingaweb2.modules.monitoring.transports.<name>.path
Path to the socket for local or remote transports
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
- services.icingaweb2.modules.monitoring.transports.<name>.port
Port to connect to for the api or remote transport
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
- services.icingaweb2.modules.monitoring.transports.<name>.resource
SSH identity resource for the remote transport
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
- services.icingaweb2.modules.monitoring.transports.<name>.type
Type of this transport
Type: one of "api", "local", "remote"
Default: "api"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
- services.icingaweb2.modules.monitoring.transports.<name>.username
Username for the api or remote transport
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
- services.icingaweb2.modules.setup.enable
Whether to enable the icingaweb2 setup module.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
- services.icingaweb2.modules.test.enable
Whether to enable the icingaweb2 test module.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
- services.icingaweb2.modules.translation.enable
Whether to enable the icingaweb2 translation module.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
- services.icingaweb2.pool
Name of existing PHP-FPM pool that is used to run Icingaweb2. If not specified, a pool will automatically created with default values.
Type: string
Default: "icingaweb2"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
- services.icingaweb2.resources
resources.ini contents. Will automatically be converted to a .ini file.
If the value is null, no resources.ini is created and you can modify it manually (e.g. via the web interface). Note that if you set passwords here, they will go into the nix store.
Type: null or attribute set
Default: null
Example: { icingaweb_db = { db = "mysql"; dbname = "icingaweb2"; host = "localhost"; password = "icingaweb2"; type = "db"; username = "icingaweb2"; } ; }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
- services.icingaweb2.roles
roles.ini contents. Will automatically be converted to a .ini file.
If the value is null, no roles.ini is created and you can modify it manually (e.g. via the web interface).
Type: null or attribute set
Default: null
Example: { Administrators = { permissions = "*"; users = "admin"; } ; }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
- services.icingaweb2.timezone
PHP-compliant timezone specification
Type: string
Default: "UTC"
Example: "Europe/Berlin"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
- services.icingaweb2.virtualHost
Name of the nginx virtualhost to use and setup. If null, no virtualhost is set up.
Type: null or string
Default: "icingaweb2"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
- services.ihaskell.enable
Autostart an IHaskell notebook service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/ihaskell.nix>
- services.ihaskell.extraPackages
Extra packages available to ghc when running ihaskell. The value must be a function which receives the attrset defined in haskellPackages as the sole argument.
Type: function that evaluates to a(n) listOf
Default: haskellPackages: []
Example:
haskellPackages: [ haskellPackages.wreq haskellPackages.lens ]
Declared by:
<nixpkgs/nixos/modules/services/misc/ihaskell.nix>
- services.ihatemoney.enable
Whether to enable ihatemoney webapp. Note that this will set uwsgi to emperor mode.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
- services.ihatemoney.enableAdminDashboard
Whether to enable ihatemoney admin dashboard.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
- services.ihatemoney.enableCaptcha
Whether to enable a simplistic captcha for some forms.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
- services.ihatemoney.enableDemoProject
Whether to enable access to the demo project in ihatemoney.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
- services.ihatemoney.enablePublicProjectCreation
Whether to enable permission to create projects in ihatemoney by anyone.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
- services.ihatemoney.adminHashedPassword
The hashed password of the administrator. To obtain it, run ihatemoney generate_password_hash
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
- services.ihatemoney.backend
The database engine to use for ihatemoney. If postgresql is selected, then a database called ihatemoney will be created. If you disable this option, it will however not be removed.
Type: one of "sqlite", "postgresql"
Default: "sqlite"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
- services.ihatemoney.defaultSender.email
The email of the sender of ihatemoney emails
Type: string
Default: "ihatemoney@nixos"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
- services.ihatemoney.defaultSender.name
The display name of the sender of ihatemoney emails
Type: string
Default: "Budget manager"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
- services.ihatemoney.extraConfig
Extra configuration appended to ihatemoney's configuration file. It is a python file, so pay attention to indentation.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
- services.ihatemoney.legalLink
The URL to a page explaining legal statements about your service, eg. GDPR-related information.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
- services.ihatemoney.secureCookie
Use secure cookies. Disable this when ihatemoney is served via http instead of https
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
- services.ihatemoney.uwsgiConfig
Additionnal configuration of the UWSGI vassal running ihatemoney. It should notably specify on which interfaces and ports the vassal should listen.
Type: attribute set
Example: { http = ":8000"; }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
- services.illum.enable
Enable illum, a daemon for controlling screen brightness with brightness buttons.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/illum.nix>
- services.incron.enable
Whether to enable the incron daemon.
Note that commands run under incrontab only support common Nix profiles for the PATH provided variable.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/incron.nix>
- services.incron.allow
Users allowed to use incrontab.
If empty then no user will be allowed to have their own incrontab. If null then will defer to deny. If both allow and deny are null then all users will be allowed to have their own incrontab.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/incron.nix>
- services.incron.deny
Users forbidden from using incrontab.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/incron.nix>
- services.incron.extraPackages
Extra packages available to the system incrontab.
Type: list of packages
Default: [ ]
Example: [ pkgs.rsync ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/incron.nix>
- services.incron.systab
The system incrontab contents.
Type: strings concatenated with "\n"
Default: ""
Example:
'' /var/mail IN_CLOSE_WRITE abc $@/$# /tmp IN_ALL_EVENTS efg $@/$# $& ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/incron.nix>
- services.infinoted.enable
Whether to enable infinoted.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
- services.infinoted.package
Package providing infinoted
Type: package
Default: pkgs.libinfinity
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
- services.infinoted.certificateChain
Chain of CA-certificates to which our `certificateFile` is relative. Optional for TLS.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
- services.infinoted.certificateFile
Server certificate to use for TLS
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
- services.infinoted.extraConfig
Additional configuration to append to infinoted.conf
Type: strings concatenated with "\n"
Default:
'' [autosave] interval=10 ''
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
- services.infinoted.group
What to call the primary group of the dedicated user under which infinoted is run
Type: string
Default: "infinoted"
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
- services.infinoted.keyFile
Private key to use for TLS
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
- services.infinoted.passwordFile
File to read server-wide password from
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
- services.infinoted.plugins
Plugins to enable
Type: list of strings
Default: [ "note-text" "note-chat" "logging" "autosave" ]
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
- services.infinoted.port
Port to listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 6523
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
- services.infinoted.rootDirectory
Root of the directory structure to serve
Type: path
Default: "/var/lib/infinoted/documents/"
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
- services.infinoted.securityPolicy
How strictly to enforce clients connection with TLS.
Type: one of "no-tls", "allow-tls", "require-tls"
Default: "require-tls"
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
- services.infinoted.user
What to call the dedicated user under which infinoted is run
Type: string
Default: "infinoted"
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
- services.influxdb.enable
Whether to enable the influxdb server
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/influxdb.nix>
- services.influxdb.package
Which influxdb derivation to use
Type: package
Default: pkgs.influxdb
Declared by:
<nixpkgs/nixos/modules/services/databases/influxdb.nix>
- services.influxdb.dataDir
Data directory for influxd data files.
Type: path
Default: "/var/db/influxdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/influxdb.nix>
- services.influxdb.extraConfig
Extra configuration options for influxdb
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/databases/influxdb.nix>
- services.influxdb.group
Group under which influxdb runs
Type: string
Default: "influxdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/influxdb.nix>
- services.influxdb.user
User account under which influxdb runs
Type: string
Default: "influxdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/influxdb.nix>
- services.influxdb2.enable
Whether to enable the influxdb2 server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/influxdb2.nix>
- services.influxdb2.package
influxdb2 derivation to use.
Type: package
Default: pkgs.influxdb2
Declared by:
<nixpkgs/nixos/modules/services/databases/influxdb2.nix>
- services.influxdb2.settings
configuration options for influxdb2, see https://docs.influxdata.com/influxdb/v2.0/reference/config-options for details.
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/databases/influxdb2.nix>
- services.inspircd.enable
Whether to enable InspIRCd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/inspircd.nix>
- services.inspircd.package
The InspIRCd package to use. This is mainly useful to specify an overridden version of the pkgs.inspircd dervivation, for example if you want to use a more minimal InspIRCd distribution with less modules enabled or with modules enabled which can't be distributed in binary form due to licensing issues.
Type: package
Default: pkgs.inspircd
Example: pkgs.inspircdMinimal
Declared by:
<nixpkgs/nixos/modules/services/networking/inspircd.nix>
- services.inspircd.config
Verbatim inspircd.conf file. For a list of options, consult the InspIRCd documentation, the Module documentation and the example configuration files distributed with pkgs.inspircd.doc
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/networking/inspircd.nix>
- services.interception-tools.enable
Whether to enable the interception tools service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/interception-tools.nix>
- services.interception-tools.plugins
A list of interception tools plugins that will be made available to use inside the udevmon configuration.
Type: list of packages
Default: [ pkgs.interception-tools-plugins.caps2esc ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/interception-tools.nix>
- services.interception-tools.udevmonConfig
String of udevmon YAML configuration, or path to a udevmon YAML configuration file.
Type: string or path
Default:
'' - JOB: "intercept -g $DEVNODE | caps2esc | uinput -d $DEVNODE" DEVICE: EVENTS: EV_KEY: [KEY_CAPSLOCK, KEY_ESC] ''Example:
'' - JOB: "intercept -g $DEVNODE | y2z | x2y | uinput -d $DEVNODE" DEVICE: EVENTS: EV_KEY: [KEY_X, KEY_Y] ''Declared by:
<nixpkgs/nixos/modules/services/hardware/interception-tools.nix>
- services.invidious.enable
Whether to enable Invidious.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invidious.nix>
- services.invidious.package
The Invidious package to use.
Type: package
Default: "pkgs.invidious"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invidious.nix>
- services.invidious.database.createLocally
Whether to create a local database with PostgreSQL.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invidious.nix>
- services.invidious.database.host
The database host Invidious should use.
If null, the local unix socket is used. Otherwise TCP is used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invidious.nix>
- services.invidious.database.passwordFile
Path to file containing the database password.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invidious.nix>
- services.invidious.database.port
The port of the database Invidious should use.
Defaults to the the default postgresql port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5432
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invidious.nix>
- services.invidious.domain
The FQDN Invidious is reachable on.
This is used to configure nginx and for building absolute URLs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invidious.nix>
- services.invidious.extraSettingsFile
A file including Invidious settings.
It gets merged with the setttings specified in services.invidious.settings and can be used to store secrets like hmac_key outside of the nix store.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invidious.nix>
- services.invidious.nginx.enable
Whether to configure nginx as a reverse proxy for Invidious.
It serves it under the domain specified in services.invidious.settings.domain with enabled TLS and ACME. Further configuration can be done through services.nginx.virtualHosts.${config.services.invidious.settings.domain}.*, which can also be used to disable AMCE and TLS.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invidious.nix>
- services.invidious.port
The port Invidious should listen on.
To allow access from outside, you can use either services.invidious.nginx or add config.services.invidious.port to networking.firewall.allowedTCPPorts.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invidious.nix>
- services.invidious.settings
The settings Invidious should use.
See config.example.yml for a list of all possible options.
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invidious.nix>
- services.iodine.clients
Each attribute of this option defines a systemd service that runs iodine. Many or none may be defined. The name of each service is iodine-name where name is the name of the corresponding attribute name.
Type: attribute set of submodules
Default: { }
Example:
{ foo = { server = "tunnel.mdomain.com"; relay = "8.8.8.8"; extraConfig = "-v"; } }Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
- services.iodine.clients.<name>.extraConfig
Additional command line parameters
Type: string
Default: ""
Example: "-l 192.168.1.10 -p 23"
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
- services.iodine.clients.<name>.passwordFile
Path to a file containing the password.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
- services.iodine.clients.<name>.relay
DNS server to use as an intermediate relay to the iodined server
Type: string
Default: ""
Example: "8.8.8.8"
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
- services.iodine.clients.<name>.server
Hostname of server running iodined
Type: string
Default: ""
Example: "tunnel.mydomain.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
- services.iodine.server.enable
enable iodined server
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
- services.iodine.server.domain
Domain or subdomain of which nameservers point to us
Type: string
Default: ""
Example: "tunnel.mydomain.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
- services.iodine.server.extraConfig
Additional command line parameters
Type: string
Default: ""
Example: "-l 192.168.1.10 -p 23"
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
- services.iodine.server.ip
The assigned ip address or ip range
Type: string
Default: ""
Example: "172.16.10.1/24"
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
- services.iodine.server.passwordFile
File that contains password
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
- services.iperf3.enable
Whether to enable iperf3 network throughput testing server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
- services.iperf3.affinity
CPU affinity for the process.
Type: null or unsigned integer, meaning >=0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
- services.iperf3.authorizedUsersFile
Path to the configuration file containing authorized users credentials to run iperf tests.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
- services.iperf3.bind
Bind to the specific interface associated with the given address.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
- services.iperf3.debug
Emit debugging output.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
- services.iperf3.extraFlags
Extra flags to pass to iperf3(1).
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
- services.iperf3.forceFlush
Force flushing output at every interval.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
- services.iperf3.openFirewall
Open ports in the firewall for iperf3.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
- services.iperf3.port
Server port to listen on for iperf3 client requsts.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5201
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
- services.iperf3.rsaPrivateKey
Path to the RSA private key (not password-protected) used to decrypt authentication credentials from the client.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
- services.iperf3.verbose
Give more detailed output.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
- services.ipfs.enable
Whether to enable Interplanetary File System (WARNING: may cause severe network degredation).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
- services.ipfs.enableGC
Whether to enable automatic garbage collection
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
- services.ipfs.package
Which IPFS package to use.
Type: package
Default: pkgs.ipfs
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
- services.ipfs.apiAddress
Where IPFS exposes its API to
Type: string
Default: "/ip4/127.0.0.1/tcp/5001"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
- services.ipfs.autoMigrate
Whether IPFS should try to run the fs-repo-migration at startup.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
- services.ipfs.autoMount
Whether IPFS should try to mount /ipfs and /ipns at startup.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
- services.ipfs.dataDir
The data dir for IPFS
Type: string
Default: "/var/lib/ipfs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
- services.ipfs.defaultMode
systemd service that is enabled by default
Type: one of "online", "offline", "norouting"
Default: "online"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
- services.ipfs.emptyRepo
If set to true, the repo won't be initialized with help files
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
- services.ipfs.extraConfig
Attrset of daemon configuration to set using ipfs config, every time the daemon starts. These are applied last, so may override configuration set by other options in this module. Keep in mind that this configuration is stateful; i.e., unsetting anything in here does not reset the value to the default!
Type: attribute set
Default: { }
Example: { Bootstrap = [ "/ip4/128.199.219.111/tcp/4001/ipfs/QmSoLSafTMBsPKadTEgaXctDQVcqN88CNLHXMkTNwMKPnu" "/ip4/162.243.248.213/tcp/4001/ipfs/QmSoLueR4xBeUbY9WZ9xGUUxunbKWcrNFTDAadQJmocnWm" ] ; Datastore = { StorageMax = "100GB"; } ; Discovery = { MDNS = { Enabled = false; } ; } ; Swarm = { AddrFilters = null; } ; }
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
- services.ipfs.extraFlags
Extra flags passed to the IPFS daemon
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
- services.ipfs.gatewayAddress
Where the IPFS Gateway can be reached
Type: string
Default: "/ip4/127.0.0.1/tcp/8080"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
- services.ipfs.group
Group under which the IPFS daemon runs
Type: string
Default: "ipfs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
- services.ipfs.ipfsMountDir
Where to mount the IPFS namespace to
Type: string
Default: "/ipfs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
- services.ipfs.ipnsMountDir
Where to mount the IPNS namespace to
Type: string
Default: "/ipns"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
- services.ipfs.localDiscovery
Whether to enable local discovery for the ipfs daemon. This will allow ipfs to scan ports on your local network. Some hosting services will ban you if you do this.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
- services.ipfs.serviceFdlimit
The fdlimit for the IPFS systemd unit or null to have the daemon attempt to manage it
Type: null or signed integer
Default: null
Example: 65536
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
- services.ipfs.startWhenNeeded
Whether to use socket activation to start IPFS when needed.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
- services.ipfs.swarmAddress
Where IPFS listens for incoming p2p connections
Type: list of strings
Default: [ "/ip4/0.0.0.0/tcp/4001" "/ip6/::/tcp/4001" "/ip4/0.0.0.0/udp/4001/quic" "/ip6/::/udp/4001/quic" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
- services.ipfs.user
User under which the IPFS daemon runs
Type: string
Default: "ipfs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ipfs.nix>
- services.ircdHybrid.enable
Whether to enable IRCD.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
- services.ircdHybrid.adminEmail
IRCD server administrator e-mail.
Type: string
Default: "<bit-bucket@example.com>"
Example: "<name@domain.tld>"
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
- services.ircdHybrid.certificate
IRCD server SSL certificate. There are some limitations - read manual.
Type: null or path
Default: null
Example: /root/certificates/irc.pem
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
- services.ircdHybrid.description
IRCD server description.
Type: string
Default: "Hybrid-7 IRC server."
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
- services.ircdHybrid.extraIPs
Extra IP's to bind.
Type: list of strings
Default: [ ]
Example: [ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
- services.ircdHybrid.extraPort
Extra port to avoid filtering.
Type: string
Default: "7117"
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
- services.ircdHybrid.rsaKey
IRCD server RSA key.
Type: null or path
Default: null
Example: /root/certificates/irc.key
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
- services.ircdHybrid.serverName
IRCD server name.
Type: string
Default: "hades.arpa"
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
- services.ircdHybrid.sid
IRCD server unique ID in a net of servers.
Type: string
Default: "0NL"
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
- services.irkerd.enable
Whether to enable irker, an IRC notification daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/irkerd.nix>
- services.irkerd.listenAddress
Specifies the bind address on which the irker daemon listens. The default is localhost.
Irker authors strongly warn about the risks of running this on a publicly accessible interface, so change this with caution.
Type: string
Default: "localhost"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/irkerd.nix>
- services.irkerd.nick
Nick to use for irker
Type: string
Default: "irker"
Declared by:
<nixpkgs/nixos/modules/services/misc/irkerd.nix>
- services.irkerd.openPorts
Open ports in the firewall for irkerd
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/irkerd.nix>
- services.irqbalance.enable
Whether to enable irqbalance daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/irqbalance.nix>
- services.isso.enable
Whether to enable A commenting server similar to Disqus.
Note: The application's author suppose to run isso behind a reverse proxy. The embedded solution offered by NixOS is also only suitable for small installations below 20 requests per second. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/isso.nix>
- services.isso.settings
Configuration for isso.
See Isso Server Configuration for supported values.
Type: attribute set of attribute set of INI atom (null, bool, int, float or string)ss
Example:
{ general = { host = "http://localhost"; }; }Declared by:
<nixpkgs/nixos/modules/services/web-apps/isso.nix>
- services.jack.alsa.enable
Route audio to/from generic ALSA-using applications using ALSA JACK PCM plugin.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/audio/jack.nix>
- services.jack.alsa.support32Bit
Whether to support sound for 32-bit ALSA applications on 64-bit system.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/jack.nix>
- services.jack.jackd.enable
Whether to enable JACK Audio Connection Kit. You need to add yourself to the "jackaudio" group .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/jack.nix>
- services.jack.jackd.extraOptions
Specifies startup command line arguments to pass to JACK server.
Type: list of strings
Default: [ "-dalsa" ]
Example:
[ "-dalsa" "--device" "hw:1" ];
Declared by:
<nixpkgs/nixos/modules/services/audio/jack.nix>
- services.jack.jackd.session
Commands to run after JACK is started.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/audio/jack.nix>
- services.jack.loopback.enable
Create ALSA loopback device, instead of using PCM plugin. Has broader application support (things like Steam will work), but may need fine-tuning for concrete hardware.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/jack.nix>
- services.jack.loopback.config
ALSA config for loopback device.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/audio/jack.nix>
- services.jack.loopback.dmixConfig
For music production software that still doesn't support JACK natively you would like to put buffer/period adjustments here to decrease dmix device latency.
Type: strings concatenated with "\n"
Default: ""
Example:
'' period_size 2048 periods 2 ''
Declared by:
<nixpkgs/nixos/modules/services/audio/jack.nix>
- services.jack.loopback.index
Index of an ALSA loopback device.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/audio/jack.nix>
- services.jack.loopback.session
Additional commands to run to setup loopback device.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/audio/jack.nix>
- services.jackett.enable
Whether to enable Jackett.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/jackett.nix>
- services.jackett.package
Jackett package to use.
Type: package
Default: pkgs.jackett
Declared by:
<nixpkgs/nixos/modules/services/misc/jackett.nix>
- services.jackett.dataDir
The directory where Jackett stores its data files.
Type: string
Default: "/var/lib/jackett/.config/Jackett"
Declared by:
<nixpkgs/nixos/modules/services/misc/jackett.nix>
- services.jackett.group
Group under which Jackett runs.
Type: string
Default: "jackett"
Declared by:
<nixpkgs/nixos/modules/services/misc/jackett.nix>
- services.jackett.openFirewall
Open ports in the firewall for the Jackett web interface.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/jackett.nix>
- services.jackett.user
User account under which Jackett runs.
Type: string
Default: "jackett"
Declared by:
<nixpkgs/nixos/modules/services/misc/jackett.nix>
- services.jboss.enable
Whether to enable JBoss. WARNING : this package is outdated and is known to have vulnerabilities.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
- services.jboss.deployDir
Location of the deployment files
Type: string
Default: "/nix/var/nix/profiles/default/server/default/deploy/"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
- services.jboss.libUrl
Location where the shared library JARs are stored
Type: string
Default: "file:///nix/var/nix/profiles/default/server/default/lib"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
- services.jboss.logDir
Location of the logfile directory of JBoss
Type: string
Default: "/var/log/jboss"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
- services.jboss.serverDir
Location of the server instance files
Type: string
Default: "/var/jboss/server"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
- services.jboss.tempDir
Location where JBoss stores its temp files
Type: string
Default: "/tmp"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
- services.jboss.useJK
Whether to use to connector to the Apache HTTP server
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
- services.jboss.user
User account under which jboss runs.
Type: string
Default: "nobody"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
- services.jellyfin.enable
Whether to enable Jellyfin Media Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/jellyfin.nix>
- services.jellyfin.package
Jellyfin package to use.
Type: package
Default: pkgs.jellyfin
Declared by:
<nixpkgs/nixos/modules/services/misc/jellyfin.nix>
- services.jellyfin.group
Group under which jellyfin runs.
Type: string
Default: "jellyfin"
Declared by:
<nixpkgs/nixos/modules/services/misc/jellyfin.nix>
- services.jellyfin.openFirewall
Open the default ports in the firewall for the media server. The HTTP/HTTPS ports can be changed in the Web UI, so this option should only be used if they are unchanged.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/jellyfin.nix>
- services.jellyfin.user
User account under which Jellyfin runs.
Type: string
Default: "jellyfin"
Declared by:
<nixpkgs/nixos/modules/services/misc/jellyfin.nix>
- services.jenkins.enable
Whether to enable the jenkins continuous integration server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
- services.jenkins.package
Jenkins package to use.
Type: package
Default: pkgs.jenkins
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
- services.jenkins.packages
Packages to add to PATH for the jenkins process.
Type: list of packages
Default: [ pkgs.stdenv pkgs.git pkgs.jdk11 config.programs.ssh.package pkgs.nix ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
- services.jenkins.environment
Additional environment variables to be passed to the jenkins process. As a base environment, jenkins receives NIX_PATH from environment.sessionVariables, NIX_REMOTE is set to "daemon" and JENKINS_HOME is set to the value of services.jenkins.home. This option has precedence and can be used to override those mentioned variables.
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
- services.jenkins.extraGroups
List of extra groups that the "jenkins" user should be a part of.
Type: list of strings
Default: [ ]
Example: [ "wheel" "dialout" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
- services.jenkins.extraJavaOptions
Additional command line arguments to pass to the Java run time (as opposed to Jenkins).
Type: list of strings
Default: [ ]
Example: [ "-Xmx80m" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
- services.jenkins.extraOptions
Additional command line arguments to pass to Jenkins.
Type: list of strings
Default: [ ]
Example: [ "--debug=9" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
- services.jenkins.group
If the default user "jenkins" is configured then this is the primary group of that user.
Type: string
Default: "jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
- services.jenkins.home
The path to use as JENKINS_HOME. If the default user "jenkins" is configured then this is the home of the "jenkins" user.
Type: path
Default: "/var/lib/jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
- services.jenkins.jobBuilder.enable
Whether or not to enable the Jenkins Job Builder (JJB) service. It allows defining jobs for Jenkins in a declarative manner.
Jobs managed through the Jenkins WebUI (or by other means) are left unchanged.
Note that it really is declarative configuration; if you remove a previously defined job, the corresponding job directory will be deleted.
Please see the Jenkins Job Builder documentation for more info: http://docs.openstack.org/infra/jenkins-job-builder/
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix>
- services.jenkins.jobBuilder.accessToken
User token in Jenkins used to reload config. WARNING: This token will be world readable in the Nix store. To keep it secret, use the accessTokenFile option instead.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix>
- services.jenkins.jobBuilder.accessTokenFile
File containing the API token for the accessUser user.
Type: string
Default: ""
Example: "/run/keys/jenkins-job-builder-access-token"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix>
- services.jenkins.jobBuilder.accessUser
User id in Jenkins used to reload config.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix>
- services.jenkins.jobBuilder.jsonJobs
Job descriptions for Jenkins Job Builder in JSON format.
Type: list of strings
Default: [ ]
Example:
[ '' [ { "job": { "name": "jenkins-job-test-2", "builders": [ "shell": "echo 'Hello world!'" ] } } ] '' ]Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix>
- services.jenkins.jobBuilder.nixJobs
Job descriptions for Jenkins Job Builder in Nix format.
This is a trivial wrapper around jsonJobs, using builtins.toJSON behind the scene.
Type: list of attribute sets
Default: [ ]
Example:
[ { job = { name = "jenkins-job-test-3"; builders = [ { shell = "echo 'Hello world!'"; } ]; }; } ]Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix>
- services.jenkins.jobBuilder.yamlJobs
Job descriptions for Jenkins Job Builder in YAML format.
Type: strings concatenated with "\n"
Default: ""
Example:
'' - job: name: jenkins-job-test-1 builders: - shell: echo 'Hello world!' ''Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix>
- services.jenkins.listenAddress
Specifies the bind address on which the jenkins HTTP interface listens. The default is the wildcard address.
Type: string
Default: "0.0.0.0"
Example: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
- services.jenkins.plugins
A set of plugins to activate. Note that this will completely remove and replace any previously installed plugins. If you have manually-installed plugins that you want to keep while using this module, set this option to null. You can generate this set with a tool such as jenkinsPlugins2nix.
Type: null or attribute set of packages
Default: null
Example:
import path/to/jenkinsPlugins2nix-generated-plugins.nix { inherit (pkgs) fetchurl stdenv; }Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
- services.jenkins.port
Specifies port number on which the jenkins HTTP interface listens. The default is 8080.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
- services.jenkins.prefix
Specifies a urlPrefix to use with jenkins. If the example /jenkins is given, the jenkins server will be accessible using localhost:8080/jenkins.
Type: string
Default: ""
Example: "/jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
- services.jenkins.user
User the jenkins server should execute under.
Type: string
Default: "jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
- services.jenkins.withCLI
Whether to make the CLI available.
More info about the CLI available at https://www.jenkins.io/doc/book/managing/cli .
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
- services.jenkinsSlave.enable
If true the system will be configured to work as a jenkins slave. If the system is also configured to work as a jenkins master then this has no effect. In progress: Currently only assures the jenkins user is configured.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix>
- services.jenkinsSlave.group
If the default slave agent user "jenkins" is configured then this is the primary group of that user.
Type: string
Default: "jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix>
- services.jenkinsSlave.home
The path to use as JENKINS_HOME. If the default user "jenkins" is configured then this is the home of the "jenkins" user.
Type: path
Default: "/var/lib/jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix>
- services.jenkinsSlave.user
User the jenkins slave agent should execute under.
Type: string
Default: "jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix>
- services.jibri.enable
Whether to enable Jitsi BRoadcasting Infrastructure. Currently Jibri must be run on a host that is also running services.jitsi-meet.enable, so for most use cases it will be simpler to run services.jitsi-meet.jibri.enable.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
- services.jibri.config
Jibri configuration. See https://github.com/jitsi/jibri/blob/master/src/main/resources/reference.conf for default configuration with comments.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
- services.jibri.finalizeScript
This script runs when jibri finishes recording a video of a conference.
Type: path
Default:
pkgs.writeScript "finalize_recording.sh" '''' #!/bin/sh RECORDINGS_DIR=$1 echo "This is a dummy finalize script" > /tmp/finalize.out echo "The script was invoked with recordings directory $RECORDINGS_DIR." >> /tmp/finalize.out echo "You should put any finalize logic (renaming, uploading to a service" >> /tmp/finalize.out echo "or storage provider, etc.) in this script" >> /tmp/finalize.out exit 0 '''';
Example:
pkgs.writeScript "finalize_recording.sh" '''' #!/bin/sh RECORDINGS_DIR=$1 ${pkgs.rclone}/bin/rclone copy $RECORDINGS_DIR RCLONE_REMOTE:jibri-recordings/ -v --log-file=/var/log/jitsi/jibri/recording-upload.txt exit 0 '''';Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
- services.jibri.ignoreCert
Whether to enable the flag "--ignore-certificate-errors" for the Chromium browser opened by Jibri. Intended for use in automated tests or anywhere else where using a verified cert for Jitsi-Meet is not possible.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
- services.jibri.xmppEnvironments
XMPP servers to connect to.
Type: attribute set of submodules
Default: { }
Example:
"jitsi-meet" = { xmppServerHosts = [ "localhost" ]; xmppDomain = config.services.jitsi-meet.hostName; control.muc = { domain = "internal.${config.services.jitsi-meet.hostName}"; roomName = "JibriBrewery"; nickname = "jibri"; }; control.login = { domain = "auth.${config.services.jitsi-meet.hostName}"; username = "jibri"; passwordFile = "/var/lib/jitsi-meet/jibri-auth-secret"; }; call.login = { domain = "recorder.${config.services.jitsi-meet.hostName}"; username = "recorder"; passwordFile = "/var/lib/jitsi-meet/jibri-recorder-secret"; }; usageTimeout = "0"; disableCertificateVerification = true; stripFromRoomDomain = "conference."; };Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
- services.jibri.xmppEnvironments.<name>.call.login.domain
The domain part of the JID for the recorder.
Type: string
Example: "recorder.xmpp.example.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
- services.jibri.xmppEnvironments.<name>.call.login.passwordFile
File containing the password for the user.
Type: string
Example: "/run/keys/jibri-recorder-xmpp1"
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
- services.jibri.xmppEnvironments.<name>.call.login.username
User part of the JID for the recorder.
Type: string
Default: "recorder"
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
- services.jibri.xmppEnvironments.<name>.control.login.domain
The domain part of the JID for this Jibri instance.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
- services.jibri.xmppEnvironments.<name>.control.login.passwordFile
File containing the password for the user.
Type: string
Example: "/run/keys/jibri-xmpp1"
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
- services.jibri.xmppEnvironments.<name>.control.login.username
User part of the JID.
Type: string
Default: "jvb"
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
- services.jibri.xmppEnvironments.<name>.control.muc.domain
The domain part of the MUC to connect to for control.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
- services.jibri.xmppEnvironments.<name>.control.muc.nickname
The nickname for this Jibri instance in the MUC.
Type: string
Default: "jibri"
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
- services.jibri.xmppEnvironments.<name>.control.muc.roomName
The room name of the MUC to connect to for control.
Type: string
Default: "JibriBrewery"
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
- services.jibri.xmppEnvironments.<name>.disableCertificateVerification
Whether to skip validation of the server's certificate.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
- services.jibri.xmppEnvironments.<name>.stripFromRoomDomain
The prefix to strip from the room's JID domain to derive the call URL.
Type: string
Default: "0"
Example: "conference."
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
- services.jibri.xmppEnvironments.<name>.usageTimeout
The duration that the Jibri session can be. A value of zero means indefinitely.
Type: string
Default: "0"
Example: "1 hour"
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
- services.jibri.xmppEnvironments.<name>.xmppDomain
The base XMPP domain.
Type: string
Example: "xmpp.example.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
- services.jibri.xmppEnvironments.<name>.xmppServerHosts
Hostnames of the XMPP servers to connect to.
Type: list of strings
Example: [ "xmpp.example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
- services.jicofo.enable
Whether to enable Jitsi Conference Focus - component of Jitsi Meet.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/jicofo.nix>
- services.jicofo.bridgeMuc
JID of the internal MUC used to communicate with Videobridges.
Type: string
Example: "jvbbrewery@internal.meet.example.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/jicofo.nix>
- services.jicofo.componentPasswordFile
Path to file containing component secret.
Type: string
Example: "/run/keys/jicofo-component"
Declared by:
<nixpkgs/nixos/modules/services/networking/jicofo.nix>
- services.jicofo.config
Contents of the sip-communicator.properties configuration file for jicofo.
Type: attribute set of strings
Default: { }
Example:
{ "org.jitsi.jicofo.auth.URL" = "XMPP:jitsi-meet.example.com"; }Declared by:
<nixpkgs/nixos/modules/services/networking/jicofo.nix>
- services.jicofo.userDomain
Domain part of the JID for XMPP user connection.
Type: string
Example: "auth.meet.example.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/jicofo.nix>
- services.jicofo.userName
User part of the JID for XMPP user connection.
Type: string
Default: "focus"
Declared by:
<nixpkgs/nixos/modules/services/networking/jicofo.nix>
- services.jicofo.userPasswordFile
Path to file containing password for XMPP user connection.
Type: string
Example: "/run/keys/jicofo-user"
Declared by:
<nixpkgs/nixos/modules/services/networking/jicofo.nix>
- services.jicofo.xmppDomain
Domain name of the XMMP server to which to connect as a component.
If null, xmppHost is used.
Type: null or string
Example: "meet.example.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/jicofo.nix>
- services.jicofo.xmppHost
Hostname of the XMPP server to connect to.
Type: string
Example: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/jicofo.nix>
- services.jira.enable
Whether to enable Atlassian JIRA service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
- services.jira.package
Atlassian JIRA package to use.
Type: package
Default: pkgs.atlassian-jira
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
- services.jira.catalinaOptions
Java options to pass to catalina/tomcat.
Type: list of strings
Default: [ ]
Example: [ "-Xms1024m" "-Xmx2048m" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
- services.jira.group
Group which runs JIRA.
Type: string
Default: "jira"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
- services.jira.home
Home directory of the JIRA instance.
Type: string
Default: "/var/lib/jira"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
- services.jira.jrePackage
Note that Atlassian only support the Oracle JRE (JRASERVER-46152).
Type: package
Default: pkgs.oraclejre8
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
- services.jira.listenAddress
Address to listen on.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
- services.jira.listenPort
Port to listen on.
Type: signed integer
Default: 8091
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
- services.jira.proxy.enable
Whether to enable reverse proxy support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
- services.jira.proxy.name
Virtual hostname at the proxy
Type: string
Example: "jira.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
- services.jira.proxy.port
Port used at the proxy
Type: signed integer
Default: 443
Example: 80
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
- services.jira.proxy.scheme
Protocol used at the proxy.
Type: string
Default: "https"
Example: "http"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
- services.jira.proxy.secure
Whether the connections to the proxy should be considered secure.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
- services.jira.sso.enable
Whether to enable SSO with Atlassian Crowd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
- services.jira.sso.applicationName
Exact name of this JIRA instance in Crowd
Type: string
Example: "jira"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
- services.jira.sso.applicationPassword
Application password of this JIRA instance in Crowd
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
- services.jira.sso.crowd
Crowd Base URL without trailing slash
Type: string
Example: "http://localhost:8095/crowd"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
- services.jira.sso.validationInterval
Set to 0, if you want authentication checks to occur on each request. Otherwise set to the number of minutes between request to validate if the user is logged in or out of the Crowd SSO server. Setting this value to 1 or higher will increase the performance of Crowd's integration.
Type: signed integer
Default: 2
Example: 0
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
- services.jira.user
User which runs JIRA.
Type: string
Default: "jira"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
- services.jirafeau.enable
Whether to enable Jirafeau file upload application..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.package
Jirafeau package to use
Type: package
Default: pkgs.jirafeau
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.adminPasswordSha256
SHA-256 of the desired administration password. Leave blank/unset for no password.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.dataDir
Location of Jirafeau storage directory.
Type: path
Default: "/var/lib/jirafeau/data/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.extraConfig
Jirefeau configuration. Refer to https://gitlab.com/mojo42/Jirafeau/-/blob/4.3.0/lib/config.original.php for supported values.
Type: strings concatenated with "\n"
Default: ""
Example:
'' $cfg['style'] = 'courgette'; $cfg['organisation'] = 'ACME'; ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.hostName
URL of instance. Must have trailing slash.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.maxUploadSizeMegabytes
Maximum upload size of accepted files.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.maxUploadTimeout
Timeout for reading client request bodies and headers. Refer to http://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_timeout and http://nginx.org/en/docs/http/ngx_http_core_module.html#client_header_timeout for accepted values.
Type: string
Default: "30m"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig
Extra configuration for the nginx virtual host of Jirafeau.
Type: submodule
Default: { }
Example:
{ serverAliases = [ "wiki.${config.networking.domain}" ]; }Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.enableACME
Whether to ask Let's Encrypt to sign a certificate for this vhost. Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.acmeFallbackHost
Host which to proxy requests to if acme challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.acmeRoot
Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
Type: string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.addSSL
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of strings
Default: { }
Example:
{ user = "password"; };Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.basicAuthFile
Basic Auth password file for a vhost. Can be created via: htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.default
Makes this vhost the default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.extraConfig
These lines go to the end of the vhost verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.forceSSL
Whether to add a separate nginx server block that permanently redirects (301) all plain HTTP traffic to HTTPS. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.globalRedirect
If set, all requests for this host are redirected permanently to the given hostname.
Type: null or string
Default: null
Example: "newserver.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.http2
Whether to enable HTTP 2. Note that (as of writing) due to nginx's implementation, to disable HTTP 2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2,then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.http3
Whether to enable HTTP 3. This requires using pkgs.nginxQuic package which can be achieved by setting services.nginx.package = pkgs.nginxQuic;. Note that HTTP 3 support is experimental and *not* yet recommended for production. Read more at https://quic.nginx.org/
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.listen
Listen addresses and ports for this virtual host. IPv6 addresses must be enclosed in square brackets. Note: this option overrides addSSL and onlySSL.
If you only want to set the addresses manually and not the ports, take a look at listenAddresses
Type: list of submodules
Default: [ ]
Example: [ { addr = "195.154.1.1"; port = 443; ssl = true; } { addr = "192.154.1.1"; port = 80; } ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.listen.*.addr
IP address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.listen.*.extraParameters
Extra parameters of this listen directive.
Type: list of strings
Default: [ ]
Example: [ "reuseport" "deferred" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.listen.*.port
Port number.
Type: signed integer
Default: 80
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.listen.*.ssl
Enable SSL.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.listenAddresses
Listen addresses for this virtual host. Compared to listen this only sets the addreses and the ports are choosen automatically.
Note: This option overrides enableIPv6
Type: list of strings
Default: [ ]
Example: [ "127.0.0.1" "::1" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.locations
Declarative location config
Type: attribute set of submodules
Default: { }
Example:
{ "/" = { proxyPass = "http://localhost:3000"; }; };Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.locations.<name>.alias
Alias directory for requests.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.locations.<name>.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of strings
Default: { }
Example:
{ user = "password"; };Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.locations.<name>.basicAuthFile
Basic Auth password file for a vhost. Can be created via: htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.locations.<name>.extraConfig
These lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.locations.<name>.fastcgiParams
FastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won't unset the default values for other parameters.
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.locations.<name>.index
Adds index directive.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.locations.<name>.priority
Order of this location block in relation to the others in the vhost. The semantics are the same as with `lib.mkOrder`. Smaller values have a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.locations.<name>.proxyPass
Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.locations.<name>.proxyWebsockets
Whether to support proxying websocket connections with HTTP/1.1.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.locations.<name>.return
Adds a return directive, for e.g. redirections.
Type: null or string
Default: null
Example: "301 http://example.com$request_uri"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.locations.<name>.root
Root directory for requests.
Type: null or path
Default: null
Example: "/your/root/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.locations.<name>.tryFiles
Adds try_files directive.
Type: null or string
Default: null
Example: "$uri =404"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.onlySSL
Whether to enable HTTPS and reject plain HTTP connections. This will set defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.rejectSSL
Whether to listen for and reject all HTTPS connections to this vhost. Useful in default server blocks to avoid serving the certificate for another vhost. Uses the ssl_reject_handshake directive available in nginx versions 1.19.4 and above.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.root
The path of the web root directory.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of strings
Default: [ ]
Example: [ "www.example.org" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.serverName
Name of this virtual host. Defaults to attribute name in virtualHosts.
Type: null or string
Default: null
Example: "example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.sslCertificate
Path to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.sslCertificateKey
Path to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.sslTrustedCertificate
Path to root SSL certificate for stapling and client certificates.
Type: null or path
Default: null
Example: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.nginxConfig.useACMEHost
A host of an existing Let's Encrypt certificate to use. This is useful if you have many subdomains and want to avoid hitting the rate limit. Alternately, you can generate a certificate through enableACME. Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jirafeau.poolConfig
Options for Jirafeau PHP pool. See documentation on php-fpm.conf for details on configuration directives.
Type: attribute set of string or signed integer or booleans
Default: { pm = "dynamic"; pm.max_children = 32; pm.max_requests = 500; pm.max_spare_servers = 4; pm.min_spare_servers = 2; pm.start_servers = 2; }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
- services.jitsi-meet.enable
Whether to enable Jitsi Meet - Secure, Simple and Scalable Video Conferences.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix>
- services.jitsi-meet.caddy.enable
Whether to enable Whether to enablle caddy reverse proxy to expose jitsi-meet.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix>
- services.jitsi-meet.config
Client-side web application settings that override the defaults in config.js.
See https://github.com/jitsi/jitsi-meet/blob/master/config.js for default configuration with comments.
Type: attribute set
Default: { }
Example:
{ enableWelcomePage = false; defaultLang = "fi"; }Declared by:
<nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix>
- services.jitsi-meet.extraConfig
Text to append to config.js web application config file.
Can be used to insert JavaScript logic to determine user's region in cascading bridges setup.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix>
- services.jitsi-meet.hostName
FQDN of the Jitsi Meet instance.
Type: string
Example: "meet.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix>
- services.jitsi-meet.interfaceConfig
Client-side web-app interface settings that override the defaults in interface_config.js.
See https://github.com/jitsi/jitsi-meet/blob/master/interface_config.js for default configuration with comments.
Type: attribute set
Default: { }
Example:
{ SHOW_JITSI_WATERMARK = false; SHOW_WATERMARK_FOR_GUESTS = false; }Declared by:
<nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix>
- services.jitsi-meet.jibri.enable
Whether to enable a Jibri instance and configure it to connect to Prosody.
Additional configuration is possible with services.jibri, and services.jibri.finalizeScript is especially useful.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix>
- services.jitsi-meet.jicofo.enable
Whether to enable JiCoFo instance and configure it to connect to Prosody.
Additional configuration is possible with services.jicofo.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix>
- services.jitsi-meet.nginx.enable
Whether to enable nginx virtual host that will serve the javascript application and act as a proxy for the XMPP server. Further nginx configuration can be done by adapting services.nginx.virtualHosts.<hostName>. When this is enabled, ACME will be used to retrieve a TLS certificate by default. To disable this, set the services.nginx.virtualHosts.<hostName>.enableACME to false and if appropriate do the same for services.nginx.virtualHosts.<hostName>.forceSSL.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix>
- services.jitsi-meet.prosody.enable
Whether to configure Prosody to relay XMPP messages between Jitsi Meet components. Turn this off if you want to configure it manually.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix>
- services.jitsi-meet.videobridge.enable
Whether to enable Jitsi Videobridge instance and configure it to connect to Prosody.
Additional configuration is possible with services.jitsi-videobridge.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix>
- services.jitsi-meet.videobridge.passwordFile
File containing password to the Prosody account for videobridge.
If null, a file with password will be generated automatically. Setting this option is useful if you plan to connect additional videobridges to the XMPP server.
Type: null or string
Default: null
Example: "/run/keys/videobridge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix>
- services.jitsi-videobridge.enable
Whether to enable Jitsi Videobridge, a WebRTC compatible video router.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
- services.jitsi-videobridge.apis
What is passed as --apis= parameter. If this is empty, "none" is passed. Needed for monitoring jitsi.
Type: list of strings
Default: [ ]
Example: [ "colibri" "rest" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
- services.jitsi-videobridge.config
Videobridge configuration.
See https://github.com/jitsi/jitsi-videobridge/blob/master/src/main/resources/reference.conf for default configuration with comments.
Type: attribute set
Default: { }
Example:
{ videobridge = { ice.udp.port = 5000; websockets = { enabled = true; server-id = "jvb1"; }; }; }Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
- services.jitsi-videobridge.extraProperties
Additional Java properties passed to jitsi-videobridge.
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
- services.jitsi-videobridge.nat.localAddress
Local address when running behind NAT.
Type: null or string
Default: null
Example: "192.168.1.42"
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
- services.jitsi-videobridge.nat.publicAddress
Public address when running behind NAT.
Type: null or string
Default: null
Example: "1.2.3.4"
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
- services.jitsi-videobridge.openFirewall
Whether to open ports in the firewall for the videobridge.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
- services.jitsi-videobridge.xmppConfigs
XMPP servers to connect to.
See https://github.com/jitsi/jitsi-videobridge/blob/master/doc/muc.md for more information.
Type: attribute set of submodules
Default: { }
Example:
{ "localhost" = { hostName = "localhost"; userName = "jvb"; domain = "auth.xmpp.example.org"; passwordFile = "/var/lib/jitsi-meet/videobridge-secret"; mucJids = "jvbbrewery@internal.xmpp.example.org"; }; }Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
- services.jitsi-videobridge.xmppConfigs.<name>.disableCertificateVerification
Whether to skip validation of the server's certificate.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
- services.jitsi-videobridge.xmppConfigs.<name>.domain
Domain part of JID of the XMPP user, if it is different from hostName.
Type: null or string
Default: null
Example: "auth.xmpp.example.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
- services.jitsi-videobridge.xmppConfigs.<name>.hostName
Hostname of the XMPP server to connect to. Name of the attribute set is used by default.
Type: string
Example: "xmpp.example.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
- services.jitsi-videobridge.xmppConfigs.<name>.mucJids
JID of the MUC to join. JiCoFo needs to be configured to join the same MUC.
Type: string
Example: "jvbbrewery@internal.xmpp.example.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
- services.jitsi-videobridge.xmppConfigs.<name>.mucNickname
Videobridges use the same XMPP account and need to be distinguished by the nickname (aka resource part of the JID). By default, system hostname is used.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
- services.jitsi-videobridge.xmppConfigs.<name>.passwordFile
File containing the password for the user.
Type: string
Example: "/run/keys/jitsi-videobridge-xmpp1"
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
- services.jitsi-videobridge.xmppConfigs.<name>.userName
User part of the JID.
Type: string
Default: "jvb"
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
- services.jmusicbot.enable
Whether to enable jmusicbot, a Discord music bot that's easy to set up and run yourself.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/jmusicbot.nix>
- services.jmusicbot.stateDir
The directory where config.txt and serversettings.json is saved. If left as the default value this directory will automatically be created before JMusicBot starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions. Untouched by the value of this option config.txt needs to be placed manually into this directory.
Type: path
Default: "/var/lib/jmusicbot/"
Declared by:
<nixpkgs/nixos/modules/services/audio/jmusicbot.nix>
- services.journalbeat.enable
Whether to enable journalbeat.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/logging/journalbeat.nix>
- services.journalbeat.package
The journalbeat package to use
Type: package
Default: pkgs.journalbeat
Declared by:
<nixpkgs/nixos/modules/services/logging/journalbeat.nix>
- services.journalbeat.extraConfig
Any other configuration options you want to add
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/logging/journalbeat.nix>
- services.journalbeat.name
Name of the beat
Type: string
Default: "journalbeat"
Declared by:
<nixpkgs/nixos/modules/services/logging/journalbeat.nix>
- services.journalbeat.stateDir
Directory below /var/lib/ to store journalbeat's own logs and other data. This directory will be created automatically using systemd's StateDirectory mechanism.
Type: string
Default: "journalbeat"
Declared by:
<nixpkgs/nixos/modules/services/logging/journalbeat.nix>
- services.journalbeat.tags
Tags to place on the shipped log messages
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/logging/journalbeat.nix>
- services.journald.enableHttpGateway
Whether to enable the HTTP gateway to the journal.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- services.journald.console
If non-empty, write log messages to the specified TTY device.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- services.journald.extraConfig
Extra config options for systemd-journald. See man journald.conf for available options.
Type: strings concatenated with "\n"
Default: ""
Example: "Storage=volatile"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- services.journald.forwardToSyslog
Whether to forward log messages to syslog.
Type: boolean
Default: services.rsyslogd.enable || services.syslog-ng.enable
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- services.journald.rateLimitBurst
Configures the rate limiting burst limit (number of messages per interval) that is applied to all messages generated on the system. This rate limiting is applied per-service, so that two services which log do not interfere with each other's limit.
Note that the effective rate limit is multiplied by a factor derived from the available free disk space for the journal as described on journald.conf(5).
Note that the total amount of logs stored is limited by journald settings such as SystemMaxUse, which defaults to a 4 GB cap.
It is thus recommended to compute what period of time that you will be able to store logs for when an application logs at full burst rate. With default settings for log lines that are 100 Bytes long, this can amount to just a few hours.
Type: signed integer
Default: 10000
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- services.journald.rateLimitInterval
Configures the rate limiting interval that is applied to all messages generated on the system. This rate limiting is applied per-service, so that two services which log do not interfere with each other's limit. The value may be specified in the following units: s, min, h, ms, us. To turn off any kind of rate limiting, set either value to 0.
See services.journald.rateLimitBurst for important considerations when setting this value.
Type: string
Default: "30s"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- services.journaldriver.enable
Whether to enable journaldriver to forward journald logs to Stackdriver Logging.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/logging/journaldriver.nix>
- services.journaldriver.applicationCredentials
Path to the service account private key (in JSON-format) used to forward log entries to Stackdriver Logging on non-GCP instances.
This option is required on non-GCP machines, but should not be set on GCP instances.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/logging/journaldriver.nix>
- services.journaldriver.googleCloudProject
Configures the name of the Google Cloud project to which to forward journald logs.
This option is required on non-GCP machines, but should not be set on GCP instances.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/logging/journaldriver.nix>
- services.journaldriver.logLevel
Log level at which journaldriver logs its own output.
Type: string
Default: "info"
Declared by:
<nixpkgs/nixos/modules/services/logging/journaldriver.nix>
- services.journaldriver.logName
Configures the name of the target log in Stackdriver Logging. This option can be set to, for example, the hostname of a machine to improve the user experience in the logging overview.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/logging/journaldriver.nix>
- services.journaldriver.logStream
Configures the name of the Stackdriver Logging log stream into which to write journald entries.
This option is required on non-GCP machines, but should not be set on GCP instances.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/logging/journaldriver.nix>
- services.journalwatch.enable
If enabled, periodically check the journal with journalwatch and report the results by mail.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
- services.journalwatch.accuracy
The time window around the interval in which the journalwatch run will be scheduled.
The format is described in systemd.time(7).
Type: string
Default: "10min"
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
- services.journalwatch.extraConfig
Extra lines to be added verbatim to the journalwatch/config configuration file. You can add any commandline argument to the config, without the '--'. See journalwatch --help for all arguments and their description.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
- services.journalwatch.filterBlocks
filterBlocks can be defined to blacklist journal messages which are not errors. Each block matches on a log entry field, and the filters in that block then are matched against all messages with a matching log entry field.
All messages whose PRIORITY is at least 6 (INFO) are processed by journalwatch. If you don't specify any filterBlocks, PRIORITY is reduced to 5 (NOTICE) by default.
All regular expressions are extended Python regular expressions, for details see: http://doc.pyschools.com/html/regex.html
Type: list of submodules
Default: [ { filters = "(Stopped|Stopping|Starting|Started) .*\n(Created slice|Removed slice) user-\\d*\\.slice\\.\nReceived SIGRTMIN\\+24 from PID .*\n(Reached target|Stopped target) .*\nStartup finished in \\d*ms\\.\n"; match = "SYSLOG_IDENTIFIER = systemd"; } ]
Example: [ { filters = "New session [a-z]?\\d+ of user \\w+\\.\nRemoved session [a-z]?\\d+\\.\n"; match = "_SYSTEMD_UNIT = systemd-logind.service"; } { filters = "pam_unix\\(crond:session\\): session (opened|closed) for user \\w+\n\\(\\w+\\) CMD .*\n"; match = "SYSLOG_IDENTIFIER = /(CROND|crond)/"; } ]
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
- services.journalwatch.filterBlocks.*.filters
The filters to apply on all messages which satisfy match. Any of those messages that match any specified filter will be removed from journalwatch's output. Each filter is an extended Python regular expression. You can specify multiple filters and separate them by newlines. Lines starting with '#' are comments. Inline-comments are not permitted.
Type: string
Example:
'' (Stopped|Stopping|Starting|Started) .* (Reached target|Stopped target) .* ''
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
- services.journalwatch.filterBlocks.*.match
Syntax: field = value Specifies the log entry field this block should apply to. If the field of a message matches this value, this patternBlock's filters are applied. If value starts and ends with a slash, it is interpreted as an extended python regular expression, if not, it's an exact match. The journal fields are explained in systemd.journal-fields(7).
Type: string
Example: "SYSLOG_IDENTIFIER = systemd"
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
- services.journalwatch.interval
How often to run journalwatch.
The format is described in systemd.time(7).
Type: string
Default: "hourly"
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
- services.journalwatch.mailBinary
Sendmail-compatible binary to be used to send the messages.
Type: path
Default: "/run/wrappers/bin/sendmail"
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
- services.journalwatch.mailFrom
Mail address to send journalwatch reports from.
Type: string
Default: "journalwatch@nixos"
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
- services.journalwatch.mailTo
Mail address to send journalwatch reports to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
- services.journalwatch.priority
Lowest priority of message to be considered. A value between 7 ("debug"), and 0 ("emerg"). Defaults to 6 ("info"). If you don't care about anything with "info" priority, you can reduce this to e.g. 5 ("notice") to considerably reduce the amount of messages without needing many filterBlocks.
Type: signed integer
Default: 6
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
- services.joycond.enable
Whether to enable support for Nintendo Pro Controllers and Joycons.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/joycond.nix>
- services.joycond.package
The joycond package to use.
Type: package
Default: "pkgs.joycond"
Declared by:
<nixpkgs/nixos/modules/services/hardware/joycond.nix>
- services.jupyter.enable
Whether to enable Jupyter development server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
- services.jupyter.package
Jupyter package to use.
Type: package
Default: pkgs.python3.pkgs.notebook
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
- services.jupyter.command
Which command the service runs. Note that not all jupyter packages have all commands, e.g. jupyter-lab isn't present in the default package.
Type: string
Default: "jupyter-notebook"
Example: "jupyter-lab"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
- services.jupyter.group
Name of the group used to run the jupyter service. Use this if you want to create a group of users that are able to view the notebook directory's content.
Type: string
Default: "jupyter"
Example: "users"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
- services.jupyter.ip
IP address Jupyter will be listening on.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
- services.jupyter.kernels
Declarative kernel config
Kernels can be declared in any language that supports and has the required dependencies to communicate with a jupyter server. In python's case, it means that ipykernel package must always be included in the list of packages of the targeted environment.
Type: null or attribute set of submodules
Default: null
Example:
{ python3 = let env = (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ ipykernel pandas scikit-learn ])); in { displayName = "Python 3 for machine learning"; argv = [ "${env.interpreter}" "-m" "ipykernel_launcher" "-f" "{connection_file}" ]; language = "python"; logo32 = "${env.sitePackages}/ipykernel/resources/logo-32x32.png"; logo64 = "${env.sitePackages}/ipykernel/resources/logo-64x64.png"; }; }Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
- services.jupyter.kernels.<name>.argv
Command and arguments to start the kernel.
Type: list of strings
Example: [ "{customEnv.interpreter}" "-m" "ipykernel_launcher" "-f" "{connection_file}" ]
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
- services.jupyter.kernels.<name>.displayName
Name that will be shown to the user.
Type: string
Default: ""
Example:
"Python 3" "Python 3 for Data Science"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
- services.jupyter.kernels.<name>.language
Language of the environment. Typically the name of the binary.
Type: string
Example: "python"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
- services.jupyter.kernels.<name>.logo32
Path to 32x32 logo png.
Type: null or path
Default: null
Example: "${env.sitePackages}/ipykernel/resources/logo-32x32.png"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
- services.jupyter.kernels.<name>.logo64
Path to 64x64 logo png.
Type: null or path
Default: null
Example: "${env.sitePackages}/ipykernel/resources/logo-64x64.png"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
- services.jupyter.notebookConfig
Raw jupyter config.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
- services.jupyter.notebookDir
Root directory for notebooks.
Type: string
Default: "~/"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
- services.jupyter.password
Password to use with notebook. Can be generated using: In [1]: from notebook.auth import passwd In [2]: passwd('test') Out[2]: 'sha1:1b961dc713fb:88483270a63e57d18d43cf337e629539de1436ba' NOTE: you need to keep the single quote inside the nix string. Or you can use a python oneliner: "open('/path/secret_file', 'r', encoding='utf8').read().strip()" It will be interpreted at the end of the notebookConfig.
Type: string
Example: "'sha1:1b961dc713fb:88483270a63e57d18d43cf337e629539de1436ba'"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
- services.jupyter.port
Port number Jupyter will be listening on.
Type: signed integer
Default: 8888
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
- services.jupyter.user
Name of the user used to run the jupyter service. For security reason, jupyter should really not be run as root. If not set (jupyter), the service will create a jupyter user with appropriate settings.
Type: string
Default: "jupyter"
Example: "aborsu"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
- services.jupyterhub.enable
Whether to enable Jupyterhub development server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
- services.jupyterhub.authentication
Jupyterhub authentication to use
There are many authenticators available including: oauth, pam, ldap, kerberos, etc.
Type: string
Default: "jupyterhub.auth.PAMAuthenticator"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
- services.jupyterhub.extraConfig
Extra contents appended to the jupyterhub configuration
Jupyterhub configuration is a normal python file using Traitlets. https://jupyterhub.readthedocs.io/en/stable/getting-started/config-basics.html. The base configuration of this module was designed to have sane defaults for configuration but you can override anything since this is a python file.
Type: strings concatenated with "\n"
Default: ""
Example:
'' c.SystemdSpawner.mem_limit = '8G' c.SystemdSpawner.cpu_limit = 2.0 ''
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
- services.jupyterhub.host
Bind IP JupyterHub will be listening on
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
- services.jupyterhub.jupyterhubEnv
Python environment to run jupyterhub
Customizing will affect the packages available in the hub and proxy. This will allow packages to be available for the extraConfig that you may need. This will not normally need to be changed.
Type: package
Default:
pkgs.python3.withPackages (p: with p; [ jupyterhub jupyterhub-systemdspawner ])
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
- services.jupyterhub.jupyterlabEnv
Python environment to run jupyterlab
Customizing will affect the packages available in the jupyterlab server and the default kernel provided. This is the way to customize the jupyterlab extensions and jupyter notebook extensions. This will not normally need to be changed.
Type: package
Default:
pkgs.python3.withPackages (p: with p; [ jupyterhub jupyterlab ])
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
- services.jupyterhub.kernels
Declarative kernel config
Kernels can be declared in any language that supports and has the required dependencies to communicate with a jupyter server. In python's case, it means that ipykernel package must always be included in the list of packages of the targeted environment.
Type: null or attribute set of submodules
Default: null
Example:
{ python3 = let env = (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ ipykernel pandas scikit-learn ])); in { displayName = "Python 3 for machine learning"; argv = [ "${env.interpreter}" "-m" "ipykernel_launcher" "-f" "{connection_file}" ]; language = "python"; logo32 = "${env}/${env.sitePackages}/ipykernel/resources/logo-32x32.png"; logo64 = "${env}/${env.sitePackages}/ipykernel/resources/logo-64x64.png"; }; }Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
- services.jupyterhub.kernels.<name>.argv
Command and arguments to start the kernel.
Type: list of strings
Example: [ "{customEnv.interpreter}" "-m" "ipykernel_launcher" "-f" "{connection_file}" ]
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
- services.jupyterhub.kernels.<name>.displayName
Name that will be shown to the user.
Type: string
Default: ""
Example:
"Python 3" "Python 3 for Data Science"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
- services.jupyterhub.kernels.<name>.language
Language of the environment. Typically the name of the binary.
Type: string
Example: "python"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
- services.jupyterhub.kernels.<name>.logo32
Path to 32x32 logo png.
Type: null or path
Default: null
Example: "${env.sitePackages}/ipykernel/resources/logo-32x32.png"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
- services.jupyterhub.kernels.<name>.logo64
Path to 64x64 logo png.
Type: null or path
Default: null
Example: "${env.sitePackages}/ipykernel/resources/logo-64x64.png"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
- services.jupyterhub.port
Port number Jupyterhub will be listening on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8000
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
- services.jupyterhub.spawner
Jupyterhub spawner to use
There are many spawners available including: local process, systemd, docker, kubernetes, yarn, batch, etc.
Type: string
Default: "systemdspawner.SystemdSpawner"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
- services.jupyterhub.stateDirectory
Directory for jupyterhub state (token + database)
Type: string
Default: "jupyterhub"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
- services.k3s.enable
Whether to enable k3s.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/k3s/default.nix>
- services.k3s.package
Package that should be used for k3s
Type: package
Default: pkgs.k3s
Declared by:
<nixpkgs/nixos/modules/services/cluster/k3s/default.nix>
- services.k3s.configPath
File path containing the k3s YAML config. This is useful when the config is generated (for example on boot).
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/k3s/default.nix>
- services.k3s.disableAgent
Only run the server. This option only makes sense for a server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/k3s/default.nix>
- services.k3s.docker
Use docker to run containers rather than the built-in containerd.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/k3s/default.nix>
- services.k3s.extraFlags
Extra flags to pass to the k3s command.
Type: string
Default: ""
Example: "--no-deploy traefik --cluster-cidr 10.24.0.0/16"
Declared by:
<nixpkgs/nixos/modules/services/cluster/k3s/default.nix>
- services.k3s.role
Whether k3s should run as a server or agent. Note that the server, by default, also runs as an agent.
Type: one of "server", "agent"
Default: "server"
Declared by:
<nixpkgs/nixos/modules/services/cluster/k3s/default.nix>
- services.k3s.serverAddr
The k3s server to connect to. This option only makes sense for an agent.
Type: string
Default: ""
Example: "https://10.0.0.10:6443"
Declared by:
<nixpkgs/nixos/modules/services/cluster/k3s/default.nix>
- services.k3s.token
The k3s token to use when connecting to the server. This option only makes sense for an agent. WARNING: This option will expose store your token unencrypted world-readable in the nix store. If this is undesired use the tokenFile option instead.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/cluster/k3s/default.nix>
- services.k3s.tokenFile
File path containing k3s token to use when connecting to the server. This option only makes sense for an agent.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/k3s/default.nix>
- services.kapacitor.enable
Whether to enable kapacitor.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
- services.kapacitor.alerta.enable
Whether to enable kapacitor alerta integration.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
- services.kapacitor.alerta.environment
Default Alerta environment
Type: string
Default: "Production"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
- services.kapacitor.alerta.origin
Default origin of alert
Type: string
Default: "kapacitor"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
- services.kapacitor.alerta.token
Default Alerta authentication token
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
- services.kapacitor.alerta.url
The URL to the Alerta REST API
Type: string
Default: "http://localhost:5000"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
- services.kapacitor.bind
Address to bind to. The default is to bind to all addresses
Type: string
Default: ""
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
- services.kapacitor.dataDir
Location where Kapacitor stores its state
Type: path
Default: "/var/lib/kapacitor"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
- services.kapacitor.defaultDatabase.enable
Whether to enable kapacitor.defaultDatabase.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
- services.kapacitor.defaultDatabase.password
The password to connect to the remote InfluxDB server
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
- services.kapacitor.defaultDatabase.url
The URL to an InfluxDB server that serves as the default database
Type: string
Example: "http://localhost:8086"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
- services.kapacitor.defaultDatabase.username
The username to connect to the remote InfluxDB server
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
- services.kapacitor.extraConfig
These lines go into kapacitord.conf verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
- services.kapacitor.group
Group under which Kapacitor runs
Type: string
Default: "kapacitor"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
- services.kapacitor.loadDirectory
Directory where to load services from, such as tasks, templates and handlers (or null to disable service loading on startup)
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
- services.kapacitor.port
Port of Kapacitor
Type: signed integer
Default: 9092
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
- services.kapacitor.taskSnapshotInterval
Specifies how often to snapshot the task state (in InfluxDB time units)
Type: string
Default: "1m0s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
- services.kapacitor.user
User account under which Kapacitor runs
Type: string
Default: "kapacitor"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
- services.kbfs.enable
Whether to mount the Keybase filesystem.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kbfs.nix>
- services.kbfs.enableRedirector
Whether to enable the Keybase root redirector service, allowing any user to access KBFS files via /keybase, which will show different contents depending on the requester.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kbfs.nix>
- services.kbfs.extraFlags
Additional flags to pass to the Keybase filesystem on launch.
Type: list of strings
Default: [ ]
Example: [ "-label kbfs" "-mount-type normal" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kbfs.nix>
- services.kbfs.mountPoint
Mountpoint for the Keybase filesystem.
Type: string
Default: "%h/keybase"
Example: "/keybase"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kbfs.nix>
- services.kea.ctrl-agent
Kea Control Agent configuration
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
- services.kea.ctrl-agent.enable
Whether to enable Kea Control Agent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
- services.kea.ctrl-agent.extraArgs
List of additonal arguments to pass to the daemon.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
- services.kea.ctrl-agent.settings
Kea Control Agent configuration as an attribute set, see https://kea.readthedocs.io/en/kea-2.0.1/arm/agent.html.
Type: JSON value
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
- services.kea.dhcp-ddns
Kea DHCP-DDNS configuration
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
- services.kea.dhcp-ddns.enable
Whether to enable Kea DDNS server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
- services.kea.dhcp-ddns.extraArgs
List of additonal arguments to pass to the daemon.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
- services.kea.dhcp-ddns.settings
Kea DHCP-DDNS configuration as an attribute set, see https://kea.readthedocs.io/en/kea-2.0.1/arm/ddns.html.
Type: JSON value
Default: null
Example: { dns-server-timeout = 100; forward-ddns = { ddns-domains = [ ] ; } ; ip-address = "127.0.0.1"; ncr-format = "JSON"; ncr-protocol = "UDP"; port = 53001; reverse-ddns = { ddns-domains = [ ] ; } ; tsig-keys = [ ] ; }
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
- services.kea.dhcp4
DHCP4 Server configuration
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
- services.kea.dhcp4.enable
Whether to enable Kea DHCP4 server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
- services.kea.dhcp4.extraArgs
List of additonal arguments to pass to the daemon.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
- services.kea.dhcp4.settings
Kea DHCP4 configuration as an attribute set, see https://kea.readthedocs.io/en/kea-2.0.1/arm/dhcp4-srv.html.
Type: JSON value
Default: null
Example: { interfaces-config = { interfaces = [ "eth0" ] ; } ; lease-database = { name = "/var/lib/kea/dhcp4.leases"; persist = true; type = "memfile"; } ; rebind-timer = 2000; renew-timer = 1000; subnet4 = [ { pools = [ { pool = "192.0.2.100 - 192.0.2.240"; } ] ; subnet = "192.0.2.0/24"; } ] ; valid-lifetime = 4000; }
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
- services.kea.dhcp6
DHCP6 Server configuration
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
- services.kea.dhcp6.enable
Whether to enable Kea DHCP6 server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
- services.kea.dhcp6.extraArgs
List of additonal arguments to pass to the daemon.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
- services.kea.dhcp6.settings
Kea DHCP6 configuration as an attribute set, see https://kea.readthedocs.io/en/kea-2.0.1/arm/dhcp6-srv.html.
Type: JSON value
Default: null
Example: { interfaces-config = { interfaces = [ "eth0" ] ; } ; lease-database = { name = "/var/lib/kea/dhcp6.leases"; persist = true; type = "memfile"; } ; preferred-lifetime = 3000; rebind-timer = 2000; renew-timer = 1000; subnet6 = [ { pools = [ { pool = "2001:db8:1::1-2001:db8:1::ffff"; } ] ; subnet = "2001:db8:1::/64"; } ] ; valid-lifetime = 4000; }
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
- services.keepalived.enable
Whether to enable Keepalived.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.enableScriptSecurity
Don't run scripts configured to be run as root if any part of the path is writable by a non-root user.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.extraConfig
Extra lines to be added verbatim to the configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.extraGlobalDefs
Extra lines to be added verbatim to the 'global_defs' block of the configuration file
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.snmp.enable
Whether to enable the builtin AgentX subagent.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.snmp.enableChecker
Enable SNMP handling of checker element of KEEPALIVED MIB.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.snmp.enableKeepalived
Enable SNMP handling of vrrp element of KEEPALIVED MIB.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.snmp.enableRfc
Enable SNMP handling of RFC2787 and RFC6527 VRRP MIBs.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.snmp.enableRfcV2
Enable SNMP handling of RFC2787 VRRP MIB.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.snmp.enableRfcV3
Enable SNMP handling of RFC6527 VRRP MIB.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.snmp.enableTraps
Enable SNMP traps.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.snmp.socket
Socket to use for connecting to SNMP master agent. If this value is set to null, keepalived's default will be used, which is unix:/var/agentx/master, unless using a network namespace, when the default is udp:localhost:705.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpInstances
Declarative vhost config
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpInstances.<name>.extraConfig
Extra lines to be added verbatim to the vrrp_instance section.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpInstances.<name>.interface
Interface for inside_network, bound by vrrp.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpInstances.<name>.noPreempt
VRRP will normally preempt a lower priority machine when a higher priority machine comes online. "nopreempt" allows the lower priority machine to maintain the master role, even when a higher priority machine comes back online. NOTE: For this to work, the initial state of this entry must be BACKUP.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpInstances.<name>.priority
For electing MASTER, highest priority wins. To be MASTER, make 50 more than other machines.
Type: signed integer
Default: 100
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpInstances.<name>.state
Initial state. As soon as the other machine(s) come up, an election will be held and the machine with the highest "priority" will become MASTER. So the entry here doesn't matter a whole lot.
Type: one of "MASTER", "BACKUP"
Default: "BACKUP"
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpInstances.<name>.trackInterfaces
List of network interfaces to monitor for health tracking.
Type: list of strings
Default: [ ]
Example: [ "eth0" "eth1" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpInstances.<name>.trackScripts
List of script names to invoke for health tracking.
Type: list of strings
Default: [ ]
Example: [ "chk_cmd1" "chk_cmd2" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpInstances.<name>.unicastPeers
Do not send VRRP adverts over VRRP multicast group. Instead it sends adverts to the following list of ip addresses using unicast design fashion. It can be cool to use VRRP FSM and features in a networking environment where multicast is not supported! IP Addresses specified can IPv4 as well as IPv6.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpInstances.<name>.unicastSrcIp
Default IP for binding vrrpd is the primary IP on interface. If you want to hide location of vrrpd, use this IP as src_addr for unicast vrrp packets.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpInstances.<name>.useVmac
Use VRRP Virtual MAC.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpInstances.<name>.virtualIps
Declarative vhost config
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpInstances.<name>.virtualIps.*.addr
IP address, optionally with a netmask: IPADDR[/MASK]
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpInstances.<name>.virtualIps.*.brd
The broadcast address on the interface.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpInstances.<name>.virtualIps.*.dev
The name of the device to add the address to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpInstances.<name>.virtualIps.*.label
Each address may be tagged with a label string. In order to preserve compatibility with Linux-2.0 net aliases, this string must coincide with the name of the device or must be prefixed with the device name followed by colon.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpInstances.<name>.virtualIps.*.scope
The scope of the area where this address is valid.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpInstances.<name>.virtualRouterId
Arbitrary unique number 0..255. Used to differentiate multiple instances of vrrpd running on the same NIC (and hence same socket).
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpInstances.<name>.vmacInterface
Name of the vmac interface to use. keepalived will come up with a name if you don't specify one.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpInstances.<name>.vmacXmitBase
Send/Recv VRRP messages from base interface instead of VMAC interface.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpScripts
Declarative vrrp script config
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpScripts.<name>.extraConfig
Extra lines to be added verbatim to the vrrp_script section.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpScripts.<name>.fall
Required number of failures for KO transition.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpScripts.<name>.group
Name of group to run the script under. Defaults to user group.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpScripts.<name>.interval
Seconds between script invocations.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpScripts.<name>.rise
Required number of successes for OK transition.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpScripts.<name>.script
(Path of) Script command to execute followed by args, i.e. cmd [args]...
Type: string
Example: "${pkgs.curl} -f http://localhost:80"
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpScripts.<name>.timeout
Seconds after which script is considered to have failed.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpScripts.<name>.user
Name of user to run the script under.
Type: string
Default: "keepalived_script"
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.keepalived.vrrpScripts.<name>.weight
Following a failure, adjust the priority by this weight.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
- services.kerberos_server.enable
Whether to enable the kerberos authentification server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/system/kerberos/default.nix>
- services.kerberos_server.realms
The realm(s) to serve keys for.
Type: attribute set of submodules
Declared by:
<nixpkgs/nixos/modules/services/system/kerberos/default.nix>
- services.kerberos_server.realms.<name>.acl
The privileges granted to a user.
Type: list of submodules
Default: [ { access = "all"; principal = "*/admin"; } { access = "all"; principal = "admin"; } ]
Declared by:
<nixpkgs/nixos/modules/services/system/kerberos/default.nix>
- services.kerberos_server.realms.<name>.acl.*.access
The changes the principal is allowed to make.
Type: list of one of "add", "cpw", "delete", "get", "list", "modify"s or value "all" (singular enum)
Default: "all"
Declared by:
<nixpkgs/nixos/modules/services/system/kerberos/default.nix>
- services.kerberos_server.realms.<name>.acl.*.principal
Which principal the rule applies to
Type: string
Declared by:
<nixpkgs/nixos/modules/services/system/kerberos/default.nix>
- services.kerberos_server.realms.<name>.acl.*.target
The principals that 'access' applies to.
Type: string
Default: "*"
Declared by:
<nixpkgs/nixos/modules/services/system/kerberos/default.nix>
- services.keybase.enable
Whether to start the Keybase service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keybase.nix>
- services.keycloak.enable
Whether to enable the Keycloak identity and access management server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
- services.keycloak.package
Keycloak package to use.
Type: package
Default: pkgs.keycloak
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
- services.keycloak.bindAddress
On which address Keycloak should accept new connections.
A special syntax can be used to allow command line Java system properties to override the value: ${property.name:value}
Type: string
Default: "\${jboss.bind.address:0.0.0.0}"
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
- services.keycloak.database.caCert
The SSL / TLS CA certificate that verifies the identity of the database server.
Required when PostgreSQL is used and SSL is turned on.
For MySQL, if left at null, the default Java keystore is used, which should suffice if the server certificate is issued by an official CA.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
- services.keycloak.database.createLocally
Whether a database should be automatically created on the local host. Set this to false if you plan on provisioning a local database yourself. This has no effect if services.keycloak.database.host is customized.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
- services.keycloak.database.host
Hostname of the database to connect to.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
- services.keycloak.database.passwordFile
File containing the database password.
This should be a string, not a Nix path, since Nix paths are copied into the world-readable Nix store.
Type: path
Example: "/run/keys/db_password"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
- services.keycloak.database.port
Port of the database to connect to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: default port of selected database
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
- services.keycloak.database.type
The type of database Keycloak should connect to.
Type: one of "mysql", "postgresql"
Default: "postgresql"
Example: "mysql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
- services.keycloak.database.useSSL
Whether the database connection should be secured by SSL / TLS.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
- services.keycloak.database.username
Username to use when connecting to an external or manually provisioned database; has no effect when a local database is automatically provisioned.
To use this with a local database, set services.keycloak.database.createLocally to false and create the database and user manually. The database should be called keycloak.
Type: string
Default: "keycloak"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
- services.keycloak.extraConfig
Additional Keycloak configuration options to set in standalone.xml.
Options are expressed as a Nix attribute set which matches the structure of the jboss-cli configuration. The configuration is effectively overlayed on top of the default configuration shipped with Keycloak. To remove existing nodes and undefine attributes from the default configuration, set them to null.
The example configuration does the equivalent of the following script, which removes the hostname provider default, adds the deprecated hostname provider fixed and defines it the default:
/subsystem=keycloak-server/spi=hostname/provider=default:remove() /subsystem=keycloak-server/spi=hostname/provider=fixed:add(enabled = true, properties = { hostname = "keycloak.example.com" }) /subsystem=keycloak-server/spi=hostname:write-attribute(name=default-provider, value="fixed")You can discover available options by using the jboss-cli.sh program and by referring to the Keycloak Server Installation and Configuration Guide.
Type: attribute set of anythings
Default: { }
Example:
{ "subsystem=keycloak-server" = { "spi=hostname" = { "provider=default" = null; "provider=fixed" = { enabled = true; properties.hostname = "keycloak.example.com"; }; default-provider = "fixed"; }; }; }Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
- services.keycloak.forceBackendUrlToFrontendUrl
Whether Keycloak should force all requests to go through the frontend URL configured in services.keycloak.frontendUrl. By default, Keycloak allows backend requests to instead use its local hostname or IP address and may also advertise it to clients through its OpenID Connect Discovery endpoint.
See the Hostname section of the Keycloak server installation manual for more information.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
- services.keycloak.frontendUrl
The public URL used as base for all frontend requests. Should normally include a trailing /auth.
See the Hostname section of the Keycloak server installation manual for more information.
Type: string
Example: "keycloak.example.com/auth"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
- services.keycloak.httpPort
On which port Keycloak should listen for new HTTP connections.
A special syntax can be used to allow command line Java system properties to override the value: ${property.name:value}
Type: string
Default: "\${jboss.http.port:80}"
Example: "8080"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
- services.keycloak.httpsPort
On which port Keycloak should listen for new HTTPS connections.
A special syntax can be used to allow command line Java system properties to override the value: ${property.name:value}
Type: string
Default: "\${jboss.https.port:443}"
Example: "8443"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
- services.keycloak.initialAdminPassword
Initial password set for the admin user. The password is not stored safely and should be changed immediately in the admin panel.
Type: string
Default: "changeme"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
- services.keycloak.sslCertificate
The path to a PEM formatted certificate to use for TLS/SSL connections.
This should be a string, not a Nix path, since Nix paths are copied into the world-readable Nix store.
Type: null or path
Default: null
Example: "/run/keys/ssl_cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
- services.keycloak.sslCertificateKey
The path to a PEM formatted private key to use for TLS/SSL connections.
This should be a string, not a Nix path, since Nix paths are copied into the world-readable Nix store.
Type: null or path
Default: null
Example: "/run/keys/ssl_key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
- services.keycloak.themes
Additional theme packages for Keycloak. Each theme is linked into subdirectory with a corresponding attribute name.
Theme packages consist of several subdirectories which provide different theme types: for example, account, login etc. After adding a theme to this option you can select it by its name in Keycloak administration console.
Type: attribute set of packages
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
- services.kibana.enable
Whether to enable kibana service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
- services.kibana.package
Kibana package to use
Type: package
Default: pkgs.kibana
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
- services.kibana.cert
Kibana ssl certificate.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
- services.kibana.dataDir
Kibana data directory
Type: path
Default: "/var/lib/kibana"
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
- services.kibana.defaultAppId
Elasticsearch default application id.
Type: string
Default: "discover"
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
- services.kibana.elasticsearch.ca
CA file to auth against elasticsearch.
It's recommended to use the certificateAuthorities option when using kibana-5.4 or newer.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
- services.kibana.elasticsearch.cert
Certificate file to auth against elasticsearch.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
- services.kibana.elasticsearch.certificateAuthorities
CA files to auth against elasticsearch.
Please use the ca option when using kibana < 5.4 because those old versions don't support setting multiple CA's.
This defaults to the singleton list [ca] when the ca option is defined.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
- services.kibana.elasticsearch.hosts
The URLs of the Elasticsearch instances to use for all your queries. All nodes listed here must be on the same cluster.
Defaults to [ "http://localhost:9200" ].
This option is only valid when using kibana >= 6.6.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
- services.kibana.elasticsearch.key
Key file to auth against elasticsearch.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
- services.kibana.elasticsearch.password
Password for elasticsearch basic auth.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
- services.kibana.elasticsearch.url
Elasticsearch url.
Defaults to "http://localhost:9200".
Don't set this when using Kibana >= 7.0.0 because it will result in a configuration error. Use services.kibana.elasticsearch.hosts instead.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
- services.kibana.elasticsearch.username
Username for elasticsearch basic auth.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
- services.kibana.extraConf
Kibana extra configuration
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
- services.kibana.index
Elasticsearch index to use for saving kibana config.
Type: string
Default: ".kibana"
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
- services.kibana.key
Kibana ssl key.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
- services.kibana.listenAddress
Kibana listening host
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
- services.kibana.port
Kibana listening port
Type: signed integer
Default: 5601
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
- services.klipper.enable
Whether to enable Klipper, the 3D printer firmware.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/klipper.nix>
- services.klipper.package
The Klipper package.
Type: package
Default: pkgs.klipper
Declared by:
<nixpkgs/nixos/modules/services/misc/klipper.nix>
- services.klipper.apiSocket
Path of the API socket to create.
Type: null or path
Default: "/run/klipper/api"
Declared by:
<nixpkgs/nixos/modules/services/misc/klipper.nix>
- services.klipper.group
Group account under which Klipper runs.
If null is specified (default), a temporary user will be created by systemd.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/klipper.nix>
- services.klipper.inputTTY
Path of the virtual printer symlink to create.
Type: path
Default: "/run/klipper/tty"
Declared by:
<nixpkgs/nixos/modules/services/misc/klipper.nix>
- services.klipper.octoprintIntegration
Allows Octoprint to control Klipper.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/klipper.nix>
- services.klipper.settings
Configuration for Klipper. See the documentation for supported values.
Type: attribute set of attribute set of INI atom (null, bool, int, float or string) or a non-empty list of themss
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/klipper.nix>
- services.klipper.user
User account under which Klipper runs.
If null is specified (default), a temporary user will be created by systemd.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/klipper.nix>
- services.klogd.enable
Whether to enable klogd, the kernel log message processing daemon. Since systemd handles logging of kernel messages on Linux 3.5 and later, this is only useful if you're running an older kernel.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/logging/klogd.nix>
- services.kmscon.enable
Use kmscon as the virtual console instead of gettys. kmscon is a kms/dri-based userspace virtual terminal implementation. It supports a richer feature set than the standard linux console VT, including full unicode support, and when the video card supports drm should be much faster.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/ttys/kmscon.nix>
- services.kmscon.autologinUser
Username of the account that will be automatically logged in at the console. If unspecified, a login prompt is shown as usual.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/ttys/kmscon.nix>
- services.kmscon.extraConfig
Extra contents of the kmscon.conf file.
Type: strings concatenated with "\n"
Default: ""
Example: "font-size=14"
Declared by:
<nixpkgs/nixos/modules/services/ttys/kmscon.nix>
- services.kmscon.extraOptions
Extra flags to pass to kmscon.
Type: strings concatenated with " "
Default: ""
Example: "--term xterm-256color"
Declared by:
<nixpkgs/nixos/modules/services/ttys/kmscon.nix>
- services.kmscon.hwRender
Whether to use 3D hardware acceleration to render the console.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/ttys/kmscon.nix>
- services.knot.enable
Whether to enable Knot authoritative-only DNS server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/knot.nix>
- services.knot.package
Which Knot DNS package to use
Type: package
Default: pkgs.knot-dns
Declared by:
<nixpkgs/nixos/modules/services/networking/knot.nix>
- services.knot.extraArgs
List of additional command line paramters for knotd
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/knot.nix>
- services.knot.extraConfig
Extra lines to be added verbatim to knot.conf
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/knot.nix>
- services.knot.keyFiles
A list of files containing additional configuration to be included using the include directive. This option allows to include configuration like TSIG keys without exposing them to the nix store readable to any process. Note that using this option will also disable configuration checks at build time.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/knot.nix>
- services.kresd.enable
Whether to enable knot-resolver domain name server. DNSSEC validation is turned on by default. You can run sudo nc -U /run/knot-resolver/control/1 and give commands interactively to kresd@1.service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/kresd.nix>
- services.kresd.package
knot-resolver package to use.
Type: package
Default: pkgs.knot-resolver
Example: pkgs.knot-resolver.override { extraFeatures = true; }
Declared by:
<nixpkgs/nixos/modules/services/networking/kresd.nix>
- services.kresd.extraConfig
Extra lines to be added verbatim to the generated configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/kresd.nix>
- services.kresd.instances
The number of instances to start. They will be called kresd@{1,2,...}.service. Knot Resolver uses no threads, so this is the way to scale. You can dynamically start/stop them at will, so this is just system default.
Type: unsigned integer, meaning >=0
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/networking/kresd.nix>
- services.kresd.listenDoH
Addresses and ports on which kresd should provide DNS over HTTPS/2 (see RFC 8484). For detailed syntax see ListenStream in man systemd.socket.
Type: list of strings
Default: [ ]
Example: [ "198.51.100.1:443" "[2001:db8::1]:443" "443" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/kresd.nix>
- services.kresd.listenPlain
What addresses and ports the server should listen on. For detailed syntax see ListenStream in man systemd.socket.
Type: list of strings
Default: [ "[::1]:53" "127.0.0.1:53" ]
Example: [ "53" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/kresd.nix>
- services.kresd.listenTLS
Addresses and ports on which kresd should provide DNS over TLS (see RFC 7858). For detailed syntax see ListenStream in man systemd.socket.
Type: list of strings
Default: [ ]
Example: [ "198.51.100.1:853" "[2001:db8::1]:853" "853" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/kresd.nix>
- services.kubernetes.package
Kubernetes package to use.
Type: package
Default: pkgs.kubernetes
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
- services.kubernetes.addonManager.enable
Whether to enable Kubernetes addon manager..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addon-manager.nix>
- services.kubernetes.addonManager.addons
Kubernetes addons (any kind of Kubernetes resource can be an addon).
Type: attribute set of attribute set or list of attribute setss
Default: { }
Example:
{ "my-service" = { "apiVersion" = "v1"; "kind" = "Service"; "metadata" = { "name" = "my-service"; "namespace" = "default"; }; "spec" = { ... }; }; } // import <nixpkgs/nixos/modules/services/cluster/kubernetes/dashboard.nix> { cfg = config.services.kubernetes; };Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addon-manager.nix>
- services.kubernetes.addonManager.bootstrapAddons
Bootstrap addons are like regular addons, but they are applied with cluster-admin rigths. They are applied at addon-manager startup only.
Type: attribute set of attribute sets
Default: { }
Example:
{ "my-service" = { "apiVersion" = "v1"; "kind" = "Service"; "metadata" = { "name" = "my-service"; "namespace" = "default"; }; "spec" = { ... }; }; }Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addon-manager.nix>
- services.kubernetes.addons.dashboard.enable
Whether to enable kubernetes dashboard addon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dashboard.nix>
- services.kubernetes.addons.dashboard.extraArgs
Extra arguments to append to the dashboard cmdline
Type: list of strings
Default: [ ]
Example: [ "--enable-skip-login" ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dashboard.nix>
- services.kubernetes.addons.dashboard.image
Docker image to seed for the kubernetes dashboard container.
Type: attribute set
Default: { finalImageTag = "v1.10.1"; imageDigest = "sha256:0ae6b69432e78069c5ce2bcde0fe409c5c4d6f0f4d9cd50a17974fea38898747"; imageName = "k8s.gcr.io/kubernetes-dashboard-amd64"; sha256 = "01xrr4pwgr2hcjrjsi3d14ifpzdfbxzqpzxbk2fkbjb9zkv38zxy"; }
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dashboard.nix>
- services.kubernetes.addons.dashboard.rbac
Role-based access control (RBAC) options
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dashboard.nix>
- services.kubernetes.addons.dashboard.rbac.enable
Whether to enable role based access control is enabled for kubernetes dashboard
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dashboard.nix>
- services.kubernetes.addons.dashboard.rbac.clusterAdmin
Whether to assign cluster admin rights to the kubernetes dashboard
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dashboard.nix>
- services.kubernetes.addons.dashboard.version
Which version of the kubernetes dashboard to deploy
Type: string
Default: "v1.10.1"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dashboard.nix>
- services.kubernetes.addons.dns.enable
Whether to enable kubernetes dns addon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix>
- services.kubernetes.addons.dns.clusterDomain
Dns cluster domain
Type: string
Default: "cluster.local"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix>
- services.kubernetes.addons.dns.clusterIp
Dns addon clusterIP
Type: string
Default: "10.0.0.254"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix>
- services.kubernetes.addons.dns.coredns
Docker image to seed for the CoreDNS container.
Type: attribute set
Default: { finalImageTag = "1.7.1"; imageDigest = "sha256:4a6e0769130686518325b21b0c1d0688b54e7c79244d48e1b15634e98e40c6ef"; imageName = "coredns/coredns"; sha256 = "02r440xcdsgi137k5lmmvp0z5w5fmk8g9mysq5pnysq1wl8sj6mw"; }
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix>
- services.kubernetes.addons.dns.corefile
Custom coredns corefile configuration.
See: https://coredns.io/manual/toc/#configuration.
Type: string
Default:
'' .:10053 { errors health :10054 kubernetes ${config.services.kubernetes.addons.dns.clusterDomain} in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa } prometheus :10055 forward . /etc/resolv.conf cache 30 loop reload loadbalance } ''Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix>
- services.kubernetes.addons.dns.reconcileMode
Controls the addon manager reconciliation mode for the DNS addon.
Setting reconcile mode to EnsureExists makes it possible to tailor DNS behavior by editing the coredns ConfigMap.
See: https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/addon-manager/README.md.
Type: one of "Reconcile", "EnsureExists"
Default: "Reconcile"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix>
- services.kubernetes.addons.dns.replicas
Number of DNS pod replicas to deploy in the cluster.
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix>
- services.kubernetes.apiserver.enable
Whether to enable Kubernetes apiserver.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.enableAdmissionPlugins
Kubernetes admission control plugins to enable. See https://kubernetes.io/docs/admin/admission-controllers/
Type: list of strings
Default: [ "NamespaceLifecycle" "LimitRanger" "ServiceAccount" "ResourceQuota" "DefaultStorageClass" "DefaultTolerationSeconds" "NodeRestriction" ]
Example: [ "NamespaceLifecycle" "NamespaceExists" "LimitRanger" "SecurityContextDeny" "ServiceAccount" "ResourceQuota" "PodSecurityPolicy" "NodeRestriction" "DefaultStorageClass" ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.advertiseAddress
Kubernetes apiserver IP address on which to advertise the apiserver to members of the cluster. This address must be reachable by the rest of the cluster.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.allowPrivileged
Whether to allow privileged containers on Kubernetes.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.apiAudiences
Kubernetes apiserver ServiceAccount issuer.
Type: string
Default: "api,https://kubernetes.default.svc"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.authorizationMode
Kubernetes apiserver authorization mode (AlwaysAllow/AlwaysDeny/ABAC/Webhook/RBAC/Node). See https://kubernetes.io/docs/reference/access-authn-authz/authorization/
Type: list of one of "AlwaysAllow", "AlwaysDeny", "ABAC", "Webhook", "RBAC", "Node"s
Default: [ "RBAC" "Node" ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.authorizationPolicy
Kubernetes apiserver authorization policy file. See https://kubernetes.io/docs/reference/access-authn-authz/authorization/
Type: list of attribute sets
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.basicAuthFile
Kubernetes apiserver basic authentication file. See https://kubernetes.io/docs/reference/access-authn-authz/authentication
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.bindAddress
The IP address on which to listen for the --secure-port port. The associated interface(s) must be reachable by the rest of the cluster, and by CLI/web clients.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.clientCaFile
Kubernetes apiserver CA file for client auth.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.disableAdmissionPlugins
Kubernetes admission control plugins to disable. See https://kubernetes.io/docs/admin/admission-controllers/
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.etcd.caFile
Etcd ca file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.etcd.certFile
Etcd cert file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.etcd.keyFile
Etcd key file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.etcd.servers
List of etcd servers.
Type: list of strings
Default: [ "http://127.0.0.1:2379" ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.extraOpts
Kubernetes apiserver extra command line options.
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.extraSANs
Extra x509 Subject Alternative Names to be added to the kubernetes apiserver tls cert.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.featureGates
List set of feature gates
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.insecureBindAddress
The IP address on which to serve the --insecure-port.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.insecurePort
Kubernetes apiserver insecure listening port. (0 = disabled)
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.kubeletClientCaFile
Path to a cert file for connecting to kubelet.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.kubeletClientCertFile
Client certificate to use for connections to kubelet.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.kubeletClientKeyFile
Key to use for connections to kubelet.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.preferredAddressTypes
List of the preferred NodeAddressTypes to use for kubelet connections.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.proxyClientCertFile
Client certificate to use for connections to proxy.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.proxyClientKeyFile
Key to use for connections to proxy.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.runtimeConfig
Api runtime configuration. See https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/
Type: string
Default: "authentication.k8s.io/v1beta1=true"
Example: "api/all=false,api/v1=true"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.securePort
Kubernetes apiserver secure port.
Type: signed integer
Default: 6443
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.serviceAccountIssuer
Kubernetes apiserver ServiceAccount issuer.
Type: string
Default: "https://kubernetes.default.svc"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.serviceAccountKeyFile
File containing PEM-encoded x509 RSA or ECDSA private or public keys, used to verify ServiceAccount tokens. The specified file can contain multiple keys, and the flag can be specified multiple times with different files. If unspecified, --tls-private-key-file is used. Must be specified when --service-account-signing-key is provided
Type: path
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.serviceAccountSigningKeyFile
Path to the file that contains the current private key of the service account token issuer. The issuer will sign issued ID tokens with this private key.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.serviceClusterIpRange
A CIDR notation IP range from which to assign service cluster IPs. This must not overlap with any IP ranges assigned to nodes for pods.
Type: string
Default: "10.0.0.0/24"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.storageBackend
Kubernetes apiserver storage backend.
Type: one of "etcd2", "etcd3"
Default: "etcd3"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.tlsCertFile
Kubernetes apiserver certificate file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.tlsKeyFile
Kubernetes apiserver private key file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.tokenAuthFile
Kubernetes apiserver token authentication file. See https://kubernetes.io/docs/reference/access-authn-authz/authentication
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.verbosity
Optional glog verbosity level for logging statements. See https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserver.webhookConfig
Kubernetes apiserver Webhook config file. It uses the kubeconfig file format. See https://kubernetes.io/docs/reference/access-authn-authz/webhook/
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
- services.kubernetes.apiserverAddress
Clusterwide accessible address for the kubernetes apiserver, including protocol and optional port.
Type: string
Example: "https://kubernetes-apiserver.example.com:6443"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
- services.kubernetes.caFile
Default kubernetes certificate authority
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
- services.kubernetes.clusterCidr
Kubernetes controller manager and proxy CIDR Range for Pods in cluster.
Type: null or string
Default: "10.1.0.0/16"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
- services.kubernetes.controllerManager.enable
Whether to enable Kubernetes controller manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
- services.kubernetes.controllerManager.allocateNodeCIDRs
Whether to automatically allocate CIDR ranges for cluster nodes.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
- services.kubernetes.controllerManager.bindAddress
Kubernetes controller manager listening address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
- services.kubernetes.controllerManager.clusterCidr
Kubernetes CIDR Range for Pods in cluster.
Type: string
Default: "10.1.0.0/16"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
- services.kubernetes.controllerManager.extraOpts
Kubernetes controller manager extra command line options.
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
- services.kubernetes.controllerManager.featureGates
List set of feature gates
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
- services.kubernetes.controllerManager.insecurePort
Kubernetes controller manager insecure listening port.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
- services.kubernetes.controllerManager.kubeconfig.caFile
Kubernetes controller manager certificate authority file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
- services.kubernetes.controllerManager.kubeconfig.certFile
Kubernetes controller manager client certificate file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
- services.kubernetes.controllerManager.kubeconfig.keyFile
Kubernetes controller manager client key file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
- services.kubernetes.controllerManager.kubeconfig.server
Kubernetes controller manager kube-apiserver server address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
- services.kubernetes.controllerManager.leaderElect
Whether to start leader election before executing main loop.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
- services.kubernetes.controllerManager.rootCaFile
Kubernetes controller manager certificate authority file included in service account's token secret.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
- services.kubernetes.controllerManager.securePort
Kubernetes controller manager secure listening port.
Type: signed integer
Default: 10252
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
- services.kubernetes.controllerManager.serviceAccountKeyFile
Kubernetes controller manager PEM-encoded private RSA key file used to sign service account tokens
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
- services.kubernetes.controllerManager.tlsCertFile
Kubernetes controller-manager certificate file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
- services.kubernetes.controllerManager.tlsKeyFile
Kubernetes controller-manager private key file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
- services.kubernetes.controllerManager.verbosity
Optional glog verbosity level for logging statements. See https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
- services.kubernetes.dataDir
Kubernetes root directory for managing kubelet files.
Type: path
Default: "/var/lib/kubernetes"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
- services.kubernetes.easyCerts
Automatically setup x509 certificates and keys for the entire cluster.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
- services.kubernetes.featureGates
List set of feature gates.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
- services.kubernetes.flannel.enable
Whether to enable enable flannel networking.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/flannel.nix>
- services.kubernetes.kubeconfig.caFile
Default kubeconfig certificate authority file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
- services.kubernetes.kubeconfig.certFile
Default kubeconfig client certificate file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
- services.kubernetes.kubeconfig.keyFile
Default kubeconfig client key file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
- services.kubernetes.kubeconfig.server
Default kubeconfig kube-apiserver server address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
- services.kubernetes.kubelet.enable
Whether to enable Kubernetes kubelet..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.address
Kubernetes kubelet info server listening address.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.clientCaFile
Kubernetes apiserver CA file for client authentication.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.clusterDns
Use alternative DNS.
Type: string
Default: "10.1.0.1"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.clusterDomain
Use alternative domain.
Type: string
Default: "cluster.local"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.cni.packages
List of network plugin packages to install.
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.cni.config
Kubernetes CNI configuration.
Type: list of attribute sets
Default: [ ]
Example:
[{ "cniVersion": "0.3.1", "name": "mynet", "type": "bridge", "bridge": "cni0", "isGateway": true, "ipMasq": true, "ipam": { "type": "host-local", "subnet": "10.22.0.0/16", "routes": [ { "dst": "0.0.0.0/0" } ] } } { "cniVersion": "0.3.1", "type": "loopback" }]Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.cni.configDir
Path to Kubernetes CNI configuration directory.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.containerRuntime
Which container runtime type to use
Type: one of "docker", "remote"
Default: "remote"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.containerRuntimeEndpoint
Endpoint at which to find the container runtime api interface/socket
Type: string
Default: "unix:///run/containerd/containerd.sock"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.extraOpts
Kubernetes kubelet extra command line options.
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.featureGates
List set of feature gates
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.healthz.bind
Kubernetes kubelet healthz listening address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.healthz.port
Kubernetes kubelet healthz port.
Type: signed integer
Default: 10248
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.hostname
Kubernetes kubelet hostname override.
Type: string
Default: "nixos"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.kubeconfig.caFile
Kubelet certificate authority file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.kubeconfig.certFile
Kubelet client certificate file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.kubeconfig.keyFile
Kubelet client key file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.kubeconfig.server
Kubelet kube-apiserver server address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.manifests
List of manifests to bootstrap with kubelet (only pods can be created as manifest entry)
Type: attribute set of attribute sets
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.networkPlugin
Network plugin to use by Kubernetes.
Type: null or one of "cni", "kubenet"
Default: "kubenet"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.nodeIp
IP address of the node. If set, kubelet will use this IP address for the node.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.port
Kubernetes kubelet info server listening port.
Type: signed integer
Default: 10250
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.registerNode
Whether to auto register kubelet with API server.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.seedDockerImages
List of docker images to preload on system
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.taints
Node taints (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/).
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.taints.<name>.effect
Effect of taint.
Type: one of "NoSchedule", "PreferNoSchedule", "NoExecute"
Example: "NoSchedule"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.taints.<name>.key
Key of taint.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.taints.<name>.value
Value of taint.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.tlsCertFile
File containing x509 Certificate for HTTPS.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.tlsKeyFile
File containing x509 private key matching tlsCertFile.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.unschedulable
Whether to set node taint to unschedulable=true as it is the case of node that has only master role.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.kubelet.verbosity
Optional glog verbosity level for logging statements. See https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
- services.kubernetes.lib
Common functions for the kubernetes modules.
Type: attribute set
Default: { mkCert = "<function>"; mkKubeConfig = "<function>"; mkKubeConfigOptions = "<function>"; }
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
- services.kubernetes.masterAddress
Clusterwide available network address or hostname for the kubernetes master server.
Type: string
Example: "master.example.com"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
- services.kubernetes.path
Packages added to the services' PATH environment variable. Both the bin and sbin subdirectories of each package are added.
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
- services.kubernetes.pki.enable
Whether to enable easyCert issuer service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix>
- services.kubernetes.pki.caCertPathPrefix
Path-prefrix for the CA-certificate to be used for cfssl signing. Suffixes ".pem" and "-key.pem" will be automatically appended for the public and private keys respectively.
Type: string
Default: "/var/lib/cfssl/ca"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix>
- services.kubernetes.pki.caSpec
Certificate specification for the auto-generated CAcert.
Type: attribute set
Default: { CN = "kubernetes-cluster-ca"; L = "auto-generated"; O = "NixOS"; OU = "services.kubernetes.pki.caSpec"; }
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix>
- services.kubernetes.pki.certs
List of certificate specs to feed to cert generator.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix>
- services.kubernetes.pki.cfsslAPIExtraSANs
Extra x509 Subject Alternative Names to be added to the cfssl API webserver TLS cert.
Type: list of strings
Default: [ ]
Example: [ "subdomain.example.com" ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix>
- services.kubernetes.pki.etcClusterAdminKubeconfig
Symlink a kubeconfig with cluster-admin privileges to environment path (/etc/<path>).
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix>
- services.kubernetes.pki.genCfsslAPICerts
Whether to automatically generate cfssl API webserver TLS cert and key, if they don't exist.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix>
- services.kubernetes.pki.genCfsslAPIToken
Whether to automatically generate cfssl API-token secret, if they doesn't exist.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix>
- services.kubernetes.pki.genCfsslCACert
Whether to automatically generate cfssl CA certificate and key, if they don't exist.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix>
- services.kubernetes.pki.pkiTrustOnBootstrap
Whether to always trust remote cfssl server upon initial PKI bootstrap.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix>
- services.kubernetes.proxy.enable
Whether to enable Kubernetes proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix>
- services.kubernetes.proxy.bindAddress
Kubernetes proxy listening address.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix>
- services.kubernetes.proxy.extraOpts
Kubernetes proxy extra command line options.
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix>
- services.kubernetes.proxy.featureGates
List set of feature gates
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix>
- services.kubernetes.proxy.hostname
Kubernetes proxy hostname override.
Type: string
Default: "nixos"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix>
- services.kubernetes.proxy.kubeconfig.caFile
Kubernetes proxy certificate authority file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix>
- services.kubernetes.proxy.kubeconfig.certFile
Kubernetes proxy client certificate file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix>
- services.kubernetes.proxy.kubeconfig.keyFile
Kubernetes proxy client key file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix>
- services.kubernetes.proxy.kubeconfig.server
Kubernetes proxy kube-apiserver server address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix>
- services.kubernetes.proxy.verbosity
Optional glog verbosity level for logging statements. See https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix>
- services.kubernetes.roles
Kubernetes role that this machine should take.
Master role will enable etcd, apiserver, scheduler, controller manager addon manager, flannel and proxy services. Node role will enable flannel, docker, kubelet and proxy services.
Type: list of one of "master", "node"s
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
- services.kubernetes.scheduler.enable
Whether to enable Kubernetes scheduler.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix>
- services.kubernetes.scheduler.address
Kubernetes scheduler listening address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix>
- services.kubernetes.scheduler.extraOpts
Kubernetes scheduler extra command line options.
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix>
- services.kubernetes.scheduler.featureGates
List set of feature gates
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix>
- services.kubernetes.scheduler.kubeconfig.caFile
Kubernetes scheduler certificate authority file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix>
- services.kubernetes.scheduler.kubeconfig.certFile
Kubernetes scheduler client certificate file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix>
- services.kubernetes.scheduler.kubeconfig.keyFile
Kubernetes scheduler client key file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix>
- services.kubernetes.scheduler.kubeconfig.server
Kubernetes scheduler kube-apiserver server address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix>
- services.kubernetes.scheduler.leaderElect
Whether to start leader election before executing main loop.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix>
- services.kubernetes.scheduler.port
Kubernetes scheduler listening port.
Type: signed integer
Default: 10251
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix>
- services.kubernetes.scheduler.verbosity
Optional glog verbosity level for logging statements. See https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix>
- services.kubernetes.secretsPath
Default location for kubernetes secrets. Not a store location.
Type: path
Default: "/var/lib/kubernetes/secrets"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
- services.lambdabot.enable
Enable the Lambdabot IRC bot
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/lambdabot.nix>
- services.lambdabot.package
Used lambdabot package
Type: package
Default: pkgs.lambdabot
Declared by:
<nixpkgs/nixos/modules/services/networking/lambdabot.nix>
- services.lambdabot.script
Lambdabot script
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/lambdabot.nix>
- services.leaps.enable
Whether to enable leaps.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/leaps.nix>
- services.leaps.address
Hostname or IP-address to listen to. By default it will listen on all interfaces.
Type: string
Default: ""
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/leaps.nix>
- services.leaps.path
Subdirectory used for reverse proxy setups
Type: path
Default: "/"
Declared by:
<nixpkgs/nixos/modules/services/misc/leaps.nix>
- services.leaps.port
A port where leaps listens for incoming http requests
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/misc/leaps.nix>
- services.lemmy.enable
Whether to enable lemmy a federated alternative to reddit in rust.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/lemmy.nix>
- services.lemmy.caddy.enable
Whether to enable exposing lemmy with the caddy reverse proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/lemmy.nix>
- services.lemmy.jwtSecretPath
Path to read the jwt secret from.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/web-apps/lemmy.nix>
- services.lemmy.settings
Lemmy configuration
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/lemmy.nix>
- services.lemmy.settings.captcha.enabled
Enable Captcha.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/lemmy.nix>
- services.lemmy.settings.captcha.difficulty
The difficultly of the captcha to solve.
Type: one of "easy", "medium", "hard"
Default: "medium"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/lemmy.nix>
- services.lemmy.settings.database.createLocally
Whether to enable creation of database on the instance.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/lemmy.nix>
- services.lemmy.settings.federation.enabled
Whether to enable activitypub federation.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/lemmy.nix>
- services.lemmy.settings.hostname
The domain name of your instance (eg 'lemmy.ml').
Type: string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/lemmy.nix>
- services.lemmy.settings.port
Port where lemmy should listen for incoming requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8536
Declared by:
<nixpkgs/nixos/modules/services/web-apps/lemmy.nix>
- services.lemmy.ui.port
Port where lemmy-ui should listen for incoming requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1234
Declared by:
<nixpkgs/nixos/modules/services/web-apps/lemmy.nix>
- services.libreddit.enable
Whether to enable Private front-end for Reddit.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/libreddit.nix>
- services.libreddit.address
The address to listen on
Type: string
Default: "0.0.0.0"
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/libreddit.nix>
- services.libreddit.openFirewall
Open ports in the firewall for the libreddit web interface
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/libreddit.nix>
- services.libreddit.port
The port to listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Example: 8000
Declared by:
<nixpkgs/nixos/modules/services/misc/libreddit.nix>
- services.libreddit.redirect
Enable the redirecting to HTTPS
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/libreddit.nix>
- services.libreswan.enable
Whether to enable Libreswan IPsec service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/libreswan.nix>
- services.libreswan.configSetup
Options to go in the 'config setup' section of the Libreswan IPsec configuration
Type: strings concatenated with "\n"
Default:
'' protostack=netkey virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10 ''
Example:
'' secretsfile=/root/ipsec.secrets protostack=netkey virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/libreswan.nix>
- services.libreswan.connections
A set of connections to define for the Libreswan IPsec service
Type: attribute set of strings concatenated with "\n"s
Default: { }
Example:
{ myconnection = '' auto=add left=%defaultroute leftid=@user right=my.vpn.com ikev2=no ikelifetime=8h ''; }Declared by:
<nixpkgs/nixos/modules/services/networking/libreswan.nix>
- services.libreswan.disableRedirects
Whether to disable send and accept redirects for all nework interfaces. See the Libreswan FAQ page for why this is recommended.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/libreswan.nix>
- services.libreswan.policies
A set of policies to apply to the IPsec connections.
Note
The policy name must match the one of connection it needs to apply to.Type: attribute set of strings concatenated with "\n"s
Default: { }
Example:
{ private-or-clear = '' # Attempt opportunistic IPsec for the entire Internet 0.0.0.0/0 ::/0 ''; }Declared by:
<nixpkgs/nixos/modules/services/networking/libreswan.nix>
- services.lidarr.enable
Whether to enable Lidarr.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/lidarr.nix>
- services.lidarr.package
The Lidarr package to use
Type: package
Default: pkgs.lidarr
Declared by:
<nixpkgs/nixos/modules/services/misc/lidarr.nix>
- services.lidarr.dataDir
The directory where Lidarr stores its data files.
Type: string
Default: "/var/lib/lidarr/.config/Lidarr"
Declared by:
<nixpkgs/nixos/modules/services/misc/lidarr.nix>
- services.lidarr.group
Group under which Lidarr runs.
Type: string
Default: "lidarr"
Declared by:
<nixpkgs/nixos/modules/services/misc/lidarr.nix>
- services.lidarr.openFirewall
Open ports in the firewall for Lidarr
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/lidarr.nix>
- services.lidarr.user
User account under which Lidarr runs.
Type: string
Default: "lidarr"
Declared by:
<nixpkgs/nixos/modules/services/misc/lidarr.nix>
- services.lifecycled.enable
Whether to enable lifecycled.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
- services.lifecycled.awsRegion
The region used for accessing AWS services.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
- services.lifecycled.cloudwatchGroup
Write logs to a specific Cloudwatch Logs group.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
- services.lifecycled.cloudwatchStream
Write logs to a specific Cloudwatch Logs stream. Defaults to the instance ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
- services.lifecycled.debug
Enable debugging information.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
- services.lifecycled.handler
The script to invoke to handle events.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
- services.lifecycled.instanceId
The instance ID to listen for events for.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
- services.lifecycled.json
Enable JSON logging.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
- services.lifecycled.noSpot
Disable the spot termination listener.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
- services.lifecycled.queueCleaner.enable
Whether to enable lifecycled-queue-cleaner.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
- services.lifecycled.queueCleaner.frequency
How often to trigger the queue cleaner.
NOTE: This string should be a valid value for a systemd timer's OnCalendar configuration. See systemd.timer(5) for more information.
Type: string
Default: "hourly"
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
- services.lifecycled.queueCleaner.parallel
The number of parallel deletes to run.
Type: unsigned integer, meaning >=0
Default: 20
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
- services.lifecycled.snsTopic
The SNS topic that receives events.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
- services.lighttpd.enable
Enable the lighttpd web server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
- services.lighttpd.enableModules
List of lighttpd modules to enable. Sub-services take care of enabling modules as needed, so this option is mainly for when you want to add custom stuff to services.lighttpd.extraConfig that depends on a certain module.
Type: list of strings
Default: [ ]
Example: [ "mod_cgi" "mod_status" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
- services.lighttpd.enableUpstreamMimeTypes
Whether to include the list of mime types bundled with lighttpd (upstream). If you disable this, no mime types will be added by NixOS and you will have to add your own mime types in services.lighttpd.extraConfig.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
- services.lighttpd.package
lighttpd package to use.
Type: package
Default: "pkgs.lighttpd"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
- services.lighttpd.cgit.enable
If true, enable cgit (fast web interface for git repositories) as a sub-service in lighttpd.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/cgit.nix>
- services.lighttpd.cgit.configText
Verbatim contents of the cgit runtime configuration file. Documentation (with cgitrc example file) is available in "man cgitrc". Or online: http://git.zx2c4.com/cgit/tree/cgitrc.5.txt
Type: strings concatenated with "\n"
Default: ""
Example:
'' source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh cache-size=1000 scan-path=/srv/git ''Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/cgit.nix>
- services.lighttpd.cgit.subdir
The subdirectory in which to serve cgit. The web application will be accessible at http://yourserver/${subdir}
Type: string
Default: "cgit"
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/cgit.nix>
- services.lighttpd.collectd.enable
Whether to enable collectd subservice accessible at http://yourserver/collectd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/collectd.nix>
- services.lighttpd.collectd.collectionCgi
Path to collection.cgi script from (collectd sources)/contrib/collection.cgi This option allows to use a customized version
Type: path
Default: (build of collection.cgi)
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/collectd.nix>
- services.lighttpd.configText
Overridable config file contents to use for lighttpd. By default, use the contents automatically generated by NixOS.
Type: strings concatenated with "\n"
Default: ""
Example: "...verbatim config file contents..."
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
- services.lighttpd.document-root
Document-root of the web server. Must be readable by the "lighttpd" user.
Type: path
Default: "/srv/www"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
- services.lighttpd.extraConfig
These configuration lines will be appended to the generated lighttpd config file. Note that this mechanism does not work when the manual configText option is used.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
- services.lighttpd.gitweb.enable
If true, enable gitweb in lighttpd. Access it at http://yourserver/gitweb
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/gitweb.nix>
- services.lighttpd.mod_status
Show server status overview at /server-status, statistics at /server-statistics and list of loaded modules at /server-config.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
- services.lighttpd.mod_userdir
If true, requests in the form /~user/page.html are rewritten to take the file public_html/page.html from the home directory of the user.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
- services.lighttpd.port
TCP port number for lighttpd to bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 80
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
- services.limesurvey.enable
Whether to enable Limesurvey web application..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.config
LimeSurvey configuration. Refer to https://manual.limesurvey.org/Optional_settings for details on supported values.
Type: limesurvey config type (str, int, bool or attribute set thereof)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.database.createLocally
Create the database and database user locally. This currently only applies if database type "mysql" is selected.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.database.host
Database host address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.database.name
Database name.
Type: string
Default: "limesurvey"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.database.passwordFile
A file containing the password corresponding to database.user.
Type: null or path
Default: null
Example: "/run/keys/limesurvey-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.database.port
Database host port.
Type: signed integer
Default: 3306
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.database.socket
Path to the unix socket file to use for authentication.
Type: null or path
Default: /run/mysqld/mysqld.sock
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.database.type
Database engine to use.
Type: one of "mysql", "pgsql", "odbc", "mssql"
Default: "mysql"
Example: "pgsql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.database.user
Database user.
Type: string
Default: "limesurvey"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.poolConfig
Options for the LimeSurvey PHP pool. See the documentation on php-fpm.conf for details on configuration directives.
Type: attribute set of string or signed integer or booleans
Default: { pm = "dynamic"; pm.max_children = 32; pm.max_requests = 500; pm.max_spare_servers = 4; pm.min_spare_servers = 2; pm.start_servers = 2; }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost
Apache configuration can be done by adapting services.httpd.virtualHosts.<name>. See services.httpd.virtualHosts for further information.
Type: submodule
Example:
{ hostName = "survey.example.org"; adminAddr = "webmaster@example.org"; forceSSL = true; enableACME = true; }Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.enableACME
Whether to ask Let's Encrypt to sign a certificate for this vhost. Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.enableUserDir
Whether to enable serving ~/public_html as /~username.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.acmeRoot
Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
Type: string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.addSSL
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.adminAddr
E-mail address of the server administrator.
Type: null or string
Default: null
Example: "admin@example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.documentRoot
The path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.extraConfig
These lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default.
Type: strings concatenated with "\n"
Default: ""
Example:
'' <Directory /home> Options FollowSymlinks AllowOverride All </Directory> ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.forceSSL
Whether to add a separate nginx server block that permanently redirects (301) all plain HTTP traffic to HTTPS. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.globalRedirect
If set, all requests for this host are redirected permanently to the given URL.
Type: null or string
Default: null
Example: "http://newserver.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.hostName
Canonical hostname for the server.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.http2
Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. However, if you use the prefork mpm, there will be severe restrictions. Refer to https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config for details.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.listen
Listen addresses and ports for this virtual host.
Note
This option overrides addSSL, forceSSL and onlySSL.If you only want to set the addresses manually and not the ports, take a look at listenAddresses.
Type: list of submodules
Default: [ ]
Example: [ { ip = "195.154.1.1"; port = 443; ssl = true; } { ip = "192.154.1.1"; port = 80; } { ip = "*"; port = 8080; } ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.listen.*.ip
IP to listen on. 0.0.0.0 for IPv4 only, * for all.
Type: string
Default: "*"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.listen.*.port
Port to listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.listen.*.ssl
Whether to enable SSL (https) support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.listenAddresses
Listen addresses for this virtual host. Compared to listen this only sets the addreses and the ports are chosen automatically.
Type: non-empty list of strings
Default: [ "*" ]
Example: [ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.locations
Declarative location config. See https://httpd.apache.org/docs/2.4/mod/core.html#location for details.
Type: attribute set of submodules
Default: { }
Example:
{ "/" = { proxyPass = "http://localhost:3000"; }; "/foo/bar.png" = { alias = "/home/eelco/some-file.png"; }; };Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.locations.<name>.alias
Alias directory for requests. See https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.locations.<name>.extraConfig
These lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.locations.<name>.index
Adds DirectoryIndex directive. See https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.locations.<name>.priority
Order of this location block in relation to the others in the vhost. The semantics are the same as with `lib.mkOrder`. Smaller values have a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.locations.<name>.proxyPass
Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.logFormat
Log format for Apache's log files. Possible values are: combined, common, referer, agent.
Type: string
Default: "common"
Example: "combined"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.onlySSL
Whether to enable HTTPS and reject plain HTTP connections. This will set defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.robotsEntries
Specification of pages to be ignored by web crawlers. See http://www.robotstxt.org/ for details.
Type: strings concatenated with "\n"
Default: ""
Example: "Disallow: /foo/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.servedDirs
This option provides a simple way to serve static directories.
Type: list of attribute sets
Default: [ ]
Example: [ { dir = "/home/eelco/Dev/nix-homepage"; urlPath = "/nix"; } ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.servedFiles
This option provides a simple way to serve individual, static files.
Note
This option has been deprecated and will be removed in a future version of NixOS. You can achieve the same result by making use of the locations.<name>.alias option.Type: list of attribute sets
Default: [ ]
Example: [ { file = "/home/eelco/some-file.png"; urlPath = "/foo/bar.png"; } ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of strings
Default: [ ]
Example: [ "www.example.org" "www.example.org:8080" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.sslServerCert
Path to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.sslServerChain
Path to server SSL chain file.
Type: null or path
Default: null
Example: "/var/ca.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.sslServerKey
Path to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.limesurvey.virtualHost.useACMEHost
A host of an existing Let's Encrypt certificate to use. This is useful if you have many subdomains and want to avoid hitting the rate limit. Alternately, you can generate a certificate through enableACME. Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
- services.liquidsoap.streams
Set of Liquidsoap streams to start, one systemd service per stream.
Type: attribute set of path or strings
Default: { }
Example: { myStream1 = "/etc/liquidsoap/myStream1.liq"; myStream2 = ./myStream2.liq; myStream3 = ''out(playlist("/srv/music/"))''; }
Declared by:
<nixpkgs/nixos/modules/services/audio/liquidsoap.nix>
- services.lirc.enable
Whether to enable LIRC daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/lirc.nix>
- services.lirc.configs
Configurations for lircd to load, see man:lircd.conf(5) for details (lircd.conf)
Type: list of strings concatenated with "\n"s
Declared by:
<nixpkgs/nixos/modules/services/hardware/lirc.nix>
- services.lirc.extraArguments
Extra arguments to lircd.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/lirc.nix>
- services.lirc.options
LIRC default options descriped in man:lircd(8) (lirc_options.conf)
Type: strings concatenated with "\n"
Example:
'' [lircd] nodaemon = False ''
Declared by:
<nixpkgs/nixos/modules/services/hardware/lirc.nix>
- services.litestream.enable
Whether to enable litestream.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/litestream/default.nix>
- services.litestream.package
Package to use.
Type: package
Default: pkgs.litestream
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/litestream/default.nix>
- services.litestream.environmentFile
Environment file as defined in systemd.exec(5).
Secrets may be passed to the service without adding them to the world-readable Nix store, by specifying placeholder variables as the option value in Nix and setting these variables accordingly in the environment file.
By default, Litestream will perform environment variable expansion within the config file before reading it. Any references to $VAR or ${VAR} formatted variables will be replaced with their environment variable values. If no value is set then it will be replaced with an empty string.
# Content of the environment file LITESTREAM_ACCESS_KEY_ID=AKIAxxxxxxxxxxxxxxxx LITESTREAM_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxx
Note that this file needs to be available on the host on which this exporter is running.
Type: null or path
Default: null
Example: "/run/secrets/litestream"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/litestream/default.nix>
- services.litestream.settings
See the documentation.
Type: YAML value
Example: { dbs = [ { path = "/var/lib/db1"; replicas = [ { url = "s3://mybkt.litestream.io/db1"; } ] ; } ] ; }
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/litestream/default.nix>
- services.lldpd.enable
Whether to enable Link Layer Discovery Protocol Daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/lldpd.nix>
- services.lldpd.extraArgs
List of command line parameters for lldpd
Type: list of strings
Default: [ ]
Example: [ "-c" "-k" "-I eth0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/lldpd.nix>
- services.localtime.enable
Enable localtime, simple daemon for keeping the system timezone up-to-date based on the current location. It uses geoclue2 to determine the current location and systemd-timedated to actually set the timezone.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/system/localtime.nix>
- services.locate.enable
If enabled, NixOS will periodically update the database of files used by the locate command.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
- services.locate.extraFlags
Extra flags to pass to updatedb.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
- services.locate.interval
Update the locate database at this interval. Updates by default at 2:15 AM every day.
The format is described in systemd.time(7).
To disable automatic updates, set to "never" and run updatedb manually.
Type: string
Default: "02:15"
Example: "hourly"
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
- services.locate.localuser
The user to search non-network directories as, using su.
Type: null or string
Default: "nobody"
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
- services.locate.locate
The locate implementation to use
Type: package
Default: pkgs.findutils
Example: pkgs.mlocate
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
- services.locate.output
The database file to build.
Type: path
Default: "/var/cache/locatedb"
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
- services.locate.pruneBindMounts
Whether not to index bind mounts
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
- services.locate.pruneFS
Which filesystem types to exclude from indexing
Type: list of strings
Default: [ "afs" "anon_inodefs" "auto" "autofs" "bdev" "binfmt" "binfmt_misc" "cgroup" "cifs" "coda" "configfs" "cramfs" "cpuset" "debugfs" "devfs" "devpts" "devtmpfs" "ecryptfs" "eventpollfs" "exofs" "futexfs" "ftpfs" "fuse" "fusectl" "fuse.sshfs" "gfs" "gfs2" "hostfs" "hugetlbfs" "inotifyfs" "iso9660" "jffs2" "lustre" "misc" "mqueue" "ncpfs" "nnpfs" "ocfs" "ocfs2" "pipefs" "proc" "ramfs" "rpc_pipefs" "securityfs" "selinuxfs" "sfs" "shfs" "smbfs" "sockfs" "spufs" "nfs" "NFS" "nfs4" "nfsd" "sshfs" "subfs" "supermount" "sysfs" "tmpfs" "ubifs" "udf" "usbfs" "vboxsf" "vperfctrfs" ]
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
- services.locate.pruneNames
Directory components which should exclude paths containing them from indexing
Type: list of strings
Default: [ ".bzr" ".cache" ".git" ".hg" ".svn" ]
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
- services.locate.prunePaths
Which paths to exclude from indexing
Type: list of paths
Default: [ "/tmp" "/var/tmp" "/var/cache" "/var/lock" "/var/run" "/var/spool" "/nix/store" "/nix/var/log/nix" ]
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
- services.logcheck.enable
Enable the logcheck cron job.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
- services.logcheck.config
Config options that you would like in logcheck.conf.
Type: strings concatenated with "\n"
Default: "FQDN=1"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
- services.logcheck.extraGroups
Extra groups for the logcheck user, for example to be able to use sendmail, or to access certain log files.
Type: list of strings
Default: [ ]
Example: [ "postdrop" "mongodb" ]
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
- services.logcheck.extraRulesDirs
Directories with extra rules.
Type: list of paths
Default: [ ]
Example: [ "/etc/logcheck" ]
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
- services.logcheck.files
Which log files to check.
Type: list of paths
Default: [ "/var/log/messages" ]
Example: [ "/var/log/messages" "/var/log/mail" ]
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
- services.logcheck.ignore
This option defines extra ignore rules.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
- services.logcheck.ignore.<name>.level
Set the logcheck level.
Type: one of "workstation", "server", "paranoid"
Default: "server"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
- services.logcheck.ignore.<name>.regex
Regex specifying which log lines to ignore.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
- services.logcheck.ignoreCron
This option defines extra ignore rules for cronjobs.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
- services.logcheck.ignoreCron.<name>.cmdline
Command line for the cron job. Will be turned into a regex for the logcheck ignore rule.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
services.logcheck.ignoreCron.<name>.timeArgs
"min hr dom mon dow" crontab time args, to auto-create a cronjob too. Leave at null to not do this and just add a logcheck ignore rule.
Type: null or string
Default: null
Example: "02 06 * * *"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
- services.logcheck.ignoreCron.<name>.user
User that runs the cronjob.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
- services.logcheck.level
Set the logcheck level. Either "workstation", "server", or "paranoid".
Type: string
Default: "server"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
- services.logcheck.mailTo
Email address to send reports to.
Type: string
Default: "root"
Example: "you@domain.com"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
- services.logcheck.timeOfDay
Time of day to run logcheck. A logcheck will be scheduled at xx:02 each day. Leave default (*) to run every hour. Of course when nothing special was logged, logcheck will be silent.
Type: string
Default: "*"
Example: "6"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
- services.logcheck.user
Username for the logcheck user.
Type: string
Default: "logcheck"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
- services.logind.extraConfig
Extra config options for systemd-logind. See logind.conf(5) for available options.
Type: strings concatenated with "\n"
Default: ""
Example: "IdleAction=lock"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- services.logind.killUserProcesses
Specifies whether the processes of a user should be killed when the user logs out. If true, the scope unit corresponding to the session and all processes inside that scope will be terminated. If false, the scope is "abandoned" (see systemd.scope(5)), and processes are not killed.
See logind.conf(5) for more details.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- services.logind.lidSwitch
Specifies what to be done when the laptop lid is closed.
Type: one of "ignore", "poweroff", "reboot", "halt", "kexec", "suspend", "hibernate", "hybrid-sleep", "suspend-then-hibernate", "lock"
Default: "suspend"
Example: "ignore"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- services.logind.lidSwitchDocked
Specifies what to be done when the laptop lid is closed and another screen is added.
Type: one of "ignore", "poweroff", "reboot", "halt", "kexec", "suspend", "hibernate", "hybrid-sleep", "suspend-then-hibernate", "lock"
Default: "ignore"
Example: "suspend"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- services.logind.lidSwitchExternalPower
Specifies what to do when the laptop lid is closed and the system is on external power. By default use the same action as specified in services.logind.lidSwitch.
Type: one of "ignore", "poweroff", "reboot", "halt", "kexec", "suspend", "hibernate", "hybrid-sleep", "suspend-then-hibernate", "lock"
Default: services.logind.lidSwitch
Example: "ignore"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- services.logkeys.enable
Whether to enable logkeys service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/logkeys.nix>
- services.logkeys.device
Use the given device as keyboard input event device instead of /dev/input/eventX default.
Type: null or string
Default: null
Example: "/dev/input/event15"
Declared by:
<nixpkgs/nixos/modules/services/misc/logkeys.nix>
- services.logmein-hamachi.enable
Whether to enable LogMeIn Hamachi, a proprietary (closed source) commercial VPN software.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/logmein-hamachi.nix>
- services.logrotate.enable
Whether to enable the logrotate systemd service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/logging/logrotate.nix>
- services.logrotate.extraConfig
Extra contents to append to the logrotate configuration file. Refer to https://linux.die.net/man/8/logrotate for details.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/logging/logrotate.nix>
- services.logrotate.paths
Attribute set of paths to rotate. The order each block appears in the generated configuration file can be controlled by the priority option using the same semantics as `lib.mkOrder`. Smaller values have a greater priority.
Type: attribute set of submodules
Default: { }
Example:
{ httpd = { path = "/var/log/httpd/*.log"; user = config.services.httpd.user; group = config.services.httpd.group; keep = 7; }; myapp = { path = "/var/log/myapp/*.log"; user = "myuser"; group = "mygroup"; frequency = "weekly"; keep = 5; priority = 1; }; }Declared by:
<nixpkgs/nixos/modules/services/logging/logrotate.nix>
- services.logrotate.paths.<name>.enable
Whether to enable log rotation for this path. This can be used to explicitly disable logging that has been configured by NixOS.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/logging/logrotate.nix>
- services.logrotate.paths.<name>.extraConfig
Extra logrotate config options for this path. Refer to https://linux.die.net/man/8/logrotate for details.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/logging/logrotate.nix>
- services.logrotate.paths.<name>.frequency
How often to rotate the logs.
Type: one of "daily", "weekly", "monthly", "yearly"
Default: "daily"
Declared by:
<nixpkgs/nixos/modules/services/logging/logrotate.nix>
- services.logrotate.paths.<name>.group
The group to use for rotation.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/logging/logrotate.nix>
- services.logrotate.paths.<name>.keep
How many rotations to keep.
Type: signed integer
Default: 20
Declared by:
<nixpkgs/nixos/modules/services/logging/logrotate.nix>
- services.logrotate.paths.<name>.path
The path to log files to be rotated.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/logging/logrotate.nix>
- services.logrotate.paths.<name>.priority
Order of this logrotate block in relation to the others. The semantics are the same as with `lib.mkOrder`. Smaller values have a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/logging/logrotate.nix>
- services.logrotate.paths.<name>.user
The user account to use for rotation.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/logging/logrotate.nix>
- services.logstash.enable
Enable logstash.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
- services.logstash.package
Logstash package to use.
Type: package
Default: pkgs.logstash
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
- services.logstash.dataDir
A path to directory writable by logstash that it uses to store data. Plugins will also have access to this path.
Type: string
Default: "/var/lib/logstash"
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
- services.logstash.extraJvmOptions
Extra JVM options, one per line (jvm.options format).
Type: strings concatenated with "\n"
Default: ""
Example:
'' -Xms2g -Xmx2g ''
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
- services.logstash.extraSettings
Extra Logstash settings in YAML format.
Type: strings concatenated with "\n"
Default: ""
Example:
'' pipeline: batch: size: 125 delay: 5 ''Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
- services.logstash.filterConfig
logstash filter configuration.
Type: strings concatenated with "\n"
Default: ""
Example:
'' if [type] == "syslog" { # Keep only relevant systemd fields # http://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html prune { whitelist_names => [ "type", "@timestamp", "@version", "MESSAGE", "PRIORITY", "SYSLOG_FACILITY" ] } } ''Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
- services.logstash.filterWorkers
The quantity of filter workers to run.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
- services.logstash.inputConfig
Logstash input configuration.
Type: strings concatenated with "\n"
Default: "generator { }"
Example:
'' # Read from journal pipe { command => "${pkgs.systemd}/bin/journalctl -f -o json" type => "syslog" codec => json {} } ''Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
- services.logstash.listenAddress
Address on which to start webserver.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
- services.logstash.logLevel
Logging verbosity level.
Type: one of "debug", "info", "warn", "error", "fatal"
Default: "warn"
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
- services.logstash.outputConfig
Logstash output configuration.
Type: strings concatenated with "\n"
Default: "stdout { codec => rubydebug }"
Example:
'' redis { host => ["localhost"] data_type => "list" key => "logstash" codec => json } elasticsearch { } ''Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
- services.logstash.plugins
The paths to find other logstash plugins in.
Type: list of paths
Default: [ ]
Example: [ pkgs.logstash-contrib ]
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
- services.logstash.port
Port on which to start webserver.
Type: string
Default: "9292"
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
- services.loki.enable
Whether to enable loki.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/loki.nix>
- services.loki.configFile
Specify a configuration file that Loki should use.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/loki.nix>
- services.loki.configuration
Specify the configuration for Loki in Nix.
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/loki.nix>
- services.loki.dataDir
Specify the directory for Loki.
Type: path
Default: "/var/lib/loki"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/loki.nix>
- services.loki.extraFlags
Specify a list of additional command line flags, which get escaped and are then passed to Loki.
Type: list of strings
Default: [ ]
Example: [ "--server.http-listen-port=3101" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/loki.nix>
- services.loki.group
Group under which the Loki service runs.
Type: string
Default: "loki"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/loki.nix>
- services.loki.user
User under which the Loki service runs.
Type: string
Default: "loki"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/loki.nix>
- services.longview.enable
If enabled, system metrics will be sent to Linode LongView.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/longview.nix>
- services.longview.apacheStatusUrl
The Apache status page URL. If provided, Longview will gather statistics from this location. This requires Apache mod_status to be loaded and enabled.
Type: string
Default: ""
Example: "http://127.0.0.1/server-status"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/longview.nix>
- services.longview.apiKey
Longview API key. To get this, look in Longview settings which are found at https://manager.linode.com/longview/.
Warning: this secret is stored in the world-readable Nix store! Use apiKeyFile instead.
Type: string
Default: ""
Example: "01234567-89AB-CDEF-0123456789ABCDEF"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/longview.nix>
- services.longview.apiKeyFile
A file containing the Longview API key. To get this, look in Longview settings which are found at https://manager.linode.com/longview/.
apiKeyFile takes precedence over apiKey.
Type: null or path
Default: null
Example: "/run/keys/longview-api-key"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/longview.nix>
- services.longview.mysqlPassword
The password corresponding to mysqlUser. Warning: this is stored in cleartext in the Nix store! Use mysqlPasswordFile instead.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/longview.nix>
- services.longview.mysqlPasswordFile
A file containing the password corresponding to mysqlUser.
Type: null or path
Default: null
Example: "/run/keys/dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/longview.nix>
- services.longview.mysqlUser
The user for connecting to the MySQL database. If provided, Longview will connect to MySQL and collect statistics about queries, etc. This user does not need to have been granted any extra privileges.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/longview.nix>
- services.longview.nginxStatusUrl
The Nginx status page URL. Longview will gather statistics from this URL. This requires the Nginx stub_status module to be enabled and configured at the given location.
Type: string
Default: ""
Example: "http://127.0.0.1/nginx_status"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/longview.nix>
- services.lorri.enable
Enables the daemon for `lorri`, a nix-shell replacement for project development. The socket-activated daemon starts on the first request issued by the `lorri` command.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/development/lorri.nix>
- services.lorri.package
The lorri package to use.
Type: package
Default: pkgs.lorri
Declared by:
<nixpkgs/nixos/modules/services/development/lorri.nix>
- services.lshd.enable
Whether to enable the GNU lshd SSH2 daemon, which allows secure remote login.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
- services.lshd.hostKey
Path to the server's private key. Note that this key must have been created, e.g., using "lsh-keygen --server | lsh-writekey --server", so that you can run lshd.
Type: string
Default: "/etc/lsh/host-key"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
- services.lshd.interfaces
List of network interfaces where listening for connections. When providing the empty list, `[]', lshd listens on all network interfaces.
Type: list of strings
Default: [ ]
Example: [ "localhost" "1.2.3.4:443" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
- services.lshd.loginShell
If non-null, override the default login shell with the specified value.
Type: null or string
Default: null
Example: "/nix/store/xyz-bash-10.0/bin/bash10"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
- services.lshd.passwordAuthentication
Whether to enable password authentication.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
- services.lshd.portNumber
The port on which to listen for connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 22
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
- services.lshd.publicKeyAuthentication
Whether to enable public key authentication.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
- services.lshd.rootLogin
Whether to enable remote root login.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
- services.lshd.srpKeyExchange
Whether to enable SRP key exchange and user authentication.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
- services.lshd.subsystems
List of subsystem-path pairs, where the head of the pair denotes the subsystem name, and the tail denotes the path to an executable implementing it.
Type: list of paths
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
- services.lshd.syslog
Whether to enable syslog output.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
- services.lshd.tcpForwarding
Whether to enable TCP/IP forwarding.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
- services.lshd.x11Forwarding
Whether to enable X11 forwarding.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
- services.lvm.boot.thin.enable
Whether to enable support for booting from ThinLVs.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/tasks/lvm.nix>
- services.lvm.dmeventd.enable
Whether to enable the LVM dmevent daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/tasks/lvm.nix>
- services.lxd-image-server.enable
Whether to enable lxd-image-server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/lxd-image-server.nix>
- services.lxd-image-server.group
Group assigned to the user and the webroot directory.
Type: string
Default: "nginx"
Example: "www-data"
Declared by:
<nixpkgs/nixos/modules/services/networking/lxd-image-server.nix>
- services.lxd-image-server.nginx.enable
Whether to enable nginx.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/lxd-image-server.nix>
- services.lxd-image-server.nginx.domain
Domain to use for nginx virtual host.
Type: string
Example: "images.example.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/lxd-image-server.nix>
- services.lxd-image-server.settings
Configuration for lxd-image-server.
Example see https://github.com/Avature/lxd-image-server/blob/master/config.toml.
Type: TOML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/lxd-image-server.nix>
- services.mackerel-agent.enable
Whether to enable mackerel.io agent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/mackerel-agent.nix>
- services.mackerel-agent.apiKeyFile
Path to file containing the Mackerel API key. The file should contain a single line of the following form:
apikey = "EXAMPLE_API_KEY"
Type: path
Example: "/run/keys/mackerel-api-key"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/mackerel-agent.nix>
- services.mackerel-agent.autoRetirement
Whether to enable Whether to automatically retire the host upon OS shutdown. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/mackerel-agent.nix>
- services.mackerel-agent.runAsRoot
Whether to enable Whether to run as root..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/mackerel-agent.nix>
- services.mackerel-agent.settings
Options for mackerel-agent.conf.
Documentation: https://mackerel.io/docs/entry/spec/agent
Type: TOML value
Default: { }
Example: { silent = false; verbose = false; }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/mackerel-agent.nix>
- services.mackerel-agent.settings.diagnostic
Whether to enable Collect memory usage for the agent itself.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/mackerel-agent.nix>
- services.mackerel-agent.settings.host_status.on_start
Host status after agent startup.
Type: one of "working", "standby", "maintenance", "poweroff"
Default: "working"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/mackerel-agent.nix>
- services.mackerel-agent.settings.host_status.on_stop
Host status after agent shutdown.
Type: one of "working", "standby", "maintenance", "poweroff"
Default: "poweroff"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/mackerel-agent.nix>
- services.magic-wormhole-mailbox-server.enable
Whether to enable Enable Magic Wormhole Mailbox Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/magic-wormhole-mailbox-server.nix>
- services.magnetico.enable
Whether to enable Magnetico, Bittorrent DHT crawler.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/torrent/magnetico.nix>
- services.magnetico.crawler.address
Address to be used for indexing DHT nodes.
Type: string
Default: "0.0.0.0"
Example: "1.2.3.4"
Declared by:
<nixpkgs/nixos/modules/services/torrent/magnetico.nix>
- services.magnetico.crawler.extraOptions
Extra command line arguments to pass to magneticod.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/torrent/magnetico.nix>
- services.magnetico.crawler.maxLeeches
Maximum number of simultaneous leeches.
Type: positive integer, meaning >0
Default: 200
Declared by:
<nixpkgs/nixos/modules/services/torrent/magnetico.nix>
- services.magnetico.crawler.maxNeighbors
Maximum number of simultaneous neighbors of an indexer. Be careful changing this number: high values can very easily cause your network to be congested or even crash your router.
Type: positive integer, meaning >0
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/torrent/magnetico.nix>
- services.magnetico.crawler.port
Port to be used for indexing DHT nodes. This port should be added to networking.firewall.allowedTCPPorts.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/torrent/magnetico.nix>
- services.magnetico.web.address
Address the web interface will listen to.
Type: string
Default: "localhost"
Example: "1.2.3.4"
Declared by:
<nixpkgs/nixos/modules/services/torrent/magnetico.nix>
- services.magnetico.web.credentials
The credentials to access the web interface, in case authentication is enabled, in the format username:hash. If unset no authentication will be required.
Usernames must start with a lowercase ([a-z]) ASCII character, might contain non-consecutive underscores except at the end, and consists of small-case a-z characters and digits 0-9. The htpasswd tool from the apacheHttpd package may be used to generate the hash: htpasswd -bnBC 12 username password
Warning
The hashes will be stored world-readable in the nix store. Consider using the credentialsFile option if you don't want this.Type: attribute set of strings
Default: { }
Example:
{ myuser = "$2y$12$YE01LZ8jrbQbx6c0s2hdZO71dSjn2p/O9XsYJpz.5968yCysUgiaG"; }Declared by:
<nixpkgs/nixos/modules/services/torrent/magnetico.nix>
- services.magnetico.web.credentialsFile
The path to the file holding the credentials to access the web interface. If unset no authentication will be required.
The file must constain user names and password hashes in the format username:hash, one for each line. Usernames must start with a lowecase ([a-z]) ASCII character, might contain non-consecutive underscores except at the end, and consists of small-case a-z characters and digits 0-9. The htpasswd tool from the apacheHttpd package may be used to generate the hash: htpasswd -bnBC 12 username password
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/torrent/magnetico.nix>
- services.magnetico.web.extraOptions
Extra command line arguments to pass to magneticow.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/torrent/magnetico.nix>
- services.magnetico.web.port
Port the web interface will listen to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/torrent/magnetico.nix>
- services.mail.sendmailSetuidWrapper.capabilities
A comma-separated list of capabilities to be given to the wrapper program. For capabilities supported by the system check the capabilities(7) manual page.
Note
cap_setpcap, which is required for the wrapper program to be able to raise caps into the Ambient set is NOT raised to the Ambient set so that the real program cannot modify its own capabilities!! This may be too restrictive for cases in which the real program needs cap_setpcap but it at least leans on the side security paranoid vs. too relaxed.Type: strings concatenated with ","
Default: ""
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
- services.mail.sendmailSetuidWrapper.group
The group of the wrapper program.
Type: string
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
- services.mail.sendmailSetuidWrapper.owner
The owner of the wrapper program.
Type: string
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
- services.mail.sendmailSetuidWrapper.permissions
The permissions of the wrapper program. The format is that of a symbolic or numeric file mode understood by chmod.
Type: file mode string
Default: "u+rx,g+x,o+x"
Example: "a+rx"
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
- services.mail.sendmailSetuidWrapper.program
The name of the wrapper program. Defaults to the attribute name.
Type: null or string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
- services.mail.sendmailSetuidWrapper.setgid
Whether to add the setgid bit the wrapper program.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
- services.mail.sendmailSetuidWrapper.setuid
Whether to add the setuid bit the wrapper program.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
- services.mail.sendmailSetuidWrapper.source
The absolute path to the program to be wrapped.
Type: path
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
- services.mailcatcher.enable
Whether to enable MailCatcher.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/mailcatcher.nix>
- services.mailcatcher.http.ip
The ip address of the http server.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailcatcher.nix>
- services.mailcatcher.http.path
Prefix to all HTTP paths.
Type: null or string
Default: null
Example: "/mailcatcher"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailcatcher.nix>
- services.mailcatcher.http.port
The port address of the http server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1080
Declared by:
<nixpkgs/nixos/modules/services/mail/mailcatcher.nix>
- services.mailcatcher.smtp.ip
The ip address of the smtp server.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailcatcher.nix>
- services.mailcatcher.smtp.port
The port address of the smtp server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1025
Declared by:
<nixpkgs/nixos/modules/services/mail/mailcatcher.nix>
- services.mailhog.enable
Whether to enable MailHog.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/mailhog.nix>
- services.mailhog.apiPort
Port on which the API endpoint will listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8025
Declared by:
<nixpkgs/nixos/modules/services/mail/mailhog.nix>
- services.mailhog.extraArgs
List of additional arguments to pass to the MailHog process.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/mailhog.nix>
- services.mailhog.smtpPort
Port on which the SMTP endpoint will listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1025
Declared by:
<nixpkgs/nixos/modules/services/mail/mailhog.nix>
- services.mailhog.storage
Store mails on disk or in memory.
Type: one of "maildir", "memory"
Default: "memory"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailhog.nix>
- services.mailhog.uiPort
Port on which the HTTP UI will listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8025
Declared by:
<nixpkgs/nixos/modules/services/mail/mailhog.nix>
- services.mailman.enable
Enable Mailman on this host. Requires an active MTA on the host (e.g. Postfix).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
- services.mailman.enablePostfix
Enable Postfix integration. Requires an active Postfix installation.
If you want to use another MTA, set this option to false and configure settings in services.mailman.settings.mta.
Refer to the Mailman manual for more info.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
- services.mailman.package
Mailman package to use
Type: package
Default: pkgs.mailman
Example: pkgs.mailman.override { archivers = []; }
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
- services.mailman.extraPythonPackages
Packages to add to the python environment used by mailman and mailman-web
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
- services.mailman.hyperkitty.enable
Whether to enable the Hyperkitty archiver for Mailman.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
- services.mailman.hyperkitty.baseUrl
Where can Mailman connect to Hyperkitty's internal API, preferably on localhost?
Type: string
Default: "http://localhost:18507/archives/"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
- services.mailman.serve.enable
Whether to enable Automatic nginx and uwsgi setup for mailman-web.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
- services.mailman.settings
Settings for mailman.cfg
Type: attribute set of attribute set of stringss
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
- services.mailman.siteOwner
Certain messages that must be delivered to a human, but which can't be delivered to a list owner (e.g. a bounce from a list owner), will be sent to this address. It should point to a human.
Type: string
Example: "postmaster@example.org"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
- services.mailman.webHosts
The list of hostnames and/or IP addresses from which the Mailman Web UI will accept requests. By default, "localhost" and "127.0.0.1" are enabled. All additional names under which your web server accepts requests for the UI must be listed here or incoming requests will be rejected.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
- services.mailman.webSettings
Overrides for the default mailman-web Django settings.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
- services.mailman.webUser
User to run mailman-web as
Type: string
Default: "mailman-web"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
- services.mailpile.enable
Whether to enable Mailpile the mail client.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/mailpile.nix>
- services.mailpile.hostname
Listen to this hostname or ip.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/mailpile.nix>
- services.mailpile.port
Listen on this port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 33411
Declared by:
<nixpkgs/nixos/modules/services/networking/mailpile.nix>
- services.malcontent.enable
Whether to enable Malcontent, parental control support for applications.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/malcontent.nix>
- services.mame.enable
Whether to setup TUN/TAP Ethernet interface for MAME emulator.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/mame.nix>
- services.mame.emuAddr
IP address of the guest system. The same you set inside guest OS under MAME. Should be on the same subnet as services.mame.hostAddr.
Type: string
Example: "192.168.31.155"
Declared by:
<nixpkgs/nixos/modules/services/misc/mame.nix>
- services.mame.hostAddr
IP address of the host system. Usually an address of the main network adapter or the adapter through which you get an internet connection.
Type: string
Example: "192.168.31.156"
Declared by:
<nixpkgs/nixos/modules/services/misc/mame.nix>
- services.mame.user
User from which you run MAME binary.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/mame.nix>
- services.mastodon.enable
Whether to enable Mastodon, a federated social network server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.enableUnixSocket
Instead of binding to an IP address like 127.0.0.1, you may bind to a Unix socket. This variable is process-specific, e.g. you need different values for every process, and it works for both web (Puma) processes and streaming API (Node.js) processes.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.package
Mastodon package to use.
Type: package
Default: pkgs.mastodon
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.automaticMigrations
Do automatic database migrations.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.configureNginx
Configure nginx as a reverse proxy for mastodon. Note that this makes some assumptions on your setup, and sets settings that will affect other virtualHosts running on your nginx instance, if any. Alternatively you can configure a reverse-proxy of your choice to serve these paths:
/ -> $(nix-instantiate --eval '<nixpkgs>' -A mastodon.outPath)/public
/ -> 127.0.0.1:{{ webPort }}(If there was no file in the directory above.)
/system/ -> /var/lib/mastodon/public-system/
/api/v1/streaming/ -> 127.0.0.1:{{ streamingPort }}
Make sure that websockets are forwarded properly. You might want to set up caching of some requests. Take a look at mastodon's provided nginx configuration at https://github.com/tootsuite/mastodon/blob/master/dist/nginx.conf.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.database.createLocally
Configure local PostgreSQL database server for Mastodon.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.database.host
Database host address or unix socket.
Type: string
Default: "/run/postgresql"
Example: "192.168.23.42"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.database.name
Database name.
Type: string
Default: "mastodon"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.database.passwordFile
A file containing the password corresponding to database.user.
Type: null or path
Default: "/var/lib/mastodon/secrets/db-password"
Example: "/run/keys/mastodon-db-password"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.database.port
Database host port.
Type: signed integer
Default: 5432
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.database.user
Database user.
Type: string
Default: "mastodon"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.elasticsearch.host
Elasticsearch host. If it is not null, Elasticsearch full text search will be enabled.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.elasticsearch.port
Elasticsearch port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9200
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.extraConfig
Extra environment variables to pass to all mastodon services.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.group
Group under which mastodon runs.
Type: string
Default: "mastodon"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.localDomain
The domain serving your Mastodon instance.
Type: string
Example: "social.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.otpSecretFile
Path to file containing the OTP secret. A new OTP secret can be generated by running:
nix build -f '<nixpkgs>' mastodon; cd result; bin/rake secret
If this file does not exist, it will be created with a new OTP secret.
Type: string
Default: "/var/lib/mastodon/secrets/otp-secret"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.redis.createLocally
Configure local Redis server for Mastodon.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.redis.host
Redis host.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.redis.port
Redis port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 6379
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.secretKeyBaseFile
Path to file containing the secret key base. A new secret key base can be generated by running:
nix build -f '<nixpkgs>' mastodon; cd result; bin/rake secret
If this file does not exist, it will be created with a new secret key base.
Type: string
Default: "/var/lib/mastodon/secrets/secret-key-base"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.sidekiqPort
TCP port used by the mastodon-sidekiq service.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 55002
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.sidekiqThreads
Worker threads used by the mastodon-sidekiq service.
Type: signed integer
Default: 25
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.smtp.authenticate
Authenticate with the SMTP server using username and password.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.smtp.createLocally
Configure local Postfix SMTP server for Mastodon.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
services.mastodon.smtp.fromAddress
"From" address used when sending Emails to users.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.smtp.host
SMTP host used when sending emails to users.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.smtp.passwordFile
Path to file containing the SMTP password.
Type: string
Default: "/var/lib/mastodon/secrets/smtp-password"
Example: "/run/keys/mastodon-smtp-password"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.smtp.port
SMTP port used when sending emails to users.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 25
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.smtp.user
SMTP login name.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.streamingPort
TCP port used by the mastodon-streaming service.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 55000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.streamingProcesses
Processes used by the mastodon-streaming service. Defaults to the number of CPU cores minus one.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.trustedProxy
You need to set it to the IP from which your reverse proxy sends requests to Mastodon's web process, otherwise Mastodon will record the reverse proxy's own IP as the IP of all requests, which would be bad because IP addresses are used for important rate limits and security functions.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.user
User under which mastodon runs. If it is set to "mastodon", that user will be created, otherwise it should be set to the name of a user created elsewhere. In both cases, mastodon and a package containing only the shell script mastodon-env will be added to the user's package set. To run a command from mastodon such as tootctl with the environment configured by this module use mastodon-env, as in:
mastodon-env tootctl accounts create newuser --email newuser@example.com
Type: string
Default: "mastodon"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.vapidPrivateKeyFile
Path to file containing the private key used for Web Push Voluntary Application Server Identification. A new keypair can be generated by running:
nix build -f '<nixpkgs>' mastodon; cd result; bin/rake webpush:generate_keys
If this file does not exist, it will be created with a new private key.
Type: string
Default: "/var/lib/mastodon/secrets/vapid-private-key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.vapidPublicKeyFile
Path to file containing the public key used for Web Push Voluntary Application Server Identification. A new keypair can be generated by running:
nix build -f '<nixpkgs>' mastodon; cd result; bin/rake webpush:generate_keys
If mastodon.vapidPrivateKeyFiledoes not exist, it and this file will be created with a new keypair.
Type: string
Default: "/var/lib/mastodon/secrets/vapid-public-key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.webPort
TCP port used by the mastodon-web service.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 55001
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.webProcesses
Processes used by the mastodon-web service.
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.mastodon.webThreads
Threads per process used by the mastodon-web service.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
- services.matomo.enable
Enable Matomo web analytics with php-fpm backend. Either the nginx option or the webServerUser option is mandatory.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.package
Matomo package for the service to use. This can be used to point to newer releases from nixos-unstable, as they don't get backported if they are not security-relevant.
Type: package
Default: pkgs.matomo
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.hostname
URL of the host, without https prefix. By default, this is matomo.nixos, but you may want to change it if you run Matomo on a different URL than matomo.yourdomain.
Type: string
Default: "matomo.nixos"
Example: "matomo.yourdomain.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx
With this option, you can customize an nginx virtualHost which already has sensible defaults for Matomo. Either this option or the webServerUser option is mandatory. Set this to {} to just enable the virtualHost if you don't need any customization. If enabled, then by default, the serverName is ${user}.${config.networking.hostName}.${config.networking.domain}, SSL is active, and certificates are acquired via ACME. If this is set to null (the default), no nginx virtualHost will be configured.
Type: null or submodule
Default: null
Example:
{ serverAliases = [ "matomo.${config.networking.domain}" "stats.${config.networking.domain}" ]; enableACME = false; }Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.enableACME
Whether to ask Let's Encrypt to sign a certificate for this vhost. Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.acmeFallbackHost
Host which to proxy requests to if acme challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.acmeRoot
Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
Type: string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.addSSL
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of strings
Default: { }
Example:
{ user = "password"; };Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.basicAuthFile
Basic Auth password file for a vhost. Can be created via: htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.default
Makes this vhost the default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.extraConfig
These lines go to the end of the vhost verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.forceSSL
Whether to add a separate nginx server block that permanently redirects (301) all plain HTTP traffic to HTTPS. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.globalRedirect
If set, all requests for this host are redirected permanently to the given hostname.
Type: null or string
Default: null
Example: "newserver.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.http2
Whether to enable HTTP 2. Note that (as of writing) due to nginx's implementation, to disable HTTP 2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2,then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.http3
Whether to enable HTTP 3. This requires using pkgs.nginxQuic package which can be achieved by setting services.nginx.package = pkgs.nginxQuic;. Note that HTTP 3 support is experimental and *not* yet recommended for production. Read more at https://quic.nginx.org/
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.listen
Listen addresses and ports for this virtual host. IPv6 addresses must be enclosed in square brackets. Note: this option overrides addSSL and onlySSL.
If you only want to set the addresses manually and not the ports, take a look at listenAddresses
Type: list of submodules
Default: [ ]
Example: [ { addr = "195.154.1.1"; port = 443; ssl = true; } { addr = "192.154.1.1"; port = 80; } ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.listen.*.addr
IP address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.listen.*.extraParameters
Extra parameters of this listen directive.
Type: list of strings
Default: [ ]
Example: [ "reuseport" "deferred" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.listen.*.port
Port number.
Type: signed integer
Default: 80
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.listen.*.ssl
Enable SSL.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.listenAddresses
Listen addresses for this virtual host. Compared to listen this only sets the addreses and the ports are choosen automatically.
Note: This option overrides enableIPv6
Type: list of strings
Default: [ ]
Example: [ "127.0.0.1" "::1" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.locations
Declarative location config
Type: attribute set of submodules
Default: { }
Example:
{ "/" = { proxyPass = "http://localhost:3000"; }; };Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.locations.<name>.alias
Alias directory for requests.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.locations.<name>.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of strings
Default: { }
Example:
{ user = "password"; };Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.locations.<name>.basicAuthFile
Basic Auth password file for a vhost. Can be created via: htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.locations.<name>.extraConfig
These lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.locations.<name>.fastcgiParams
FastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won't unset the default values for other parameters.
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.locations.<name>.index
Adds index directive.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.locations.<name>.priority
Order of this location block in relation to the others in the vhost. The semantics are the same as with `lib.mkOrder`. Smaller values have a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.locations.<name>.proxyPass
Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.locations.<name>.proxyWebsockets
Whether to support proxying websocket connections with HTTP/1.1.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.locations.<name>.return
Adds a return directive, for e.g. redirections.
Type: null or string
Default: null
Example: "301 http://example.com$request_uri"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.locations.<name>.root
Root directory for requests.
Type: null or path
Default: null
Example: "/your/root/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.locations.<name>.tryFiles
Adds try_files directive.
Type: null or string
Default: null
Example: "$uri =404"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.onlySSL
Whether to enable HTTPS and reject plain HTTP connections. This will set defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.rejectSSL
Whether to listen for and reject all HTTPS connections to this vhost. Useful in default server blocks to avoid serving the certificate for another vhost. Uses the ssl_reject_handshake directive available in nginx versions 1.19.4 and above.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.root
The path of the web root directory.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of strings
Default: [ ]
Example: [ "www.example.org" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.serverName
Name of this virtual host. Defaults to attribute name in virtualHosts.
Type: null or string
Default: null
Example: "example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.sslCertificate
Path to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.sslCertificateKey
Path to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.sslTrustedCertificate
Path to root SSL certificate for stapling and client certificates.
Type: null or path
Default: null
Example: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.nginx.useACMEHost
A host of an existing Let's Encrypt certificate to use. This is useful if you have many subdomains and want to avoid hitting the rate limit. Alternately, you can generate a certificate through enableACME. Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.periodicArchiveProcessing
Enable periodic archive processing, which generates aggregated reports from the visits.
This means that you can safely disable browser triggers for Matomo archiving, and safely enable to delete old visitor logs. Before deleting visitor logs, make sure though that you run systemctl start matomo-archive-processing.service at least once without errors if you have already collected data before.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matomo.webServerUser
Name of the web server user that forwards requests to services.phpfpm.pools.<name>.socket the fastcgi socket for Matomo if the nginx option is not used. Either this option or the nginx option is mandatory. If you want to use another webserver than nginx, you need to set this to that server's user and pass fastcgi requests to `index.php`, `matomo.php` and `piwik.php` (legacy name) to this socket.
Type: null or string
Default: null
Example: "lighttpd"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
- services.matrix-appservice-discord.enable
Whether to enable a bridge between Matrix and Discord.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-appservice-discord.nix>
- services.matrix-appservice-discord.environmentFile
File containing environment variables to be passed to the matrix-appservice-discord service, in which secret tokens can be specified securely by defining values for APPSERVICE_DISCORD_AUTH_CLIENT_I_D and APPSERVICE_DISCORD_AUTH_BOT_TOKEN.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-appservice-discord.nix>
- services.matrix-appservice-discord.localpart
The user_id localpart to assign to the AS.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-appservice-discord.nix>
- services.matrix-appservice-discord.port
Port number on which the bridge should listen for internal communication with the Matrix homeserver.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9005
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-appservice-discord.nix>
- services.matrix-appservice-discord.serviceDependencies
List of Systemd services to require and wait for when starting the application service, such as the Matrix homeserver if it's running on the same host.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-appservice-discord.nix>
- services.matrix-appservice-discord.settings
config.yaml configuration as a Nix attribute set.
Configuration options should match those described in config.sample.yaml.
config.bridge.domain and config.bridge.homeserverUrl should be set to match the public host name of the Matrix homeserver for webhooks and avatars to work.
Secret tokens should be specified using environmentFile instead of this world-readable attribute set.
Type: attribute set
Default: { auth = { botToken = ""; clientID = ""; } ; database = { filename = "/var/lib/matrix-appservice-discord/discord.db"; } ; }
Example:
{ bridge = { domain = "public-domain.tld"; homeserverUrl = "http://public-domain.tld:8008"; }; }Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-appservice-discord.nix>
- services.matrix-appservice-discord.url
The URL where the application service is listening for HS requests.
Type: string
Default: "http://localhost:9005"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-appservice-discord.nix>
- services.matrix-appservice-irc.enable
Whether to enable the Matrix/IRC bridge.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-appservice-irc.nix>
- services.matrix-appservice-irc.localpart
The user_id localpart to assign to the appservice
Type: string
Default: "appservice-irc"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-appservice-irc.nix>
- services.matrix-appservice-irc.needBindingCap
Whether the daemon needs to bind to ports below 1024 (e.g. for the ident service)
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-appservice-irc.nix>
- services.matrix-appservice-irc.passwordEncryptionKeyLength
Length of the key to encrypt IRC passwords with
Type: unsigned integer, meaning >=0
Default: 4096
Example: 8192
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-appservice-irc.nix>
- services.matrix-appservice-irc.port
The port to listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8009
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-appservice-irc.nix>
- services.matrix-appservice-irc.registrationUrl
The URL where the application service is listening for homeserver requests, from the Matrix homeserver perspective.
Type: string
Example: "http://localhost:8009"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-appservice-irc.nix>
- services.matrix-appservice-irc.settings
Configuration for the appservice, see https://github.com/matrix-org/matrix-appservice-irc/blob/0.30.0/config.sample.yaml for supported values
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-appservice-irc.nix>
- services.matrix-appservice-irc.settings.database
Configuration for the database
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-appservice-irc.nix>
- services.matrix-appservice-irc.settings.database.connectionString
The database connection string
Type: string
Default: "nedb://var/lib/matrix-appservice-irc/data"
Example: "postgres://username:password@host:port/databasename"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-appservice-irc.nix>
- services.matrix-appservice-irc.settings.database.engine
Which database engine to use
Type: string
Default: "nedb"
Example: "postgres"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-appservice-irc.nix>
- services.matrix-appservice-irc.settings.homeserver
Homeserver configuration
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-appservice-irc.nix>
- services.matrix-appservice-irc.settings.homeserver.domain
The 'domain' part for user IDs on this home server. Usually (but not always) is the "domain name" part of the homeserver URL.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-appservice-irc.nix>
- services.matrix-appservice-irc.settings.homeserver.url
The URL to the home server for client-server API calls
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-appservice-irc.nix>
- services.matrix-appservice-irc.settings.ircService
IRC bridge configuration
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-appservice-irc.nix>
- services.matrix-appservice-irc.settings.ircService.passwordEncryptionKeyPath
Location of the key with which IRC passwords are encrypted for storage. Will be generated on first run if not present.
Type: string
Default: "/var/lib/matrix-appservice-irc/passkey.pem"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-appservice-irc.nix>
- services.matrix-appservice-irc.settings.ircService.servers
IRC servers to connect to
Type: JSON value
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-appservice-irc.nix>
- services.matrix-synapse.enable
Whether to enable matrix.org synapse.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.enable_metrics
Enable collection and rendering of performance metrics
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.enable_registration
Enable registration for new users.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.enable_registration_captcha
Enables ReCaptcha checks when registering, preventing signup unless a captcha is answered. Requires a valid ReCaptcha public/private key.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.package
Overridable attribute of the matrix synapse server package to use.
Type: package
Default: pkgs.matrix-synapse
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.account_threepid_delegates.email
Delegate email sending to https://example.org
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.account_threepid_delegates.msisdn
Delegate SMS sending to this local process (https://localhost:8090)
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.allow_guest_access
Allows users to register as guests without a password/email/etc, and participate in rooms hosted on this server which have been made accessible to anonymous users.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.app_service_config_files
A list of application service config file to use
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.bcrypt_rounds
Set the number of bcrypt rounds used to generate password hash. Larger numbers increase the work factor needed to generate the hash.
Type: string
Default: "12"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.bind_host
DEPRECATED: Use listeners instead. Local interface to listen on. The empty string will cause synapse to listen on all interfaces.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.bind_port
DEPRECATED: Use listeners instead. The port to listen for HTTPS requests on. For when matrix traffic is sent directly to synapse.
Type: null or signed integer
Default: null
Example: 8448
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.configFile
Path to the configuration file on the target system. Useful to configure e.g. workers that also need this.
Type: string (read only)
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.dataDir
The directory where matrix-synapse stores its stateful data such as certificates, media and uploads.
Type: string
Default: "/var/lib/matrix-synapse"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.database_args
Arguments to pass to the engine.
Type: attribute set
Default: { database = "matrix-synapse"; user = "matrix-synapse"; }
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.database_name
Database name.
Type: string
Default: "matrix-synapse"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.database_type
The database engine name. Can be sqlite or psycopg2.
Type: one of "sqlite3", "psycopg2"
Default: "psycopg2"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.database_user
Database user name.
Type: string
Default: "matrix-synapse"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.dynamic_thumbnails
Whether to generate new thumbnails on the fly to precisely match the resolution requested by the client. If true then whenever a new resolution is requested by the client the server will generate a new thumbnail. If false the server will pick a thumbnail from a precalculated list.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.event_cache_size
Number of events to cache in memory.
Type: string
Default: "10K"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.expire_access_token
Whether to enable access token expiration.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.extraConfig
Extra config options for matrix-synapse.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.extraConfigFiles
Extra config files to include.
The configuration files will be included based on the command line argument --config-path. This allows to configure secrets without having to go through the Nix store, e.g. based on deployment keys if NixOPS is in use.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.federation_rc_concurrent
The number of federation requests to concurrently process from a single server
Type: string
Default: "3"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.federation_rc_reject_limit
The maximum number of concurrent federation requests allowed from a single server
Type: string
Default: "50"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.federation_rc_sleep_delay
The duration in milliseconds to delay processing events from remote servers by if they go over the sleep limit.
Type: string
Default: "500"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.federation_rc_sleep_limit
The number of federation requests from a single server in a window before the server will delay processing the request.
Type: string
Default: "10"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.federation_rc_window_size
The federation window size in milliseconds
Type: string
Default: "1000"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.key_refresh_interval
How long key response published by this server is valid for. Used to set the valid_until_ts in /key/v2 APIs. Determines how quickly servers will query to check which keys are still valid.
Type: string
Default: "1d"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.listeners
List of ports that Synapse should listen on, their purpose and their configuration.
Type: list of submodules
Default: [ { bind_address = ""; port = 8448; resources = [ { compress = true; names = [ "client" "webclient" ] ; } { compress = false; names = [ "federation" ] ; } ] ; tls = true; type = "http"; x_forwarded = false; } ]
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.listeners.*.bind_address
Local interface to listen on. The empty string will cause synapse to listen on all interfaces.
Type: string
Default: ""
Example: "203.0.113.42"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.listeners.*.port
The port to listen for HTTP(S) requests on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Example: 8448
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.listeners.*.resources
List of HTTP resources to serve on this listener.
Type: list of submodules
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.listeners.*.resources.*.compress
Should synapse compress HTTP responses to clients that support it? This should be disabled if running synapse behind a load balancer that can do automatic compression.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.listeners.*.resources.*.names
List of resources to host on this listener.
Type: list of strings
Example: [ "client" "webclient" "federation" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.listeners.*.tls
Whether to listen for HTTPS connections rather than HTTP.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.listeners.*.type
Type of listener.
Type: string
Default: "http"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.listeners.*.x_forwarded
Use the X-Forwarded-For (XFF) header as the client IP and not the actual client IP.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.logConfig
A yaml python logging config file
Type: strings concatenated with "\n"
Default:
'' version: 1 # In systemd's journal, loglevel is implicitly stored, so let's omit it # from the message text. formatters: journal_fmt: format: '%(name)s: [%(request)s] %(message)s' filters: context: (): synapse.util.logcontext.LoggingContextFilter request: "" handlers: journal: class: systemd.journal.JournalHandler formatter: journal_fmt filters: [context] SYSLOG_IDENTIFIER: synapse root: level: INFO handlers: [journal] disable_existing_loggers: False ''Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.macaroon_secret_key
Secret key for authentication tokens
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.max_image_pixels
Maximum number of pixels that will be thumbnailed
Type: string
Default: "32M"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.max_upload_size
The largest allowed upload size in bytes
Type: string
Default: "10M"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.no_tls
Don't bind to the https port
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.plugins
List of additional Matrix plugins to make available.
Type: list of packages
Default: [ ]
Example:
with config.services.matrix-synapse.package.plugins; [ matrix-synapse-ldap3 matrix-synapse-pam ];
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.public_baseurl
The public-facing base URL for the client API (not including _matrix/...)
Type: null or string
Default: null
Example: "https://example.com:8448/"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.rc_message_burst_count
Number of message a client can send before being throttled
Type: string
Default: "10.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.rc_messages_per_second
Number of messages a client can send per second
Type: string
Default: "0.2"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.recaptcha_private_key
This Home Server's ReCAPTCHA private key.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.recaptcha_public_key
This Home Server's ReCAPTCHA public key.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.redaction_retention_period
How long to keep redacted events in unredacted form in the database.
Type: signed integer
Default: 7
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.registration_shared_secret
If set, allows registration by anyone who also has the shared secret, even if registration is otherwise disabled.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.report_stats
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.room_prejoin_state.additional_event_types
Additional events to share with users who received an invite.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.room_prejoin_state.disable_default_event_types
Whether to disable the default state-event types for users invited to a room. These are:
- m.room.join_rules
- m.room.canonical_alias
- m.room.avatar
- m.room.encryption
- m.room.name
- m.room.create
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.server_name
The domain name of the server, with optional explicit port. This is used by remote servers to look up the server address. This is also the last part of your UserID.
The server_name cannot be changed later so it is important to configure this correctly before you start Synapse.
Type: string
Default: "nixos"
Example: "example.com"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.servers
The trusted servers to download signing keys from.
Type: attribute set of attribute set of stringss
Default: { matrix.org = { ed25519:auto = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"; } ; }
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.tls_certificate_path
PEM encoded X509 certificate for TLS. You can replace the self-signed certificate that synapse autogenerates on launch with your own SSL certificate + key pair if you like. Any required intermediary certificates can be appended after the primary certificate in hierarchical order.
Type: null or string
Default: null
Example: "/var/lib/matrix-synapse/homeserver.tls.crt"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.tls_dh_params_path
PEM dh parameters for ephemeral keys
Type: null or string
Default: null
Example: "/var/lib/matrix-synapse/homeserver.tls.dh"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.tls_private_key_path
PEM encoded private key for TLS. Specify null if synapse is not speaking TLS directly.
Type: null or string
Default: null
Example: "/var/lib/matrix-synapse/homeserver.tls.key"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.turn_shared_secret
The shared secret used to compute passwords for the TURN server
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.turn_uris
The public URIs of the TURN server to give to clients
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.turn_user_lifetime
How long generated TURN credentials last
Type: string
Default: "1h"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.unsecure_port
DEPRECATED: Use listeners instead. The port to listen for HTTP requests on. For when matrix traffic passes through loadbalancer that unwraps TLS.
Type: null or signed integer
Default: null
Example: 8008
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.url_preview_enabled
Is the preview URL API enabled? If enabled, you *must* specify an explicit url_preview_ip_range_blacklist of IPs that the spider is denied from accessing.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.url_preview_ip_range_blacklist
List of IP address CIDR ranges that the URL preview spider is denied from accessing.
Type: list of strings
Default: [ "127.0.0.0/8" "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" "100.64.0.0/10" "169.254.0.0/16" "::1/128" "fe80::/64" "fc00::/7" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.url_preview_ip_range_whitelist
List of IP address CIDR ranges that the URL preview spider is allowed to access even if they are specified in url_preview_ip_range_blacklist.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.url_preview_url_blacklist
Optional list of URL matches that the URL preview spider is denied from accessing.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.user_creation_max_duration
Sets the expiry for the short term user creation in milliseconds. The default value is two weeks.
Type: string
Default: "1209600000"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.verbose
Logging verbosity level.
Type: string
Default: "0"
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matrix-synapse.withJemalloc
Whether to preload jemalloc to reduce memory fragmentation and overall usage.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/matrix-synapse.nix>
- services.matterbridge.enable
Whether to enable Matterbridge chat platform bridge.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/matterbridge.nix>
- services.matterbridge.configFile
WARNING: THIS IS INSECURE, as your password will end up in /nix/store, thus publicly readable. Use services.matterbridge.configPath instead.
The matterbridge configuration file in the TOML file format.
Type: string
Example:
'' # WARNING: as this file contains credentials, do not use this option! # It is kept only for backwards compatibility, and would cause your # credentials to be in the nix-store, thus with the world-readable # permission bits. # Use services.matterbridge.configPath instead. [irc] [irc.libera] Server="irc.libera.chat:6667" Nick="matterbot" [mattermost] [mattermost.work] # Do not prefix it with http:// or https:// Server="yourmattermostserver.domain" Team="yourteam" Login="yourlogin" Password="yourpass" PrefixMessagesWithNick=true [[gateway]] name="gateway1" enable=true [[gateway.inout]] account="irc.libera" channel="#testing" [[gateway.inout]] account="mattermost.work" channel="off-topic" ''Declared by:
<nixpkgs/nixos/modules/services/networking/matterbridge.nix>
- services.matterbridge.configPath
The path to the matterbridge configuration file.
Type: null or string
Default: null
Example: "/etc/nixos/matterbridge.toml"
Declared by:
<nixpkgs/nixos/modules/services/networking/matterbridge.nix>
- services.matterbridge.group
Group which runs the matterbridge service.
Type: string
Default: "matterbridge"
Declared by:
<nixpkgs/nixos/modules/services/networking/matterbridge.nix>
- services.matterbridge.user
User which runs the matterbridge service.
Type: string
Default: "matterbridge"
Declared by:
<nixpkgs/nixos/modules/services/networking/matterbridge.nix>
- services.mattermost.enable
Whether to enable Mattermost chat server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
- services.mattermost.extraConfig
Addtional configuration options as Nix attribute set in config.json schema.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
- services.mattermost.group
Group which runs the Mattermost service.
Type: string
Default: "mattermost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
- services.mattermost.listenAddress
Address and port this Mattermost instance listens to.
Type: string
Default: ":8065"
Example: "[::1]:8065"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
- services.mattermost.localDatabaseCreate
Create a local PostgreSQL database for Mattermost automatically.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
- services.mattermost.localDatabaseName
Local Mattermost database name.
Type: string
Default: "mattermost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
- services.mattermost.localDatabasePassword
Password for local Mattermost database user.
Type: string
Default: "mmpgsecret"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
- services.mattermost.localDatabaseUser
Local Mattermost database username.
Type: string
Default: "mattermost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
- services.mattermost.matterircd.enable
Whether to enable Mattermost IRC bridge.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
- services.mattermost.matterircd.parameters
Set commandline parameters to pass to matterircd. See https://github.com/42wim/matterircd#usage for more information.
Type: list of strings
Default: [ ]
Example: [ "-mmserver chat.example.com" "-bind [::]:6667" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
- services.mattermost.mutableConfig
Whether the Mattermost config.json is writeable by Mattermost.
Most of the settings can be edited in the system console of Mattermost if this option is enabled. A template config using the options specified in services.mattermost will be generated but won't be overwritten on changes or rebuilds.
If this option is disabled, changes in the system console won't be possible (default). If an config.json is present, it will be overwritten!
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
- services.mattermost.siteName
Name of this Mattermost site.
Type: string
Default: "Mattermost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
- services.mattermost.siteUrl
URL this Mattermost instance is reachable under, without trailing slash.
Type: string
Example: "https://chat.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
- services.mattermost.statePath
Mattermost working directory
Type: string
Default: "/var/lib/mattermost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
- services.mattermost.user
User which runs the Mattermost service.
Type: string
Default: "mattermost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
- services.mautrix-facebook.enable
Whether to enable Mautrix-Facebook, a Matrix-Facebook hybrid puppeting/relaybot bridge.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/mautrix-facebook.nix>
- services.mautrix-facebook.configurePostgresql
Enable PostgreSQL and create a user and database for mautrix-facebook. The default settings reference this database, if you disable this option you must provide a database URL.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/mautrix-facebook.nix>
- services.mautrix-facebook.environmentFile
File containing environment variables to be passed to the mautrix-telegram service.
Any config variable can be overridden by setting MAUTRIX_FACEBOOK_SOME_KEY to override the some.key variable.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/mautrix-facebook.nix>
- services.mautrix-facebook.registrationData
Output data for appservice registration. Simply make any desired changes and serialize to JSON. Note that this data contains secrets so think twice before putting it into the nix store.
Currently as_token and hs_token need to be added as they are not known to this module.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/mautrix-facebook.nix>
- services.mautrix-facebook.settings
config.yaml configuration as a Nix attribute set. Configuration options should match those described in example-config.yaml.
Secret tokens should be specified using environmentFile instead of this world-readable attribute set.
Type: JSON value
Default: { appservice = { address = "http://localhost:29319"; bot_username = "facebookbot"; database = "postgresql://"; hostname = "localhost"; port = 29319; } ; bridge = { encryption = { allow = true; default = true; } ; username_template = "facebook_{userid}"; } ; homeserver = { address = "http://localhost:8008"; } ; logging = { formatters = { journal_fmt = { format = "%(name)s: %(message)s"; } ; } ; handlers = { journal = { SYSLOG_IDENTIFIER = "mautrix-facebook"; class = "systemd.journal.JournalHandler"; formatter = "journal_fmt"; } ; } ; root = { handlers = [ "journal" ] ; level = "INFO"; } ; version = 1; } ; manhole = { enabled = false; } ; metrics = { enabled = false; } ; }
Example:
{ homeserver = { address = "http://localhost:8008"; domain = "mydomain.example"; }; bridge.permissions = { "@admin:mydomain.example" = "admin"; "mydomain.example" = "user"; }; }Declared by:
<nixpkgs/nixos/modules/services/misc/mautrix-facebook.nix>
- services.mautrix-telegram.enable
Whether to enable Mautrix-Telegram, a Matrix-Telegram hybrid puppeting/relaybot bridge.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/mautrix-telegram.nix>
- services.mautrix-telegram.environmentFile
File containing environment variables to be passed to the mautrix-telegram service, in which secret tokens can be specified securely by defining values for MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN, MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN, MAUTRIX_TELEGRAM_TELEGRAM_API_ID, MAUTRIX_TELEGRAM_TELEGRAM_API_HASH and optionally MAUTRIX_TELEGRAM_TELEGRAM_BOT_TOKEN.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/mautrix-telegram.nix>
- services.mautrix-telegram.serviceDependencies
List of Systemd services to require and wait for when starting the application service.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/mautrix-telegram.nix>
- services.mautrix-telegram.settings
config.yaml configuration as a Nix attribute set. Configuration options should match those described in example-config.yaml.
Secret tokens should be specified using environmentFile instead of this world-readable attribute set.
Type: JSON value
Default: { appservice = { address = "http://localhost:8080"; database = "sqlite:////var/lib/mautrix-telegram/mautrix-telegram.db"; database_opts = { } ; hostname = "0.0.0.0"; port = 8080; } ; bridge = { double_puppet_server_map = { } ; login_shared_secret_map = { } ; permissions = { * = "relaybot"; } ; relaybot = { whitelist = [ ] ; } ; } ; logging = { formatters = { precise = { format = "[%(levelname)s@%(name)s] %(message)s"; } ; } ; handlers = { console = { class = "logging.StreamHandler"; formatter = "precise"; } ; } ; loggers = { aiohttp = { level = "WARNING"; } ; mau = { level = "INFO"; } ; telethon = { level = "INFO"; } ; } ; root = { handlers = [ "console" ] ; level = "INFO"; } ; version = 1; } ; }
Example:
{ homeserver = { address = "http://localhost:8008"; domain = "public-domain.tld"; }; appservice.public = { prefix = "/public"; external = "https://public-appservice-address/public"; }; bridge.permissions = { "example.com" = "full"; "@admin:example.com" = "admin"; }; }Declared by:
<nixpkgs/nixos/modules/services/misc/mautrix-telegram.nix>
- services.mbpfan.enable
Whether to enable mbpfan, fan controller daemon for Apple Macs and MacBooks.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
- services.mbpfan.package
The package used for the mbpfan daemon.
Type: package
Default: pkgs.mbpfan
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
- services.mbpfan.highTemp
The high temperature.
Type: signed integer
Default: 66
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
- services.mbpfan.lowTemp
The low temperature.
Type: signed integer
Default: 63
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
- services.mbpfan.maxFanSpeed
The maximum fan speed.
Type: signed integer
Default: 6200
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
- services.mbpfan.maxTemp
The maximum temperature.
Type: signed integer
Default: 86
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
- services.mbpfan.minFanSpeed
The minimum fan speed.
Type: signed integer
Default: 2000
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
- services.mbpfan.pollingInterval
The polling interval.
Type: signed integer
Default: 7
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
- services.mbpfan.verbose
If true, sets the log level to verbose.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
- services.mediatomb.enable
Whether to enable the Gerbera/Mediatomb DLNA server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
- services.mediatomb.package
Underlying package to be used with the module.
Type: package
Default: pkgs.gerbera
Example: pkgs.mediatomb
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
- services.mediatomb.customCfg
Allow gerbera to create and use its own config file inside the dataDir as configured by services.mediatomb.dataDir. Deactivated by default, the service then runs with the configuration generated from this module. Otherwise, when enabled, no service configuration is generated. Gerbera/Mediatomb then starts using config.xml within the configured dataDir. It's up to the user to make a correct configuration file.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
- services.mediatomb.dataDir
The directory where Gerbera/Mediatomb stores its state, data, etc.
Type: path
Default: "/var/lib/gerbera"
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
- services.mediatomb.dsmSupport
Whether to enable D-Link DSM 320 specific tweaks. WARNING: incompatible with ps3 support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
- services.mediatomb.group
Group account under which gerbera runs.
Type: string
Default: "mediatomb"
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
- services.mediatomb.interface
A specific interface to bind to.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
- services.mediatomb.mediaDirectories
Declare media directories to index.
Type: list of submodules
Default: [ ]
Example: [ { hidden-files = false; path = "/data/pictures"; recursive = false; } { hidden-files = false; path = "/data/audio"; recursive = true; } ]
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
- services.mediatomb.mediaDirectories.*.hidden-files
Whether to index the hidden files or not.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
- services.mediatomb.mediaDirectories.*.path
Absolute directory path to the media directory to index.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
- services.mediatomb.mediaDirectories.*.recursive
Whether the indexation must take place recursively or not.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
- services.mediatomb.openFirewall
If false (the default), this is up to the user to declare the firewall rules. If true, this opens port 1900 (tcp and udp) and the port specified by sercvices.mediatomb.port.
If the option services.mediatomb.interface is set, the firewall rules opened are dedicated to that interface. Otherwise, those rules are opened globally.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
- services.mediatomb.pcDirectoryHide
Whether to list the top-level directory or not (from upnp client standpoint).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
- services.mediatomb.port
The network port to listen on.
Type: signed integer
Default: 49152
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
- services.mediatomb.ps3Support
Whether to enable ps3 specific tweaks. WARNING: incompatible with DSM 320 support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
- services.mediatomb.serverName
How to identify the server on the network.
Type: string
Default: "Gerbera (Mediatomb)"
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
- services.mediatomb.tg100Support
Whether to enable Telegent TG100 specific tweaks.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
- services.mediatomb.transcoding
Whether to enable transcoding.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
- services.mediatomb.user
User account under which gerbera runs.
Type: string
Default: "mediatomb"
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
- services.mediatomb.uuid
A unique (on your network) to identify the server by.
Type: string
Default: "fdfc8a4e-a3ad-4c1d-b43d-a2eedb03a687"
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
- services.mediawiki.enable
Whether to enable MediaWiki.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.package
Which MediaWiki package to use.
Type: package
Default: pkgs.mediawiki
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.database.createLocally
Create the database and database user locally. This currently only applies if database type "mysql" is selected.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.database.host
Database host address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.database.name
Database name.
Type: string
Default: "mediawiki"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.database.passwordFile
A file containing the password corresponding to database.user.
Type: null or path
Default: null
Example: "/run/keys/mediawiki-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.database.port
Database host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3306
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.database.socket
Path to the unix socket file to use for authentication.
Type: null or path
Default: /run/mysqld/mysqld.sock
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.database.tablePrefix
If you only have access to a single database and wish to install more than one version of MediaWiki, or have other applications that also use the database, you can give the table names a unique prefix to stop any naming conflicts or confusion. See https://www.mediawiki.org/wiki/Manual:$wgDBprefix.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.database.type
Database engine to use. MySQL/MariaDB is the database of choice by MediaWiki developers.
Type: one of "mysql", "postgres", "sqlite", "mssql", "oracle"
Default: "mysql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.database.user
Database user.
Type: string
Default: "mediawiki"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.extensions
Attribute set of paths whose content is copied to the extensions subdirectory of the MediaWiki installation and enabled in configuration.
Use null instead of path to enable extensions that are part of MediaWiki.
Type: attribute set of null or paths
Default: { }
Example:
{ Matomo = pkgs.fetchzip { url = "https://github.com/DaSchTour/matomo-mediawiki-extension/archive/v4.0.1.tar.gz"; sha256 = "0g5rd3zp0avwlmqagc59cg9bbkn3r7wx7p6yr80s644mj6dlvs1b"; }; ParserFunctions = null; }Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.extraConfig
Any additional text to be appended to MediaWiki's LocalSettings.php configuration file. For configuration settings, see https://www.mediawiki.org/wiki/Manual:Configuration_settings.
Type: strings concatenated with "\n"
Default: ""
Example:
'' $wgEnableEmail = false; ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.name
Name of the wiki.
Type: string
Default: "MediaWiki"
Example: "Foobar Wiki"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.passwordFile
A file containing the initial password for the admin user.
Type: path
Example: "/run/keys/mediawiki-password"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.poolConfig
Options for the MediaWiki PHP pool. See the documentation on php-fpm.conf for details on configuration directives.
Type: attribute set of string or signed integer or booleans
Default: { pm = "dynamic"; pm.max_children = 32; pm.max_requests = 500; pm.max_spare_servers = 4; pm.min_spare_servers = 2; pm.start_servers = 2; }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.skins
Attribute set of paths whose content is copied to the skins subdirectory of the MediaWiki installation in addition to the default skins.
Type: attribute set of paths
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.uploadsDir
This directory is used for uploads of pictures. The directory passed here is automatically created and permissions adjusted as required.
Type: null or path
Default: "/var/lib/mediawiki/uploads"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost
Apache configuration can be done by adapting services.httpd.virtualHosts. See services.httpd.virtualHosts for further information.
Type: submodule
Example:
{ hostName = "mediawiki.example.org"; adminAddr = "webmaster@example.org"; forceSSL = true; enableACME = true; }Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.enableACME
Whether to ask Let's Encrypt to sign a certificate for this vhost. Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.enableUserDir
Whether to enable serving ~/public_html as /~username.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.acmeRoot
Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
Type: string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.addSSL
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.adminAddr
E-mail address of the server administrator.
Type: null or string
Default: null
Example: "admin@example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.documentRoot
The path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.extraConfig
These lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default.
Type: strings concatenated with "\n"
Default: ""
Example:
'' <Directory /home> Options FollowSymlinks AllowOverride All </Directory> ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.forceSSL
Whether to add a separate nginx server block that permanently redirects (301) all plain HTTP traffic to HTTPS. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.globalRedirect
If set, all requests for this host are redirected permanently to the given URL.
Type: null or string
Default: null
Example: "http://newserver.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.hostName
Canonical hostname for the server.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.http2
Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. However, if you use the prefork mpm, there will be severe restrictions. Refer to https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config for details.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.listen
Listen addresses and ports for this virtual host.
Note
This option overrides addSSL, forceSSL and onlySSL.If you only want to set the addresses manually and not the ports, take a look at listenAddresses.
Type: list of submodules
Default: [ ]
Example: [ { ip = "195.154.1.1"; port = 443; ssl = true; } { ip = "192.154.1.1"; port = 80; } { ip = "*"; port = 8080; } ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.listen.*.ip
IP to listen on. 0.0.0.0 for IPv4 only, * for all.
Type: string
Default: "*"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.listen.*.port
Port to listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.listen.*.ssl
Whether to enable SSL (https) support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.listenAddresses
Listen addresses for this virtual host. Compared to listen this only sets the addreses and the ports are chosen automatically.
Type: non-empty list of strings
Default: [ "*" ]
Example: [ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.locations
Declarative location config. See https://httpd.apache.org/docs/2.4/mod/core.html#location for details.
Type: attribute set of submodules
Default: { }
Example:
{ "/" = { proxyPass = "http://localhost:3000"; }; "/foo/bar.png" = { alias = "/home/eelco/some-file.png"; }; };Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.locations.<name>.alias
Alias directory for requests. See https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.locations.<name>.extraConfig
These lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.locations.<name>.index
Adds DirectoryIndex directive. See https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.locations.<name>.priority
Order of this location block in relation to the others in the vhost. The semantics are the same as with `lib.mkOrder`. Smaller values have a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.locations.<name>.proxyPass
Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.logFormat
Log format for Apache's log files. Possible values are: combined, common, referer, agent.
Type: string
Default: "common"
Example: "combined"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.onlySSL
Whether to enable HTTPS and reject plain HTTP connections. This will set defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.robotsEntries
Specification of pages to be ignored by web crawlers. See http://www.robotstxt.org/ for details.
Type: strings concatenated with "\n"
Default: ""
Example: "Disallow: /foo/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.servedDirs
This option provides a simple way to serve static directories.
Type: list of attribute sets
Default: [ ]
Example: [ { dir = "/home/eelco/Dev/nix-homepage"; urlPath = "/nix"; } ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.servedFiles
This option provides a simple way to serve individual, static files.
Note
This option has been deprecated and will be removed in a future version of NixOS. You can achieve the same result by making use of the locations.<name>.alias option.Type: list of attribute sets
Default: [ ]
Example: [ { file = "/home/eelco/some-file.png"; urlPath = "/foo/bar.png"; } ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of strings
Default: [ ]
Example: [ "www.example.org" "www.example.org:8080" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.sslServerCert
Path to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.sslServerChain
Path to server SSL chain file.
Type: null or path
Default: null
Example: "/var/ca.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.sslServerKey
Path to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.mediawiki.virtualHost.useACMEHost
A host of an existing Let's Encrypt certificate to use. This is useful if you have many subdomains and want to avoid hitting the rate limit. Alternately, you can generate a certificate through enableACME. Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
- services.meilisearch.enable
Whether to enable MeiliSearch - a RESTful search API.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/search/meilisearch.nix>
- services.meilisearch.package
The package to use for meilisearch. Use this if you require specific features to be enabled. The default package has no features.
Type: package
Default: "pkgs.meilisearch"
Declared by:
<nixpkgs/nixos/modules/services/search/meilisearch.nix>
- services.meilisearch.environment
Defines the running environment of MeiliSearch.
Type: one of "development", "production"
Default: "development"
Declared by:
<nixpkgs/nixos/modules/services/search/meilisearch.nix>
- services.meilisearch.listenAddress
MeiliSearch listen address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/search/meilisearch.nix>
- services.meilisearch.listenPort
MeiliSearch port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 7700
Declared by:
<nixpkgs/nixos/modules/services/search/meilisearch.nix>
- services.meilisearch.logLevel
Defines how much detail should be present in MeiliSearch's logs. MeiliSearch currently supports four log levels, listed in order of increasing verbosity: - 'ERROR': only log unexpected events indicating MeiliSearch is not functioning as expected - 'WARN:' log all unexpected events, regardless of their severity - 'INFO:' log all events. This is the default value - 'DEBUG': log all events and including detailed information on MeiliSearch's internal processes. Useful when diagnosing issues and debugging
Type: string
Default: "INFO"
Declared by:
<nixpkgs/nixos/modules/services/search/meilisearch.nix>
- services.meilisearch.masterKeyEnvironmentFile
Path to file which contains the master key. By doing so, all routes will be protected and will require a key to be accessed. If no master key is provided, all routes can be accessed without requiring any key. The format is the following: MEILI_MASTER_KEY=my_secret_key
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/search/meilisearch.nix>
- services.meilisearch.maxIndexSize
Sets the maximum size of the index. Value must be given in bytes or explicitly stating a base unit. For example, the default value can be written as 107374182400, '107.7Gb', or '107374 Mb'. Default is 100 GiB
Type: string
Default: "107374182400"
Declared by:
<nixpkgs/nixos/modules/services/search/meilisearch.nix>
- services.meilisearch.noAnalytics
Deactivates analytics. Analytics allow MeiliSearch to know how many users are using MeiliSearch, which versions and which platforms are used. This process is entirely anonymous.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/search/meilisearch.nix>
- services.meilisearch.payloadSizeLimit
Sets the maximum size of accepted JSON payloads. Value must be given in bytes or explicitly stating a base unit. For example, the default value can be written as 107374182400, '107.7Gb', or '107374 Mb'. Default is ~ 100 MB
Type: string
Default: "104857600"
Declared by:
<nixpkgs/nixos/modules/services/search/meilisearch.nix>
- services.memcached.enable
Whether to enable Memcached.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
- services.memcached.enableUnixSocket
Whether to enable unix socket at /run/memcached/memcached.sock.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
- services.memcached.extraOptions
A list of extra options that will be added as a suffix when running memcached.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
- services.memcached.listen
The IP address to bind to.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
- services.memcached.maxConnections
The maximum number of simultaneous connections.
Type: unsigned integer, meaning >=0
Default: 1024
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
- services.memcached.maxMemory
The maximum amount of memory to use for storage, in megabytes.
Type: unsigned integer, meaning >=0
Default: 64
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
- services.memcached.port
The port to bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 11211
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
- services.memcached.user
The user to run Memcached as
Type: string
Default: "memcached"
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
- services.meshcentral.enable
Whether to enable MeshCentral computer management server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/admin/meshcentral.nix>
- services.meshcentral.package
MeshCentral package to use. Replacing this may be necessary to add dependencies for extra functionality.
Type: package
Default: pkgs.meshcentral
Declared by:
<nixpkgs/nixos/modules/services/admin/meshcentral.nix>
- services.meshcentral.settings
Settings for MeshCentral. Refer to upstream documentation for details:
- JSON Schema definition
- simple sample configuration
- complex sample configuration
- Old homepage) with documentation link
Type: JSON value
Example: { domains = { = { certUrl = "https://meshcentral.example.com/"; } ; } ; settings = { Cert = "meshcentral.example.com"; Port = 4430; TlsOffload = "10.0.0.2,fd42::2"; WANonly = true; } ; }
Declared by:
<nixpkgs/nixos/modules/services/admin/meshcentral.nix>
- services.metabase.enable
Whether to enable Metabase service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/metabase.nix>
- services.metabase.listen.ip
IP address that Metabase should listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/metabase.nix>
- services.metabase.listen.port
Listen port for Metabase.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/misc/metabase.nix>
- services.metabase.openFirewall
Open ports in the firewall for Metabase.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/metabase.nix>
- services.metabase.ssl.enable
Whether to enable SSL (https) support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/metabase.nix>
- services.metabase.ssl.keystore
Java KeyStore file containing the certificates.
Type: null or path
Default: "/var/lib/metabase/metabase.jks"
Example: "/etc/secrets/keystore.jks"
Declared by:
<nixpkgs/nixos/modules/services/misc/metabase.nix>
- services.metabase.ssl.port
Listen port over SSL (https) for Metabase.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8443
Declared by:
<nixpkgs/nixos/modules/services/misc/metabase.nix>
- services.metricbeat.enable
Whether to enable metricbeat.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/metricbeat.nix>
- services.metricbeat.package
The metricbeat package to use
Type: package
Default: pkgs.metricbeat
Example: pkgs.metricbeat7
Declared by:
<nixpkgs/nixos/modules/services/monitoring/metricbeat.nix>
- services.metricbeat.modules
Metricbeat modules are responsible for reading metrics from the various sources.
This is like services.metricbeat.settings.metricbeat.modules, but structured as an attribute set. This has the benefit that multiple NixOS modules can contribute settings to a single metricbeat module.
A module can be specified multiple times by choosing a different <name> for each, but setting services.metricbeat.modules.<name>.module to the same value.
See https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-modules.html.
Type: attribute set of YAML values
Default: { }
Example: { system = { core = { metrics = [ "percentages" ] ; } ; cpu = { metrics = [ "percentages" "normalized_percentages" ] ; } ; enabled = true; metricsets = [ "cpu" "load" "memory" "network" "process" "process_summary" "uptime" "socket_summary" ] ; period = "10s"; processes = [ ".*" ] ; } ; }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/metricbeat.nix>
- services.metricbeat.modules.<name>.module
The name of the module.
Look for the value after module: on the individual module pages linked from https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-modules.html.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/metricbeat.nix>
- services.metricbeat.settings
Configuration for metricbeat. See https://www.elastic.co/guide/en/beats/metricbeat/current/configuring-howto-metricbeat.html for supported values.
Type: YAML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/metricbeat.nix>
- services.metricbeat.settings.name
Name of the beat. Defaults to the hostname. See https://www.elastic.co/guide/en/beats/metricbeat/current/configuration-general-options.html#_name.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/metricbeat.nix>
- services.metricbeat.settings.tags
Tags to place on the shipped metrics. See https://www.elastic.co/guide/en/beats/metricbeat/current/configuration-general-options.html#_tags_2.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/metricbeat.nix>
- services.mighttpd2.enable
Whether to enable Mighttpd2 web server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/mighttpd2.nix>
- services.mighttpd2.config
Verbatim config file to use (see http://www.mew.org/~kazu/proj/mighttpd/en/config.html)
Type: strings concatenated with "\n"
Default: ""
Example:
'' # Example configuration for Mighttpd 2 Port: 80 # IP address or "*" Host: * Debug_Mode: Yes # Yes or No # If available, "nobody" is much more secure for User:. User: root # If available, "nobody" is much more secure for Group:. Group: root Pid_File: /run/mighty.pid Logging: Yes # Yes or No Log_File: /var/log/mighty # The directory must be writable by User: Log_File_Size: 16777216 # bytes Log_Backup_Number: 10 Index_File: index.html Index_Cgi: index.cgi Status_File_Dir: /usr/local/share/mighty/status Connection_Timeout: 30 # seconds Fd_Cache_Duration: 10 # seconds # Server_Name: Mighttpd/3.x.y Tls_Port: 443 Tls_Cert_File: cert.pem # should change this with an absolute path # should change this with comma-separated absolute paths Tls_Chain_Files: chain.pem # Currently, Tls_Key_File must not be encrypted. Tls_Key_File: privkey.pem # should change this with an absolute path Service: 0 # 0 is HTTP only, 1 is HTTPS only, 2 is both ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/mighttpd2.nix>
- services.mighttpd2.cores
How many cores to use. If null it will be determined automatically
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/mighttpd2.nix>
- services.mighttpd2.routing
Verbatim routing file to use (see http://www.mew.org/~kazu/proj/mighttpd/en/config.html)
Type: strings concatenated with "\n"
Default: ""
Example:
'' # Example routing for Mighttpd 2 # Domain lists [localhost www.example.com] # Entries are looked up in the specified order # All paths must end with "/" # A path to CGI scripts should be specified with "=>" /~alice/cgi-bin/ => /home/alice/public_html/cgi-bin/ # A path to static files should be specified with "->" /~alice/ -> /home/alice/public_html/ /cgi-bin/ => /export/cgi-bin/ # Reverse proxy rules should be specified with ">>" # /path >> host:port/path2 # Either "host" or ":port" can be committed, but not both. /app/cal/ >> example.net/calendar/ # Yesod app in the same server /app/wiki/ >> 127.0.0.1:3000/ / -> /export/www/ ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/mighttpd2.nix>
- services.minecraft-server.enable
If enabled, start a Minecraft Server. The server data will be loaded from and saved to services.minecraft-server.dataDir.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
- services.minecraft-server.package
Version of minecraft-server to run.
Type: package
Default: pkgs.minecraft-server
Example: pkgs.minecraft-server_1_12_2
Declared by:
<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
- services.minecraft-server.dataDir
Directory to store Minecraft database and other state/data files.
Type: path
Default: "/var/lib/minecraft"
Declared by:
<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
- services.minecraft-server.declarative
Whether to use a declarative Minecraft server configuration. Only if set to true, the options services.minecraft-server.whitelist and services.minecraft-server.serverProperties will be applied.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
- services.minecraft-server.eula
Whether you agree to Mojangs EULA. This option must be set to true to run Minecraft server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
- services.minecraft-server.jvmOpts
JVM options for the Minecraft server.
Type: strings concatenated with " "
Default: "-Xmx2048M -Xms2048M"
Example: "-Xmx2048M -Xms4092M -XX:+UseG1GC -XX:+CMSIncrementalPacing -XX:+CMSClassUnloadingEnabled -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10"
Declared by:
<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
- services.minecraft-server.openFirewall
Whether to open ports in the firewall for the server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
- services.minecraft-server.serverProperties
Minecraft server properties for the server.properties file. Only has an effect when services.minecraft-server.declarative is set to true. See https://minecraft.gamepedia.com/Server.properties#Java_Edition_3 for documentation on these values.
Type: attribute set of boolean or signed integer or strings
Default: { }
Example:
{ server-port = 43000; difficulty = 3; gamemode = 1; max-players = 5; motd = "NixOS Minecraft server!"; white-list = true; enable-rcon = true; "rcon.password" = "hunter2"; }Declared by:
<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
- services.minecraft-server.whitelist
Whitelisted players, only has an effect when services.minecraft-server.declarative is true and the whitelist is enabled via services.minecraft-server.serverProperties by setting white-list to true. This is a mapping from Minecraft usernames to UUIDs. You can use https://mcuuid.net/ to get a Minecraft UUID for a username.
Type: attribute set of Minecraft UUIDs
Default: { }
Example:
{ username1 = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"; username2 = "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy"; };Declared by:
<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
- services.minetest-server.enable
If enabled, starts a Minetest Server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/minetest-server.nix>
- services.minetest-server.configPath
Path to the config to use.
If set to null, the config of the running user will be used: `~/.minetest/minetest.conf`.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/minetest-server.nix>
- services.minetest-server.gameId
Id of the game to use. To list available games run `minetestserver --gameid list`.
If only one game exists, this option can be null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/minetest-server.nix>
- services.minetest-server.logPath
Path to logfile for logging.
If set to null, logging will be output to stdout which means all output will be catched by systemd.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/minetest-server.nix>
- services.minetest-server.port
Port number to bind to.
If set to null, the default 30000 will be used.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/minetest-server.nix>
- services.minetest-server.world
Name of the world to use. To list available worlds run `minetestserver --world list`.
If only one world exists, this option can be null.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/minetest-server.nix>
- services.minidlna.enable
Whether to enable MiniDLNA, a simple DLNA server. It serves media files such as video and music to DLNA client devices such as televisions and media players.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
- services.minidlna.announceInterval
The interval between announces (in seconds).
By default miniDLNA will announce its presence on the network approximately every 15 minutes.
Many people prefer shorter announce intervals (e.g. 60 seconds) on their home networks, especially when DLNA clients are started on demand.
Type: signed integer
Default: 895
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
- services.minidlna.config
The contents of MiniDLNA's configuration file. When the service is activated, a basic template is generated from the current options opened here.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
- services.minidlna.extraConfig
Extra minidlna options not yet opened for configuration here (strict_dlna, model_number, model_name, etc...). This is appended to the current service already provided.
Type: strings concatenated with "\n"
Default: ""
Example:
'' # Not exhaustive example # Support for streaming .jpg and .mp3 files to a TiVo supporting HMO. enable_tivo=no # SSDP notify interval, in seconds. notify_interval=10 # maximum number of simultaneous connections # note: many clients open several simultaneous connections while # streaming max_connections=50 # set this to yes to allow symlinks that point outside user-defined # media_dirs. wide_links=yes ''
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
- services.minidlna.friendlyName
Name that the DLNA server presents to clients.
Type: string
Default: "${config.networking.hostName} MiniDLNA"
Example: "rpi3"
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
- services.minidlna.loglevel
Defines the type of messages that should be logged, and down to which level of importance they should be considered.
The possible types are “artwork”, “database”, “general”, “http”, “inotify”, “metadata”, “scanner”, “ssdp” and “tivo”.
The levels are “off”, “fatal”, “error”, “warn”, “info” and “debug”, listed here in order of decreasing importance. “off” turns off logging messages entirely, “fatal” logs the most critical messages only, and so on down to “debug” that logs every single messages.
The types are comma-separated, followed by an equal sign (‘=’), followed by a level that applies to the preceding types. This can be repeated, separating each of these constructs with a comma.
Defaults to “general,artwork,database,inotify,scanner,metadata, http,ssdp,tivo=warn” which logs every type of message at the “warn” level.
Type: string
Default: "warn"
Example: "general,artwork,database,inotify,scanner,metadata,http,ssdp,tivo=warn"
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
- services.minidlna.mediaDirs
Directories to be scanned for media files. The prefixes A,, V, and P, restrict a directory to audio, video or image files. The directories must be accessible to the minidlna user account.
Type: list of strings
Default: [ ]
Example: [ "/data/media" "V,/home/alice/video" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
- services.minidlna.rootContainer
Use a different container as the root of the directory tree presented to clients. The possible values are: - "." - standard container - "B" - "Browse Directory" - "M" - "Music" - "P" - "Pictures" - "V" - "Video" - Or, you can specify the ObjectID of your desired root container (eg. 1$F for Music/Playlists) If you specify "B" and the client device is audio-only then "Music/Folders" will be used as root.
Type: string
Default: "."
Example: "B"
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
- services.miniflux.enable
Whether to enable miniflux.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/miniflux.nix>
- services.miniflux.adminCredentialsFile
File containing the ADMIN_USERNAME, default is "admin", and ADMIN_PASSWORD (length >= 6), default is "password"; in the format of an EnvironmentFile=, as described by systemd.exec(5).
Type: null or path
Default: null
Example: "/etc/nixos/miniflux-admin-credentials"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/miniflux.nix>
- services.miniflux.config
Configuration for Miniflux, refer to https://miniflux.app/docs/configuration.html for documentation on the supported values.
Type: attribute set of strings
Example:
{ CLEANUP_FREQUENCY = "48"; LISTEN_ADDR = "localhost:8080"; }Declared by:
<nixpkgs/nixos/modules/services/web-apps/miniflux.nix>
- services.minio.enable
Whether to enable Minio Object Storage.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
- services.minio.package
Minio package to use.
Type: package
Default: pkgs.minio
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
- services.minio.accessKey
Access key of 5 to 20 characters in length that clients use to access the server. This overrides the access key that is generated by minio on first startup and stored inside the configDir directory.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
- services.minio.browser
Enable or disable access to web UI.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
- services.minio.configDir
The config directory, for the access keys and other settings.
Type: path
Default: "/var/lib/minio/config"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
- services.minio.consoleAddress
IP address and port of the web UI (console).
Type: string
Default: ":9001"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
- services.minio.dataDir
The list of data directories for storing the objects. Use one path for regular operation and the minimum of 4 endpoints for Erasure Code mode.
Type: list of paths
Default: [ "/var/lib/minio/data" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
- services.minio.listenAddress
IP address and port of the server.
Type: string
Default: ":9000"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
- services.minio.region
The physical location of the server. By default it is set to us-east-1, which is same as AWS S3's and Minio's default region.
Type: string
Default: "us-east-1"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
- services.minio.rootCredentialsFile
File containing the MINIO_ROOT_USER, default is "minioadmin", and MINIO_ROOT_PASSWORD (length >= 8), default is "minioadmin"; in the format of an EnvironmentFile=, as described by systemd.exec(5).
Type: null or path
Default: null
Example: "/etc/nixos/minio-root-credentials"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
- services.minio.secretKey
Specify the Secret key of 8 to 40 characters in length that clients use to access the server. This overrides the secret key that is generated by minio on first startup and stored inside the configDir directory.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
- services.miniupnpd.enable
Whether to enable MiniUPnP daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/miniupnpd.nix>
- services.miniupnpd.appendConfig
Configuration lines appended to the MiniUPnP config.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/miniupnpd.nix>
- services.miniupnpd.externalInterface
Name of the external interface.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/miniupnpd.nix>
- services.miniupnpd.internalIPs
The IP address ranges to listen on.
Type: list of strings
Example: [ "192.168.1.1/24" "enp1s0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/miniupnpd.nix>
- services.miniupnpd.natpmp
Whether to enable NAT-PMP support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/miniupnpd.nix>
- services.miniupnpd.upnp
Whether to enable UPNP support.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/miniupnpd.nix>
- services.mirakurun.enable
Whether to enable .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/video/mirakurun.nix>
- services.mirakurun.allowSmartCardAccess
Install polkit rules to allow Mirakurun to access smart card readers which is commonly used along with tuner devices.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/video/mirakurun.nix>
- services.mirakurun.channelSettings
Options which are added to channels.yml. If none is specified, it will automatically be generated at runtime.
Documentation: https://github.com/Chinachu/Mirakurun/blob/master/doc/Configuration.md
Type: null or YAML value
Default: null
Example:
[ { name = "channel"; types = "GR"; channel = "0"; } ];Declared by:
<nixpkgs/nixos/modules/services/video/mirakurun.nix>
- services.mirakurun.openFirewall
Open ports in the firewall for Mirakurun.
Warning
Exposing Mirakurun to the open internet is generally advised against. Only use it inside a trusted local network, or consider putting it behind a VPN if you want remote access.Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/video/mirakurun.nix>
- services.mirakurun.port
Port to listen on. If null, it won't listen on any port.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 40772
Declared by:
<nixpkgs/nixos/modules/services/video/mirakurun.nix>
- services.mirakurun.serverSettings
Options for server.yml.
Documentation: https://github.com/Chinachu/Mirakurun/blob/master/doc/Configuration.md
Type: YAML value
Default: { }
Example:
{ highWaterMark = 25165824; overflowTimeLimit = 30000; };Declared by:
<nixpkgs/nixos/modules/services/video/mirakurun.nix>
- services.mirakurun.tunerSettings
Options which are added to tuners.yml. If none is specified, it will automatically be generated at runtime.
Documentation: https://github.com/Chinachu/Mirakurun/blob/master/doc/Configuration.md
Type: null or YAML value
Default: null
Example:
[ { name = "tuner-name"; types = [ "GR" "BS" "CS" "SKY" ]; dvbDevicePath = "/dev/dvb/adapterX/dvrX"; } ];Declared by:
<nixpkgs/nixos/modules/services/video/mirakurun.nix>
- services.mirakurun.unixSocket
Path to unix socket to listen on. If null, it won't listen on any unix sockets.
Type: null or path
Default: "/var/run/mirakurun/mirakurun.sock"
Declared by:
<nixpkgs/nixos/modules/services/video/mirakurun.nix>
- services.miredo.enable
Whether to enable the Miredo IPv6 tunneling service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/miredo.nix>
- services.miredo.package
The package to use for the miredo daemon's binary.
Type: package
Default: pkgs.miredo
Declared by:
<nixpkgs/nixos/modules/services/networking/miredo.nix>
- services.miredo.bindAddress
Depending on the local firewall/NAT rules, you might need to force Miredo to use a fixed UDP port and or IPv4 address.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/miredo.nix>
- services.miredo.bindPort
Depending on the local firewall/NAT rules, you might need to force Miredo to use a fixed UDP port and or IPv4 address.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/miredo.nix>
- services.miredo.interfaceName
Name of the network tunneling interface.
Type: string
Default: "teredo"
Declared by:
<nixpkgs/nixos/modules/services/networking/miredo.nix>
- services.miredo.serverAddress
The hostname or primary IPv4 address of the Teredo server. This setting is required if Miredo runs as a Teredo client. "teredo.remlab.net" is an experimental service for testing only. Please use another server for production and/or large scale deployments.
Type: string
Default: "teredo.remlab.net"
Declared by:
<nixpkgs/nixos/modules/services/networking/miredo.nix>
- services.mjolnir.enable
Whether to enable Mjolnir, a moderation tool for Matrix.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
- services.mjolnir.accessTokenFile
File containing the matrix access token for the mjolnir user.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
- services.mjolnir.dataPath
The directory the bot should store various bits of information in.
Type: path
Default: "/var/lib/mjolnir"
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
- services.mjolnir.homeserverUrl
Where the homeserver is located (client-server URL).
If pantalaimon.enable is true, this option will become the homeserver to which pantalaimon connects. The listen address of pantalaimon will then become the homeserverUrl of mjolnir.
Type: string
Default: "https://matrix.org"
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
- services.mjolnir.managementRoom
The room ID where people can use the bot. The bot has no access controls, so anyone in this room can use the bot - secure your room! This should be a room alias or room ID - not a matrix.to URL. Note: mjolnir is fairly verbose - expect a lot of messages from it.
Type: string
Default: "#moderators:example.org"
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
- services.mjolnir.pantalaimon
pantalaimon options (enables E2E Encryption support).
This will create a pantalaimon instance with the name "mjolnir".
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
- services.mjolnir.pantalaimon.enable
Whether to enable If true, accessToken is ignored and the username/password below will be used instead. The access token of the bot will be stored in the dataPath. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
- services.mjolnir.pantalaimon.options
passthrough additional options to the pantalaimon service.
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
- services.mjolnir.pantalaimon.options.dataPath
The directory where pantalaimon should store its state such as the database file.
Type: path
Default: "/var/lib/pantalaimon-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
- services.mjolnir.pantalaimon.options.extraSettings
Extra configuration options. See pantalaimon(5) for available options.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
- services.mjolnir.pantalaimon.options.homeserver
The URI of the homeserver that the pantalaimon proxy should forward requests to, without the matrix API path but including the http(s) schema.
Type: string
Example: "https://matrix.org"
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
- services.mjolnir.pantalaimon.options.listenAddress
The address where the daemon will listen to client connections for this homeserver.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
- services.mjolnir.pantalaimon.options.listenPort
The port where the daemon will listen to client connections for this homeserver. Note that the listen address/port combination needs to be unique between different homeservers.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8009
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
- services.mjolnir.pantalaimon.options.logLevel
Set the log level of the daemon.
Type: one of "info", "warning", "error", "debug"
Default: "warning"
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
- services.mjolnir.pantalaimon.options.ssl
Whether or not SSL verification should be enabled for outgoing connections to the homeserver.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
- services.mjolnir.pantalaimon.passwordFile
File containing the matrix password for the mjolnir user.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
- services.mjolnir.pantalaimon.username
The username to login with.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
- services.mjolnir.protectedRooms
A list of rooms to protect (matrix.to URLs).
Type: list of strings
Default: [ ]
Example:
[ "https://matrix.to/#/#yourroom:example.org" "https://matrix.to/#/#anotherroom:example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
- services.mjolnir.settings
Additional settings (see mjolnir default config for available settings). These settings will override settings made by the module config.
Type: YAML value
Default: { }
Example:
{ autojoinOnlyIfManager = true; automaticallyRedactForReasons = [ "spam" "advertising" ]; }Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
- services.mjpg-streamer.enable
Whether to enable mjpg-streamer webcam streamer.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/mjpg-streamer.nix>
- services.mjpg-streamer.group
mjpg-streamer group name.
Type: string
Default: "video"
Declared by:
<nixpkgs/nixos/modules/services/networking/mjpg-streamer.nix>
- services.mjpg-streamer.inputPlugin
Input plugin. See plugins documentation for more information.
Type: string
Default: "input_uvc.so"
Declared by:
<nixpkgs/nixos/modules/services/networking/mjpg-streamer.nix>
- services.mjpg-streamer.outputPlugin
Output plugin. @www@ is substituted for default mjpg-streamer www directory. See plugins documentation for more information.
Type: string
Default: "output_http.so -w @www@ -n -p 5050"
Declared by:
<nixpkgs/nixos/modules/services/networking/mjpg-streamer.nix>
- services.mjpg-streamer.user
mjpg-streamer user name.
Type: string
Default: "mjpg-streamer"
Declared by:
<nixpkgs/nixos/modules/services/networking/mjpg-streamer.nix>
- services.mlmmj.enable
Enable mlmmj
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/mlmmj.nix>
- services.mlmmj.group
mailinglist local group
Type: string
Default: "mlmmj"
Declared by:
<nixpkgs/nixos/modules/services/mail/mlmmj.nix>
- services.mlmmj.listDomain
Set the mailing list domain
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/mail/mlmmj.nix>
- services.mlmmj.mailLists
The collection of hosted maillists
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/mlmmj.nix>
- services.mlmmj.maintInterval
Time interval between mlmmj-maintd runs, see systemd.time(7) for format information.
Type: string
Default: "20min"
Declared by:
<nixpkgs/nixos/modules/services/mail/mlmmj.nix>
- services.mlmmj.user
mailinglist local user
Type: string
Default: "mlmmj"
Declared by:
<nixpkgs/nixos/modules/services/mail/mlmmj.nix>
- services.moinmoin.enable
Whether to enable MoinMoin Wiki Engine.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moinmoin.nix>
- services.moinmoin.gunicorn.workers
The number of worker processes for handling requests.
Type: positive integer, meaning >0
Default: 3
Example: 10
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moinmoin.nix>
- services.moinmoin.webServer
Which web server to use to serve the wiki. Use none if you want to configure this yourself.
Type: one of "nginx-gunicorn", "gunicorn", "none"
Default: "nginx-gunicorn"
Example: "none"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moinmoin.nix>
- services.moinmoin.wikis
Configurations of the individual wikis. Attribute names must be valid Python identifiers of the form [A-Za-z_][A-Za-z0-9_]*.
For every attribute WIKINAME, a helper script moin-WIKINAME is created which runs the moin command under the moin user (to avoid file ownership issues) and with the right configuration directory passed to it.
Type: attribute set of submodules
Example:
{ "mywiki" = { siteName = "Example Wiki"; webHost = "wiki.example.org"; superUsers = [ "admin" ]; frontPage = "Index"; extraConfig = "page_category_regex = ur'(?P<all>(Category|Kategorie)(?P<key>(?!Template)\S+))'" }; }Declared by:
<nixpkgs/nixos/modules/services/web-apps/moinmoin.nix>
- services.moinmoin.wikis.<name>.extraConfig
Additional configuration to be appended verbatim to this wiki's config.
See http://moinmo.in/HelpOnConfiguration for documentation.
Type: strings concatenated with "\n"
Default: ""
Example:
'' show_hosts = True search_results_per_page = 100 acl_rights_default = u"Known:read,write,delete,revert All:read" logo_string = u"<h2>\U0001f639</h2>" theme_default = u"modernized" user_checkbox_defaults = {'show_page_trail': 0, 'edit_on_doubleclick': 0} navi_bar = [u'SomePage'] + multiconfig.DefaultConfig.navi_bar actions_excluded = multiconfig.DefaultConfig.actions_excluded + ['newaccount'] mail_smarthost = "mail.example.org" mail_from = u"Example.Org Wiki <wiki@example.org>" ''Declared by:
<nixpkgs/nixos/modules/services/web-apps/moinmoin.nix>
- services.moinmoin.wikis.<name>.frontPage
Front page name. Set this to something like FrontPage once languages are configured.
Type: string
Default: "LanguageSetup"
Example: "FrontPage"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moinmoin.nix>
- services.moinmoin.wikis.<name>.languageDefault
The ISO-639-1 name of the main wiki language. Languages that MoinMoin does not support are ignored.
Type: string
Default: "en"
Example: "de"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moinmoin.nix>
- services.moinmoin.wikis.<name>.siteName
Short description of your wiki site, displayed below the logo on each page, and used in RSS documents as the channel title.
Type: string
Default: "Untitled Wiki"
Example: "ExampleWiki"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moinmoin.nix>
- services.moinmoin.wikis.<name>.superUsers
List of trusted user names with wiki system administration super powers.
Please note that accounts for these users need to be created using the moin command-line utility, e.g.: moin-WIKINAME account create --name=NAME --email=EMAIL --password=PASSWORD.
Type: list of strings
Default: [ ]
Example: [ "elvis" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moinmoin.nix>
- services.moinmoin.wikis.<name>.webHost
Host part of the wiki URL. If undefined, the name of the attribute set will be used.
Type: string
Example: "wiki.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moinmoin.nix>
- services.moinmoin.wikis.<name>.webLocation
Location part of the wiki URL.
Type: string
Default: "/"
Example: "/moin"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moinmoin.nix>
- services.molly-brown.enable
Whether to enable Molly-Brown Gemini server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/molly-brown.nix>
- services.molly-brown.certPath
Path to TLS certificate. An ACME certificate and key may be shared with an HTTP server, but only if molly-brown has permissions allowing it to read such keys.
As an example:
systemd.services.molly-brown.serviceConfig.SupplementaryGroups = [ config.security.acme.certs."example.com".group ];
Type: path
Example: "/var/lib/acme/example.com/cert.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/molly-brown.nix>
- services.molly-brown.docBase
Base directory for Gemini content.
Type: path
Example: "/var/lib/molly-brown"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/molly-brown.nix>
- services.molly-brown.hostName
The hostname to respond to requests for. Requests for URLs with other hosts will result in a status 53 (PROXY REQUEST REFUSED) response.
Type: string
Default: config.networking.hostName
Declared by:
<nixpkgs/nixos/modules/services/web-servers/molly-brown.nix>
- services.molly-brown.keyPath
Path to TLS key. See CertPath.
Type: path
Example: "/var/lib/acme/example.com/key.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/molly-brown.nix>
- services.molly-brown.port
TCP port for molly-brown to bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1965
Declared by:
<nixpkgs/nixos/modules/services/web-servers/molly-brown.nix>
- services.molly-brown.settings
molly-brown configuration. Refer to https://tildegit.org/solderpunk/molly-brown/src/branch/master/example.conf for details on supported values.
Type: TOML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-servers/molly-brown.nix>
- services.monero.enable
Whether to enable Monero node daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
- services.monero.dataDir
The directory where Monero stores its data files.
Type: string
Default: "/var/lib/monero"
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
- services.monero.exclusiveNodes
List of peer IP addresses to connect to *only*. If given the other peer options will be ignored.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
- services.monero.extraConfig
Extra lines to be added verbatim to monerod configuration.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
- services.monero.extraNodes
List of additional peer IP addresses to add to the local list.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
- services.monero.limits.download
Limit of the download rate in kB/s. Set to -1 to leave unlimited.
Type: signed integer
Default: -1
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
- services.monero.limits.syncSize
Maximum number of blocks to sync at once. Set to 0 for adaptive.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
- services.monero.limits.threads
Maximum number of threads used for a parallel job. Set to 0 to leave unlimited.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
- services.monero.limits.upload
Limit of the upload rate in kB/s. Set to -1 to leave unlimited.
Type: signed integer
Default: -1
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
- services.monero.mining.enable
Whether to mine monero.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
- services.monero.mining.address
Monero address where to send mining rewards.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
- services.monero.mining.threads
Number of threads used for mining. Set to 0 to use all available.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
- services.monero.priorityNodes
List of peer IP addresses to connect to and attempt to keep the connection open.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
- services.monero.rpc.address
IP address the RPC server will bind to.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
- services.monero.rpc.password
Password for RPC connections.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
- services.monero.rpc.port
Port the RPC server will bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 18081
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
- services.monero.rpc.restricted
Whether to restrict RPC to view only commands.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
- services.monero.rpc.user
User name for RPC connections.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
- services.monetdb.enable
Whether to enable the MonetDB database server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
- services.monetdb.package
MonetDB package to use.
Type: package
Default: pkgs.monetdb
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
- services.monetdb.dataDir
Data directory for the dbfarm.
Type: path
Default: "/var/lib/monetdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
- services.monetdb.group
Group under which MonetDB runs.
Type: string
Default: "monetdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
- services.monetdb.listenAddress
Address to listen on.
Type: string
Default: "127.0.0.1"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
- services.monetdb.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 50000
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
- services.monetdb.user
User account under which MonetDB runs.
Type: string
Default: "monetdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
- services.mongodb.enable
Whether to enable the MongoDB server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
- services.mongodb.enableAuth
Enable client authentication. Creates a default superuser with username root!
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
- services.mongodb.package
Which MongoDB derivation to use.
Type: package
Default: pkgs.mongodb
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
- services.mongodb.bind_ip
IP to bind to
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
- services.mongodb.dbpath
Location where MongoDB stores its files
Type: string
Default: "/var/db/mongodb"
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
- services.mongodb.extraConfig
MongoDB extra configuration in YAML format
Type: strings concatenated with "\n"
Default: ""
Example:
'' storage.journal.enabled: false ''
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
- services.mongodb.initialRootPassword
Password for the root user if auth is enabled.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
- services.mongodb.initialScript
A file containing MongoDB statements to execute on first startup.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
- services.mongodb.pidFile
Location of MongoDB pid file
Type: string
Default: "/run/mongodb.pid"
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
- services.mongodb.quiet
quieter output
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
- services.mongodb.replSetName
If this instance is part of a replica set, set its name here. Otherwise, leave empty to run as single node.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
- services.mongodb.user
User account under which MongoDB runs
Type: string
Default: "mongodb"
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
- services.monit.enable
Whether to enable Monit.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/monit.nix>
- services.monit.config
monitrc content
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/monit.nix>
- services.moodle.enable
Whether to enable Moodle web application.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.package
The Moodle package to use.
Type: package
Default: pkgs.moodle
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.database.createLocally
Create the database and database user locally.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.database.host
Database host address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.database.name
Database name.
Type: string
Default: "moodle"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.database.passwordFile
A file containing the password corresponding to database.user.
Type: null or path
Default: null
Example: "/run/keys/moodle-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.database.port
Database host port.
Type: signed integer
Default: 3306
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.database.socket
Path to the unix socket file to use for authentication.
Type: null or path
Default: /run/mysqld/mysqld.sock
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.database.type
Database engine to use.
Type: one of "mysql", "pgsql"
Default: "mysql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.database.user
Database user.
Type: string
Default: "moodle"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.extraConfig
Any additional text to be appended to the config.php configuration file. This is a PHP script. For configuration details, see https://docs.moodle.org/37/en/Configuration_file.
Type: strings concatenated with "\n"
Default: ""
Example:
'' $CFG->disableupdatenotifications = true; ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.initialPassword
Specifies the initial password for the admin, i.e. the password assigned if the user does not already exist. The password specified here is world-readable in the Nix store, so it should be changed promptly.
Type: string
Example: "correcthorsebatterystaple"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.poolConfig
Options for the Moodle PHP pool. See the documentation on php-fpm.conf for details on configuration directives.
Type: attribute set of string or signed integer or booleans
Default: { pm = "dynamic"; pm.max_children = 32; pm.max_requests = 500; pm.max_spare_servers = 4; pm.min_spare_servers = 2; pm.start_servers = 2; }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost
Apache configuration can be done by adapting services.httpd.virtualHosts. See services.httpd.virtualHosts for further information.
Type: submodule
Example:
{ hostName = "moodle.example.org"; adminAddr = "webmaster@example.org"; forceSSL = true; enableACME = true; }Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.enableACME
Whether to ask Let's Encrypt to sign a certificate for this vhost. Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.enableUserDir
Whether to enable serving ~/public_html as /~username.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.acmeRoot
Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
Type: string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.addSSL
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.adminAddr
E-mail address of the server administrator.
Type: null or string
Default: null
Example: "admin@example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.documentRoot
The path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.extraConfig
These lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default.
Type: strings concatenated with "\n"
Default: ""
Example:
'' <Directory /home> Options FollowSymlinks AllowOverride All </Directory> ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.forceSSL
Whether to add a separate nginx server block that permanently redirects (301) all plain HTTP traffic to HTTPS. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.globalRedirect
If set, all requests for this host are redirected permanently to the given URL.
Type: null or string
Default: null
Example: "http://newserver.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.hostName
Canonical hostname for the server.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.http2
Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. However, if you use the prefork mpm, there will be severe restrictions. Refer to https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config for details.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.listen
Listen addresses and ports for this virtual host.
Note
This option overrides addSSL, forceSSL and onlySSL.If you only want to set the addresses manually and not the ports, take a look at listenAddresses.
Type: list of submodules
Default: [ ]
Example: [ { ip = "195.154.1.1"; port = 443; ssl = true; } { ip = "192.154.1.1"; port = 80; } { ip = "*"; port = 8080; } ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.listen.*.ip
IP to listen on. 0.0.0.0 for IPv4 only, * for all.
Type: string
Default: "*"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.listen.*.port
Port to listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.listen.*.ssl
Whether to enable SSL (https) support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.listenAddresses
Listen addresses for this virtual host. Compared to listen this only sets the addreses and the ports are chosen automatically.
Type: non-empty list of strings
Default: [ "*" ]
Example: [ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.locations
Declarative location config. See https://httpd.apache.org/docs/2.4/mod/core.html#location for details.
Type: attribute set of submodules
Default: { }
Example:
{ "/" = { proxyPass = "http://localhost:3000"; }; "/foo/bar.png" = { alias = "/home/eelco/some-file.png"; }; };Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.locations.<name>.alias
Alias directory for requests. See https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.locations.<name>.extraConfig
These lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.locations.<name>.index
Adds DirectoryIndex directive. See https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.locations.<name>.priority
Order of this location block in relation to the others in the vhost. The semantics are the same as with `lib.mkOrder`. Smaller values have a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.locations.<name>.proxyPass
Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.logFormat
Log format for Apache's log files. Possible values are: combined, common, referer, agent.
Type: string
Default: "common"
Example: "combined"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.onlySSL
Whether to enable HTTPS and reject plain HTTP connections. This will set defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.robotsEntries
Specification of pages to be ignored by web crawlers. See http://www.robotstxt.org/ for details.
Type: strings concatenated with "\n"
Default: ""
Example: "Disallow: /foo/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.servedDirs
This option provides a simple way to serve static directories.
Type: list of attribute sets
Default: [ ]
Example: [ { dir = "/home/eelco/Dev/nix-homepage"; urlPath = "/nix"; } ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.servedFiles
This option provides a simple way to serve individual, static files.
Note
This option has been deprecated and will be removed in a future version of NixOS. You can achieve the same result by making use of the locations.<name>.alias option.Type: list of attribute sets
Default: [ ]
Example: [ { file = "/home/eelco/some-file.png"; urlPath = "/foo/bar.png"; } ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of strings
Default: [ ]
Example: [ "www.example.org" "www.example.org:8080" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.sslServerCert
Path to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.sslServerChain
Path to server SSL chain file.
Type: null or path
Default: null
Example: "/var/ca.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.sslServerKey
Path to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moodle.virtualHost.useACMEHost
A host of an existing Let's Encrypt certificate to use. This is useful if you have many subdomains and want to avoid hitting the rate limit. Alternately, you can generate a certificate through enableACME. Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
- services.moonraker.enable
Whether to enable Moonraker, an API web server for Klipper.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/moonraker.nix>
- services.moonraker.address
The IP or host to listen on.
Type: string
Default: "127.0.0.1"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/moonraker.nix>
- services.moonraker.configDir
The directory containing client-writable configuration files.
Clients will be able to edit files in this directory via the API. This directory must be writable.
Type: path
Default: "/var/lib/moonraker/config"
Declared by:
<nixpkgs/nixos/modules/services/misc/moonraker.nix>
- services.moonraker.group
Group account under which Moonraker runs.
Type: string
Default: "moonraker"
Declared by:
<nixpkgs/nixos/modules/services/misc/moonraker.nix>
- services.moonraker.klipperSocket
Path to Klipper's API socket.
Type: path
Default: "/run/klipper/api"
Declared by:
<nixpkgs/nixos/modules/services/misc/moonraker.nix>
- services.moonraker.port
The port to listen on.
Type: unsigned integer, meaning >=0
Default: 7125
Declared by:
<nixpkgs/nixos/modules/services/misc/moonraker.nix>
- services.moonraker.settings
Configuration for Moonraker. See the documentation for supported values.
Type: attribute set of attribute set of INI atom (null, bool, int, float or string) or a non-empty list of themss
Default: { }
Example: { authorization = { cors_domains = [ "https://app.fluidd.xyz" ] ; trusted_clients = [ "10.0.0.0/24" ] ; } ; }
Declared by:
<nixpkgs/nixos/modules/services/misc/moonraker.nix>
- services.moonraker.stateDir
The directory containing the Moonraker databases.
Type: path
Default: "/var/lib/moonraker"
Declared by:
<nixpkgs/nixos/modules/services/misc/moonraker.nix>
- services.moonraker.user
User account under which Moonraker runs.
Type: string
Default: "moonraker"
Declared by:
<nixpkgs/nixos/modules/services/misc/moonraker.nix>
- services.mopidy.enable
Whether to enable Mopidy, a music player daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/mopidy.nix>
- services.mopidy.configuration
The configuration that Mopidy should use.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/audio/mopidy.nix>
- services.mopidy.dataDir
The directory where Mopidy stores its state.
Type: string
Default: "/var/lib/mopidy"
Declared by:
<nixpkgs/nixos/modules/services/audio/mopidy.nix>
- services.mopidy.extensionPackages
Mopidy extensions that should be loaded by the service.
Type: list of packages
Default: [ ]
Example: [ pkgs.mopidy-spotify ]
Declared by:
<nixpkgs/nixos/modules/services/audio/mopidy.nix>
- services.mopidy.extraConfigFiles
Extra config file read by Mopidy when the service starts. Later files in the list overrides earlier configuration.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/audio/mopidy.nix>
- services.morty.enable
Whether to enable Morty proxy server. See https://github.com/asciimoo/morty.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/morty.nix>
- services.morty.package
morty package to use.
Type: package
Default: pkgs.morty
Declared by:
<nixpkgs/nixos/modules/services/networking/morty.nix>
- services.morty.ipv6
Allow IPv6 HTTP requests?
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/morty.nix>
- services.morty.key
HMAC url validation key (hexadecimal encoded). Leave blank to disable. Without validation key, anyone can submit proxy requests. Leave blank to disable. Generate with printf %s somevalue | openssl dgst -sha1 -hmac somekey
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/morty.nix>
- services.morty.listenAddress
The address on which the service listens
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/morty.nix>
- services.morty.port
Listing port
Type: signed integer
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/networking/morty.nix>
- services.morty.timeout
Request timeout in seconds.
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/networking/morty.nix>
- services.mosquitto.enable
Whether to enable the MQTT Mosquitto broker.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.package
Mosquitto package to use.
Type: package
Default: pkgs.mosquitto
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.bridges
Bridges to build to other MQTT brokers.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.bridges.<name>.addresses
Remote endpoints for the bridge.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.bridges.<name>.addresses.*.address
Address of the remote MQTT broker.
Type: single-line string
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.bridges.<name>.addresses.*.port
Port of the remote MQTT broker.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1883
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.bridges.<name>.settings
Additional settings for this bridge.
Type: attribute set of string, path, bool, or integers
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.bridges.<name>.topics
Topic patterns to be shared between the two brokers. Refer to the mosquitto.conf documentation for details on the format.
Type: list of single-line strings
Default: [ ]
Example: [ "# both 2 local/topic/ remote/topic/" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.dataDir
The data directory.
Type: path
Default: "/var/lib/mosquitto"
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.includeDirs
Directories to be scanned for further config files to include. Directories will processed in the order given, *.conf files in the directory will be read in case-sensistive alphabetical order.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.listeners
Listeners to configure on this broker.
Type: list of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.listeners.*.acl
Additional ACL items to prepend to the generated ACL file.
Type: list of single-line strings
Default: [ ]
Example: [ "pattern read #" "topic readwrite anon/report/#" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.listeners.*.address
Address to listen on. Listen on 0.0.0.0/:: when unset.
Type: null or single-line string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.listeners.*.authPlugins
Authentication plugin to attach to this listener. Refer to the mosquitto.conf documentation for details on authentication plugins.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.listeners.*.authPlugins.*.denySpecialChars
Automatically disallow all clients using # or + in their name/id.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.listeners.*.authPlugins.*.options
Options for the auth plugin. Each key turns into a auth_opt_* line in the config.
Type: attribute set of string, path, bool, or integers
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.listeners.*.authPlugins.*.plugin
Plugin path to load, should be a .so file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.listeners.*.omitPasswordAuth
Omits password checking, allowing anyone to log in with any user name unless other mandatory authentication methods (eg TLS client certificates) are configured.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.listeners.*.port
Port to listen on. Must be set to 0 to listen on a unix domain socket.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1883
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.listeners.*.settings
Additional settings for this listener.
Type: attribute set of string, path, bool, or integers
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.listeners.*.users
A set of users and their passwords and ACLs.
Type: attribute set of submodules
Default: { }
Example: { john = { acl = [ "readwrite john/#" ] ; password = "123456"; } ; }
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.listeners.*.users.<name>.acl
Control client access to topics on the broker.
Type: list of single-line strings
Default: [ ]
Example: [ "read A/B" "readwrite A/#" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.listeners.*.users.<name>.hashedPassword
Specifies the hashed password for the MQTT User. To generate hashed password install mosquitto package and use mosquitto_passwd.
Type: null or single-line string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.listeners.*.users.<name>.hashedPasswordFile
Specifies the path to a file containing the hashed password for the MQTT user. To generate hashed password install mosquitto package and use mosquitto_passwd.
Type: null or path
Default: null
Example: "/path/to/file"
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.listeners.*.users.<name>.password
Specifies the (clear text) password for the MQTT User.
Type: null or single-line string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.listeners.*.users.<name>.passwordFile
Specifies the path to a file containing the clear text password for the MQTT user.
Type: null or path
Default: null
Example: "/path/to/file"
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.logDest
Destinations to send log messages to.
Type: list of path or one of "stdout", "stderr", "syslog", "topic", "dlt"s
Default: [ "stderr" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.logType
Types of messages to log.
Type: list of one of "debug", "error", "warning", "notice", "information", "subscribe", "unsubscribe", "websockets", "none", "all"s
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.persistence
Enable persistent storage of subscriptions and messages.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mosquitto.settings
Global configuration options for the mosquitto broker.
Type: attribute set of string, path, bool, or integers
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
- services.mpd.enable
Whether to enable MPD, the music player daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
- services.mpd.credentials
Credentials and permissions for accessing the mpd server.
Type: list of submodules
Default: [ ]
Example: [ { passwordFile = "/var/lib/secrets/mpd_readonly_password"; permissions = [ "read" ] ; } { passwordFile = "/var/lib/secrets/mpd_admin_password"; permissions = [ "read" "add" "control" "admin" ] ; } ]
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
- services.mpd.credentials.*.passwordFile
Path to file containing the password.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
- services.mpd.credentials.*.permissions
List of permissions that are granted with this password. Permissions can be "read", "add", "control", "admin".
Type: list of one of "read", "add", "control", "admin"s
Default: [ "read" ]
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
- services.mpd.dataDir
The directory where MPD stores its state, tag cache, playlists etc. If left as the default value this directory will automatically be created before the MPD server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: path
Default: "/var/lib/mpd"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
- services.mpd.dbFile
The path to MPD's database. If set to null the parameter is omitted from the configuration.
Type: null or string
Default: "${dataDir}/tag_cache"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
- services.mpd.extraConfig
Extra directives added to to the end of MPD's configuration file, mpd.conf. Basic configuration like file location and uid/gid is added automatically to the beginning of the file. For available options see man 5 mpd.conf'.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
- services.mpd.fluidsynth
If set, add fluidsynth soundfont and configure the plugin.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
- services.mpd.group
Group account under which MPD runs.
Type: string
Default: "mpd"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
- services.mpd.musicDirectory
The directory or NFS/SMB network share where MPD reads music from. If left as the default value this directory will automatically be created before the MPD server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: path or string matching the pattern (http|https|nfs|smb)://.+
Default: "${dataDir}/music"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
- services.mpd.network.listenAddress
The address for the daemon to listen on. Use any to listen on all addresses.
Type: string
Default: "127.0.0.1"
Example: "any"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
- services.mpd.network.port
This setting is the TCP port that is desired for the daemon to get assigned to.
Type: signed integer
Default: 6600
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
- services.mpd.playlistDirectory
The directory where MPD stores playlists. If left as the default value this directory will automatically be created before the MPD server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: path
Default: "${dataDir}/playlists"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
- services.mpd.startWhenNeeded
If set, mpd is socket-activated; that is, instead of having it permanently running as a daemon, systemd will start it on the first incoming connection.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
- services.mpd.user
User account under which MPD runs.
Type: string
Default: "mpd"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
- services.mpdscribble.enable
Whether to enable mpdscribble.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/mpdscribble.nix>
- services.mpdscribble.endpoints
Endpoints to scrobble to. If the endpoint is one of "jamendo", "last.fm", "libre.fm", "listenbrainz" the url is set automatically.
Type: attribute set of submodules
Default: { }
Example: { last.fm = { passwordFile = "/run/secrets/lastfm_password"; username = "foo"; } ; }
Declared by:
<nixpkgs/nixos/modules/services/audio/mpdscribble.nix>
- services.mpdscribble.endpoints.<name>.passwordFile
File containing the password, either as MD5SUM or cleartext.
Type: null or string
Declared by:
<nixpkgs/nixos/modules/services/audio/mpdscribble.nix>
- services.mpdscribble.endpoints.<name>.url
The url endpoint where the scrobble API is listening.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/audio/mpdscribble.nix>
- services.mpdscribble.endpoints.<name>.username
Username for the scrobble service.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/audio/mpdscribble.nix>
- services.mpdscribble.host
Host for the mpdscribble daemon to search for a mpd daemon on.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpdscribble.nix>
- services.mpdscribble.journalInterval
How often should mpdscribble save the journal file? [seconds]
Type: signed integer
Default: 600
Example: 60
Declared by:
<nixpkgs/nixos/modules/services/audio/mpdscribble.nix>
- services.mpdscribble.passwordFile
File containing the password for the mpd daemon. If there is a local mpd configured using services.mpd.credentials the default is automatically set to a matching passwordFile of the local mpd.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/audio/mpdscribble.nix>
- services.mpdscribble.port
Port for the mpdscribble daemon to search for a mpd daemon on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 6600
Declared by:
<nixpkgs/nixos/modules/services/audio/mpdscribble.nix>
- services.mpdscribble.proxy
HTTP proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/audio/mpdscribble.nix>
- services.mpdscribble.verbose
Log level for the mpdscribble daemon.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/audio/mpdscribble.nix>
- services.mstpd.enable
Whether to enable the multiple spanning tree protocol daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/mstpd.nix>
- services.mtprotoproxy.enable
Whether to enable mtprotoproxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/mtprotoproxy.nix>
- services.mtprotoproxy.adTag
Tag for advertising that can be obtained from @MTProxybot.
Type: null or string
Default: null
Example: "3c09c680b76ee91a4c25ad51f742267d"
Declared by:
<nixpkgs/nixos/modules/services/networking/mtprotoproxy.nix>
- services.mtprotoproxy.extraConfig
Extra configuration options for mtprotoproxy.
Type: attribute set
Default: { }
Example: { STATS_PRINT_PERIOD = 600; }
Declared by:
<nixpkgs/nixos/modules/services/networking/mtprotoproxy.nix>
- services.mtprotoproxy.port
TCP port to accept mtproto connections on.
Type: signed integer
Default: 3256
Declared by:
<nixpkgs/nixos/modules/services/networking/mtprotoproxy.nix>
- services.mtprotoproxy.secureOnly
Don't allow users to connect in non-secure mode (without random padding).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/mtprotoproxy.nix>
- services.mtprotoproxy.users
Allowed users and their secrets. A secret is a 32 characters long hex string.
Type: attribute set of strings
Example: { tg = "00000000000000000000000000000000"; tg2 = "0123456789abcdef0123456789abcdef"; }
Declared by:
<nixpkgs/nixos/modules/services/networking/mtprotoproxy.nix>
- services.mullvad-vpn.enable
This option enables Mullvad VPN daemon. This sets networking.firewall.checkReversePath to "loose", which might be undesirable for security.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/mullvad-vpn.nix>
- services.multipath.enable
Whether to enable the device mapper multipath (DM-MP) daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.package
multipath-tools package to use
Type: package
Default: "pkgs.multipath-tools"
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.blacklist
This section defines which devices should be excluded from the multipath topology discovery.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.blacklist_exceptions
This section defines which devices should be included in the multipath topology discovery, despite being listed in the blacklist section.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.defaults
This section defines default values for attributes which are used whenever no values are given in the appropriate device or multipath sections.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices
This option allows you to define arrays for use in multipath groups.
Type: list of submodules
Default: [ ]
Example:
[ { vendor = "\"COMPELNT\""; product = "\"Compellent Vol\""; path_checker = "tur"; no_path_retry = "queue"; max_sectors_kb = 256; }, ... ]Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.alias_prefix
The user_friendly_names prefix to use for this device type, instead of the default mpath
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.all_tg_pt
Set the 'all targets ports' flag when registering keys with mpathpersist
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.deferred_remove
If set to "yes", multipathd will do a deferred remove instead of a regular remove when the last path device has been deleted. This means that if the multipath device is still in use, it will be freed when the last user closes it. If path is added to the multipath device before the last user closes it, the deferred remove will be canceled.
Type: null or one of "yes", "no"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.delay_wait_checks
This option is deprecated, and mapped to san_path_err_recovery_time
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.delay_watch_checks
This option is deprecated, and mapped to san_path_err_forget_rate
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.detect_checker
If set to "yes", multipath will try to detect if the device supports SCSI-3 ALUA. If so, the device will automatically use the tur checker. If set to "no", the checker will be selected as usual.
Type: null or one of "yes", "no"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.detect_prio
If set to "yes", multipath will try to detect if the device supports SCSI-3 ALUA. If so, the device will automatically use the sysfs prioritizer if the required sysf attributes access_state and preferred_path are supported, or the alua prioritizer if not. If set to "no", the prioritizer will be selected as usual.
Type: null or one of "yes", "no"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.dev_loss_tmo
Specify the number of seconds the SCSI layer will wait after a problem has been detected on a FC remote port before removing it from the system. This can be set to "infinity" which sets it to the max value of 2147483647 seconds, or 68 years. It will be automatically adjusted to the overall retry interval no_path_retry * polling_interval if a number of retries is given with no_path_retry and the overall retry interval is longer than the specified dev_loss_tmo value. The Linux kernel will cap this value to 600 if fast_io_fail_tmo is not set.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.failback
Tell multipathd how to manage path group failback. Quote integers as strings
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.fast_io_fail_tmo
Specify the number of seconds the SCSI layer will wait after a problem has been detected on a FC remote port before failing I/O to devices on that remote port. This should be smaller than dev_loss_tmo. Setting this to "off" will disable the timeout. Quote integers as strings.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.features
Specify any device-mapper features to be used
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.flush_on_last_del
If set to "yes" multipathd will disable queueing when the last path to a device has been deleted.
Type: null or one of "yes", "no"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.getuid_callout
(Superseded by uid_attribute) The default program and args to callout to obtain a unique path identifier. Should be specified with an absolute path.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.ghost_delay
Sets the number of seconds that multipath will wait after creating a device with only ghost paths before marking it ready for use in systemd
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.hardware_handler
The hardware handler to use for this device type
Type: null or one of "emc", "rdac", "hp_sw", "alua", "ana"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.marginal_path_double_failed_time
One of the four parameters of supporting path check based on accounting IO error such as intermittent error
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.marginal_path_err_rate_threshold
The error rate threshold as a permillage (1/1000)
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.marginal_path_err_recheck_gap_time
One of the four parameters of supporting path check based on accounting IO error such as intermittent error
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.marginal_path_err_sample_time
One of the four parameters of supporting path check based on accounting IO error such as intermittent error
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.max_sectors_kb
Sets the max_sectors_kb device parameter on all path devices and the multipath device to the specified value
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.no_path_retry
Specify what to do when all paths are down. Quote integers as strings
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.path_checker
The default method used to determine the paths state
Type: one of "readsector0", "tur", "emc_clariion", "hp_sw", "rdac", "directio", "cciss_tur", "none"
Default: "tur"
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.path_grouping_policy
The default path grouping policy to apply to unspecified multipaths
Type: null or one of "failover", "multibus", "group_by_serial", "group_by_prio", "group_by_node_name"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.path_selector
The default path selector algorithm to use; they are offered by the kernel multipath target
Type: null or one of ""round-robin 0"", ""queue-length 0"", ""service-time 0"", ""historical-service-time 0""
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.prio
The name of the path priority routine
Type: null or one of "none", "const", "sysfs", "emc", "alua", "ontap", "rdac", "hp_sw", "hds", "random", "weightedpath", "path_latency", "ana", "datacore", "iet"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.prio_args
Arguments to pass to to the prio function
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.product
Regular expression to match the product name
Type: string
Example: "Compellent Vol"
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.product_blacklist
Products with the given vendor matching this string are blacklisted
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.retain_attached_hw_handler
(Obsolete for kernels >= 4.3) If set to "yes" and the SCSI layer has already attached a hardware_handler to the device, multipath will not force the device to use the hardware_handler specified by mutipath.conf. If the SCSI layer has not attached a hardware handler, multipath will continue to use its configured hardware handler.
Important Note: Linux kernel 4.3 or newer always behaves as if "retain_attached_hw_handler yes" was set.
Type: null or one of "yes", "no"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.revision
Regular expression to match the product revision
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.rr_min_io
Number of I/O requests to route to a path before switching to the next in the same path group. This is only for Block I/O (BIO) based multipath and only apply to round-robin path_selector.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.rr_min_io_rq
Number of I/O requests to route to a path before switching to the next in the same path group. This is only for Request based multipath and only apply to round-robin path_selector.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.rr_weight
If set to priorities the multipath configurator will assign path weights as "path prio * rr_min_io".
Type: null or one of "priorities", "uniform"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.san_path_err_forget_rate
If set to a value greater than 0, multipathd will check whether the path failures has exceeded the san_path_err_threshold within this many checks i.e san_path_err_forget_rate. If so we will not reinstante the path till san_path_err_recovery_time.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.san_path_err_recovery_time
If set to a value greater than 0, multipathd will make sure that when path failures has exceeded the san_path_err_threshold within san_path_err_forget_rate then the path will be placed in failed state for san_path_err_recovery_time duration. Once san_path_err_recovery_time has timeout we will reinstante the failed path. san_path_err_recovery_time value should be in secs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.san_path_err_threshold
If set to a value greater than 0, multipathd will watch paths and check how many times a path has been failed due to errors.If the number of failures on a particular path is greater then the san_path_err_threshold, then the path will not reinstate till san_path_err_recovery_time. These path failures should occur within a san_path_err_forget_rate checks, if not we will consider the path is good enough to reinstantate.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.skip_kpartx
If set to yes, kpartx will not automatically create partitions on the device
Type: null or one of "yes", "no"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.uid_attribute
The udev attribute providing a unique path identifier (WWID)
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.user_friendly_names
If set to "yes", using the bindings file /etc/multipath/bindings to assign a persistent and unique alias to the multipath, in the form of mpath. If set to "no" use the WWID as the alias. In either case this be will be overridden by any specific aliases in the multipaths section.
Type: null or one of "yes", "no"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.vendor
Regular expression to match the vendor name
Type: string
Example: "COMPELNT"
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.devices.*.vpd_vendor
The vendor specific vpd page information, using the vpd page abbreviation
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.extraConfig
Lines to append to default multipath.conf
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.extraConfigFile
Append an additional file's contents to /etc/multipath.conf
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.overrides
This section defines values for attributes that should override the device-specific settings for all devices.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.pathGroups
This option allows you to define multipath groups as described in http://christophe.varoqui.free.fr/usage.html.
Type: list of submodules
Example:
[ { wwid = "360080e500043b35c0123456789abcdef"; alias = 10001234; array = "bigarray.example.com"; fsType = "zfs"; # optional options = "ro"; # optional }, ... ]Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.pathGroups.*.alias
The name of the multipath device
Type: signed integer
Example: 1001234
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.pathGroups.*.array
The DNS name of the storage array
Type: string
Default: null
Example: "bigarray.example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.pathGroups.*.fsType
Type of the filesystem
Type: null or string
Default: null
Example: "zfs"
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.pathGroups.*.options
Options used to mount the file system
Type: null or string
Default: null
Example: "ro"
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.multipath.pathGroups.*.wwid
The identifier for the multipath device
Type: string (with check: hexadecimal string)
Example: "360080e500043b35c0123456789abcdef"
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
- services.munge.enable
Whether to enable munge service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/munge.nix>
- services.munge.password
The path to a daemon's secret key.
Type: path
Default: "/etc/munge/munge.key"
Declared by:
<nixpkgs/nixos/modules/services/security/munge.nix>
- services.munin-cron.enable
Enable munin-cron. Takes care of all heavy lifting to collect data from nodes and draws graphs to html. Runs munin-update, munin-limits, munin-graphs and munin-html in that order.
HTML output is in /var/www/munin/, configure your favourite webserver to serve static files.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
- services.munin-cron.extraCSS
Custom styling for the HTML that munin-cron generates. This will be appended to the CSS files used by munin-cron and will thus take precedence over the builtin styles.
Type: strings concatenated with "\n"
Default: ""
Example:
'' /* A simple dark theme. */ html, body { background: #222222; } #header, #footer { background: #333333; } img.i, img.iwarn, img.icrit, img.iunkn { filter: invert(100%) hue-rotate(-30deg); } ''Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
- services.munin-cron.extraGlobalConfig
munin.conf extra global configuration. See http://guide.munin-monitoring.org/en/latest/reference/munin.conf.html. Useful to setup notifications, see http://guide.munin-monitoring.org/en/latest/tutorial/alert.html
Type: strings concatenated with "\n"
Default: ""
Example:
'' contact.email.command mail -s "Munin notification for ''${var:host}" someone@example.com ''Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
- services.munin-cron.hosts
Definitions of hosts of nodes to collect data from. Needs at least one host for cron to succeed. See http://guide.munin-monitoring.org/en/latest/reference/munin.conf.html
Type: strings concatenated with "\n"
Default: ""
Example:
'' [${config.networking.hostName}] address localhost ''Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
- services.munin-node.enable
Enable Munin Node agent. Munin node listens on 0.0.0.0 and by default accepts connections only from 127.0.0.1 for security reasons.
See http://guide.munin-monitoring.org/en/latest/architecture/index.html.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
- services.munin-node.disabledPlugins
Munin plugins to disable, even if munin-node-configure --suggest tries to enable them. To disable a wildcard plugin, use an actual wildcard, as in the example.
munin_stats is disabled by default as it tries to read /var/log/munin/munin-update.log for timing information, and the NixOS build of Munin does not write this file.
Type: list of strings
Default: [ "munin_stats" ]
Example: [ "diskstats" "zfs_usage_*" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
- services.munin-node.extraAutoPlugins
Additional Munin plugins to autoconfigure, using munin-node-configure --suggest. These should be the actual paths to the plugin files (or directories containing them), not just their names.
If you want to manually enable individual plugins instead, use services.munin-node.extraPlugins.
Note that only plugins that have the 'autoconfig' capability will do anything if listed here, since plugins that cannot autoconfigure won't be automatically enabled by munin-node-configure.
Plugins will be copied into the Nix store, and it will attempt to modify them to run properly by fixing hardcoded references to /bin, /usr/bin, /sbin, and /usr/sbin.
Type: list of paths
Default: [ ]
Example:
[ /src/munin-contrib/plugins/zfs /src/munin-contrib/plugins/ssh ];
Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
- services.munin-node.extraConfig
munin-node.conf extra configuration. See http://guide.munin-monitoring.org/en/latest/reference/munin-node.conf.html
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
- services.munin-node.extraPluginConfig
plugin-conf.d extra plugin configuration. See http://guide.munin-monitoring.org/en/latest/plugin/use.html
Type: strings concatenated with "\n"
Default: ""
Example:
'' [fail2ban_*] user root ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
- services.munin-node.extraPlugins
Additional Munin plugins to activate. Keys are the name of the plugin symlink, values are the path to the underlying plugin script. You can use the same plugin script multiple times (e.g. for wildcard plugins).
Note that these plugins do not participate in autoconfiguration. If you want to autoconfigure additional plugins, use services.munin-node.extraAutoPlugins.
Plugins enabled in this manner take precedence over autoconfigured plugins.
Plugins will be copied into the Nix store, and it will attempt to modify them to run properly by fixing hardcoded references to /bin, /usr/bin, /sbin, and /usr/sbin.
Type: attribute set of paths
Default: { }
Example:
{ zfs_usage_bigpool = /src/munin-contrib/plugins/zfs/zfs_usage_; zfs_usage_smallpool = /src/munin-contrib/plugins/zfs/zfs_usage_; zfs_list = /src/munin-contrib/plugins/zfs/zfs_list; };Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
- services.murmur.enable
If enabled, start the Murmur Mumble server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.package
Overridable attribute of the murmur package to use.
Type: package
Default: pkgs.murmur
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.allowHtml
Allow HTML in client messages, comments, and channel descriptions.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.autobanAttempts
Number of attempts a client is allowed to make in autobanTimeframe seconds, before being banned for autobanTime.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.autobanTime
The amount of time an IP ban lasts (in seconds).
Type: signed integer
Default: 300
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.autobanTimeframe
Timeframe in which a client can connect without being banned for repeated attempts (in seconds).
Type: signed integer
Default: 120
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.bandwidth
Maximum bandwidth (in bits per second) that clients may send speech at.
Type: signed integer
Default: 72000
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.bonjour
Enable Bonjour auto-discovery, which allows clients over your LAN to automatically discover Murmur servers.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.clientCertRequired
Require clients to authenticate via certificates.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.environmentFile
Environment file as defined in systemd.exec(5).
Secrets may be passed to the service without adding them to the world-readable Nix store, by specifying placeholder variables as the option value in Nix and setting these variables accordingly in the environment file.
# snippet of murmur-related config services.murmur.password = "$MURMURD_PASSWORD";
# content of the environment file MURMURD_PASSWORD=verysecretpassword
Note that this file needs to be available on the host on which murmur is running.
Type: null or path
Default: null
Example: "/var/lib/murmur/murmurd.env"
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.extraConfig
Extra configuration to put into murmur.ini.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.hostName
Host to bind to. Defaults binding on all addresses.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.imgMsgLength
Max length of image messages. Set 0 for no limit.
Type: signed integer
Default: 131072
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.logDays
How long to store RPC logs for in the database. Set 0 to keep logs forever, or -1 to disable DB logging.
Type: signed integer
Default: 31
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.logFile
Path to the log file for Murmur daemon. Empty means log to journald.
Type: null or path
Default: null
Example: "/var/log/murmur/murmurd.log"
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.password
Required password to join server, if specified.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.port
Ports to bind to (UDP and TCP).
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 64738
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.registerHostname
DNS hostname where your server can be reached. This is only needed if you want your server to be accessed by its hostname and not IP - but the name *must* resolve on the internet properly.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.registerName
Public server registration name, and also the name of the Root channel. Even if you don't publicly register your server, you probably still want to set this.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.registerPassword
Public server registry password, used authenticate your server to the registry to prevent impersonation; required for subsequent registry updates.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.registerUrl
URL website for your server.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.sendVersion
Send Murmur version in UDP response.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.sslCa
Path to your SSL CA certificate.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.sslCert
Path to your SSL certificate.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.sslKey
Path to your SSL key.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.textMsgLength
Max length of text messages. Set 0 for no limit.
Type: signed integer
Default: 5000
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.users
Maximum number of concurrent clients allowed.
Type: signed integer
Default: 100
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.murmur.welcometext
Welcome message for connected clients.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
- services.mwlib.nserve.enable
Whether to enable nserve. Nserve is a HTTP server. The Collection extension is talking to that program directly. Nserve uses at least one qserve instance in order to distribute and manage jobs.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
- services.mwlib.nserve.address
Specify network interface to listen on.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
- services.mwlib.nserve.port
Specify port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8899
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
- services.mwlib.nserve.qserve
Register qserve instance.
Type: list of strings
Default: [ "127.0.0.1:14311" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
- services.mwlib.nserve.user
User to run as.
Type: string
Default: "nobody"
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
- services.mwlib.nslave.enable
Pulls new jobs from exactly one qserve instance and calls the zip and render programs in order to download article collections and convert them to different output formats. Nslave uses a cache directory to store the generated documents. Nslave also starts an internal http server serving the content of the cache directory.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
- services.mwlib.nslave.cachedir
Directory to store generated documents.
Type: path
Default: "/var/cache/mwlib-nslave"
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
- services.mwlib.nslave.http
Internal http server serving the content of the cache directory. You have to enable it, or use your own way for serving files and set the http.url option accordingly.
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
- services.mwlib.nslave.http.enable
Enable internal http server.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
- services.mwlib.nslave.http.address
Specify network interface to listen on.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
- services.mwlib.nslave.http.port
Port to listen to when serving files from cache.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8898
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
- services.mwlib.nslave.http.url
Specify URL for accessing generated files from cache. The Collection extension of Mediawiki won't be able to download files without it.
Type: string
Default: "http://localhost:8898/cache"
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
- services.mwlib.nslave.numprocs
Number of parallel jobs to be executed.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
- services.mwlib.nslave.user
User to run as.
Type: string
Default: "nobody"
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
- services.mwlib.qserve.enable
A job queue server used to distribute and manage jobs. You should start one qserve instance for each machine that is supposed to render pdf files. Unless you’re operating the Wikipedia installation, one machine should suffice.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
- services.mwlib.qserve.address
Specify network interface to listen on.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
- services.mwlib.qserve.allow
List of allowed client IPs. Empty means any.
Type: list of strings
Default: [ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
- services.mwlib.qserve.datadir
qserve data directory (FIXME: unused?)
Type: path
Default: "/var/lib/mwlib-qserve"
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
- services.mwlib.qserve.port
Specify port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 14311
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
- services.mwlib.qserve.user
User to run as.
Type: string
Default: "nobody"
Declared by:
<nixpkgs/nixos/modules/services/misc/mwlib.nix>
- services.mx-puppet-discord.enable
Whether to enable mx-puppet-discord is a discord puppeting bridge for matrix. It handles bridging private and group DMs, as well as Guilds (servers) .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/mx-puppet-discord.nix>
- services.mx-puppet-discord.serviceDependencies
List of Systemd services to require and wait for when starting the application service.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/mx-puppet-discord.nix>
- services.mx-puppet-discord.settings
config.yaml configuration as a Nix attribute set. Configuration options should match those described in sample.config.yaml.
Type: JSON value
Default: { bridge = { port = 8434; } ; database = { filename = "/var/lib/mx-puppet-discord/database.db"; } ; logging = { console = "info"; lineDateFormat = "MMM-D HH:mm:ss.SSS"; } ; namePatterns = { group = ":name"; room = ":name"; user = ":name"; userOverride = ":displayname"; } ; presence = { enabled = true; interval = 500; } ; provisioning = { whitelist = [ ] ; } ; relay = { whitelist = [ ] ; } ; }
Example:
{ bridge = { bindAddress = "localhost"; domain = "example.com"; homeserverUrl = "https://example.com"; }; provisioning.whitelist = [ "@admin:example.com" ]; relay.whitelist = [ "@.*:example.com" ]; }Declared by:
<nixpkgs/nixos/modules/services/misc/mx-puppet-discord.nix>
- services.mxisd.enable
Whether to enable matrix federated identity server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/mxisd.nix>
- services.mxisd.package
The mxisd/ma1sd package to use
Type: package
Default: pkgs.ma1sd
Declared by:
<nixpkgs/nixos/modules/services/networking/mxisd.nix>
- services.mxisd.dataDir
Where data mxisd/ma1sd uses resides
Type: string
Default: "/var/lib/mxisd"
Declared by:
<nixpkgs/nixos/modules/services/networking/mxisd.nix>
- services.mxisd.extraConfig
Extra options merged into the mxisd/ma1sd configuration
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/mxisd.nix>
- services.mxisd.matrix.domain
the domain of the matrix homeserver
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/mxisd.nix>
- services.mxisd.server.name
Public hostname of mxisd/ma1sd, if different from the Matrix domain.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/mxisd.nix>
- services.mxisd.server.port
HTTP port to listen on (unencrypted)
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/mxisd.nix>
- services.mysql.enable
Whether to enable MySQL server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysql.package
Which MySQL derivation to use. MariaDB packages are supported too.
Type: package
Example: pkgs.mariadb
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysql.bind
Address to bind to. The default is to bind to all addresses.
Type: null or string
Default: null
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysql.configFile
Override the configuration file used by MySQL. By default, NixOS generates one automatically from services.mysql.settings.
Type: path
Default: settingsFile
Example:
pkgs.writeText "my.cnf" '' [mysqld] datadir = /var/lib/mysql bind-address = 127.0.0.1 port = 3336 !includedir /etc/mysql/conf.d/ '';
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysql.dataDir
Location where MySQL stores its table files.
Type: path
Example: "/var/lib/mysql"
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysql.ensureDatabases
Ensures that the specified databases exist. This option will never delete existing databases, especially not when the value of this option is changed. This means that databases created once through this option or otherwise have to be removed manually.
Type: list of strings
Default: [ ]
Example: [ "nextcloud" "matomo" ]
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysql.ensureUsers
Ensures that the specified users exist and have at least the ensured permissions. The MySQL users will be identified using Unix socket authentication. This authenticates the Unix user with the same name only, and that without the need for a password. This option will never delete existing users or remove permissions, especially not when the value of this option is changed. This means that users created and permissions assigned once through this option or otherwise have to be removed manually.
Type: list of submodules
Default: [ ]
Example:
[ { name = "nextcloud"; ensurePermissions = { "nextcloud.*" = "ALL PRIVILEGES"; }; } { name = "backup"; ensurePermissions = { "*.*" = "SELECT, LOCK TABLES"; }; } ]Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysql.ensureUsers.*.ensurePermissions
Permissions to ensure for the user, specified as attribute set. The attribute names specify the database and tables to grant the permissions for, separated by a dot. You may use wildcards here. The attribute values specfiy the permissions to grant. You may specify one or multiple comma-separated SQL privileges here.
For more information on how to specify the target and on which privileges exist, see the GRANT syntax. The attributes are used as GRANT ${attrName} ON ${attrValue}.
Type: attribute set of strings
Default: { }
Example:
{ "database.*" = "ALL PRIVILEGES"; "*.*" = "SELECT, LOCK TABLES"; }Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysql.ensureUsers.*.name
Name of the user to ensure.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysql.extraOptions
Provide extra options to the MySQL configuration file.
Please note, that these options are added to the [mysqld] section so you don't need to explicitly state it again.
Type: null or strings concatenated with "\n"
Default: null
Example:
'' key_buffer_size = 6G table_cache = 1600 log-error = /var/log/mysql_err.log ''
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysql.group
Group under which MySQL runs.
Type: string
Default: "mysql"
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysql.initialDatabases
List of database names and their initial schemas that should be used to create databases on the first startup of MySQL. The schema attribute is optional: If not specified, an empty database is created.
Type: list of submodules
Default: [ ]
Example: [ { name = "foodatabase"; schema = ./foodatabase.sql; } { name = "bardatabase"; } ]
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysql.initialDatabases.*.name
The name of the database to create.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysql.initialDatabases.*.schema
The initial schema of the database; if null (the default), an empty database is created.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysql.initialScript
A file containing SQL statements to be executed on the first startup. Can be used for granting certain permissions on the database.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysql.port
Port of MySQL.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3306
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysql.replication.masterHost
Hostname of the MySQL master server.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysql.replication.masterPassword
Password of the MySQL replication user.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysql.replication.masterPort
Port number on which the MySQL master server runs.
Type: signed integer
Default: 3306
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysql.replication.masterUser
Username of the MySQL replication user.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysql.replication.role
Role of the MySQL server instance.
Type: one of "master", "slave", "none"
Default: "none"
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysql.replication.serverId
Id of the MySQL server instance. This number must be unique for each instance.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysql.replication.slaveHost
Hostname of the MySQL slave server.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysql.settings
MySQL configuration. Refer to https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html, https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html, and https://mariadb.com/kb/en/server-system-variables/ for details on supported values.
Note
MySQL configuration options such as --quick should be treated as boolean options and provided values such as true, false, 1, or 0. See the provided example below.Type: attribute set of attribute set of boolean or signed integer or string or list of stringsss
Default: { }
Example:
{ mysqld = { key_buffer_size = "6G"; table_cache = 1600; log-error = "/var/log/mysql_err.log"; plugin-load-add = [ "server_audit" "ed25519=auth_ed25519" ]; }; mysqldump = { quick = true; max_allowed_packet = "16M"; }; }Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysql.user
User account under which MySQL runs.
Type: string
Default: "mysql"
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
- services.mysqlBackup.enable
Whether to enable MySQL backups.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
- services.mysqlBackup.calendar
Configured when to run the backup service systemd unit (DayOfWeek Year-Month-Day Hour:Minute:Second).
Type: string
Default: "01:15:00"
Declared by:
<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
- services.mysqlBackup.databases
List of database names to dump.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
- services.mysqlBackup.location
Location to put the gzipped MySQL database dumps.
Type: path
Default: "/var/backup/mysql"
Declared by:
<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
- services.mysqlBackup.singleTransaction
Whether to create database dump in a single transaction
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
- services.mysqlBackup.user
User to be used to perform backup.
Type: string
Default: "mysqlbackup"
Declared by:
<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
- services.n8n.enable
Whether to enable n8n server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/n8n.nix>
- services.n8n.openFirewall
Open ports in the firewall for the n8n web interface.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/n8n.nix>
- services.n8n.settings
Configuration for n8n, see https://docs.n8n.io/reference/configuration.html for supported values.
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/n8n.nix>
- services.nagios.enable
Whether to enable Nagios to monitor your system or network..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.enableWebInterface
Whether to enable the Nagios web interface. You should also enable Apache (services.httpd.enable).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.cgiConfigFile
Derivation for the configuration file of Nagios CGI scripts that can be used in web servers for running the Nagios web interface.
Type: package
Default: nagiosCGICfgFile
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.extraConfig
Configuration to add to /etc/nagios.cfg
Type: attribute set of strings
Default: { }
Example: { debug_file = "/var/log/nagios/debug.log"; debug_level = "-1"; }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.mainConfigFile
If non-null, overrides the main configuration file of Nagios.
Type: null or package
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.objectDefs
A list of Nagios object configuration files that must define the hosts, host groups, services and contacts for the network that you want Nagios to monitor.
Type: list of paths
Example: [ ./objects.cfg ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.plugins
Packages to be added to the Nagios PATH. Typically used to add plugins, but can be anything.
Type: list of packages
Default: [pkgs.monitoring-plugins pkgs.ssmtp pkgs.mailutils]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.validateConfig
if true, the syntax of the nagios configuration file is checked at build time
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost
Apache configuration can be done by adapting services.httpd.virtualHosts. See services.httpd.virtualHosts for further information.
Type: submodule
Example:
{ hostName = "example.org"; adminAddr = "webmaster@example.org"; enableSSL = true; sslServerCert = "/var/lib/acme/example.org/full.pem"; sslServerKey = "/var/lib/acme/example.org/key.pem"; }Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.enableACME
Whether to ask Let's Encrypt to sign a certificate for this vhost. Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.enableUserDir
Whether to enable serving ~/public_html as /~username.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.acmeRoot
Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
Type: string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.addSSL
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.adminAddr
E-mail address of the server administrator.
Type: null or string
Default: null
Example: "admin@example.org"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.documentRoot
The path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.extraConfig
These lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default.
Type: strings concatenated with "\n"
Default: ""
Example:
'' <Directory /home> Options FollowSymlinks AllowOverride All </Directory> ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.forceSSL
Whether to add a separate nginx server block that permanently redirects (301) all plain HTTP traffic to HTTPS. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.globalRedirect
If set, all requests for this host are redirected permanently to the given URL.
Type: null or string
Default: null
Example: "http://newserver.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.hostName
Canonical hostname for the server.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.http2
Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. However, if you use the prefork mpm, there will be severe restrictions. Refer to https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config for details.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.listen
Listen addresses and ports for this virtual host.
Note
This option overrides addSSL, forceSSL and onlySSL.If you only want to set the addresses manually and not the ports, take a look at listenAddresses.
Type: list of submodules
Default: [ ]
Example: [ { ip = "195.154.1.1"; port = 443; ssl = true; } { ip = "192.154.1.1"; port = 80; } { ip = "*"; port = 8080; } ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.listen.*.ip
IP to listen on. 0.0.0.0 for IPv4 only, * for all.
Type: string
Default: "*"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.listen.*.port
Port to listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.listen.*.ssl
Whether to enable SSL (https) support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.listenAddresses
Listen addresses for this virtual host. Compared to listen this only sets the addreses and the ports are chosen automatically.
Type: non-empty list of strings
Default: [ "*" ]
Example: [ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.locations
Declarative location config. See https://httpd.apache.org/docs/2.4/mod/core.html#location for details.
Type: attribute set of submodules
Default: { }
Example:
{ "/" = { proxyPass = "http://localhost:3000"; }; "/foo/bar.png" = { alias = "/home/eelco/some-file.png"; }; };Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.locations.<name>.alias
Alias directory for requests. See https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.locations.<name>.extraConfig
These lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.locations.<name>.index
Adds DirectoryIndex directive. See https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.locations.<name>.priority
Order of this location block in relation to the others in the vhost. The semantics are the same as with `lib.mkOrder`. Smaller values have a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.locations.<name>.proxyPass
Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.logFormat
Log format for Apache's log files. Possible values are: combined, common, referer, agent.
Type: string
Default: "common"
Example: "combined"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.onlySSL
Whether to enable HTTPS and reject plain HTTP connections. This will set defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.robotsEntries
Specification of pages to be ignored by web crawlers. See http://www.robotstxt.org/ for details.
Type: strings concatenated with "\n"
Default: ""
Example: "Disallow: /foo/"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.servedDirs
This option provides a simple way to serve static directories.
Type: list of attribute sets
Default: [ ]
Example: [ { dir = "/home/eelco/Dev/nix-homepage"; urlPath = "/nix"; } ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.servedFiles
This option provides a simple way to serve individual, static files.
Note
This option has been deprecated and will be removed in a future version of NixOS. You can achieve the same result by making use of the locations.<name>.alias option.Type: list of attribute sets
Default: [ ]
Example: [ { file = "/home/eelco/some-file.png"; urlPath = "/foo/bar.png"; } ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of strings
Default: [ ]
Example: [ "www.example.org" "www.example.org:8080" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.sslServerCert
Path to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.sslServerChain
Path to server SSL chain file.
Type: null or path
Default: null
Example: "/var/ca.pem"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.sslServerKey
Path to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.nagios.virtualHost.useACMEHost
A host of an existing Let's Encrypt certificate to use. This is useful if you have many subdomains and want to avoid hitting the rate limit. Alternately, you can generate a certificate through enableACME. Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
- services.namecoind.enable
Whether to enable namecoind, Namecoin client.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
- services.namecoind.extraNodes
List of additional peer IP addresses to connect to.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
- services.namecoind.generate
Whether to generate (mine) Namecoins.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
- services.namecoind.rpc.address
IP address the RPC server will bind to.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
- services.namecoind.rpc.allowFrom
List of IP address ranges allowed to use the RPC API. Wiledcards (*) can be user to specify a range.
Type: list of strings
Default: [ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
- services.namecoind.rpc.certificate
Certificate file for securing RPC connections.
Type: null or path
Default: null
Example: "/var/lib/namecoind/server.cert"
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
- services.namecoind.rpc.key
Key file for securing RPC connections.
Type: null or path
Default: null
Example: "/var/lib/namecoind/server.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
- services.namecoind.rpc.password
Password for RPC connections.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
- services.namecoind.rpc.port
Port the RPC server will bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8332
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
- services.namecoind.rpc.user
User name for RPC connections.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
- services.namecoind.trustedNodes
List of the only peer IP addresses to connect to. If specified no other connection will be made.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
- services.namecoind.wallet
Wallet file. The ownership of the file has to be namecoin:namecoin, and the permissions must be 0640.
Type: path
Default: "/var/lib/namecoind/wallet.dat"
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
- services.nar-serve.enable
Whether to enable Serve NAR file contents via HTTP.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nar-serve.nix>
- services.nar-serve.cacheURL
Binary cache URL to connect to.
The URL format is compatible with the nix remote url style, such as: - http://, https:// for binary caches via HTTP or HTTPS - s3:// for binary caches stored in Amazon S3 - gs:// for binary caches stored in Google Cloud Storage
Type: string
Default: "https://cache.nixos.org/"
Declared by:
<nixpkgs/nixos/modules/services/networking/nar-serve.nix>
- services.nar-serve.port
Port number where nar-serve will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8383
Declared by:
<nixpkgs/nixos/modules/services/networking/nar-serve.nix>
- services.nats.enable
Whether to enable NATS messaging system.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nats.nix>
- services.nats.dataDir
The NATS data directory. Only used if JetStream is enabled, for storing stream metadata and messages.
If left as the default value this directory will automatically be created before the NATS server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: path
Default: "/var/lib/nats"
Declared by:
<nixpkgs/nixos/modules/services/networking/nats.nix>
- services.nats.group
Group under which NATS runs.
Type: string
Default: "nats"
Declared by:
<nixpkgs/nixos/modules/services/networking/nats.nix>
- services.nats.jetstream
Whether to enable JetStream.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nats.nix>
- services.nats.port
Port on which to listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 4222
Declared by:
<nixpkgs/nixos/modules/services/networking/nats.nix>
- services.nats.serverName
Name of the NATS server, must be unique if clustered.
Type: string
Default: "nats"
Example: "n1-c3"
Declared by:
<nixpkgs/nixos/modules/services/networking/nats.nix>
- services.nats.settings
Declarative NATS configuration. See the NATS documentation for a list of options.
Type: JSON value
Default: { }
Example:
{ jetstream = { max_mem = "1G"; max_file = "10G"; }; };Declared by:
<nixpkgs/nixos/modules/services/networking/nats.nix>
- services.nats.user
User account under which NATS runs.
Type: string
Default: "nats"
Declared by:
<nixpkgs/nixos/modules/services/networking/nats.nix>
- services.navidrome.enable
Whether to enable Navidrome Music Server and Streamer compatible with Subsonic/Airsonic.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/navidrome.nix>
- services.navidrome.settings
Configuration for Navidrome, see https://www.navidrome.org/docs/usage/configuration-options/ for supported values.
Type: JSON value
Default: { Address = "127.0.0.1"; Port = 4533; }
Example: { MusicFolder = "/mnt/music"; }
Declared by:
<nixpkgs/nixos/modules/services/audio/navidrome.nix>
- services.ncdns.enable
Whether to enable ncdns, a Go daemon to bridge Namecoin to DNS. To resolve .bit domains set services.namecoind.enable = true; and an RPC username/password .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
- services.ncdns.address
The IP address the ncdns resolver will bind to. Leave this unchanged if you do not wish to directly expose the resolver.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
- services.ncdns.dnssec.enable
Whether to enable DNSSEC support in ncdns. This will generate KSK and ZSK keypairs (unless provided via the options services.ncdns.dnssec.publicKey, services.ncdns.dnssec.privateKey etc.) and add a trust anchor to recursive resolvers .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
- services.ncdns.dnssec.keys.private
Path to the file containing the KSK private key.
Type: path
Default: "/var/lib/ncdns/bit.private"
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
- services.ncdns.dnssec.keys.public
Path to the file containing the KSK public key. The key can be generated using the dnssec-keygen command, provided by the package bind as follows:
$ dnssec-keygen -a RSASHA256 -3 -b 2048 -f KSK bit
Type: path
Default: "/var/lib/ncdns/bit.key"
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
- services.ncdns.dnssec.keys.zonePrivate
Path to the file containing the ZSK private key.
Type: path
Default: "/var/lib/ncdns/bit-zone.private"
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
- services.ncdns.dnssec.keys.zonePublic
Path to the file containing the ZSK public key. The key can be generated using the dnssec-keygen command, provided by the package bind as follows:
$ dnssec-keygen -a RSASHA256 -3 -b 2048 bit
Type: path
Default: "/var/lib/ncdns/bit-zone.key"
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
- services.ncdns.identity.address
The IP address the hostname specified in services.ncdns.identity.hostname should resolve to. If you are only using ncdns locally you can ignore this.
Type: string
Default: "127.127.127.127"
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
- services.ncdns.identity.hostmaster
An email address for the SOA record at the bit zone. If you are only using ncdns locally you can ignore this.
Type: string
Default: ""
Example: "root@example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
- services.ncdns.identity.hostname
The hostname of this ncdns instance, which defaults to the machine hostname. If specified, ncdns lists the hostname as an NS record at the zone apex:
bit. IN NS ns1.example.com.
If unset ncdns will generate an internal psuedo-hostname under the zone, which will resolve to the value of services.ncdns.identity.address. If you are only using ncdns locally you can ignore this.
Type: string
Default: "nixos"
Example: "example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
- services.ncdns.port
The port the ncdns resolver will bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5333
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
- services.ncdns.settings
ncdns settings. Use this option to configure ncds settings not exposed in a NixOS option or to bypass one. See the example ncdns.conf file at https://git.io/JfX7g for the available options.
Type: ncdns.conf configuration type. The format consists of an attribute set of settings. Each setting can be either `null`, a value or an attribute set. The allowed values are integers, strings, booleans or paths.
Default: { }
Example:
{ # enable webserver ncdns.httplistenaddr = ":8202"; # synchronize TLS certs certstore.nss = true; # note: all paths are relative to the config file certstore.nsscertdir = "../../var/lib/ncdns"; certstore.nssdbdir = "../../home/alice/.pki/nssdb"; }Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
- services.ndppd.enable
Whether to enable daemon that proxies NDP (Neighbor Discovery Protocol) messages between interfaces.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
- services.ndppd.configFile
Path to configuration file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
- services.ndppd.interface
Interface which is on link-level with router. (Legacy option, use services.ndppd.proxies.<interface>.rules.<network> instead)
Type: null or string
Default: null
Example: "eth0"
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
- services.ndppd.network
Network that we proxy. (Legacy option, use services.ndppd.proxies.<interface>.rules.<network> instead)
Type: null or string
Default: null
Example: "1111::/64"
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
- services.ndppd.proxies
This sets up a listener, that will listen for any Neighbor Solicitation messages, and respond to them according to a set of rules.
Type: attribute set of submodules
Default: { }
Example:
{ eth0.rules."1111::/64" = {}; }Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
- services.ndppd.proxies.<name>.interface
Listen for any Neighbor Solicitation messages on this interface, and respond to them according to a set of rules. Defaults to the name of the attrset.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
- services.ndppd.proxies.<name>.router
Turns on or off the router flag for Neighbor Advertisement Messages.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
- services.ndppd.proxies.<name>.rules
This is a rule that the target address is to match against. If no netmask is provided, /128 is assumed. You may have several rule sections, and the addresses may or may not overlap.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
- services.ndppd.proxies.<name>.rules.<name>.interface
Interface to use when method is iface.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
- services.ndppd.proxies.<name>.rules.<name>.method
static: Immediately answer any Neighbor Solicitation Messages (if they match the IP rule). iface: Forward the Neighbor Solicitation Message through the specified interface and only respond if a matching Neighbor Advertisement Message is received. auto: Same as iface, but instead of manually specifying the outgoing interface, check for a matching route in /proc/net/ipv6_route.
Type: one of "static", "iface", "auto"
Default: "auto"
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
- services.ndppd.proxies.<name>.rules.<name>.network
This is the target address is to match against. If no netmask is provided, /128 is assumed. The addresses of serveral rules may or may not overlap. Defaults to the name of the attrset.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
- services.ndppd.proxies.<name>.timeout
Controls how long to wait for a Neighbor Advertisment Message before invalidating the entry, in milliseconds.
Type: signed integer
Default: 500
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
- services.ndppd.proxies.<name>.ttl
Controls how long a valid or invalid entry remains in the cache, in milliseconds.
Type: signed integer
Default: 30000
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
- services.ndppd.routeTTL
This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route, in milliseconds.
Type: signed integer
Default: 30000
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
- services.neard.enable
Whether to enable neard, NFC daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/neard.nix>
- services.nebula.networks
Nebula network definitions.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
- services.nebula.networks.<name>.enable
Enable or disable this network.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
- services.nebula.networks.<name>.package
Nebula derivation to use.
Type: package
Default: pkgs.nebula
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
- services.nebula.networks.<name>.ca
Path to the certificate authority certificate.
Type: path
Example: "/etc/nebula/ca.crt"
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
- services.nebula.networks.<name>.cert
Path to the host certificate.
Type: path
Example: "/etc/nebula/host.crt"
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
- services.nebula.networks.<name>.firewall.inbound
Firewall rules for inbound traffic.
Type: list of attribute sets
Default: [ ]
Example: [ { host = "any"; port = "any"; proto = "any"; } ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
- services.nebula.networks.<name>.firewall.outbound
Firewall rules for outbound traffic.
Type: list of attribute sets
Default: [ ]
Example: [ { host = "any"; port = "any"; proto = "any"; } ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
- services.nebula.networks.<name>.isLighthouse
Whether this node is a lighthouse.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
- services.nebula.networks.<name>.key
Path to the host key.
Type: path
Example: "/etc/nebula/host.key"
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
- services.nebula.networks.<name>.lighthouses
List of IPs of lighthouse hosts this node should report to and query from. This should be empty on lighthouse nodes. The IPs should be the lighthouse's Nebula IPs, not their external IPs.
Type: list of strings
Default: [ ]
Example: [ "192.168.100.1" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
- services.nebula.networks.<name>.listen.host
IP address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
- services.nebula.networks.<name>.listen.port
Port number to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 4242
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
- services.nebula.networks.<name>.settings
Nebula configuration. Refer to https://github.com/slackhq/nebula/blob/master/examples/config.yml for details on supported values.
Type: YAML value
Default: { }
Example:
{ lighthouse.dns = { host = "0.0.0.0"; port = 53; }; }Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
- services.nebula.networks.<name>.staticHostMap
The static host map defines a set of hosts with fixed IP addresses on the internet (or any network). A host can have multiple fixed IP addresses defined here, and nebula will try each when establishing a tunnel.
Type: attribute set of list of stringss
Default: { }
Example: { 192.168.100.1 = [ "100.64.22.11:4242" ] ; }
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
- services.nebula.networks.<name>.tun.device
Name of the tun device. Defaults to nebula.${networkName}.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
- services.nebula.networks.<name>.tun.disable
When tun is disabled, a lighthouse can be started without a local tun interface (and therefore without root).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
- services.neo4j.enable
Whether to enable Neo4j Community Edition.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.package
Neo4j package to use.
Type: package
Default: pkgs.neo4j
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.allowUpgrade
Allow upgrade of Neo4j database files from an older version.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.bolt.enable
Enable the BOLT connector for Neo4j. Setting this option to false will stop Neo4j from listening for incoming connections on the BOLT port (7687 by default).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.bolt.listenAddress
Neo4j listen address for BOLT traffic. The listen address is expressed in the format <ip-address>:<port-number>.
Type: string
Default: ":7687"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.bolt.sslPolicy
Neo4j SSL policy for BOLT traffic.
The legacy policy is a special policy which is not defined in the policy configuration section, but rather derives from directories.certificates and associated files (by default: neo4j.key and neo4j.cert). Its use will be deprecated.
Note: This connector must be configured to support/require SSL/TLS for the legacy policy to actually be utilized. See bolt.tlsLevel.
Type: string
Default: "legacy"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.bolt.tlsLevel
SSL/TSL requirement level for BOLT traffic.
Type: one of "REQUIRED", "OPTIONAL", "DISABLED"
Default: "OPTIONAL"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.constrainLoadCsv
Sets the root directory for file URLs used with the Cypher LOAD CSV clause to be that defined by directories.imports. It restricts access to only those files within that directory and its subdirectories.
Setting this option to false introduces possible security problems.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.defaultListenAddress
Default network interface to listen for incoming connections. To listen for connections on all interfaces, use "0.0.0.0".
Specifies the default IP address and address part of connector specific listenAddress options. To bind specific connectors to a specific network interfaces, specify the entire listenAddress option for that connector.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.directories.certificates
Directory for storing certificates to be used by Neo4j for TLS connections.
When setting this directory to something other than its default, ensure the directory's existence, and that read/write permissions are given to the Neo4j daemon user neo4j.
Note that changing this directory from its default will prevent the directory structure required for each SSL policy from being automatically generated. A policy's directory structure as defined by its baseDirectory,revokedDir and trustedDir must then be setup manually. The existence of these directories is mandatory, as well as the presence of the certificate file and the private key. Ensure the correct permissions are set on these directories and files.
Type: path
Default: "/var/lib/neo4j/certificates"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.directories.data
Path of the data directory. You must not configure more than one Neo4j installation to use the same data directory.
When setting this directory to something other than its default, ensure the directory's existence, and that read/write permissions are given to the Neo4j daemon user neo4j.
Type: path
Default: "/var/lib/neo4j/data"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.directories.home
Path of the Neo4j home directory. Other default directories are subdirectories of this path. This directory will be created if non-existent, and its ownership will be chown to the Neo4j daemon user neo4j.
Type: path
Default: "/var/lib/neo4j"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.directories.imports
The root directory for file URLs used with the Cypher LOAD CSV clause. Only meaningful when constrainLoadCvs is set to true.
When setting this directory to something other than its default, ensure the directory's existence, and that read permission is given to the Neo4j daemon user neo4j.
Type: path
Default: "/var/lib/neo4j/import"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.directories.plugins
Path of the database plugin directory. Compiled Java JAR files that contain database procedures will be loaded if they are placed in this directory.
When setting this directory to something other than its default, ensure the directory's existence, and that read permission is given to the Neo4j daemon user neo4j.
Type: path
Default: "/var/lib/neo4j/plugins"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.extraServerConfig
Extra configuration for Neo4j Community server. Refer to the complete reference of Neo4j configuration settings.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.http.enable
The HTTP connector is required for Neo4j, and cannot be disabled. Setting this option to false will force the HTTP connector's listenAddress to the loopback interface to prevent connection of remote clients. To prevent all clients from connecting, block the HTTP port (7474 by default) by firewall.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.http.listenAddress
Neo4j listen address for HTTP traffic. The listen address is expressed in the format <ip-address>:<port-number>.
Type: string
Default: ":7474"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.https.enable
Enable the HTTPS connector for Neo4j. Setting this option to false will stop Neo4j from listening for incoming connections on the HTTPS port (7473 by default).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.https.listenAddress
Neo4j listen address for HTTPS traffic. The listen address is expressed in the format <ip-address>:<port-number>.
Type: string
Default: ":7473"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.https.sslPolicy
Neo4j SSL policy for HTTPS traffic.
The legacy policy is a special policy which is not defined in the policy configuration section, but rather derives from directories.certificates and associated files (by default: neo4j.key and neo4j.cert). Its use will be deprecated.
Type: string
Default: "legacy"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.readOnly
Only allow read operations from this Neo4j instance.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.shell.enable
Enable a remote shell server which Neo4j Shell clients can log in to. Only applicable to neo4j-shell.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.ssl.policies
Defines the SSL policies for use with Neo4j connectors. Each attribute of this set defines a policy, with the attribute name defining the name of the policy and its namespace. Refer to the operations manual section on Neo4j's SSL Framework for further details.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.ssl.policies.<name>.allowKeyGeneration
Allows the generation of a private key and associated self-signed certificate. Only performed when both objects cannot be found for this policy. It is recommended to turn this off again after keys have been generated.
The public certificate is required to be duplicated to the directory holding trusted certificates as defined by the trustedDir option.
Keys should in general be generated and distributed offline by a trusted certificate authority and not by utilizing this mode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.ssl.policies.<name>.baseDirectory
The mandatory base directory for cryptographic objects of this policy. This path is only automatically generated when this option as well as directories.certificates are left at their default. Ensure read/write permissions are given to the Neo4j daemon user neo4j.
It is also possible to override each individual configuration with absolute paths. See the privateKey and publicCertificate policy options.
Type: path
Default: "/var/lib/neo4j/certificates/‹name›"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.ssl.policies.<name>.ciphers
Restrict the allowed ciphers of this policy to those defined here. The default ciphers are those of the JVM platform.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.ssl.policies.<name>.clientAuth
The client authentication stance for this policy.
Type: one of "NONE", "OPTIONAL", "REQUIRE"
Default: "REQUIRE"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.ssl.policies.<name>.privateKey
The name of private PKCS #8 key file for this policy to be found in the baseDirectory, or the absolute path to the key file. It is mandatory that a key can be found or generated.
Type: string
Default: "private.key"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.ssl.policies.<name>.publicCertificate
The name of public X.509 certificate (chain) file in PEM format for this policy to be found in the baseDirectory, or the absolute path to the certificate file. It is mandatory that a certificate can be found or generated.
The public certificate is required to be duplicated to the directory holding trusted certificates as defined by the trustedDir option.
Type: string
Default: "public.crt"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.ssl.policies.<name>.revokedDir
Path to directory of CRLs (Certificate Revocation Lists) in PEM format. Must be an absolute path. The existence of this directory is mandatory and will need to be created manually when: setting this option to something other than its default; setting either this policy's baseDirectory or directories.certificates to something other than their default. Ensure read/write permissions are given to the Neo4j daemon user neo4j.
Type: path
Default: "/var/lib/neo4j/certificates/‹name›/revoked"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.ssl.policies.<name>.tlsVersions
Restrict the TLS protocol versions of this policy to those defined here.
Type: list of strings
Default: [ "TLSv1.2" ]
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.ssl.policies.<name>.trustAll
Makes this policy trust all remote parties. Enabling this is not recommended and the policy's trusted directory will be ignored. Use of this mode is discouraged. It would offer encryption but no security.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.ssl.policies.<name>.trustedDir
Path to directory of X.509 certificates in PEM format for trusted parties. Must be an absolute path. The existence of this directory is mandatory and will need to be created manually when: setting this option to something other than its default; setting either this policy's baseDirectory or directories.certificates to something other than their default. Ensure read/write permissions are given to the Neo4j daemon user neo4j.
The public certificate as defined by publicCertificate is required to be duplicated to this directory.
Type: path
Default: "/var/lib/neo4j/certificates/‹name›/trusted"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.udc.enable
Enable the Usage Data Collector which Neo4j uses to collect usage data. Refer to the operations manual section on the Usage Data Collector for more information.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.neo4j.workerCount
Number of Neo4j worker threads, where the default of 0 indicates a worker count equal to the number of available processors.
Type: integer between 0 and 44738 (both inclusive)
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
- services.netatalk.enable
Whether to enable the Netatalk AFP fileserver.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/netatalk.nix>
- services.netatalk.extmap
File name extension mappings. See extmap.conf(5). for more information.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/netatalk.nix>
- services.netatalk.port
TCP port to be used for AFP.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 548
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/netatalk.nix>
- services.netatalk.settings
Configuration for Netatalk. See afp.conf(5).
Type: attribute set of attribute set of INI atom (null, bool, int, float or string)ss
Default: { }
Example: { Global = { uam list = "uams_guest.so"; } ; Homes = { basedir regex = "/home"; path = "afp-data"; } ; example-volume = { path = "/srv/volume"; read only = true; } ; }
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/netatalk.nix>
- services.netdata.enable
Whether to enable netdata.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
- services.netdata.enableAnalyticsReporting
Enable reporting of anonymous usage statistics to Netdata Inc. via either Google Analytics (in versions prior to 1.29.4), or Netdata Inc.'s self-hosted PostHog (in versions 1.29.4 and later). See: https://learn.netdata.cloud/docs/agent/anonymous-statistics
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
- services.netdata.package
Netdata package to use.
Type: package
Default: pkgs.netdata
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
- services.netdata.config
netdata.conf configuration as nix attributes. cannot be combined with configText.
Type: attribute set of attribute sets
Default: { }
Example:
global = { "debug log" = "syslog"; "access log" = "syslog"; "error log" = "syslog"; };Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
- services.netdata.configDir
Complete netdata config directory except netdata.conf. The default configuration is merged with changes defined in this option. Each top-level attribute denotes a path in the configuration directory as in environment.etc. Its value is the absolute path and must be readable by netdata. Cannot be combined with configText.
Type: attribute set of paths
Default: { }
Example:
"health_alarm_notify.conf" = pkgs.writeText "health_alarm_notify.conf" '' sendmail="/path/to/sendmail" ''; "health.d" = "/run/secrets/netdata/health.d";
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
- services.netdata.configText
Verbatim netdata.conf, cannot be combined with config.
Type: null or strings concatenated with "\n"
Default: null
Example:
'' [global] debug log = syslog access log = syslog error log = syslog ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
- services.netdata.extraPluginPaths
Extra paths to add to the netdata global "plugins directory" option. Useful for when you want to include your own collection scripts.
Details about writing a custom netdata plugin are available at: https://docs.netdata.cloud/collectors/plugins.d/
Cannot be combined with configText.
Type: list of paths
Default: [ ]
Example:
[ "/path/to/plugins.d" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
- services.netdata.group
Group under which netdata runs.
Type: string
Default: "netdata"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
- services.netdata.python.enable
Whether to enable python-based plugins
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
- services.netdata.python.extraPackages
Extra python packages available at runtime to enable additional python plugins.
Type: function that evaluates to a(n) listOf
Default: ps: []
Example:
ps: [ ps.psycopg2 ps.docker ps.dnspython ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
- services.netdata.user
User account under which netdata runs.
Type: string
Default: "netdata"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
- services.networkaudiod.enable
Whether to enable Networkaudiod (NAA).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/networkaudiod.nix>
- services.networking.websockify.enable
Whether to enable websockify to forward websocket connections to TCP connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/websockify.nix>
- services.networking.websockify.portMap
Ports to map by default.
Type: attribute set of signed integers
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/websockify.nix>
- services.networking.websockify.sslCert
Path to the SSL certificate.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/websockify.nix>
- services.networking.websockify.sslKey
Path to the SSL key.
Type: path
Default: config.services.networking.websockify.sslCert
Declared by:
<nixpkgs/nixos/modules/services/networking/websockify.nix>
- services.nextcloud.enable
Whether to enable nextcloud.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.enableImagemagick
Whether to enable the ImageMagick module for PHP. This is used by the theming app and for generating previews of certain images (e.g. SVG and HEIF). You may want to disable it for increased security. In that case, previews will still be available for some images (e.g. JPEG and PNG). See https://github.com/nextcloud/server/issues/13099. .
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.package
Which package to use for the Nextcloud instance.
Type: package
Related packages:
- pkgs.nextcloud21 (nextcloud-21.0.9): Sharing solution for files, calendars, contacts and more.
- pkgs.nextcloud22 (nextcloud-22.2.5): Sharing solution for files, calendars, contacts and more.
- pkgs.nextcloud23 (nextcloud-23.0.2): Sharing solution for files, calendars, contacts and more.
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.appstoreEnable
Allow the installation of apps and app updates from the store. Enabled by default unless there are packages in services.nextcloud.extraApps. Set to true to force enable the store even if services.nextcloud.extraApps is used. Set to false to disable the installation of apps from the global appstore. App management is always enabled regardless of this setting.
Type: null or boolean
Default: null
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.autoUpdateApps.enable
Run regular auto update of all apps installed from the nextcloud app store.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.autoUpdateApps.startAt
When to run the update. See `systemd.services.<name>.startAt`.
Type: string or list of strings
Default: "05:00:00"
Example: "Sun 14:00:00"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.caching.apcu
Whether to load the APCu module into PHP.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.caching.memcached
Whether to load the Memcached module into PHP. You still need to enable Memcached in your config.php. See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.caching.redis
Whether to load the Redis module into PHP. You still need to enable Redis in your config.php. See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.config.adminpassFile
The full path to a file that contains the admin's password. Must be readable by user nextcloud.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.config.adminuser
Admin username.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.config.dbhost
Database host.
Note: for using Unix authentication with PostgreSQL, this should be set to /run/postgresql.
Type: null or string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.config.dbname
Database name.
Type: null or string
Default: "nextcloud"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.config.dbpassFile
The full path to a file that contains the database password.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.config.dbport
Database port.
Type: null or signed integer or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.config.dbtableprefix
Table prefix in Nextcloud database.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.config.dbtype
Database type.
Type: one of "sqlite", "pgsql", "mysql"
Default: "sqlite"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.config.dbuser
Database user.
Type: null or string
Default: "nextcloud"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.config.defaultPhoneRegion
Warning
This option exists since Nextcloud 21! If older versions are used, this will throw an eval-error!ISO 3611-1 country codes for automatic phone-number detection without a country code.
With e.g. DE set, the +49 can be omitted for phone-numbers.
Type: null or string
Default: null
Example: "DE"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.config.extraTrustedDomains
Trusted domains, from which the nextcloud installation will be acessible. You don't need to add services.nextcloud.hostname here.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.config.objectstore.s3.enable
Whether to enable S3 object storage as primary storage.
This mounts a bucket on an Amazon S3 object storage or compatible implementation into the virtual filesystem.
Further details about this feature can be found in the upstream documentation. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.config.objectstore.s3.autocreate
Create the objectstore if it does not exist.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.config.objectstore.s3.bucket
The name of the S3 bucket.
Type: string
Example: "nextcloud"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.config.objectstore.s3.hostname
Required for some non-Amazon implementations.
Type: null or string
Default: null
Example: "example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.config.objectstore.s3.key
The access key for the S3 bucket.
Type: string
Example: "EJ39ITYZEUH5BGWDRUFY"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.config.objectstore.s3.port
Required for some non-Amazon implementations.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.config.objectstore.s3.region
Required for some non-Amazon implementations.
Type: null or string
Default: null
Example: "REGION"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.config.objectstore.s3.secretFile
The full path to a file that contains the access secret. Must be readable by user nextcloud.
Type: string
Example: "/var/nextcloud-objectstore-s3-secret"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.config.objectstore.s3.usePathStyle
Required for some non-Amazon S3 implementations.
Ordinarily, requests will be made with http://bucket.hostname.domain/, but with path style enabled requests are made with http://hostname.domain/bucket instead.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.config.objectstore.s3.useSsl
Use SSL for objectstore access.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.config.overwriteProtocol
Force Nextcloud to always use HTTPS i.e. for link generation. Nextcloud uses the currently used protocol by default, but when behind a reverse-proxy, it may use http for everything although Nextcloud may be served via HTTPS.
Type: null or one of "http", "https"
Default: null
Example: "https"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.config.trustedProxies
Trusted proxies, to provide if the nextcloud installation is being proxied to secure against e.g. spoofing.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.datadir
Data storage path of nextcloud. Will be services.nextcloud.home by default. This folder will be populated with a config.php and data folder which contains the state of the instance (excl the database).";
Type: string
Default: "config.services.nextcloud.home"
Example: "/mnt/nextcloud-file"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.extraApps
Extra apps to install. Should be an attrSet of appid to packages generated by fetchNextcloudApp. The appid must be identical to the "id" value in the apps appinfo/info.xml. Using this will disable the appstore to prevent Nextcloud from updating these apps (see services.nextcloud.appstoreEnable).
Type: attribute set of packages
Default: { }
Example:
{ maps = pkgs.fetchNextcloudApp { name = "maps"; sha256 = "007y80idqg6b6zk6kjxg4vgw0z8fsxs9lajnv49vv1zjy6jx2i1i"; url = "https://github.com/nextcloud/maps/releases/download/v0.1.9/maps-0.1.9.tar.gz"; version = "0.1.9"; }; phonetrack = pkgs.fetchNextcloudApp { name = "phonetrack"; sha256 = "0qf366vbahyl27p9mshfma1as4nvql6w75zy2zk5xwwbp343vsbc"; url = "https://gitlab.com/eneiluj/phonetrack-oc/-/wikis/uploads/931aaaf8dca24bf31a7e169a83c17235/phonetrack-0.6.9.tar.gz"; version = "0.6.9"; }; }Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.extraAppsEnable
Automatically enable the apps in services.nextcloud.extraApps every time nextcloud starts. If set to false, apps need to be enabled in the Nextcloud user interface or with nextcloud-occ app:enable.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.home
Storage path of nextcloud.
Type: string
Default: "/var/lib/nextcloud"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.hostName
FQDN for the nextcloud instance.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.https
Use https for generated links.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.logLevel
Log level value between 0 (DEBUG) and 4 (FATAL).
Type: integer between 0 and 4 (both inclusive)
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.maxUploadSize
Defines the upload limit for files. This changes the relevant options in php.ini and nginx if enabled.
Type: string
Default: "512M"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.phpExtraExtensions
Additional PHP extensions to use for nextcloud. By default, only extensions necessary for a vanilla nextcloud installation are enabled, but you may choose from the list of available extensions and add further ones. This is sometimes necessary to be able to install a certain nextcloud app that has additional requirements.
Type: function that evaluates to a(n) listOf
Default: all: []
Example:
all: [ all.pdlib all.bz2 ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.phpOptions
Options for PHP's php.ini file for nextcloud.
Type: attribute set of strings
Default: { catch_workers_output = "yes"; display_errors = "stderr"; error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT"; expose_php = "Off"; opcache.enable_cli = "1"; opcache.fast_shutdown = "1"; opcache.interned_strings_buffer = "8"; opcache.max_accelerated_files = "10000"; opcache.memory_consumption = "128"; opcache.revalidate_freq = "1"; openssl.cafile = "/etc/ssl/certs/ca-certificates.crt"; short_open_tag = "Off"; }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.phpPackage
PHP package to use for Nextcloud.
Type: package
Default: "pkgs.php"
Related packages:
- pkgs.php74 (php-7.4.28): An HTML-embedded scripting language.
- pkgs.php80 (php-8.0.16): An HTML-embedded scripting language.
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.poolConfig
Options for nextcloud's PHP pool. See the documentation on php-fpm.conf for details on configuration directives.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.poolSettings
Options for nextcloud's PHP pool. See the documentation on php-fpm.conf for details on configuration directives.
Type: attribute set of string or signed integer or booleans
Default: { pm = "dynamic"; pm.max_children = "32"; pm.max_requests = "500"; pm.max_spare_servers = "4"; pm.min_spare_servers = "2"; pm.start_servers = "2"; }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.skeletonDirectory
The directory where the skeleton files are located. These files will be copied to the data directory of new users. Leave empty to not copy any skeleton files.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextcloud.webfinger
Enable this option if you plan on using the webfinger plugin. The appropriate nginx rewrite rules will be added to your configuration.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
- services.nextdns.enable
Whether to enable the NextDNS DNS/53 to DoH Proxy service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nextdns.nix>
- services.nextdns.arguments
Additional arguments to be passed to nextdns run.
Type: list of strings
Default: [ ]
Example: [ "-config" "10.0.3.0/24=abcdef" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nextdns.nix>
- services.nexus.enable
Whether to enable Sonatype Nexus3 OSS service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nexus.nix>
- services.nexus.package
Package which runs Nexus3
Type: package
Default: pkgs.nexus
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nexus.nix>
- services.nexus.group
Group which runs Nexus3.
Type: string
Default: "nexus"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nexus.nix>
- services.nexus.home
Home directory of the Nexus3 instance.
Type: string
Default: "/var/lib/sonatype-work"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nexus.nix>
- services.nexus.jvmOpts
Options for the JVM written to `nexus.jvmopts`. Please refer to the docs (https://help.sonatype.com/repomanager3/installation/configuring-the-runtime-environment) for further information.
Type: strings concatenated with "\n"
Default:
'' -Xms1200M -Xmx1200M -XX:MaxDirectMemorySize=2G -XX:+UnlockDiagnosticVMOptions -XX:+UnsyncloadClass -XX:+LogVMOutput -XX:LogFile=${home}/nexus3/log/jvm.log -XX:-OmitStackTraceInFastThrow -Djava.net.preferIPv4Stack=true -Dkaraf.home=${package} -Dkaraf.base=${package} -Dkaraf.etc=${package}/etc/karaf -Djava.util.logging.config.file=${package}/etc/karaf/java.util.logging.properties -Dkaraf.data=${home}/nexus3 -Djava.io.tmpdir=${home}/nexus3/tmp -Dkaraf.startLocalConsole=false -Djava.endorsed.dirs=${package}/lib/endorsed ''Declared by:
<nixpkgs/nixos/modules/services/web-apps/nexus.nix>
- services.nexus.listenAddress
Address to listen on.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nexus.nix>
- services.nexus.listenPort
Port to listen on.
Type: signed integer
Default: 8081
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nexus.nix>
- services.nexus.user
User which runs Nexus3.
Type: string
Default: "nexus"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nexus.nix>
- services.nfs.extraConfig
Extra nfs-utils configuration.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/nfs.nix>
- services.nfs.idmapd.settings
libnfsidmap configuration. Refer to https://linux.die.net/man/5/idmapd.conf for details.
Type: attribute set of attribute set of INI atom (null, bool, int, float or string)ss
Default: { }
Example:
{ Translation = { GSS-Methods = "static,nsswitch"; }; Static = { "root/hostname.domain.com@REALM.COM" = "root"; }; }Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/nfs.nix>
- services.nfs.server.enable
Whether to enable the kernel's NFS server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
- services.nfs.server.createMountPoints
Whether to create the mount points in the exports file at startup time.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
- services.nfs.server.exports
Contents of the /etc/exports file. See exports(5) for the format.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
- services.nfs.server.extraNfsdConfig
Extra configuration options for the [nfsd] section of /etc/nfs.conf.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
- services.nfs.server.hostName
Hostname or address on which NFS requests will be accepted. Default is all. See the -H option in nfsd(8).
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
- services.nfs.server.lockdPort
Use a fixed port for the NFS lock manager kernel module (lockd/nlockmgr). This is useful if the NFS server is behind a firewall.
Type: null or signed integer
Default: null
Example: 4001
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
- services.nfs.server.mountdPort
Use fixed port for rpc.mountd, useful if server is behind firewall.
Type: null or signed integer
Default: null
Example: 4002
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
- services.nfs.server.nproc
Number of NFS server threads. Defaults to the recommended value of 8.
Type: signed integer
Default: 8
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
- services.nfs.server.statdPort
Use a fixed port for rpc.statd. This is useful if the NFS server is behind a firewall.
Type: null or signed integer
Default: null
Example: 4000
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
- services.nghttpx.enable
Whether to enable nghttpx.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.backend-address-family
Specify address family of backend connections. If "auto" is given, both IPv4 and IPv6 are considered. If "IPv4" is given, only IPv4 address is considered. If "IPv6" is given, only IPv6 address is considered.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--backend-address-family
Type: one of "auto", "IPv4", "IPv6"
Default: "auto"
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.backends
A list of backend specifications.
Type: list of submodules
Example: [ { params = { proto = "http/1.1"; redirect-if-not-tls = true; } ; patterns = [ "/" ] ; server = { host = "172.16.0.22"; port = 8443; } ; } ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.backends.*.params
Parameters to configure a backend.
Type: null or submodule
Default: null
Example: { proto = "h2"; tls = true; }
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.backends.*.params.affinity
If "ip" is given, client IP based session affinity is enabled. If "none" is given, session affinity is disabled.
Session affinity is enabled (by nghttpx) per-backend pattern. If at least one backend has a non-"none" affinity, then session affinity is enabled for all backend servers sharing the same pattern.
It is advised to set affinity on all backends explicitly if session affinity is desired. The session affinity may break if one of the backend gets unreachable, or backend settings are reloaded or replaced by API.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: one of "ip", "none"
Default: "none"
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.backends.*.params.dns
Name resolution of a backends host name is done at start up, or configuration reload. If "dns" is true, name resolution takes place dynamically.
This is useful if a backends address changes frequently. If "dns" is true, name resolution of a backend's host name at start up, or configuration reload is skipped.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.backends.*.params.fall
If nghttpx cannot connect to the backend N times in a row, the backend is assumed to be offline and is excluded from load balancing. If N is 0 the backend is never excluded from load balancing.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.backends.*.params.proto
This option configures the protocol the backend server expects to use.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: one of "h2", "http/1.1"
Default: "http/1.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.backends.*.params.redirect-if-not-tls
If true, a backend match requires the frontend connection be TLS encrypted. If it is not, nghttpx responds to the request with a 308 status code and https URI the client should use instead in the Location header.
The port number in the redirect URI is 443 by default and can be changed using 'services.nghttpx.redirect-https-port' option.
If at least one backend has "redirect-if-not-tls" set to true, this feature is enabled for all backend servers with the same pattern. It is advised to set "redirect-if-no-tls" parameter to all backends explicitly if this feature is desired.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.backends.*.params.rise
If the backend is excluded from load balancing, nghttpx will periodically attempt to make a connection to the backend. If the connection is successful N times in a row the backend is re-included in load balancing. If N is 0 a backend is never reconsidered for load balancing once it falls.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.backends.*.params.sni
Override the TLS SNI field value. This value (in nghttpx) defaults to the host value of the backend configuration.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.backends.*.params.tls
This option determines whether nghttpx will negotiate its connection with a backend server using TLS or not. The burden is on the backend server to provide the TLS certificate!
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.backends.*.patterns
List of nghttpx backend patterns.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more information on the pattern syntax and nghttpxs behavior.
Type: list of strings
Default: [ ]
Example: [ "*.host.net/v1/" "host.org/v2/mypath" "/somepath" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.backends.*.server
Backend server location specified as either a host:port pair or a unix domain docket.
Type: submodule or path
Default: { host = "127.0.0.1"; port = 80; }
Example: { host = "127.0.0.1"; port = 8888; }
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.backlog
Listen backlog size.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--backlog
Type: signed integer
Default: 65536
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.extraConfig
Extra configuration options to be appended to the generated configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.frontends
A list of frontend listener specifications.
Type: list of submodules
Example: [ { params = { tls = "no-tls"; } ; server = { host = "*"; port = 80; } ; } ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.frontends.*.params
Parameters to configure a backend.
Type: null or submodule
Default: null
Example: { tls = "tls"; }
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.frontends.*.params.api
Enable API access for this frontend. This enables you to dynamically modify nghttpx at run-time therefore this feature is disabled by default and should be turned on with care.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f for more detail.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.frontends.*.params.healthmon
Make this frontend a health monitor endpoint. Any request received on this frontend is responded to with a 200 OK.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f for more detail.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.frontends.*.params.proxyproto
Accept PROXY protocol version 1 on frontend connection.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f for more detail.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.frontends.*.params.sni-fwd
When performing a match to select a backend server, SNI host name received from the client is used instead of the request host. See --backend option about the pattern match.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f for more detail.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.frontends.*.params.tls
Enable or disable TLS. If true (enabled) the key and certificate must be configured for nghttpx.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f for more detail.
Type: one of "tls", "no-tls"
Default: "tls"
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.frontends.*.server
Frontend server interface binding specification as either a host:port pair or a unix domain docket.
NB: a host of "*" listens on all interfaces and includes IPv6 addresses.
Type: submodule or path
Default: { host = "127.0.0.1"; port = 80; }
Example: { host = "127.0.0.1"; port = 8888; }
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.rlimit-nofile
Set maximum number of open files (RLIMIT_NOFILE) to <N>. If 0 is given, nghttpx does not set the limit.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--rlimit-nofile
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.single-process
Run this program in a single process mode for debugging purpose. Without this option, nghttpx creates at least 2 processes: master and worker processes. If this option is used, master and worker are unified into a single process. nghttpx still spawns additional process if neverbleed is used. In the single process mode, the signal handling feature is disabled.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--single-process
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.single-thread
Run everything in one thread inside the worker process. This feature is provided for better debugging experience, or for the platforms which lack thread support. If threading is disabled, this option is always enabled.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--single-thread
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.tls
TLS certificate and key paths. Note that this does not enable TLS for a frontend listener, to do so, a frontend specification must set params.tls to true.
Type: null or submodule
Default: null
Example: { crt = "/etc/ssl/certs/server.crt"; key = "/etc/ssl/keys/server.key"; }
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.tls.crt
Path to the TLS certificate file.
Type: string
Default: "/etc/ssl/certs/server.crt"
Example: "/etc/ssl/certs/mycert.crt"
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.tls.key
Path to the TLS key file.
Type: string
Default: "/etc/ssl/keys/server.key"
Example: "/etc/ssl/keys/mykeyfile.key"
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nghttpx.workers
Set the number of worker threads.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-n
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
- services.nginx.enable
Whether to enable Nginx Web Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.enableReload
Reload nginx when configuration file changes (instead of restart). The configuration file is exposed at /etc/nginx/nginx.conf. See also systemd.services.*.restartIfChanged.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.package
Nginx package to use. This defaults to the stable version. Note that the nginx team recommends to use the mainline version which available in nixpkgs as nginxMainline.
Type: package
Default: pkgs.nginxStable
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.additionalModules
Additional third-party nginx modules to install. Packaged modules are available in pkgs.nginxModules.
Type: list of attribute set of anythingss
Default: [ ]
Example: [ pkgs.nginxModules.brotli ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.appendConfig
Configuration lines appended to the generated Nginx configuration file. Commonly used by different modules providing http snippets. appendConfig can be specified more than once and it's value will be concatenated (contrary to config which can be set only once).
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.appendHttpConfig
Configuration lines to be appended to the generated http block. This is mutually exclusive with using config and httpConfig for specifying the whole http block verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.clientMaxBodySize
Set nginx global client_max_body_size.
Type: string
Default: "10m"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.commonHttpConfig
With nginx you must provide common http context definitions before they are used, e.g. log_format, resolver, etc. inside of server or location contexts. Use this attribute to set these definitions at the appropriate location.
Type: strings concatenated with "\n"
Default: ""
Example:
'' resolver 127.0.0.1 valid=5s; log_format myformat '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"'; ''Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.config
Verbatim nginx.conf configuration. This is mutually exclusive to any other config option for nginx.conf except for
- services.nginx.appendConfig
- services.nginx.httpConfig
- services.nginx.logError
If additional verbatim config in addition to other options is needed, services.nginx.appendConfig should be used instead.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.defaultListenAddresses
If vhosts do not specify listenAddresses, use these addresses by default.
Type: list of strings
Default: [ "0.0.0.0" ] ++ lib.optional config.networking.enableIPv6 "[::0]"
Example: [ "10.0.0.12" "[2002:a00:1::]" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.eventsConfig
Configuration lines to be set inside the events block.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.gitweb.enable
If true, enable gitweb in nginx.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/gitweb.nix>
- services.nginx.gitweb.group
Group that the CGI process will belong to. (Set to config.services.gitolite.group if you are using gitolite.)
Type: string
Default: "nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/gitweb.nix>
- services.nginx.gitweb.location
Location to serve gitweb on.
Type: string
Default: "/gitweb"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/gitweb.nix>
- services.nginx.gitweb.user
Existing user that the CGI process will belong to. (Default almost surely will do.)
Type: string
Default: "nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/gitweb.nix>
- services.nginx.gitweb.virtualHost
VirtualHost to serve gitweb on. Default is catch-all.
Type: string
Default: "_"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/gitweb.nix>
- services.nginx.group
Group account under which nginx runs.
Type: string
Default: "nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.httpConfig
Configuration lines to be set inside the http block. This is mutually exclusive with the structured configuration via virtualHosts and the recommendedXyzSettings configuration options. See appendHttpConfig for appending to the generated http block.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.logError
Configures logging. The first parameter defines a file that will store the log. The special value stderr selects the standard error file. Logging to syslog can be configured by specifying the “syslog:” prefix. The second parameter determines the level of logging, and can be one of the following: debug, info, notice, warn, error, crit, alert, or emerg. Log levels above are listed in the order of increasing severity. Setting a certain log level will cause all messages of the specified and more severe log levels to be logged. If this parameter is omitted then error is used.
Type: string
Default: "stderr"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.mapHashBucketSize
Sets the bucket size for the map variables hash tables. Default value depends on the processor’s cache line size.
Type: null or one of 32, 64, 128
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.mapHashMaxSize
Sets the maximum size of the map variables hash tables.
Type: null or positive integer, meaning >0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.preStart
Shell commands executed before the service's nginx is started.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.proxyResolveWhileRunning
Resolves domains of proxyPass targets at runtime and not only at start, you have to set services.nginx.resolver, too.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.proxyTimeout
Change the proxy related timeouts in recommendedProxySettings.
Type: string
Default: "60s"
Example: "20s"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.recommendedGzipSettings
Enable recommended gzip settings.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.recommendedOptimisation
Enable recommended optimisation settings.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.recommendedProxySettings
Enable recommended proxy settings.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.recommendedTlsSettings
Enable recommended TLS settings.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.resolver
Configures name servers used to resolve names of upstream servers into addresses
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.resolver.addresses
List of resolvers to use
Type: list of strings
Default: [ ]
Example: [ "[::1]" "127.0.0.1:5353" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.resolver.ipv6
By default, nginx will look up both IPv4 and IPv6 addresses while resolving. If looking up of IPv6 addresses is not desired, the ipv6=off parameter can be specified.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.resolver.valid
By default, nginx caches answers using the TTL value of a response. An optional valid parameter allows overriding it
Type: string
Default: ""
Example: "30s"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.serverNamesHashBucketSize
Sets the bucket size for the server names hash tables. Default value depends on the processor’s cache line size.
Type: null or positive integer, meaning >0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.serverNamesHashMaxSize
Sets the maximum size of the server names hash tables.
Type: null or positive integer, meaning >0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.serverTokens
Show nginx version in headers and error pages.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.sslCiphers
Ciphers to choose from when negotiating TLS handshakes.
Type: null or string
Default: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.sslDhparam
Path to DH parameters file.
Type: null or path
Default: null
Example: "/path/to/dhparams.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.sslProtocols
Allowed TLS protocol versions.
Type: string
Default: "TLSv1.2 TLSv1.3"
Example: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.sso.enable
Whether to enable nginx-sso service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/nginx-sso.nix>
- services.nginx.sso.package
The nginx-sso package that should be used.
Type: package
Default: pkgs.nginx-sso
Declared by:
<nixpkgs/nixos/modules/services/security/nginx-sso.nix>
- services.nginx.sso.configuration
nginx-sso configuration (documentation) as a Nix attribute set.
Type: attribute set of unspecifieds
Default: { }
Example:
{ listen = { addr = "127.0.0.1"; port = 8080; }; providers.token.tokens = { myuser = "MyToken"; }; acl = { rule_sets = [ { rules = [ { field = "x-application"; equals = "MyApp"; } ]; allow = [ "myuser" ]; } ]; }; }Declared by:
<nixpkgs/nixos/modules/services/security/nginx-sso.nix>
- services.nginx.statusPage
Enable status page reachable from localhost on http://127.0.0.1/nginx_status.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.streamConfig
Configuration lines to be set inside the stream block.
Type: strings concatenated with "\n"
Default: ""
Example:
'' server { listen 127.0.0.1:53 udp reuseport; proxy_timeout 20s; proxy_pass 192.168.0.1:53535; } ''Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.upstreams
Defines a group of servers to use as proxy target.
Type: attribute set of submodules
Default: { }
Example:
"backend_server" = { servers = { "127.0.0.1:8000" = {}; }; extraConfig = ''' keepalive 16; '''; };Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.upstreams.<name>.extraConfig
These lines go to the end of the upstream verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.upstreams.<name>.servers
Defines the address and other parameters of the upstream servers.
Type: attribute set of submodules
Default: { }
Example: { 127.0.0.1:8000 = { } ; }
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.upstreams.<name>.servers.<name>.backup
Marks the server as a backup server. It will be passed requests when the primary servers are unavailable.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.user
User account under which nginx runs.
Type: string
Default: "nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts
Declarative vhost config
Type: attribute set of submodules
Default: { localhost = { } ; }
Example:
{ "hydra.example.com" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://localhost:3000"; }; }; };Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.enableACME
Whether to ask Let's Encrypt to sign a certificate for this vhost. Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.acmeFallbackHost
Host which to proxy requests to if acme challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.acmeRoot
Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
Type: string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.addSSL
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of strings
Default: { }
Example:
{ user = "password"; };Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.basicAuthFile
Basic Auth password file for a vhost. Can be created via: htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.default
Makes this vhost the default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.extraConfig
These lines go to the end of the vhost verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.forceSSL
Whether to add a separate nginx server block that permanently redirects (301) all plain HTTP traffic to HTTPS. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.globalRedirect
If set, all requests for this host are redirected permanently to the given hostname.
Type: null or string
Default: null
Example: "newserver.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.http2
Whether to enable HTTP 2. Note that (as of writing) due to nginx's implementation, to disable HTTP 2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2,then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.http3
Whether to enable HTTP 3. This requires using pkgs.nginxQuic package which can be achieved by setting services.nginx.package = pkgs.nginxQuic;. Note that HTTP 3 support is experimental and *not* yet recommended for production. Read more at https://quic.nginx.org/
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.listen
Listen addresses and ports for this virtual host. IPv6 addresses must be enclosed in square brackets. Note: this option overrides addSSL and onlySSL.
If you only want to set the addresses manually and not the ports, take a look at listenAddresses
Type: list of submodules
Default: [ ]
Example: [ { addr = "195.154.1.1"; port = 443; ssl = true; } { addr = "192.154.1.1"; port = 80; } ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.listen.*.addr
IP address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.listen.*.extraParameters
Extra parameters of this listen directive.
Type: list of strings
Default: [ ]
Example: [ "reuseport" "deferred" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.listen.*.port
Port number.
Type: signed integer
Default: 80
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.listen.*.ssl
Enable SSL.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.listenAddresses
Listen addresses for this virtual host. Compared to listen this only sets the addreses and the ports are choosen automatically.
Note: This option overrides enableIPv6
Type: list of strings
Default: [ ]
Example: [ "127.0.0.1" "::1" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.locations
Declarative location config
Type: attribute set of submodules
Default: { }
Example:
{ "/" = { proxyPass = "http://localhost:3000"; }; };Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.locations.<name>.alias
Alias directory for requests.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.locations.<name>.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of strings
Default: { }
Example:
{ user = "password"; };Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.locations.<name>.basicAuthFile
Basic Auth password file for a vhost. Can be created via: htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.locations.<name>.extraConfig
These lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.locations.<name>.fastcgiParams
FastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won't unset the default values for other parameters.
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.locations.<name>.index
Adds index directive.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.locations.<name>.priority
Order of this location block in relation to the others in the vhost. The semantics are the same as with `lib.mkOrder`. Smaller values have a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.locations.<name>.proxyPass
Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.locations.<name>.proxyWebsockets
Whether to support proxying websocket connections with HTTP/1.1.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.locations.<name>.return
Adds a return directive, for e.g. redirections.
Type: null or string
Default: null
Example: "301 http://example.com$request_uri"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.locations.<name>.root
Root directory for requests.
Type: null or path
Default: null
Example: "/your/root/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.locations.<name>.tryFiles
Adds try_files directive.
Type: null or string
Default: null
Example: "$uri =404"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.onlySSL
Whether to enable HTTPS and reject plain HTTP connections. This will set defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.rejectSSL
Whether to listen for and reject all HTTPS connections to this vhost. Useful in default server blocks to avoid serving the certificate for another vhost. Uses the ssl_reject_handshake directive available in nginx versions 1.19.4 and above.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.root
The path of the web root directory.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of strings
Default: [ ]
Example: [ "www.example.org" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.serverName
Name of this virtual host. Defaults to attribute name in virtualHosts.
Type: null or string
Default: null
Example: "example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.sslCertificate
Path to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.sslCertificateKey
Path to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.sslTrustedCertificate
Path to root SSL certificate for stapling and client certificates.
Type: null or path
Default: null
Example: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.nginx.virtualHosts.<name>.useACMEHost
A host of an existing Let's Encrypt certificate to use. This is useful if you have many subdomains and want to avoid hitting the rate limit. Alternately, you can generate a certificate through enableACME. Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
- services.ngircd.enable
Whether to enable the ngircd IRC server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ngircd.nix>
- services.ngircd.package
The ngircd package.
Type: package
Default: pkgs.ngircd
Declared by:
<nixpkgs/nixos/modules/services/networking/ngircd.nix>
- services.ngircd.config
The ngircd configuration (see ngircd.conf(5)).
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/networking/ngircd.nix>
- services.nitter.enable
Whether to enable If enabled, start Nitter..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.cache.listMinutes
How long to cache list info (not the tweets, so keep it high).
Type: signed integer
Default: 240
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.cache.redisConnections
Redis connection pool size.
Type: signed integer
Default: 20
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.cache.redisHost
Redis host.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.cache.redisMaxConnections
Maximum number of connections to Redis.
New connections are opened when none are available, but if the pool size goes above this, they are closed when released, do not worry about this unless you receive tons of requests per second.
Type: signed integer
Default: 30
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.cache.redisPort
Redis port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 6379
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.cache.rssMinutes
How long to cache RSS queries.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.config.base64Media
Use base64 encoding for proxied media URLs.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.config.tokenCount
Minimum amount of usable tokens.
Tokens are used to authorize API requests, but they expire after ~1 hour, and have a limit of 187 requests. The limit gets reset every 15 minutes, and the pool is filled up so there is always at least tokenCount usable tokens. Only increase this if you receive major bursts all the time.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.openFirewall
Open ports in the firewall for Nitter web interface.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.preferences.autoplayGifs
Autoplay GIFs.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.preferences.bidiSupport
Support bidirectional text (makes clicking on tweets harder).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.preferences.hideBanner
Hide profile banner.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.preferences.hidePins
Hide pinned tweets.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.preferences.hideReplies
Hide tweet replies.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.preferences.hideTweetStats
Hide tweet stats (replies, retweets, likes).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.preferences.hlsPlayback
Enable HLS video streaming (requires JavaScript).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.preferences.infiniteScroll
Infinite scrolling (requires JavaScript, experimental!).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.preferences.mp4Playback
Enable MP4 video playback.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.preferences.muteVideos
Mute videos by default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.preferences.proxyVideos
Proxy video streaming through the server (might be slow).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.preferences.replaceInstagram
Replace Instagram links with links to this instance (blank to disable).
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.preferences.replaceTwitter
Replace Twitter links with links to this instance (blank to disable).
Type: string
Default: ""
Example: "nitter.net"
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.preferences.replaceYouTube
Replace YouTube links with links to this instance (blank to disable).
Type: string
Default: ""
Example: "piped.kavin.rocks"
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.preferences.stickyProfile
Make profile sidebar stick to top.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.preferences.theme
Instance theme.
Type: string
Default: "Nitter"
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.redisCreateLocally
Configure local Redis server for Nitter.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.server.address
The address to listen on.
Type: string
Default: "0.0.0.0"
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.server.hostname
Hostname of the instance.
Type: string
Default: "localhost"
Example: "nitter.net"
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.server.httpMaxConnections
Maximum number of HTTP connections.
Type: signed integer
Default: 100
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.server.https
Set secure attribute on cookies. Keep it disabled to enable cookies when not using HTTPS.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.server.port
The port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Example: 8000
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.server.staticDir
Path to the static files directory.
Type: path
Default: "${pkgs.nitter}/share/nitter/public"
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.server.title
Title of the instance.
Type: string
Default: "nitter"
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nitter.settings
Add settings here to override NixOS module generated settings.
Check the official repository for the available settings: https://github.com/zedeus/nitter/blob/master/nitter.conf
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
- services.nix-serve.enable
Whether to enable nix-serve, the standalone Nix binary cache server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-serve.nix>
- services.nix-serve.bindAddress
IP address where nix-serve will bind its listening socket.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-serve.nix>
- services.nix-serve.extraParams
Extra command line parameters for nix-serve.
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-serve.nix>
- services.nix-serve.port
Port number where nix-serve will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5000
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-serve.nix>
- services.nix-serve.secretKeyFile
The path to the file used for signing derivation data. Generate with:
``` nix-store --generate-binary-cache-key key-name secret-key-file public-key-file ```
For more details see nix-store(1).
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-serve.nix>
- services.nix-store-gcs-proxy
An attribute set describing an HTTP to GCS proxy that allows us to use GCS bucket via HTTP protocol.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-store-gcs-proxy.nix>
- services.nix-store-gcs-proxy.<name>.enable
Whether to enable proxy for this bucket
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-store-gcs-proxy.nix>
- services.nix-store-gcs-proxy.<name>.address
The address of the proxy.
Type: string
Example: "localhost:3000"
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-store-gcs-proxy.nix>
- services.nix-store-gcs-proxy.<name>.bucketName
Name of Google storage bucket
Type: string
Default: "‹name›"
Example: "my-bucket-name"
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-store-gcs-proxy.nix>
- services.nixops-dns.enable
Whether to enable the nixops-dns resolution of NixOps virtual machines via dnsmasq and fake domain name.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nixops-dns.nix>
- services.nixops-dns.dnsmasq
Enable dnsmasq forwarding to nixops-dns. This allows to use nixops-dns for `services.nixops-dns.domain` resolution while forwarding the rest of the queries to original resolvers.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nixops-dns.nix>
- services.nixops-dns.domain
Fake domain name to resolve to NixOps virtual machines.
For example "ops" will resolve "vm.ops".
Type: string
Default: "ops"
Declared by:
<nixpkgs/nixos/modules/services/networking/nixops-dns.nix>
- services.nixops-dns.user
The user the nixops-dns daemon should run as. This should be the user, which is also used for nixops and have the .nixops directory in its home.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nixops-dns.nix>
- services.nntp-proxy.enable
Whether to enable NNTP-Proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
- services.nntp-proxy.listenAddress
Proxy listen address (IPv6 literal addresses need to be enclosed in "[" and "]" characters)
Type: string
Default: "127.0.0.1"
Example: "[::]"
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
- services.nntp-proxy.port
Proxy listen port
Type: signed integer
Default: 5555
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
- services.nntp-proxy.prohibitPosting
Whether to prohibit posting to the upstream server
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
- services.nntp-proxy.sslCert
Proxy ssl certificate path
Type: string
Default: "cert.pem"
Example: "/path/to/your/cert.file"
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
- services.nntp-proxy.sslKey
Proxy ssl key path
Type: string
Default: "key.pem"
Example: "/path/to/your/key.file"
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
- services.nntp-proxy.upstreamMaxConnections
Upstream server maximum allowed concurrent connections
Type: signed integer
Default: 20
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
- services.nntp-proxy.upstreamPassword
Upstream server password
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
- services.nntp-proxy.upstreamPort
Upstream server port
Type: signed integer
Default: 563
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
- services.nntp-proxy.upstreamServer
Upstream server address
Type: string
Default: ""
Example: "ssl-eu.astraweb.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
- services.nntp-proxy.upstreamUser
Upstream server username
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
- services.nntp-proxy.users
NNTP-Proxy user configuration
Type: attribute set of submodules
Default: { }
Example:
{ "user1" = { passwordHash = "$6$1l0t5Kn2Dk$appzivc./9l/kjq57eg5UCsBKlcfyCr0zNWYNerKoPsI1d7eAwiT0SVsOVx/CTgaBNT/u4fi2vN.iGlPfv1ek0"; maxConnections = 5; }; "anotheruser" = { passwordHash = "$6$6lwEsWB.TmsS$W7m1riUx4QrA8pKJz8hvff0dnF1NwtZXgdjmGqA1Dx2MDPj07tI9GNcb0SWlMglE.2/hBgynDdAd/XqqtRqVQ0"; maxConnections = 7; }; }Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
- services.nntp-proxy.users.<name>.maxConnections
Maximum number of concurrent connections to the proxy for this user
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
- services.nntp-proxy.users.<name>.passwordHash
SHA-512 password hash (can be generated by mkpasswd -m sha-512 <password>)
Type: string
Example: "$6$GtzE7FrpE$wwuVgFYU.TZH4Rz.Snjxk9XGua89IeVwPQ/fEUD8eujr40q5Y021yhn0aNcsQ2Ifw.BLclyzvzgegopgKcneL0"
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
- services.nntp-proxy.users.<name>.username
Username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
- services.nntp-proxy.verbosity
Verbosity level
Type: one of "error", "warning", "notice", "info", "debug"
Default: "info"
Example: "error"
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
- services.node-red.enable
Whether to enable the Node-RED service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/node-red.nix>
- services.node-red.package
Node-RED package to use.
Type: package
Default: pkgs.nodePackages.node-red
Declared by:
<nixpkgs/nixos/modules/services/web-apps/node-red.nix>
- services.node-red.configFile
Path to the JavaScript configuration file. See https://github.com/node-red/node-red/blob/master/packages/node_modules/node-red/settings.js for a configuration example.
Type: path
Default: "${package}/lib/node_modules/node-red/settings.js"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/node-red.nix>
- services.node-red.define
List of settings.js overrides to pass via -D to Node-RED.
Type: attribute set
Default: { }
Example:
{ "logging.console.level" = "trace"; }Declared by:
<nixpkgs/nixos/modules/services/web-apps/node-red.nix>
- services.node-red.group
Group under which Node-RED runs.If left as the default value this group will automatically be created on system activation, otherwise the sysadmin is responsible for ensuring the group exists.
Type: string
Default: "node-red"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/node-red.nix>
- services.node-red.openFirewall
Open ports in the firewall for the server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/node-red.nix>
- services.node-red.port
Listening port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1880
Declared by:
<nixpkgs/nixos/modules/services/web-apps/node-red.nix>
- services.node-red.safe
Whether to launch Node-RED in --safe mode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/node-red.nix>
- services.node-red.user
User under which Node-RED runs.If left as the default value this user will automatically be created on system activation, otherwise the sysadmin is responsible for ensuring the user exists.
Type: string
Default: "node-red"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/node-red.nix>
- services.node-red.userDir
The directory to store all user data, such as flow and credential files and all library data. If left as the default value this directory will automatically be created before the node-red service starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: path
Default: "/var/lib/node-red"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/node-red.nix>
- services.node-red.withNpmAndGcc
Give Node-RED access to NPM and GCC at runtime, so 'Nodes' can be downloaded and managed imperatively via the 'Palette Manager'.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/node-red.nix>
- services.nomad.enable
Whether to enable Nomad, a distributed, highly available, datacenter-aware scheduler.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nomad.nix>
- services.nomad.enableDocker
Enable Docker support. Needed for Nomad's docker driver.
Note that the docker group membership is effectively equivalent to being root, see https://github.com/moby/moby/issues/9976.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nomad.nix>
- services.nomad.package
The package used for the Nomad agent and CLI.
Type: package
Default: pkgs.nomad
Declared by:
<nixpkgs/nixos/modules/services/networking/nomad.nix>
- services.nomad.dropPrivileges
Whether the nomad agent should be run as a non-root nomad user.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nomad.nix>
- services.nomad.extraPackages
Extra packages to add to PATH for the Nomad agent process.
Type: list of packages
Default: [ ]
Example:
with pkgs; [ cni-plugins ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nomad.nix>
- services.nomad.extraSettingsPaths
Additional settings paths used to configure nomad. These can be files or directories.
Type: list of paths
Default: [ ]
Example:
[ "/etc/nomad-mutable.json" "/run/keys/nomad-with-secrets.json" "/etc/nomad/config.d" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nomad.nix>
- services.nomad.extraSettingsPlugins
Additional plugins dir used to configure nomad.
Type: list of package or paths
Default: [ ]
Example:
[ "<pluginDir>" "pkgs.<plugins-name>"]
Declared by:
<nixpkgs/nixos/modules/services/networking/nomad.nix>
- services.nomad.settings
Configuration for Nomad. See the documentation for supported values.
Notes about data_dir:
If data_dir is set to a value other than the default value of "/var/lib/nomad" it is the Nomad cluster manager's responsibility to make sure that this directory exists and has the appropriate permissions.
Additionally, if dropPrivileges is true then data_dir cannot be customized. Setting dropPrivileges to true enables the DynamicUser feature of systemd which directly manages and operates on StateDirectory.
Type: JSON value
Default: { }
Example:
{ # A minimal config example: server = { enabled = true; bootstrap_expect = 1; # for demo; no fault tolerance }; client = { enabled = true; }; }Declared by:
<nixpkgs/nixos/modules/services/networking/nomad.nix>
- services.novacomd.enable
Whether to enable Novacom service for connecting to WebOS devices.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/novacomd.nix>
- services.nscd.enable
Whether to enable the Name Service Cache Daemon. Disabling this is strongly discouraged, as this effectively disables NSS Lookups from all non-glibc NSS modules, including the ones provided by systemd.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/system/nscd.nix>
- services.nscd.config
Configuration to use for Name Service Cache Daemon.
Type: strings concatenated with "\n"
Default:
'' # We basically use nscd as a proxy for forwarding nss requests to appropriate # nss modules, as we run nscd with LD_LIBRARY_PATH set to the directory # containing all such modules # Note that we can not use `enable-cache no` As this will actually cause nscd # to just reject the nss requests it receives, which then causes glibc to # fallback to trying to handle the request by itself. Which won't work as glibc # is not aware of the path in which the nss modules live. As a workaround, we # have `enable-cache yes` with an explicit ttl of 0 server-user nscd enable-cache passwd yes positive-time-to-live passwd 0 negative-time-to-live passwd 0 shared passwd yes enable-cache group yes positive-time-to-live group 0 negative-time-to-live group 0 shared group yes enable-cache netgroup yes positive-time-to-live netgroup 0 negative-time-to-live netgroup 0 shared netgroup yes enable-cache hosts yes positive-time-to-live hosts 0 negative-time-to-live hosts 0 shared hosts yes enable-cache services yes positive-time-to-live services 0 negative-time-to-live services 0 shared services yes ''
Declared by:
<nixpkgs/nixos/modules/services/system/nscd.nix>
- services.nsd.enable
Whether to enable NSD authoritative DNS server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.bind8Stats
Whether to enable BIND8 like statistics.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.dnssecInterval
How often to check whether dnssec key rollover is required
Type: string
Default: "1h"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.extraConfig
Extra nsd config.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.hideVersion
Whether NSD should answer VERSION.BIND and VERSION.SERVER CHAOS class queries.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.identity
Identify the server (CH TXT ID.SERVER entry).
Type: string
Default: "unidentified server"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.interfaces
What addresses the server should listen to.
Type: list of strings
Default: [ "127.0.0.0" "::1" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.ipFreebind
Whether to bind to nonlocal addresses and interfaces that are down. Similar to ip-transparent.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.ipTransparent
Allow binding to non local addresses.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.ipv4
Whether to listen on IPv4 connections.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.ipv4EDNSSize
Preferred EDNS buffer size for IPv4.
Type: signed integer
Default: 4096
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.ipv6
Whether to listen on IPv6 connections.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.ipv6EDNSSize
Preferred EDNS buffer size for IPv6.
Type: signed integer
Default: 4096
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.keys
Define your TSIG keys here.
Type: attribute set of submodules
Default: { }
Example:
{ "tsig.example.org" = { algorithm = "hmac-md5"; keyFile = "/path/to/my/key"; }; }Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.keys.<name>.algorithm
Authentication algorithm for this key.
Type: string
Default: "hmac-sha256"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.keys.<name>.keyFile
Path to the file which contains the actual base64 encoded key. The key will be copied into "/var/lib/nsd/private" before NSD starts. The copied file is only accessibly by the NSD user.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.logTimeAscii
Log time in ascii, if false then in unix epoch seconds.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.nsid
NSID identity (hex string, or "ascii_somestring").
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.port
Port the service should bind do.
Type: signed integer
Default: 53
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.ratelimit.enable
Whether to enable ratelimit capabilities.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.ratelimit.ipv4PrefixLength
IPv4 prefix length. Addresses are grouped by netblock.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.ratelimit.ipv6PrefixLength
IPv6 prefix length. Addresses are grouped by netblock.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.ratelimit.ratelimit
Max qps allowed from any query source. 0 means unlimited. With an verbosity of 2 blocked and unblocked subnets will be logged.
Type: signed integer
Default: 200
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.ratelimit.size
Size of the hashtable. More buckets use more memory but lower the chance of hash hash collisions.
Type: signed integer
Default: 1000000
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.ratelimit.slip
Number of packets that get discarded before replying a SLIP response. 0 disables SLIP responses. 1 will make every response a SLIP response.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.ratelimit.whitelistRatelimit
Max qps allowed from whitelisted sources. 0 means unlimited. Set the rrl-whitelist option for specific queries to apply this limit instead of the default to them.
Type: signed integer
Default: 2000
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.remoteControl.enable
Whether to enable remote control via nsd-control.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.remoteControl.controlCertFile
Path to the client certificate signed with the server certificate. This file is used by nsd-control and generated by nsd-control-setup.
Type: path
Default: "/etc/nsd/nsd_control.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.remoteControl.controlKeyFile
Path to the client private key, which is used by nsd-control but not by the server. This file is generated by nsd-control-setup.
Type: path
Default: "/etc/nsd/nsd_control.key"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.remoteControl.interfaces
Which interfaces NSD should bind to for remote control.
Type: list of strings
Default: [ "127.0.0.1" "::1" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.remoteControl.port
Port number for remote control operations (uses TLS over TCP).
Type: signed integer
Default: 8952
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.remoteControl.serverCertFile
Path to the server self signed certificate, which is used by the server but and by nsd-control. This file is generated by nsd-control-setup.
Type: path
Default: "/etc/nsd/nsd_server.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.remoteControl.serverKeyFile
Path to the server private key, which is used by the server but not by nsd-control. This file is generated by nsd-control-setup.
Type: path
Default: "/etc/nsd/nsd_server.key"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.reuseport
Whether to enable SO_REUSEPORT on all used sockets. This lets multiple processes bind to the same port. This speeds up operation especially if the server count is greater than one and makes fast restarts less prone to fail
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.rootServer
Whether this server will be a root server (a DNS root server, you usually don't want that).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.roundRobin
Whether to enable round robin rotation of records.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.serverCount
Number of NSD servers to fork. Put the number of CPUs to use here.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.statistics
Statistics are produced every number of seconds. Prints to log. If null no statistics are logged.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.tcpCount
Maximum number of concurrent TCP connections per server.
Type: signed integer
Default: 100
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.tcpQueryCount
Maximum number of queries served on a single TCP connection. 0 means no maximum.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.tcpTimeout
TCP timeout in seconds.
Type: signed integer
Default: 120
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.verbosity
Verbosity level.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.version
The version string replied for CH TXT version.server and version.bind queries. Will use the compiled package version on null. See hideVersion for enabling/disabling this responses.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.xfrdReloadTimeout
Number of seconds between reloads triggered by xfrd.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zonefilesCheck
Whether to check mtime of all zone files on start and sighup.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones
Define your zones here. Zones can cascade other zones and therefore inherit settings from parent zones. Look at the definition of children to learn about inheritance and child zones. The given example will define 3 zones (example.(com|org|net).). Both example.com. and example.org. inherit their configuration from serverGroup1.
Type: attribute set of submodules
Default: { }
Example:
{ "serverGroup1" = { provideXFR = [ "10.1.2.3 NOKEY" ]; children = { "example.com." = { data = '' $ORIGIN example.com. $TTL 86400 @ IN SOA a.ns.example.com. admin.example.com. ( ... ''; }; "example.org." = { data = '' $ORIGIN example.org. $TTL 86400 @ IN SOA a.ns.example.com. admin.example.com. ( ... ''; }; }; }; "example.net." = { provideXFR = [ "10.3.2.1 NOKEY" ]; data = '' ... ''; }; }Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.allowAXFRFallback
If NSD as secondary server should be allowed to AXFR if the primary server does not allow IXFR.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.allowNotify
Listed primary servers are allowed to notify this secondary server.
Format: <ip> <key-name | NOKEY | BLOCKED> <ip> either a plain IPv4/IPv6 address or range. Valid patters for ranges: * 10.0.0.0/24 # via subnet size * 10.0.0.0&255.255.255.0 # via subnet mask * 10.0.0.1-10.0.0.254 # via range A optional port number could be added with a '@': * 2001:1234::1@1234 <key-name | NOKEY | BLOCKED> * <key-name> will use the specified TSIG key * NOKEY no TSIG signature is required * BLOCKED notifies from non-listed or blocked IPs will be ignored *
Type: list of strings
Default: [ ]
Example: [ "192.0.2.0/24 NOKEY" "10.0.0.1-10.0.0.5 my_tsig_key_name" "10.0.3.4&255.255.0.0 BLOCKED" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.children
Children zones inherit all options of their parents. Attributes defined in a child will overwrite the ones of its parent. Only leaf zones will be actually served. This way it's possible to define maybe zones which share most attributes without duplicating everything. This mechanism replaces nsd's patterns in a save and functional way.
Type: unspecified
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.data
The actual zone data. This is the content of your zone file. Use imports or pkgs.lib.readFile if you don't want this data in your config file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.dnssec
Whether to enable DNSSEC.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.dnssecPolicy.algorithm
Which algorithm to use for DNSSEC
Type: string
Default: "RSASHA256"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.dnssecPolicy.coverage
The length of time to ensure that keys will be correct; no action will be taken to create new keys to be activated after this time.
Type: string
Default: "1y"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.dnssecPolicy.keyttl
TTL for dnssec records
Type: string
Default: "1h"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.dnssecPolicy.ksk
Key policy for key signing keys
Type: submodule
Default: { keySize = 4096; postPublish = "1mo"; prePublish = "1mo"; rollPeriod = "0"; }
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.dnssecPolicy.ksk.keySize
Key size in bits
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.dnssecPolicy.ksk.postPublish
How long after deactivation to keep a key in the zone
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.dnssecPolicy.ksk.prePublish
How long in advance to publish new keys
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.dnssecPolicy.ksk.rollPeriod
How frequently to change keys
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.dnssecPolicy.zsk
Key policy for zone signing keys
Type: submodule
Default: { keySize = 2048; postPublish = "1w"; prePublish = "1w"; rollPeriod = "1mo"; }
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.dnssecPolicy.zsk.keySize
Key size in bits
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.dnssecPolicy.zsk.postPublish
How long after deactivation to keep a key in the zone
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.dnssecPolicy.zsk.prePublish
How long in advance to publish new keys
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.dnssecPolicy.zsk.rollPeriod
How frequently to change keys
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.maxRefreshSecs
Limit refresh time for secondary zones. This is the timer which checks to see if the zone has to be refetched when it expires. Normally the value from the SOA record is used, but this option restricts that value.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.maxRetrySecs
Limit retry time for secondary zones. This is the timeout after a failed fetch attempt for the zone. Normally the value from the SOA record is used, but this option restricts that value.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.minRefreshSecs
Limit refresh time for secondary zones.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.minRetrySecs
Limit retry time for secondary zones.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.notify
This primary server will notify all given secondary servers about zone changes.
Format: <ip> <key-name | NOKEY> <ip> a plain IPv4/IPv6 address with on optional port number (ip@port) <key-name | NOKEY> * <key-name> sign notifies with the specified key * NOKEY don't sign notifies
Type: list of strings
Default: [ ]
Example: [ "10.0.0.1@3721 my_key" "::5 NOKEY" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.notifyRetry
Specifies the number of retries for failed notifies. Set this along with notify.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.outgoingInterface
This address will be used for zone-transfere requests if configured as a secondary server or notifications in case of a primary server. Supply either a plain IPv4 or IPv6 address with an optional port number (ip@port).
Type: null or string
Default: null
Example: "2000::1@1234"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.provideXFR
Allow these IPs and TSIG to transfer zones, addr TSIG|NOKEY|BLOCKED address range 192.0.2.0/24, 1.2.3.4&255.255.0.0, 3.0.2.20-3.0.2.40
Type: list of strings
Default: [ ]
Example: [ "192.0.2.0/24 NOKEY" "192.0.2.0/24 my_tsig_key_name" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.requestXFR
Format: [AXFR|UDP] <ip-address> <key-name | NOKEY>
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.rrlWhitelist
Whitelists the given rrl-types.
Type: list of one of "nxdomain", "error", "referral", "any", "rrsig", "wildcard", "nodata", "dnskey", "positive", "all"s
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.nsd.zones.<name>.zoneStats
When set to something distinct to null NSD is able to collect statistics per zone. All statistics of this zone(s) will be added to the group specified by this given name. Use "%s" to use the zones name as the group. The groups are output from nsd-control stats and stats_noreset.
Type: null or string
Default: null
Example: "%s"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
- services.ntopng.enable
Enable ntopng, a high-speed web-based traffic analysis and flow collection tool.
With the default configuration, ntopng monitors all network interfaces and displays its findings at http://localhost:3000. Default username and password is admin/admin.
See the ntopng(8) manual page and http://www.ntop.org/products/ntop/ for more info.
Note that enabling ntopng will also enable redis (key-value database server) for persistent data storage.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ntopng.nix>
- services.ntopng.configText
Overridable configuration file contents to use for ntopng. By default, use the contents automatically generated by NixOS.
Type: strings concatenated with "\n"
Default: ""
Example:
'' --interface=any --http-port=3000 --disable-login ''
Declared by:
<nixpkgs/nixos/modules/services/networking/ntopng.nix>
- services.ntopng.extraConfig
Configuration lines that will be appended to the generated ntopng configuration file. Note that this mechanism does not work when the manual configText option is used.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/ntopng.nix>
- services.ntopng.http-port
Sets the HTTP port of the embedded web server.
Type: signed integer
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/networking/ntopng.nix>
- services.ntopng.interfaces
List of interfaces to monitor. Use "any" to monitor all interfaces.
Type: list of strings
Default: [ "any" ]
Example: [ "eth0" "wlan0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ntopng.nix>
- services.ntp.enable
Whether to synchronise your machine's time using ntpd, as a peer in the NTP network.
Disables systemd.timesyncd if enabled.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/ntpd.nix>
- services.ntp.extraConfig
Additional text appended to ntp.conf.
Type: strings concatenated with "\n"
Default: ""
Example:
'' fudge 127.127.1.0 stratum 10 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/ntpd.nix>
- services.ntp.extraFlags
Extra flags passed to the ntpd command.
Type: list of strings
Default: [ ]
Example: [ "--interface=eth0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/ntpd.nix>
- services.ntp.restrictDefault
The restriction flags to be set by default.
The default flags prevent external hosts from using ntpd as a DDoS reflector, setting system time, and querying OS/ntpd version. As recommended in section 6.5.1.1.3, answer "No" of http://support.ntp.org/bin/view/Support/AccessRestrictions
Type: list of strings
Default: [ "limited" "kod" "nomodify" "notrap" "noquery" "nopeer" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/ntpd.nix>
- services.ntp.restrictSource
The restriction flags to be set on source.
The default flags allow peers to be added by ntpd from configured pool(s), but not by other means.
Type: list of strings
Default: [ "limited" "kod" "nomodify" "notrap" "noquery" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/ntpd.nix>
- services.ntp.servers
The set of NTP servers from which to synchronise.
Type: list of strings
Default: [ "0.nixos.pool.ntp.org" "1.nixos.pool.ntp.org" "2.nixos.pool.ntp.org" "3.nixos.pool.ntp.org" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/ntpd.nix>
- services.nullidentdmod.enable
Whether to enable the nullidentdmod identd daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nullidentdmod.nix>
- services.nullidentdmod.userid
User ID to return. Set to null to return a random string each time.
Type: null or string
Default: null
Example: "alice"
Declared by:
<nixpkgs/nixos/modules/services/networking/nullidentdmod.nix>
- services.nullmailer.enable
Whether to enable nullmailer daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
- services.nullmailer.config.adminaddr
If set, all recipients to users at either "localhost" (the literal string) or the canonical host name (from the me control attribute) are remapped to this address. This is provided to allow local daemons to be able to send email to "somebody@localhost" and have it go somewhere sensible instead of being bounced by your relay host. To send to multiple addresses, put them all on one line separated by a comma.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
- services.nullmailer.config.allmailfrom
If set, content will override the envelope sender on all messages.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
- services.nullmailer.config.defaultdomain
The content of this attribute is appended to any host name that does not contain a period (except localhost), including defaulthost and idhost. Defaults to the value of the me attribute, if it exists, otherwise the literal name defauldomain.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
- services.nullmailer.config.defaulthost
The content of this attribute is appended to any address that is missing a host name. Defaults to the value of the me control attribute, if it exists, otherwise the literal name defaulthost.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
- services.nullmailer.config.doublebounceto
If the original sender was empty (the original message was a delivery status or disposition notification), the double bounce is sent to the address in this attribute.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
- services.nullmailer.config.helohost
Sets the environment variable $HELOHOST which is used by the SMTP protocol module to set the parameter given to the HELO command. Defaults to the value of the me configuration attribute.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
- services.nullmailer.config.idhost
The content of this attribute is used when building the message-id string for the message. Defaults to the canonicalized value of defaulthost.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
- services.nullmailer.config.maxpause
The maximum time to pause between successive queue runs, in seconds. Defaults to 24 hours (86400).
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
- services.nullmailer.config.me
The fully-qualifiled host name of the computer running nullmailer. Defaults to the literal name me.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
- services.nullmailer.config.pausetime
The minimum time to pause between successive queue runs when there are messages in the queue, in seconds. Defaults to 1 minute (60). Each time this timeout is reached, the timeout is doubled to a maximum of maxpause. After new messages are injected, the timeout is reset. If this is set to 0, nullmailer-send will exit immediately after going through the queue once (one-shot mode).
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
- services.nullmailer.config.remotes
A list of remote servers to which to send each message. Each line contains a remote host name or address followed by an optional protocol string, separated by white space.
See man 8 nullmailer-send for syntax and available options.
WARNING: This is stored world-readable in the nix store. If you need to specify any secret credentials here, consider using the remotesFile option instead.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
- services.nullmailer.config.sendtimeout
The time to wait for a remote module listed above to complete sending a message before killing it and trying again, in seconds. Defaults to 1 hour (3600). If this is set to 0, nullmailer-send will wait forever for messages to complete sending.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
- services.nullmailer.group
Group to use to run nullmailer-send.
Type: string
Default: "nullmailer"
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
- services.nullmailer.remotesFile
Path to the remotes control file. This file contains a list of remote servers to which to send each message.
See man 8 nullmailer-send for syntax and available options.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
- services.nullmailer.setSendmail
Whether to set the system sendmail to nullmailer's.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
- services.nullmailer.user
User to use to run nullmailer-send.
Type: string
Default: "nullmailer"
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
- services.nylon.<name>.enable
Enables nylon as a running service upon activation.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
- services.nylon.<name>.acceptInterface
Tell nylon which interface to listen for client requests on, default is "lo".
Type: string
Default: "lo"
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
- services.nylon.<name>.allowedIPRanges
Allowed client IP ranges are evaluated first, defaults to ARIN IPv4 private ranges: [ "192.168.0.0/16" "127.0.0.0/8" "172.16.0.0/12" "10.0.0.0/8" ]
Type: list of strings
Default: [ "192.168.0.0/16" "127.0.0.1/8" "172.16.0.1/12" "10.0.0.0/8" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
- services.nylon.<name>.bindInterface
Tell nylon which interface to use as an uplink, default is "enp3s0f0".
Type: string
Default: "enp3s0f0"
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
- services.nylon.<name>.deniedIPRanges
Denied client IP ranges, these gets evaluated after the allowed IP ranges, defaults to all IPv4 addresses: [ "0.0.0.0/0" ] To block all other access than the allowed.
Type: list of strings
Default: [ "0.0.0.0/0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
- services.nylon.<name>.logging
Enable logging, default is no logging.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
- services.nylon.<name>.name
The name of this nylon instance.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
- services.nylon.<name>.nrConnections
The number of allowed simultaneous connections to the daemon, default 10.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
- services.nylon.<name>.port
What port to listen for client requests, default is 1080.
Type: signed integer
Default: 1080
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
- services.nylon.<name>.verbosity
Enable verbose output, default is to not be verbose.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
- services.nzbget.enable
Whether to enable NZBGet.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nzbget.nix>
- services.nzbget.group
Group under which NZBGet runs
Type: string
Default: "nzbget"
Declared by:
<nixpkgs/nixos/modules/services/misc/nzbget.nix>
- services.nzbget.settings
NZBGet configuration, passed via command line using switch -o. Refer to https://github.com/nzbget/nzbget/blob/master/nzbget.conf for details on supported values.
Type: attribute set of boolean or signed integer or strings
Default: { }
Example: { MainDir = "/data"; }
Declared by:
<nixpkgs/nixos/modules/services/misc/nzbget.nix>
- services.nzbget.user
User account under which NZBGet runs
Type: string
Default: "nzbget"
Declared by:
<nixpkgs/nixos/modules/services/misc/nzbget.nix>
- services.nzbhydra2.enable
Whether to enable NZBHydra2.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nzbhydra2.nix>
- services.nzbhydra2.package
NZBHydra2 package to use.
Type: package
Default: pkgs.nzbhydra2
Declared by:
<nixpkgs/nixos/modules/services/misc/nzbhydra2.nix>
- services.nzbhydra2.dataDir
The directory where NZBHydra2 stores its data files.
Type: string
Default: "/var/lib/nzbhydra2"
Declared by:
<nixpkgs/nixos/modules/services/misc/nzbhydra2.nix>
- services.nzbhydra2.openFirewall
Open ports in the firewall for the NZBHydra2 web interface.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nzbhydra2.nix>
- services.oauth2_proxy.enable
Whether to enable oauth2_proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.package
The package that provides oauth2-proxy.
Type: package
Default: pkgs.oauth2-proxy
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.approvalPrompt
OAuth approval_prompt.
Type: one of "force", "auto"
Default: "force"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.azure.resource
The resource that is protected.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.azure.tenant
Go to a tenant-specific or common (tenant-independent) endpoint.
Type: string
Default: "common"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.basicAuthPassword
The password to set when passing the HTTP Basic Auth header.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.clientID
The OAuth Client ID.
Type: null or string
Example: "123456.apps.googleusercontent.com"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.clientSecret
The OAuth Client Secret.
Type: null or string
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.cookie.domain
Optional cookie domains to force cookies to (ie: `.yourcompany.com`). The longest domain matching the request's host will be used (or the shortest cookie domain if there is no match).
Type: null or string
Default: null
Example: ".yourcompany.com"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.cookie.expire
Expire timeframe for cookie.
Type: string
Default: "168h0m0s"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.cookie.httpOnly
Set HttpOnly cookie flag.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.cookie.name
The name of the cookie that the oauth_proxy creates.
Type: string
Default: "_oauth2_proxy"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.cookie.refresh
Refresh the cookie after this duration; 0 to disable.
Type: null or string
Default: null
Example: "168h0m0s"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.cookie.secret
The seed string for secure cookies.
Type: null or string
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.cookie.secure
Set secure (HTTPS) cookie flag.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.customTemplatesDir
Path to custom HTML templates.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.email.addresses
Line-separated email addresses that are allowed to authenticate.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.email.domains
Authenticate emails with the specified domains. Use * to authenticate any email.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.extraConfig
Extra config to pass to oauth2-proxy.
Type: attribute set of anythings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.github.org
Restrict logins to members of this organisation.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.github.team
Restrict logins to members of this team.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.google.adminEmail
The Google Admin to impersonate for API calls.
Only users with access to the Admin APIs can access the Admin SDK Directory API, thus the service account needs to impersonate one of those users to access the Admin SDK Directory API.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.google.groups
Restrict logins to members of these Google groups.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.google.serviceAccountJSON
The path to the service account JSON credentials.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.htpasswd.displayForm
Display username / password login form if an htpasswd file is provided.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.htpasswd.file
Additionally authenticate against a htpasswd file. Entries must be created with htpasswd -s for SHA encryption.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.httpAddress
HTTPS listening address. This module does not expose the port by default. If you want this URL to be accessible to other machines, please add the port to networking.firewall.allowedTCPPorts.
Type: string
Default: "http://127.0.0.1:4180"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.keyFile
oauth2-proxy allows passing sensitive configuration via environment variables. Make a file that contains lines like OAUTH2_PROXY_CLIENT_SECRET=asdfasdfasdf.apps.googleuserscontent.com and specify the path here.
Type: null or path
Default: null
Example: "/run/keys/oauth2_proxy"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.loginURL
Authentication endpoint.
You only need to set this if you are using a self-hosted provider (e.g. Github Enterprise). If you're using a publicly hosted provider (e.g github.com), then the default works.
Type: null or string
Default: null
Example: "https://provider.example.com/oauth/authorize"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.nginx.proxy
The address of the reverse proxy endpoint for oauth2_proxy
Type: string
Default: "http://127.0.0.1:4180"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy_nginx.nix>
- services.oauth2_proxy.nginx.virtualHosts
A list of nginx virtual hosts to put behind the oauth2 proxy
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy_nginx.nix>
- services.oauth2_proxy.passAccessToken
Pass OAuth access_token to upstream via X-Forwarded-Access-Token header.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.passBasicAuth
Pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.passHostHeader
Pass the request Host Header to upstream.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.profileURL
Profile access endpoint.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.provider
OAuth provider.
Type: one of "google", "azure", "facebook", "github", "keycloak", "gitlab", "linkedin", "login.gov", "bitbucket", "nextcloud", "digitalocean", "oidc"
Default: "google"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.proxyPrefix
The url root path that this proxy should be nested under.
Type: string
Default: "/oauth2"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.redeemURL
Token redemption endpoint.
You only need to set this if you are using a self-hosted provider (e.g. Github Enterprise). If you're using a publicly hosted provider (e.g github.com), then the default works.
Type: null or string
Default: null
Example: "https://provider.example.com/oauth/token"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.redirectURL
The OAuth2 redirect URL.
Type: null or string
Default: null
Example: "https://internalapp.yourcompany.com/oauth2/callback"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.requestLogging
Log requests to stdout.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.reverseProxy
In case when running behind a reverse proxy, controls whether headers like X-Real-Ip are accepted. Usage behind a reverse proxy will require this flag to be set to avoid logging the reverse proxy IP address.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.scope
OAuth scope specification.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.setXauthrequest
Set X-Auth-Request-User and X-Auth-Request-Email response headers (useful in Nginx auth_request mode). Setting this to 'null' means using the upstream default (false).
Type: null or boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.signatureKey
GAP-Signature request signature key.
Type: null or string
Default: null
Example: "sha1:secret0"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.skipAuthRegexes
Skip authentication for requests matching any of these regular expressions.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.tls.enable
Whether to serve over TLS.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.tls.certificate
Path to certificate file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.tls.httpsAddress
addr:port to listen on for HTTPS clients.
Remember to add port to allowedTCPPorts if you want other machines to be able to connect to it.
Type: string
Default: ":443"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.tls.key
Path to private key file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.upstream
The http url(s) of the upstream endpoint or file:// paths for static files. Routing is based on the path.
Type: list of strings or string convertible to it
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.oauth2_proxy.validateURL
Access token validation endpoint.
You only need to set this if you are using a self-hosted provider (e.g. Github Enterprise). If you're using a publicly hosted provider (e.g github.com), then the default works.
Type: null or string
Default: null
Example: "https://provider.example.com/user/emails"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
- services.ocserv.enable
Whether to enable ocserv.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ocserv.nix>
- services.ocserv.config
Configuration content to start an OCServ server.
For a full configuration reference,please refer to the online documentation (https://ocserv.gitlab.io/www/manual.html), the openconnect recipes (https://github.com/openconnect/recipes) or `man ocserv`.
Type: strings concatenated with "\n"
Example:
'' # configuration examples from $out/doc without explanatory comments. # for a full reference please look at the installed man pages. auth = "plain[passwd=./sample.passwd]" tcp-port = 443 udp-port = 443 run-as-user = nobody run-as-group = nogroup socket-file = /run/ocserv-socket server-cert = certs/server-cert.pem server-key = certs/server-key.pem keepalive = 32400 dpd = 90 mobile-dpd = 1800 switch-to-tcp-timeout = 25 try-mtu-discovery = false cert-user-oid = 0.9.2342.19200300.100.1.1 tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0" auth-timeout = 240 min-reauth-time = 300 max-ban-score = 80 ban-reset-time = 1200 cookie-timeout = 300 deny-roaming = false rekey-time = 172800 rekey-method = ssl use-occtl = true pid-file = /run/ocserv.pid device = vpns predictable-ips = true default-domain = example.com ipv4-network = 192.168.1.0 ipv4-netmask = 255.255.255.0 dns = 192.168.1.2 ping-leases = false route = 10.10.10.0/255.255.255.0 route = 192.168.0.0/255.255.0.0 no-route = 192.168.5.0/255.255.255.0 cisco-client-compat = true dtls-legacy = true [vhost:www.example.com] auth = "certificate" ca-cert = certs/ca.pem server-cert = certs/server-cert-secp521r1.pem server-key = cersts/certs/server-key-secp521r1.pem ipv4-network = 192.168.2.0 ipv4-netmask = 255.255.255.0 cert-user-oid = 0.9.2342.19200300.100.1.1 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/ocserv.nix>
- services.octoprint.enable
Whether to enable OctoPrint, web interface for 3D printers.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
- services.octoprint.extraConfig
Extra options which are added to OctoPrint's YAML configuration file.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
- services.octoprint.group
Group for the daemon.
Type: string
Default: "octoprint"
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
- services.octoprint.host
Host to bind OctoPrint to.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
- services.octoprint.plugins
Additional plugins to be used. Available plugins are passed through the plugins input.
Type: function that evaluates to a(n) listOf
Default: plugins: []
Example: plugins: with plugins; [ themeify stlviewer ]
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
- services.octoprint.port
Port to bind OctoPrint to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5000
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
- services.octoprint.stateDir
State directory of the daemon.
Type: path
Default: "/var/lib/octoprint"
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
- services.octoprint.user
User for the daemon.
Type: string
Default: "octoprint"
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
- services.odoo.enable
Whether to enable odoo.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/finance/odoo.nix>
- services.odoo.package
Odoo package to use.
Type: package
Default: pkgs.odoo
Declared by:
<nixpkgs/nixos/modules/services/finance/odoo.nix>
- services.odoo.addons
Odoo addons.
Type: list of packages
Default: [ ]
Example: [ pkgs.odoo_enterprise ]
Declared by:
<nixpkgs/nixos/modules/services/finance/odoo.nix>
- services.odoo.domain
Domain to host Odoo with nginx
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/finance/odoo.nix>
- services.odoo.settings
Odoo configuration settings. For more details see https://www.odoo.com/documentation/15.0/administration/install/deploy.html
Type: attribute set of attribute set of INI atom (null, bool, int, float or string)ss
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/finance/odoo.nix>
- services.offlineimap.enable
Whether to enable OfflineIMAP, a software to dispose your mailbox(es) as a local Maildir(s).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/offlineimap.nix>
- services.offlineimap.package
Offlineimap derivation to use.
Type: package
Default: pkgs.offlineimap
Declared by:
<nixpkgs/nixos/modules/services/mail/offlineimap.nix>
- services.offlineimap.install
Whether to install a user service for Offlineimap. Once the service is started, emails will be fetched automatically.
The service must be manually started for each user with "systemctl --user start offlineimap" or globally through services.offlineimap.enable.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/offlineimap.nix>
- services.offlineimap.onCalendar
How often is offlineimap started. Default is '*:0/3' meaning every 3 minutes. See systemd.time(7) for more information about the format.
Type: string
Default: "*:0/3"
Declared by:
<nixpkgs/nixos/modules/services/mail/offlineimap.nix>
- services.offlineimap.path
List of derivations to put in Offlineimap's path.
Type: list of paths
Default: [ ]
Example: [ pkgs.pass pkgs.bash pkgs.notmuch ]
Declared by:
<nixpkgs/nixos/modules/services/mail/offlineimap.nix>
- services.offlineimap.timeoutStartSec
How long waiting for offlineimap before killing it. Default is '120sec' meaning every 2 minutes. See systemd.time(7) for more information about the format.
Type: string
Default: "120sec"
Declared by:
<nixpkgs/nixos/modules/services/mail/offlineimap.nix>
- services.ofono.enable
Whether to enable Ofono.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ofono.nix>
- services.ofono.plugins
The list of plugins to install.
Type: list of packages
Default: [ ]
Example: [ pkgs.modem-manager-gui ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ofono.nix>
- services.oidentd.enable
Whether to enable ‘oidentd’, an implementation of the Ident protocol (RFC 1413). It allows remote systems to identify the name of the user associated with a TCP connection.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/oidentd.nix>
- services.ombi.enable
Whether to enable Ombi. Optionally see https://docs.ombi.app/info/reverse-proxy on how to set up a reverse proxy .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/ombi.nix>
- services.ombi.dataDir
The directory where Ombi stores its data files.
Type: string
Default: "/var/lib/ombi"
Declared by:
<nixpkgs/nixos/modules/services/misc/ombi.nix>
- services.ombi.group
Group under which Ombi runs.
Type: string
Default: "ombi"
Declared by:
<nixpkgs/nixos/modules/services/misc/ombi.nix>
- services.ombi.openFirewall
Open ports in the firewall for the Ombi web interface.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/ombi.nix>
- services.ombi.port
The port for the Ombi web interface.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5000
Declared by:
<nixpkgs/nixos/modules/services/misc/ombi.nix>
- services.ombi.user
User account under which Ombi runs.
Type: string
Default: "ombi"
Declared by:
<nixpkgs/nixos/modules/services/misc/ombi.nix>
- services.onedrive.enable
Enable OneDrive service
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/onedrive.nix>
- services.onedrive.package
OneDrive package to use.
Type: package
Default: pkgs.onedrive
Declared by:
<nixpkgs/nixos/modules/services/networking/onedrive.nix>
- services.openafsClient.enable
Whether to enable the OpenAFS client.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
- services.openafsClient.packages.module
OpenAFS kernel module package. MUST match the userland package!
Type: package
Default: config.boot.kernelPackages.openafs
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
- services.openafsClient.packages.programs
OpenAFS programs package. MUST match the kernel module package!
Type: package
Default: getBin pkgs.openafs
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
- services.openafsClient.afsdb
Resolve cells via AFSDB DNS records.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
- services.openafsClient.cache.blocks
Cache size in 1KB blocks.
Type: signed integer
Default: 100000
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
- services.openafsClient.cache.chunksize
Size of each cache chunk given in powers of 2. 0 resets the chunk size to its default values (13 (8 KB) for memcache, 18-20 (256 KB to 1 MB) for diskcache). Maximum value is 30. Important performance parameter. Set to higher values when dealing with large files.
Type: integer between 0 and 30 (both inclusive)
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
- services.openafsClient.cache.directory
Cache directory.
Type: string
Default: "/var/cache/openafs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
- services.openafsClient.cache.diskless
Use in-memory cache for diskless machines. Has no real performance benefit anymore.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
- services.openafsClient.cellName
Cell name.
Type: string
Default: ""
Example: "grand.central.org"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
- services.openafsClient.cellServDB
This cell's database server records, added to the global CellServDB. See CellServDB(5) man page for syntax. Ignored when afsdb is set to true.
Type: list of submodules
Default: [ ]
Example: [ { dnsname = "first.afsdb.server.dns.fqdn.org"; ip = "1.2.3.4"; } { dnsname = "second.afsdb.server.dns.fqdn.org"; ip = "2.3.4.5"; } ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
- services.openafsClient.cellServDB.*.dnsname
DNS full-qualified domain name of a database server
Type: string
Default: ""
Example: "afs.example.org"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
- services.openafsClient.cellServDB.*.ip
IP Address of a database server
Type: string
Default: ""
Example: "1.2.3.4"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
- services.openafsClient.crypt
Whether to enable (weak) protocol encryption.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
- services.openafsClient.daemons
Number of daemons to serve user requests. Numbers higher than 6 usually do no increase performance. Default is sufficient for up to five concurrent users.
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
- services.openafsClient.fakestat
Return fake data on stat() calls. If true, always do so. If false, only do so for cross-cell mounts (as these are potentially expensive).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
- services.openafsClient.inumcalc
Inode calculation method. compat is computationally less expensive, but md5 greatly reduces the likelihood of inode collisions in larger scenarios involving multiple cells mounted into one AFS space.
Type: string matching the pattern compat|md5
Default: "compat"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
- services.openafsClient.mountPoint
Mountpoint of the AFS file tree, conventionally /afs. When set to a different value, only cross-cells that use the same value can be accessed.
Type: string
Default: "/afs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
- services.openafsClient.sparse
Minimal cell list in /afs.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
- services.openafsClient.startDisconnected
Start up in disconnected mode. You need to execute fs disco online (as root) to switch to connected mode. Useful for roaming devices.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
- services.openafsServer.enable
Whether to enable the OpenAFS server. An OpenAFS server needs a complex setup. So, be aware that enabling this service and setting some options does not give you a turn-key-ready solution. You need at least a running Kerberos 5 setup, as OpenAFS relies on it for authentication. See the Guide "QuickStartUnix" coming with pkgs.openafs.doc for complete setup instructions.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
- services.openafsServer.package
OpenAFS package for the server binaries
Type: package
Default: pkgs.openafs.server or pkgs.openafs
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
- services.openafsServer.advertisedAddresses
List of IP addresses this server is advertised under. See NetInfo(5)
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
- services.openafsServer.cellName
Cell name, this server will serve.
Type: string
Default: ""
Example: "grand.central.org"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
- services.openafsServer.cellServDB
Definition of all cell-local database server machines.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
- services.openafsServer.cellServDB.*.dnsname
DNS full-qualified domain name of a database server
Type: string
Default: ""
Example: "afs.example.org"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
- services.openafsServer.cellServDB.*.ip
IP Address of a database server
Type: string
Default: ""
Example: "1.2.3.4"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
- services.openafsServer.dottedPrincipals
If enabled, allow principal names containing (.) dots. Enabling this has security implications!
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
- services.openafsServer.roles.backup.enable
Backup server role. Use in conjunction with the database role to maintain the Backup Database. Normally only used in conjunction with tape storage or IBM's Tivoli Storage Manager.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
- services.openafsServer.roles.backup.buserverArgs
Arguments to the buserver process. See its man page.
Type: string
Default: ""
Example: "-p 8"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
- services.openafsServer.roles.backup.cellServDB
Definition of all cell-local backup database server machines. Use this when your cell uses less backup database servers than other database server machines.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
- services.openafsServer.roles.backup.cellServDB.*.dnsname
DNS full-qualified domain name of a database server
Type: string
Default: ""
Example: "afs.example.org"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
- services.openafsServer.roles.backup.cellServDB.*.ip
IP Address of a database server
Type: string
Default: ""
Example: "1.2.3.4"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
- services.openafsServer.roles.database.enable
Database server role, maintains the Volume Location Database, Protection Database (and Backup Database, see backup role). There can be multiple servers in the database role for replication, which then need reliable network connection to each other.
Servers in this role appear in AFSDB DNS records or the CellServDB.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
- services.openafsServer.roles.database.ptserverArgs
Arguments to the ptserver process. See its man page.
Type: string
Default: ""
Example: "-restricted -default_access S---- S-M---"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
- services.openafsServer.roles.database.vlserverArgs
Arguments to the vlserver process. See its man page.
Type: string
Default: ""
Example: "-rxbind"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
- services.openafsServer.roles.fileserver.enable
Fileserver role, serves files and volumes from its local storage.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
- services.openafsServer.roles.fileserver.fileserverArgs
Arguments to the dafileserver process. See its man page.
Type: string
Default: "-vattachpar 128 -vhashsize 11 -L -rxpck 400 -cb 1000000"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
- services.openafsServer.roles.fileserver.salvagerArgs
Arguments to the dasalvager process. See its man page.
Type: string
Default: ""
Example: "-showlog -showmounts"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
- services.openafsServer.roles.fileserver.salvageserverArgs
Arguments to the salvageserver process. See its man page.
Type: string
Default: ""
Example: "-showlog"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
- services.openafsServer.roles.fileserver.volserverArgs
Arguments to the davolserver process. See its man page.
Type: string
Default: ""
Example: "-sync never"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
- services.openafsServer.udpPacketSize
UDP packet size to use in Bytes. Higher values can speed up communications. The default of 1 MB is a sufficient in most cases. Make sure to increase the kernel's UDP buffer size accordingly via net.core(w|r|opt)mem_max sysctl.
Type: signed integer
Default: 1310720
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
- services.openarena.enable
Whether to enable OpenArena.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/games/openarena.nix>
- services.openarena.extraFlags
Extra flags to pass to oa_ded
Type: list of strings
Default: [ ]
Example: [ "+set dedicated 2" "+set sv_hostname 'My NixOS OpenArena Server'" "+map oa_dm1" ]
Declared by:
<nixpkgs/nixos/modules/services/games/openarena.nix>
- services.openarena.openPorts
Whether to open firewall ports for OpenArena
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/openarena.nix>
- services.opendkim.enable
Whether to enable the OpenDKIM sender authentication system.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/opendkim.nix>
- services.opendkim.configFile
Additional opendkim configuration.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/opendkim.nix>
- services.opendkim.domains
Local domains set (see opendkim(8) for more information on datasets). Messages from them are signed, not verified.
Type: string
Default: "csl:nixos"
Example: "csl:example.com,mydomain.net"
Declared by:
<nixpkgs/nixos/modules/services/mail/opendkim.nix>
- services.opendkim.group
Group for the daemon.
Type: string
Default: "opendkim"
Declared by:
<nixpkgs/nixos/modules/services/mail/opendkim.nix>
- services.opendkim.keyPath
The path that opendkim should put its generated private keys into. The DNS settings will be found in this directory with the name selector.txt.
Type: path
Default: "/var/lib/opendkim/keys"
Declared by:
<nixpkgs/nixos/modules/services/mail/opendkim.nix>
- services.opendkim.selector
Selector to use when signing.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/mail/opendkim.nix>
- services.opendkim.socket
Socket which is used for communication with OpenDKIM.
Type: string
Default: "local:/run/opendkim/opendkim.sock"
Declared by:
<nixpkgs/nixos/modules/services/mail/opendkim.nix>
- services.opendkim.user
User for the daemon.
Type: string
Default: "opendkim"
Declared by:
<nixpkgs/nixos/modules/services/mail/opendkim.nix>
- services.openfire.enable
Whether to enable OpenFire XMPP server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/openfire.nix>
- services.openfire.usePostgreSQL
Whether you use PostgreSQL service for your storage back-end.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/openfire.nix>
- services.openiscsi.enable
Whether to enable the openiscsi iscsi daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/initiator.nix>
- services.openiscsi.enableAutoLoginOut
Whether to enable automatic login and logout of all automatic targets. You probably do not want this. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/initiator.nix>
- services.openiscsi.package
openiscsi package to use
Type: package
Default: pkgs.openiscsi
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/initiator.nix>
- services.openiscsi.discoverPortal
Portal to discover targets on
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/initiator.nix>
- services.openiscsi.extraConfig
Lines to append to default iscsid.conf
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/initiator.nix>
- services.openiscsi.extraConfigFile
Append an additional file's contents to /etc/iscsid.conf. Use a non-store path and store passwords in this file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/initiator.nix>
- services.openiscsi.name
Name of this iscsi initiator
Type: string
Example: "iqn.2020-08.org.linux-iscsi.initiatorhost:example"
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/initiator.nix>
- services.openldap.enable
Whether to enable the ldap server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
- services.openldap.package
OpenLDAP package to use.
This can be used to, for example, set an OpenLDAP package with custom overrides to enable modules or other functionality.
Type: package
Default: pkgs.openldap
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
- services.openldap.configDir
Use this config directory instead of generating one from the settings option. Overrides all NixOS settings. If you use this option,ensure `olcPidFile` is set to `/run/slapd/slapd.conf`.
Type: null or path
Default: null
Example: "/var/db/slapd.d"
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
- services.openldap.declarativeContents
Declarative contents for the LDAP database, in LDIF format by suffix.
All data will be erased when starting the LDAP server. Modifications to the database are not prevented, they are just dropped on the next reboot of the server. Performance-wise the database and indexes are rebuilt on each server startup, so this will slow down server startup, especially with large databases.
Type: attribute set of strings concatenated with "\n"s
Default: { }
Example:
{ "dc=example,dc=org" = '' dn= dn: dc=example,dc=org objectClass: domain dc: example dn: ou=users,dc=example,dc=org objectClass = organizationalUnit ou: users # ... ''; }Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
- services.openldap.group
Group account under which slapd runs.
Type: string
Default: "openldap"
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
- services.openldap.settings
Configuration for OpenLDAP, in OLC format
Type: submodule
Example:
{ attrs.olcLogLevel = [ "stats" ]; children = { "cn=schema".includes = [ "${pkgs.openldap}/etc/schema/core.ldif" "${pkgs.openldap}/etc/schema/cosine.ldif" "${pkgs.openldap}/etc/schema/inetorgperson.ldif" ]; "olcDatabase={-1}frontend" = { attrs = { objectClass = "olcDatabaseConfig"; olcDatabase = "{-1}frontend"; olcAccess = [ "{0}to * by dn.exact=uidNumber=0+gidNumber=0,cn=peercred,cn=external,cn=auth manage stop by * none stop" ]; }; }; "olcDatabase={0}config" = { attrs = { objectClass = "olcDatabaseConfig"; olcDatabase = "{0}config"; olcAccess = [ "{0}to * by * none break" ]; }; }; "olcDatabase={1}mdb" = { attrs = { objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; olcDatabase = "{1}mdb"; olcDbDirectory = "/var/db/ldap"; olcDbIndex = [ "objectClass eq" "cn pres,eq" "uid pres,eq" "sn pres,eq,subany" ]; olcSuffix = "dc=example,dc=com"; olcAccess = [ "{0}to * by * read break" ]; }; }; }; };Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
- services.openldap.settings.attrs
Attributes of the parent entry.
Type: attribute set of LDAP value or list of LDAP valuess
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
- services.openldap.settings.children
Child entries of the current entry, with recursively the same structure.
Type: attribute set of submodules
Default: { }
Example:
{ "cn=schema" = { # The attribute used in the DN must be defined attrs = { cn = "schema"; }; children = { # This entry's DN is expanded to "cn=foo,cn=schema" "cn=foo" = { ... }; }; # These includes are inserted after "cn=schema", but before "cn=foo,cn=schema" includes = [ ... ]; }; }Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
- services.openldap.settings.includes
LDIF files to include after the parent's attributes but before its children.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
- services.openldap.urlList
URL list slapd should listen on.
Type: list of strings
Default: [ "ldap:///" ]
Example: [ "ldaps:///" ]
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
- services.openldap.user
User account under which slapd runs.
Type: string
Default: "openldap"
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
- services.openntpd.enable
Whether to enable OpenNTP time synchronization server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/openntpd.nix>
- services.openntpd.extraConfig
Additional text appended to openntpd.conf.
Type: strings concatenated with "\n"
Default: ""
Example:
'' listen on 127.0.0.1 listen on ::1 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/openntpd.nix>
- services.openntpd.extraOptions
Extra options used when launching openntpd.
Type: strings concatenated with " "
Default: ""
Example: "-s"
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/openntpd.nix>
- services.openntpd.servers
The set of NTP servers from which to synchronise.
Type: list of strings
Default: [ "0.nixos.pool.ntp.org" "1.nixos.pool.ntp.org" "2.nixos.pool.ntp.org" "3.nixos.pool.ntp.org" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/openntpd.nix>
- services.opensmtpd.enable
Whether to enable the OpenSMTPD server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/opensmtpd.nix>
- services.opensmtpd.package
The OpenSMTPD package to use.
Type: package
Default: pkgs.opensmtpd
Declared by:
<nixpkgs/nixos/modules/services/mail/opensmtpd.nix>
- services.opensmtpd.extraServerArgs
Extra command line arguments provided when the smtpd process is started.
Type: list of strings
Default: [ ]
Example: [ "-v" "-P mta" ]
Declared by:
<nixpkgs/nixos/modules/services/mail/opensmtpd.nix>
- services.opensmtpd.procPackages
Packages to search for filters, tables, queues, and schedulers.
Add OpenSMTPD-extras here if you want to use the filters, etc. from that package.
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/opensmtpd.nix>
- services.opensmtpd.serverConfiguration
The contents of the smtpd.conf configuration file. See the OpenSMTPD documentation for syntax information.
Type: strings concatenated with "\n"
Example:
'' listen on lo accept for any deliver to lmtp localhost:24 ''
Declared by:
<nixpkgs/nixos/modules/services/mail/opensmtpd.nix>
- services.opensmtpd.setSendmail
Whether to set the system sendmail to OpenSMTPD's.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/opensmtpd.nix>
- services.opensnitch.enable
Whether to enable Opensnitch application firewall.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/opensnitch.nix>
- services.openssh.enable
Whether to enable the OpenSSH secure shell daemon, which allows secure remote logins.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.allowSFTP
Whether to enable the SFTP subsystem in the SSH daemon. This enables the use of commands such as sftp and sshfs.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.authorizedKeysCommand
Specifies a program to be used to look up the user's public keys. The program must be owned by root, not writable by group or others and specified by an absolute path.
Type: string
Default: "none"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.authorizedKeysCommandUser
Specifies the user under whose account the AuthorizedKeysCommand is run. It is recommended to use a dedicated user that has no other role on the host than running authorized keys commands.
Type: string
Default: "nobody"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.authorizedKeysFiles
Specify the rules for which files to read on the host.
This is an advanced option. If you're looking to configure user keys, you can generally use users.users.<name>.openssh.authorizedKeys.keys or users.users.<name>.openssh.authorizedKeys.keyFiles.
These are paths relative to the host root file system or home directories and they are subject to certain token expansion rules. See AuthorizedKeysFile in man sshd_config for details.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.banner
Message to display to the remote user before authentication is allowed.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.challengeResponseAuthentication
Specifies whether challenge/response authentication is allowed.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.ciphers
Allowed ciphers
Defaults to recommended settings from both https://stribika.github.io/2015/01/04/secure-secure-shell.html and https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67
Type: list of strings
Default: [ "chacha20-poly1305@openssh.com" "aes256-gcm@openssh.com" "aes128-gcm@openssh.com" "aes256-ctr" "aes192-ctr" "aes128-ctr" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.extraConfig
Verbatim contents of sshd_config.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.forwardX11
Whether to allow X11 connections to be forwarded.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.gatewayPorts
Specifies whether remote hosts are allowed to connect to ports forwarded for the client. See sshd_config(5).
Type: string
Default: "no"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.hostKeys
NixOS can automatically generate SSH host keys. This option specifies the path, type and size of each key. See ssh-keygen(1) for supported types and sizes.
Type: list of attribute sets
Default: [ { bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; type = "rsa"; } { path = "/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; } ]
Example: [ { bits = 4096; openSSHFormat = true; path = "/etc/ssh/ssh_host_rsa_key"; rounds = 100; type = "rsa"; } { comment = "key comment"; path = "/etc/ssh/ssh_host_ed25519_key"; rounds = 100; type = "ed25519"; } ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.kexAlgorithms
Allowed key exchange algorithms
Defaults to recommended settings from both https://stribika.github.io/2015/01/04/secure-secure-shell.html and https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67
Type: list of strings
Default: [ "curve25519-sha256" "curve25519-sha256@libssh.org" "diffie-hellman-group-exchange-sha256" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.knownHosts
Alias of programs.ssh.knownHosts.
Type: attribute set of submodules
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.knownHosts.<name>.certAuthority
This public key is an SSH certificate authority, rather than an individual host's key.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
- services.openssh.knownHosts.<name>.hostNames
A list of host names and/or IP numbers used for accessing the host's ssh service.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
- services.openssh.knownHosts.<name>.publicKey
The public key data for the host. You can fetch a public key from a running SSH server with the ssh-keyscan command. The public key should not include any host names, only the key type and the key itself.
Type: null or string
Default: null
Example: "ecdsa-sha2-nistp521 AAAAE2VjZHN...UEPg=="
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
- services.openssh.knownHosts.<name>.publicKeyFile
The path to the public key file for the host. The public key file is read at build time and saved in the Nix store. You can fetch a public key file from a running SSH server with the ssh-keyscan command. The content of the file should follow the same format as described for the publicKey option.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
- services.openssh.listenAddresses
List of addresses and ports to listen on (ListenAddress directive in config). If port is not specified for address sshd will listen on all ports specified by ports option. NOTE: this will override default listening on all local addresses and port 22. NOTE: setting this option won't automatically enable given ports in firewall configuration.
Type: list of submodules
Default: [ ]
Example: [ { addr = "192.168.3.1"; port = 22; } { addr = "0.0.0.0"; port = 64022; } ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.listenAddresses.*.addr
Host, IPv4 or IPv6 address to listen to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.listenAddresses.*.port
Port to listen to.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.logLevel
Gives the verbosity level that is used when logging messages from sshd(8). The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging output. Logging with a DEBUG level violates the privacy of users and is not recommended.
Type: one of "QUIET", "FATAL", "ERROR", "INFO", "VERBOSE", "DEBUG", "DEBUG1", "DEBUG2", "DEBUG3"
Default: "INFO"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.macs
Allowed MACs
Defaults to recommended settings from both https://stribika.github.io/2015/01/04/secure-secure-shell.html and https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67
Type: list of strings
Default: [ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-256-etm@openssh.com" "umac-128-etm@openssh.com" "hmac-sha2-512" "hmac-sha2-256" "umac-128@openssh.com" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.moduliFile
Path to moduli file to install in /etc/ssh/moduli. If this option is unset, then the moduli file shipped with OpenSSH will be used.
Type: path
Example: "/etc/my-local-ssh-moduli;"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.openFirewall
Whether to automatically open the specified ports in the firewall.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.passwordAuthentication
Specifies whether password authentication is allowed.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.permitRootLogin
Whether the root user can login using ssh.
Type: one of "yes", "without-password", "prohibit-password", "forced-commands-only", "no"
Default: "prohibit-password"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.ports
Specifies on which ports the SSH daemon listens.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)s
Default: [ 22 ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.sftpFlags
Commandline flags to add to sftp-server.
Type: list of strings
Default: [ ]
Example: [ "-f AUTHPRIV" "-l INFO" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.sftpServerExecutable
The sftp server executable. Can be a path or "internal-sftp" to use the sftp server built into the sshd binary.
Type: string
Example: "internal-sftp"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.startWhenNeeded
If set, sshd is socket-activated; that is, instead of having it permanently running as a daemon, systemd will start an instance for each incoming connection.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.openssh.useDns
Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for the remote IP address maps back to the very same IP address. If this option is set to no (the default) then only addresses and not host names may be used in ~/.ssh/authorized_keys from and sshd_config Match Host directives.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.opentracker.enable
Whether to enable opentracker.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/torrent/opentracker.nix>
- services.opentracker.package
opentracker package to use
Type: package
Default: pkgs.opentracker
Declared by:
<nixpkgs/nixos/modules/services/torrent/opentracker.nix>
- services.opentracker.extraOptions
Configuration Arguments for opentracker See https://erdgeist.org/arts/software/opentracker/ for all params
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/torrent/opentracker.nix>
- services.opentsdb.enable
Whether to run OpenTSDB.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/opentsdb.nix>
- services.opentsdb.package
OpenTSDB package to use.
Type: package
Default: pkgs.opentsdb
Declared by:
<nixpkgs/nixos/modules/services/databases/opentsdb.nix>
- services.opentsdb.config
The contents of OpenTSDB's configuration file
Type: strings concatenated with "\n"
Default:
'' tsd.core.auto_create_metrics = true tsd.http.request.enable_chunked = true ''
Declared by:
<nixpkgs/nixos/modules/services/databases/opentsdb.nix>
- services.opentsdb.group
Group account under which OpenTSDB runs.
Type: string
Default: "opentsdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/opentsdb.nix>
- services.opentsdb.port
Which port OpenTSDB listens on.
Type: signed integer
Default: 4242
Declared by:
<nixpkgs/nixos/modules/services/databases/opentsdb.nix>
- services.opentsdb.user
User account under which OpenTSDB runs.
Type: string
Default: "opentsdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/opentsdb.nix>
- services.openvpn.servers
Each attribute of this option defines a systemd service that runs an OpenVPN instance. These can be OpenVPN servers or clients. The name of each systemd service is openvpn-name.service, where name is the corresponding attribute name.
Type: attribute set of submodules
Default: { }
Example:
{ server = { config = '' # Simplest server configuration: https://community.openvpn.net/openvpn/wiki/StaticKeyMiniHowto # server : dev tun ifconfig 10.8.0.1 10.8.0.2 secret /root/static.key ''; up = "ip route add ..."; down = "ip route del ..."; }; client = { config = '' client remote vpn.example.org dev tun proto tcp-client port 8080 ca /root/.vpn/ca.crt cert /root/.vpn/alice.crt key /root/.vpn/alice.key ''; up = "echo nameserver $nameserver | ${pkgs.openresolv}/sbin/resolvconf -m 0 -a $dev"; down = "${pkgs.openresolv}/sbin/resolvconf -d $dev"; }; }Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
- services.openvpn.servers.<name>.authUserPass
This option can be used to store the username / password credentials with the "auth-user-pass" authentication method.
WARNING: Using this option will put the credentials WORLD-READABLE in the Nix store!
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
- services.openvpn.servers.<name>.authUserPass.password
The password to store inside the credentials file.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
- services.openvpn.servers.<name>.authUserPass.username
The username to store inside the credentials file.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
- services.openvpn.servers.<name>.autoStart
Whether this OpenVPN instance should be started automatically.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
- services.openvpn.servers.<name>.config
Configuration of this OpenVPN instance. See openvpn(8) for details.
To import an external config file, use the following definition: config = "config /path/to/config.ovpn"
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
- services.openvpn.servers.<name>.down
Shell commands executed when the instance is shutting down.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
- services.openvpn.servers.<name>.up
Shell commands executed when the instance is starting.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
- services.openvpn.servers.<name>.updateResolvConf
Use the script from the update-resolv-conf package to automatically update resolv.conf with the DNS information provided by openvpn. The script will be run after the "up" commands and before the "down" commands.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
- services.openwebrx.enable
Whether to enable OpenWebRX Web interface for Software-Defined Radios on http://localhost:8073.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/openwebrx.nix>
- services.openwebrx.package
OpenWebRX package to use for the service
Type: package
Default: (build of openwebrx-1.1.0)
Declared by:
<nixpkgs/nixos/modules/services/web-apps/openwebrx.nix>
- services.orangefs.client.enable
Whether to enable OrangeFS client daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/client.nix>
- services.orangefs.client.extraOptions
Extra command line options for pvfs2-client.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/client.nix>
- services.orangefs.client.fileSystems
The orangefs file systems to be mounted. This option is prefered over using fileSystems directly since the pvfs client service needs to be running for it to be mounted.
Type: list of submodules
Example: [ { mountPoint = "/orangefs"; target = "tcp://server:3334/orangefs"; } ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/client.nix>
- services.orangefs.client.fileSystems.*.mountPoint
Mount point.
Type: string
Default: "/orangefs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/client.nix>
- services.orangefs.client.fileSystems.*.options
Mount options
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/client.nix>
- services.orangefs.client.fileSystems.*.target
Target URL
Type: string
Example: "tcp://server:3334/orangefs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/client.nix>
- services.orangefs.server.enable
Whether to enable OrangeFS server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
- services.orangefs.server.BMIModules
List of BMI modules to load.
Type: list of strings
Default: [ "bmi_tcp" ]
Example: [ "bmi_tcp" "bmi_ib" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
- services.orangefs.server.dataStorageSpace
Directory for data storage.
Type: null or string
Default: null
Example: "/data/storage"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
- services.orangefs.server.extraConfig
Extra config for the global section.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
- services.orangefs.server.extraDefaults
Extra config for <Defaults> section.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
- services.orangefs.server.fileSystems
These options will create the <FileSystem> sections of config file.
Type: attribute set of submodules
Default: { orangefs = { } ; }
Example:
{ fs1 = { id = 101; }; fs2 = { id = 102; }; }Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
- services.orangefs.server.fileSystems.<name>.extraConfig
Extra config for <FileSystem> section.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
- services.orangefs.server.fileSystems.<name>.extraStorageHints
Extra config for <StorageHints> section.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
- services.orangefs.server.fileSystems.<name>.id
File system ID (must be unique within configuration).
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
- services.orangefs.server.fileSystems.<name>.rootHandle
File system root ID.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
- services.orangefs.server.fileSystems.<name>.troveSyncData
Sync data.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
- services.orangefs.server.fileSystems.<name>.troveSyncMeta
Sync meta data.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
- services.orangefs.server.logType
Destination for log messages.
Type: one of "file", "syslog"
Default: "syslog"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
- services.orangefs.server.metadataStorageSpace
Directory for meta data storage.
Type: null or string
Default: null
Example: "/data/meta"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
- services.orangefs.server.servers
URLs for storage server including port. The attribute names define the server alias.
Type: attribute set of strings
Default: { }
Example: { node1 = "tcp://node1:3334"; node2 = "tcp://node2:3334"; }
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
- services.osrm.enable
Enable the OSRM service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/osrm.nix>
- services.osrm.address
IP address on which the web server will listen.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/osrm.nix>
- services.osrm.algorithm
Algorithm to use for the data. Must be one of CH, CoreCH, MLD
Type: one of "CH", "CoreCH", "MLD"
Default: "MLD"
Declared by:
<nixpkgs/nixos/modules/services/misc/osrm.nix>
- services.osrm.dataFile
Data file location
Type: path
Example: "/var/lib/osrm/berlin-latest.osrm"
Declared by:
<nixpkgs/nixos/modules/services/misc/osrm.nix>
- services.osrm.extraFlags
Extra command line arguments passed to osrm-routed
Type: list of strings
Default: [ ]
Example: [ "--max-table-size 1000" "--max-matching-size 1000" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/osrm.nix>
- services.osrm.port
Port on which the web server will run.
Type: signed integer
Default: 5000
Declared by:
<nixpkgs/nixos/modules/services/misc/osrm.nix>
- services.osrm.threads
Number of threads to use.
Type: signed integer
Default: 4
Declared by:
<nixpkgs/nixos/modules/services/misc/osrm.nix>
- services.ostinato.enable
Whether to enable Ostinato agent-controller (Drone).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ostinato.nix>
- services.ostinato.port
Port to listen on.
Type: signed integer
Default: 7878
Declared by:
<nixpkgs/nixos/modules/services/networking/ostinato.nix>
- services.ostinato.portList.exclude
A list of ports does not appear on the port list managed by drone.
Type: list of strings
Default: [ ]
Example: [ "usbmon*" "eth0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ostinato.nix>
- services.ostinato.portList.include
For a port to pass the filter and appear on the port list managed by drone, it be allowed by this include list.
Type: list of strings
Default: [ ]
Example: [ "eth*" "lo*" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ostinato.nix>
- services.ostinato.rateAccuracy
To ensure that the actual transmit rate is as close as possible to the configured transmit rate, Drone runs a busy-wait loop. While this provides the maximum accuracy possible, the CPU utilization is 100% while the transmit is on. You can however, sacrifice the accuracy to reduce the CPU load.
Type: one of "High", "Low"
Default: "High"
Declared by:
<nixpkgs/nixos/modules/services/networking/ostinato.nix>
- services.ostinato.rpcServer.address
By default, the Drone RPC server will listen on all interfaces and local IPv4 adresses for incoming connections from clients. Specify a single IPv4 or IPv6 address if you want to restrict that. To listen on any IPv6 address, use ::
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/ostinato.nix>
- services.owamp.enable
Whether to enable Enable OWAMP server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/owamp.nix>
- services.owncast.enable
Whether to enable owncast.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/owncast.nix>
- services.owncast.dataDir
The directory where owncast stores its data files. If left as the default value this directory will automatically be created before the owncast server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: string
Default: "/var/lib/owncast"
Declared by:
<nixpkgs/nixos/modules/services/misc/owncast.nix>
- services.owncast.group
Group under which owncast runs.
Type: string
Default: "owncast"
Declared by:
<nixpkgs/nixos/modules/services/misc/owncast.nix>
- services.owncast.listen
The IP address to bind the owncast web server to.
Type: string
Default: "127.0.0.1"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/owncast.nix>
- services.owncast.openFirewall
Open the appropriate ports in the firewall for owncast.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/owncast.nix>
- services.owncast.port
TCP port where owncast web-gui listens.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/misc/owncast.nix>
- services.owncast.rtmp-port
TCP port where owncast rtmp service listens.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1935
Declared by:
<nixpkgs/nixos/modules/services/misc/owncast.nix>
- services.owncast.user
User account under which owncast runs.
Type: string
Default: "owncast"
Declared by:
<nixpkgs/nixos/modules/services/misc/owncast.nix>
- services.oxidized.enable
Whether to enable the oxidized configuration backup service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/admin/oxidized.nix>
- services.oxidized.configFile
Path to the oxidized configuration file.
Type: path
Example:
pkgs.writeText "oxidized-config.yml" '' --- debug: true use_syslog: true input: default: ssh ssh: secure: true interval: 3600 model_map: dell: powerconnect hp: procurve source: default: csv csv: delimiter: !ruby/regexp /:/ file: "/var/lib/oxidized/.config/oxidized/router.db" map: name: 0 model: 1 username: 2 password: 3 pid: "/var/lib/oxidized/.config/oxidized/pid" rest: 127.0.0.1:8888 retries: 3 # ... additional config '';Declared by:
<nixpkgs/nixos/modules/services/admin/oxidized.nix>
- services.oxidized.dataDir
State directory for the oxidized service.
Type: path
Default: "/var/lib/oxidized"
Declared by:
<nixpkgs/nixos/modules/services/admin/oxidized.nix>
- services.oxidized.group
Group under which the oxidized service runs.
Type: string
Default: "oxidized"
Declared by:
<nixpkgs/nixos/modules/services/admin/oxidized.nix>
- services.oxidized.routerDB
Path to the file/database which contains the targets for oxidized.
Type: path
Example:
pkgs.writeText "oxidized-router.db" '' hostname-sw1:powerconnect:username1:password2 hostname-sw2:procurve:username2:password2 # ... additional hosts ''
Declared by:
<nixpkgs/nixos/modules/services/admin/oxidized.nix>
- services.oxidized.user
User under which the oxidized service runs.
Type: string
Default: "oxidized"
Declared by:
<nixpkgs/nixos/modules/services/admin/oxidized.nix>
- services.pantalaimon-headless.instances
Declarative instance config.
Note: to use pantalaimon interactively, e.g. for a Matrix client which does not support End-to-end encryption (like fractal), refer to the home-manager module.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/matrix/pantalaimon.nix>
- services.pantalaimon-headless.instances.<name>.dataPath
The directory where pantalaimon should store its state such as the database file.
Type: path
Default: "/var/lib/pantalaimon-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/matrix/pantalaimon.nix>
- services.pantalaimon-headless.instances.<name>.extraSettings
Extra configuration options. See pantalaimon(5) for available options.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/matrix/pantalaimon.nix>
- services.pantalaimon-headless.instances.<name>.homeserver
The URI of the homeserver that the pantalaimon proxy should forward requests to, without the matrix API path but including the http(s) schema.
Type: string
Example: "https://matrix.org"
Declared by:
<nixpkgs/nixos/modules/services/matrix/pantalaimon.nix>
- services.pantalaimon-headless.instances.<name>.listenAddress
The address where the daemon will listen to client connections for this homeserver.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/matrix/pantalaimon.nix>
- services.pantalaimon-headless.instances.<name>.listenPort
The port where the daemon will listen to client connections for this homeserver. Note that the listen address/port combination needs to be unique between different homeservers.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8009
Declared by:
<nixpkgs/nixos/modules/services/matrix/pantalaimon.nix>
- services.pantalaimon-headless.instances.<name>.logLevel
Set the log level of the daemon.
Type: one of "info", "warning", "error", "debug"
Default: "warning"
Declared by:
<nixpkgs/nixos/modules/services/matrix/pantalaimon.nix>
- services.pantalaimon-headless.instances.<name>.ssl
Whether or not SSL verification should be enabled for outgoing connections to the homeserver.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/matrix/pantalaimon.nix>
- services.pantheon.apps.enable
Whether to enable Pantheon default applications.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix>
- services.pantheon.contractor.enable
Whether to enable contractor, a desktop-wide extension service used by Pantheon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix>
- services.paperless-ng.enable
Enable Paperless-ng.
When started, the Paperless database is automatically created if it doesn't exist and updated if the Paperless package has changed. Both tasks are achieved by running a Django migration.
A script to manage the Paperless instance (by wrapping Django's manage.py) is linked to ${dataDir}/paperless-ng-manage.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/paperless-ng.nix>
- services.paperless-ng.package
The Paperless package to use.
Type: package
Default: pkgs.paperless-ng
Declared by:
<nixpkgs/nixos/modules/services/misc/paperless-ng.nix>
- services.paperless-ng.address
Web interface address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/paperless-ng.nix>
- services.paperless-ng.consumptionDir
Directory from which new documents are imported.
Type: string
Default: "${dataDir}/consume"
Declared by:
<nixpkgs/nixos/modules/services/misc/paperless-ng.nix>
- services.paperless-ng.consumptionDirIsPublic
Whether all users can write to the consumption dir.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/paperless-ng.nix>
- services.paperless-ng.dataDir
Directory to store the Paperless data.
Type: string
Default: "/var/lib/paperless"
Declared by:
<nixpkgs/nixos/modules/services/misc/paperless-ng.nix>
- services.paperless-ng.extraConfig
Extra paperless-ng config options.
See the documentation for available options.
Type: attribute set
Default: { }
Example:
{ PAPERLESS_OCR_LANGUAGE = "deu+eng"; }Declared by:
<nixpkgs/nixos/modules/services/misc/paperless-ng.nix>
- services.paperless-ng.mediaDir
Directory to store the Paperless documents.
Type: string
Default: "${dataDir}/media"
Declared by:
<nixpkgs/nixos/modules/services/misc/paperless-ng.nix>
- services.paperless-ng.passwordFile
A file containing the superuser password.
A superuser is required to access the web interface. If unset, you can create a superuser manually by running ${dataDir}/paperless-ng-manage createsuperuser.
The default superuser name is admin. To change it, set option extraConfig.PAPERLESS_ADMIN_USER. WARNING: When changing the superuser name after the initial setup, the old superuser will continue to exist.
To disable login for the web interface, set the following: extraConfig.PAPERLESS_AUTO_LOGIN_USERNAME = "admin";. WARNING: Only use this on a trusted system without internet access to Paperless.
Type: null or path
Default: null
Example: "/run/keys/paperless-ng-password"
Declared by:
<nixpkgs/nixos/modules/services/misc/paperless-ng.nix>
- services.paperless-ng.port
Web interface port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 28981
Declared by:
<nixpkgs/nixos/modules/services/misc/paperless-ng.nix>
- services.paperless-ng.user
User under which Paperless runs.
Type: string
Default: "paperless"
Declared by:
<nixpkgs/nixos/modules/services/misc/paperless-ng.nix>
- services.parsedmarc.enable
Whether to enable parsedmarc, a DMARC report monitoring service .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.provision.elasticsearch
Whether to set up and use a local instance of Elasticsearch.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.provision.geoIp
Whether to enable and configure the geoipupdate service to automatically fetch GeoIP databases. Not crucial, but recommended for full functionality.
To finish the setup, you need to manually set the services.geoipupdate.settings.AccountID and services.geoipupdate.settings.LicenseKey options.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.provision.grafana.dashboard
Whether the official parsedmarc grafana dashboard should be provisioned to the local grafana instance.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.provision.grafana.datasource
Whether the automatically provisioned Elasticsearch instance should be added as a grafana datasource. Has no effect unless services.parsedmarc.provision.elasticsearch is also enabled.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.provision.localMail.enable
Whether Postfix and Dovecot should be set up to receive mail locally. parsedmarc will be configured to watch the local inbox as the automatically created user specified in services.parsedmarc.provision.localMail.recipientName
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.provision.localMail.hostname
The hostname to use when configuring Postfix.
Should correspond to the host's fully qualified domain name and the domain part of the email address which receives DMARC reports. You also have to set up an MX record pointing to this domain name.
Type: string
Default: config.networking.fqdn
Example: "monitoring.example.com"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.provision.localMail.recipientName
The DMARC mail recipient name, i.e. the name part of the email address which receives DMARC reports.
A local user with this name will be set up and assigned a randomized password on service start.
Type: string
Default: "dmarc"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings
Configuration parameters to set in parsedmarc.ini. For a full list of available parameters, see https://domainaware.github.io/parsedmarc/#configuration-file.
Type: attribute set of attribute set of INI atom (null, bool, int, float or string)ss
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.elasticsearch.cert_path
The path to a TLS certificate bundle used to verify the server's certificate.
Type: path
Default: "/etc/ssl/certs/ca-certificates.crt"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.elasticsearch.hosts
A list of Elasticsearch hosts to push parsed reports to.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.elasticsearch.password
The path to a file containing the password to use when connecting to Elasticsearch, if required.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.elasticsearch.ssl
Whether to use an encrypted SSL/TLS connection.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.elasticsearch.user
Username to use when connecting to Elasticsearch, if required.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.general.save_aggregate
Save aggregate report data to Elasticsearch and/or Splunk.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.general.save_forensic
Save forensic report data to Elasticsearch and/or Splunk.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.imap.delete
Delete messages after processing them, instead of archiving them.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.imap.host
The IMAP server hostname or IP address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.imap.password
The path to a file containing the IMAP server password.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.imap.port
The IMAP server port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 993
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.imap.ssl
Use an encrypted SSL/TLS connection.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.imap.user
The IMAP server username.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.imap.watch
Use the IMAP IDLE command to process messages as they arrive.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.kafka.aggregate_topic
The Kafka topic to publish aggregate reports on.
Type: null or string
Default: null
Example: "aggregate"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.kafka.forensic_topic
The Kafka topic to publish forensic reports on.
Type: null or string
Default: null
Example: "forensic"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.kafka.hosts
A list of Apache Kafka hosts to publish parsed reports to.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.kafka.password
The path to a file containing the password to use when connecting to Kafka, if required.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.kafka.ssl
Whether to use an encrypted SSL/TLS connection.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.kafka.user
Username to use when connecting to Kafka, if required.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.smtp.from
The From address to use for the outgoing mail.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.smtp.host
The SMTP server hostname or IP address.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.smtp.password
The path to a file containing the SMTP server password.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.smtp.port
The SMTP server port.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.smtp.ssl
Use an encrypted SSL/TLS connection.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.smtp.to
The addresses to send outgoing mail to.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsedmarc.settings.smtp.user
The SMTP server username.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
- services.parsoid.enable
Whether to enable Parsoid -- bidirectional wikitext parser.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/parsoid.nix>
- services.parsoid.extraConfig
Extra configuration to add to parsoid configuration.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/parsoid.nix>
- services.parsoid.interface
Interface to listen on.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/parsoid.nix>
- services.parsoid.port
Port to listen on.
Type: signed integer
Default: 8000
Declared by:
<nixpkgs/nixos/modules/services/misc/parsoid.nix>
- services.parsoid.wikis
Used MediaWiki API endpoints.
Type: list of string or attribute sets
Example: [ "http://localhost/api.php" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/parsoid.nix>
- services.parsoid.workers
Number of Parsoid workers.
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/misc/parsoid.nix>
- services.pcscd.enable
Whether to enable PCSC-Lite daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/pcscd.nix>
- services.pcscd.plugins
Plugin packages to be used for PCSC-Lite.
Type: list of packages
Default: [ pkgs.ccid ]
Example: [ pkgs.pcsc-cyberjack ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/pcscd.nix>
- services.pcscd.readerConfig
Configuration for devices that aren't hotpluggable.
See reader.conf(5) for valid options.
Type: strings concatenated with "\n"
Default: ""
Example:
'' FRIENDLYNAME "Some serial reader" DEVICENAME /dev/ttyS0 LIBPATH /path/to/serial_reader.so CHANNELID 1 ''
Declared by:
<nixpkgs/nixos/modules/services/hardware/pcscd.nix>
- services.pdns-recursor.enable
Whether to enable PowerDNS Recursor, a recursive DNS server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
- services.pdns-recursor.api.address
IP address Recursor REST API server will bind to.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
- services.pdns-recursor.api.allowFrom
IP address ranges of clients allowed to make API requests.
Type: list of strings
Default: [ "0.0.0.0/0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
- services.pdns-recursor.api.port
Port number Recursor REST API server will bind to.
Type: signed integer
Default: 8082
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
- services.pdns-recursor.dns.address
IP address Recursor DNS server will bind to.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
- services.pdns-recursor.dns.allowFrom
IP address ranges of clients allowed to make DNS queries.
Type: list of strings
Default: [ "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" ]
Example: [ "0.0.0.0/0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
- services.pdns-recursor.dns.port
Port number Recursor DNS server will bind to.
Type: signed integer
Default: 53
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
- services.pdns-recursor.dnssecValidation
Controls the level of DNSSEC processing done by the PowerDNS Recursor. See https://doc.powerdns.com/md/recursor/dnssec/ for a detailed explanation.
Type: one of "off", "process-no-validate", "process", "log-fail", "validate"
Default: "validate"
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
- services.pdns-recursor.exportHosts
Whether to export names and IP addresses defined in /etc/hosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
- services.pdns-recursor.forwardZones
DNS zones to be forwarded to other authoritative servers.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
- services.pdns-recursor.forwardZonesRecurse
DNS zones to be forwarded to other recursive servers.
Type: attribute set
Default: { }
Example: { eth = "127.0.0.1:5353"; }
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
- services.pdns-recursor.luaConfig
The content Lua configuration file for PowerDNS Recursor. See https://doc.powerdns.com/recursor/lua-config/index.html.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
- services.pdns-recursor.resolveNamecoin
Resolve .bit top-level domains using ncdns and namecoin.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
- services.pdns-recursor.serveRFC1918
Whether to directly resolve the RFC1918 reverse-mapping domains: 10.in-addr.arpa, 168.192.in-addr.arpa, 16-31.172.in-addr.arpa This saves load on the AS112 servers.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
- services.pdns-recursor.settings
PowerDNS Recursor settings. Use this option to configure Recursor settings not exposed in a NixOS option or to bypass one. See the full documentation at https://doc.powerdns.com/recursor/settings.html for the available options.
Type: attribute set of null or signed integer or string or boolean or path or list of signed integer or string or boolean or pathss
Default: { }
Example:
{ loglevel = 8; log-common-errors = true; }Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
- services.pdnsd.enable
Whether to enable pdnsd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/pdnsd.nix>
- services.pdnsd.cacheDir
Directory holding the pdnsd cache
Type: string
Default: "/var/cache/pdnsd"
Declared by:
<nixpkgs/nixos/modules/services/networking/pdnsd.nix>
- services.pdnsd.extraConfig
Extra configuration directives that should be added to pdnsd.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/pdnsd.nix>
- services.pdnsd.globalConfig
Global configuration that should be added to the global directory of pdnsd.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/pdnsd.nix>
- services.pdnsd.serverConfig
Server configuration that should be added to the server directory of pdnsd.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/pdnsd.nix>
- services.peerflix.enable
Whether to enable peerflix service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/torrent/peerflix.nix>
- services.peerflix.downloadDir
Peerflix temporary download directory.
Type: path
Default: "/var/lib/peerflix/torrents"
Declared by:
<nixpkgs/nixos/modules/services/torrent/peerflix.nix>
- services.peerflix.stateDir
Peerflix state directory.
Type: path
Default: "/var/lib/peerflix"
Declared by:
<nixpkgs/nixos/modules/services/torrent/peerflix.nix>
- services.peertube.enable
Whether to enable Enable Peertube’s service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
- services.peertube.enableWebHttps
Enable or disable HTTPS protocol.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
- services.peertube.package
Peertube package to use.
Type: package
Default: (build of peertube-3.4.1)
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
- services.peertube.dataDirs
Allow access to custom data locations.
Type: list of paths
Default: [ ]
Example: [ "/opt/peertube/storage" "/var/cache/peertube" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
- services.peertube.database.createLocally
Configure local PostgreSQL database server for PeerTube.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
- services.peertube.database.host
Database host address or unix socket.
Type: string
Default: null
Example: "192.168.15.47"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
- services.peertube.database.name
Database name.
Type: string
Default: "peertube"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
- services.peertube.database.passwordFile
Password for PostgreSQL database.
Type: null or path
Default: null
Example: "/run/keys/peertube/password-posgressql-db"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
- services.peertube.database.port
Database host port.
Type: signed integer
Default: 5432
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
- services.peertube.database.user
Database user.
Type: string
Default: "peertube"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
- services.peertube.group
Group under which Peertube runs.
Type: string
Default: "peertube"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
- services.peertube.listenHttp
listen port for HTTP server.
Type: signed integer
Default: 9000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
- services.peertube.listenWeb
listen port for WEB server.
Type: signed integer
Default: 9000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
- services.peertube.localDomain
The domain serving your PeerTube instance.
Type: string
Example: "peertube.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
- services.peertube.redis.enableUnixSocket
Use Unix socket.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
- services.peertube.redis.createLocally
Configure local Redis server for PeerTube.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
- services.peertube.redis.host
Redis host.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
- services.peertube.redis.passwordFile
Password for redis database.
Type: null or path
Default: null
Example: "/run/keys/peertube/password-redis-db"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
- services.peertube.redis.port
Redis port.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 6379
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
- services.peertube.serviceEnvironmentFile
Set environment variables for the service. Mainly useful for setting the initial root password. For example write to file: PT_INITIAL_ROOT_PASSWORD=changeme
Type: null or path
Default: null
Example: "/run/keys/peertube/password-init-root"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
- services.peertube.settings
Configuration for peertube.
Type: JSON value
Example:
{ listen = { hostname = "0.0.0.0"; }; log = { level = "debug"; }; storage = { tmp = "/opt/data/peertube/storage/tmp/"; logs = "/opt/data/peertube/storage/logs/"; cache = "/opt/data/peertube/storage/cache/"; }; }Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
- services.peertube.smtp.createLocally
Configure local Postfix SMTP server for PeerTube.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
- services.peertube.smtp.passwordFile
Password for smtp server.
Type: null or path
Default: null
Example: "/run/keys/peertube/password-smtp"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
- services.peertube.user
User account under which Peertube runs.
Type: string
Default: "peertube"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
- services.pfix-srsd.enable
Whether to run the postfix sender rewriting scheme daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/pfix-srsd.nix>
- services.pfix-srsd.domain
The domain for which to enable srs
Type: string
Example: "example.com"
Declared by:
<nixpkgs/nixos/modules/services/mail/pfix-srsd.nix>
- services.pfix-srsd.secretsFile
The secret data used to encode the SRS address. to generate, use a command like: for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/ -$//' | sed 's/^/ /'; done
Type: path
Default: "/var/lib/pfix-srsd/secrets"
Declared by:
<nixpkgs/nixos/modules/services/mail/pfix-srsd.nix>
- services.pgmanage.enable
Whether to enable PostgreSQL Administration for the web.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
- services.pgmanage.package
The pgmanage package to use.
Type: package
Default: pkgs.pgmanage
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
- services.pgmanage.allowCustomConnections
This tells pgmanage whether or not to allow anyone to use a custom connection from the login screen.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
- services.pgmanage.connections
pgmanage requires at least one PostgreSQL server be defined.
Detailed information about PostgreSQL connection strings is available at: http://www.postgresql.org/docs/current/static/libpq-connect.html
Note that you should not specify your user name or password. That information will be entered on the login screen. If you specify a username or password, it will be removed by pgmanage before attempting to connect to a database.
Type: attribute set of strings
Default: { }
Example: { mini-server = "hostaddr=127.0.0.1 port=5432 dbname=postgres sslmode=require"; nuc-server = "hostaddr=192.168.0.100 port=5432 dbname=postgres"; }
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
- services.pgmanage.localOnly
This tells pgmanage whether or not to set the listening socket to local addresses only.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
- services.pgmanage.logLevel
Verbosity of logs
Type: one of "error", "warn", "notice", "info"
Default: "error"
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
- services.pgmanage.loginGroup
This tells pgmanage to only allow users in a certain PostgreSQL group to login to pgmanage. Note that a connection will be made to PostgreSQL in order to test if the user is a member of the login group.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
- services.pgmanage.loginTimeout
Number of seconds of inactivity before user is automatically logged out.
Type: signed integer
Default: 3600
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
- services.pgmanage.port
This tells pgmanage what port to listen on for browser requests.
Type: signed integer
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
- services.pgmanage.sqlRoot
This tells pgmanage where to put the SQL file history. All tabs are saved to this location so that if you get disconnected from pgmanage you don't lose your work.
Type: string
Default: "/var/lib/pgmanage"
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
- services.pgmanage.superOnly
This tells pgmanage whether or not to only allow super users to login. The recommended value is true and will restrict users who are not super users from logging in to any PostgreSQL instance through pgmanage. Note that a connection will be made to PostgreSQL in order to test if the user is a superuser.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
- services.pgmanage.tls
These options tell pgmanage where the TLS Certificate and Key files reside. If you use these options then you'll only be able to access pgmanage through a secure TLS connection. These options are only necessary if you wish to connect directly to pgmanage using a secure TLS connection. As an alternative, you can set up pgmanage in a reverse proxy configuration. This allows your web server to terminate the secure connection and pass on the request to pgmanage. You can find help to set up this configuration in: https://github.com/pgManage/pgManage/blob/master/INSTALL_NGINX.md
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
- services.pgmanage.tls.cert
TLS certificate
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
- services.pgmanage.tls.key
TLS key
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
- services.pgpkeyserver-lite.enable
Whether to enable pgpkeyserver-lite on a nginx vHost proxying to a gpg keyserver.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/pgpkeyserver-lite.nix>
- services.pgpkeyserver-lite.package
Which webgui derivation to use.
Type: package
Default: pkgs.pgpkeyserver-lite
Declared by:
<nixpkgs/nixos/modules/services/web-apps/pgpkeyserver-lite.nix>
- services.pgpkeyserver-lite.hkpAddress
Wich ip address the sks-keyserver is listening on.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/pgpkeyserver-lite.nix>
- services.pgpkeyserver-lite.hkpPort
Which port the sks-keyserver is listening on.
Type: signed integer
Default: 11371
Declared by:
<nixpkgs/nixos/modules/services/web-apps/pgpkeyserver-lite.nix>
- services.pgpkeyserver-lite.hostname
Which hostname to set the vHost to that is proxying to sks.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/pgpkeyserver-lite.nix>
- services.phpfpm.extraConfig
Extra configuration that should be put in the global section of the PHP-FPM configuration file. Do not specify the options error_log or daemonize here, since they are generated by NixOS.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
- services.phpfpm.phpOptions
Options appended to the PHP configuration file php.ini.
Type: strings concatenated with "\n"
Default: ""
Example:
'' date.timezone = "CET" ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
- services.phpfpm.phpPackage
The PHP package to use for running the PHP-FPM service.
Type: package
Default: pkgs.php
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
- services.phpfpm.pools
PHP-FPM pools. If no pools are defined, the PHP-FPM service is disabled.
Type: attribute set of submodules
Default: { }
Example:
{ mypool = { user = "php"; group = "php"; phpPackage = pkgs.php; settings = { "pm" = "dynamic"; "pm.max_children" = 75; "pm.start_servers" = 10; "pm.min_spare_servers" = 5; "pm.max_spare_servers" = 20; "pm.max_requests" = 500; }; } }Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
- services.phpfpm.pools.<name>.extraConfig
Extra lines that go into the pool configuration. See the documentation on php-fpm.conf for details on configuration directives.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
- services.phpfpm.pools.<name>.group
Group account under which this pool runs.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
- services.phpfpm.pools.<name>.listen
The address on which to accept FastCGI requests.
Type: string
Default: ""
Example: "/path/to/unix/socket"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
- services.phpfpm.pools.<name>.phpEnv
Environment variables used for this PHP-FPM pool.
Type: attribute set of strings
Default: { }
Example:
{ HOSTNAME = "$HOSTNAME"; TMP = "/tmp"; TMPDIR = "/tmp"; TEMP = "/tmp"; }Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
services.phpfpm.pools.<name>.phpOptions
"Options appended to the PHP configuration file php.ini used for this PHP-FPM pool."
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
- services.phpfpm.pools.<name>.phpPackage
The PHP package to use for running this PHP-FPM pool.
Type: package
Default: config.services.phpfpm.phpPackage
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
- services.phpfpm.pools.<name>.settings
PHP-FPM pool directives. Refer to the "List of pool directives" section of https://www.php.net/manual/en/install.fpm.configuration.php for details. Note that settings names must be enclosed in quotes (e.g. "pm.max_children" instead of pm.max_children).
Type: attribute set of string or signed integer or booleans
Default: { }
Example:
{ "pm" = "dynamic"; "pm.max_children" = 75; "pm.start_servers" = 10; "pm.min_spare_servers" = 5; "pm.max_spare_servers" = 20; "pm.max_requests" = 500; }Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
- services.phpfpm.pools.<name>.socket
Path to the unix socket file on which to accept FastCGI requests.
Note
This option is read-only and managed by NixOS.Type: string (read only)
Example: "/run/phpfpm/<name>.sock"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
- services.phpfpm.pools.<name>.user
User account under which this pool runs.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
- services.phpfpm.settings
PHP-FPM global directives. Refer to the "List of global php-fpm.conf directives" section of https://www.php.net/manual/en/install.fpm.configuration.php for details. Note that settings names must be enclosed in quotes (e.g. "pm.max_children" instead of pm.max_children). You need not specify the options error_log or daemonize here, since they are generated by NixOS.
Type: attribute set of string or signed integer or booleans
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
- services.physlock.enable
Whether to enable the physlock screen locking mechanism.
Enable this and then run systemctl start physlock to securely lock the screen.
This will switch to a new virtual terminal, turn off console switching and disable SysRq mechanism (when services.physlock.disableSysRq is set) until the root or user password is given.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/physlock.nix>
- services.physlock.allowAnyUser
Whether to allow any user to lock the screen. This will install a setuid wrapper to allow any user to start physlock as root, which is a minor security risk. Call the physlock binary to use this instead of using the systemd service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/physlock.nix>
- services.physlock.disableSysRq
Whether to disable SysRq when locked with physlock.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/security/physlock.nix>
- services.physlock.lockMessage
Message to show on physlock login terminal.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/security/physlock.nix>
- services.physlock.lockOn.extraTargets
Other targets to lock the screen just before.
Useful if you want to e.g. both autologin to X11 so that your ~/.xsession gets executed and still to have the screen locked so that the system can be booted relatively unattended.
Type: list of strings
Default: [ ]
Example: [ "display-manager.service" ]
Declared by:
<nixpkgs/nixos/modules/services/security/physlock.nix>
- services.physlock.lockOn.hibernate
Whether to lock screen with physlock just before hibernate.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/security/physlock.nix>
- services.physlock.lockOn.suspend
Whether to lock screen with physlock just before suspend.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/security/physlock.nix>
- services.picom.enable
Whether or not to enable Picom as the X.org composite manager.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
- services.picom.activeOpacity
Opacity of active windows.
Type: a floating point number in range [0, 1]
Default:
Example:
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
- services.picom.backend
Backend to use: glx, xrender or xr_glx_hybrid.
Type: one of "glx", "xrender", "xr_glx_hybrid"
Default: "xrender"
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
- services.picom.experimentalBackends
Whether to use the unstable new reimplementation of the backends.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
- services.picom.fade
Fade windows in and out.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
- services.picom.fadeDelta
Time between fade animation step (in ms).
Type: positive integer, meaning >0
Default: 10
Example: 5
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
- services.picom.fadeExclude
List of conditions of windows that should not be faded. See picom(1) man page for more examples.
Type: list of strings
Default: [ ]
Example: [ "window_type *= 'menu'" "name ~= 'Firefox$'" "focused = 1" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
- services.picom.fadeSteps
Opacity change between fade steps (in and out).
Type: pair of a floating point number in range [0.01, 1]
Default: [ ]
Example: [ ]
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
- services.picom.inactiveOpacity
Opacity of inactive windows.
Type: a floating point number in range [0.1, 1]
Default:
Example:
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
- services.picom.menuOpacity
Opacity of dropdown and popup menu.
Type: a floating point number in range [0, 1]
Default:
Example:
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
- services.picom.opacityRules
Rules that control the opacity of windows, in format PERCENT:PATTERN.
Type: list of strings
Default: [ ]
Example: [ "95:class_g = 'URxvt' && !_NET_WM_STATE@:32a" "0:_NET_WM_STATE@:32a *= '_NET_WM_STATE_HIDDEN'" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
- services.picom.refreshRate
Screen refresh rate (0 = automatically detect).
Type: unsigned integer, meaning >=0
Default: 0
Example: 60
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
- services.picom.settings
Picom settings. Use this option to configure Picom settings not exposed in a NixOS option or to bypass one. For the available options see the CONFIGURATION FILES section at picom(1).
Type: libconfig configuration. The format consists of an attributes set (called a group) of settings. Each setting can be a scalar type (boolean, integer, floating point number or string), a list of scalars or a group itself
Default: { }
Example:
blur = { method = "gaussian"; size = 10; deviation = 5.0; };Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
- services.picom.shadow
Draw window shadows.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
- services.picom.shadowExclude
List of conditions of windows that should have no shadow. See picom(1) man page for more examples.
Type: list of strings
Default: [ ]
Example: [ "window_type *= 'menu'" "name ~= 'Firefox$'" "focused = 1" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
- services.picom.shadowOffsets
Left and right offset for shadows (in pixels).
Type: pair of signed integer
Default: [ -15 -15 ]
Example: [ -10 -15 ]
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
- services.picom.shadowOpacity
Window shadows opacity.
Type: a floating point number in range [0, 1]
Default:
Example:
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
- services.picom.vSync
Enable vertical synchronization. Chooses the best method (drm, opengl, opengl-oml, opengl-swc, opengl-mswc) automatically. The bool value should be used, the others are just for backwards compatibility.
Type: boolean or one of "none", "drm", "opengl", "opengl-oml", "opengl-swc", "opengl-mswc"
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
- services.picom.wintypes
Rules for specific window types.
Type: attribute set
Default: { dropdown_menu = { opacity = ; } ; popup_menu = { opacity = ; } ; }
Example: { }
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
- services.pict-rs.enable
Whether to enable pict-rs server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/pict-rs.nix>
- services.pict-rs.address
The IPv4 address to deploy the service to.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/pict-rs.nix>
- services.pict-rs.dataDir
The directory where to store the uploaded images.
Type: path
Default: "/var/lib/pict-rs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/pict-rs.nix>
- services.pict-rs.port
The port which to bind the service to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/web-apps/pict-rs.nix>
- services.pinnwand.enable
Whether to enable Pinnwand.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/pinnwand.nix>
- services.pinnwand.port
The port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8000
Declared by:
<nixpkgs/nixos/modules/services/misc/pinnwand.nix>
- services.pinnwand.settings
Your pinnwand.toml as a Nix attribute set. Look up possible options in the pinnwand.toml-example.
Type: TOML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/pinnwand.nix>
- services.pipewire.enable
Whether to enable pipewire service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
- services.pipewire.package
The pipewire derivation to use.
Type: package
Default: pkgs.pipewire
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
- services.pipewire.alsa.enable
Whether to enable ALSA support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
- services.pipewire.alsa.support32Bit
Whether to enable 32-bit ALSA support on 64-bit systems.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
- services.pipewire.config.client
Configuration for pipewire clients. For details see https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/0.3.40/src/daemon/client.conf.in
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
- services.pipewire.config.client-rt
Configuration for realtime pipewire clients. For details see https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/0.3.40/src/daemon/client-rt.conf.in
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
- services.pipewire.config.jack
Configuration for the pipewire daemon's jack module. For details see https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/0.3.40/src/daemon/jack.conf.in
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
- services.pipewire.config.pipewire
Configuration for the pipewire daemon. For details see https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/0.3.40/src/daemon/pipewire.conf.in
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
- services.pipewire.config.pipewire-pulse
Configuration for the pipewire-pulse daemon. For details see https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/0.3.40/src/daemon/pipewire-pulse.conf.in
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
- services.pipewire.jack.enable
Whether to enable JACK audio emulation.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
- services.pipewire.media-session.enable
Example pipewire session manager
Type: boolean
Default: config.services.pipewire.enable
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire-media-session.nix>
- services.pipewire.media-session.package
The pipewire-media-session derivation to use.
Type: package
Default: pkgs.pipewire-media-session
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire-media-session.nix>
- services.pipewire.media-session.config.alsa-monitor
Configuration for the alsa monitor. For details see https://gitlab.freedesktop.org/pipewire/media-session/-/blob/0.4.1/src/daemon/media-session.d/alsa-monitor.conf
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire-media-session.nix>
- services.pipewire.media-session.config.bluez-monitor
Configuration for the bluez5 monitor. For details see https://gitlab.freedesktop.org/pipewire/media-session/-/blob/0.4.1/src/daemon/media-session.d/bluez-monitor.conf
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire-media-session.nix>
- services.pipewire.media-session.config.media-session
Configuration for the media session core. For details see https://gitlab.freedesktop.org/pipewire/media-session/-/blob/0.4.1/src/daemon/media-session.d/media-session.conf
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire-media-session.nix>
- services.pipewire.media-session.config.v4l2-monitor
Configuration for the V4L2 monitor. For details see https://gitlab.freedesktop.org/pipewire/media-session/-/blob/0.4.1/src/daemon/media-session.d/v4l2-monitor.conf
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire-media-session.nix>
- services.pipewire.pulse.enable
Whether to enable PulseAudio server emulation.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
- services.pipewire.socketActivation
Automatically run pipewire when connections are made to the pipewire socket.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
- services.pipewire.systemWide
If true, a system-wide PipeWire service and socket is enabled allowing all users in the "pipewire" group to use it simultaneously. If false, then user units are used instead, restricting access to only one user.
Enabling system-wide PipeWire is however not recommended and disabled by default according to https://github.com/PipeWire/pipewire/blob/master/NEWS
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
- services.pixiecore.enable
Whether to enable Pixiecore.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
- services.pixiecore.apiServer
host:port to connect to the API. Ignored unless mode is set to 'api'
Type: string
Example: "localhost:8080"
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
- services.pixiecore.cmdLine
Kernel commandline arguments. Ignored unless mode is set to 'boot'
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
- services.pixiecore.debug
Log more things that aren't directly related to booting a recognized client
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
- services.pixiecore.dhcpNoBind
Handle DHCP traffic without binding to the DHCP server port
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
- services.pixiecore.extraArguments
Additional command line arguments to pass to Pixiecore
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
- services.pixiecore.initrd
Initrd path. Ignored unless mode is set to 'boot'
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
- services.pixiecore.kernel
Kernel path. Ignored unless mode is set to 'boot'
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
- services.pixiecore.listen
IPv4 address to listen on
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
- services.pixiecore.mode
Which mode to use
Type: one of "api", "boot"
Default: "boot"
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
- services.pixiecore.openFirewall
Open ports (67, 69 UDP and 4011, 'port', 'statusPort' TCP) in the firewall for Pixiecore.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
- services.pixiecore.port
Port to listen on for HTTP
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 80
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
- services.pixiecore.statusPort
HTTP port for status information (can be the same as --port)
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 80
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
- services.plantuml-server.enable
Whether to enable PlantUML server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
- services.plantuml-server.package
PlantUML server package to use
Type: package
Default: pkgs.plantuml-server
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
- services.plantuml-server.allowPlantumlInclude
Enables !include processing which can read files from the server into diagrams. Files are read relative to the current working directory.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
- services.plantuml-server.graphvizPackage
Package containing the dot executable.
Type: package
Default: pkgs.graphviz
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
- services.plantuml-server.group
Group which runs PlantUML server.
Type: string
Default: "plantuml"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
- services.plantuml-server.home
Home directory of the PlantUML server instance.
Type: string
Default: "/var/lib/plantuml"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
- services.plantuml-server.httpAuthorization
When calling the proxy endpoint, the value of HTTP_AUTHORIZATION will be used to set the HTTP Authorization header.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
- services.plantuml-server.listenHost
Host to listen on.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
- services.plantuml-server.listenPort
Port to listen on.
Type: signed integer
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
- services.plantuml-server.plantumlLimitSize
Limits image width and height.
Type: signed integer
Default: 4096
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
- services.plantuml-server.plantumlStats
Set it to on to enable statistics report (https://plantuml.com/statistics-report).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
- services.plantuml-server.user
User which runs PlantUML server.
Type: string
Default: "plantuml"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
- services.plausible.enable
Whether to enable plausible.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
- services.plausible.adminUser.activate
Whether to enable activating the freshly created admin-user.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
- services.plausible.adminUser.email
Email-address of the admin-user.
Type: string
Example: "admin@localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
- services.plausible.adminUser.name
Name of the admin user that plausible will created on initial startup.
Type: string
Default: "admin"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
- services.plausible.adminUser.passwordFile
Path to the file which contains the password of the admin user.
Type: string or path
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
- services.plausible.database.clickhouse.setup
Whether to enable creating a clickhouse instance.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
- services.plausible.database.clickhouse.url
The URL to be used to connect to clickhouse.
Type: string
Default: "http://localhost:8123/default"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
- services.plausible.database.postgres.dbname
Name of the database to use.
Type: string
Default: "plausible"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
- services.plausible.database.postgres.setup
Whether to enable creating a postgresql instance.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
- services.plausible.database.postgres.socket
Path to the UNIX domain-socket to communicate with postgres.
Type: string
Default: "/run/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
- services.plausible.mail.email
The email id to use for as from address of all communications from Plausible.
Type: string
Default: "hello@plausible.local"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
- services.plausible.mail.smtp.enableSSL
Whether to enable SSL when connecting to the SMTP server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
- services.plausible.mail.smtp.hostAddr
The host address of your smtp server.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
- services.plausible.mail.smtp.hostPort
The port of your smtp server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 25
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
- services.plausible.mail.smtp.passwordFile
The path to the file with the password in case SMTP auth is enabled.
Type: null or string or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
- services.plausible.mail.smtp.retries
Number of retries to make until mailer gives up.
Type: unsigned integer, meaning >=0
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
- services.plausible.mail.smtp.user
The username/email in case SMTP auth is enabled.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
- services.plausible.releaseCookiePath
The path to the file with release cookie. (used for remote connection to the running node).
Type: string or path
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
- services.plausible.server.baseUrl
Public URL where plausible is available.
Note that /path components are currently ignored: https://github.com/plausible/analytics/issues/1182.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
- services.plausible.server.disableRegistration
Whether to prohibit creating an account in plausible's UI.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
- services.plausible.server.port
Port where the service should be available.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
- services.plausible.server.secretKeybaseFile
Path to the secret used by the phoenix-framework. Instructions how to generate one are documented in the framework docs.
Type: path or string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
- services.pleroma.enable
Whether to enable pleroma.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/pleroma.nix>
- services.pleroma.package
Pleroma package to use.
Type: package
Default: pkgs.pleroma
Declared by:
<nixpkgs/nixos/modules/services/networking/pleroma.nix>
- services.pleroma.configs
Pleroma public configuration.
This list gets appended from left to right into /etc/pleroma/config.exs. Elixir evaluates its configuration imperatively, meaning you can override a setting by appending a new str to this NixOS option list.
DO NOT STORE ANY PLEROMA SECRET HERE, use services.pleroma.secretConfigFile instead.
This setting is going to be stored in a file part of the Nix store. The Nix store being world-readable, it's not the right place to store any secret
Have a look to Pleroma section in the NixOS manual for more informations.
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/networking/pleroma.nix>
- services.pleroma.group
Group account under which pleroma runs.
Type: string
Default: "pleroma"
Declared by:
<nixpkgs/nixos/modules/services/networking/pleroma.nix>
- services.pleroma.secretConfigFile
Path to the file containing your secret pleroma configuration.
DO NOT POINT THIS OPTION TO THE NIX STORE, the store being world-readable, it'll compromise all your secrets.
Type: string
Default: "/var/lib/pleroma/secrets.exs"
Declared by:
<nixpkgs/nixos/modules/services/networking/pleroma.nix>
- services.pleroma.stateDir
Directory where the pleroma service will save the uploads and static files.
Type: string (read only)
Default: "/var/lib/pleroma"
Declared by:
<nixpkgs/nixos/modules/services/networking/pleroma.nix>
- services.pleroma.user
User account under which pleroma runs.
Type: string
Default: "pleroma"
Declared by:
<nixpkgs/nixos/modules/services/networking/pleroma.nix>
- services.plex.enable
Whether to enable Plex Media Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
- services.plex.package
The Plex package to use. Plex subscribers may wish to use their own package here, pointing to subscriber-only server versions.
Type: package
Default: pkgs.plex
Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
- services.plex.dataDir
The directory where Plex stores its data files.
Type: string
Default: "/var/lib/plex"
Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
- services.plex.extraPlugins
A list of paths to extra plugin bundles to install in Plex's plugin directory. Every time the systemd unit for Plex starts up, all of the symlinks in Plex's plugin directory will be cleared and this module will symlink all of the paths specified here to that directory. If this behavior is undesired, set managePlugins to false.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
- services.plex.extraScanners
A list of paths to extra scanners to install in Plex's scanners directory.
Every time the systemd unit for Plex starts up, all of the symlinks in Plex's scanners directory will be cleared and this module will symlink all of the paths specified here to that directory.
Type: list of paths
Default: [ ]
Example:
[ (fetchFromGitHub { owner = "ZeroQI"; repo = "Absolute-Series-Scanner"; rev = "773a39f502a1204b0b0255903cee4ed02c46fde0"; sha256 = "4l+vpiDdC8L/EeJowUgYyB3JPNTZ1sauN8liFAcK+PY="; }) ]Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
- services.plex.group
Group under which Plex runs.
Type: string
Default: "plex"
Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
- services.plex.managePlugins
If set to true, this option will cause all of the symlinks in Plex's plugin directory to be removed and symlinks for paths specified in extraPlugins to be added.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
- services.plex.openFirewall
Open ports in the firewall for the media server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
- services.plex.user
User account under which Plex runs.
Type: string
Default: "plex"
Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
- services.plikd.enable
Whether to enable the plikd server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/plikd.nix>
- services.plikd.openFirewall
Open ports in the firewall for the plikd.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/plikd.nix>
- services.plikd.settings
Configuration for plikd, see https://github.com/root-gg/plik/blob/master/server/plikd.cfg for supported values.
Type: TOML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/plikd.nix>
- services.podgrab.enable
Whether to enable Podgrab, a self-hosted podcast manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/podgrab.nix>
- services.podgrab.passwordFile
The path to a file containing the PASSWORD environment variable definition for Podgrab's authentification.
Type: null or string
Default: null
Example: "/run/secrets/password.env"
Declared by:
<nixpkgs/nixos/modules/services/misc/podgrab.nix>
- services.podgrab.port
The port on which Podgrab will listen for incoming HTTP traffic.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Example: 4242
Declared by:
<nixpkgs/nixos/modules/services/misc/podgrab.nix>
- services.polipo.enable
Whether to run the polipo caching web proxy.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/polipo.nix>
- services.polipo.allowedClients
List of IP addresses or network addresses that may connect to Polipo.
Type: list of strings
Default: [ "127.0.0.1" "::1" ]
Example: [ "127.0.0.1" "::1" "134.157.168.0/24" "2001:660:116::/48" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/polipo.nix>
- services.polipo.extraConfig
Polio configuration. Contents will be added verbatim to the configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/polipo.nix>
- services.polipo.parentProxy
Hostname and port number of an HTTP parent proxy; it should have the form ‘host:port’.
Type: string
Default: ""
Example: "localhost:8124"
Declared by:
<nixpkgs/nixos/modules/services/networking/polipo.nix>
- services.polipo.proxyAddress
IP address on which Polipo will listen.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/polipo.nix>
- services.polipo.proxyPort
TCP port on which Polipo will listen.
Type: signed integer
Default: 8123
Declared by:
<nixpkgs/nixos/modules/services/networking/polipo.nix>
- services.polipo.socksParentProxy
Hostname and port number of an SOCKS parent proxy; it should have the form ‘host:port’.
Type: string
Default: ""
Example: "localhost:9050"
Declared by:
<nixpkgs/nixos/modules/services/networking/polipo.nix>
- services.pomerium.enable
Whether to enable the Pomerium authenticating reverse proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/pomerium.nix>
- services.pomerium.configFile
Path to Pomerium config YAML. If set, overrides services.pomerium.settings.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/pomerium.nix>
- services.pomerium.secretsFile
Path to file containing secrets for Pomerium, in systemd EnvironmentFile format. See the systemd.exec(5) man page.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/pomerium.nix>
- services.pomerium.settings
The contents of Pomerium's config.yaml, in Nix expressions.
Specifying configFile will override this in its entirety.
See the Pomerium configuration reference for more information about what to put here.
Type: YAML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-servers/pomerium.nix>
- services.pomerium.useACMEHost
If set, use a NixOS-generated ACME certificate with the specified name.
Note that this will require you to use a non-HTTP-based challenge, or disable Pomerium's in-built HTTP redirect server by setting http_redirect_addr to null and use a different HTTP server for serving the challenge response.
If you're using an HTTP-based challenge, you should use the Pomerium-native autocert option instead.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/pomerium.nix>
- services.postfix.enable
Whether to run the Postfix mail server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.enableHeaderChecks
Whether to enable postfix header checks
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.enableSmtp
Whether to enable smtp in master.cf.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.enableSubmission
Whether to enable smtp submission.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.enableSubmissions
Whether to enable smtp submission via smtps.
According to RFC 8314 this should be preferred over STARTTLS for submission of messages by end user clients.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.aliasFiles
Aliases' tables to be compiled and placed into /var/lib/postfix/conf.
Type: attribute set of paths
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.aliasMapType
The format the alias map should have. Use regexp if you want to use regular expressions.
Type: one of "hash", "regexp", "pcre"
Default: "hash"
Example: "regexp"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.canonical
Entries for the canonical(5) table.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.config
The main.cf configuration file as key value set.
Type: attribute set of boolean or string or list of stringss
Example: { mail_owner = "postfix"; smtp_tls_security_level = "may"; }
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.destination
Full (!) list of domains we deliver locally. Leave blank for acceptable Postfix default.
Type: null or list of strings
Default: null
Example: [ "localhost" ]
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.dnsBlacklistOverrides
contents of check_client_access for overriding dnsBlacklists
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.dnsBlacklists
dns blacklist servers to use with smtpd_client_restrictions
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.domain
Domain to use. Leave blank to use hostname minus first component.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.extraAliases
Additional entries to put verbatim into aliases file, cf. man-page aliases(8).
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.extraConfig
Extra lines to be added verbatim to the main.cf configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.extraHeaderChecks
Extra lines to /etc/postfix/header_checks file.
Type: strings concatenated with "\n"
Default: ""
Example: "/^X-Spam-Flag:/ REDIRECT spam@example.com"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.extraMasterConf
Extra lines to append to the generated master.cf file.
Type: strings concatenated with "\n"
Default: ""
Example: "submission inet n - n - - smtpd"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.group
What to call the Postfix group (must be used only for postfix).
Type: string
Default: "postfix"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.headerChecks
Postfix header checks.
Type: list of submodules
Default: [ ]
Example: [ { action = "REDIRECT spam@example.com"; pattern = "/^X-Spam-Flag:/"; } ]
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.headerChecks.*.action
The action to be executed when the pattern is matched
Type: string
Default: "DUNNO"
Example: "BCC mail@example.com"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.headerChecks.*.pattern
A regexp pattern matching the header
Type: string
Default: "/^.*/"
Example: "/^X-Mailer:/"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.hostname
Hostname to use. Leave blank to use just the hostname of machine. It should be FQDN.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.localRecipients
List of accepted local users. Specify a bare username, an "@domain.tld" wild-card, or a complete "user@domain.tld" address. If set, these names end up in the local recipient map -- see the local(8) man-page -- and effectively replace the system user database lookup that's otherwise used by default.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.lookupMX
Whether relay specified is just domain whose MX must be used.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.mapFiles
Maps to be compiled and placed into /var/lib/postfix/conf.
Type: attribute set of paths
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.masterConfig
An attribute set of service options, which correspond to the service definitions usually done within the Postfix master.cf file.
Type: attribute set of submodules
Default: { }
Example: { submission = { args = [ "-o" "smtpd_tls_security_level=encrypt" ] ; type = "inet"; } ; }
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.masterConfig.<name>.args
Arguments to pass to the command. There is no shell processing involved and shell syntax is passed verbatim to the process.
Type: list of strings
Default: [ ]
Example: [ "-o" "smtp_helo_timeout=5" ]
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.masterConfig.<name>.chroot
Whether the service is chrooted to have only access to the services.postfix.queueDir and the closure of store paths specified by the program option.
Type: boolean
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.masterConfig.<name>.command
A program name specifying a Postfix service/daemon process. By default it's the attribute name.
Type: string
Default: "‹name›"
Example: "smtpd"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.masterConfig.<name>.maxproc
The maximum number of processes to spawn for this service. If the value is 0 it doesn't have any limit. If null is given it uses the postfix default of 100.
Type: signed integer
Example: 1
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.masterConfig.<name>.name
The name of the service to run. Defaults to the attribute set key.
Type: string
Default: "‹name›"
Example: "smtp"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.masterConfig.<name>.private
Whether the service's sockets and storage directory is restricted to be only available via the mail system. If null is given it uses the postfix default true.
Type: boolean
Example: false
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.masterConfig.<name>.privileged
Type: boolean
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.masterConfig.<name>.type
The type of the service
Type: one of "inet", "unix", "unix-dgram", "fifo", "pass"
Default: "unix"
Example: "inet"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.masterConfig.<name>.wakeup
Automatically wake up the service after the specified number of seconds. If 0 is given, never wake the service up.
Type: signed integer
Example: 60
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.masterConfig.<name>.wakeupUnusedComponent
If set to false the component will only be woken up if it is used. This is equivalent to postfix' notion of adding a question mark behind the wakeup time in master.cf
Type: boolean
Example: false
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.networks
Net masks for trusted - allowed to relay mail to third parties - hosts. Leave empty to use mynetworks_style configuration or use default (localhost-only).
Type: null or list of strings
Default: null
Example: [ "192.168.0.1/24" ]
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.networksStyle
Name of standard way of trusted network specification to use, leave blank if you specify it explicitly or if you want to use default (localhost-only).
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.origin
Origin to use in outgoing e-mail. Leave blank to use hostname.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.postmasterAlias
Who should receive postmaster e-mail. Multiple values can be added by separating values with comma.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.recipientDelimiter
Delimiter for address extension: so mail to user+test can be handled by ~user/.forward+test
Type: string
Default: ""
Example: "+"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.relayDomains
List of domains we agree to relay to. Default is empty.
Type: null or list of strings
Default: null
Example: [ "localdomain" ]
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.relayHost
Mail relay for outbound mail.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.relayPort
SMTP port for relay mail relay.
Type: signed integer
Default: 25
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.rootAlias
Who should receive root e-mail. Blank for no redirection. Multiple values can be added by separating values with comma.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.setSendmail
Whether to set the system sendmail to postfix's.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.setgidGroup
How to call postfix setgid group (for postdrop). Should be uniquely used group.
Type: string
Default: "postdrop"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.sslCert
SSL certificate to use.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.sslKey
SSL key to use.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.submissionOptions
Options for the submission config in master.cf
Type: attribute set of strings
Default: { milter_macro_daemon_name = "ORIGINATING"; smtpd_client_restrictions = "permit_sasl_authenticated,reject"; smtpd_sasl_auth_enable = "yes"; smtpd_tls_security_level = "encrypt"; }
Example: { milter_macro_daemon_name = "ORIGINATING"; smtpd_client_restrictions = "permit_sasl_authenticated,reject"; smtpd_sasl_auth_enable = "yes"; smtpd_sasl_type = "dovecot"; smtpd_tls_security_level = "encrypt"; }
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.submissionsOptions
Options for the submission config via smtps in master.cf.
smtpd_tls_security_level will be set to encrypt, if it is missing or has one of the values "may" or "none".
smtpd_tls_wrappermode with value "yes" will be added automatically.
Type: attribute set of strings
Default: { milter_macro_daemon_name = "ORIGINATING"; smtpd_client_restrictions = "permit_sasl_authenticated,reject"; smtpd_sasl_auth_enable = "yes"; }
Example: { milter_macro_daemon_name = "ORIGINATING"; smtpd_client_restrictions = "permit_sasl_authenticated,reject"; smtpd_sasl_auth_enable = "yes"; smtpd_sasl_type = "dovecot"; }
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.tlsTrustedAuthorities
File containing trusted certification authorities (CA) to verify certificates of mailservers contacted for mail delivery. This basically sets smtp_tls_CAfile and enables opportunistic tls. Defaults to NixOS trusted certification authorities.
Type: string
Default: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.transport
Entries for the transport map, cf. man-page transport(8).
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.useSrs
Whether to enable sender rewriting scheme
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.user
What to call the Postfix user (must be used only for postfix).
Type: string
Default: "postfix"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.virtual
Entries for the virtual alias map, cf. man-page virtual(5).
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfix.virtualMapType
What type of virtual alias map file to use. Use "regexp" for regular expressions.
Type: one of "hash", "regexp", "pcre"
Default: "hash"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
- services.postfixadmin.enable
Whether to enable postfixadmin.
Also enables nginx virtual host management. Further nginx configuration can be done by adapting services.nginx.virtualHosts.<name>. See services.nginx.virtualHosts for further information.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/postfixadmin.nix>
- services.postfixadmin.adminEmail
Defines the Site Admin's email address. This will be used to send emails from to create mailboxes and from Send Email / Broadcast message pages.
Type: string
Example: "postmaster@example.com"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfixadmin.nix>
- services.postfixadmin.database.dbname
Name of the postgresql database
Type: string
Default: "postfixadmin"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfixadmin.nix>
- services.postfixadmin.database.host
Host of the postgresql server. If this is not set to localhost, you have to create the postgresql user and database yourself, with appropriate permissions.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfixadmin.nix>
- services.postfixadmin.database.passwordFile
Password file for the postgresql connection. Must be readable by user nginx.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/mail/postfixadmin.nix>
- services.postfixadmin.database.username
Username for the postgresql connection. If database.host is set to localhost, a unix user and group of the same name will be created as well.
Type: string
Default: "postfixadmin"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfixadmin.nix>
- services.postfixadmin.extraConfig
Extra configuration for the postfixadmin instance, see postfixadmin's config.inc.php for available options.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfixadmin.nix>
- services.postfixadmin.hostName
Hostname to use for the nginx vhost
Type: string
Example: "postfixadmin.example.com"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfixadmin.nix>
- services.postfixadmin.setupPasswordFile
Password file for the admin. Generate with php -r "echo password_hash('some password here', PASSWORD_DEFAULT);"
Type: path
Declared by:
<nixpkgs/nixos/modules/services/mail/postfixadmin.nix>
- services.postgresql.enable
Whether to enable PostgreSQL Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
- services.postgresql.enableTCPIP
Whether PostgreSQL should listen on all network interfaces. If disabled, the database can only be accessed via its Unix domain socket or via TCP connections to localhost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
- services.postgresql.package
PostgreSQL package to use.
Type: package
Example: pkgs.postgresql_11
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
- services.postgresql.authentication
Defines how users authenticate themselves to the server. See the PostgreSQL documentation for pg_hba.conf for details on the expected format of this option. By default, peer based authentication will be used for users connecting via the Unix socket, and md5 password authentication will be used for users connecting via TCP. Any added rules will be inserted above the default rules. If you'd like to replace the default rules entirely, you can use lib.mkForce in your module.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
- services.postgresql.checkConfig
Check the syntax of the configuration file at compile time
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
- services.postgresql.dataDir
The data directory for PostgreSQL. If left as the default value this directory will automatically be created before the PostgreSQL server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: path
Default: "/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}"
Example: "/var/lib/postgresql/11"
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
- services.postgresql.ensureDatabases
Ensures that the specified databases exist. This option will never delete existing databases, especially not when the value of this option is changed. This means that databases created once through this option or otherwise have to be removed manually.
Type: list of strings
Default: [ ]
Example: [ "gitea" "nextcloud" ]
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
- services.postgresql.ensureUsers
Ensures that the specified users exist and have at least the ensured permissions. The PostgreSQL users will be identified using peer authentication. This authenticates the Unix user with the same name only, and that without the need for a password. This option will never delete existing users or remove permissions, especially not when the value of this option is changed. This means that users created and permissions assigned once through this option or otherwise have to be removed manually.
Type: list of submodules
Default: [ ]
Example:
[ { name = "nextcloud"; ensurePermissions = { "DATABASE nextcloud" = "ALL PRIVILEGES"; }; } { name = "superuser"; ensurePermissions = { "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; }; } ]Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
- services.postgresql.ensureUsers.*.ensurePermissions
Permissions to ensure for the user, specified as an attribute set. The attribute names specify the database and tables to grant the permissions for. The attribute values specify the permissions to grant. You may specify one or multiple comma-separated SQL privileges here.
For more information on how to specify the target and on which privileges exist, see the GRANT syntax. The attributes are used as GRANT ${attrValue} ON ${attrName}.
Type: attribute set of strings
Default: { }
Example:
{ "DATABASE \"nextcloud\"" = "ALL PRIVILEGES"; "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; }Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
- services.postgresql.ensureUsers.*.name
Name of the user to ensure.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
- services.postgresql.extraPlugins
List of PostgreSQL plugins. PostgreSQL version for each plugin should match version for services.postgresql.package value.
Type: list of paths
Default: [ ]
Example: with pkgs.postgresql_11.pkgs; [ postgis pg_repack ]
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
- services.postgresql.identMap
Defines the mapping from system users to database users.
The general form is:
map-name system-username database-username
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
- services.postgresql.initdbArgs
Additional arguments passed to initdb during data dir initialisation.
Type: list of strings
Default: [ ]
Example: [ "--data-checksums" "--allow-group-access" ]
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
- services.postgresql.initialScript
A file containing SQL statements to execute on first startup.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
- services.postgresql.logLinePrefix
A printf-style string that is output at the beginning of each log line. Upstream default is '%m [%p] ', i.e. it includes the timestamp. We do not include the timestamp, because journal has it anyway.
Type: string
Default: "[%p] "
Example: "%m [%p] "
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
- services.postgresql.port
The port on which PostgreSQL listens.
Type: signed integer
Default: 5432
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
- services.postgresql.recoveryConfig
Contents of the recovery.conf file.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
- services.postgresql.settings
PostgreSQL configuration. Refer to https://www.postgresql.org/docs/11/config-setting.html#CONFIG-SETTING-CONFIGURATION-FILE for an overview of postgresql.conf.
Note
String values will automatically be enclosed in single quotes. Single quotes will be escaped with two single quotes as described by the upstream documentation linked above.Type: attribute set of boolean or floating point number or signed integer or strings
Default: { }
Example:
{ log_connections = true; log_statement = "all"; logging_collector = true log_disconnections = true log_destination = lib.mkForce "syslog"; }Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
- services.postgresqlBackup.enable
Whether to enable PostgreSQL dumps.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
- services.postgresqlBackup.backupAll
Backup all databases using pg_dumpall. This option is mutual exclusive to services.postgresqlBackup.databases. The resulting backup dump will have the name all.sql.gz. This option is the default if no databases are specified.
Type: boolean
Default: services.postgresqlBackup.databases == []
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
- services.postgresqlBackup.compression
The type of compression to use on the generated database dump.
Type: one of "none", "gzip", "zstd"
Default: "gzip"
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
- services.postgresqlBackup.databases
List of database names to dump.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
- services.postgresqlBackup.location
Path of directory where the PostgreSQL database dumps will be placed.
Type: path
Default: "/var/backup/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
- services.postgresqlBackup.pgdumpOptions
Command line options for pg_dump. This options is not used if config.services.postgresqlBackup.backupAll is enabled. Note that config.services.postgresqlBackup.backupAll is also active, when no databases where specified.
Type: strings concatenated with " "
Default: "-C"
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
- services.postgresqlBackup.startAt
This option defines (see systemd.time for format) when the databases should be dumped. The default is to update at 01:15 (at night) every day.
Type: list of strings or string
Default: "*-*-* 01:15:00"
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
- services.postgresqlWalReceiver.receivers
PostgreSQL WAL receivers. Stream write-ahead logs from a PostgreSQL server using pg_receivewal (formerly pg_receivexlog). See the man page for more information.
Type: attribute set of submodules
Default: { }
Example:
{ main = { postgresqlPackage = pkgs.postgresql_11; directory = /mnt/pg_wal/main/; slot = "main_wal_receiver"; connection = "postgresql://user@somehost"; }; }Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix>
- services.postgresqlWalReceiver.receivers.<name>.compress
Enables gzip compression of write-ahead logs, and specifies the compression level (0 through 9, 0 being no compression and 9 being best compression). The suffix .gz will automatically be added to all filenames.
This option requires PostgreSQL >= 10.
Type: integer between 0 and 9 (both inclusive)
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix>
- services.postgresqlWalReceiver.receivers.<name>.connection
Specifies parameters used to connect to the server, as a connection string. See Section 34.1.1 of the PostgreSQL manual for more information.
Because pg_receivewal doesn't connect to any particular database in the cluster, database name in the connection string will be ignored.
Type: string
Example: "postgresql://user@somehost"
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix>
- services.postgresqlWalReceiver.receivers.<name>.directory
Directory to write the output to.
Type: path
Example: /mnt/pg_wal/main/
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix>
- services.postgresqlWalReceiver.receivers.<name>.environment
Environment variables passed to the service. Usable parameters are listed in Section 34.14 of the PostgreSQL manual.
Type: attribute set of strings
Default: { }
Example:
{ PGPASSFILE = "/private/passfile"; PGSSLMODE = "require"; }Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix>
- services.postgresqlWalReceiver.receivers.<name>.extraArgs
A list of extra arguments to pass to the pg_receivewal command.
Type: list of strings
Default: [ ]
Example:
[ "--no-sync" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix>
- services.postgresqlWalReceiver.receivers.<name>.postgresqlPackage
PostgreSQL package to use.
Type: package
Example: pkgs.postgresql_11
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix>
- services.postgresqlWalReceiver.receivers.<name>.slot
Require pg_receivewal to use an existing replication slot (see Section 26.2.6 of the PostgreSQL manual). When this option is used, pg_receivewal will report a flush position to the server, indicating when each segment has been synchronized to disk so that the server can remove that segment if it is not otherwise needed.
When the replication client of pg_receivewal is configured on the server as a synchronous standby, then using a replication slot will report the flush position to the server, but only when a WAL file is closed. Therefore, that configuration will cause transactions on the primary to wait for a long time and effectively not work satisfactorily. The option synchronous must be specified in addition to make this work correctly.
Type: string
Default: ""
Example: "some_slot_name"
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix>
- services.postgresqlWalReceiver.receivers.<name>.statusInterval
Specifies the number of seconds between status packets sent back to the server. This allows for easier monitoring of the progress from server. A value of zero disables the periodic status updates completely, although an update will still be sent when requested by the server, to avoid timeout disconnect.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix>
- services.postgresqlWalReceiver.receivers.<name>.synchronous
Flush the WAL data to disk immediately after it has been received. Also send a status packet back to the server immediately after flushing, regardless of statusInterval.
This option should be specified if the replication client of pg_receivewal is configured on the server as a synchronous standby, to ensure that timely feedback is sent to the server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix>
- services.postgrey.enable
Whether to run the Postgrey daemon
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
- services.postgrey.IPv4CIDR
Strip N bits from IPv4 addresses if lookupBySubnet is true
Type: signed integer
Default: 24
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
- services.postgrey.IPv6CIDR
Strip N bits from IPv6 addresses if lookupBySubnet is true
Type: signed integer
Default: 64
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
- services.postgrey.autoWhitelist
Whitelist clients after successful delivery of N messages
Type: null or signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
- services.postgrey.delay
Greylist for N seconds
Type: signed integer
Default: 300
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
- services.postgrey.greylistAction
Response status for greylisted messages (see access(5))
Type: string
Default: "DEFER_IF_PERMIT"
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
- services.postgrey.greylistHeader
Prepend header to greylisted mails; use %%t for seconds delayed due to greylisting, %%v for the version of postgrey, %%d for the date, and %%h for the host
Type: string
Default: "X-Greylist: delayed %%t seconds by postgrey-%%v at %%h; %%d"
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
- services.postgrey.greylistText
Response status text for greylisted messages; use %%s for seconds left until greylisting is over and %%r for mail domain of recipient
Type: string
Default: "Greylisted for %%s seconds"
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
- services.postgrey.lookupBySubnet
Strip the last N bits from IP addresses, determined by IPv4CIDR and IPv6CIDR
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
- services.postgrey.maxAge
Delete entries from whitelist if they haven't been seen for N days
Type: signed integer
Default: 35
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
- services.postgrey.privacy
Store data using one-way hash functions (SHA1)
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
- services.postgrey.retryWindow
Allow N days for the first retry. Use string with appended 'h' to specify time in hours
Type: string or signed integer
Default: 2
Example: "12h"
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
- services.postgrey.socket
Socket to bind to
Type: submodule or submodule
Default: { mode = "0777"; path = "/run/postgrey.sock"; }
Example: { addr = "127.0.0.1"; port = 10030; }
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
- services.postgrey.whitelistClients
Client address whitelist files (see postgrey(8))
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
- services.postgrey.whitelistRecipients
Recipient address whitelist files (see postgrey(8))
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
- services.postsrsd.enable
Whether to enable the postsrsd SRS server for Postfix.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
- services.postsrsd.domain
Domain name for rewrite
Type: string
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
- services.postsrsd.excludeDomains
Origin domains to exclude from rewriting in addition to primary domain
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
- services.postsrsd.forwardPort
Port for the forward SRS lookup
Type: signed integer
Default: 10001
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
- services.postsrsd.group
Group for the daemon
Type: string
Default: "postsrsd"
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
- services.postsrsd.reversePort
Port for the reverse SRS lookup
Type: signed integer
Default: 10002
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
- services.postsrsd.secretsFile
Secret keys used for signing and verification
Type: path
Default: "/var/lib/postsrsd/postsrsd.secret"
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
- services.postsrsd.separator
First separator character in generated addresses
Type: one of "-", "=", "+"
Default: "="
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
- services.postsrsd.timeout
Timeout for idle client connections in seconds
Type: signed integer
Default: 1800
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
- services.postsrsd.user
User for the daemon
Type: string
Default: "postsrsd"
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
- services.power-profiles-daemon.enable
Whether to enable power-profiles-daemon, a DBus daemon that allows changing system behavior based upon user-selected power profiles.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/power-profiles-daemon.nix>
- services.powerdns.enable
Whether to enable PowerDNS domain name server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/powerdns.nix>
- services.powerdns.extraConfig
PowerDNS configuration. Refer to https://doc.powerdns.com/authoritative/settings.html for details on supported values.
Type: strings concatenated with "\n"
Default: "launch=bind"
Declared by:
<nixpkgs/nixos/modules/services/networking/powerdns.nix>
- services.pppd.enable
Whether to enable pppd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/pppd.nix>
- services.pppd.package
pppd package to use.
Type: package
Default: pkgs.ppp
Declared by:
<nixpkgs/nixos/modules/services/networking/pppd.nix>
- services.pppd.peers
pppd peers.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/pppd.nix>
- services.pppd.peers.<name>.enable
Whether to enable this PPP peer.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/networking/pppd.nix>
- services.pppd.peers.<name>.autostart
Whether the PPP session is automatically started at boot time.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/networking/pppd.nix>
- services.pppd.peers.<name>.config
pppd configuration for this peer, see the pppd(8) man page.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/pppd.nix>
- services.pppd.peers.<name>.name
Name of the PPP peer.
Type: string
Default: "‹name›"
Example: "dialup"
Declared by:
<nixpkgs/nixos/modules/services/networking/pppd.nix>
- services.pptpd.enable
Whether to enable pptpd, the Point-to-Point Tunneling Protocol daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/pptpd.nix>
- services.pptpd.clientIpRange
The range from which client IPs are drawn.
Type: string
Default: "10.124.124.2-11"
Declared by:
<nixpkgs/nixos/modules/services/networking/pptpd.nix>
- services.pptpd.extraPppdOptions
Adds extra lines to the pppd options file.
Type: strings concatenated with "\n"
Default: ""
Example:
'' ms-dns 8.8.8.8 ms-dns 8.8.4.4 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/pptpd.nix>
- services.pptpd.extraPptpdOptions
Adds extra lines to the pptpd configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/pptpd.nix>
- services.pptpd.maxClients
The maximum number of simultaneous connections.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/networking/pptpd.nix>
- services.pptpd.serverIp
The server-side IP address.
Type: string
Default: "10.124.124.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/pptpd.nix>
- services.prayer.enable
Whether to enable the prayer webmail http server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prayer.nix>
- services.prayer.extraConfig
Extra configuration. Contents will be added verbatim to the configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/prayer.nix>
- services.prayer.port
Port the prayer http server is listening to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 2080
Declared by:
<nixpkgs/nixos/modules/services/networking/prayer.nix>
- services.printing.enable
Whether to enable printing support through the CUPS daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
- services.printing.allowFrom
From which hosts to allow unconditional access.
Type: list of strings
Default: [ "localhost" ]
Example: [ "all" ]
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
- services.printing.browsedConf
The contents of the configuration. file of the CUPS Browsed daemon (cups-browsed.conf)
Type: strings concatenated with "\n"
Default: ""
Example:
'' BrowsePoll cups.example.com ''
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
- services.printing.browsing
Specifies whether shared printers are advertised.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
- services.printing.clientConf
The contents of the client configuration. (client.conf)
Type: strings concatenated with "\n"
Default: ""
Example:
'' ServerName server.example.com Encryption Never ''
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
- services.printing.defaultShared
Specifies whether local printers are shared by default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
- services.printing.drivers
CUPS drivers to use. Drivers provided by CUPS, cups-filters, Ghostscript and Samba are added unconditionally. If this list contains Gutenprint (i.e. a derivation with meta.isGutenprint = true) the PPD files in /var/lib/cups/ppd will be updated automatically to avoid errors due to incompatible versions.
Type: list of paths
Default: [ ]
Example: with pkgs; [ gutenprint hplip splix ]
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
- services.printing.extraConf
Extra contents of the configuration file of the CUPS daemon (cupsd.conf).
Type: strings concatenated with "\n"
Default: ""
Example:
'' BrowsePoll cups.example.com MaxCopies 42 ''
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
- services.printing.extraFilesConf
Extra contents of the configuration file of the CUPS daemon (cups-files.conf).
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
- services.printing.listenAddresses
A list of addresses and ports on which to listen.
Type: list of strings
Default: [ "localhost:631" ]
Example: [ "*:631" ]
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
- services.printing.logLevel
Specifies the cupsd logging verbosity.
Type: string
Default: "info"
Example: "debug"
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
- services.printing.snmpConf
The contents of /etc/cups/snmp.conf. See "man cups-snmp.conf" for a complete description.
Type: strings concatenated with "\n"
Default:
'' Address @LOCAL ''
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
- services.printing.startWhenNeeded
If set, CUPS is socket-activated; that is, instead of having it permanently running as a daemon, systemd will start it on the first incoming connection.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
- services.printing.tempDir
CUPSd temporary directory.
Type: path
Default: "/tmp"
Example: "/tmp/cups"
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
- services.printing.webInterface
Specifies whether the web interface is enabled.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
- services.privacyidea.enable
Whether to enable PrivacyIDEA.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
- services.privacyidea.adminEmail
Mail address for the admin user
Type: string
Example: "admin@example.com"
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
- services.privacyidea.adminPasswordFile
File containing password for the admin user
Type: path
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
- services.privacyidea.auditKeyPrivate
Private Key for signing the audit log.
Type: string
Default: "/var/lib/privacyidea/private.pem"
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
- services.privacyidea.auditKeyPublic
Public key for checking signatures of the audit log.
Type: string
Default: "/var/lib/privacyidea/public.pem"
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
- services.privacyidea.encFile
This is used to encrypt the token data and token passwords
Type: string
Default: "/var/lib/privacyidea/enckey"
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
- services.privacyidea.environmentFile
File to load as environment file. Environment variables from this file will be interpolated into the config file using envsubst which is helpful for specifying secrets:
{ services.privacyidea.secretKey = "$SECRET"; }The environment-file can now specify the actual secret key:
SECRET=veryverytopsecret
Type: null or path
Default: null
Example: "/root/privacyidea.env"
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
- services.privacyidea.extraConfig
Extra configuration options for pi.cfg.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
- services.privacyidea.group
Group account under which PrivacyIDEA runs.
Type: string
Default: "privacyidea"
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
- services.privacyidea.ldap-proxy.enable
Whether to enable PrivacyIDEA LDAP Proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
- services.privacyidea.ldap-proxy.configFile
Path to PrivacyIDEA LDAP Proxy configuration (proxy.ini).
Type: path
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
- services.privacyidea.ldap-proxy.group
Group account under which PrivacyIDEA LDAP proxy runs.
Type: string
Default: "pi-ldap-proxy"
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
- services.privacyidea.ldap-proxy.user
User account under which PrivacyIDEA LDAP proxy runs.
Type: string
Default: "pi-ldap-proxy"
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
- services.privacyidea.pepper
This is used to encrypt the admin passwords.
Type: string
Example: "Never know..."
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
- services.privacyidea.secretKey
This is used to encrypt the auth_token.
Type: string
Example: "t0p s3cr3t"
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
- services.privacyidea.stateDir
Directory where all PrivacyIDEA files will be placed by default.
Type: string
Default: "/var/lib/privacyidea"
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
- services.privacyidea.superuserRealm
The realm where users are allowed to login as administrators.
Type: list of strings
Default: [ "super" "administrators" ]
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
- services.privacyidea.user
User account under which PrivacyIDEA runs.
Type: string
Default: "privacyidea"
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
- services.privoxy.enable
Whether to enable Privoxy, non-caching filtering proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
- services.privoxy.enableTor
Whether to configure Privoxy to use Tor's faster SOCKS port, suitable for HTTP.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
- services.privoxy.certsLifetime
If inspectHttps is enabled, the time generated HTTPS certificates will be stored in a temporary directory for reuse. Once the lifetime has expired the directory will cleared and the certificate will have to be generated again, on-demand.
Depending on the traffic, you may want to reduce the lifetime to limit the disk usage, since Privoxy itself never deletes the certificates.
Note
The format is that of the tmpfiles.d(5) Age parameter.Type: tmpfiles.d(5) age format
Default: "10d"
Example: "12h"
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
- services.privoxy.inspectHttps
Whether to configure Privoxy to inspect HTTPS requests, meaning all encrypted traffic will be filtered as well. This works by decrypting and re-encrypting the requests using a per-domain generated certificate.
To issue per-domain certificates, Privoxy must be provided with a CA certificate, using the ca-cert-file, ca-key-file settings.
Warning
The CA certificate must also be added to the system trust roots, otherwise browsers will reject all Privoxy certificates as invalid. You can do so by using the option security.pki.certificateFiles.Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
- services.privoxy.settings
This option is mapped to the main Privoxy configuration file. Check out the Privoxy user manual at https://www.privoxy.org/user-manual/config.html for available settings and documentation.
Note
Repeated settings can be represented by using a list.Type: privoxy configuration type. The format consists of an attribute set of settings. Each setting can be either a value (integer, string, boolean or path) or a list of such values.
Default: { }
Example:
{ # Listen on IPv6 only listen-address = "[::]:8118"; # Forward .onion requests to Tor forward-socks5 = ".onion localhost:9050 ."; # Log redirects and filters debug = [ 128 64 ]; # This is equivalent to writing these lines # in the Privoxy configuration file: # debug 128 # debug 64 }Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
- services.privoxy.settings.enable-edit-actions
Whether the web-based actions file editor may be used.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
- services.privoxy.settings.actionsfile
List of paths to Privoxy action files. These paths may either be absolute or relative to the privoxy configuration directory.
Type: list of strings
Default: [ "match-all.action" "default.action" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
- services.privoxy.settings.filterfile
List of paths to Privoxy filter files. These paths may either be absolute or relative to the privoxy configuration directory.
Type: list of strings
Default: [ "default.filter" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
- services.privoxy.settings.listen-address
Pair of address:port the proxy server is listening to.
Type: string
Default: "127.0.0.1:8118"
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
- services.privoxy.userActions
Actions to be included in a user.action file. This will have a higher priority and can be used to override all other actions.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
- services.privoxy.userFilters
Filters to be included in a user.filter file. This will have a higher priority and can be used to override all other filters definitions.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
- services.prometheus.enable
Enable the Prometheus monitoring daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.enableReload
Reload prometheus when configuration file changes (instead of restart).
The following property holds: switching to a configuration (switch-to-configuration) that changes the prometheus configuration only finishes successully when prometheus has finished loading the new configuration.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.package
The prometheus package that should be used.
Type: package
Default: pkgs.prometheus
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.alertmanager.enable
Whether to enable Prometheus Alertmanager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
- services.prometheus.alertmanager.package
Package that should be used for alertmanager.
Type: package
Default: pkgs.alertmanager
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
- services.prometheus.alertmanager.clusterPeers
Initial peers for HA cluster.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
- services.prometheus.alertmanager.configText
Alertmanager configuration as YAML text. If non-null, this option defines the text that is written to alertmanager.yml. If null, the contents of alertmanager.yml is generated from the structured config options.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
- services.prometheus.alertmanager.configuration
Alertmanager configuration as nix attribute set.
Type: null or attribute set
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
- services.prometheus.alertmanager.environmentFile
File to load as environment file. Environment variables from this file will be interpolated into the config file using envsubst with this syntax: $ENVIRONMENT ${VARIABLE}
Type: null or path
Default: null
Example: "/root/alertmanager.env"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
- services.prometheus.alertmanager.extraFlags
Extra commandline options when launching the Alertmanager.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
- services.prometheus.alertmanager.listenAddress
Address to listen on for the web interface and API. Empty string will listen on all interfaces. "localhost" will listen on 127.0.0.1 (but not ::1).
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
- services.prometheus.alertmanager.logFormat
If set use a syslog logger or JSON logging.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
- services.prometheus.alertmanager.logLevel
Only log messages with the given severity or above.
Type: one of "debug", "info", "warn", "error", "fatal"
Default: "warn"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
- services.prometheus.alertmanager.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
- services.prometheus.alertmanager.port
Port to listen on for the web interface and API.
Type: signed integer
Default: 9093
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
- services.prometheus.alertmanager.webExternalUrl
The URL under which Alertmanager is externally reachable (for example, if Alertmanager is served via a reverse proxy). Used for generating relative and absolute links back to Alertmanager itself. If the URL has a path portion, it will be used to prefix all HTTP endoints served by Alertmanager. If omitted, relevant URL components will be derived automatically.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
- services.prometheus.alertmanagerNotificationQueueCapacity
The capacity of the queue for pending alert manager notifications.
Type: signed integer
Default: 10000
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.alertmanagerTimeout
Alert manager HTTP API timeout (in seconds).
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.alertmanagers
A list of alertmanagers to send alerts to. See the official documentation for more information.
Type: list of attribute sets
Default: [ ]
Example:
[ { scheme = "https"; path_prefix = "/alertmanager"; static_configs = [ { targets = [ "prometheus.domain.tld" ]; } ]; } ]Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.checkConfig
Check configuration with promtool check. The call to promtool is subject to sandboxing by Nix. When credentials are stored in external files (password_file, bearer_token_file, etc), they will not be visible to promtool and it will report errors, despite a correct configuration.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.configText
If non-null, this option defines the text that is written to prometheus.yml. If null, the contents of prometheus.yml is generated from the structured config options.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.exporters
Prometheus exporter configuration
Type: submodule
Default: { }
Example:
{ node = { enable = true; enabledCollectors = [ "systemd" ]; }; varnish.enable = true; }Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.apcupsd.enable
Whether to enable the prometheus apcupsd exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.apcupsd.apcupsdAddress
Address of the apcupsd Network Information Server (NIS).
Type: string
Default: ":3551"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.apcupsd.apcupsdNetwork
Network of the apcupsd Network Information Server (NIS): one of "tcp", "tcp4", or "tcp6".
Type: one of "tcp", "tcp4", "tcp6"
Default: "tcp"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.apcupsd.extraFlags
Extra commandline options to pass to the apcupsd exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.apcupsd.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.apcupsd.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9162"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.apcupsd.group
Group under which the apcupsd exporter shall be run.
Type: string
Default: "apcupsd-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.apcupsd.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.apcupsd.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.apcupsd.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9162
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.apcupsd.user
User name under which the apcupsd exporter shall be run.
Type: string
Default: "apcupsd-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.artifactory.enable
Whether to enable the prometheus artifactory exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.artifactory.artiAccessToken
Access token for authentication against JFrog Artifactory API. One of the password or access token needs to be set.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.artifactory.artiPassword
Password for authentication against JFrog Artifactory API. One of the password or access token needs to be set.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.artifactory.artiUsername
Username for authentication against JFrog Artifactory API.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.artifactory.extraFlags
Extra commandline options to pass to the artifactory exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.artifactory.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.artifactory.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9531"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.artifactory.group
Group under which the artifactory exporter shall be run.
Type: string
Default: "artifactory-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.artifactory.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.artifactory.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.artifactory.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9531
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.artifactory.scrapeUri
URI on which to scrape JFrog Artifactory.
Type: string
Default: "http://localhost:8081/artifactory"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.artifactory.user
User name under which the artifactory exporter shall be run.
Type: string
Default: "artifactory-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bind.enable
Whether to enable the prometheus bind exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bind.bindGroups
List of statistics to collect. Available: [server, view, tasks]
Type: list of one of "server", "view", "tasks"s
Default: [ "server" "view" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bind.bindTimeout
Timeout for trying to get stats from Bind.
Type: string
Default: "10s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bind.bindURI
HTTP XML API address of an Bind server.
Type: string
Default: "http://localhost:8053/"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bind.bindVersion
BIND statistics version. Can be detected automatically.
Type: one of "xml.v2", "xml.v3", "auto"
Default: "auto"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bind.extraFlags
Extra commandline options to pass to the bind exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bind.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.bind.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9119"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bind.group
Group under which the bind exporter shall be run.
Type: string
Default: "bind-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bind.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bind.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bind.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9119
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bind.user
User name under which the bind exporter shall be run.
Type: string
Default: "bind-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bird.enable
Whether to enable the prometheus bird exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bird.birdSocket
Path to BIRD2 (or BIRD1 v4) socket.
Type: path
Default: "/var/run/bird.ctl"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bird.birdVersion
Specifies whether BIRD1 or BIRD2 is in use.
Type: one of 1, 2
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bird.extraFlags
Extra commandline options to pass to the bird exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bird.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.bird.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9324"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bird.group
Group under which the bird exporter shall be run.
Type: string
Default: "bird-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bird.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bird.newMetricFormat
Enable the new more-generic metric format.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bird.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bird.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9324
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bird.user
User name under which the bird exporter shall be run.
Type: string
Default: "bird-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bitcoin.enable
Whether to enable the prometheus bitcoin exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bitcoin.extraEnv
Extra environment variables for the exporter.
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bitcoin.extraFlags
Extra commandline options to pass to the bitcoin exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bitcoin.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.bitcoin.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9332"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bitcoin.group
Group under which the bitcoin exporter shall be run.
Type: string
Default: "bitcoin-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bitcoin.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bitcoin.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bitcoin.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9332
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bitcoin.refreshSeconds
How often to ask bitcoind for metrics.
Type: unsigned integer, meaning >=0
Default: 300
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bitcoin.rpcHost
RPC host.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bitcoin.rpcPasswordFile
File containing RPC password.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bitcoin.rpcPort
RPC port number.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8332
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bitcoin.rpcScheme
Whether to connect to bitcoind over http or https.
Type: one of "http", "https"
Default: "http"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bitcoin.rpcUser
RPC user name.
Type: string
Default: "bitcoinrpc"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.bitcoin.user
User name under which the bitcoin exporter shall be run.
Type: string
Default: "bitcoin-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.blackbox.enable
Whether to enable the prometheus blackbox exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.blackbox.enableConfigCheck
Whether to run a correctness check for the configuration file. This depends on the configuration file residing in the nix-store. Paths passed as string will be copied to the store.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.blackbox.configFile
Path to configuration file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.blackbox.extraFlags
Extra commandline options to pass to the blackbox exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.blackbox.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.blackbox.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9115"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.blackbox.group
Group under which the blackbox exporter shall be run.
Type: string
Default: "blackbox-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.blackbox.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.blackbox.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.blackbox.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9115
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.blackbox.user
User name under which the blackbox exporter shall be run.
Type: string
Default: "blackbox-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.buildkite-agent.enable
Whether to enable the prometheus buildkite-agent exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.buildkite-agent.endpoint
The Buildkite Agent API endpoint.
Type: string
Default: "https://agent.buildkite.com/v3"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.buildkite-agent.extraFlags
Extra commandline options to pass to the buildkite-agent exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.buildkite-agent.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.buildkite-agent.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9876"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.buildkite-agent.group
Group under which the buildkite-agent exporter shall be run.
Type: string
Default: "buildkite-agent-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.buildkite-agent.interval
How often to update metrics.
Type: string
Default: "30s"
Example: "1min"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.buildkite-agent.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.buildkite-agent.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.buildkite-agent.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9876
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.buildkite-agent.queues
Which specific queues to process.
Type: null or list of strings
Default: null
Example: [ "my-queue1" "my-queue2" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.buildkite-agent.tokenPath
The token from your Buildkite "Agents" page.
A run-time path to the token file, which is supposed to be provisioned outside of Nix store.
Type: null or path
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.buildkite-agent.user
User name under which the buildkite-agent exporter shall be run.
Type: string
Default: "buildkite-agent-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.collectd.enable
Whether to enable the prometheus collectd exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.collectd.collectdBinary.enable
Whether to enable collectd binary protocol receiver.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.collectd.collectdBinary.authFile
File mapping user names to pre-shared keys (passwords).
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.collectd.collectdBinary.listenAddress
Address to listen on for binary network packets.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.collectd.collectdBinary.port
Network address on which to accept collectd binary network packets.
Type: signed integer
Default: 25826
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.collectd.collectdBinary.securityLevel
Minimum required security level for accepted packets.
Type: one of "None", "Sign", "Encrypt"
Default: "None"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.collectd.extraFlags
Extra commandline options to pass to the collectd exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.collectd.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.collectd.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9103"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.collectd.group
Group under which the collectd exporter shall be run.
Type: string
Default: "collectd-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.collectd.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.collectd.logFormat
Set the log format.
Type: one of "logfmt", "json"
Default: "logfmt"
Example: "json"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.collectd.logLevel
Only log messages with the given severity or above.
Type: one of "debug", "info", "warn", "error", "fatal"
Default: "info"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.collectd.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.collectd.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9103
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.collectd.user
User name under which the collectd exporter shall be run.
Type: string
Default: "collectd-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.dnsmasq.enable
Whether to enable the prometheus dnsmasq exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.dnsmasq.dnsmasqListenAddress
Address on which dnsmasq listens.
Type: string
Default: "localhost:53"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.dnsmasq.extraFlags
Extra commandline options to pass to the dnsmasq exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.dnsmasq.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.dnsmasq.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9153"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.dnsmasq.group
Group under which the dnsmasq exporter shall be run.
Type: string
Default: "dnsmasq-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.dnsmasq.leasesPath
Path to the dnsmasq.leases file.
Type: path
Default: "/var/lib/misc/dnsmasq.leases"
Example: "/var/lib/dnsmasq/dnsmasq.leases"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.dnsmasq.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.dnsmasq.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.dnsmasq.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9153
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.dnsmasq.user
User name under which the dnsmasq exporter shall be run.
Type: string
Default: "dnsmasq-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.domain.enable
Whether to enable the prometheus domain exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.domain.extraFlags
Extra commandline options to pass to the domain exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.domain.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.domain.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9222"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.domain.group
Group under which the domain exporter shall be run.
Type: string
Default: "domain-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.domain.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.domain.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.domain.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9222
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.domain.user
User name under which the domain exporter shall be run.
Type: string
Default: "domain-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.dovecot.enable
Whether to enable the prometheus dovecot exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.dovecot.extraFlags
Extra commandline options to pass to the dovecot exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.dovecot.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.dovecot.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9166"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.dovecot.group
Group under which the dovecot exporter shall be run.
Type: string
Default: "dovecot-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.dovecot.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.dovecot.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.dovecot.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9166
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.dovecot.scopes
Stats scopes to query.
Type: list of strings
Default: [ "user" ]
Example: [ "user" "global" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.dovecot.socketPath
Path under which the stats socket is placed. The user/group under which the exporter runs, should be able to access the socket in order to scrape the metrics successfully.
Please keep in mind that the stats module has changed in Dovecot 2.3+ which is not compatible with this exporter.
The following extra config has to be passed to Dovecot to ensure that recent versions work with this exporter:
{ services.prometheus.exporters.dovecot.enable = true; services.prometheus.exporters.dovecot.socketPath = "/var/run/dovecot2/old-stats"; services.dovecot2.mailPlugins.globally.enable = [ "old_stats" ]; services.dovecot2.extraConfig = '' service old-stats { unix_listener old-stats { user = dovecot-exporter group = dovecot-exporter mode = 0660 } fifo_listener old-stats-mail { mode = 0660 user = dovecot group = dovecot } fifo_listener old-stats-user { mode = 0660 user = dovecot group = dovecot } } plugin { old_stats_refresh = 30 secs old_stats_track_cmds = yes } ''; }Type: path
Default: "/var/run/dovecot/stats"
Example: "/var/run/dovecot2/old-stats"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.dovecot.telemetryPath
Path under which to expose metrics.
Type: string
Default: "/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.dovecot.user
User name under which the dovecot exporter shall be run.
Type: string
Default: "dovecot-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.fastly.enable
Whether to enable the prometheus fastly exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.fastly.configFile
Path to a fastly-exporter configuration file. Example one can be generated with fastly-exporter --config-file-example.
Type: null or path
Default: null
Example: "./fastly-exporter-config.txt"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.fastly.debug
Whether to enable Debug logging mode for fastly-exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.fastly.extraFlags
Extra commandline options to pass to the fastly exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.fastly.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.fastly.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9118"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.fastly.group
Group under which the fastly exporter shall be run.
Type: string
Default: "fastly-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.fastly.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.fastly.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.fastly.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9118
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.fastly.tokenPath
A run-time path to the token file, which is supposed to be provisioned outside of Nix store.
Type: null or path
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.fastly.user
User name under which the fastly exporter shall be run.
Type: string
Default: "fastly-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.flow.enable
Whether to enable the prometheus flow exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.flow.asn
The ASN being monitored.
Type: positive integer, meaning >0
Example: 65542
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.flow.brokers
List of Kafka brokers to connect to.
Type: list of strings
Example: [ "kafka.example.org:19092" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.flow.extraFlags
Extra commandline options to pass to the flow exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.flow.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.flow.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9590"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.flow.group
Group under which the flow exporter shall be run.
Type: string
Default: "flow-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.flow.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.flow.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.flow.partitions
The number of the partitions to consume, none means all.
Type: list of signed integers
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.flow.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9590
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.flow.topic
The Kafka topic to consume from.
Type: string
Example: "pmacct.acct"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.flow.user
User name under which the flow exporter shall be run.
Type: string
Default: "flow-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.fritzbox.enable
Whether to enable the prometheus fritzbox exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.fritzbox.extraFlags
Extra commandline options to pass to the fritzbox exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.fritzbox.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.fritzbox.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9133"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.fritzbox.gatewayAddress
The hostname or IP of the FRITZ!Box.
Type: string
Default: "fritz.box"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.fritzbox.gatewayPort
The port of the FRITZ!Box UPnP service.
Type: signed integer
Default: 49000
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.fritzbox.group
Group under which the fritzbox exporter shall be run.
Type: string
Default: "fritzbox-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.fritzbox.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.fritzbox.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.fritzbox.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9133
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.fritzbox.user
User name under which the fritzbox exporter shall be run.
Type: string
Default: "fritzbox-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.influxdb.enable
Whether to enable the prometheus influxdb exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.influxdb.extraFlags
Extra commandline options to pass to the influxdb exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.influxdb.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.influxdb.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9122"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.influxdb.group
Group under which the influxdb exporter shall be run.
Type: string
Default: "influxdb-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.influxdb.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.influxdb.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.influxdb.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9122
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.influxdb.sampleExpiry
How long a sample is valid for
Type: string
Default: "5m"
Example: "10m"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.influxdb.udpBindAddress
Address on which to listen for udp packets
Type: string
Default: ":9122"
Example: "192.0.2.1:9122"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.influxdb.user
User name under which the influxdb exporter shall be run.
Type: string
Default: "influxdb-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.jitsi.enable
Whether to enable the prometheus jitsi exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.jitsi.extraFlags
Extra commandline options to pass to the jitsi exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.jitsi.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.jitsi.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9700"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.jitsi.group
Group under which the jitsi exporter shall be run.
Type: string
Default: "jitsi-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.jitsi.interval
How often to scrape new data
Type: string
Default: "30s"
Example: "1min"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.jitsi.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.jitsi.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.jitsi.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9700
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.jitsi.url
Jitsi Videobridge metrics URL to monitor. This is usually /colibri/stats on port 8080 of the jitsi videobridge host.
Type: string
Default: "http://localhost:8080/colibri/stats"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.jitsi.user
User name under which the jitsi exporter shall be run.
Type: string
Default: "jitsi-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.json.enable
Whether to enable the prometheus json exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.json.configFile
Path to configuration file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.json.extraFlags
Extra commandline options to pass to the json exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.json.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.json.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 7979"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.json.group
Group under which the json exporter shall be run.
Type: string
Default: "json-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.json.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.json.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.json.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 7979
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.json.user
User name under which the json exporter shall be run.
Type: string
Default: "json-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.kea.enable
Whether to enable the prometheus kea exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.kea.controlSocketPaths
Paths to kea control sockets
Type: list of strings
Example:
[ "/run/kea/kea-dhcp4.socket" "/run/kea/kea-dhcp6.socket" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.kea.extraFlags
Extra commandline options to pass to the kea exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.kea.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.kea.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9547"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.kea.group
Group under which the kea exporter shall be run.
Type: string
Default: "kea-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.kea.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.kea.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.kea.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9547
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.kea.user
User name under which the kea exporter shall be run.
Type: string
Default: "kea-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.keylight.enable
Whether to enable the prometheus keylight exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.keylight.extraFlags
Extra commandline options to pass to the keylight exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.keylight.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.keylight.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9288"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.keylight.group
Group under which the keylight exporter shall be run.
Type: string
Default: "keylight-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.keylight.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.keylight.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.keylight.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9288
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.keylight.user
User name under which the keylight exporter shall be run.
Type: string
Default: "keylight-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.knot.enable
Whether to enable the prometheus knot exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.knot.extraFlags
Extra commandline options to pass to the knot exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.knot.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.knot.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9433"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.knot.group
Group under which the knot exporter shall be run.
Type: string
Default: "knot-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.knot.knotLibraryPath
Path to the library of knot-dns.
Type: string
Default: "${pkgs.knot-dns.out}/lib/libknot.so"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.knot.knotSocketPath
Socket path of knotd(8).
Type: string
Default: "/run/knot/knot.sock"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.knot.knotSocketTimeout
Timeout in seconds.
Type: signed integer
Default: 2000
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.knot.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.knot.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.knot.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9433
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.knot.user
User name under which the knot exporter shall be run.
Type: string
Default: "knot-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.lnd.enable
Whether to enable the prometheus lnd exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.lnd.extraFlags
Extra commandline options to pass to the lnd exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.lnd.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.lnd.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9092"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.lnd.group
Group under which the lnd exporter shall be run.
Type: string
Default: "lnd-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.lnd.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.lnd.lndHost
lnd instance gRPC address:port.
Type: string
Default: "localhost:10009"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.lnd.lndMacaroonDir
Path to lnd macaroons.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.lnd.lndTlsPath
Path to lnd TLS certificate.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.lnd.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.lnd.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9092
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.lnd.user
User name under which the lnd exporter shall be run.
Type: string
Default: "lnd-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mail.enable
Whether to enable the prometheus mail exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mail.configFile
Specify the mailexporter configuration file to use.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mail.configuration
Specify the mailexporter configuration file to use.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mail.configuration.disableFileDeletion
Disables the exporter's function to delete probing mails.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mail.configuration.mailCheckTimeout
Timeout until mails are considered "didn't make it".
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mail.configuration.monitoringInterval
Time interval between two probe attempts.
Type: string
Example: "10s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mail.configuration.servers
List of servers that should be probed.
Note: if your mailserver has rspamd(8) configured, it can happen that emails from this exporter are marked as spam.
It's possible to work around the issue with a config like this:
{ services.rspamd.locals."multimap.conf".text = '' ALLOWLIST_PROMETHEUS { filter = "email:domain:tld"; type = "from"; map = "${pkgs.writeText "allowmap" "domain.tld"}"; score = -100.0; } ''; }Type: list of submodules
Default: [ ]
Example:
[ { name = "testserver"; server = "smtp.domain.tld"; port = 587; from = "exporteruser@domain.tld"; to = "exporteruser@domain.tld"; detectionDir = "/path/to/Maildir/new"; } ]Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mail.configuration.servers.*.detectionDir
Directory in which new mails for the exporter user are placed. Note that this needs to exist when the exporter starts.
Type: path
Example: "/var/spool/mail/exporteruser/new"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mail.configuration.servers.*.from
Content of 'From' Header for probing mails.
Type: string
Example: "exporteruser@domain.tld"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mail.configuration.servers.*.login
Username to use for SMTP authentication.
Type: null or string
Default: null
Example: "exporteruser@domain.tld"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mail.configuration.servers.*.name
Value for label 'configname' which will be added to all metrics.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mail.configuration.servers.*.passphrase
Password to use for SMTP authentication.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mail.configuration.servers.*.port
Port to use for SMTP.
Type: signed integer
Example: 587
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mail.configuration.servers.*.server
Hostname of the server that should be probed.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mail.configuration.servers.*.to
Content of 'To' Header for probing mails.
Type: string
Example: "exporteruser@domain.tld"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mail.extraFlags
Extra commandline options to pass to the mail exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mail.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.mail.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9225"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mail.group
Group under which the mail exporter shall be run.
Type: string
Default: "mail-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mail.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mail.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mail.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9225
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mail.telemetryPath
Path under which to expose metrics.
Type: string
Default: "/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mail.user
User name under which the mail exporter shall be run.
Type: string
Default: "mail-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mikrotik.enable
Whether to enable the prometheus mikrotik exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mikrotik.configFile
Path to a mikrotik exporter configuration file. Mutually exclusive with configuration option.
Type: null or path
Default: null
Example: ./mikrotik.yml
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mikrotik.configuration
Mikrotik exporter configuration as nix attribute set. Mutually exclusive with configFile option.
See https://github.com/nshttpd/mikrotik-exporter/blob/master/README.md for the description of the configuration file format.
Type: null or attribute set
Default: null
Example:
{ devices = [ { name = "my_router"; address = "10.10.0.1"; user = "prometheus"; password = "changeme"; } ]; features = { bgp = true; dhcp = true; routes = true; optics = true; }; }Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mikrotik.extraFlags
Extra commandline options to pass to the mikrotik exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mikrotik.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.mikrotik.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9436"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mikrotik.group
Group under which the mikrotik exporter shall be run.
Type: string
Default: "mikrotik-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mikrotik.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mikrotik.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mikrotik.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9436
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.mikrotik.user
User name under which the mikrotik exporter shall be run.
Type: string
Default: "mikrotik-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.minio.enable
Whether to enable the prometheus minio exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.minio.extraFlags
Extra commandline options to pass to the minio exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.minio.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.minio.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9290"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.minio.group
Group under which the minio exporter shall be run.
Type: string
Default: "minio-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.minio.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.minio.minioAccessKey
The value of the Minio access key. It is required in order to connect to the server. By default this uses the one from the local minio server if enabled and config.services.minio.accessKey.
Type: string
Example: "yourMinioAccessKey"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.minio.minioAccessSecret
The value of the Minio access secret. It is required in order to connect to the server. By default this uses the one from the local minio server if enabled and config.services.minio.secretKey.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.minio.minioAddress
The URL of the minio server. Use HTTPS if Minio accepts secure connections only. By default this connects to the local minio server if enabled.
Type: string
Example: "https://10.0.0.1:9000"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.minio.minioBucketStats
Collect statistics about the buckets and files in buckets. It requires more computation, use it carefully in case of large buckets..
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.minio.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.minio.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9290
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.minio.user
User name under which the minio exporter shall be run.
Type: string
Default: "minio-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.modemmanager.enable
Whether to enable the prometheus modemmanager exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.modemmanager.extraFlags
Extra commandline options to pass to the modemmanager exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.modemmanager.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.modemmanager.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9539"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.modemmanager.group
Group under which the modemmanager exporter shall be run.
Type: string
Default: "modemmanager-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.modemmanager.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.modemmanager.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.modemmanager.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9539
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.modemmanager.refreshRate
How frequently ModemManager will refresh the extended signal quality information for each modem. The duration should be specified in seconds ("5s"), minutes ("1m"), or hours ("1h").
Type: string
Default: "5s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.modemmanager.user
User name under which the modemmanager exporter shall be run.
Type: string
Default: "modemmanager-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nextcloud.enable
Whether to enable the prometheus nextcloud exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nextcloud.extraFlags
Extra commandline options to pass to the nextcloud exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nextcloud.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.nextcloud.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9205"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nextcloud.group
Group under which the nextcloud exporter shall be run.
Type: string
Default: "nextcloud-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nextcloud.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nextcloud.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nextcloud.passwordFile
File containing the password for connecting to Nextcloud. Make sure that this file is readable by the exporter user.
Type: path
Example: "/path/to/password-file"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nextcloud.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9205
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nextcloud.timeout
Timeout for getting server info document.
Type: string
Default: "5s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nextcloud.url
URL to the Nextcloud serverinfo page. Adding the path to the serverinfo API is optional, it defaults to /ocs/v2.php/apps/serverinfo/api/v1/info.
Type: string
Example: "https://domain.tld"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nextcloud.user
User name under which the nextcloud exporter shall be run.
Type: string
Default: "nextcloud-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nextcloud.username
Username for connecting to Nextcloud. Note that this account needs to have admin privileges in Nextcloud.
Type: string
Default: "nextcloud-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nginx.enable
Whether to enable the prometheus nginx exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nginx.constLabels
A list of constant labels that will be used in every metric.
Type: list of strings
Default: [ ]
Example: [ "label1=value1" "label2=value2" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nginx.extraFlags
Extra commandline options to pass to the nginx exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nginx.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.nginx.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9113"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nginx.group
Group under which the nginx exporter shall be run.
Type: string
Default: "nginx-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nginx.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nginx.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nginx.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9113
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nginx.scrapeUri
Address to access the nginx status page. Can be enabled with services.nginx.statusPage = true.
Type: string
Default: "http://localhost/nginx_status"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nginx.sslVerify
Whether to perform certificate verification for https.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nginx.telemetryPath
Path under which to expose metrics.
Type: string
Default: "/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nginx.user
User name under which the nginx exporter shall be run.
Type: string
Default: "nginx-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nginxlog.enable
Whether to enable the prometheus nginxlog exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nginxlog.extraFlags
Extra commandline options to pass to the nginxlog exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nginxlog.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.nginxlog.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9117"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nginxlog.group
Group under which the nginxlog exporter shall be run.
Type: string
Default: "nginxlog-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nginxlog.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nginxlog.metricsEndpoint
Path under which to expose metrics.
Type: string
Default: "/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nginxlog.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nginxlog.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9117
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nginxlog.settings
All settings of nginxlog expressed as an Nix attrset.
Check the official documentation for the corresponding YAML settings that can all be used here: https://github.com/martin-helmich/prometheus-nginxlog-exporter
The `listen` object is already generated by `port`, `listenAddress` and `metricsEndpoint` and will be merged with the value of `settings` before writting it as JSON.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.nginxlog.user
User name under which the nginxlog exporter shall be run.
Type: string
Default: "nginxlog-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.node.enable
Whether to enable the prometheus node exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.node.enabledCollectors
Collectors to enable. The collectors listed here are enabled in addition to the default ones.
Type: list of strings
Default: [ ]
Example: [ "systemd" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.node.disabledCollectors
Collectors to disable which are enabled by default.
Type: list of strings
Default: [ ]
Example: [ "timex" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.node.extraFlags
Extra commandline options to pass to the node exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.node.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.node.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9100"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.node.group
Group under which the node exporter shall be run.
Type: string
Default: "node-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.node.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.node.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.node.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9100
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.node.user
User name under which the node exporter shall be run.
Type: string
Default: "node-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.openldap.enable
Whether to enable the prometheus openldap exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.openldap.extraFlags
Extra commandline options to pass to the openldap exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.openldap.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.openldap.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9330"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.openldap.group
Group under which the openldap exporter shall be run.
Type: string
Default: "openldap-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.openldap.interval
Scrape interval of the exporter.
Type: string
Default: "30s"
Example: "1m"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.openldap.ldapAddr
Address of the openldap-instance.
Type: string
Default: "localhost:389"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.openldap.ldapCredentialFile
Environment file to contain the credentials to authenticate against openldap.
The file should look like this:
--- ldapUser: "cn=monitoring,cn=Monitor" ldapPass: "secret"
Type: path
Example: "/run/keys/ldap_pass"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.openldap.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.openldap.metricsPath
URL path where metrics should be exposed.
Type: string
Default: "/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.openldap.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.openldap.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9330
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.openldap.protocol
Which protocol to use to connect against openldap.
Type: string
Default: "tcp"
Example: "udp"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.openldap.user
User name under which the openldap exporter shall be run.
Type: string
Default: "openldap-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.openvpn.enable
Whether to enable the prometheus openvpn exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.openvpn.extraFlags
Extra commandline options to pass to the openvpn exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.openvpn.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.openvpn.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9176"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.openvpn.group
Group under which the openvpn exporter shall be run.
Type: string
Default: "openvpn-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.openvpn.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.openvpn.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.openvpn.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9176
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.openvpn.statusPaths
Paths to OpenVPN status files. Please configure the OpenVPN option status accordingly.
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.openvpn.telemetryPath
Path under which to expose metrics.
Type: string
Default: "/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.openvpn.user
User name under which the openvpn exporter shall be run.
Type: string
Default: "openvpn-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.pihole.enable
Whether to enable the prometheus pihole exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.pihole.apiToken
pi-hole API token which can be used instead of a password
Type: string
Default: ""
Example: "580a770cb40511eb85290242ac130003580a770cb40511eb85290242ac130003"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.pihole.extraFlags
Extra commandline options to pass to the pihole exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.pihole.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.pihole.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9617"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.pihole.group
Group under which the pihole exporter shall be run.
Type: string
Default: "pihole-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.pihole.interval
How often to scrape new data
Type: string
Default: "10s"
Example: "30s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.pihole.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.pihole.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.pihole.password
The password to login into pihole. An api token can be used instead.
Type: string
Default: ""
Example: "password"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.pihole.piholeHostname
Hostname or address where to find the pihole webinterface
Type: string
Default: "pihole"
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.pihole.piholePort
The port pihole webinterface is reachable on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 80
Example: 443
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.pihole.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9617
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.pihole.protocol
The protocol which is used to connect to pihole
Type: one of "http", "https"
Default: "http"
Example: "https"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.pihole.user
User name under which the pihole exporter shall be run.
Type: string
Default: "pihole-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postfix.enable
Whether to enable the prometheus postfix exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postfix.extraFlags
Extra commandline options to pass to the postfix exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postfix.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.postfix.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9154"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postfix.group
Group under which the postfix exporter shall be run. It should match the group that is allowed to access the showq socket in the queue/public/ directory. Defaults to services.postfix.setgidGroup when postfix is enabled.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postfix.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postfix.logfilePath
Path where Postfix writes log entries. This file will be truncated by this exporter!
Type: path
Default: "/var/log/postfix_exporter_input.log"
Example: "/var/log/mail.log"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postfix.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postfix.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9154
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postfix.showqPath
Path where Postfix places its showq socket.
Type: path
Default: "/var/lib/postfix/queue/public/showq"
Example: "/var/spool/postfix/public/showq"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postfix.systemd.enable
Whether to enable reading metrics from the systemd journal instead of from a logfile
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postfix.systemd.journalPath
Path to the systemd journal.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postfix.systemd.slice
Name of the postfix systemd slice. This overrides the systemd.unit.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postfix.systemd.unit
Name of the postfix systemd unit.
Type: string
Default: "postfix.service"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postfix.telemetryPath
Path under which to expose metrics.
Type: string
Default: "/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postfix.user
User name under which the postfix exporter shall be run.
Type: string
Default: "postfix-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postgres.enable
Whether to enable the prometheus postgres exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postgres.dataSourceName
Accepts PostgreSQL URI form and key=value form arguments.
Type: string
Default: "user=postgres database=postgres host=/run/postgresql sslmode=disable"
Example: "postgresql://username:password@localhost:5432/postgres?sslmode=disable"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postgres.environmentFile
Environment file as defined in systemd.exec(5).
Secrets may be passed to the service without adding them to the world-readable Nix store, by specifying placeholder variables as the option value in Nix and setting these variables accordingly in the environment file.
Environment variables from this file will be interpolated into the config file using envsubst with this syntax: $ENVIRONMENT ${VARIABLE}
The main use is to set the DATA_SOURCE_NAME that contains the postgres password
note that contents from this file will override dataSourceName if you have set it from nix.
# Content of the environment file DATA_SOURCE_NAME=postgresql://username:password@localhost:5432/postgres?sslmode=disable
Note that this file needs to be available on the host on which this exporter is running.
Type: null or path
Default: null
Example: "/root/prometheus-postgres-exporter.env"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postgres.extraFlags
Extra commandline options to pass to the postgres exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postgres.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.postgres.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9187"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postgres.group
Group under which the postgres exporter shall be run.
Type: string
Default: "postgres-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postgres.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postgres.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postgres.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9187
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postgres.runAsLocalSuperUser
Whether to run the exporter as the local 'postgres' super user.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postgres.telemetryPath
Path under which to expose metrics.
Type: string
Default: "/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.postgres.user
User name under which the postgres exporter shall be run.
Type: string
Default: "postgres-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.process.enable
Whether to enable the prometheus process exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.process.extraFlags
Extra commandline options to pass to the process exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.process.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.process.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9256"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.process.group
Group under which the process exporter shall be run.
Type: string
Default: "process-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.process.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.process.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.process.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9256
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.process.settings.process_names
All settings expressed as an Nix attrset.
Check the official documentation for the corresponding YAML settings that can all be used here: https://github.com/ncabatoff/process-exporter
Type: list of anythings
Default: [ ]
Example:
[ # Remove nix store path from process name { name = "{{.Matches.Wrapped}} {{ .Matches.Args }}"; cmdline = [ "^/nix/store[^ ]*/(?P<Wrapped>[^ /]*) (?P<Args>.*)" ]; } ]Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.process.user
User name under which the process exporter shall be run.
Type: string
Default: "process-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.py-air-control.enable
Whether to enable the prometheus py-air-control exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.py-air-control.deviceHostname
The hostname of the air purification device from which to scrape the metrics.
Type: string
Example: "192.168.1.123"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.py-air-control.extraFlags
Extra commandline options to pass to the py-air-control exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.py-air-control.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.py-air-control.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9896"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.py-air-control.group
Group under which the py-air-control exporter shall be run.
Type: string
Default: "py-air-control-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.py-air-control.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.py-air-control.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.py-air-control.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9896
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.py-air-control.protocol
The protocol to use when communicating with the air purification device. Available: [http, coap, plain_coap]
Type: string
Default: "http"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.py-air-control.stateDir
Directory below /var/lib to store runtime data. This directory will be created automatically using systemd's StateDirectory mechanism.
Type: string
Default: "prometheus-py-air-control-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.py-air-control.user
User name under which the py-air-control exporter shall be run.
Type: string
Default: "py-air-control-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.redis.enable
Whether to enable the prometheus redis exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.redis.extraFlags
Extra commandline options to pass to the redis exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.redis.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.redis.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9121"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.redis.group
Group under which the redis exporter shall be run.
Type: string
Default: "redis-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.redis.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.redis.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.redis.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9121
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.redis.user
User name under which the redis exporter shall be run.
Type: string
Default: "redis-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rspamd.enable
Whether to enable the prometheus rspamd exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rspamd.extraFlags
Extra commandline options to pass to the rspamd exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rspamd.extraLabels
Set of labels added to each metric.
Type: attribute set of strings
Default: { host = config.networking.hostName; }
Example:
{ host = config.networking.hostName; custom_label = "some_value"; }Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rspamd.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.rspamd.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 7980"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rspamd.group
Group under which the rspamd exporter shall be run.
Type: string
Default: "rspamd-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rspamd.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rspamd.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rspamd.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 7980
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rspamd.user
User name under which the rspamd exporter shall be run.
Type: string
Default: "rspamd-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rtl_433.enable
Whether to enable the prometheus rtl_433 exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rtl_433.channels
List of channel matchers to export.
Type: list of submodules
Default: [ ]
Example: [ { channel = 6543; location = "Kitchen"; name = "Acurite"; } ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rtl_433.channels.*.channel
Channel to match.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rtl_433.channels.*.location
Location to match.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rtl_433.channels.*.name
Name to match.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rtl_433.extraFlags
Extra commandline options to pass to the rtl_433 exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rtl_433.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.rtl_433.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9550"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rtl_433.group
Group under which the rtl_433 exporter shall be run.
Type: string
Default: "rtl_433-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rtl_433.ids
List of ID matchers to export.
Type: list of submodules
Default: [ ]
Example: [ { id = 1; location = "Bedroom"; name = "Nexus"; } ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rtl_433.ids.*.id
ID to match.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rtl_433.ids.*.location
Location to match.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rtl_433.ids.*.name
Name to match.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rtl_433.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rtl_433.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rtl_433.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9550
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rtl_433.rtl433Flags
Flags passed verbatim to rtl_433 binary. Having -C si (the default) is recommended since only Celsius temperatures are parsed.
Type: string
Default: "-C si"
Example: "-C si -R 19"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.rtl_433.user
User name under which the rtl_433 exporter shall be run.
Type: string
Default: "rtl_433-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.script.enable
Whether to enable the prometheus script exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.script.extraFlags
Extra commandline options to pass to the script exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.script.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.script.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9172"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.script.group
Group under which the script exporter shall be run.
Type: string
Default: "script-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.script.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.script.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.script.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9172
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.script.settings.scripts
All settings expressed as an Nix attrset.
Check the official documentation for the corresponding YAML settings that can all be used here: https://github.com/adhocteam/script_exporter#sample-configuration
Type: list of submodules
Example:
{ scripts = [ { name = "sleep"; script = "sleep 5"; } ]; }Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.script.settings.scripts.*.name
Name of the script.
Type: string
Example: "sleep"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.script.settings.scripts.*.script
Shell script to execute when metrics are requested.
Type: string
Example: "sleep 5"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.script.settings.scripts.*.timeout
Optional timeout for the script in seconds.
Type: null or signed integer
Default: null
Example: 60
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.script.user
User name under which the script exporter shall be run.
Type: string
Default: "script-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.smartctl.enable
Whether to enable the prometheus smartctl exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.smartctl.devices
Paths to the disks that will be monitored. Will autodiscover all disks if none given.
Type: list of strings
Default: [ ]
Example:
[ "/dev/sda", "/dev/nvme0n1" ];
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.smartctl.extraFlags
Extra commandline options to pass to the smartctl exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.smartctl.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.smartctl.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9633"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.smartctl.group
Group under which the smartctl exporter shall be run.
Type: string
Default: "smartctl-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.smartctl.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.smartctl.maxInterval
Interval that limits how often a disk can be queried.
Type: string
Default: "60s"
Example: "2m"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.smartctl.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.smartctl.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9633
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.smartctl.user
User name under which the smartctl exporter shall be run.
Type: string
Default: "smartctl-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.smokeping.enable
Whether to enable the prometheus smokeping exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.smokeping.buckets
List of buckets to use for the response duration histogram.
Type: strings concatenated with ","
Default: "5e-05,0.0001,0.0002,0.0004,0.0008,0.0016,0.0032,0.0064,0.0128,0.0256,0.0512,0.1024,0.2048,0.4096,0.8192,1.6384,3.2768,6.5536,13.1072,26.2144"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.smokeping.extraFlags
Extra commandline options to pass to the smokeping exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.smokeping.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.smokeping.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9374"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.smokeping.group
Group under which the smokeping exporter shall be run.
Type: string
Default: "smokeping-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.smokeping.hosts
List of endpoints to probe.
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.smokeping.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.smokeping.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.smokeping.pingInterval
Interval between pings.
Type: Go duration (https://golang.org/pkg/time/#ParseDuration)
Default: "1s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.smokeping.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9374
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.smokeping.telemetryPath
Path under which to expose metrics.
Type: string
Default: "/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.smokeping.user
User name under which the smokeping exporter shall be run.
Type: string
Default: "smokeping-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.snmp.enable
Whether to enable the prometheus snmp exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.snmp.configuration
Snmp exporter configuration as nix attribute set. Mutually exclusive with 'configurationPath' option.
Type: null or attribute set
Default: null
Example: { default = { auth = { community = "public"; } ; version = 2; } ; }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.snmp.configurationPath
Path to a snmp exporter configuration file. Mutually exclusive with 'configuration' option.
Type: null or path
Default: null
Example: ./snmp.yml
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.snmp.extraFlags
Extra commandline options to pass to the snmp exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.snmp.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.snmp.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9116"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.snmp.group
Group under which the snmp exporter shall be run.
Type: string
Default: "snmp-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.snmp.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.snmp.logFormat
Output format of log messages.
Type: one of "logfmt", "json"
Default: "logfmt"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.snmp.logLevel
Only log messages with the given severity or above.
Type: one of "debug", "info", "warn", "error"
Default: "info"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.snmp.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.snmp.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9116
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.snmp.user
User name under which the snmp exporter shall be run.
Type: string
Default: "snmp-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.sql.enable
Whether to enable the prometheus sql exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.sql.configFile
Path to configuration file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.sql.configuration
Exporter configuration as nix attribute set. Mutually exclusive with 'configFile' option.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.sql.configuration.jobs
An attrset of metrics scraping jobs to run.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.sql.configuration.jobs.<name>.connections
A list of connection strings of the SQL servers to scrape metrics from
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.sql.configuration.jobs.<name>.interval
How often to run this job, specified in Go duration format.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.sql.configuration.jobs.<name>.queries
SQL queries to run.
Type: attribute set of submodules
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.help
A human-readable description of this metric.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.labels
A set of columns that will be used as Prometheus labels.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.query
The SQL query to run.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.values
A set of columns that will be used as values of this metric.
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.sql.configuration.jobs.<name>.startupSql
A list of SQL statements to execute once after making a connection.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.sql.extraFlags
Extra commandline options to pass to the sql exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.sql.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.sql.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9237"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.sql.group
Group under which the sql exporter shall be run.
Type: string
Default: "sql-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.sql.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.sql.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.sql.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9237
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.sql.user
User name under which the sql exporter shall be run.
Type: string
Default: "sql-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.surfboard.enable
Whether to enable the prometheus surfboard exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.surfboard.extraFlags
Extra commandline options to pass to the surfboard exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.surfboard.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.surfboard.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9239"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.surfboard.group
Group under which the surfboard exporter shall be run.
Type: string
Default: "surfboard-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.surfboard.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.surfboard.modemAddress
The hostname or IP of the cable modem.
Type: string
Default: "192.168.100.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.surfboard.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.surfboard.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9239
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.surfboard.user
User name under which the surfboard exporter shall be run.
Type: string
Default: "surfboard-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.systemd.enable
Whether to enable the prometheus systemd exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.systemd.extraFlags
Extra commandline options to pass to the systemd exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.systemd.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.systemd.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9558"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.systemd.group
Group under which the systemd exporter shall be run.
Type: string
Default: "systemd-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.systemd.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.systemd.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.systemd.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9558
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.systemd.user
User name under which the systemd exporter shall be run.
Type: string
Default: "systemd-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.tor.enable
Whether to enable the prometheus tor exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.tor.extraFlags
Extra commandline options to pass to the tor exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.tor.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.tor.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9130"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.tor.group
Group under which the tor exporter shall be run.
Type: string
Default: "tor-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.tor.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.tor.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.tor.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9130
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.tor.torControlAddress
Tor control IP address or hostname.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.tor.torControlPort
Tor control port.
Type: signed integer
Default: 9051
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.tor.user
User name under which the tor exporter shall be run.
Type: string
Default: "tor-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unbound.enable
Whether to enable the prometheus unbound exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unbound.controlInterface
Path to the unbound socket for uds mode or the control interface port for tcp mode.
Example: uds-mode: /run/unbound/unbound.socket tcp-mode: 127.0.0.1:8953
Type: null or string
Default: null
Example: "/run/unbound/unbound.socket"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unbound.extraFlags
Extra commandline options to pass to the unbound exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unbound.fetchType
Which methods the exporter uses to get the information from unbound.
Type: one of "tcp", "uds"
Default: "uds"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unbound.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.unbound.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9167"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unbound.group
Group under which the unbound exporter shall be run.
Type: string
Default: "unbound-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unbound.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unbound.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unbound.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9167
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unbound.telemetryPath
Path under which to expose metrics.
Type: string
Default: "/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unbound.user
User name under which the unbound exporter shall be run.
Type: string
Default: "unbound-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi.enable
Whether to enable the prometheus unifi exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi.extraFlags
Extra commandline options to pass to the unifi exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.unifi.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9130"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi.group
Group under which the unifi exporter shall be run.
Type: string
Default: "unifi-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9130
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi.unifiAddress
URL of the UniFi Controller API.
Type: string
Example: "https://10.0.0.1:8443"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi.unifiInsecure
If enabled skip the verification of the TLS certificate of the UniFi Controller API. Use with caution.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi.unifiPassword
Password for authentication against UniFi Controller API.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi.unifiTimeout
Timeout including unit for UniFi Controller API requests.
Type: string
Default: "5s"
Example: "2m"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi.unifiUsername
username for authentication against UniFi Controller API.
Type: string
Example: "ReadOnlyUser"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi.user
User name under which the unifi exporter shall be run.
Type: string
Default: "unifi-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi-poller.enable
Whether to enable the prometheus unifi-poller exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi-poller.controllers
List of Unifi controllers to poll. Use defaults if empty.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi-poller.controllers.*.hash_pii
Hash, with md5, client names and MAC addresses. This attempts to protect personally identifiable information.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.prometheus.exporters.unifi-poller.controllers.*.pass
Path of a file containing the password for the unifi service user. This file needs to be readable by the unifi-poller user.
Type: path
Default: unifi-poller-unifi-default.password
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.prometheus.exporters.unifi-poller.controllers.*.save_alarms
Collect and save data from UniFi alarms to influxdb and Loki.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.prometheus.exporters.unifi-poller.controllers.*.save_anomalies
Collect and save data from UniFi anomalies to influxdb and Loki.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.prometheus.exporters.unifi-poller.controllers.*.save_dpi
Collect and save data from deep packet inspection. Adds around 150 data points and impacts performance.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.prometheus.exporters.unifi-poller.controllers.*.save_events
Collect and save data from UniFi events to influxdb and Loki.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.prometheus.exporters.unifi-poller.controllers.*.save_ids
Collect and save data from the intrusion detection system to influxdb and Loki.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.prometheus.exporters.unifi-poller.controllers.*.save_sites
Collect and save site data.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.prometheus.exporters.unifi-poller.controllers.*.sites
List of site names for which statistics should be exported. Or the string "default" for the default site or the string "all" for all sites.
Type: one of "default", "all" or list of strings
Default: "all"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.prometheus.exporters.unifi-poller.controllers.*.url
URL of the Unifi controller.
Type: string
Default: "https://unifi:8443"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.prometheus.exporters.unifi-poller.controllers.*.user
Unifi service user name.
Type: string
Default: "unifi"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.prometheus.exporters.unifi-poller.controllers.*.verify_ssl
Verify the Unifi controller's certificate.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.prometheus.exporters.unifi-poller.extraFlags
Extra commandline options to pass to the unifi-poller exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi-poller.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.unifi-poller.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9130"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi-poller.group
Group under which the unifi-poller exporter shall be run.
Type: string
Default: "unifi-poller-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi-poller.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi-poller.log.debug
Whether to enable debug logging including line numbers, high resolution timestamps, per-device logs..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi-poller.log.prometheusErrors
Whether to enable emitting errors to prometheus..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi-poller.log.quiet
Whether to enable startup and error logs only..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi-poller.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi-poller.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9130
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.unifi-poller.user
User name under which the unifi-poller exporter shall be run.
Type: string
Default: "unifi-poller-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.varnish.enable
Whether to enable the prometheus varnish exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.varnish.extraFlags
Extra commandline options to pass to the varnish exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.varnish.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.varnish.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9131"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.varnish.group
Group under which the varnish exporter shall be run.
Type: string
Default: "varnish-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.varnish.healthPath
Path under which to expose healthcheck. Disabled unless configured.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.varnish.instance
varnishstat -n value.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.varnish.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.varnish.noExit
Do not exit server on Varnish scrape errors.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.varnish.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.varnish.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9131
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.varnish.raw
Enable raw stdout logging without timestamps.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.varnish.telemetryPath
Path under which to expose metrics.
Type: string
Default: "/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.varnish.user
User name under which the varnish exporter shall be run.
Type: string
Default: "varnish-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.varnish.varnishStatPath
Path to varnishstat.
Type: string
Default: "varnishstat"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.varnish.verbose
Enable verbose logging.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.varnish.withGoMetrics
Export go runtime and http handler metrics.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.wireguard.enable
Whether to enable the prometheus wireguard exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.wireguard.extraFlags
Extra commandline options to pass to the wireguard exporter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.wireguard.firewallFilter
Specify a filter for iptables to use when services.prometheus.exporters.wireguard.openFirewall is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9586"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.wireguard.group
Group under which the wireguard exporter shall be run.
Type: string
Default: "wireguard-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.wireguard.listenAddress
Address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.wireguard.openFirewall
Open port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.wireguard.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9586
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.wireguard.singleSubnetPerField
By default, all allowed IPs and subnets are comma-separated in the allowed_ips field. With this option enabled, a single IP and subnet will be listed in fields like allowed_ip_0, allowed_ip_1 and so on.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.wireguard.user
User name under which the wireguard exporter shall be run.
Type: string
Default: "wireguard-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.wireguard.verbose
Whether to enable Verbose logging mode for prometheus-wireguard-exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.wireguard.wireguardConfig
Path to the Wireguard Config to add the peer's name to the stats of a peer.
Please note that networking.wg-quick is required for this feature as networking.wireguard uses wg(8) to set the peers up.
Type: null or path or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.exporters.wireguard.withRemoteIp
Whether or not the remote IP of a WireGuard peer should be exposed via prometheus.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
- services.prometheus.extraFlags
Extra commandline options when launching Prometheus.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.globalConfig
Parameters that are valid in all configuration contexts. They also serve as defaults for other configuration sections
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.globalConfig.evaluation_interval
How frequently to evaluate rules by default.
Defaults to 1m in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.globalConfig.external_labels
The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager).
Type: null or attribute set of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.globalConfig.scrape_interval
How frequently to scrape targets by default.
Defaults to 1m in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.globalConfig.scrape_timeout
How long until a scrape request times out.
Defaults to 10s in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.listenAddress
Address to listen on for the web interface, API, and telemetry.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.port
Port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9090
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.pushgateway.enable
Whether to enable Prometheus Pushgateway.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix>
- services.prometheus.pushgateway.package
Package that should be used for the prometheus pushgateway.
Type: package
Default: pkgs.prometheus-pushgateway
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix>
- services.prometheus.pushgateway.extraFlags
Extra commandline options when launching the Pushgateway.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix>
- services.prometheus.pushgateway.log.format
Set the log target and format.
null will default to logger:stderr.
Type: null or string
Default: null
Example: "logger:syslog?appname=bob&local=7"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix>
- services.prometheus.pushgateway.log.level
Only log messages with the given severity or above.
null will default to info.
Type: null or one of "debug", "info", "warn", "error", "fatal"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix>
- services.prometheus.pushgateway.persistMetrics
Whether to persist metrics to a file.
When enabled metrics will be saved to a file called metrics in the directory /var/lib/pushgateway. The directory below /var/lib can be set using services.prometheus.pushgateway.stateDir.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix>
- services.prometheus.pushgateway.persistence.interval
The minimum interval at which to write out the persistence file.
null will default to 5m.
Type: null or string
Default: null
Example: "10m"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix>
- services.prometheus.pushgateway.stateDir
Directory below /var/lib to store metrics.
This directory will be created automatically using systemd's StateDirectory mechanism when services.prometheus.pushgateway.persistMetrics is enabled.
Type: string
Default: "pushgateway"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix>
- services.prometheus.pushgateway.web.external-url
The URL under which Pushgateway is externally reachable.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix>
- services.prometheus.pushgateway.web.listen-address
Address to listen on for the web interface, API and telemetry.
null will default to :9091.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix>
- services.prometheus.pushgateway.web.route-prefix
Prefix for the internal routes of web endpoints.
Defaults to the path of services.prometheus.pushgateway.web.external-url.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix>
- services.prometheus.pushgateway.web.telemetry-path
Path under which to expose metrics.
null will default to /metrics.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix>
- services.prometheus.remoteRead
Parameters of the endpoints to query from. See the official documentation for more information.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteRead.*.basic_auth
Sets the `Authorization` header on every remote read request with the configured username and password. password and password_file are mutually exclusive.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteRead.*.basic_auth.password
HTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteRead.*.basic_auth.password_file
HTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteRead.*.basic_auth.username
HTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteRead.*.bearer_token
Sets the `Authorization` header on every remote read request with the configured bearer token. It is mutually exclusive with `bearer_token_file`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteRead.*.bearer_token_file
Sets the `Authorization` header on every remote read request with the bearer token read from the configured file. It is mutually exclusive with `bearer_token`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteRead.*.name
Name of the remote read config, which if specified must be unique among remote read configs. The name will be used in metrics and logging in place of a generated value to help users distinguish between remote read configs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteRead.*.proxy_url
Optional Proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteRead.*.read_recent
Whether reads should be made for queries for time ranges that the local storage should have complete data for.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteRead.*.remote_timeout
Timeout for requests to the remote read endpoint.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteRead.*.required_matchers
An optional list of equality matchers which have to be present in a selector to query the remote read endpoint.
Type: null or attribute set of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteRead.*.tls_config
Configures the remote read request's TLS settings.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteRead.*.tls_config.ca_file
CA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteRead.*.tls_config.cert_file
Certificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteRead.*.tls_config.insecure_skip_verify
Disable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteRead.*.tls_config.key_file
Key file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteRead.*.tls_config.server_name
ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteRead.*.url
ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite
Parameters of the endpoints to send samples to. See the official documentation for more information.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.basic_auth
Sets the `Authorization` header on every remote write request with the configured username and password. password and password_file are mutually exclusive.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.basic_auth.password
HTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.basic_auth.password_file
HTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.basic_auth.username
HTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.bearer_token
Sets the `Authorization` header on every remote write request with the configured bearer token. It is mutually exclusive with `bearer_token_file`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.bearer_token_file
Sets the `Authorization` header on every remote write request with the bearer token read from the configured file. It is mutually exclusive with `bearer_token`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.metadata_config
Configures the sending of series metadata to remote storage. Metadata configuration is subject to change at any point or be removed in future releases.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.metadata_config.send
Whether metric metadata is sent to remote storage or not.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.metadata_config.send_interval
How frequently metric metadata is sent to remote storage.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.name
Name of the remote write config, which if specified must be unique among remote write configs. The name will be used in metrics and logging in place of a generated value to help users distinguish between remote write configs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.proxy_url
Optional Proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.queue_config
Configures the queue used to write to remote storage.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.queue_config.batch_send_deadline
Maximum time a sample will wait in buffer.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.queue_config.capacity
Number of samples to buffer per shard before we block reading of more samples from the WAL. It is recommended to have enough capacity in each shard to buffer several requests to keep throughput up while processing occasional slow remote requests.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.queue_config.max_backoff
Maximum retry delay.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.queue_config.max_samples_per_send
Maximum number of samples per send.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.queue_config.max_shards
Maximum number of shards, i.e. amount of concurrency.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.queue_config.min_backoff
Initial retry delay. Gets doubled for every retry.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.queue_config.min_shards
Minimum number of shards, i.e. amount of concurrency.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.remote_timeout
Timeout for requests to the remote write endpoint.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.tls_config
Configures the remote write request's TLS settings.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.tls_config.ca_file
CA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.tls_config.cert_file
Certificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.tls_config.insecure_skip_verify
Disable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.tls_config.key_file
Key file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.tls_config.server_name
ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.url
ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.write_relabel_configs
List of remote write relabel configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.write_relabel_configs.*.action
Action to perform based on regex matching.
Defaults to replace in prometheus when set to null.
Type: null or one of "replace", "keep", "drop", "hashmod", "labelmap", "labeldrop", "labelkeep"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.write_relabel_configs.*.modulus
Modulus to take of the hash of the source label values.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.write_relabel_configs.*.regex
Regular expression against which the extracted value is matched.
Defaults to (.*) in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.write_relabel_configs.*.replacement
Replacement value against which a regex replace is performed if the regular expression matches.
Defaults to $1 in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.write_relabel_configs.*.separator
Separator placed between concatenated source label values.
Defaults to ; in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.write_relabel_configs.*.source_labels
The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.remoteWrite.*.write_relabel_configs.*.target_label
Label to which the resulting value is written in a replace action. It is mandatory for replace actions.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.retentionTime
How long to retain samples in storage.
Type: null or string
Default: null
Example: "15d"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.ruleFiles
Any additional rules files to include in this configuration.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.rules
Alerting and/or Recording rules to evaluate at runtime.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs
A list of scrape configurations.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.azure_sd_configs
List of Azure service discovery configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.azure_sd_configs.*.authentication_method
The authentication method, either OAuth or ManagedIdentity. See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
Defaults to OAuth in prometheus when set to null.
Type: null or one of "OAuth", "ManagedIdentity"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.azure_sd_configs.*.client_id
Optional client ID. Only required with authentication_method OAuth.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.azure_sd_configs.*.client_secret
Optional client secret. Only required with authentication_method OAuth.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.azure_sd_configs.*.environment
The Azure environment.
Defaults to AzurePublicCloud in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.azure_sd_configs.*.follow_redirects
Configure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.azure_sd_configs.*.port
The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule.
Defaults to 80 in prometheus when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.azure_sd_configs.*.proxy_url
Optional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.azure_sd_configs.*.refresh_interval
Refresh interval to re-read the instance list.
Defaults to 300s in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.azure_sd_configs.*.subscription_id
The subscription ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tenant_id
Optional tenant ID. Only required with authentication_method OAuth.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config
TLS configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.ca_file
CA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.cert_file
Certificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.insecure_skip_verify
Disable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.key_file
Key file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.server_name
ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.basic_auth
Sets the `Authorization` header on every scrape request with the configured username and password. password and password_file are mutually exclusive.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.basic_auth.password
HTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.basic_auth.password_file
HTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.basic_auth.username
HTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.bearer_token
Sets the `Authorization` header on every scrape request with the configured bearer token. It is mutually exclusive with bearer_token_file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.bearer_token_file
Sets the `Authorization` header on every scrape request with the bearer token read from the configured file. It is mutually exclusive with bearer_token.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.body_size_limit
An uncompressed response body larger than this many bytes will cause the scrape to fail. 0 means no limit. Example: 100MB. This is an experimental feature, this behaviour could change or be removed in the future.
Defaults to 0 in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs
List of Consul service discovery configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.allow_stale
Allow stale Consul results (see https://www.consul.io/api/index.html#consistency-modes).
Will reduce load on Consul.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.authorization
Optional `Authorization` header configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.authorization.credentials
Sets the credentials. It is mutually exclusive with `credentials_file`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.authorization.credentials_file
Sets the credentials to the credentials read from the configured file. It is mutually exclusive with `credentials`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.authorization.type
Sets the authentication type.
Defaults to Bearer in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.basic_auth
Optional HTTP basic authentication information.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.basic_auth.password
HTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.basic_auth.password_file
HTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.basic_auth.username
HTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.datacenter
Consul datacenter
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.follow_redirects
Configure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.node_meta
Node metadata used to filter nodes for a given service.
Type: null or attribute set of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.oauth2
Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.oauth2.client_id
OAuth client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.oauth2.client_secret
OAuth client secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.oauth2.client_secret_file
Read the client secret from a file. It is mutually exclusive with `client_secret`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.oauth2.endpoint_params
Optional parameters to append to the token URL.
Type: null or attribute set of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.oauth2.scopes
Scopes for the token request.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.oauth2.token_url
The URL to fetch the token from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.password
Consul password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.proxy_url
Optional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.refresh_interval
The time after which the provided names are refreshed.
On large setup it might be a good idea to increase this value because the catalog will change all the time.
Defaults to 30s in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.scheme
Consul scheme Defaults to http in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.server
Consul server to query.
Defaults to localhost:8500 in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.services
A list of services for which targets are retrieved.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tag_separator
The string by which Consul tags are joined into the tag label.
Defaults to , in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tags
An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config
Configures the Consul request's TLS settings.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.ca_file
CA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.cert_file
Certificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.insecure_skip_verify
Disable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.key_file
Key file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.server_name
ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.token
Consul token
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.consul_sd_configs.*.username
Consul username
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs
List of DigitalOcean service discovery configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.authorization
Optional `Authorization` header configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.authorization.credentials
Sets the credentials. It is mutually exclusive with `credentials_file`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.authorization.credentials_file
Sets the credentials to the credentials read from the configured file. It is mutually exclusive with `credentials`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.authorization.type
Sets the authentication type.
Defaults to Bearer in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.basic_auth
Optional HTTP basic authentication information.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.basic_auth.password
HTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.basic_auth.password_file
HTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.basic_auth.username
HTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.follow_redirects
Configure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2
Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.client_id
OAuth client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.client_secret
OAuth client secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.client_secret_file
Read the client secret from a file. It is mutually exclusive with `client_secret`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.endpoint_params
Optional parameters to append to the token URL.
Type: null or attribute set of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.scopes
Scopes for the token request.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.token_url
The URL to fetch the token from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.port
The port to scrape metrics from.
Defaults to 80 in prometheus when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.proxy_url
Optional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.refresh_interval
The time after which the droplets are refreshed.
Defaults to 60s in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config
TLS configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config.ca_file
CA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config.cert_file
Certificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config.insecure_skip_verify
Disable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config.key_file
Key file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config.server_name
ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dns_sd_configs
List of DNS service discovery configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dns_sd_configs.*.names
A list of DNS SRV record names to be queried.
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dns_sd_configs.*.port
The port number used if the query type is not SRV.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dns_sd_configs.*.refresh_interval
The time after which the provided names are refreshed.
Defaults to 30s in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dns_sd_configs.*.type
The type of DNS query to perform. One of SRV, A, or AAAA.
Defaults to SRV in prometheus when set to null.
Type: null or one of "SRV", "A", "AAAA"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs
List of Docker service discovery configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.authorization
Optional `Authorization` header configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.authorization.credentials
Sets the credentials. It is mutually exclusive with `credentials_file`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.authorization.credentials_file
Sets the credentials to the credentials read from the configured file. It is mutually exclusive with `credentials`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.authorization.type
Sets the authentication type.
Defaults to Bearer in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.basic_auth
Optional HTTP basic authentication information.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.basic_auth.password
HTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.basic_auth.password_file
HTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.basic_auth.username
HTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.filters
Optional filters to limit the discovery process to a subset of available resources.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.filters.*.name
Name of the filter. The available filters are listed in the upstream documentation: Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.filters.*.values
Value for the filter.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.follow_redirects
Configure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.host
Address of the Docker daemon.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.host_networking_host
The host to use if the container is in host networking mode.
Defaults to localhost in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.oauth2
Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.oauth2.client_id
OAuth client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.oauth2.client_secret
OAuth client secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.oauth2.client_secret_file
Read the client secret from a file. It is mutually exclusive with `client_secret`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.oauth2.endpoint_params
Optional parameters to append to the token URL.
Type: null or attribute set of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.oauth2.scopes
Scopes for the token request.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.oauth2.token_url
The URL to fetch the token from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.port
The port to scrape metrics from, when `role` is nodes, and for discovered tasks and services that don't have published ports.
Defaults to 80 in prometheus when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.proxy_url
Optional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.refresh_interval
The time after which the containers are refreshed.
Defaults to 60s in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config
TLS configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.ca_file
CA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.cert_file
Certificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.insecure_skip_verify
Disable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.key_file
Key file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.server_name
ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs
List of Docker Swarm service discovery configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.authorization
Optional `Authorization` header configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.authorization.credentials
Sets the credentials. It is mutually exclusive with `credentials_file`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.authorization.credentials_file
Sets the credentials to the credentials read from the configured file. It is mutually exclusive with `credentials`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.authorization.type
Sets the authentication type.
Defaults to Bearer in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.basic_auth
Optional HTTP basic authentication information.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.basic_auth.password
HTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.basic_auth.password_file
HTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.basic_auth.username
HTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.filters
Optional filters to limit the discovery process to a subset of available resources.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.filters.*.name
Name of the filter. The available filters are listed in the upstream documentation: Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.filters.*.values
Value for the filter.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.follow_redirects
Configure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.host
Address of the Docker daemon.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.oauth2
Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.oauth2.client_id
OAuth client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.oauth2.client_secret
OAuth client secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.oauth2.client_secret_file
Read the client secret from a file. It is mutually exclusive with `client_secret`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.oauth2.endpoint_params
Optional parameters to append to the token URL.
Type: null or attribute set of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.oauth2.scopes
Scopes for the token request.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.oauth2.token_url
The URL to fetch the token from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.port
The port to scrape metrics from, when `role` is nodes, and for discovered tasks and services that don't have published ports.
Defaults to 80 in prometheus when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.proxy_url
Optional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.refresh_interval
The time after which the containers are refreshed.
Defaults to 60s in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.role
Role of the targets to retrieve. Must be `services`, `tasks`, or `nodes`.
Type: one of "services", "tasks", "nodes"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config
TLS configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.ca_file
CA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.cert_file
Certificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.insecure_skip_verify
Disable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.key_file
Key file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.server_name
ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.ec2_sd_configs
List of EC2 service discovery configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.access_key
The AWS API key id. If blank, the environment variable AWS_ACCESS_KEY_ID is used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.endpoint
Custom endpoint to be used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.filters
Filters can be used optionally to filter the instance list by other criteria.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.filters.*.name
See this list for the available filters.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.filters.*.values
Value of the filter.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.port
The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule.
Defaults to 80 in prometheus when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.profile
Named AWS profile used to connect to the API.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.refresh_interval
Refresh interval to re-read the instance list.
Defaults to 60s in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.region
The AWS Region. If blank, the region from the instance metadata is used.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.role_arn
AWS Role ARN, an alternative to using AWS API keys.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.secret_key
The AWS API key secret. If blank, the environment variable AWS_SECRET_ACCESS_KEY is used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs
List of Eureka service discovery configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.authorization
Optional `Authorization` header configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.authorization.credentials
Sets the credentials. It is mutually exclusive with `credentials_file`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.authorization.credentials_file
Sets the credentials to the credentials read from the configured file. It is mutually exclusive with `credentials`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.authorization.type
Sets the authentication type.
Defaults to Bearer in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.basic_auth
Optional HTTP basic authentication information.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.basic_auth.password
HTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.basic_auth.password_file
HTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.basic_auth.username
HTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.follow_redirects
Configure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2
Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2.client_id
OAuth client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2.client_secret
OAuth client secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2.client_secret_file
Read the client secret from a file. It is mutually exclusive with `client_secret`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2.endpoint_params
Optional parameters to append to the token URL.
Type: null or attribute set of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2.scopes
Scopes for the token request.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2.token_url
The URL to fetch the token from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.proxy_url
Optional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.server
The URL to connect to the Eureka server.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config
TLS configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.ca_file
CA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.cert_file
Certificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.insecure_skip_verify
Disable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.key_file
Key file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.server_name
ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.file_sd_configs
List of file service discovery configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.file_sd_configs.*.files
Patterns for files from which target groups are extracted. Refer to the Prometheus documentation for permitted filename patterns and formats.
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.file_sd_configs.*.refresh_interval
Refresh interval to re-read the files.
Defaults to 5m in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.gce_sd_configs
List of Google Compute Engine service discovery configurations.
See the relevant Prometheus configuration docs for more detail.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.gce_sd_configs.*.filter
Filter can be used optionally to filter the instance list by other criteria Syntax of this filter string is described here in the filter query parameter section: https://cloud.google.com/compute/docs/reference/latest/instances/list.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.gce_sd_configs.*.port
The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule.
Defaults to 80 in prometheus when set to null.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.gce_sd_configs.*.project
The GCP Project.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.gce_sd_configs.*.refresh_interval
Refresh interval to re-read the cloud instance list.
Defaults to 60s in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.gce_sd_configs.*.tag_separator
The tag separator used to separate concatenated GCE instance network tags.
See the GCP documentation on network tags for more information: https://cloud.google.com/vpc/docs/add-remove-network-tags
Defaults to , in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.gce_sd_configs.*.zone
The zone of the scrape targets. If you need multiple zones use multiple gce_sd_configs.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs
List of Hetzner service discovery configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.authorization
Optional `Authorization` header configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.authorization.credentials
Sets the credentials. It is mutually exclusive with `credentials_file`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.authorization.credentials_file
Sets the credentials to the credentials read from the configured file. It is mutually exclusive with `credentials`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.authorization.type
Sets the authentication type.
Defaults to Bearer in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.basic_auth
Optional HTTP basic authentication information.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.basic_auth.password
HTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.basic_auth.password_file
HTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.basic_auth.username
HTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.follow_redirects
Configure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.oauth2
Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.oauth2.client_id
OAuth client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.oauth2.client_secret
OAuth client secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.oauth2.client_secret_file
Read the client secret from a file. It is mutually exclusive with `client_secret`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.oauth2.endpoint_params
Optional parameters to append to the token URL.
Type: null or attribute set of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.oauth2.scopes
Scopes for the token request.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.oauth2.token_url
The URL to fetch the token from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.port
The port to scrape metrics from.
Defaults to 80 in prometheus when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.proxy_url
Optional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.refresh_interval
The time after which the servers are refreshed.
Defaults to 60s in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.role
The Hetzner role of entities that should be discovered. One of robot or hcloud.
Type: one of "robot", "hcloud"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config
TLS configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config.ca_file
CA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config.cert_file
Certificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config.insecure_skip_verify
Disable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config.key_file
Key file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config.server_name
ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.honor_labels
Controls how Prometheus handles conflicts between labels that are already present in scraped data and labels that Prometheus would attach server-side ("job" and "instance" labels, manually configured target labels, and labels generated by service discovery implementations).
If honor_labels is set to "true", label conflicts are resolved by keeping label values from the scraped data and ignoring the conflicting server-side labels.
If honor_labels is set to "false", label conflicts are resolved by renaming conflicting labels in the scraped data to "exported_<original-label>" (for example "exported_instance", "exported_job") and then attaching server-side labels. This is useful for use cases such as federation, where all labels specified in the target should be preserved.
Defaults to false in prometheus when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.honor_timestamps
honor_timestamps controls whether Prometheus respects the timestamps present in scraped data.
If honor_timestamps is set to true, the timestamps of the metrics exposed by the target will be used.
If honor_timestamps is set to false, the timestamps of the metrics exposed by the target will be ignored.
Defaults to true in prometheus when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.http_sd_configs
List of HTTP service discovery configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.http_sd_configs.*.basic_auth
Authentication information used to authenticate to the API server. password and password_file are mutually exclusive.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.http_sd_configs.*.basic_auth.password
HTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.http_sd_configs.*.basic_auth.password_file
HTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.http_sd_configs.*.basic_auth.username
HTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.http_sd_configs.*.follow_redirects
Configure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.http_sd_configs.*.proxy_url
Optional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.http_sd_configs.*.refresh_interval
Refresh interval to re-query the endpoint.
Defaults to 60s in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config
Configures the scrape request's TLS settings.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.ca_file
CA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.cert_file
Certificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.insecure_skip_verify
Disable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.key_file
Key file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.server_name
ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.http_sd_configs.*.url
URL from which the targets are fetched.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.job_name
The job name assigned to scraped metrics by default.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs
List of Kubernetes service discovery configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.api_server
The API server addresses. If left empty, Prometheus is assumed to run inside of the cluster and will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.authorization
Optional `Authorization` header configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.authorization.credentials
Sets the credentials. It is mutually exclusive with `credentials_file`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.authorization.credentials_file
Sets the credentials to the credentials read from the configured file. It is mutually exclusive with `credentials`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.authorization.type
Sets the authentication type.
Defaults to Bearer in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.basic_auth
Optional HTTP basic authentication information.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.basic_auth.password
HTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.basic_auth.password_file
HTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.basic_auth.username
HTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.follow_redirects
Configure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.kubeconfig_file
Optional path to a kubeconfig file. Note that api_server and kube_config are mutually exclusive.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.namespaces
Optional namespace discovery. If omitted, all namespaces are used.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.namespaces.names
Namespace name.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.oauth2
Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.oauth2.client_id
OAuth client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.oauth2.client_secret
OAuth client secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.oauth2.client_secret_file
Read the client secret from a file. It is mutually exclusive with `client_secret`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.oauth2.endpoint_params
Optional parameters to append to the token URL.
Type: null or attribute set of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.oauth2.scopes
Scopes for the token request.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.oauth2.token_url
The URL to fetch the token from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.proxy_url
Optional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.role
The Kubernetes role of entities that should be discovered. One of endpoints, service, pod, node, or ingress.
Type: one of "endpoints", "service", "pod", "node", "ingress"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.selectors
Optional label and field selectors to limit the discovery process to a subset of available resources. See https://kubernetes.io/docs/concepts/overview/working-with-objects/field-selectors/ and https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ to learn more about the possible filters that can be used. Endpoints role supports pod, service and endpoints selectors, other roles only support selectors matching the role itself (e.g. node role can only contain node selectors).
Note: When making decision about using field/label selector make sure that this is the best approach - it will prevent Prometheus from reusing single list/watch for all scrape configs. This might result in a bigger load on the Kubernetes API, because per each selector combination there will be additional LIST/WATCH. On the other hand, if you just want to monitor small subset of pods in large cluster it's recommended to use selectors. Decision, if selectors should be used or not depends on the particular situation.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.selectors.*.field
Selector field
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.selectors.*.label
Selector label
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.selectors.*.role
Selector role
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config
TLS configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.ca_file
CA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.cert_file
Certificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.insecure_skip_verify
Disable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.key_file
Key file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.server_name
ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs
List of Kuma service discovery configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.authorization
Optional `Authorization` header configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.authorization.credentials
Sets the credentials. It is mutually exclusive with `credentials_file`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.authorization.credentials_file
Sets the credentials to the credentials read from the configured file. It is mutually exclusive with `credentials`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.authorization.type
Sets the authentication type.
Defaults to Bearer in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.basic_auth
Optional HTTP basic authentication information.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.basic_auth.password
HTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.basic_auth.password_file
HTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.basic_auth.username
HTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.fetch_timeout
The time after which the monitoring assignments are refreshed.
Defaults to 2m in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.follow_redirects
Configure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.oauth2
Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.oauth2.client_id
OAuth client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.oauth2.client_secret
OAuth client secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.oauth2.client_secret_file
Read the client secret from a file. It is mutually exclusive with `client_secret`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.oauth2.endpoint_params
Optional parameters to append to the token URL.
Type: null or attribute set of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.oauth2.scopes
Scopes for the token request.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.oauth2.token_url
The URL to fetch the token from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.proxy_url
Optional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.refresh_interval
The time to wait between polling update requests.
Defaults to 30s in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.server
Address of the Kuma Control Plane's MADS xDS server.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config
TLS configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.ca_file
CA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.cert_file
Certificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.insecure_skip_verify
Disable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.key_file
Key file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.server_name
ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.label_limit
Per-scrape limit on number of labels that will be accepted for a sample. If more than this number of labels are present post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit.
Defaults to 0 in prometheus when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.label_name_length_limit
Per-scrape limit on length of labels name that will be accepted for a sample. If a label name is longer than this number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit.
Defaults to 0 in prometheus when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.label_value_length_limit
Per-scrape limit on length of labels value that will be accepted for a sample. If a label value is longer than this number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit.
Defaults to 0 in prometheus when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.lightsail_sd_configs
List of Lightsail service discovery configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.access_key
The AWS API keys. If blank, the environment variable AWS_ACCESS_KEY_ID is used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.endpoint
Custom endpoint to be used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.port
The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule.
Defaults to 80 in prometheus when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.profile
Named AWS profile used to connect to the API.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.refresh_interval
Refresh interval to re-read the instance list.
Defaults to 60s in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.region
The AWS region. If blank, the region from the instance metadata is used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.role_arn
AWS Role ARN, an alternative to using AWS API keys.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.secret_key
The AWS API keys. If blank, the environment variable AWS_SECRET_ACCESS_KEY is used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs
List of Linode service discovery configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.authorization
Optional `Authorization` header configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.authorization.credentials
Sets the credentials. It is mutually exclusive with `credentials_file`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.authorization.credentials_file
Sets the credentials to the credentials read from the configured file. It is mutually exclusive with `credentials`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.authorization.type
Sets the authentication type.
Defaults to Bearer in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.basic_auth
Optional HTTP basic authentication information.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.basic_auth.password
HTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.basic_auth.password_file
HTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.basic_auth.username
HTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.follow_redirects
Configure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2
Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2.client_id
OAuth client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2.client_secret
OAuth client secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2.client_secret_file
Read the client secret from a file. It is mutually exclusive with `client_secret`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2.endpoint_params
Optional parameters to append to the token URL.
Type: null or attribute set of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2.scopes
Scopes for the token request.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2.token_url
The URL to fetch the token from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.port
The port to scrape metrics from.
Defaults to 80 in prometheus when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.proxy_url
Optional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.refresh_interval
The time after which the linode instances are refreshed.
Defaults to 60s in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tag_separator
The string by which Linode Instance tags are joined into the tag label.
Defaults to , in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config
TLS configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.ca_file
CA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.cert_file
Certificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.insecure_skip_verify
Disable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.key_file
Key file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.server_name
ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs
List of Marathon service discovery configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.auth_token
Optional authentication information for token-based authentication: https://docs.mesosphere.com/1.11/security/ent/iam-api/#passing-an-authentication-token It is mutually exclusive with auth_token_file and other authentication mechanisms.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.auth_token_file
Optional authentication information for token-based authentication: https://docs.mesosphere.com/1.11/security/ent/iam-api/#passing-an-authentication-token It is mutually exclusive with auth_token and other authentication mechanisms.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.authorization
Optional `Authorization` header configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.authorization.credentials
Sets the credentials. It is mutually exclusive with `credentials_file`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.authorization.credentials_file
Sets the credentials to the credentials read from the configured file. It is mutually exclusive with `credentials`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.authorization.type
Sets the authentication type.
Defaults to Bearer in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.basic_auth
Optional HTTP basic authentication information.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.basic_auth.password
HTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.basic_auth.password_file
HTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.basic_auth.username
HTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.follow_redirects
Configure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.oauth2
Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.oauth2.client_id
OAuth client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.oauth2.client_secret
OAuth client secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.oauth2.client_secret_file
Read the client secret from a file. It is mutually exclusive with `client_secret`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.oauth2.endpoint_params
Optional parameters to append to the token URL.
Type: null or attribute set of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.oauth2.scopes
Scopes for the token request.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.oauth2.token_url
The URL to fetch the token from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.proxy_url
Optional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.refresh_interval
Polling interval.
Defaults to 30s in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.servers
List of URLs to be used to contact Marathon servers. You need to provide at least one server URL.
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config
TLS configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.ca_file
CA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.cert_file
Certificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.insecure_skip_verify
Disable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.key_file
Key file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.server_name
ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.metric_relabel_configs
List of metric relabel configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.metric_relabel_configs.*.action
Action to perform based on regex matching.
Defaults to replace in prometheus when set to null.
Type: null or one of "replace", "keep", "drop", "hashmod", "labelmap", "labeldrop", "labelkeep"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.metric_relabel_configs.*.modulus
Modulus to take of the hash of the source label values.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.metric_relabel_configs.*.regex
Regular expression against which the extracted value is matched.
Defaults to (.*) in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.metric_relabel_configs.*.replacement
Replacement value against which a regex replace is performed if the regular expression matches.
Defaults to $1 in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.metric_relabel_configs.*.separator
Separator placed between concatenated source label values.
Defaults to ; in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.metric_relabel_configs.*.source_labels
The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.metric_relabel_configs.*.target_label
Label to which the resulting value is written in a replace action. It is mandatory for replace actions.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.metrics_path
The HTTP resource path on which to fetch metrics from targets.
Defaults to /metrics in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.nerve_sd_configs
List of AirBnB's Nerve service discovery configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.nerve_sd_configs.*.paths
Paths can point to a single service, or the root of a tree of services.
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.nerve_sd_configs.*.servers
The Zookeeper servers.
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.nerve_sd_configs.*.timeout
Timeout value.
Defaults to 10s in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.openstack_sd_configs
List of OpenStack service discovery configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.all_tenants
Whether the service discovery should list all instances for all projects. It is only relevant for the 'instance' role and usually requires admin permissions.
Defaults to false in prometheus when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.application_credential_id
The application_credential_id or application_credential_name fields are required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.application_credential_name
The application_credential_id or application_credential_name fields are required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.application_credential_secret
The application_credential_secret field is required if using an application credential to authenticate.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.availability
The availability of the endpoint to connect to. Must be one of public, admin or internal.
Defaults to public in prometheus when set to null.
Type: null or one of "public", "admin", "internal"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.domain_id
At most one of domain_id and domain_name must be provided if using username with Identity V3. Otherwise, either are optional.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.domain_name
At most one of domain_id and domain_name must be provided if using username with Identity V3. Otherwise, either are optional.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.identity_endpoint
identity_endpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. While it's ultimately needed by all of the identity services, it will often be populated by a provider-level function.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.password
password for the Identity V2 and V3 APIs. Consult with your provider's control panel to discover your account's preferred method of authentication.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.port
The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule.
Defaults to 80 in prometheus when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.project_id
The project_id and project_name fields are optional for the Identity V2 API. Some providers allow you to specify a project_name instead of the project_id. Some require both. Your provider's authentication policies will determine how these fields influence authentication.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.project_name
The project_id and project_name fields are optional for the Identity V2 API. Some providers allow you to specify a project_name instead of the project_id. Some require both. Your provider's authentication policies will determine how these fields influence authentication.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.refresh_interval
Refresh interval to re-read the instance list.
Defaults to 60s in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.region
The OpenStack Region.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.role
The OpenStack role of entities that should be discovered.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config
TLS configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.ca_file
CA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.cert_file
Certificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.insecure_skip_verify
Disable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.key_file
Key file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.server_name
ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.userid
username is required if using Identity V2 API. Consult with your provider's control panel to discover your account's username. In Identity V3, either userid or a combination of username and domain_id or domain_name are needed.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.username
username is required if using Identity V2 API. Consult with your provider's control panel to discover your account's username. In Identity V3, either userid or a combination of username and domain_id or domain_name are needed.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.params
Optional HTTP URL parameters.
Type: null or attribute set of list of stringss
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.proxy_url
Optional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs
List of PuppetDB service discovery configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.authorization
Optional `Authorization` header configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.authorization.credentials
Sets the credentials. It is mutually exclusive with `credentials_file`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.authorization.credentials_file
Sets the credentials to the credentials read from the configured file. It is mutually exclusive with `credentials`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.authorization.type
Sets the authentication type.
Defaults to Bearer in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.basic_auth
Optional HTTP basic authentication information.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.basic_auth.password
HTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.basic_auth.password_file
HTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.basic_auth.username
HTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.follow_redirects
Configure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.include_parameters
Whether to include the parameters as meta labels. Due to the differences between parameter types and Prometheus labels, some parameters might not be rendered. The format of the parameters might also change in future releases.
Note: Enabling this exposes parameters in the Prometheus UI and API. Make sure that you don't have secrets exposed as parameters if you enable this.
Defaults to false in prometheus when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.oauth2
Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.oauth2.client_id
OAuth client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.oauth2.client_secret
OAuth client secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.oauth2.client_secret_file
Read the client secret from a file. It is mutually exclusive with `client_secret`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.oauth2.endpoint_params
Optional parameters to append to the token URL.
Type: null or attribute set of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.oauth2.scopes
Scopes for the token request.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.oauth2.token_url
The URL to fetch the token from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.port
The port to scrape metrics from.
Defaults to 80 in prometheus when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.proxy_url
Optional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.query
Puppet Query Language (PQL) query. Only resources are supported. https://puppet.com/docs/puppetdb/latest/api/query/v4/pql.html
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.refresh_interval
Refresh interval to re-read the resources list.
Defaults to 60s in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config
TLS configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.ca_file
CA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.cert_file
Certificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.insecure_skip_verify
Disable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.key_file
Key file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.server_name
ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.url
The URL of the PuppetDB root query endpoint.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.relabel_configs
List of relabel configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.relabel_configs.*.action
Action to perform based on regex matching.
Defaults to replace in prometheus when set to null.
Type: null or one of "replace", "keep", "drop", "hashmod", "labelmap", "labeldrop", "labelkeep"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.relabel_configs.*.modulus
Modulus to take of the hash of the source label values.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.relabel_configs.*.regex
Regular expression against which the extracted value is matched.
Defaults to (.*) in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.relabel_configs.*.replacement
Replacement value against which a regex replace is performed if the regular expression matches.
Defaults to $1 in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.relabel_configs.*.separator
Separator placed between concatenated source label values.
Defaults to ; in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.relabel_configs.*.source_labels
The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.relabel_configs.*.target_label
Label to which the resulting value is written in a replace action. It is mandatory for replace actions.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.sample_limit
Per-scrape limit on number of scraped samples that will be accepted. If more than this number of samples are present after metric relabelling the entire scrape will be treated as failed. 0 means no limit.
Defaults to 0 in prometheus when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.scaleway_sd_configs
List of Scaleway service discovery configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.access_key
Access key to use. https://console.scaleway.com/project/credentials
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.api_url
API URL to use when doing the server listing requests.
Defaults to https://api.scaleway.com in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.follow_redirects
Configure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.name_filter
Specify a name filter (works as a LIKE) to apply on the server listing request.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.port
The port to scrape metrics from.
Defaults to 80 in prometheus when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.project_id
Project ID of the targets.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.proxy_url
Optional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.refresh_interval
Refresh interval to re-read the managed targets list.
Defaults to 60s in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.role
Role of the targets to retrieve. Must be `instance` or `baremetal`.
Type: one of "instance", "baremetal"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.secret_key
Secret key to use when listing targets. https://console.scaleway.com/project/credentials It is mutually exclusive with `secret_key_file`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.secret_key_file
Sets the secret key with the credentials read from the configured file. It is mutually exclusive with `secret_key`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tags_filter
Specify a tag filter (a server needs to have all defined tags to be listed) to apply on the server listing request.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config
TLS configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.ca_file
CA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.cert_file
Certificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.insecure_skip_verify
Disable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.key_file
Key file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.server_name
ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.zone
Zone is the availability zone of your targets (e.g. fr-par-1).
Defaults to fr-par-1 in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.scheme
The URL scheme with which to fetch metrics from targets.
Defaults to http in prometheus when set to null.
Type: null or one of "http", "https"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.scrape_interval
How frequently to scrape targets from this job. Defaults to the globally configured default.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.scrape_timeout
Per-target timeout when scraping this job. Defaults to the globally configured default.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.serverset_sd_configs
List of Zookeeper Serverset service discovery configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.serverset_sd_configs.*.paths
Paths can point to a single service, or the root of a tree of services.
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.serverset_sd_configs.*.servers
The Zookeeper servers.
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.serverset_sd_configs.*.timeout
Timeout value.
Defaults to 10s in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.static_configs
List of labeled target groups for this job.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.static_configs.*.labels
Labels assigned to all metrics scraped from the targets.
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.static_configs.*.targets
The targets specified by the target group.
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.target_limit
Per-scrape config limit on number of unique targets that will be accepted. If more than this number of targets are present after target relabeling, Prometheus will mark the targets as failed without scraping them. 0 means no limit. This is an experimental feature, this behaviour could change in the future.
Defaults to 0 in prometheus when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.tls_config
Configures the scrape request's TLS settings.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.tls_config.ca_file
CA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.tls_config.cert_file
Certificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.tls_config.insecure_skip_verify
Disable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.tls_config.key_file
Key file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.tls_config.server_name
ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.triton_sd_configs
List of Triton Serverset service discovery configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.triton_sd_configs.*.account
The account to use for discovering new targets.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.triton_sd_configs.*.dns_suffix
The DNS suffix which should be applied to target.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.triton_sd_configs.*.endpoint
The Triton discovery endpoint (e.g. cmon.us-east-3b.triton.zone). This is often the same value as dns_suffix.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.triton_sd_configs.*.groups
A list of groups for which targets are retrieved, only supported when targeting the container role. If omitted all containers owned by the requesting account are scraped.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.triton_sd_configs.*.port
The port to use for discovery and metric scraping.
Defaults to 9163 in prometheus when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.triton_sd_configs.*.refresh_interval
The interval which should be used for refreshing targets.
Defaults to 60s in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.triton_sd_configs.*.role
The type of targets to discover, can be set to: - "container" to discover virtual machines (SmartOS zones, lx/KVM/bhyve branded zones) running on Triton - "cn" to discover compute nodes (servers/global zones) making up the Triton infrastructure
Defaults to container in prometheus when set to null.
Type: null or one of "container", "cn"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config
TLS configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.ca_file
CA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.cert_file
Certificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.insecure_skip_verify
Disable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.key_file
Key file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.server_name
ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.triton_sd_configs.*.version
The Triton discovery API version.
Defaults to 1 in prometheus when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs
List of Uyuni Serverset service discovery configurations.
Type: null or list of submodules
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.authorization
Optional `Authorization` header configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.authorization.credentials
Sets the credentials. It is mutually exclusive with `credentials_file`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.authorization.credentials_file
Sets the credentials to the credentials read from the configured file. It is mutually exclusive with `credentials`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.authorization.type
Sets the authentication type.
Defaults to Bearer in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.basic_auth
Optional HTTP basic authentication information.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.basic_auth.password
HTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.basic_auth.password_file
HTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.basic_auth.username
HTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.entitlement
The entitlement string to filter eligible systems.
Defaults to monitoring_entitled in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.follow_redirects
Configure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.oauth2
Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.oauth2.client_id
OAuth client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.oauth2.client_secret
OAuth client secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.oauth2.client_secret_file
Read the client secret from a file. It is mutually exclusive with `client_secret`.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.oauth2.endpoint_params
Optional parameters to append to the token URL.
Type: null or attribute set of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.oauth2.scopes
Scopes for the token request.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.oauth2.token_url
The URL to fetch the token from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.password
Credentials are used to authenticate the requests to Uyuni API.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.proxy_url
Optional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.refresh_interval
Refresh interval to re-read the managed targets list.
Defaults to 60s in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.separator
The string by which Uyuni group names are joined into the groups label
Defaults to , in prometheus when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.server
The URL to connect to the Uyuni server.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config
TLS configuration.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.ca_file
CA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.cert_file
Certificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.insecure_skip_verify
Disable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.key_file
Key file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.server_name
ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.username
Credentials are used to authenticate the requests to Uyuni API.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.stateDir
Directory below /var/lib to store Prometheus metrics data. This directory will be created automatically using systemd's StateDirectory mechanism.
Type: string
Default: "prometheus2"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.webExternalUrl
The URL under which Prometheus is externally reachable (for example, if Prometheus is served via a reverse proxy).
Type: null or string
Default: null
Example: "https://example.com/"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
- services.prometheus.xmpp-alerts.enable
Whether to enable XMPP Web hook service for Alertmanager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/xmpp-alerts.nix>
- services.prometheus.xmpp-alerts.settings
Configuration for prometheus xmpp-alerts, see https://github.com/jelmer/prometheus-xmpp-alerts/blob/master/xmpp-alerts.yml.example for supported values.
Type: YAML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/xmpp-alerts.nix>
- services.promtail.enable
Whether to enable the Promtail ingresser.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/logging/promtail.nix>
- services.promtail.configuration
Specify the configuration for Promtail in Nix.
Type: JSON value
Declared by:
<nixpkgs/nixos/modules/services/logging/promtail.nix>
- services.promtail.extraFlags
Specify a list of additional command line flags, which get escaped and are then passed to Loki.
Type: list of strings
Default: [ ]
Example: [ "--server.http-listen-port=3101" ]
Declared by:
<nixpkgs/nixos/modules/services/logging/promtail.nix>
- services.prosody.enable
Whether to enable the prosody server
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.package
Prosody package to use
Type: package
Default: pkgs.prosody
Example:
pkgs.prosody.override { withExtraLibs = [ pkgs.luaPackages.lpty ]; withCommunityModules = [ "auth_external" ]; };Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.admins
List of administrators of the current host
Type: list of strings
Default: [ ]
Example: [ "admin1@example.com" "admin2@example.com" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.allowRegistration
Allow account creation
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.authentication
Authentication mechanism used for logins.
Type: one of "internal_plain", "internal_hashed", "cyrus", "anonymous"
Default: "internal_hashed"
Example: "internal_plain"
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.c2sRequireEncryption
Force clients to use encrypted connections? This option will prevent clients from authenticating unless they are using encryption.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.dataDir
Directory where Prosody stores its data
Type: path
Default: "/var/lib/prosody"
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.disco_items
List of discoverable items you want to advertise.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.disco_items.*.description
A short description of the endpoint you want to advertise
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.disco_items.*.url
URL of the endpoint you want to make discoverable
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.extraConfig
Additional prosody configuration
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.extraModules
Enable custom modules
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.extraPluginPaths
Addtional path in which to look find plugins/modules
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.group
Group account under which prosody runs.
Type: string
Default: "prosody"
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.httpInterfaces
Interfaces on which the HTTP server will listen on.
Type: list of strings
Default: [ "*" "::" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.httpPorts
Listening HTTP ports list for this service.
Type: list of signed integers
Default: [ 5280 ]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.httpsInterfaces
Interfaces on which the HTTPS server will listen on.
Type: list of strings
Default: [ "*" "::" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.httpsPorts
Listening HTTPS ports list for this service.
Type: list of signed integers
Default: [ 5281 ]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.admin_adhoc
Allows administration via an XMPP client that supports ad-hoc commands
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.admin_telnet
Opens telnet console interface on localhost port 5582
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.announce
Send announcement to all online users
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.blocklist
Allow users to block communications with other users
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.bookmarks
Allows interop between older clients that use XEP-0048: Bookmarks in its 1.0 version and recent clients which use it in PEP
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.bosh
Enable BOSH clients, aka 'Jabber over HTTP'
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.carbons
Keep multiple clients in sync
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.cloud_notify
Push notifications to inform users of new messages or other pertinent information even when they have no XMPP clients online
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.csi
Implements the CSI protocol that allows clients to report their active/inactive state to the server
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.dialback
s2s dialback support
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.disco
Service discovery
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.groups
Shared roster support
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.http_files
Serve static files from a directory over HTTP
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.legacyauth
Legacy authentication. Only used by some old clients and bots
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.limits
Enable bandwidth limiting for XMPP connections
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.mam
Store messages in an archive and allow users to access it
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.motd
Send a message to users when they log in
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.pep
Enables users to publish their mood, activity, playing music and more
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.ping
Replies to XMPP pings with pongs
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.private
Private XML storage (for room bookmarks, etc.)
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.proxy65
Enables a file transfer proxy service which clients behind NAT can use
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.register
Allow users to register on this server using a client and change passwords
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.roster
Allow users to have a roster
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.saslauth
Authentication for clients and servers. Recommended if you want to log in.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.server_contact_info
Publish contact information for this service
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.smacks
Allow a client to resume a disconnected session, and prevent message loss
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.time
Let others know the time here on this server
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.tls
Add support for secure TLS on c2s/s2s connections
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.uptime
Report how long server has been running
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.vcard
Allow users to set vCards
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.vcard_legacy
Converts users profiles and Avatars between old and new formats
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.version
Replies to server version requests
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.watchregistrations
Alert admins of registrations
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.websocket
Enable WebSocket support
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.modules.welcome
Welcome users who register accounts
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.muc
Multi User Chat (MUC) configuration
Type: list of submodules
Default: [ ]
Example: [ { domain = "conference.my-xmpp-example-host.org"; } ]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.muc.*.domain
Domain name of the MUC
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.muc.*.extraConfig
Additional MUC specific configuration
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.muc.*.maxHistoryMessages
Specifies a limit on what each room can be configured to keep
Type: signed integer
Default: 20
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.muc.*.name
The name to return in service discovery responses for the MUC service itself
Type: string
Default: "Prosody Chatrooms"
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.muc.*.restrictRoomCreation
Restrict room creation to server admins
Type: one of true, false, "admin", "local"
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.muc.*.roomDefaultChangeSubject
If set, the rooms will display the public JIDs by default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.muc.*.roomDefaultHistoryLength
Number of history message sent to participants by default.
Type: signed integer
Default: 20
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.muc.*.roomDefaultLanguage
Default room language.
Type: string
Default: "en"
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.muc.*.roomDefaultMembersOnly
If set, the MUC rooms will only be accessible to the members by default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.muc.*.roomDefaultModerated
If set, the MUC rooms will be moderated by default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.muc.*.roomDefaultPublic
If set, the MUC rooms will be public by default.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.muc.*.roomDefaultPublicJids
If set, the MUC rooms will display the public JIDs by default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.muc.*.roomLockTimeout
Timout after which the room is destroyed or unlocked if not configured, in seconds
Type: signed integer
Default: 300
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.muc.*.roomLocking
Enables room locking, which means that a room must be configured before it can be used. Locked rooms are invisible and cannot be entered by anyone but the creator
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.muc.*.tombstoneExpiry
This settings controls how long a tombstone is considered valid. It defaults to 31 days. After this time, the room in question can be created again.
Type: signed integer
Default: 2678400
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.muc.*.tombstones
When a room is destroyed, it leaves behind a tombstone which prevents the room being entered or recreated. It also allows anyone who was not in the room at the time it was destroyed to learn about it, and to update their bookmarks. Tombstones prevents the case where someone could recreate a previously semi-anonymous room in order to learn the real JIDs of those who often join there.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.muc.*.vcard_muc
Adds the ability to set vCard for Multi User Chat rooms
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.s2sInsecureDomains
Some servers have invalid or self-signed certificates. You can list remote domains here that will not be required to authenticate using certificates. They will be authenticated using DNS instead, even when s2s_secure_auth is enabled.
Type: list of strings
Default: [ ]
Example: [ "insecure.example.com" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.s2sRequireEncryption
Force servers to use encrypted connections? This option will prevent servers from authenticating unless they are using encryption. Note that this is different from authentication.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.s2sSecureAuth
Force certificate authentication for server-to-server connections? This provides ideal security, but requires servers you communicate with to support encryption AND present valid, trusted certificates. For more information see https://prosody.im/doc/s2s#security
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.s2sSecureDomains
Even if you leave s2s_secure_auth disabled, you can still require valid certificates for some domains by specifying a list here.
Type: list of strings
Default: [ ]
Example: [ "jabber.org" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.ssl
Paths to SSL files
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.ssl.cert
Path to the certificate file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.ssl.extraOptions
Extra SSL configuration options.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.ssl.key
Path to the key file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.uploadHttp
Configures the Prosody builtin HTTP server to handle user uploads.
Type: null or submodule
Default: null
Example: { domain = "uploads.my-xmpp-example-host.org"; }
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.uploadHttp.domain
Domain name for the http-upload service
Type: null or string
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.uploadHttp.httpUploadPath
Directory where the uploaded files will be stored. By default, uploaded files are put in a sub-directory of the default Prosody storage path (usually /var/lib/prosody).
Type: string
Default: "/var/lib/prosody"
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.uploadHttp.uploadExpireAfter
Max age of a file before it gets deleted, in seconds.
Type: string
Default: "60 * 60 * 24 * 7"
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.uploadHttp.uploadFileSizeLimit
Maximum file size, in bytes. Defaults to 50MB.
Type: string
Default: "50 * 1024 * 1024"
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.uploadHttp.userQuota
Maximum size of all uploaded files per user, in bytes. There will be no quota if this option is set to null.
Type: null or signed integer
Default: null
Example: 1234
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.user
User account under which prosody runs.
Type: string
Default: "prosody"
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.virtualHosts
Define the virtual hosts
Type: attribute set of submodules
Default: { localhost = { domain = "localhost"; enabled = true; } ; }
Example: { myhost = { domain = "my-xmpp-example-host.org"; enabled = true; } ; }
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.virtualHosts.<name>.enabled
Whether to enable the virtual host
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.virtualHosts.<name>.domain
Domain name
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.virtualHosts.<name>.extraConfig
Additional virtual host specific configuration
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.virtualHosts.<name>.ssl
Paths to SSL files
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.virtualHosts.<name>.ssl.cert
Path to the certificate file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.virtualHosts.<name>.ssl.extraOptions
Extra SSL configuration options.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.virtualHosts.<name>.ssl.key
Path to the key file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prosody.xmppComplianceSuite
The XEP-0423 defines a set of recommended XEPs to implement for a server. It's generally a good idea to implement this set of extensions if you want to provide your users with a good XMPP experience.
This NixOS module aims to provide a "advanced server" experience as per defined in the XEP-0423[1] specification.
Setting this option to true will prevent you from building a NixOS configuration which won't comply with this standard. You can explicitely decide to ignore this standard if you know what you are doing by setting this option to false.
[1] https://xmpp.org/extensions/xep-0423.html
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
- services.prowlarr.enable
Whether to enable Prowlarr.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/prowlarr.nix>
- services.prowlarr.openFirewall
Open ports in the firewall for the Prowlarr web interface.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/prowlarr.nix>
- services.psd.enable
Whether to enable the Profile Sync daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/profile-sync-daemon.nix>
- services.psd.resyncTimer
The amount of time to wait before syncing browser profiles back to the disk.
Takes a systemd.unit time span. The time unit defaults to seconds if omitted.
Type: string
Default: "1h"
Example: "1h 30min"
Declared by:
<nixpkgs/nixos/modules/services/desktops/profile-sync-daemon.nix>
- services.pykms.enable
Whether to enable the PyKMS service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/pykms.nix>
- services.pykms.extraArgs
Additional arguments
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/pykms.nix>
- services.pykms.listenAddress
The IP address on which to listen.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/pykms.nix>
- services.pykms.logLevel
How much to log
Type: one of "CRITICAL", "ERROR", "WARNING", "INFO", "DEBUG", "MININFO"
Default: "INFO"
Declared by:
<nixpkgs/nixos/modules/services/misc/pykms.nix>
- services.pykms.memoryLimit
How much memory to use at most.
Type: string
Default: "64M"
Declared by:
<nixpkgs/nixos/modules/services/misc/pykms.nix>
- services.pykms.openFirewallPort
Whether the listening port should be opened automatically.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/pykms.nix>
- services.pykms.port
The port on which to listen.
Type: signed integer
Default: 1688
Declared by:
<nixpkgs/nixos/modules/services/misc/pykms.nix>
- services.qemuGuest.enable
Whether to enable the qemu guest agent.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-guest-agent.nix>
- services.qemuGuest.package
The QEMU guest agent package.
Type: package
Default: pkgs.qemu_kvm.ga
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-guest-agent.nix>
- services.quake3-server.enable
Whether to enable Quake 3 dedicated server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/games/quake3-server.nix>
- services.quake3-server.baseq3
Path to the baseq3 files (pak*.pk3). If this is on the nix store (type = package) all .pk3 files should be saved in the top-level directory. If this is on another filesystem (e.g /var/lib/baseq3) the .pk3 files are searched in $baseq3/.q3a/baseq3/
Type: package or path
Default: (build of baseq3)
Example: "/var/lib/q3ds"
Declared by:
<nixpkgs/nixos/modules/services/games/quake3-server.nix>
- services.quake3-server.extraConfig
Extra configuration options. Note that options changed via RCON will not be persisted. To list all possible options, use "cvarlist 1" via RCON.
Type: strings concatenated with "\n"
Default: ""
Example:
'' seta rconPassword "superSecret" // sets RCON password for remote console seta sv_hostname "My Quake 3 server" // name that appears in server list ''
Declared by:
<nixpkgs/nixos/modules/services/games/quake3-server.nix>
- services.quake3-server.openFirewall
Open the firewall.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/quake3-server.nix>
- services.quake3-server.port
UDP Port the server should listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 27960
Declared by:
<nixpkgs/nixos/modules/services/games/quake3-server.nix>
- services.quassel.enable
Whether to enable the Quassel IRC client daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
- services.quassel.package
The package of the quassel daemon.
Type: package
Default: pkgs.quasselDaemon
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
- services.quassel.certificateFile
Path to the certificate used for SSL connections with clients.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
- services.quassel.dataDir
The directory holding configuration files, the SQlite database and the SSL Cert.
Type: string
Default: "/home/quassel/.config/quassel-irc.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
- services.quassel.interfaces
The interfaces the Quassel daemon will be listening to. If `[ 127.0.0.1 ]', only clients on the local host can connect to it; if `[ 0.0.0.0 ]', clients can access it from any network interface.
Type: list of strings
Default: [ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
- services.quassel.portNumber
The port number the Quassel daemon will be listening to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 4242
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
- services.quassel.requireSSL
Require SSL for connections from clients.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
- services.quassel.user
The existing user the Quassel daemon should run as. If left empty, a default "quassel" user will be created.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
- services.quicktun
QuickTun tunnels
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/quicktun.nix>
- services.quicktun.<name>.localAddress
Type: string
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/quicktun.nix>
- services.quicktun.<name>.localPort
Type: signed integer
Default: 2998
Declared by:
<nixpkgs/nixos/modules/services/networking/quicktun.nix>
- services.quicktun.<name>.privateKey
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/quicktun.nix>
- services.quicktun.<name>.protocol
Type: string
Default: "nacltai"
Declared by:
<nixpkgs/nixos/modules/services/networking/quicktun.nix>
- services.quicktun.<name>.publicKey
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/quicktun.nix>
- services.quicktun.<name>.remoteAddress
Type: string
Example: "tunnel.example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/quicktun.nix>
- services.quicktun.<name>.remoteFloat
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/quicktun.nix>
- services.quicktun.<name>.remotePort
Type: signed integer
Default: 2998
Declared by:
<nixpkgs/nixos/modules/services/networking/quicktun.nix>
- services.quicktun.<name>.timeWindow
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/quicktun.nix>
- services.quicktun.<name>.tunMode
Type: signed integer
Default: 0
Example: 1
Declared by:
<nixpkgs/nixos/modules/services/networking/quicktun.nix>
- services.quicktun.<name>.upScript
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/quicktun.nix>
- services.quorum.enable
Whether to enable Quorum blockchain daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
- services.quorum.blockperiod
Default minimum difference between two consecutive block's timestamps in seconds.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
- services.quorum.genesis
Blockchain genesis settings.
Type: null or attribute set
Default: null
Example:
{ alloc = { a47385db68718bdcbddc2d2bb7c54018066ec111 = { balance = "1000000000000000000000000000"; }; }; coinbase = "0x0000000000000000000000000000000000000000"; config = { byzantiumBlock = 4; chainId = 494702925; eip150Block = 2; eip155Block = 3; eip158Block = 3; homesteadBlock = 1; isQuorum = true; istanbul = { epoch = 30000; policy = 0; }; }; difficulty = "0x1"; extraData = "0x0000000000000000000000000000000000000000000000000000000000000000f85ad59438f0508111273d8e482f49410ca4078afc86a961b8410000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0"; gasLimit = "0x2FEFD800"; mixHash = "0x63746963616c2062797a616e74696e65201111756c7420746f6c6572616e6365"; nonce = "0x0"; parentHash = "0x0000000000000000000000000000000000000000000000000000000000000000"; timestamp = "0x00"; }Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
- services.quorum.group
The group as which to run quorum.
Type: string
Default: "quorum"
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
- services.quorum.nodekeyFile
Path to the nodekey.
Type: path
Default: "/var/lib/quorum/nodekey"
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
- services.quorum.permissioned
Allow only a defined list of nodes to connect.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
- services.quorum.port
Override the default port on which to listen for connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 21000
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
- services.quorum.privateconfig
Configuration of privacy transaction manager.
Type: string
Default: "ignore"
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
- services.quorum.rpc.enable
Enable RPC interface.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
- services.quorum.rpc.address
Listening address for RPC connections.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
- services.quorum.rpc.api
API's offered over the HTTP-RPC interface.
Type: string
Default: "admin,db,eth,debug,miner,net,shh,txpool,personal,web3,quorum,istanbul"
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
- services.quorum.rpc.port
Override the default port on which to listen for RPC connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 22004
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
- services.quorum.staticNodes
List of validator nodes.
Type: list of strings
Default: [ ]
Example: [ "enode://dd333ec28f0a8910c92eb4d336461eea1c20803eed9cf2c056557f986e720f8e693605bba2f4e8f289b1162e5ac7c80c914c7178130711e393ca76abc1d92f57@0.0.0.0:30303?discport=0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
- services.quorum.syncmode
Blockchain sync mode.
Type: one of "fast", "full", "light"
Default: "full"
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
- services.quorum.user
The user as which to run quorum.
Type: string
Default: "quorum"
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
- services.quorum.ws.enable
Enable WS-RPC interface.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
- services.quorum.ws.address
Listening address for WS-RPC connections.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
- services.quorum.ws.api
API's offered over the WS-RPC interface.
Type: string
Default: "admin,db,eth,debug,miner,net,shh,txpool,personal,web3,quorum,istanbul"
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
- services.quorum.ws.origins
Origins from which to accept websockets requests
Type: string
Default: "*"
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
- services.quorum.ws.port
Override the default port on which to listen for WS-RPC connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8546
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
- services.rabbitmq.enable
Whether to enable the RabbitMQ server, an Advanced Message Queuing Protocol (AMQP) broker.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
- services.rabbitmq.package
Which rabbitmq package to use.
Type: package
Default: pkgs.rabbitmq-server
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
- services.rabbitmq.config
Verbatim advanced configuration file contents using the Erlang syntax. This is also known as the advanced.config file or the old config format.
configItems is preferred whenever possible. However, nested data structures can only be expressed properly using the config option.
The contents of this option will be merged into the configItems by RabbitMQ at runtime to form the final configuration.
See the second table on https://www.rabbitmq.com/configure.html#config-items For the distinct formats, see https://www.rabbitmq.com/configure.html#config-file-formats
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
- services.rabbitmq.configItems
Configuration options in RabbitMQ's new config file format, which is a simple key-value format that can not express nested data structures. This is known as the rabbitmq.conf file, although outside NixOS that filename may have Erlang syntax, particularly prior to RabbitMQ 3.7.0.
If you do need to express nested data structures, you can use config option. Configuration from config will be merged into these options by RabbitMQ at runtime to form the final configuration.
See https://www.rabbitmq.com/configure.html#config-items For the distinct formats, see https://www.rabbitmq.com/configure.html#config-file-formats
Type: attribute set of strings
Default: { }
Example:
{ "auth_backends.1.authn" = "rabbit_auth_backend_ldap"; "auth_backends.1.authz" = "rabbit_auth_backend_internal"; }Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
- services.rabbitmq.cookie
Erlang cookie is a string of arbitrary length which must be the same for several nodes to be allowed to communicate. Leave empty to generate automatically.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
- services.rabbitmq.dataDir
Data directory for rabbitmq.
Type: path
Default: "/var/lib/rabbitmq"
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
- services.rabbitmq.listenAddress
IP address on which RabbitMQ will listen for AMQP connections. Set to the empty string to listen on all interfaces. Note that RabbitMQ creates a user named guest with password guest by default, so you should delete this user if you intend to allow external access.
Together with 'port' setting it's mostly an alias for configItems."listeners.tcp.1" and it's left for backwards compatibility with previous version of this module.
Type: string
Default: "127.0.0.1"
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
- services.rabbitmq.managementPlugin.enable
Whether to enable the management plugin.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
- services.rabbitmq.managementPlugin.port
On which port to run the management plugin
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 15672
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
- services.rabbitmq.pluginDirs
The list of directories containing external plugins
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
- services.rabbitmq.plugins
The names of plugins to enable
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
- services.rabbitmq.port
Port on which RabbitMQ will listen for AMQP connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5672
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
- services.racoon.enable
Whether to enable racoon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/racoon.nix>
- services.racoon.config
Contents of racoon configuration file.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/racoon.nix>
- services.racoon.configPath
Location of racoon config if config is not provided.
Type: path
Default: "/etc/racoon/racoon.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/racoon.nix>
- services.radarr.enable
Whether to enable Radarr.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/radarr.nix>
- services.radarr.dataDir
The directory where Radarr stores its data files.
Type: string
Default: "/var/lib/radarr/.config/Radarr"
Declared by:
<nixpkgs/nixos/modules/services/misc/radarr.nix>
- services.radarr.group
Group under which Radarr runs.
Type: string
Default: "radarr"
Declared by:
<nixpkgs/nixos/modules/services/misc/radarr.nix>
- services.radarr.openFirewall
Open ports in the firewall for the Radarr web interface.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/radarr.nix>
- services.radarr.user
User account under which Radarr runs.
Type: string
Default: "radarr"
Declared by:
<nixpkgs/nixos/modules/services/misc/radarr.nix>
- services.radicale.enable
Whether to enable Radicale CalDAV and CardDAV server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/radicale.nix>
- services.radicale.package
Radicale package to use.
Type: package
Default: pkgs.radicale
Declared by:
<nixpkgs/nixos/modules/services/networking/radicale.nix>
- services.radicale.config
Radicale configuration, this will set the service configuration file. This option is mutually exclusive with settings. This option is deprecated. Use settings instead.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/radicale.nix>
- services.radicale.extraArgs
Extra arguments passed to the Radicale daemon.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/radicale.nix>
- services.radicale.rights
Configuration for Radicale's rights file. See https://radicale.org/3.0.html#documentation/authentication-and-rights. This option only works in conjunction with settings. Setting this will also set settings.rights.type and settings.rights.file to approriate values.
Type: attribute set of attribute set of INI atom (null, bool, int, float or string) or a non-empty list of themss
Default: { }
Example:
root = { user = ".+"; collection = ""; permissions = "R"; }; principal = { user = ".+"; collection = "{user}"; permissions = "RW"; }; calendars = { user = ".+"; collection = "{user}/[^/]+"; permissions = "rw"; };Declared by:
<nixpkgs/nixos/modules/services/networking/radicale.nix>
- services.radicale.settings
Configuration for Radicale. See https://radicale.org/3.0.html#documentation/configuration. This option is mutually exclusive with config.
Type: attribute set of attribute set of INI atom (null, bool, int, float or string) or a non-empty list of themss
Default: { }
Example:
server = { hosts = [ "0.0.0.0:5232" "[::]:5232" ]; }; auth = { type = "htpasswd"; htpasswd_filename = "/etc/radicale/users"; htpasswd_encryption = "bcrypt"; }; storage = { filesystem_folder = "/var/lib/radicale/collections"; };Declared by:
<nixpkgs/nixos/modules/services/networking/radicale.nix>
- services.radvd.enable
Whether to enable the Router Advertisement Daemon (radvd), which provides link-local advertisements of IPv6 router addresses and prefixes using the Neighbor Discovery Protocol (NDP). This enables stateless address autoconfiguration in IPv6 clients on the network.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/radvd.nix>
- services.radvd.config
The contents of the radvd configuration file.
Type: strings concatenated with "\n"
Example:
'' interface eth0 { AdvSendAdvert on; prefix 2001:db8:1234:5678::/64 { }; }; ''Declared by:
<nixpkgs/nixos/modules/services/networking/radvd.nix>
- services.railcar.enable
Whether to enable railcar.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/railcar.nix>
- services.railcar.package
Railcar package to use
Type: package
Default: pkgs.railcar
Declared by:
<nixpkgs/nixos/modules/virtualisation/railcar.nix>
- services.railcar.containers
Declarative container configuration
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/railcar.nix>
- services.railcar.containers.<name>.arch
Computer architecture type of the container
Type: string
Default: "x86_64"
Declared by:
<nixpkgs/nixos/modules/virtualisation/railcar.nix>
- services.railcar.containers.<name>.cmd
Command or script to run inside the container
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/virtualisation/railcar.nix>
- services.railcar.containers.<name>.mounts
A set of mounts inside the container.
The defaults have been chosen for simple bindmounts, meaning that you only need to provide the "source" parameter.
Type: attribute set of submodules
Default: { }
Example: { /data = { source = "/var/lib/data"; } ; }
Declared by:
<nixpkgs/nixos/modules/virtualisation/railcar.nix>
- services.railcar.containers.<name>.mounts.<name>.options
Mount options of the filesystem to be used.
Support options are listed in the mount(8) man page. Note that both filesystem-independent and filesystem-specific options are listed.
Type: list of strings
Default: [ "bind" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/railcar.nix>
- services.railcar.containers.<name>.mounts.<name>.source
Source for the in-container mount
Type: string
Declared by:
<nixpkgs/nixos/modules/virtualisation/railcar.nix>
- services.railcar.containers.<name>.mounts.<name>.type
The type of the filesystem to be mounted. Linux: filesystem types supported by the kernel as listed in `/proc/filesystems` (e.g., "minix", "ext2", "ext3", "jfs", "xfs", "reiserfs", "msdos", "proc", "nfs", "iso9660"). For bind mounts (when options include either bind or rbind), the type is a dummy, often "none" (not listed in /proc/filesystems).
Type: string
Default: "none"
Declared by:
<nixpkgs/nixos/modules/virtualisation/railcar.nix>
- services.railcar.containers.<name>.os
OS type of the container
Type: string
Default: "linux"
Declared by:
<nixpkgs/nixos/modules/virtualisation/railcar.nix>
- services.railcar.containers.<name>.runType
The systemd service run type
Type: string
Default: "oneshot"
Declared by:
<nixpkgs/nixos/modules/virtualisation/railcar.nix>
- services.railcar.stateDir
Railcar persistent state directory
Type: path
Default: "/var/railcar"
Declared by:
<nixpkgs/nixos/modules/virtualisation/railcar.nix>
- services.ratbagd.enable
Whether to enable ratbagd for configuring gaming mice.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/ratbagd.nix>
- services.rdnssd.enable
Whether to enable the RDNSS daemon (rdnssd), which configures DNS servers in /etc/resolv.conf from RDNSS advertisements sent by IPv6 routers.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/rdnssd.nix>
- services.redis.enable
Whether to enable the Redis server. Note that the NixOS module for Redis disables kernel support for Transparent Huge Pages (THP), because this features causes major performance problems for Redis, e.g. (https://redis.io/topics/latency).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redis.package
Which Redis derivation to use.
Type: package
Default: pkgs.redis
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redis.appendFsync
How often to fsync the append-only log, options: no, always, everysec.
Type: string
Default: "everysec"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redis.appendOnly
By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redis.bind
The IP interface to bind to. null means "all interfaces".
Type: null or string
Default: "127.0.0.1"
Example: "192.0.2.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redis.databases
Set the number of databases.
Type: signed integer
Default: 16
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redis.logLevel
Specify the server verbosity level, options: debug, verbose, notice, warning.
Type: string
Default: "notice"
Example: "debug"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redis.logfile
Specify the log file name. Also 'stdout' can be used to force Redis to log on the standard output.
Type: string
Default: "/dev/null"
Example: "/var/log/redis.log"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redis.masterAuth
If the master is password protected (using the requirePass configuration) it is possible to tell the slave to authenticate before starting the replication synchronization process, otherwise the master will refuse the slave request. (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redis.maxclients
Set the max number of connected clients at the same time.
Type: signed integer
Default: 10000
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redis.openFirewall
Whether to open ports in the firewall for the server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redis.port
The port for Redis to listen to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 6379
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redis.requirePass
Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE). Use requirePassFile to store it outside of the nix store in a dedicated file.
Type: null or string
Default: null
Example: "letmein!"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redis.requirePassFile
File with password for the database.
Type: null or path
Default: null
Example: "/run/keys/redis-password"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redis.save
The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes.
Type: list of list of signed integerss
Default: [ [ 900 1 ] [ 300 10 ] [ 60 10000 ] ]
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redis.settings
Redis configuration. Refer to https://redis.io/topics/config for details on supported values.
Type: attribute set of boolean or signed integer or string or list of stringss
Default: { }
Example:
{ loadmodule = [ "/path/to/my_module.so" "/path/to/other_module.so" ]; }Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redis.slaveOf
IP and port to which this redis instance acts as a slave.
Type: null or submodule
Default: null
Example: { ip = "192.168.1.100"; port = 6379; }
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redis.slaveOf.ip
IP of the Redis master
Type: string
Example: "192.168.1.100"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redis.slaveOf.port
port of the Redis master
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 6379
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redis.slowLogLogSlowerThan
Log queries whose execution take longer than X in milliseconds.
Type: signed integer
Default: 10000
Example: 1000
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redis.slowLogMaxLen
Maximum number of items to keep in slow log.
Type: signed integer
Default: 128
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redis.syslog
Enable logging to the system logger.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redis.unixSocket
The path to the socket to bind to.
Type: null or path
Default: null
Example: "/run/redis/redis.sock"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redis.unixSocketPerm
Change permissions for the socket
Type: signed integer
Default: 750
Example: 700
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redis.vmOverCommit
Set vm.overcommit_memory to 1 (Suggested for Background Saving: http://redis.io/topics/faq)
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
- services.redmine.enable
Whether to enable Redmine.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
- services.redmine.package
Which Redmine package to use.
Type: package
Default: pkgs.redmine
Example: pkgs.redmine.override { ruby = pkgs.ruby_2_7; }
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
- services.redmine.database.createLocally
Create the database and database user locally.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
- services.redmine.database.host
Database host address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
- services.redmine.database.name
Database name.
Type: string
Default: "redmine"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
- services.redmine.database.passwordFile
A file containing the password corresponding to database.user.
Type: null or path
Default: null
Example: "/run/keys/redmine-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
- services.redmine.database.port
Database host port.
Type: signed integer
Default: 3306
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
- services.redmine.database.socket
Path to the unix socket file to use for authentication.
Type: null or path
Default: /run/mysqld/mysqld.sock
Example: "/run/mysqld/mysqld.sock"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
- services.redmine.database.type
Database engine to use.
Type: one of "mysql2", "postgresql"
Default: "mysql2"
Example: "postgresql"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
- services.redmine.database.user
Database user.
Type: string
Default: "redmine"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
- services.redmine.extraEnv
Extra configuration in additional_environment.rb.
See https://svn.redmine.org/redmine/trunk/config/additional_environment.rb.example for details.
Type: strings concatenated with "\n"
Default: ""
Example:
'' config.logger.level = Logger::DEBUG ''
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
- services.redmine.group
Group under which Redmine is ran.
Type: string
Default: "redmine"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
- services.redmine.plugins
Set of plugins.
Type: attribute set of paths
Default: { }
Example:
{ redmine_env_auth = builtins.fetchurl { url = "https://github.com/Intera/redmine_env_auth/archive/0.6.zip"; sha256 = "0yyr1yjd8gvvh832wdc8m3xfnhhxzk2pk3gm2psg5w9jdvd6skak"; }; }Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
- services.redmine.port
Port on which Redmine is ran.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
- services.redmine.settings
Redmine configuration (configuration.yml). Refer to https://guides.rubyonrails.org/action_mailer_basics.html#action-mailer-configuration for details.
Type: YAML value
Default: { }
Example:
{ email_delivery = { delivery_method = "smtp"; smtp_settings = { address = "mail.example.com"; port = 25; }; }; }Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
- services.redmine.stateDir
The state directory, logs and plugins are stored here.
Type: string
Default: "/var/lib/redmine"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
- services.redmine.themes
Set of themes.
Type: attribute set of paths
Default: { }
Example:
{ dkuk-redmine_alex_skin = builtins.fetchurl { url = "https://bitbucket.org/dkuk/redmine_alex_skin/get/1842ef675ef3.zip"; sha256 = "0hrin9lzyi50k4w2bd2b30vrf1i4fi1c0gyas5801wn8i7kpm9yl"; }; }Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
- services.redmine.user
User under which Redmine is ran.
Type: string
Default: "redmine"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
- services.redshift.enable
Enable Redshift to change your screen's colour temperature depending on the time of day.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
- services.redshift.package
redshift derivation to use.
Type: package
Default: pkgs.redshift
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
- services.redshift.brightness.day
Screen brightness to apply during the day, between 0.1 and 1.0.
Type: string
Default: "1"
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
- services.redshift.brightness.night
Screen brightness to apply during the night, between 0.1 and 1.0.
Type: string
Default: "1"
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
- services.redshift.executable
Redshift executable to use within the package.
Type: string
Default: "/bin/redshift"
Example: "/bin/redshift-gtk"
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
- services.redshift.extraOptions
Additional command-line arguments to pass to redshift.
Type: list of strings
Default: [ ]
Example: [ "-v" "-m randr" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
- services.redshift.temperature.day
Colour temperature to use during the day, between 1000 and 25000 K.
Type: signed integer
Default: 5500
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
- services.redshift.temperature.night
Colour temperature to use at night, between 1000 and 25000 K.
Type: signed integer
Default: 3700
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
- services.redsocks.enable
Whether to enable redsocks.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
- services.redsocks.chroot
Chroot under which to run redsocks. Log file is opened before chroot, but if logging to syslog /etc/localtime may be required.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
- services.redsocks.log
Where to send logs.
Possible values are: - stderr - file:/path/to/file - syslog:FACILITY where FACILITY is any of "daemon", "local0", etc.
Type: string
Default: "stderr"
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
- services.redsocks.log_debug
Log connection progress.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
- services.redsocks.log_info
Log start and end of client sessions.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
- services.redsocks.redsocks
Local port to proxy associations to be performed.
The example shows how to configure a proxy to handle port 80 as HTTP relay, and all other ports as HTTP connect.
Type: list of submodules
Example: [ { doNotRedirect = [ "-d 1.2.0.0/16" ] ; port = 23456; proxy = "1.2.3.4:8080"; redirectCondition = "--dport 80"; type = "http-relay"; } { doNotRedirect = [ "-d 1.2.0.0/16" ] ; port = 23457; proxy = "1.2.3.4:8080"; redirectCondition = true; type = "http-connect"; } ]
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
- services.redsocks.redsocks.*.disclose_src
Way to disclose client IP to the proxy. - "false": do not disclose http-connect supports the following ways: - "X-Forwarded-For": add header "X-Forwarded-For: IP" - "Forwarded_ip": add header "Forwarded: for=IP" (see RFC7239) - "Forwarded_ipport": add header 'Forwarded: for="IP:port"'
Type: one of "false", "X-Forwarded-For", "Forwarded_ip", "Forwarded_ipport"
Default: "false"
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
- services.redsocks.redsocks.*.doNotRedirect
Iptables filters that if matched will get the packet off of redsocks.
Type: list of strings
Default: [ ]
Example: [ "-d 1.2.3.4" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
- services.redsocks.redsocks.*.ip
IP on which redsocks should listen. Defaults to 127.0.0.1 for security reasons.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
- services.redsocks.redsocks.*.login
Login to send to proxy.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
- services.redsocks.redsocks.*.password
Password to send to proxy. WARNING, this will end up world-readable in the store! Awaiting https://github.com/NixOS/nix/issues/8 to be able to fix.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
- services.redsocks.redsocks.*.port
Port on which redsocks should listen.
Type: signed integer
Default: 12345
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
- services.redsocks.redsocks.*.proxy
Proxy through which redsocks should forward incoming traffic. Example: "example.org:8080"
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
- services.redsocks.redsocks.*.redirectCondition
Conditions to make outbound packets go through this redsocks instance.
If set to false, no packet will be forwarded. If set to true, all packets will be forwarded (except packets excluded by redirectInternetOnly).
If set to a string, this is an iptables filter that will be matched against packets before getting them into redsocks. For example, setting it to "--dport 80" will only send packets to port 80 to redsocks. Note "-p tcp" is always implicitly added, as udp can only be proxied through redudp or the like.
Type: boolean or string
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
- services.redsocks.redsocks.*.redirectInternetOnly
Exclude all non-globally-routable IPs from redsocks
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
- services.redsocks.redsocks.*.type
Type of proxy.
Type: one of "socks4", "socks5", "http-connect", "http-relay"
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
- services.replay-sorcery.enable
Whether to enable the ReplaySorcery service for instant-replays.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/video/replay-sorcery.nix>
- services.replay-sorcery.enableSysAdminCapability
Whether to enable the system admin capability to support hardware accelerated video capture. This is equivalent to running ReplaySorcery as root, so use with caution.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/video/replay-sorcery.nix>
- services.replay-sorcery.autoStart
Automatically start ReplaySorcery when graphical-session.target starts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/video/replay-sorcery.nix>
- services.replay-sorcery.settings
System-wide configuration for ReplaySorcery (/etc/replay-sorcery.conf).
Type: attribute set of string or signed integers
Default: { }
Example:
{ videoInput = "hwaccel"; # requires `services.replay-sorcery.enableSysAdminCapability = true` videoFramerate = 60; }Declared by:
<nixpkgs/nixos/modules/services/video/replay-sorcery.nix>
- services.resilio.enable
If enabled, start the Resilio Sync daemon. Once enabled, you can interact with the service through the Web UI, or configure it in your NixOS configuration.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
- services.resilio.enableWebUI
Enable Web UI for administration. Bound to the specified httpListenAddress and httpListenPort.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
- services.resilio.apiKey
API key, which enables the developer API.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
- services.resilio.checkForUpdates
Determines whether to check for updates and alert the user about them in the UI.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
- services.resilio.deviceName
Name of the Resilio Sync device.
Type: string
Default: "nixos"
Example: "Voltron"
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
- services.resilio.directoryRoot
Default directory to add folders in the web UI.
Type: string
Default: ""
Example: "/media"
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
- services.resilio.downloadLimit
Download speed limit. 0 is unlimited (default).
Type: signed integer
Default: 0
Example: 1024
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
- services.resilio.encryptLAN
Encrypt LAN data.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
- services.resilio.httpListenAddr
HTTP address to bind to.
Type: string
Default: "[::1]"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
- services.resilio.httpListenPort
HTTP port to bind on.
Type: signed integer
Default: 9000
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
- services.resilio.httpLogin
HTTP web login username.
Type: string
Default: ""
Example: "allyourbase"
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
- services.resilio.httpPass
HTTP web login password.
Type: string
Default: ""
Example: "arebelongtous"
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
- services.resilio.listeningPort
Listening port. Defaults to 0 which randomizes the port.
Type: signed integer
Default: 0
Example: 44444
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
- services.resilio.sharedFolders
Shared folder list. If enabled, web UI must be disabled. Secrets can be generated using rslsync --generate-secret. Note that this secret will be put inside the Nix store, so it is realistically not very secret.
If you would like to be able to modify the contents of this directories, it is recommended that you make your user a member of the rslsync group.
Directories in this list should be in the rslsync group, and that group must have write access to the directory. It is also recommended that chmod g+s is applied to the directory so that any sub directories created will also belong to the rslsync group. Also, setfacl -d -m group:rslsync:rwx and setfacl -m group:rslsync:rwx should also be applied so that the sub directories are writable by the group.
Type: list of attribute set of anythingss
Default: [ ]
Example: [ { directory = "/home/user/sync_test"; knownHosts = [ "192.168.1.2:4444" "192.168.1.3:4444" ] ; searchLAN = true; secret = "AHMYFPCQAHBM7LQPFXQ7WV6Y42IGUXJ5Y"; useDHT = false; useRelayServer = true; useSyncTrash = true; useTracker = true; } ]
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
- services.resilio.storagePath
Where BitTorrent Sync will store it's database files (containing things like username info and licenses). Generally, you should not need to ever change this.
Type: path
Default: "/var/lib/resilio-sync/"
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
- services.resilio.uploadLimit
Upload speed limit. 0 is unlimited (default).
Type: signed integer
Default: 0
Example: 1024
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
- services.resilio.useUpnp
Use Universal Plug-n-Play (UPnP)
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
- services.resolved.enable
Whether to enable the systemd DNS resolver daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/resolved.nix>
- services.resolved.dnssec
If set to
- "true"
all DNS lookups are DNSSEC-validated locally (excluding LLMNR and Multicast DNS). Note that this mode requires a DNS server that supports DNSSEC. If the DNS server does not properly support DNSSEC all validations will fail.
- "allow-downgrade"
DNSSEC validation is attempted, but if the server does not support DNSSEC properly, DNSSEC mode is automatically disabled. Note that this mode makes DNSSEC validation vulnerable to "downgrade" attacks, where an attacker might be able to trigger a downgrade to non-DNSSEC mode by synthesizing a DNS response that suggests DNSSEC was not supported.
- "false"
DNS lookups are not DNSSEC validated.
Type: one of "true", "allow-downgrade", "false"
Default: "allow-downgrade"
Example: "true"
Declared by:
<nixpkgs/nixos/modules/system/boot/resolved.nix>
- services.resolved.domains
A list of domains. These domains are used as search suffixes when resolving single-label host names (domain names which contain no dot), in order to qualify them into fully-qualified domain names (FQDNs).
For compatibility reasons, if this setting is not specified, the search domains listed in /etc/resolv.conf are used instead, if that file exists and any domains are configured in it.
Type: list of strings
Default: [ ]
Example: [ "example.com" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/resolved.nix>
- services.resolved.extraConfig
Extra config to append to resolved.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/resolved.nix>
- services.resolved.fallbackDns
A list of IPv4 and IPv6 addresses to use as the fallback DNS servers. If this option is empty, a compiled-in list of DNS servers is used instead.
Type: list of strings
Default: [ ]
Example: [ "8.8.8.8" "2001:4860:4860::8844" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/resolved.nix>
- services.resolved.llmnr
Controls Link-Local Multicast Name Resolution support (RFC 4795) on the local host.
If set to
- "true"
Enables full LLMNR responder and resolver support.
- "false"
Disables both.
- "resolve"
Only resolution support is enabled, but responding is disabled.
Type: one of "true", "resolve", "false"
Default: "true"
Example: "false"
Declared by:
<nixpkgs/nixos/modules/system/boot/resolved.nix>
- services.restic.backups
Periodic backups to create with Restic.
Type: attribute set of submodules
Default: { }
Example: { localbackup = { initialize = true; passwordFile = "/etc/nixos/secrets/restic-password"; paths = [ "/home" ] ; repository = "/mnt/backup-hdd"; } ; remotebackup = { extraOptions = [ "sftp.command='ssh backup@host -i /etc/nixos/secrets/backup-private-key -s sftp'" ] ; passwordFile = "/etc/nixos/secrets/restic-password"; paths = [ "/home" ] ; repository = "sftp:backup@host:/backups/home"; timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; } ; } ; }
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
- services.restic.backups.<name>.dynamicFilesFrom
A script that produces a list of files to back up. The results of this command are given to the '--files-from' option.
Type: null or string
Default: null
Example: "find /home/matt/git -type d -name .git"
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
- services.restic.backups.<name>.environmentFile
file containing the credentials to access the repository, in the format of an EnvironmentFile as described by systemd.exec(5)
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
- services.restic.backups.<name>.extraBackupArgs
Extra arguments passed to restic backup.
Type: list of strings
Default: [ ]
Example: [ "--exclude-file=/etc/nixos/restic-ignore" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
- services.restic.backups.<name>.extraOptions
Extra extended options to be passed to the restic --option flag.
Type: list of strings
Default: [ ]
Example: [ "sftp.command='ssh backup@192.168.1.100 -i /home/user/.ssh/id_rsa -s sftp'" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
- services.restic.backups.<name>.initialize
Create the repository if it doesn't exist.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
- services.restic.backups.<name>.passwordFile
Read the repository password from a file.
Type: string
Example: "/etc/nixos/restic-password"
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
- services.restic.backups.<name>.paths
Which paths to backup. If null or an empty array, no backup command will be run. This can be used to create a prune-only job.
Type: null or list of strings
Default: null
Example: [ "/var/lib/postgresql" "/home/user/backup" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
- services.restic.backups.<name>.pruneOpts
A list of options (--keep-* et al.) for 'restic forget --prune', to automatically prune old snapshots. The 'forget' command is run *after* the 'backup' command, so keep that in mind when constructing the --keep-* options.
Type: list of strings
Default: [ ]
Example: [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
- services.restic.backups.<name>.rcloneConfig
Configuration for the rclone remote being used for backup. See the remote's specific options under rclone's docs at https://rclone.org/docs/. When specifying option names, use the "config" name specified in the docs. For example, to set --b2-hard-delete for a B2 remote, use hard_delete = true in the attribute set. Warning: Secrets set in here will be world-readable in the Nix store! Consider using the rcloneConfigFile option instead to specify secret values separately. Note that options set here will override those set in the config file.
Type: null or attribute set of string or booleans
Default: null
Example: { account = "xxx"; hard_delete = true; key = "xxx"; type = "b2"; }
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
- services.restic.backups.<name>.rcloneConfigFile
Path to the file containing rclone configuration. This file must contain configuration for the remote specified in this backup set and also must be readable by root. Options set in rcloneConfig will override those set in this file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
- services.restic.backups.<name>.rcloneOptions
Options to pass to rclone to control its behavior. See https://rclone.org/docs/#options for available options. When specifying option names, strip the leading --. To set a flag such as --drive-use-trash, which does not take a value, set the value to the Boolean true.
Type: null or attribute set of string or booleans
Default: null
Example: { bwlimit = "10M"; drive-use-trash = "true"; }
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
- services.restic.backups.<name>.repository
repository to backup to.
Type: string
Example: "sftp:backup@192.168.1.100:/backups/‹name›"
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
- services.restic.backups.<name>.s3CredentialsFile
file containing the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY for an S3-hosted repository, in the format of an EnvironmentFile as described by systemd.exec(5)
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
- services.restic.backups.<name>.timerConfig
When to run the backup. See man systemd.timer for details.
Type: attribute set of systemd options
Default: { OnCalendar = "daily"; }
Example: { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; }
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
- services.restic.backups.<name>.user
As which user the backup should run.
Type: string
Default: "root"
Example: "postgresql"
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
- services.restic.server.enable
Whether to enable Restic REST Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/restic-rest-server.nix>
- services.restic.server.package
Restic REST server package to use.
Type: package
Default: pkgs.restic-rest-server
Declared by:
<nixpkgs/nixos/modules/services/backup/restic-rest-server.nix>
- services.restic.server.appendOnly
Enable append only mode. This mode allows creation of new backups but prevents deletion and modification of existing backups. This can be useful when backing up systems that have a potential of being hacked.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/restic-rest-server.nix>
- services.restic.server.dataDir
The directory for storing the restic repository.
Type: path
Default: "/var/lib/restic"
Declared by:
<nixpkgs/nixos/modules/services/backup/restic-rest-server.nix>
- services.restic.server.extraFlags
Extra commandline options to pass to Restic REST server.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/restic-rest-server.nix>
- services.restic.server.listenAddress
Listen on a specific IP address and port.
Type: string
Default: ":8000"
Example: "127.0.0.1:8080"
Declared by:
<nixpkgs/nixos/modules/services/backup/restic-rest-server.nix>
- services.restic.server.privateRepos
Enable private repos. Grants access only when a subdirectory with the same name as the user is specified in the repository URL.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/restic-rest-server.nix>
- services.restic.server.prometheus
Enable Prometheus metrics at /metrics.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/restic-rest-server.nix>
- services.restya-board.enable
Whether to enable restya-board.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
- services.restya-board.dataDir
Data of the application.
Type: path
Default: "/var/lib/restya-board"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
- services.restya-board.database.host
Host of the database. Leave 'null' to use a local PostgreSQL database. A local PostgreSQL database is initialized automatically.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
- services.restya-board.database.name
Name of the database. The database must exist.
Type: string
Default: "restya_board"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
- services.restya-board.database.passwordFile
The database user's password. 'null' if no password is set.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
- services.restya-board.database.port
The database's port.
Type: null or signed integer
Default: 5432
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
- services.restya-board.database.user
The database user. The user must exist and have access to the specified database.
Type: string
Default: "restya_board"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
- services.restya-board.email.login
SMTP authentication login used when sending outgoing mail.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
- services.restya-board.email.password
SMTP authentication password used when sending outgoing mail.
ATTENTION: The password is stored world-readable in the nix-store!
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
- services.restya-board.email.port
Port used to connect to SMTP server.
Type: signed integer
Default: 25
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
- services.restya-board.email.server
Hostname to send outgoing mail. Null to use the system MTA.
Type: null or string
Default: null
Example: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
- services.restya-board.group
Group account under which the web-application runs.
Type: string
Default: "nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
- services.restya-board.timezone
Timezone the web-app runs in.
Type: strings concatenated with "\n"
Default: "GMT"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
- services.restya-board.user
User account under which the web-application runs.
Type: string
Default: "restya-board"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
- services.restya-board.virtualHost.listenHost
Listen address for the virtualhost to use.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
- services.restya-board.virtualHost.listenPort
Listen port for the virtualhost to use.
Type: signed integer
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
- services.restya-board.virtualHost.serverName
Name of the nginx virtualhost to use.
Type: string
Default: "restya.board"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
- services.riak.enable
Whether to enable riak.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/riak.nix>
- services.riak.package
Riak package to use.
Type: package
Default: pkgs.riak
Declared by:
<nixpkgs/nixos/modules/services/databases/riak.nix>
- services.riak.dataDir
Data directory for Riak.
Type: path
Default: "/var/db/riak"
Declared by:
<nixpkgs/nixos/modules/services/databases/riak.nix>
- services.riak.distributedCookie
Cookie for distributed node communication. All nodes in the same cluster should use the same cookie or they will not be able to communicate.
Type: string
Default: "riak"
Declared by:
<nixpkgs/nixos/modules/services/databases/riak.nix>
- services.riak.extraAdvancedConfig
Additional text to be appended to advanced.config.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/databases/riak.nix>
- services.riak.extraConfig
Additional text to be appended to riak.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/databases/riak.nix>
- services.riak.logDir
Log directory for Riak.
Type: path
Default: "/var/log/riak"
Declared by:
<nixpkgs/nixos/modules/services/databases/riak.nix>
- services.riak.nodeName
Name of the Erlang node.
Type: string
Default: "riak@127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/riak.nix>
- services.riemann.enable
Enable the Riemann network monitoring daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann.nix>
- services.riemann.config
Contents of the Riemann configuration file. For more complicated config you should use configFile.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann.nix>
- services.riemann.configFile
A Riemann config file. Any files in the same directory as this file will be added to the classpath by Riemann.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann.nix>
- services.riemann.configFiles
Extra files containing Riemann configuration. These files will be loaded at runtime by Riemann (with Clojure's load-file function) at the end of the configuration if you use the config option, this is ignored if you use configFile.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann.nix>
- services.riemann.extraClasspathEntries
Extra entries added to the Java classpath when running Riemann.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann.nix>
- services.riemann.extraJavaOpts
Extra Java options used when launching Riemann.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann.nix>
- services.riemann-dash.enable
Enable the riemann-dash dashboard daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann-dash.nix>
- services.riemann-dash.config
Contents added to the end of the riemann-dash configuration file.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann-dash.nix>
- services.riemann-dash.dataDir
Location of the riemann-base dir. The dashboard configuration file is is stored to this directory. The directory is created automatically on service start, and owner is set to the riemanndash user.
Type: string
Default: "/var/riemann-dash"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann-dash.nix>
- services.riemann-tools.enableHealth
Enable the riemann-health daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann-tools.nix>
- services.riemann-tools.extraArgs
A list of commandline-switches forwarded to a riemann-tool. See for example `riemann-health --help` for available options.
Type: list of strings
Default: [ ]
Example: [ "-p 5555" "--timeout=30" "--attribute=myattribute=42" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann-tools.nix>
- services.riemann-tools.riemannHost
Address of the host riemann node. Defaults to localhost.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann-tools.nix>
- services.rippleDataApi.enable
Whether to enable ripple data api.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
- services.rippleDataApi.couchdb.create
Whether to create couchdb database needed by ripple data api.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
- services.rippleDataApi.couchdb.db
Ripple data api couchdb database.
Type: string
Default: "rippled"
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
- services.rippleDataApi.couchdb.host
Ripple data api couchdb host.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
- services.rippleDataApi.couchdb.pass
Ripple data api couchdb password.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
- services.rippleDataApi.couchdb.port
Ripple data api couchdb port.
Type: signed integer
Default: 5984
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
- services.rippleDataApi.couchdb.user
Ripple data api couchdb username.
Type: string
Default: "rippled"
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
- services.rippleDataApi.importMode
Ripple data api import mode.
Type: one of "live", "liveOnly"
Default: "liveOnly"
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
- services.rippleDataApi.maxLedger
Ripple data api maximal ledger to fetch.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
- services.rippleDataApi.minLedger
Ripple data api minimal ledger to fetch.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
- services.rippleDataApi.port
Ripple data api port
Type: signed integer
Default: 5993
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
- services.rippleDataApi.redis.enable
Whether to enable caching of ripple data to redis.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
- services.rippleDataApi.redis.host
Ripple data api redis host.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
- services.rippleDataApi.redis.port
Ripple data api redis port.
Type: signed integer
Default: 5984
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
- services.rippleDataApi.rippleds
List of rippleds to be used by ripple data api.
Type: list of strings
Default: [ "http://s_east.ripple.com:51234" "http://s_west.ripple.com:51234" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
- services.rippled.enable
Whether to enable rippled.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.package
Which rippled package to use.
Type: package
Default: pkgs.rippled
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.databasePath
Path to the ripple database.
Type: path
Default: "/var/lib/rippled"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.extraConfig
Extra lines to be added verbatim to the rippled.cfg configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.fetchDepth
The number of past ledgers to serve to other peers that request historical ledger data (or "full" for no limit).
Type: signed integer or value "full" (singular enum)
Default: "full"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.importDb
Settings for performing a one-time import.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.importDb.advisoryDelete
If set, then require administrative RPC call "can_delete" to enable online deletion of ledger records.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.importDb.compression
Whether to enable snappy compression.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.importDb.extraOpts
Extra database options.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.importDb.onlineDelete
Enable automatic purging of older ledger information.
Type: null or signed integer
Default: 1296000
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.importDb.path
Location to store the database.
Type: path
Default: "/var/lib/rippled"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.importDb.type
Rippled database type.
Type: one of "rocksdb", "nudb"
Default: "rocksdb"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.ips
List of hostnames or ips where the Ripple protocol is served. For a starter list, you can either copy entries from: https://ripple.com/ripple.txt or if you prefer you can let it default to r.ripple.com 51235
A port may optionally be specified after adding a space to the address. By convention, if known, IPs are listed in from most to least trusted.
Type: list of strings
Default: [ "r.ripple.com 51235" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.ipsFixed
List of IP addresses or hostnames to which rippled should always attempt to maintain peer connections with. This is useful for manually forming private networks, for example to configure a validation server that connects to the Ripple network through a public-facing server, or for building a set of cluster peers.
A port may optionally be specified after adding a space to the address
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.ledgerHistory
The number of past ledgers to acquire on server startup and the minimum to maintain while running.
Type: signed integer or value "full" (singular enum)
Default: 1296000
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.logLevel
Logging verbosity.
Type: one of "debug", "error", "info"
Default: "error"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.nodeDb
Rippled main database options.
Type: null or submodule
Default: { extraOpts = "open_files=2000\nfilter_bits=12\ncache_mb=256\nfile_size_pb=8\nfile_size_mult=2;\n"; type = "rocksdb"; }
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.nodeDb.advisoryDelete
If set, then require administrative RPC call "can_delete" to enable online deletion of ledger records.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.nodeDb.compression
Whether to enable snappy compression.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.nodeDb.extraOpts
Extra database options.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.nodeDb.onlineDelete
Enable automatic purging of older ledger information.
Type: null or signed integer
Default: 1296000
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.nodeDb.path
Location to store the database.
Type: path
Default: "/var/lib/rippled"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.nodeDb.type
Rippled database type.
Type: one of "rocksdb", "nudb"
Default: "rocksdb"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.nodeSize
Rippled size of the node you are running. "tiny", "small", "medium", "large", and "huge"
Type: one of "tiny", "small", "medium", "large", "huge"
Default: "small"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.ports
Ports exposed by rippled
Type: attribute set of submodules
Default: { peer = { ip = "0.0.0.0"; port = 51235; protocol = [ "peer" ] ; } ; rpc = { admin = [ "127.0.0.1" ] ; port = 5005; protocol = [ "http" ] ; } ; ws_public = { ip = "0.0.0.0"; port = 5006; protocol = [ "ws" "wss" ] ; } ; }
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.ports.<name>.admin
A comma-separated list of admin IP addresses.
Type: list of strings
Default: [ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.ports.<name>.ip
Ip where rippled listens.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.ports.<name>.password
When set, these credentials will be required on HTTP/S requests.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.ports.<name>.port
Port where rippled listens.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.ports.<name>.protocol
Protocols expose by rippled.
Type: list of one of "http", "https", "ws", "wss", "peer"s
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.ports.<name>.ssl.cert
Specifies the path to the SSL certificate file in PEM format. This is not needed if the chain includes it.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.ports.<name>.ssl.chain
If you need a certificate chain, specify the path to the certificate chain here. The chain may include the end certificate.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.ports.<name>.ssl.key
Specifies the filename holding the SSL key in PEM format.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.ports.<name>.user
When set, these credentials will be required on HTTP/S requests.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.sntpServers
IP address or domain of NTP servers to use for time synchronization.;
Type: list of strings
Default: [ "time.windows.com" "time.apple.com" "time.nist.gov" "pool.ntp.org" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.statsd.enable
Whether to enable statsd monitoring for rippled.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.statsd.address
The UDP address and port of the listening StatsD server.
Type: string
Default: "127.0.0.1:8125"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.statsd.prefix
A string prepended to each collected metric.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.tempDb
Rippled temporary database options.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.tempDb.advisoryDelete
If set, then require administrative RPC call "can_delete" to enable online deletion of ledger records.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.tempDb.compression
Whether to enable snappy compression.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.tempDb.extraOpts
Extra database options.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.tempDb.onlineDelete
Enable automatic purging of older ledger information.
Type: null or signed integer
Default: 1296000
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.tempDb.path
Location to store the database.
Type: path
Default: "/var/lib/rippled"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.tempDb.type
Rippled database type.
Type: one of "rocksdb", "nudb"
Default: "rocksdb"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.validationQuorum
The minimum number of trusted validations a ledger must have before the server considers it fully validated.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.rippled.validators
List of nodes to always accept as validators. Nodes are specified by domain or public key.
Type: list of strings
Default: [ "n949f75evCHwgyP4fPVgaHqNHxUVN15PsJEZ3B3HnXPcPjcZAoy7 RL1" "n9MD5h24qrQqiyBC8aeqqCWvpiBiYQ3jxSr91uiDvmrkyHRdYLUj RL2" "n9L81uNCaPgtUJfaHh89gmdvXKAmSt5Gdsw2g1iPWaPkAHW5Nm4C RL3" "n9KiYM9CgngLvtRCQHZwgC2gjpdaZcCcbt3VboxiNFcKuwFVujzS RL4" "n9LdgEtkmGB9E2h3K4Vp7iGUaKuq23Zr32ehxiU8FWY7xoxbWTSA RL5" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
- services.robustirc-bridge.enable
Whether to enable RobustIRC bridge.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/robustirc-bridge.nix>
- services.robustirc-bridge.extraFlags
Extra flags passed to the robustirc-bridge command. See RobustIRC Documentation or robustirc-bridge(1) for details.
Type: list of strings
Default: [ ]
Example: [ "-network robustirc.net" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/robustirc-bridge.nix>
- services.roon-bridge.enable
Whether to enable Roon Bridge.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/roon-bridge.nix>
- services.roon-bridge.group
Group to run the Roon Bridge as.
Type: string
Default: "roon-bridge"
Declared by:
<nixpkgs/nixos/modules/services/audio/roon-bridge.nix>
- services.roon-bridge.openFirewall
Open ports in the firewall for the bridge.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/roon-bridge.nix>
- services.roon-bridge.user
User to run the Roon bridge as.
Type: string
Default: "roon-bridge"
Declared by:
<nixpkgs/nixos/modules/services/audio/roon-bridge.nix>
- services.roon-server.enable
Whether to enable Roon Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/roon-server.nix>
- services.roon-server.group
Group to run the Roon Server as.
Type: string
Default: "roon-server"
Declared by:
<nixpkgs/nixos/modules/services/audio/roon-server.nix>
- services.roon-server.openFirewall
Open ports in the firewall for the server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/roon-server.nix>
- services.roon-server.user
User to run the Roon Server as.
Type: string
Default: "roon-server"
Declared by:
<nixpkgs/nixos/modules/services/audio/roon-server.nix>
- services.roundcube.enable
Whether to enable roundcube.
Also enables nginx virtual host management. Further nginx configuration can be done by adapting services.nginx.virtualHosts.<name>. See services.nginx.virtualHosts for further information.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/roundcube.nix>
- services.roundcube.package
The package which contains roundcube's sources. Can be overriden to create an environment which contains roundcube and third-party plugins.
Type: package
Default: pkgs.roundcube
Example:
roundcube.withPlugins (plugins: [ plugins.persistent_login ])
Declared by:
<nixpkgs/nixos/modules/services/mail/roundcube.nix>
- services.roundcube.database.dbname
Name of the postgresql database
Type: string
Default: "roundcube"
Declared by:
<nixpkgs/nixos/modules/services/mail/roundcube.nix>
- services.roundcube.database.host
Host of the postgresql server. If this is not set to localhost, you have to create the postgresql user and database yourself, with appropriate permissions.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/mail/roundcube.nix>
- services.roundcube.database.password
Password for the postgresql connection. Do not use: the password will be stored world readable in the store; use passwordFile instead.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/roundcube.nix>
- services.roundcube.database.passwordFile
Password file for the postgresql connection. Must be readable by user nginx. Ignored if database.host is set to localhost, as peer authentication will be used.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/mail/roundcube.nix>
- services.roundcube.database.username
Username for the postgresql connection. If database.host is set to localhost, a unix user and group of the same name will be created as well.
Type: string
Default: "roundcube"
Declared by:
<nixpkgs/nixos/modules/services/mail/roundcube.nix>
- services.roundcube.dicts
List of aspell dictionnaries for spell checking. If empty, spell checking is disabled.
Type: list of packages
Default: [ ]
Example: with pkgs.aspellDicts; [ en fr de ]
Declared by:
<nixpkgs/nixos/modules/services/mail/roundcube.nix>
- services.roundcube.extraConfig
Extra configuration for roundcube webmail instance
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/roundcube.nix>
- services.roundcube.hostName
Hostname to use for the nginx vhost
Type: string
Example: "webmail.example.com"
Declared by:
<nixpkgs/nixos/modules/services/mail/roundcube.nix>
- services.roundcube.maxAttachmentSize
The maximum attachment size in MB.
Note: Since roundcube only uses 70% of max upload values configured in php 30% is added automatically to services.roundcube.maxAttachmentSize.
Type: signed integer
Default: 18
Declared by:
<nixpkgs/nixos/modules/services/mail/roundcube.nix>
- services.roundcube.plugins
List of roundcube plugins to enable. Currently, only those directly shipped with Roundcube are supported.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/roundcube.nix>
- services.rpcbind.enable
Whether to enable `rpcbind', an ONC RPC directory service notably used by NFS and NIS, and which can be queried using the rpcinfo(1) command. `rpcbind` is a replacement for `portmap`.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/rpcbind.nix>
- services.rsnapshot.enable
Whether to enable rsnapshot backups.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/rsnapshot.nix>
- services.rsnapshot.enableManualRsnapshot
Whether to enable manual usage of the rsnapshot command with this module.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/backup/rsnapshot.nix>
- services.rsnapshot.cronIntervals
Periodicity at which intervals should be run by cron. Note that the intervals also have to exist in configuration as retain options.
Type: attribute set of strings
Default: { }
Example: { daily = "50 21 * * *"; hourly = "0 * * * *"; }
Declared by:
<nixpkgs/nixos/modules/services/backup/rsnapshot.nix>
- services.rsnapshot.extraConfig
rsnapshot configuration option in addition to the defaults from rsnapshot and this module.
Note that tabs are required to separate option arguments, and directory names require trailing slashes.
The "extra" in the option name might be a little misleading right now, as it is required to get a functional configuration.
Type: strings concatenated with "\n"
Default: ""
Example:
'' retains hourly 24 retain daily 365 backup /home/ localhost/ ''
Declared by:
<nixpkgs/nixos/modules/services/backup/rsnapshot.nix>
- services.rspamd.enable
Whether to enable rspamd, the Rapid spam filtering system.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
- services.rspamd.debug
Whether to run the rspamd daemon in debug mode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
- services.rspamd.extraConfig
Extra configuration to add at the end of the rspamd configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
- services.rspamd.group
Group to use when no root privileges are required.
Type: string
Default: "rspamd"
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
- services.rspamd.localLuaRules
Path of file to link to /etc/rspamd/rspamd.local.lua for local rules written in Lua
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
- services.rspamd.locals
Local configuration files, written into /etc/rspamd/local.d/{name}.
Type: attribute set of submodules
Default: { }
Example:
{ "redis.conf".source = "/nix/store/.../etc/dir/redis.conf"; "arc.conf".text = "allow_envfrom_empty = true;"; }Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
- services.rspamd.locals.<name>.enable
Whether this file locals should be generated. This option allows specific locals files to be disabled.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
- services.rspamd.locals.<name>.source
Path of the source file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
- services.rspamd.locals.<name>.text
Text of the file.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
- services.rspamd.overrides
Overridden configuration files, written into /etc/rspamd/override.d/{name}.
Type: attribute set of submodules
Default: { }
Example:
{ "redis.conf".source = "/nix/store/.../etc/dir/redis.conf"; "arc.conf".text = "allow_envfrom_empty = true;"; }Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
- services.rspamd.overrides.<name>.enable
Whether this file overrides should be generated. This option allows specific overrides files to be disabled.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
- services.rspamd.overrides.<name>.source
Path of the source file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
- services.rspamd.overrides.<name>.text
Text of the file.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
- services.rspamd.postfix.enable
Add rspamd milter to postfix main.conf
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
- services.rspamd.postfix.config
Addon to postfix configuration
Type: attribute set of boolean or string or list of stringss
Default: { non_smtpd_milters = [ "unix:/run/rspamd/rspamd-milter.sock" ] ; smtpd_milters = [ "unix:/run/rspamd/rspamd-milter.sock" ] ; }
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
- services.rspamd.user
User to use when no root privileges are required.
Type: string
Default: "rspamd"
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
- services.rspamd.workers
Attribute set of workers to start.
Type: attribute set of submodules
Default: { controller = { } ; normal = { } ; }
Example:
{ normal = { includes = [ "$CONFDIR/worker-normal.inc" ]; bindSockets = [{ socket = "/run/rspamd/rspamd.sock"; mode = "0660"; owner = "rspamd"; group = "rspamd"; }]; }; controller = { includes = [ "$CONFDIR/worker-controller.inc" ]; bindSockets = [ "[::1]:11334" ]; }; }Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
- services.rspamd.workers.<name>.enable
Whether to run the rspamd worker.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
- services.rspamd.workers.<name>.bindSockets
List of sockets to listen, in format acceptable by rspamd
Type: list of string or submodules
Default: [ ]
Example: [ { mode = "0666"; owner = "rspamd"; socket = "/run/rspamd.sock"; } "*:11333" ]
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
- services.rspamd.workers.<name>.count
Number of worker instances to run
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
- services.rspamd.workers.<name>.extraConfig
Additional entries to put verbatim into worker section of rspamd config file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
- services.rspamd.workers.<name>.includes
List of files to include in configuration
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
- services.rspamd.workers.<name>.name
Name of the worker
Type: null or string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
- services.rspamd.workers.<name>.type
The type of this worker. The type proxy is deprecated and only kept for backwards compatibility and should be replaced with rspamd_proxy.
Type: null or one of "normal", "controller", "fuzzy", "rspamd_proxy", "lua", "proxy"
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
- services.rss-bridge.enable
Whether to enable rss-bridge.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/rss-bridge.nix>
- services.rss-bridge.dataDir
Location in which cache directory will be created. You can put config.ini.php in here.
Type: string
Default: "/var/lib/rss-bridge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/rss-bridge.nix>
- services.rss-bridge.group
Group under which the web-application run.
Type: string
Default: "nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/rss-bridge.nix>
- services.rss-bridge.pool
Name of existing phpfpm pool that is used to run web-application. If not specified a pool will be created automatically with default values.
Type: string
Default: "rss-bridge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/rss-bridge.nix>
- services.rss-bridge.user
User account under which both the service and the web-application run.
Type: string
Default: "nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/rss-bridge.nix>
- services.rss-bridge.virtualHost
Name of the nginx virtualhost to use and setup. If null, do not setup any virtualhost.
Type: null or string
Default: "rss-bridge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/rss-bridge.nix>
- services.rss-bridge.whitelist
List of bridges to be whitelisted. If the list is empty, rss-bridge will use whitelist.default.txt. Use [ "*" ] to whitelist all.
Type: list of strings
Default: [ ]
Example:
[ "Facebook" "Instagram" "Twitter" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/rss-bridge.nix>
- services.rss2email.enable
Whether to enable rss2email.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/rss2email.nix>
- services.rss2email.config
The configuration to give rss2email.
Default will use system-wide sendmail to send the email. This is rss2email's default when running r2e new.
This set contains key-value associations that will be set in the [DEFAULT] block along with the to parameter.
See man r2e for more information on which parameters are accepted.
Type: attribute set of string or signed integer or booleans
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/mail/rss2email.nix>
- services.rss2email.feeds
The feeds to watch.
Type: attribute set of submodules
Declared by:
<nixpkgs/nixos/modules/services/mail/rss2email.nix>
- services.rss2email.feeds.<name>.to
Email address to which to send feed items.
If null, this will not be set in the configuration file, and rss2email will make it default to rss2email.to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/rss2email.nix>
- services.rss2email.feeds.<name>.url
The URL at which to fetch the feed.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/mail/rss2email.nix>
- services.rss2email.interval
How often to check the feeds, in systemd interval format
Type: string
Default: "12h"
Declared by:
<nixpkgs/nixos/modules/services/mail/rss2email.nix>
- services.rss2email.to
Mail address to which to send emails
Type: string
Declared by:
<nixpkgs/nixos/modules/services/mail/rss2email.nix>
- services.rsyncd.enable
Whether to enable the rsync daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
- services.rsyncd.port
TCP port the daemon will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 873
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
- services.rsyncd.settings
Configuration for rsyncd. See rsyncd.conf(5).
Type: attribute set of attribute set of INI atom (null, bool, int, float or string)ss
Default: { }
Example: { cvs = { auth users = [ "tridge" "susan" ] ; comment = "CVS repository (requires authentication)"; path = "/data/cvs"; secrets file = "/etc/rsyncd.secrets"; } ; ftp = { comment = "whole ftp area"; path = "/var/ftp/./pub"; } ; global = { gid = "nobody"; max connections = 4; uid = "nobody"; use chroot = true; } ; }
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
- services.rsyncd.socketActivated
If enabled Rsync will be socket-activated rather than run persistently.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
- services.rsyslogd.enable
Whether to enable syslogd. Note that systemd also logs syslog messages, so you normally don't need to run syslogd.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/logging/rsyslogd.nix>
- services.rsyslogd.defaultConfig
The default syslog.conf file configures a fairly standard setup of log files, which can be extended by means of extraConfig.
Type: strings concatenated with "\n"
Default:
'' # "local1" is used for dhcpd messages. local1.* -/var/log/dhcpd mail.* -/var/log/mail *.=warning;*.=err -/var/log/warn *.crit /var/log/warn *.*;mail.none;local1.none -/var/log/messages ''
Declared by:
<nixpkgs/nixos/modules/services/logging/rsyslogd.nix>
- services.rsyslogd.extraConfig
Additional text appended to syslog.conf, i.e. the contents of defaultConfig.
Type: strings concatenated with "\n"
Default: ""
Example: "news.* -/var/log/news"
Declared by:
<nixpkgs/nixos/modules/services/logging/rsyslogd.nix>
- services.rsyslogd.extraParams
Additional parameters passed to rsyslogd.
Type: list of strings
Default: [ ]
Example: [ "-m 0" ]
Declared by:
<nixpkgs/nixos/modules/services/logging/rsyslogd.nix>
- services.rtorrent.enable
Whether to enable rtorrent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/torrent/rtorrent.nix>
- services.rtorrent.package
The rtorrent package to use.
Type: package
Default: pkgs.rtorrent
Declared by:
<nixpkgs/nixos/modules/services/torrent/rtorrent.nix>
- services.rtorrent.configText
The content of rtorrent.rc. The modernized configuration template with the values specified in this module will be prepended using mkBefore. You can use mkForce to overwrite the config completly.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/torrent/rtorrent.nix>
- services.rtorrent.dataDir
The directory where rtorrent stores its data files.
Type: string
Default: "/var/lib/rtorrent"
Declared by:
<nixpkgs/nixos/modules/services/torrent/rtorrent.nix>
- services.rtorrent.downloadDir
Where to put downloaded files.
Type: string
Default: "/var/lib/rtorrent/download"
Declared by:
<nixpkgs/nixos/modules/services/torrent/rtorrent.nix>
- services.rtorrent.group
Group under which rtorrent runs.
Type: string
Default: "rtorrent"
Declared by:
<nixpkgs/nixos/modules/services/torrent/rtorrent.nix>
- services.rtorrent.openFirewall
Whether to open the firewall for the port in services.rtorrent.port.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/torrent/rtorrent.nix>
- services.rtorrent.port
The rtorrent port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 50000
Declared by:
<nixpkgs/nixos/modules/services/torrent/rtorrent.nix>
- services.rtorrent.rpcSocket
RPC socket path.
Type: string (read only)
Default: "/run/rtorrent/rpc.sock"
Declared by:
<nixpkgs/nixos/modules/services/torrent/rtorrent.nix>
- services.rtorrent.user
User account under which rtorrent runs.
Type: string
Default: "rtorrent"
Declared by:
<nixpkgs/nixos/modules/services/torrent/rtorrent.nix>
- services.sabnzbd.enable
Whether to enable the sabnzbd server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/sabnzbd.nix>
- services.sabnzbd.package
The sabnzbd executable package run by the service.
Type: package
Default: "pkgs.sabnzbd"
Declared by:
<nixpkgs/nixos/modules/services/networking/sabnzbd.nix>
- services.sabnzbd.configFile
Path to config file.
Type: path
Default: "/var/lib/sabnzbd/sabnzbd.ini"
Declared by:
<nixpkgs/nixos/modules/services/networking/sabnzbd.nix>
- services.sabnzbd.group
Group to run the service as
Type: string
Default: "sabnzbd"
Declared by:
<nixpkgs/nixos/modules/services/networking/sabnzbd.nix>
- services.sabnzbd.user
User to run the service as
Type: string
Default: "sabnzbd"
Declared by:
<nixpkgs/nixos/modules/services/networking/sabnzbd.nix>
- services.safeeyes.enable
Whether to enable the safeeyes OSGi service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/safeeyes.nix>
- services.salt.master.enable
Whether to enable Salt master service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/admin/salt/master.nix>
- services.salt.master.configuration
Salt master configuration as Nix attribute set.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/admin/salt/master.nix>
- services.salt.minion.enable
Whether to enable Salt minion service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/admin/salt/minion.nix>
- services.salt.minion.configuration
Salt minion configuration as Nix attribute set. See https://docs.saltstack.com/en/latest/ref/configuration/minion.html for details.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/admin/salt/minion.nix>
- services.samba.enable
Whether to enable Samba, which provides file and print services to Windows clients through the SMB/CIFS protocol.
Note
If you use the firewall consider adding the following:services.samba.openFirewall = true;
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
- services.samba.enableNmbd
Whether to enable Samba's nmbd, which replies to NetBIOS over IP name service requests. It also participates in the browsing protocols which make up the Windows "Network Neighborhood" view.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
- services.samba.enableWinbindd
Whether to enable Samba's winbindd, which provides a number of services to the Name Service Switch capability found in most modern C libraries, to arbitrary applications via PAM and ntlm_auth and to Samba itself.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
- services.samba.package
Defines which package should be used for the samba server.
Type: package
Default: pkgs.samba
Example: pkgs.samba4Full
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
- services.samba.configText
Verbatim contents of smb.conf. If null (default), use the autogenerated file from NixOS instead.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
- services.samba.extraConfig
Additional global section and extra section lines go in here.
Type: strings concatenated with "\n"
Default: ""
Example:
'' guest account = nobody map to guest = bad user ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
- services.samba.invalidUsers
List of users who are denied to login via Samba.
Type: list of strings
Default: [ "root" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
- services.samba.nsswins
Whether to enable the WINS NSS (Name Service Switch) plug-in. Enabling it allows applications to resolve WINS/NetBIOS names (a.k.a. Windows machine names) by transparently querying the winbindd daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
- services.samba.openFirewall
Whether to automatically open the necessary ports in the firewall.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
- services.samba.securityType
Samba security type
Type: string
Default: "user"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
- services.samba.shares
A set describing shared resources. See man smb.conf for options.
Type: attribute set of attribute set of unspecifiedss
Default: { }
Example:
{ public = { path = "/srv/public"; "read only" = true; browseable = "yes"; "guest ok" = "yes"; comment = "Public samba share."; }; }Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
- services.samba-wsdd.enable
Whether to enable Enable Web Services Dynamic Discovery host daemon. This enables (Samba) hosts, like your local NAS device, to be found by Web Service Discovery Clients like Windows.
Note
If you use the firewall consider adding the following:networking.firewall.allowedTCPPorts = [ 5357 ]; networking.firewall.allowedUDPPorts = [ 3702 ];.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba-wsdd.nix>
- services.samba-wsdd.discovery
Enable discovery operation mode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba-wsdd.nix>
- services.samba-wsdd.domain
Set domain name (disables workgroup).
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba-wsdd.nix>
- services.samba-wsdd.extraOptions
Additional wsdd options.
Type: list of strings
Default: [ "--shortlog" ]
Example: [ "--verbose" "--no-http" "--ipv4only" "--no-host" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba-wsdd.nix>
- services.samba-wsdd.hoplimit
Hop limit for multicast packets (default = 1).
Type: null or signed integer
Default: null
Example: 2
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba-wsdd.nix>
- services.samba-wsdd.hostname
Override (NetBIOS) hostname to be used (default hostname).
Type: null or string
Default: null
Example: "FILESERVER"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba-wsdd.nix>
- services.samba-wsdd.interface
Interface or address to use.
Type: null or string
Default: null
Example: "eth0"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba-wsdd.nix>
- services.samba-wsdd.listen
Listen on path or localhost port in discovery mode.
Type: string
Default: "/run/wsdd/wsdd.sock"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba-wsdd.nix>
- services.samba-wsdd.workgroup
Set workgroup name (default WORKGROUP).
Type: null or string
Default: null
Example: "HOME"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba-wsdd.nix>
- services.saned.enable
Enable saned network daemon for remote connection to scanners.
saned would be runned from scanner user; to allow access to hardware that doesn't have scanner group you should add needed groups to this user.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
- services.saned.extraConfig
Extra saned configuration lines.
Type: strings concatenated with "\n"
Default: ""
Example: "192.168.0.0/24"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
- services.sanoid.enable
Whether to enable Sanoid ZFS snapshotting service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
- services.sanoid.datasets
Datasets to snapshot.
Type: attribute set of dataset/template optionss
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
- services.sanoid.datasets.<name>.autoprune
Whether to automatically prune old snapshots.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
- services.sanoid.datasets.<name>.autosnap
Whether to automatically take snapshots.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
- services.sanoid.datasets.<name>.daily
Number of daily snapshots.
Type: null or unsigned integer, meaning >=0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
- services.sanoid.datasets.<name>.hourly
Number of hourly snapshots.
Type: null or unsigned integer, meaning >=0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
- services.sanoid.datasets.<name>.monthly
Number of monthly snapshots.
Type: null or unsigned integer, meaning >=0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
- services.sanoid.datasets.<name>.processChildrenOnly
Whether to only snapshot child datasets if recursing.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
- services.sanoid.datasets.<name>.process_children_only
Whether to only snapshot child datasets if recursing.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
- services.sanoid.datasets.<name>.recursive
Whether to recursively snapshot dataset children. You can also set this to "zfs" to handle datasets recursively in an atomic way without the possibility to override settings for child datasets.
Type: boolean or value "zfs" (singular enum)
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
- services.sanoid.datasets.<name>.useTemplate
Names of the templates to use for this dataset.
Type: list of impossible (empty enum)s
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
- services.sanoid.datasets.<name>.use_template
Names of the templates to use for this dataset.
Type: list of impossible (empty enum)s
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
- services.sanoid.datasets.<name>.yearly
Number of yearly snapshots.
Type: null or unsigned integer, meaning >=0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
- services.sanoid.extraArgs
Extra arguments to pass to sanoid. See https://github.com/jimsalterjrs/sanoid/#sanoid-command-line-options for allowed options.
Type: list of strings
Default: [ ]
Example: [ "--verbose" "--readonly" "--debug" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
- services.sanoid.interval
Run sanoid at this interval. The default is to run hourly.
The format is described in systemd.time(7).
Type: string
Default: "hourly"
Example: "daily"
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
- services.sanoid.settings
Free-form settings written directly to the config file. See https://github.com/jimsalterjrs/sanoid/blob/master/sanoid.defaults.conf for allowed values.
Type: attribute set of dataset/template optionss
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
- services.sanoid.templates
Templates for datasets.
Type: attribute set of dataset/template optionss
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
- services.sanoid.templates.<name>.autoprune
Whether to automatically prune old snapshots.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
- services.sanoid.templates.<name>.autosnap
Whether to automatically take snapshots.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
- services.sanoid.templates.<name>.daily
Number of daily snapshots.
Type: null or unsigned integer, meaning >=0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
- services.sanoid.templates.<name>.hourly
Number of hourly snapshots.
Type: null or unsigned integer, meaning >=0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
- services.sanoid.templates.<name>.monthly
Number of monthly snapshots.
Type: null or unsigned integer, meaning >=0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
- services.sanoid.templates.<name>.yearly
Number of yearly snapshots.
Type: null or unsigned integer, meaning >=0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
- services.saslauthd.enable
Whether to enable saslauthd, the Cyrus SASL authentication daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/system/saslauthd.nix>
- services.saslauthd.package
Cyrus SASL package to use.
Type: package
Default: pkgs.cyrus_sasl.bin
Declared by:
<nixpkgs/nixos/modules/services/system/saslauthd.nix>
- services.saslauthd.config
Configuration to use for Cyrus SASL authentication daemon.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/system/saslauthd.nix>
- services.saslauthd.mechanism
Auth mechanism to use
Type: string
Default: "pam"
Declared by:
<nixpkgs/nixos/modules/services/system/saslauthd.nix>
- services.scollector.enable
Whether to run scollector.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
- services.scollector.package
scollector binary to use.
Type: package
Default: pkgs.scollector
Declared by:
<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
- services.scollector.bosunHost
Host and port of the bosun server that will store the collected data.
Type: string
Default: "localhost:8070"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
- services.scollector.collectors
An attribute set mapping the frequency of collection to a list of binaries that should be executed at that frequency. You can use "0" to run a binary forever.
Type: attribute set of list of pathss
Default: { }
Example: { "0" = [ "${postgresStats}/bin/collect-stats" ]; }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
- services.scollector.extraConfig
Extra scollector configuration added to the end of scollector.toml
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
- services.scollector.extraOpts
Extra scollector command line options
Type: list of strings
Default: [ ]
Example: [ "-d" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
- services.scollector.group
Group account under which scollector runs.
Type: string
Default: "scollector"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
- services.scollector.user
User account under which scollector runs.
Type: string
Default: "scollector"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
- services.sdrplayApi.enable
Whether to enable the SDRplay API service and udev rules.
Note
To enable integration with SoapySDR and GUI applications like gqrx create an overlay containing soapysdr-with-plugins = super.soapysdr.override { extraPackages = [ super.soapysdrplay ]; };Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sdrplay.nix>
- services.seafile.enable
Whether to enable Seafile server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/seafile.nix>
- services.seafile.adminEmail
Seafile Seahub Admin Account Email.
Type: string
Example: "john@example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/seafile.nix>
- services.seafile.ccnetSettings
Configuration for ccnet, see https://manual.seafile.com/config/ccnet-conf/ for supported values.
Type: attribute set of attribute set of INI atom (null, bool, int, float or string)ss
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/seafile.nix>
- services.seafile.ccnetSettings.General.SERVICE_URL
Seahub public URL.
Type: string
Example: "https://www.example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/seafile.nix>
- services.seafile.initialAdminPassword
Seafile Seahub Admin Account initial password. Should be change via Seahub web front-end.
Type: string
Example: "someStrongPass"
Declared by:
<nixpkgs/nixos/modules/services/networking/seafile.nix>
- services.seafile.seafilePackage
Which package to use for the seafile server.
Type: package
Default: (build of seafile-server-8.0.8)
Declared by:
<nixpkgs/nixos/modules/services/networking/seafile.nix>
- services.seafile.seafileSettings
Configuration for seafile-server, see https://manual.seafile.com/config/seafile-conf/ for supported values.
Type: attribute set of attribute set of INI atom (null, bool, int, float or string)ss
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/seafile.nix>
- services.seafile.seafileSettings.fileserver.host
The binding address used by seafile fileserver.
Type: string
Default: "127.0.0.1"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/seafile.nix>
- services.seafile.seafileSettings.fileserver.port
The tcp port used by seafile fileserver.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8082
Declared by:
<nixpkgs/nixos/modules/services/networking/seafile.nix>
- services.seafile.seahubExtraConf
Extra config to append to `seahub_settings.py` file. Refer to https://manual.seafile.com/config/seahub_settings_py/ for all available options.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/seafile.nix>
- services.seafile.workers
The number of gunicorn worker processes for handling requests.
Type: signed integer
Default: 4
Example: 10
Declared by:
<nixpkgs/nixos/modules/services/networking/seafile.nix>
- services.searx.enable
Whether to enable Searx, the meta search engine.
Type: boolean
Default: false
Related packages:
- pkgs.searx (searx-1.0.0): A privacy-respecting, hackable metasearch engine.
Declared by:
<nixpkgs/nixos/modules/services/networking/searx.nix>
- services.searx.package
searx package to use.
Type: package
Default: pkgs.searx
Declared by:
<nixpkgs/nixos/modules/services/networking/searx.nix>
- services.searx.environmentFile
Environment file (see systemd.exec(5) "EnvironmentFile=" section for the syntax) to define variables for Searx. This option can be used to safely include secret keys into the Searx configuration.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/searx.nix>
- services.searx.runInUwsgi
Whether to run searx in uWSGI as a "vassal", instead of using its built-in HTTP server. This is the recommended mode for public or large instances, but is unecessary for LAN or local-only use.
Warning
The built-in HTTP server logs all queries by default.Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/searx.nix>
- services.searx.settings
Searx settings. These will be merged with (taking precedence over) the default configuration. It's also possible to refer to environment variables (defined in services.searx.environmentFile) using the syntax @VARIABLE_NAME@.
Note
For available settings, see the Searx docs.Type: attribute set of JSON values
Default: { }
Example:
{ server.port = 8080; server.bind_address = "0.0.0.0"; server.secret_key = "@SEARX_SECRET_KEY@"; engines = lib.singleton { name = "wolframalpha"; shortcut = "wa"; api_key = "@WOLFRAM_API_KEY@"; engine = "wolframalpha_api"; }; }Declared by:
<nixpkgs/nixos/modules/services/networking/searx.nix>
- services.searx.settingsFile
The path of the Searx server settings.yml file. If no file is specified, a default file is used (default config file has debug mode enabled). Note: setting this options overrides services.searx.settings.
Warning
This file, along with any secret key it contains, will be copied into the world-readable Nix store.Type: path
Default: "/run/searx/settings.yml"
Declared by:
<nixpkgs/nixos/modules/services/networking/searx.nix>
- services.searx.uwsgiConfig
Additional configuration of the uWSGI vassal running searx. It should notably specify on which interfaces and ports the vassal should listen.
Type: Json value or lambda
Default: { http = ":8080"; }
Example:
{ disable-logging = true; http = ":8080"; # serve via HTTP... socket = "/run/searx/searx.sock"; # ...or UNIX socket }Declared by:
<nixpkgs/nixos/modules/services/networking/searx.nix>
- services.self-deploy.enable
Whether to enable self-deploy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/system/self-deploy.nix>
- services.self-deploy.branch
Branch to track
Technically speaking any ref can be specified here, as this is passed directly to a `git fetch`, but for the use-case of continuous deployment you're likely to want to specify a branch.
Type: string
Default: "master"
Declared by:
<nixpkgs/nixos/modules/services/system/self-deploy.nix>
- services.self-deploy.nixArgs
Arguments to `nix-build` passed as `--argstr` or `--arg` depending on the type.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/system/self-deploy.nix>
- services.self-deploy.nixAttribute
Attribute of `nixFile` that builds the current system.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/system/self-deploy.nix>
- services.self-deploy.nixFile
Path to nix file in repository. Leading '/' refers to root of git repository.
Type: path
Default: "/default.nix"
Declared by:
<nixpkgs/nixos/modules/services/system/self-deploy.nix>
- services.self-deploy.repository
The repository to fetch from. Must be properly formatted for git.
If this value is set to a path (must begin with `/`) then it's assumed that the repository is local and the resulting service won't wait for the network to be up.
If the repository will be fetched over SSH, you must add an entry to `programs.ssh.knownHosts` for the SSH host for the fetch to be successful.
Type: path or string
Declared by:
<nixpkgs/nixos/modules/services/system/self-deploy.nix>
- services.self-deploy.sshKeyFile
Path to SSH private key used to fetch private repositories over SSH.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/system/self-deploy.nix>
- services.self-deploy.startAt
The schedule on which to run the `self-deploy` service. Format specified by `systemd.time 7`.
This value can also be a list of `systemd.time 7` formatted strings, in which case the service will be started on multiple schedules.
Type: string or list of strings
Default: "hourly"
Declared by:
<nixpkgs/nixos/modules/services/system/self-deploy.nix>
- services.self-deploy.switchCommand
The `switch-to-configuration` subcommand used.
Type: one of "boot", "switch", "dry-activate", "test"
Default: "switch"
Declared by:
<nixpkgs/nixos/modules/services/system/self-deploy.nix>
- services.selfoss.enable
Whether to enable selfoss.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
- services.selfoss.database.host
Host of the database (has no effect if type is "sqlite").
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
- services.selfoss.database.name
Name of the existing database (has no effect if type is "sqlite").
Type: string
Default: "tt_rss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
- services.selfoss.database.password
The database user's password (has no effect if type is "sqlite").
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
- services.selfoss.database.port
The database's port. If not set, the default ports will be provided (5432 and 3306 for pgsql and mysql respectively) (has no effect if type is "sqlite").
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
- services.selfoss.database.type
Database to store feeds. Supported are sqlite, pgsql and mysql.
Type: one of "pgsql", "mysql", "sqlite"
Default: "sqlite"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
- services.selfoss.database.user
The database user. The user must exist and has access to the specified database (has no effect if type is "sqlite").
Type: string
Default: "tt_rss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
- services.selfoss.extraConfig
Extra configuration added to config.ini
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
- services.selfoss.pool
Name of existing phpfpm pool that is used to run web-application. If not specified a pool will be created automatically with default values.
Type: string
Default: "selfoss_pool"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
- services.selfoss.user
User account under which both the service and the web-application run.
Type: string
Default: "nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
- services.serviio.enable
Whether to enable the Serviio Media Server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/serviio.nix>
- services.serviio.dataDir
The directory where serviio stores its state, data, etc.
Type: path
Default: "/var/lib/serviio"
Declared by:
<nixpkgs/nixos/modules/services/misc/serviio.nix>
- services.shadowsocks.enable
Whether to run shadowsocks-libev shadowsocks server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
- services.shadowsocks.encryptionMethod
Encryption method. See https://github.com/shadowsocks/shadowsocks-org/wiki/AEAD-Ciphers.
Type: string
Default: "chacha20-ietf-poly1305"
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
- services.shadowsocks.extraConfig
Additional configuration for shadowsocks that is not covered by the provided options. The provided attrset will be serialized to JSON and has to contain valid shadowsocks options. Unfortunately most additional options are undocumented but it's easy to find out what is available by looking into the source code of https://github.com/shadowsocks/shadowsocks-libev/blob/master/src/jconf.c
Type: attribute set
Default: { }
Example: { nameserver = "8.8.8.8"; }
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
- services.shadowsocks.fastOpen
use TCP fast-open
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
- services.shadowsocks.localAddress
Local addresses to which the server binds.
Type: list of strings or string convertible to it
Default: [ "[::0]" "0.0.0.0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
- services.shadowsocks.mode
Relay protocols.
Type: one of "tcp_only", "tcp_and_udp", "udp_only"
Default: "tcp_and_udp"
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
- services.shadowsocks.password
Password for connecting clients.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
- services.shadowsocks.passwordFile
Password file with a password for connecting clients.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
- services.shadowsocks.plugin
SIP003 plugin for shadowsocks
Type: null or string
Default: null
Example: "${pkgs.shadowsocks-v2ray-plugin}/bin/v2ray-plugin"
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
- services.shadowsocks.pluginOpts
Options to pass to the plugin if one was specified
Type: string
Default: ""
Example: "server;host=example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
- services.shadowsocks.port
Port which the server uses.
Type: signed integer
Default: 8388
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
- services.shairport-sync.enable
Enable the shairport-sync daemon.
Running with a local system-wide or remote pulseaudio server is recommended.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/shairport-sync.nix>
- services.shairport-sync.arguments
Arguments to pass to the daemon. Defaults to a local pulseaudio server.
Type: string
Default: "-v -o pa"
Declared by:
<nixpkgs/nixos/modules/services/networking/shairport-sync.nix>
- services.shairport-sync.group
Group account name under which to run shairport-sync. The account will be created.
Type: string
Default: "shairport"
Declared by:
<nixpkgs/nixos/modules/services/networking/shairport-sync.nix>
- services.shairport-sync.user
User account name under which to run shairport-sync. The account will be created.
Type: string
Default: "shairport"
Declared by:
<nixpkgs/nixos/modules/services/networking/shairport-sync.nix>
- services.shellhub-agent.enable
Whether to enable the ShellHub Agent daemon, which allows secure remote logins.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/shellhub-agent.nix>
- services.shellhub-agent.package
Which ShellHub Agent package to use.
Type: package
Default: pkgs.shellhub-agent
Declared by:
<nixpkgs/nixos/modules/services/networking/shellhub-agent.nix>
- services.shellhub-agent.privateKey
Location where to store the ShellHub Agent private key.
Type: path
Default: "/var/lib/shellhub-agent/private.key"
Declared by:
<nixpkgs/nixos/modules/services/networking/shellhub-agent.nix>
- services.shellhub-agent.server
Server address of ShellHub Gateway to connect.
Type: string
Default: "https://cloud.shellhub.io"
Declared by:
<nixpkgs/nixos/modules/services/networking/shellhub-agent.nix>
- services.shellhub-agent.tenantId
The tenant ID to use when connecting to the ShellHub Gateway.
Type: string
Example: "ba0a880c-2ada-11eb-a35e-17266ef329d6"
Declared by:
<nixpkgs/nixos/modules/services/networking/shellhub-agent.nix>
- services.shellinabox.enable
Whether to enable shellinabox daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/shellinabox.nix>
- services.shellinabox.enableSSL
Whether or not to enable SSL (https) support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/shellinabox.nix>
- services.shellinabox.certDirectory
The daemon will look in this directory far any certificates. If the browser negotiated a Server Name Identification the daemon will look for a matching certificate-SERVERNAME.pem file. If no SNI handshake takes place, it will fall back on using the certificate in the certificate.pem file.
If no suitable certificate is installed, shellinaboxd will attempt to create a new self-signed certificate. This will only succeed if, after dropping privileges, shellinaboxd has write permissions for this directory.
Type: null or path
Default: null
Example: "/var/certs"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/shellinabox.nix>
- services.shellinabox.certFile
Path to server SSL certificate.
Type: null or path
Default: null
Example: "/var/certificate.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/shellinabox.nix>
- services.shellinabox.extraOptions
A list of strings to be appended to the command line arguments for shellinaboxd. Please see the manual page https://code.google.com/p/shellinabox/wiki/shellinaboxd_man for a full list of available arguments.
Type: list of strings
Default: [ ]
Example: [ "--port=443" "--service /:LOGIN" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/shellinabox.nix>
- services.shellinabox.user
User to run shellinaboxd as. If started as root, the server drops privileges by changing to nobody, unless overridden by the --user option.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/shellinabox.nix>
- services.shibboleth-sp.enable
Whether to enable the shibboleth service
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/shibboleth-sp.nix>
- services.shibboleth-sp.configFile
Path to shibboleth config file
Type: path
Example: "${pkgs.shibboleth-sp}/etc/shibboleth/shibboleth2.xml"
Declared by:
<nixpkgs/nixos/modules/services/security/shibboleth-sp.nix>
- services.shibboleth-sp.fastcgi.enable
Whether to include the shibauthorizer and shibresponder FastCGI processes
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/shibboleth-sp.nix>
- services.shibboleth-sp.fastcgi.shibAuthorizerPort
Port for shibauthorizer FastCGI proccess to bind to
Type: signed integer
Default: 9100
Declared by:
<nixpkgs/nixos/modules/services/security/shibboleth-sp.nix>
- services.shibboleth-sp.fastcgi.shibResponderPort
Port for shibauthorizer FastCGI proccess to bind to
Type: signed integer
Default: 9101
Declared by:
<nixpkgs/nixos/modules/services/security/shibboleth-sp.nix>
- services.shiori.enable
Whether to enable Shiori simple bookmarks manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/shiori.nix>
- services.shiori.package
The Shiori package to use.
Type: package
Default: pkgs.shiori
Declared by:
<nixpkgs/nixos/modules/services/web-apps/shiori.nix>
- services.shiori.address
The IP address on which Shiori will listen. If empty, listens on all interfaces.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/shiori.nix>
- services.shiori.port
The port of the Shiori web application
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/web-apps/shiori.nix>
- services.shorewall.enable
Whether to enable Shorewall IPv4 Firewall.
Warning
Enabling this service WILL disable the existing NixOS firewall! Default firewall rules provided by packages are not considered at the moment.Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/shorewall.nix>
- services.shorewall.package
The shorewall package to use.
Type: package
Default: pkgs.shorewall
Declared by:
<nixpkgs/nixos/modules/services/networking/shorewall.nix>
- services.shorewall.configs
This option defines the Shorewall configs. The attribute name defines the name of the config, and the attribute value defines the content of the config.
Type: attribute set of strings concatenated with "\n"s
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/shorewall.nix>
- services.shorewall6.enable
Whether to enable Shorewall IPv6 Firewall.
Warning
Enabling this service WILL disable the existing NixOS firewall! Default firewall rules provided by packages are not considered at the moment.Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/shorewall6.nix>
- services.shorewall6.package
The shorewall package to use.
Type: package
Default: pkgs.shorewall
Declared by:
<nixpkgs/nixos/modules/services/networking/shorewall6.nix>
- services.shorewall6.configs
This option defines the Shorewall configs. The attribute name defines the name of the config, and the attribute value defines the content of the config.
Type: attribute set of strings concatenated with "\n"s
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/shorewall6.nix>
- services.shout.enable
Whether to enable Shout web IRC client.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/shout.nix>
- services.shout.config
Shout config.js contents as attribute set (will be converted to JSON to generate the configuration file).
The options defined here will be merged to the default configuration file.
Documentation: http://shout-irc.com/docs/server/configuration.html
Type: attribute set
Default: { }
Example: { defaults = { host = "localhost"; name = "Your Network"; port = 6697; } ; displayNetwork = false; }
Declared by:
<nixpkgs/nixos/modules/services/networking/shout.nix>
- services.shout.configFile
Contents of Shout's config.js file.
Used for backward compatibility, recommended way is now to use the config option.
Documentation: http://shout-irc.com/docs/server/configuration.html
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/shout.nix>
- services.shout.listenAddress
IP interface to listen on for http connections.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/shout.nix>
- services.shout.port
TCP port to listen on for http connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9000
Declared by:
<nixpkgs/nixos/modules/services/networking/shout.nix>
- services.shout.private
Make your shout instance private. You will need to configure user accounts by adding entries in /var/lib/shout/users.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/shout.nix>
- services.sickbeard.enable
Whether to enable the sickbeard server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/sickbeard.nix>
- services.sickbeard.package
Enable pkgs.sickrage or pkgs.sickgear as an alternative to SickBeard
Type: package
Default: pkgs.sickbeard
Example: pkgs.sickrage
Declared by:
<nixpkgs/nixos/modules/services/misc/sickbeard.nix>
- services.sickbeard.configFile
Path to config file.
Type: path
Default: "/var/lib/sickbeard/config.ini"
Declared by:
<nixpkgs/nixos/modules/services/misc/sickbeard.nix>
- services.sickbeard.dataDir
Path where to store data files.
Type: path
Default: "/var/lib/sickbeard"
Declared by:
<nixpkgs/nixos/modules/services/misc/sickbeard.nix>
- services.sickbeard.group
Group to run the service as
Type: string
Default: "sickbeard"
Declared by:
<nixpkgs/nixos/modules/services/misc/sickbeard.nix>
- services.sickbeard.port
Port to bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8081
Declared by:
<nixpkgs/nixos/modules/services/misc/sickbeard.nix>
- services.sickbeard.user
User to run the service as
Type: string
Default: "sickbeard"
Declared by:
<nixpkgs/nixos/modules/services/misc/sickbeard.nix>
- services.signald.enable
Whether to enable the signald service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/signald.nix>
- services.signald.group
Group under which signald runs.
Type: string
Default: "signald"
Declared by:
<nixpkgs/nixos/modules/services/misc/signald.nix>
- services.signald.socketPath
Path to the signald socket
Type: string
Default: "/run/signald/signald.sock"
Declared by:
<nixpkgs/nixos/modules/services/misc/signald.nix>
- services.signald.user
User under which signald runs.
Type: string
Default: "signald"
Declared by:
<nixpkgs/nixos/modules/services/misc/signald.nix>
- services.siproxd.enable
Whether to enable the Siproxd SIP proxy/masquerading daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
- services.siproxd.extraConfig
Extra configuration to add to siproxd configuration.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
- services.siproxd.hostsAllowReg
Acess control list for incoming SIP registrations.
Type: list of strings
Default: [ ]
Example: [ "192.168.1.0/24" "192.168.2.0/24" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
- services.siproxd.hostsAllowSip
Acess control list for incoming SIP traffic.
Type: list of strings
Default: [ ]
Example: [ "123.45.0.0/16" "123.46.0.0/16" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
- services.siproxd.hostsDenySip
Acess control list for denying incoming SIP registrations and traffic.
Type: list of strings
Default: [ ]
Example: [ "10.0.0.0/8" "11.0.0.0/8" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
- services.siproxd.ifInbound
Local network interface
Type: string
Example: "eth0"
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
- services.siproxd.ifOutbound
Public network interface
Type: string
Example: "ppp0"
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
- services.siproxd.passwordFile
Path to per-user password file.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
- services.siproxd.rtpDscp
DSCP (differentiated services) value to be assigned to RTP packets. Allows QOS aware routers to handle different types traffic with different priorities.
Type: signed integer
Default: 46
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
- services.siproxd.rtpPortHigh
Top of UDP port range for incoming and outgoing RTP traffic
Type: signed integer
Default: 7089
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
- services.siproxd.rtpPortLow
Bottom of UDP port range for incoming and outgoing RTP traffic
Type: signed integer
Default: 7070
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
- services.siproxd.rtpTimeout
Timeout for an RTP stream. If for the specified number of seconds no data is relayed on an active stream, it is considered dead and will be killed.
Type: signed integer
Default: 300
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
- services.siproxd.sipDscp
DSCP (differentiated services) value to be assigned to SIP packets. Allows QOS aware routers to handle different types traffic with different priorities.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
- services.siproxd.sipListenPort
Port to listen for incoming SIP messages.
Type: signed integer
Default: 5060
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
- services.sks.enable
Whether to enable SKS (synchronizing key server for OpenPGP) and start the database server. You need to create "${dataDir}/dump/*.gpg" for the initial import.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/sks.nix>
- services.sks.package
Which SKS derivation to use.
Type: package
Default: pkgs.sks
Declared by:
<nixpkgs/nixos/modules/services/security/sks.nix>
- services.sks.dataDir
Data directory (-basedir) for SKS, where the database and all configuration files are located (e.g. KDB, PTree, membership and sksconf).
Type: path
Default: "/var/db/sks"
Example: "/var/lib/sks"
Declared by:
<nixpkgs/nixos/modules/services/security/sks.nix>
- services.sks.extraDbConfig
Set contents of the files "KDB/DB_CONFIG" and "PTree/DB_CONFIG" within the ${dataDir} directory. This is used to configure options for the database for the sks key server.
Documentation of available options are available in the file named "sampleConfig/DB_CONFIG" in the following repository: https://bitbucket.org/skskeyserver/sks-keyserver/src
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/security/sks.nix>
- services.sks.hkpAddress
Domain names, IPv4 and/or IPv6 addresses to listen on for HKP requests.
Type: list of strings
Default: [ "127.0.0.1" "::1" ]
Declared by:
<nixpkgs/nixos/modules/services/security/sks.nix>
- services.sks.hkpPort
HKP port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 11371
Declared by:
<nixpkgs/nixos/modules/services/security/sks.nix>
- services.sks.webroot
Source directory (will be symlinked, if not null) for the files the built-in webserver should serve. SKS (${pkgs.sks.webSamples}) provides the following examples: "HTML5", "OpenPKG", and "XHTML+ES". The index file can be named index.html, index.htm, index.xhtm, or index.xhtml. Files with the extensions .css, .es, .js, .jpg, .jpeg, .png, or .gif are supported. Subdirectories and filenames with anything other than alphanumeric characters and the '.' character will be ignored.
Type: null or path
Default: "${package.webSamples}/OpenPKG"
Declared by:
<nixpkgs/nixos/modules/services/security/sks.nix>
- services.skydns.enable
Whether to enable skydns service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
- services.skydns.package
Skydns package to use.
Type: package
Default: pkgs.skydns
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
- services.skydns.address
Skydns address to bind to.
Type: string
Default: "0.0.0.0:53"
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
- services.skydns.domain
Skydns default domain if not specified by etcd config.
Type: string
Default: "skydns.local."
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
- services.skydns.etcd.caCert
Skydns path of TLS certificate authority public key.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
- services.skydns.etcd.machines
Skydns list of etcd endpoints to connect to.
Type: list of strings
Default: [ "http://127.0.0.1:2379" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
- services.skydns.etcd.tlsKey
Skydns path of TLS client certificate - private key.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
- services.skydns.etcd.tlsPem
Skydns path of TLS client certificate - public key.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
- services.skydns.extraConfig
Skydns attribute set of extra config options passed as environment variables.
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
- services.skydns.nameservers
Skydns list of nameservers to forward DNS requests to when not authoritative for a domain.
Type: list of strings
Default: [ ]
Example: [ "8.8.8.8:53" "8.8.4.4:53" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
- services.slimserver.enable
Whether to enable slimserver.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/slimserver.nix>
- services.slimserver.package
Slimserver package to use.
Type: package
Default: pkgs.slimserver
Declared by:
<nixpkgs/nixos/modules/services/audio/slimserver.nix>
- services.slimserver.dataDir
The directory where slimserver stores its state, tag cache, playlists etc.
Type: path
Default: "/var/lib/slimserver"
Declared by:
<nixpkgs/nixos/modules/services/audio/slimserver.nix>
- services.slurm.enableSrunX11
If enabled srun will accept the option "--x11" to allow for X11 forwarding from within an interactive session or a batch job. This activates the slurm-spank-x11 module. Note that this option also enables services.openssh.forwardX11 on the client.
This option requires slurm to be compiled without native X11 support. The default behavior is to re-compile the slurm package with native X11 support disabled if this option is set to true.
To use the native X11 support add PrologFlags=X11 in extraConfig. Note that this method will only work RSA SSH host keys.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
- services.slurm.enableStools
Whether to provide a slurm.conf file. Enable this option if you do not run a slurm daemon on this host (i.e. server.enable and client.enable are false) but you still want to run slurm commands from this host.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
- services.slurm.package
The package to use for slurm binaries.
Type: package
Default: pkgs.slurm
Example: pkgs.slurm-full
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
- services.slurm.client.enable
Whether to enable slurm client daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
- services.slurm.clusterName
Necessary to distinguish accounting records in a multi-cluster environment.
Type: string
Default: "default"
Example: "myCluster"
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
- services.slurm.controlAddr
Name that ControlMachine should be referred to in establishing a communications path.
Type: null or string
Default: null
Example: null
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
- services.slurm.controlMachine
The short hostname of the machine where SLURM control functions are executed (i.e. the name returned by the command "hostname -s", use "tux001" rather than "tux001.my.com").
Type: null or string
Default: null
Example: null
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
- services.slurm.dbdserver.enable
Whether to enable SlurmDBD service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
- services.slurm.dbdserver.dbdHost
Hostname of the machine where slurmdbd is running (i.e. name returned by hostname -s).
Type: string
Default: "nixos"
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
- services.slurm.dbdserver.extraConfig
Extra configuration for slurmdbd.conf See also: slurmdbd.conf(8).
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
- services.slurm.dbdserver.storagePassFile
Path to file with database password. The content of this will be used to create the password for the StoragePass option.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
- services.slurm.dbdserver.storageUser
Database user name.
Type: string
Default: "slurm"
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
- services.slurm.extraCgroupConfig
Extra configuration for cgroup.conf. This file is used when procTrackType=proctrack/cgroup.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
- services.slurm.extraConfig
Extra configuration options that will be added verbatim at the end of the slurm configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
- services.slurm.extraConfigPaths
Slurm expects config files for plugins in the same path as slurm.conf. Add extra nix store paths that should be merged into same directory as slurm.conf.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
- services.slurm.extraPlugstackConfig
Extra configuration that will be added to the end of plugstack.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
- services.slurm.nodeName
Name that SLURM uses to refer to a node (or base partition for BlueGene systems). Typically this would be the string that "/bin/hostname -s" returns. Note that now you have to write node's parameters after the name.
Type: list of strings
Default: [ ]
Example: [ "linux[1-32] CPUs=1 State=UNKNOWN" ];
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
- services.slurm.partitionName
Name by which the partition may be referenced. Note that now you have to write the partition's parameters after the name.
Type: list of strings
Default: [ ]
Example: [ "debug Nodes=linux[1-32] Default=YES MaxTime=INFINITE State=UP" ];
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
- services.slurm.procTrackType
Plugin to be used for process tracking on a job step basis. The slurmd daemon uses this mechanism to identify all processes which are children of processes it spawns for a user job step.
Type: string
Default: "proctrack/linuxproc"
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
- services.slurm.server.enable
Whether to enable the slurm control daemon. Note that the standard authentication method is "munge". The "munge" service needs to be provided with a password file in order for slurm to work properly (see services.munge.password).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
- services.slurm.stateSaveLocation
Directory into which the Slurm controller, slurmctld, saves its state.
Type: string
Default: "/var/spool/slurmctld"
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
- services.slurm.user
Set this option when you want to run the slurmctld daemon as something else than the default slurm user "slurm". Note that the UID of this user needs to be the same on all nodes.
Type: string
Default: "slurm"
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
- services.smartd.enable
Whether to enable smartd daemon from smartmontools package.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
- services.smartd.autodetect
Whenever smartd should monitor all devices connected to the machine at the time it's being started (the default).
Set to false to monitor the devices listed in services.smartd.devices only.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
- services.smartd.defaults.autodetected
Like services.smartd.defaults.monitored, but for the autodetected devices.
Type: strings concatenated with " "
Default: "-a"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
- services.smartd.defaults.monitored
Common default options for explicitly monitored (listed in services.smartd.devices) devices.
The default value turns on monitoring of all the things (see man 5 smartd.conf).
The example also turns on SMART Automatic Offline Testing on startup, and schedules short self-tests daily, and long self-tests weekly.
Type: strings concatenated with " "
Default: "-a"
Example: "-a -o on -s (S/../.././02|L/../../7/04)"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
- services.smartd.devices
List of devices to monitor.
Type: list of submodules
Default: [ ]
Example: [ { device = "/dev/sda"; } { device = "/dev/sdb"; options = "-d sat"; } ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
- services.smartd.devices.*.device
Location of the device.
Type: string
Example: "/dev/sda"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
- services.smartd.devices.*.options
Options that determine how smartd monitors the device.
Type: strings concatenated with " "
Default: ""
Example: "-d sat"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
- services.smartd.extraOptions
Extra command-line options passed to the smartd daemon on startup.
(See man 8 smartd.)
Type: list of strings
Default: [ ]
Example: [ "-A /var/log/smartd/" "--interval=3600" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
- services.smartd.notifications.mail.enable
Whenever to send e-mail notifications.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
- services.smartd.notifications.mail.mailer
Sendmail-compatible binary to be used to send the messages.
You should probably enable services.postfix or some other MTA for this to work.
Type: path
Default: "/run/wrappers/bin/sendmail"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
- services.smartd.notifications.mail.recipient
Recipient of the notification messages.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
- services.smartd.notifications.mail.sender
Sender of the notification messages. Acts as the value of email in the emails' From: ... field.
Type: string
Default: "root"
Example: "example@domain.tld"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
- services.smartd.notifications.test
Whenever to send a test notification on startup.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
- services.smartd.notifications.wall.enable
Whenever to send wall notifications to all users.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
- services.smartd.notifications.x11.enable
Whenever to send X11 xmessage notifications.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
- services.smartd.notifications.x11.display
DISPLAY to send X11 notifications to.
Type: string
Default: ":0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
- services.smartdns.enable
Whether to enable SmartDNS DNS server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/smartdns.nix>
- services.smartdns.bindPort
DNS listening port number.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 53
Declared by:
<nixpkgs/nixos/modules/services/networking/smartdns.nix>
- services.smartdns.settings
A set that will be generated into configuration file, see the SmartDNS README for details of configuration parameters. You could override the options here like services.smartdns.bindPort by writing settings.bind = ":5353 -no-rule -group example";.
Type: attribute set of list of string or signed integer or booleans or string or signed integer or boolean convertible to its
Example:
{ bind = ":5353 -no-rule -group example"; cache-size = 4096; server-tls = [ "8.8.8.8:853" "1.1.1.1:853" ]; server-https = "https://cloudflare-dns.com/dns-query -exclude-default-group"; prefetch-domain = true; speed-check-mode = "ping,tcp:80"; };Declared by:
<nixpkgs/nixos/modules/services/networking/smartdns.nix>
- services.smokeping.enable
Enable the smokeping service
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
- services.smokeping.package
Specify a custom smokeping package
Type: package
Default: pkgs.smokeping
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
- services.smokeping.alertConfig
Configuration for alerts.
Type: strings concatenated with "\n"
Default:
'' to = root@localhost from = smokeping@localhost ''
Example:
'' to = alertee@address.somewhere from = smokealert@company.xy +someloss type = loss # in percent pattern = >0%,*12*,>0%,*12*,>0% comment = loss 3 times in a row; ''
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
- services.smokeping.cgiUrl
URL to the smokeping cgi.
Type: string
Default: "http://${hostName}:${toString port}/smokeping.cgi"
Example: "https://somewhere.example.com/smokeping.cgi"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
- services.smokeping.config
Full smokeping config supplied by the user. Overrides and replaces any other configuration supplied.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
- services.smokeping.databaseConfig
Configure the ping frequency and retention of the rrd files. Once set, changing the interval will require deletion or migration of all the collected data.
Type: strings concatenated with "\n"
Default:
'' step = 300 pings = 20 # consfn mrhb steps total AVERAGE 0.5 1 1008 AVERAGE 0.5 12 4320 MIN 0.5 12 4320 MAX 0.5 12 4320 AVERAGE 0.5 144 720 MAX 0.5 144 720 MIN 0.5 144 720 ''Example:
'' # near constant pings. step = 30 pings = 20 # consfn mrhb steps total AVERAGE 0.5 1 10080 AVERAGE 0.5 12 43200 MIN 0.5 12 43200 MAX 0.5 12 43200 AVERAGE 0.5 144 7200 MAX 0.5 144 7200 MIN 0.5 144 7200 ''Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
- services.smokeping.extraConfig
Any additional customization not already included.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
- services.smokeping.host
Host/IP to bind to for the web server.
Setting it to null skips passing the -h option to thttpd, which makes it bind to all interfaces.
Type: null or string
Default: "localhost"
Example: "192.0.2.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
- services.smokeping.hostName
DNS name for the urls generated in the cgi.
Type: string
Default: config.networking.fqdn
Example: "somewhere.example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
- services.smokeping.imgUrl
Base url for images generated in the cgi.
The default is a relative URL to ensure it works also when e.g. forwarding the GUI port via SSH.
Type: string
Default: "cache"
Example: "https://somewhere.example.com/cache"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
- services.smokeping.linkStyle
DNS name for the urls generated in the cgi.
Type: one of "original", "absolute", "relative"
Default: "relative"
Example: "absolute"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
- services.smokeping.mailHost
Use this SMTP server to send alerts
Type: string
Default: ""
Example: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
- services.smokeping.owner
Real name of the owner of the instance
Type: string
Default: "nobody"
Example: "Joe Admin"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
- services.smokeping.ownerEmail
Email contact for owner
Type: string
Default: "no-reply@${hostName}"
Example: "no-reply@yourdomain.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
- services.smokeping.port
TCP port to use for the web server.
Type: signed integer
Default: 8081
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
- services.smokeping.presentationConfig
presentation graph style
Type: strings concatenated with "\n"
Default:
'' + charts menu = Charts title = The most interesting destinations ++ stddev sorter = StdDev(entries=>4) title = Top Standard Deviation menu = Std Deviation format = Standard Deviation %f ++ max sorter = Max(entries=>5) title = Top Max Roundtrip Time menu = by Max format = Max Roundtrip Time %f seconds ++ loss sorter = Loss(entries=>5) title = Top Packet Loss menu = Loss format = Packets Lost %f ++ median sorter = Median(entries=>5) title = Top Median Roundtrip Time menu = by Median format = Median RTT %f seconds + overview width = 600 height = 50 range = 10h + detail width = 600 height = 200 unison_tolerance = 2 "Last 3 Hours" 3h "Last 30 Hours" 30h "Last 10 Days" 10d "Last 360 Days" 360d ''
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
- services.smokeping.presentationTemplate
Default page layout for the web UI.
Type: string
Default: "${pkgs.smokeping}/etc/basepage.html.dist"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
- services.smokeping.probeConfig
Probe configuration
Type: strings concatenated with "\n"
Default:
'' + FPing binary = /run/wrappers/bin/fping ''
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
- services.smokeping.sendmail
Use this sendmail compatible script to deliver alerts
Type: null or path
Default: null
Example: "/run/wrappers/bin/sendmail"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
- services.smokeping.smokeMailTemplate
Specify the smokemail template for alerts.
Type: string
Default: "${package}/etc/smokemail.dist"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
- services.smokeping.targetConfig
Target configuration
Type: strings concatenated with "\n"
Default:
'' probe = FPing menu = Top title = Network Latency Grapher remark = Welcome to the SmokePing website of xxx Company. \ Here you will learn all about the latency of our network. + Local menu = Local title = Local Network ++ LocalMachine menu = Local Machine title = This host host = localhost ''Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
- services.smokeping.user
User that runs smokeping and (optionally) thttpd. A group of the same name will be created as well.
Type: string
Default: "smokeping"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
- services.smokeping.webService
Enable a smokeping web interface
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
- services.snapper.cleanupInterval
Cleanup interval.
The format is described in systemd.time(7).
Type: string
Default: "1d"
Declared by:
<nixpkgs/nixos/modules/services/misc/snapper.nix>
- services.snapper.configs
Subvolume configuration
Type: attribute set of submodules
Default: { }
Example:
{ home = { subvolume = "/home"; extraConfig = '' ALLOW_USERS="alice" TIMELINE_CREATE=yes TIMELINE_CLEANUP=yes ''; }; }Declared by:
<nixpkgs/nixos/modules/services/misc/snapper.nix>
- services.snapper.configs.<name>.extraConfig
Additional configuration next to SUBVOLUME and FSTYPE. See man:snapper-configs(5).
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/snapper.nix>
- services.snapper.configs.<name>.fstype
Filesystem type. Only btrfs is stable and tested.
Type: value "btrfs" (singular enum)
Default: "btrfs"
Declared by:
<nixpkgs/nixos/modules/services/misc/snapper.nix>
- services.snapper.configs.<name>.subvolume
Path of the subvolume or mount point. This path is a subvolume and has to contain a subvolume named .snapshots. See also man:snapper(8) section PERMISSIONS.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/snapper.nix>
- services.snapper.filters
Global display difference filter. See man:snapper(8) for more details.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/snapper.nix>
- services.snapper.snapshotInterval
Snapshot interval.
The format is described in systemd.time(7).
Type: string
Default: "hourly"
Declared by:
<nixpkgs/nixos/modules/services/misc/snapper.nix>
- services.snapper.snapshotRootOnBoot
Whether to snapshot root on boot
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/snapper.nix>
- services.snapserver.enable
Whether to enable snapserver.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
- services.snapserver.buffer
Network buffer in ms.
Type: null or signed integer
Default: null
Example: 1000
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
- services.snapserver.codec
Default audio compression method.
Type: null or string
Default: null
Example: "flac"
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
- services.snapserver.http.enable
Whether to enable the JSON-RPC via HTTP.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
- services.snapserver.http.docRoot
Path to serve from the HTTP servers root.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
- services.snapserver.http.listenAddress
The address where the HTTP JSON-RPC listens on.
Type: string
Default: "::"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
- services.snapserver.http.port
The port where the HTTP JSON-RPC listens on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1780
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
- services.snapserver.listenAddress
The address where snapclients can connect.
Type: string
Default: "::"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
- services.snapserver.openFirewall
Whether to automatically open the specified ports in the firewall.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
- services.snapserver.port
The port that snapclients can connect to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1704
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
- services.snapserver.sampleFormat
Default sample format.
Type: null or string
Default: null
Example: "48000:16:2"
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
- services.snapserver.sendToMuted
Send audio to muted clients.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
- services.snapserver.streamBuffer
Stream read (input) buffer in ms.
Type: null or signed integer
Default: null
Example: 20
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
- services.snapserver.streams
The definition for an input source.
Type: attribute set of submodules
Default: { default = { } ; }
Example:
{ mpd = { type = "pipe"; location = "/run/snapserver/mpd"; sampleFormat = "48000:16:2"; codec = "pcm"; }; };Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
- services.snapserver.streams.<name>.codec
Default audio compression method.
Type: null or string
Default: null
Example: "flac"
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
- services.snapserver.streams.<name>.location
For type pipe or file, the path to the pipe or file. For type librespot, airplay or process, the path to the corresponding binary. For type tcp, the host:port address to connect to or listen on. For type meta, a list of stream names in the form /one/two/.... Don't forget the leading slash. For type alsa, use an empty string.
Type: path or string
Example:
"/path/to/pipe" "/path/to/librespot" "192.168.1.2:4444" "/MyTCP/Spotify/MyPipe"
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
- services.snapserver.streams.<name>.query
Key-value pairs that convey additional parameters about a stream.
Type: attribute set of strings
Default: { }
Example:
# for type == "pipe": { mode = "create"; }; # for type == "process": { params = "--param1 --param2"; logStderr = "true"; }; # for type == "tcp": { mode = "client"; } # for type == "alsa": { device = "hw:0,0"; }Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
- services.snapserver.streams.<name>.sampleFormat
Default sample format.
Type: null or string
Default: null
Example: "48000:16:2"
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
- services.snapserver.streams.<name>.type
The type of input stream.
Type: one of "pipe", "librespot", "airplay", "file", "process", "tcp", "alsa", "spotify", "meta"
Default: "pipe"
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
- services.snapserver.tcp.enable
Whether to enable the JSON-RPC via TCP.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
- services.snapserver.tcp.listenAddress
The address where the TCP JSON-RPC listens on.
Type: string
Default: "::"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
- services.snapserver.tcp.port
The port where the TCP JSON-RPC listens on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1705
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
- services.sniproxy.enable
Whether to enable sniproxy server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/sniproxy.nix>
- services.sniproxy.config
sniproxy.conf configuration excluding the daemon username and pid file.
Type: strings concatenated with "\n"
Default: ""
Example:
'' error_log { filename /var/log/sniproxy/error.log } access_log { filename /var/log/sniproxy/access.log } listen 443 { proto tls } table { example.com 192.0.2.10 example.net 192.0.2.20 } ''Declared by:
<nixpkgs/nixos/modules/services/networking/sniproxy.nix>
- services.sniproxy.group
Group under which sniproxy runs.
Type: string
Default: "sniproxy"
Declared by:
<nixpkgs/nixos/modules/services/networking/sniproxy.nix>
- services.sniproxy.logDir
Location of the log directory for sniproxy.
Type: string
Default: "/var/log/sniproxy/"
Declared by:
<nixpkgs/nixos/modules/services/networking/sniproxy.nix>
- services.sniproxy.user
User account under which sniproxy runs.
Type: string
Default: "sniproxy"
Declared by:
<nixpkgs/nixos/modules/services/networking/sniproxy.nix>
- services.softether.enable
Whether to enable SoftEther VPN services.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/softether.nix>
- services.softether.package
softether derivation to use.
Type: package
Default: pkgs.softether
Declared by:
<nixpkgs/nixos/modules/services/networking/softether.nix>
- services.softether.dataDir
Data directory for SoftEther VPN.
Type: path
Default: "/var/lib/softether"
Declared by:
<nixpkgs/nixos/modules/services/networking/softether.nix>
- services.softether.vpnbridge.enable
Whether to enable SoftEther VPN Bridge.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/softether.nix>
- services.softether.vpnclient.enable
Whether to enable SoftEther VPN Client.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/softether.nix>
- services.softether.vpnclient.down
Shell commands executed when the Virtual Network Adapter(s) is/are shutting down.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/softether.nix>
- services.softether.vpnclient.up
Shell commands executed when the Virtual Network Adapter(s) is/are starting.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/softether.nix>
- services.softether.vpnserver.enable
Whether to enable SoftEther VPN Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/softether.nix>
- services.sogo.enable
Whether to enable SOGo groupware.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/sogo.nix>
- services.sogo.configReplaces
Replacement-filepath mapping for sogo.conf. Every key is replaced with the contents of the file specified as value.
In the example, every occurence of LDAP_BINDPW will be replaced with the text of the specified file.
Type: attribute set of strings
Default: { }
Example: { LDAP_BINDPW = "/var/lib/secrets/sogo/ldappw"; }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/sogo.nix>
- services.sogo.ealarmsCredFile
Optional path to a credentials file for email alarms
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/sogo.nix>
- services.sogo.extraConfig
Extra sogo.conf configuration lines
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/sogo.nix>
- services.sogo.language
Language of SOGo
Type: string
Default: "English"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/sogo.nix>
- services.sogo.timezone
Timezone of your SOGo instance
Type: string
Example: "America/Montreal"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/sogo.nix>
- services.sogo.vhostName
Name of the nginx vhost
Type: string
Default: "sogo"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/sogo.nix>
- services.soju.enable
Whether to enable soju.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/soju.nix>
- services.soju.enableMessageLogging
Whether to enable message logging.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/soju.nix>
- services.soju.acceptProxyIP
Allow the specified IPs to act as a proxy. Proxys have the ability to overwrite the remote and local connection addresses (via the X-Forwarded-\* HTTP header fields). The special name "localhost" accepts the loopback addresses 127.0.0.0/8 and ::1/128. By default, all IPs are rejected.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/soju.nix>
- services.soju.extraConfig
Lines added verbatim to the configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/soju.nix>
- services.soju.hostName
Server hostname.
Type: string
Default: "nixos"
Declared by:
<nixpkgs/nixos/modules/services/networking/soju.nix>
- services.soju.httpOrigins
List of allowed HTTP origins for WebSocket listeners. The parameters are interpreted as shell patterns, see glob(7).
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/soju.nix>
- services.soju.listen
Where soju should listen for incoming connections. See the listen directive in soju(1).
Type: list of strings
Default: [ ":6697" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/soju.nix>
- services.soju.tlsCertificate
Path to server TLS certificate.
Type: null or path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/networking/soju.nix>
- services.soju.tlsCertificateKey
Path to server TLS certificate key.
Type: null or path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/networking/soju.nix>
- services.solanum.enable
Whether to enable Solanum IRC daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/solanum.nix>
- services.solanum.config
Solanum IRC daemon configuration file. check https://github.com/solanum-ircd/solanum/blob/main/doc/reference.conf for all options.
Type: string
Default:
'' serverinfo { name = "irc.example.com"; sid = "1ix"; description = "irc!"; vhost = "0.0.0.0"; vhost6 = "::"; }; listen { host = "0.0.0.0"; port = 6667; }; auth { user = "*@*"; class = "users"; flags = exceed_limit; }; channel { default_split_user_count = 0; }; ''Declared by:
<nixpkgs/nixos/modules/services/networking/solanum.nix>
- services.solanum.motd
Solanum MOTD text.
Solanum will read its MOTD from /etc/solanum/ircd.motd. If set, the value of this option will be written to this path.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/solanum.nix>
- services.solanum.openFilesLimit
Maximum number of open files. Limits the clients and server connections.
Type: signed integer
Default: 1024
Declared by:
<nixpkgs/nixos/modules/services/networking/solanum.nix>
- services.solr.enable
Whether to enable Solr.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
- services.solr.package
Which Solr package to use.
Type: package
Default: pkgs.solr
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
- services.solr.extraJavaOptions
Extra command line options given to the java process running Solr.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
- services.solr.group
Group under which Solr is ran.
Type: string
Default: "solr"
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
- services.solr.port
Port on which Solr is ran.
Type: signed integer
Default: 8983
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
- services.solr.stateDir
The solr home directory containing config, data, and logging files.
Type: path
Default: "/var/lib/solr"
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
- services.solr.user
User under which Solr is ran.
Type: string
Default: "solr"
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
- services.sonarr.enable
Whether to enable Sonarr.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sonarr.nix>
- services.sonarr.dataDir
The directory where Sonarr stores its data files.
Type: string
Default: "/var/lib/sonarr/.config/NzbDrone"
Declared by:
<nixpkgs/nixos/modules/services/misc/sonarr.nix>
- services.sonarr.group
Group under which Sonaar runs.
Type: string
Default: "sonarr"
Declared by:
<nixpkgs/nixos/modules/services/misc/sonarr.nix>
- services.sonarr.openFirewall
Open ports in the firewall for the Sonarr web interface
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/sonarr.nix>
- services.sonarr.user
User account under which Sonaar runs.
Type: string
Default: "sonarr"
Declared by:
<nixpkgs/nixos/modules/services/misc/sonarr.nix>
- services.sourcehut.enable
Enable sourcehut - git hosting, continuous integration, mailing list, ticket tracking, task dispatching, wiki and account management services
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
- services.sourcehut.address
Address to bind to.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
- services.sourcehut.builds.enableWorker
Run workers for builds.sr.ht.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/builds.nix>
- services.sourcehut.builds.database
PostgreSQL database name for builds.sr.ht.
Type: string
Default: "builds.sr.ht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/builds.nix>
- services.sourcehut.builds.images
Images for builds.sr.ht. Each package should be distro.release.arch and point to a /nix/store/package/root.img.qcow2.
Type: attribute set of attribute set of attribute set of packagesss
Default: { }
Example:
(let # Pinning unstable to allow usage with flakes and limit rebuilds. pkgs_unstable = builtins.fetchGit { url = "https://github.com/NixOS/nixpkgs"; rev = "ff96a0fa5635770390b184ae74debea75c3fd534"; ref = "nixos-unstable"; }; image_from_nixpkgs = pkgs_unstable: (import ("${pkgs.sourcehut.buildsrht}/lib/images/nixos/image.nix") { pkgs = (import pkgs_unstable {}); }); in { nixos.unstable.x86_64 = image_from_nixpkgs pkgs_unstable; } )Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/builds.nix>
- services.sourcehut.builds.port
Port on which the "builds" module should listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5002
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/builds.nix>
- services.sourcehut.builds.statePath
State path for builds.sr.ht.
Type: path
Default: "/var/lib/sourcehut/buildsrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/builds.nix>
- services.sourcehut.builds.user
User for builds.sr.ht.
Type: string
Default: "buildsrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/builds.nix>
- services.sourcehut.dispatch.database
PostgreSQL database name for dispatch.sr.ht.
Type: string
Default: "dispatch.sr.ht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/dispatch.nix>
- services.sourcehut.dispatch.port
Port on which the "dispatch" module should listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5005
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/dispatch.nix>
- services.sourcehut.dispatch.statePath
State path for dispatch.sr.ht.
Type: path
Default: "/var/lib/sourcehut/dispatchsrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/dispatch.nix>
- services.sourcehut.dispatch.user
User for dispatch.sr.ht.
Type: string
Default: "dispatchsrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/dispatch.nix>
- services.sourcehut.git.package
Git package for git.sr.ht. This can help silence collisions.
Type: package
Default: pkgs.git
Example: pkgs.gitFull
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/git.nix>
- services.sourcehut.git.database
PostgreSQL database name for git.sr.ht.
Type: string
Default: "git.sr.ht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/git.nix>
- services.sourcehut.git.port
Port on which the "git" module should listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5001
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/git.nix>
- services.sourcehut.git.statePath
State path for git.sr.ht.
Type: path
Default: "/var/lib/sourcehut/gitsrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/git.nix>
- services.sourcehut.hg.cloneBundles
Generate clonebundles (which require more disk space but dramatically speed up cloning large repositories).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/hg.nix>
- services.sourcehut.hg.database
PostgreSQL database name for hg.sr.ht.
Type: string
Default: "hg.sr.ht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/hg.nix>
- services.sourcehut.hg.port
Port on which the "hg" module should listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5010
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/hg.nix>
- services.sourcehut.hg.statePath
State path for hg.sr.ht.
Type: path
Default: "/var/lib/sourcehut/hgsrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/hg.nix>
- services.sourcehut.hub.database
PostgreSQL database name for hub.sr.ht.
Type: string
Default: "hub.sr.ht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/hub.nix>
- services.sourcehut.hub.port
Port on which the "hub" module should listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5014
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/hub.nix>
- services.sourcehut.hub.statePath
State path for hub.sr.ht.
Type: path
Default: "/var/lib/sourcehut/hubsrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/hub.nix>
- services.sourcehut.hub.user
User for hub.sr.ht.
Type: string
Default: "hubsrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/hub.nix>
- services.sourcehut.lists.database
PostgreSQL database name for lists.sr.ht.
Type: string
Default: "lists.sr.ht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/lists.nix>
- services.sourcehut.lists.port
Port on which the "lists" module should listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5006
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/lists.nix>
- services.sourcehut.lists.statePath
State path for lists.sr.ht.
Type: path
Default: "/var/lib/sourcehut/listssrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/lists.nix>
- services.sourcehut.lists.user
User for lists.sr.ht.
Type: string
Default: "listssrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/lists.nix>
- services.sourcehut.man.database
PostgreSQL database name for man.sr.ht.
Type: string
Default: "man.sr.ht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/man.nix>
- services.sourcehut.man.port
Port on which the "man" module should listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5004
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/man.nix>
- services.sourcehut.man.statePath
State path for man.sr.ht.
Type: path
Default: "/var/lib/sourcehut/mansrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/man.nix>
- services.sourcehut.man.user
User for man.sr.ht.
Type: string
Default: "mansrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/man.nix>
- services.sourcehut.meta.database
PostgreSQL database name for meta.sr.ht.
Type: string
Default: "meta.sr.ht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/meta.nix>
- services.sourcehut.meta.port
Port on which the "meta" module should listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5000
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/meta.nix>
- services.sourcehut.meta.statePath
State path for meta.sr.ht.
Type: path
Default: "/var/lib/sourcehut/metasrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/meta.nix>
- services.sourcehut.meta.user
User for meta.sr.ht.
Type: string
Default: "metasrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/meta.nix>
- services.sourcehut.originBase
Host name used by reverse-proxy and for default settings. Will host services at git."${originBase}". For example: git.sr.ht
Type: string
Default: "nixos"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
- services.sourcehut.paste.database
PostgreSQL database name for paste.sr.ht.
Type: string
Default: "paste.sr.ht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/paste.nix>
- services.sourcehut.paste.port
Port on which the "paste" module should listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5011
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/paste.nix>
- services.sourcehut.paste.statePath
State path for pastesrht.sr.ht.
Type: path
Default: "/var/lib/sourcehut/pastesrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/paste.nix>
- services.sourcehut.paste.user
User for paste.sr.ht.
Type: string
Default: "pastesrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/paste.nix>
- services.sourcehut.services
Services to enable on the sourcehut network.
Type: non-empty list of one of "builds", "dispatch", "git", "hub", "hg", "lists", "man", "meta", "paste", "todo"s
Default: [ "man" "meta" "paste" ]
Example: [ "builds" "dispatch" "git" "hub" "hg" "lists" "man" "meta" "paste" "todo" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
- services.sourcehut.settings
The configuration for the sourcehut network.
Type: attribute set of attribute set of INI atom (null, bool, int, float or string)ss
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
- services.sourcehut.statePath
Root state path for the sourcehut network. If left as the default value this directory will automatically be created before the sourcehut server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: path
Default: "/var/lib/sourcehut"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
- services.sourcehut.todo.database
PostgreSQL database name for todo.sr.ht.
Type: string
Default: "todo.sr.ht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/todo.nix>
- services.sourcehut.todo.port
Port on which the "todo" module should listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5003
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/todo.nix>
- services.sourcehut.todo.statePath
State path for todo.sr.ht.
Type: path
Default: "/var/lib/sourcehut/todosrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/todo.nix>
- services.sourcehut.todo.user
User for todo.sr.ht.
Type: string
Default: "todosrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut/todo.nix>
- services.spacecookie.enable
Whether to enable spacecookie.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/spacecookie.nix>
- services.spacecookie.package
The spacecookie derivation to use. This can be used to override the used package or to use another version.
Type: package
Default: pkgs.spacecookie
Example: pkgs.haskellPackages.spacecookie
Declared by:
<nixpkgs/nixos/modules/services/networking/spacecookie.nix>
- services.spacecookie.address
Address to listen on. Must be in the ListenStream= syntax of systemd.socket(5).
Type: string
Default: "[::]"
Declared by:
<nixpkgs/nixos/modules/services/networking/spacecookie.nix>
- services.spacecookie.openFirewall
Whether to open the necessary port in the firewall for spacecookie.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/spacecookie.nix>
- services.spacecookie.port
Port the gopher service should be exposed on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 70
Declared by:
<nixpkgs/nixos/modules/services/networking/spacecookie.nix>
- services.spacecookie.settings
Settings for spacecookie. The settings set here are directly translated to the spacecookie JSON config file. See spacecookie.json(5) for explanations of all options.
Type: JSON value
Declared by:
<nixpkgs/nixos/modules/services/networking/spacecookie.nix>
- services.spacecookie.settings.hostname
The hostname the service is reachable via. Clients will use this hostname for further requests after loading the initial gopher menu.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/spacecookie.nix>
- services.spacecookie.settings.log.enable
Whether to enable logging for spacecookie.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/networking/spacecookie.nix>
- services.spacecookie.settings.log.hide-ips
If enabled, spacecookie will hide personal information of users like IP addresses from log output.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/spacecookie.nix>
- services.spacecookie.settings.log.hide-time
If enabled, spacecookie will not print timestamps at the beginning of every log line.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/spacecookie.nix>
- services.spacecookie.settings.log.level
Log level for the spacecookie service.
Type: one of "info", "warn", "error"
Default: "info"
Declared by:
<nixpkgs/nixos/modules/services/networking/spacecookie.nix>
- services.spacecookie.settings.root
The directory spacecookie should serve via gopher. Files in there need to be world-readable since the spacecookie service file sets DynamicUser=true.
Type: path
Default: "/srv/gopher"
Declared by:
<nixpkgs/nixos/modules/services/networking/spacecookie.nix>
- services.spamassassin.enable
Whether to enable the SpamAssassin daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/spamassassin.nix>
- services.spamassassin.config
The SpamAssassin local.cf config
If you are using this configuration: add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_
Then you can Use this sieve filter: require ["fileinto", "reject", "envelope"];
if header :contains "X-Spam-Flag" "YES" { fileinto "spam"; }
Or this procmail filter: :0: * ^X-Spam-Flag: YES /var/vpopmail/domains/lastlog.de/js/.maildir/.spam/new
To filter your messages based on the additional mail headers added by spamassassin.
Type: strings concatenated with "\n"
Default: ""
Example:
'' #rewrite_header Subject [***** SPAM _SCORE_ *****] required_score 5.0 use_bayes 1 bayes_auto_learn 1 add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_ ''
Declared by:
<nixpkgs/nixos/modules/services/mail/spamassassin.nix>
- services.spamassassin.debug
Whether to run the SpamAssassin daemon in debug mode
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/spamassassin.nix>
- services.spamassassin.initPreConf
The SpamAssassin init.pre config.
Type: string or path
Default:
'' # # to update this list, run this command in the rules directory: # grep 'loadplugin.*Mail::SpamAssassin::Plugin::.*' -o -h * | sort | uniq # #loadplugin Mail::SpamAssassin::Plugin::AccessDB #loadplugin Mail::SpamAssassin::Plugin::AntiVirus loadplugin Mail::SpamAssassin::Plugin::AskDNS # loadplugin Mail::SpamAssassin::Plugin::ASN loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold #loadplugin Mail::SpamAssassin::Plugin::AWL loadplugin Mail::SpamAssassin::Plugin::Bayes loadplugin Mail::SpamAssassin::Plugin::BodyEval loadplugin Mail::SpamAssassin::Plugin::Check #loadplugin Mail::SpamAssassin::Plugin::DCC loadplugin Mail::SpamAssassin::Plugin::DKIM loadplugin Mail::SpamAssassin::Plugin::DNSEval loadplugin Mail::SpamAssassin::Plugin::FreeMail loadplugin Mail::SpamAssassin::Plugin::Hashcash loadplugin Mail::SpamAssassin::Plugin::HeaderEval loadplugin Mail::SpamAssassin::Plugin::HTMLEval loadplugin Mail::SpamAssassin::Plugin::HTTPSMismatch loadplugin Mail::SpamAssassin::Plugin::ImageInfo loadplugin Mail::SpamAssassin::Plugin::MIMEEval loadplugin Mail::SpamAssassin::Plugin::MIMEHeader # loadplugin Mail::SpamAssassin::Plugin::PDFInfo #loadplugin Mail::SpamAssassin::Plugin::PhishTag loadplugin Mail::SpamAssassin::Plugin::Pyzor loadplugin Mail::SpamAssassin::Plugin::Razor2 # loadplugin Mail::SpamAssassin::Plugin::RelayCountry loadplugin Mail::SpamAssassin::Plugin::RelayEval loadplugin Mail::SpamAssassin::Plugin::ReplaceTags # loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody # loadplugin Mail::SpamAssassin::Plugin::Shortcircuit loadplugin Mail::SpamAssassin::Plugin::SpamCop loadplugin Mail::SpamAssassin::Plugin::SPF #loadplugin Mail::SpamAssassin::Plugin::TextCat # loadplugin Mail::SpamAssassin::Plugin::TxRep loadplugin Mail::SpamAssassin::Plugin::URIDetail loadplugin Mail::SpamAssassin::Plugin::URIDNSBL loadplugin Mail::SpamAssassin::Plugin::URIEval # loadplugin Mail::SpamAssassin::Plugin::URILocalBL loadplugin Mail::SpamAssassin::Plugin::VBounce loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject loadplugin Mail::SpamAssassin::Plugin::WLBLEval ''
Declared by:
<nixpkgs/nixos/modules/services/mail/spamassassin.nix>
- services.spark.package
Spark package.
Type: package
Default: pkgs.spark
Example:
pkgs.spark.overrideAttrs (super: rec { pname = "spark"; version = "2.4.4"; src = pkgs.fetchzip { url = "mirror://apache/spark/"${pname}-${version}/${pname}-${version}-bin-without-hadoop.tgz"; sha256 = "1a9w5k0207fysgpxx6db3a00fs5hdc2ncx99x4ccy2s0v5ndc66g"; }; })Declared by:
<nixpkgs/nixos/modules/services/cluster/spark/default.nix>
- services.spark.confDir
Spark configuration directory. Spark will use the configuration files (spark-defaults.conf, spark-env.sh, log4j.properties, etc) from this directory.
Type: path
Default: "${package}/lib/${package.untarDir}/conf"
Declared by:
<nixpkgs/nixos/modules/services/cluster/spark/default.nix>
- services.spark.logDir
Spark log directory.
Type: path
Default: "/var/log/spark"
Declared by:
<nixpkgs/nixos/modules/services/cluster/spark/default.nix>
- services.spark.master.enable
Whether to enable Spark master service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/spark/default.nix>
- services.spark.master.bind
Address the spark master binds to.
Type: string
Default: "127.0.0.1"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/cluster/spark/default.nix>
- services.spark.master.extraEnvironment
Extra environment variables to pass to spark master. See spark-standalone documentation.
Type: attribute set of strings
Default: { }
Example: { SPARK_MASTER_OPTS = "-Dspark.deploy.defaultCores=5"; SPARK_MASTER_WEBUI_PORT = 8181; }
Declared by:
<nixpkgs/nixos/modules/services/cluster/spark/default.nix>
- services.spark.master.restartIfChanged
Automatically restart master service on config change. This can be set to false to defer restarts on clusters running critical applications. Please consider the security implications of inadvertently running an older version, and the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/spark/default.nix>
- services.spark.worker.enable
Whether to enable Spark worker service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/spark/default.nix>
- services.spark.worker.extraEnvironment
Extra environment variables to pass to spark worker.
Type: attribute set of strings
Default: { }
Example: { SPARK_WORKER_CORES = 5; SPARK_WORKER_MEMORY = "2g"; }
Declared by:
<nixpkgs/nixos/modules/services/cluster/spark/default.nix>
- services.spark.worker.master
Address of the spark master.
Type: string
Default: "127.0.0.1:7077"
Declared by:
<nixpkgs/nixos/modules/services/cluster/spark/default.nix>
- services.spark.worker.restartIfChanged
Automatically restart worker service on config change. This can be set to false to defer restarts on clusters running critical applications. Please consider the security implications of inadvertently running an older version, and the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/spark/default.nix>
- services.spark.worker.workDir
Spark worker work dir.
Type: path
Default: "/var/lib/spark"
Declared by:
<nixpkgs/nixos/modules/services/cluster/spark/default.nix>
- services.spice-vdagentd.enable
Whether to enable Spice guest vdagent daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/spice-vdagentd.nix>
- services.spiped.enable
Enable the spiped service module.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
- services.spiped.config
Configuration for a secure pipe daemon. The daemon can be started, stopped, or examined using systemctl, under the name spiped@foo.
Type: attribute set of submodules
Default: { }
Example:
{ pipe1 = { keyfile = "/var/lib/spiped/pipe1.key"; encrypt = true; source = "localhost:6000"; target = "endpoint.example.com:7000"; }; pipe2 = { keyfile = "/var/lib/spiped/pipe2.key"; decrypt = true; source = "0.0.0.0:7000"; target = "localhost:3000"; }; }Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
- services.spiped.config.<name>.decrypt
Take encrypted connections from the source socket and send unencrypted connections to the target socket.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
- services.spiped.config.<name>.disableKeepalives
Disable transport layer keep-alives.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
- services.spiped.config.<name>.disableReresolution
Disable target address re-resolution.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
- services.spiped.config.<name>.encrypt
Take unencrypted connections from the source socket and send encrypted connections to the target socket.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
- services.spiped.config.<name>.keyfile
Name of a file containing the spiped key. As the daemon runs as the spiped user, the key file must be somewhere owned by that user. By default, we recommend putting the keys for any spipe services in /var/lib/spiped.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
- services.spiped.config.<name>.maxConns
Limit on the number of simultaneous connections allowed.
Type: signed integer
Default: 100
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
- services.spiped.config.<name>.resolveRefresh
Resolution refresh time for the target socket, in seconds.
Type: signed integer
Default: 60
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
- services.spiped.config.<name>.source
Address on which spiped should listen for incoming connections. Must be in one of the following formats: /absolute/path/to/unix/socket, host.name:port, [ip.v4.ad.dr]:port or [ipv6::addr]:port - note that hostnames are resolved when spiped is launched and are not re-resolved later; thus if DNS entries change spiped will continue to connect to the expired address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
- services.spiped.config.<name>.target
Address to which spiped should connect.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
- services.spiped.config.<name>.timeout
Timeout, in seconds, after which an attempt to connect to the target or a protocol handshake will be aborted (and the connection dropped) if not completed
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
- services.spiped.config.<name>.waitForDNS
Wait for DNS. Normally when spiped is launched it resolves addresses and binds to its source socket before the parent process returns; with this option it will daemonize first and retry failed DNS lookups until they succeed. This allows spiped to launch even if DNS isn't set up yet, but at the expense of losing the guarantee that once spiped has finished launching it will be ready to create pipes.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
- services.spiped.config.<name>.weakHandshake
Use fast/weak handshaking: This reduces the CPU time spent in the initial connection setup, at the expense of losing perfect forward secrecy.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
- services.spotifyd.enable
Whether to enable spotifyd, a Spotify playing daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/spotifyd.nix>
- services.spotifyd.config
(Deprecated) Configuration for Spotifyd. For syntax and directives, see https://github.com/Spotifyd/spotifyd#Configuration.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/audio/spotifyd.nix>
- services.spotifyd.settings
Configuration for Spotifyd. For syntax and directives, see https://github.com/Spotifyd/spotifyd#Configuration.
Type: TOML value
Default: { }
Example: { global = { bitrate = 320; } ; }
Declared by:
<nixpkgs/nixos/modules/services/audio/spotifyd.nix>
- services.squeezelite.enable
Whether to enable Squeezelite, a software Squeezebox emulator.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/squeezelite.nix>
- services.squeezelite.extraArguments
Additional command line arguments to pass to Squeezelite.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/audio/squeezelite.nix>
- services.squid.enable
Whether to run squid web proxy.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/squid.nix>
- services.squid.configText
Verbatim contents of squid.conf. If null (default), use the autogenerated file from NixOS instead.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/squid.nix>
- services.squid.extraConfig
Squid configuration. Contents will be added verbatim to the configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/squid.nix>
- services.squid.proxyPort
TCP port on which squid will listen.
Type: signed integer
Default: 3128
Declared by:
<nixpkgs/nixos/modules/services/networking/squid.nix>
- services.sshd.enable
Alias of services.openssh.enable.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- services.sshguard.enable
Whether to enable the sshguard service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/sshguard.nix>
- services.sshguard.attack_threshold
Block attackers when their cumulative attack score exceeds threshold. Most attacks have a score of 10.
Type: signed integer
Default: 30
Declared by:
<nixpkgs/nixos/modules/services/security/sshguard.nix>
- services.sshguard.blacklist_file
Blacklist an attacker when its score exceeds threshold. Blacklisted addresses are loaded from and added to blacklist-file.
Type: path
Default: "/var/lib/sshguard/blacklist.db"
Declared by:
<nixpkgs/nixos/modules/services/security/sshguard.nix>
- services.sshguard.blacklist_threshold
Blacklist an attacker when its score exceeds threshold. Blacklisted addresses are loaded from and added to blacklist-file.
Type: null or signed integer
Default: null
Example: 120
Declared by:
<nixpkgs/nixos/modules/services/security/sshguard.nix>
- services.sshguard.blocktime
Block attackers for initially blocktime seconds after exceeding threshold. Subsequent blocks increase by a factor of 1.5.
sshguard unblocks attacks at random intervals, so actual block times will be longer.
Type: signed integer
Default: 120
Declared by:
<nixpkgs/nixos/modules/services/security/sshguard.nix>
- services.sshguard.detection_time
Remember potential attackers for up to detection_time seconds before resetting their score.
Type: signed integer
Default: 1800
Declared by:
<nixpkgs/nixos/modules/services/security/sshguard.nix>
- services.sshguard.services
Systemd services sshguard should receive logs of.
Type: list of strings
Default: [ "sshd" ]
Example: [ "sshd" "exim" ]
Declared by:
<nixpkgs/nixos/modules/services/security/sshguard.nix>
- services.sshguard.whitelist
Whitelist a list of addresses, hostnames, or address blocks.
Type: list of strings
Default: [ ]
Example: [ "198.51.100.56" "198.51.100.2" ]
Declared by:
<nixpkgs/nixos/modules/services/security/sshguard.nix>
- services.sslh.enable
Whether to enable sslh.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/sslh.nix>
- services.sslh.appendConfig
Verbatim configuration file.
Type: string
Default:
'' protocols: ( { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; }, { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; }, { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; }, { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; }, { name: "tls"; host: "localhost"; port: "443"; probe: "builtin"; }, { name: "anyprot"; host: "localhost"; port: "443"; probe: "builtin"; } ); ''Declared by:
<nixpkgs/nixos/modules/services/networking/sslh.nix>
- services.sslh.listenAddresses
Listening addresses or hostnames.
Type: list of strings or string convertible to it
Default: [ "0.0.0.0" "[::]" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/sslh.nix>
- services.sslh.port
Listening port.
Type: signed integer
Default: 443
Declared by:
<nixpkgs/nixos/modules/services/networking/sslh.nix>
- services.sslh.timeout
Timeout in seconds.
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/networking/sslh.nix>
- services.sslh.transparent
Will the services behind sslh (Apache, sshd and so on) see the external IP and ports as if the external world connected directly to them
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/sslh.nix>
- services.sslh.verbose
Verbose logs.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/sslh.nix>
- services.ssm-agent.enable
Whether to enable AWS SSM agent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/ssm-agent.nix>
- services.ssm-agent.package
The SSM agent package to use
Type: path
Default: pkgs.ssm-agent.override { overrideEtc = false; }
Declared by:
<nixpkgs/nixos/modules/services/misc/ssm-agent.nix>
- services.ssmtp.enable
Use the trivial Mail Transfer Agent (MTA) ssmtp package to allow programs to send e-mail. If you don't want to run a “real” MTA like sendmail or postfix on your machine, set this option to true, and set the option services.ssmtp.hostName to the host name of your preferred mail server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
- services.ssmtp.authPassFile
Path to a file that contains the password used for SMTP auth. The file should not contain a trailing newline, if the password does not contain one (e.g. use echo -n "password" > file). This file should be readable by the users that need to execute ssmtp.
Type: null or string
Default: null
Example: "/run/keys/ssmtp-authpass"
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
- services.ssmtp.authUser
Username used for SMTP auth. Leave blank to disable.
Type: string
Default: ""
Example: "foo@example.org"
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
- services.ssmtp.domain
The domain from which mail will appear to be sent.
Type: string
Default: ""
Example: "example.org"
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
- services.ssmtp.hostName
The host name of the default mail server to use to deliver e-mail. Can also contain a port number (ex: mail.example.org:587), defaults to port 25 if no port is given.
Type: string
Example: "mail.example.org"
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
- services.ssmtp.root
The e-mail to which mail for users with UID < 1000 is forwarded.
Type: string
Default: ""
Example: "root@example.org"
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
- services.ssmtp.setSendmail
Whether to set the system sendmail to ssmtp's.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
- services.ssmtp.settings
ssmtp(5) configuration. Refer to https://linux.die.net/man/5/ssmtp.conf for details on supported values.
Type: attribute set of boolean or strings
Default: { }
Example:
{ Debug = true; FromLineOverride = false; }Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
- services.ssmtp.useSTARTTLS
Whether the STARTTLS should be used to connect to the default mail server. (This is needed for TLS-capable mail servers running on the default SMTP port 25.)
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
- services.ssmtp.useTLS
Whether TLS should be used to connect to the default mail server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/ssmtp.nix>
- services.sssd.enable
Whether to enable the System Security Services Daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sssd.nix>
- services.sssd.config
Contents of sssd.conf.
Type: strings concatenated with "\n"
Default:
'' [sssd] config_file_version = 2 services = nss, pam domains = shadowutils [nss] [pam] [domain/shadowutils] id_provider = proxy proxy_lib_name = files auth_provider = proxy proxy_pam_target = sssd-shadowutils proxy_fast_alias = True ''
Declared by:
<nixpkgs/nixos/modules/services/misc/sssd.nix>
- services.sssd.sshAuthorizedKeysIntegration
Whether to make sshd look up authorized keys from SSS. For this to work, the ssh SSS service must be enabled in the sssd configuration.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/sssd.nix>
- services.step-ca.enable
Whether to enable the smallstep certificate authority server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/step-ca.nix>
- services.step-ca.package
Which step-ca package to use.
Type: package
Default: pkgs.step-ca
Declared by:
<nixpkgs/nixos/modules/services/security/step-ca.nix>
- services.step-ca.address
The address (without port) the certificate authority should listen at. This combined with services.step-ca.port overrides services.step-ca.settings.address.
Type: string
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/security/step-ca.nix>
- services.step-ca.intermediatePasswordFile
Path to the file containing the password for the intermediate certificate private key.
Warning
Make sure to use a quoted absolute path instead of a path literal to prevent it from being copied to the globally readable Nix store.Type: path
Example: "/run/keys/smallstep-password"
Declared by:
<nixpkgs/nixos/modules/services/security/step-ca.nix>
- services.step-ca.openFirewall
Whether to enable opening the certificate authority server port.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/step-ca.nix>
- services.step-ca.port
The port the certificate authority should listen on. This combined with services.step-ca.address overrides services.step-ca.settings.address.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Example: 8443
Declared by:
<nixpkgs/nixos/modules/services/security/step-ca.nix>
- services.step-ca.settings
Settings that go into ca.json. See the step-ca manual for more information. The easiest way to configure this module would be to run step ca init to generate ca.json and then import it using builtins.fromJSON. This article may also be useful if you want to customize certain aspects of certificate generation for your CA. You need to change the database storage path to /var/lib/step-ca/db.
Warning
The services.step-ca.settings.address option will be ignored and overwritten by services.step-ca.address and services.step-ca.port.Type: attribute set of anythings
Declared by:
<nixpkgs/nixos/modules/services/security/step-ca.nix>
- services.strongswan.enable
Whether to enable strongSwan.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan.nix>
- services.strongswan.enabledPlugins
A list of additional plugins to enable if managePlugins is true.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan.nix>
- services.strongswan.ca
A set of CAs (certification authorities) and their options for the ‘ca xxx’ sections of the ipsec.conf file.
Type: attribute set of attribute set of stringss
Default: { }
Example: { strongswan = { auto = "add"; cacert = "/run/keys/strongswanCert.pem"; crluri = "http://crl2.strongswan.org/strongswan.crl"; } ; }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan.nix>
- services.strongswan.connections
A set of connections and their options for the ‘conn xxx’ sections of the ipsec.conf file.
Type: attribute set of attribute set of stringss
Default: { }
Example:
{ "%default" = { keyexchange = "ikev2"; keyingtries = "1"; }; roadwarrior = { auto = "add"; leftcert = "/run/keys/moonCert.pem"; leftid = "@moon.strongswan.org"; leftsubnet = "10.1.0.0/16"; right = "%any"; }; }Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan.nix>
- services.strongswan.managePlugins
If set to true, this option will disable automatic plugin loading and then tell strongSwan to enable the plugins specified in the enabledPlugins option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan.nix>
- services.strongswan.secrets
A list of paths to IPSec secret files. These files will be included into the main ipsec.secrets file with the include directive. It is safer if these paths are absolute.
Type: list of strings
Default: [ ]
Example: [ "/run/keys/ipsec-foo.secret" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan.nix>
- services.strongswan.setup
A set of options for the ‘config setup’ section of the ipsec.conf file. Defines general configuration parameters.
Type: attribute set of strings
Default: { }
Example: { cachecrls = "yes"; strictcrlpolicy = "yes"; }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan.nix>
- services.strongswan-swanctl.enable
Whether to enable strongswan-swanctl service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.package
The strongswan derivation to use.
Type: package
Default: pkgs.strongswan
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.strongswan.extraConfig
Contents of the strongswan.conf file.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.authorities
Section defining complementary attributes of certification authorities, each in its own subsection with an arbitrary yet unique name
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.authorities.<name>.cacert
The certificates may use a relative path from the swanctl x509ca directory or an absolute path.
Configure one of cacert, file, or handle per section.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.authorities.<name>.cert_uri_base
Defines the base URI for the Hash and URL feature supported by IKEv2. Instead of exchanging complete certificates, IKEv2 allows one to send an URI that resolves to the DER encoded certificate. The certificate URIs are built by appending the SHA1 hash of the DER encoded certificates to this base URI.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.authorities.<name>.crl_uris
List of CRL distribution points (ldap, http, or file URI).
StrongSwan default: []
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.authorities.<name>.file
Absolute path to the certificate to load. Passed as-is to the daemon, so it must be readable by it.
Configure either this or handle, but not both, in one section.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.authorities.<name>.handle
Hex-encoded CKA_ID or handle of the certificate on a token or TPM, respectively.
Configure either this or file, but not both, in one section.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.authorities.<name>.module
Optional PKCS#11 module name.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.authorities.<name>.ocsp_uris
List of OCSP URIs.
StrongSwan default: []
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.authorities.<name>.slot
Optional slot number of the token that stores the certificate.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections
Section defining IKE connection configurations, each in its own subsection with an arbitrary yet unique name
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.aggressive
Enables Aggressive Mode instead of Main Mode with Identity Protection. Aggressive Mode is considered less secure, because the ID and HASH payloads are exchanged unprotected. This allows a passive attacker to snoop peer identities, and even worse, start dictionary attacks on the Preshared Key.
StrongSwan default: false
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.childless
Use childless IKE_SA initiation (RFC 6023) for IKEv2. Acceptable values are allow (the default), force and never. If set to allow, responders will accept childless IKE_SAs (as indicated via notify in the IKE_SA_INIT response) while initiators continue to create regular IKE_SAs with the first CHILD_SA created during IKE_AUTH, unless the IKE_SA is initiated explicitly without any children (which will fail if the responder does not support or has disabled this extension). If set to force, only childless initiation is accepted and the first CHILD_SA is created with a separate CREATE_CHILD_SA exchange (e.g. to use an independent DH exchange for all CHILD_SAs). Finally, setting the option to never disables support for childless IKE_SAs as responder.
StrongSwan default: "allow"
Type: null or one of "allow", "force", "never"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children
CHILD_SA configuration sub-section. Each connection definition may have one or more sections in its children subsection. The section name defines the name of the CHILD_SA configuration, which must be unique within the connection (denoted <child> below).
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ah_proposals
AH proposals to offer for the CHILD_SA. A proposal is a set of algorithms. For AH, this includes an integrity algorithm and an optional Diffie-Hellman group. If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial negotiation uses a separate Diffie-Hellman exchange using the specified group (refer to esp_proposals for details).
In IKEv2, multiple algorithms of the same kind can be specified in a single proposal, from which one gets selected. In IKEv1, only one algorithm per kind is allowed per proposal, more algorithms get implicitly stripped. Use multiple proposals to offer different algorithms combinations in IKEv1.
Algorithm keywords get separated using dashes. Multiple proposals may be specified in a list. The special value default forms a default proposal of supported algorithms considered safe, and is usually a good choice for interoperability. By default no AH proposals are included, instead ESP is proposed.
StrongSwan default: []
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.close_action
Action to perform after a CHILD_SA gets closed by the peer.
- The default of none does not take any action,
- trap installs a trap policy for the CHILD_SA.
- start tries to re-create the CHILD_SA.
close_action does not provide any guarantee that the CHILD_SA is kept alive. It acts on explicit close messages only, but not on negotiation failures. Use trap policies to reliably re-create failed CHILD_SAs.
StrongSwan default: "none"
Type: null or one of "none", "trap", "start"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_df
Whether to copy the DF bit to the outer IPv4 header in tunnel mode. This effectively disables Path MTU discovery (PMTUD). Controlling this behavior is not supported by all kernel interfaces.
StrongSwan default: true
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_dscp
Whether to copy the DSCP (Differentiated Services Field Codepoint) header field to/from the outer IP header in tunnel mode. The value out only copies the field from the inner to the outer header, the value in does the opposite and only copies the field from the outer to the inner header when decapsulating, the value yes copies the field in both directions, and the value no disables copying the field altogether. Setting this to yes or in could allow an attacker to adversely affect other traffic at the receiver, which is why the default is out. Controlling this behavior is not supported by all kernel interfaces.
StrongSwan default: "out"
Type: null or one of "out", "in", "yes", "no"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_ecn
Whether to copy the ECN (Explicit Congestion Notification) header field to/from the outer IP header in tunnel mode. Controlling this behavior is not supported by all kernel interfaces.
StrongSwan default: true
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.dpd_action
Action to perform for this CHILD_SA on DPD timeout. The default clear closes the CHILD_SA and does not take further action. trap installs a trap policy, which will catch matching traffic and tries to re-negotiate the tunnel on-demand. restart immediately tries to re-negotiate the CHILD_SA under a fresh IKE_SA.
StrongSwan default: "clear"
Type: null or one of "clear", "trap", "restart"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.esp_proposals
ESP proposals to offer for the CHILD_SA. A proposal is a set of algorithms. For ESP non-AEAD proposals, this includes an integrity algorithm, an encryption algorithm, an optional Diffie-Hellman group and an optional Extended Sequence Number Mode indicator. For AEAD proposals, a combined mode algorithm is used instead of the separate encryption/integrity algorithms.
If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial negotiation use a separate Diffie-Hellman exchange using the specified group. However, for IKEv2, the keys of the CHILD_SA created implicitly with the IKE_SA will always be derived from the IKE_SA's key material. So any DH group specified here will only apply when the CHILD_SA is later rekeyed or is created with a separate CREATE_CHILD_SA exchange. A proposal mismatch might, therefore, not immediately be noticed when the SA is established, but may later cause rekeying to fail.
Extended Sequence Number support may be indicated with the esn and noesn values, both may be included to indicate support for both modes. If omitted, noesn is assumed.
In IKEv2, multiple algorithms of the same kind can be specified in a single proposal, from which one gets selected. In IKEv1, only one algorithm per kind is allowed per proposal, more algorithms get implicitly stripped. Use multiple proposals to offer different algorithms combinations in IKEv1.
Algorithm keywords get separated using dashes. Multiple proposals may be specified as a list. The special value default forms a default proposal of supported algorithms considered safe, and is usually a good choice for interoperability. If no algorithms are specified for AH nor ESP, the default set of algorithms for ESP is included.
StrongSwan default: ["default"]
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.hostaccess
Hostaccess variable to pass to updown script.
StrongSwan default: false
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.hw_offload
Enable hardware offload for this CHILD_SA, if supported by the IPsec implementation. The value yes enforces offloading and the installation will fail if it's not supported by either kernel or device. The value auto enables offloading, if it's supported, but the installation does not fail otherwise.
StrongSwan default: "no"
Type: null or one of "yes", "no", "auto"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.if_id_in
XFRM interface ID set on inbound policies/SA. This allows installing duplicate policies/SAs and associates them with an interface with the same ID. The special value %unique sets a unique interface ID on each CHILD_SA instance, beyond that the value %unique-dir assigns a different unique interface ID for each CHILD_SA direction (in/out).
StrongSwan default: "0"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.if_id_out
XFRM interface ID set on outbound policies/SA. This allows installing duplicate policies/SAs and associates them with an interface with the same ID. The special value %unique sets a unique interface ID on each CHILD_SA instance, beyond that the value %unique-dir assigns a different unique interface ID for each CHILD_SA direction (in/out). The daemon will not install routes for CHILD_SAs that have this option set.
StrongSwan default: "0"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.inactivity
Timeout before closing CHILD_SA after inactivity. If no traffic has been processed in either direction for the configured timeout, the CHILD_SA gets closed due to inactivity. The default value of 0 disables inactivity checks.
StrongSwan default: "0s"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.interface
Optional interface name to restrict outbound IPsec policies.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ipcomp
Enable IPComp compression before encryption. If enabled, IKE tries to negotiate IPComp compression to compress ESP payload data prior to encryption.
StrongSwan default: false
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_bytes
Maximum bytes processed before CHILD_SA gets closed. Usually this hard volume limit is never reached, because the CHILD_SA gets rekeyed before. If that fails for whatever reason, this limit closes the CHILD_SA. The default is 10% more than rekey_bytes.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_packets
Maximum number of packets processed before CHILD_SA gets closed. Usually this hard packets limit is never reached, because the CHILD_SA gets rekeyed before. If that fails for whatever reason, this limit closes the CHILD_SA.
The default is 10% more than rekey_bytes.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_time
Maximum lifetime before CHILD_SA gets closed. Usually this hard lifetime is never reached, because the CHILD_SA gets rekeyed before. If that fails for whatever reason, this limit closes the CHILD_SA. The default is 10% more than the rekey_time.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.local_ts
List of local traffic selectors to include in CHILD_SA. Each selector is a CIDR subnet definition, followed by an optional proto/port selector. The special value dynamic may be used instead of a subnet definition, which gets replaced by the tunnel outer address or the virtual IP, if negotiated. This is the default.
A protocol/port selector is surrounded by opening and closing square brackets. Between these brackets, a numeric or getservent(3) protocol name may be specified. After the optional protocol restriction, an optional port restriction may be specified, separated by a slash. The port restriction may be numeric, a getservent(3) service name, or the special value opaque for RFC 4301 OPAQUE selectors. Port ranges may be specified as well, none of the kernel backends currently support port ranges, though.
When IKEv1 is used only the first selector is interpreted, except if the Cisco Unity extension plugin is used. This is due to a limitation of the IKEv1 protocol, which only allows a single pair of selectors per CHILD_SA. So to tunnel traffic matched by several pairs of selectors when using IKEv1 several children (CHILD_SAs) have to be defined that cover the selectors. The IKE daemon uses traffic selector narrowing for IKEv1, the same way it is standardized and implemented for IKEv2. However, this may lead to problems with other implementations. To avoid that, configure identical selectors in such scenarios.
StrongSwan default: ["dynamic"]
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_in
Netfilter mark and mask for input traffic. On Linux, Netfilter may require marks on each packet to match an SA/policy having that option set. This allows installing duplicate policies and enables Netfilter rules to select specific SAs/policies for incoming traffic. Note that inbound marks are only set on policies, by default, unless mark_in_sa is enabled. The special value %unique sets a unique mark on each CHILD_SA instance, beyond that the value %unique-dir assigns a different unique mark for each
An additional mask may be appended to the mark, separated by /. The default mask if omitted is 0xffffffff.
StrongSwan default: "0/0x00000000"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_in_sa
Whether to set mark_in on the inbound SA. By default, the inbound mark is only set on the inbound policy. The tuple destination address, protocol and SPI is unique and the mark is not required to find the correct SA, allowing to mark traffic after decryption instead (where more specific selectors may be used) to match different policies. Marking packets before decryption is still possible, even if no mark is set on the SA.
StrongSwan default: false
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_out
Netfilter mark and mask for output traffic. On Linux, Netfilter may require marks on each packet to match a policy/SA having that option set. This allows installing duplicate policies and enables Netfilter rules to select specific policies/SAs for outgoing traffic. The special value %unique sets a unique mark on each CHILD_SA instance, beyond that the value %unique-dir assigns a different unique mark for each CHILD_SA direction (in/out).
An additional mask may be appended to the mark, separated by /. The default mask if omitted is 0xffffffff.
StrongSwan default: "0/0x00000000"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mode
IPsec Mode to establish CHILD_SA with.
- tunnel negotiates the CHILD_SA in IPsec Tunnel Mode,
- whereas transport uses IPsec Transport Mode.
- transport_proxy signifying the special Mobile IPv6 Transport Proxy Mode.
- beet is the Bound End to End Tunnel mixture mode, working with fixed inner addresses without the need to include them in each packet.
- Both transport and beet modes are subject to mode negotiation; tunnel mode is negotiated if the preferred mode is not available.
- pass and drop are used to install shunt policies which explicitly bypass the defined traffic from IPsec processing or drop it, respectively.
StrongSwan default: "tunnel"
Type: null or one of "tunnel", "transport", "transport_proxy", "beet", "pass", "drop"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.policies
Whether to install IPsec policies or not. Disabling this can be useful in some scenarios e.g. MIPv6, where policies are not managed by the IKE daemon. Since 5.3.3.
StrongSwan default: true
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.policies_fwd_out
Whether to install outbound FWD IPsec policies or not. Enabling this is required in case there is a drop policy that would match and block forwarded traffic for this CHILD_SA. Since 5.5.1.
StrongSwan default: false
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.priority
Optional fixed priority for IPsec policies. This could be useful to install high-priority drop policies. The default of 0 uses dynamically calculated priorities based on the size of the traffic selectors.
StrongSwan default: 0
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_bytes
Byte range from which to choose a random value to subtract from rekey_bytes. The default is the difference between life_bytes and rekey_bytes.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_packets
Packet range from which to choose a random value to subtract from rekey_packets. The default is the difference between life_packets and rekey_packets.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_time
Time range from which to choose a random value to subtract from rekey_time. The default is the difference between life_time and rekey_time.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_bytes
Number of bytes processed before initiating CHILD_SA rekeying. CHILD_SA rekeying refreshes key material, optionally using a Diffie-Hellman exchange if a group is specified in the proposal.
To avoid rekey collisions initiated by both ends simultaneously, a value in the range of rand_bytes gets subtracted to form the effective soft volume limit.
Volume based CHILD_SA rekeying is disabled by default.
StrongSwan default: 0
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_packets
Number of packets processed before initiating CHILD_SA rekeying. CHILD_SA rekeying refreshes key material, optionally using a Diffie-Hellman exchange if a group is specified in the proposal.
To avoid rekey collisions initiated by both ends simultaneously, a value in the range of rand_packets gets subtracted to form the effective soft packet count limit.
Packet count based CHILD_SA rekeying is disabled by default.
StrongSwan default: 0
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_time
Time to schedule CHILD_SA rekeying. CHILD_SA rekeying refreshes key material, optionally using a Diffie-Hellman exchange if a group is specified in the proposal. To avoid rekey collisions initiated by both ends simultaneously, a value in the range of rand_time gets subtracted to form the effective soft lifetime.
By default CHILD_SA rekeying is scheduled every hour, minus rand_time.
StrongSwan default: "1h"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.remote_ts
List of remote selectors to include in CHILD_SA. See local_ts for a description of the selector syntax.
StrongSwan default: ["dynamic"]
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.replay_window
IPsec replay window to configure for this CHILD_SA. Larger values than the default of 32 are supported using the Netlink backend only, a value of 0 disables IPsec replay protection.
StrongSwan default: 32
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.reqid
Fixed reqid to use for this CHILD_SA. This might be helpful in some scenarios, but works only if each CHILD_SA configuration is instantiated not more than once. The default of 0 uses dynamic reqids, allocated incrementally.
StrongSwan default: 0
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.set_mark_in
Netfilter mark applied to packets after the inbound IPsec SA processed them. This way it's not necessary to mark packets via Netfilter before decryption or right afterwards to match policies or process them differently (e.g. via policy routing). An additional mask may be appended to the mark, separated by /. The default mask if omitted is 0xffffffff. The special value %same uses the value (but not the mask) from mark_in as mark value, which can be fixed, %unique or %unique-dir. Setting marks in XFRM input requires Linux 4.19 or higher.
StrongSwan default: "0/0x00000000"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.set_mark_out
Netfilter mark applied to packets after the outbound IPsec SA processed them. This allows processing ESP packets differently than the original traffic (e.g. via policy routing). An additional mask may be appended to the mark, separated by /. The default mask if omitted is 0xffffffff. The special value %same uses the value (but not the mask) from mark_out as mark value, which can be fixed, %unique_ or %unique-dir. Setting marks in XFRM output is supported since Linux 4.14. Setting a mask requires at least Linux 4.19.
StrongSwan default: "0/0x00000000"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.sha256_96
HMAC-SHA-256 is used with 128-bit truncation with IPsec. For compatibility with implementations that incorrectly use 96-bit truncation this option may be enabled to configure the shorter truncation length in the kernel. This is not negotiated, so this only works with peers that use the incorrect truncation length (or have this option enabled).
StrongSwan default: false
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.start_action
Action to perform after loading the configuration.
- The default of none loads the connection only, which then can be manually initiated or used as a responder configuration.
- The value trap installs a trap policy, which triggers the tunnel as soon as matching traffic has been detected.
- The value start initiates the connection actively.
When unloading or replacing a CHILD_SA configuration having a start_action different from none, the inverse action is performed. Configurations with start get closed, while such with trap get uninstalled.
StrongSwan default: "none"
Type: null or one of "none", "trap", "start"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.tfc_padding
Pads ESP packets with additional data to have a consistent ESP packet size for improved Traffic Flow Confidentiality. The padding defines the minimum size of all ESP packets sent. The default value of 0 disables TFC padding, the special value mtu adds TFC padding to create a packet size equal to the Path Maximum Transfer Unit.
StrongSwan default: 0
Type: null or signed integer or value "mtu" (singular enum)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.updown
Updown script to invoke on CHILD_SA up and down events.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.dpd_delay
Interval to check the liveness of a peer actively using IKEv2 INFORMATIONAL exchanges or IKEv1 R_U_THERE messages. Active DPD checking is only enforced if no IKE or ESP/AH packet has been received for the configured DPD delay.
StrongSwan default: "0s"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.dpd_timeout
Charon by default uses the normal retransmission mechanism and timeouts to check the liveness of a peer, as all messages are used for liveness checking. For compatibility reasons, with IKEv1 a custom interval may be specified; this option has no effect on connections using IKEv2.
StrongSwan default: "0s"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.dscp
Differentiated Services Field Codepoint to set on outgoing IKE packets for this connection. The value is a six digit binary encoded string specifying the Codepoint to set, as defined in RFC 2474.
StrongSwan default: "000000"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.encap
To enforce UDP encapsulation of ESP packets, the IKE daemon can fake the NAT detection payloads. This makes the peer believe that NAT takes place on the path, forcing it to encapsulate ESP packets in UDP.
Usually this is not required, but it can help to work around connectivity issues with too restrictive intermediary firewalls.
StrongSwan default: false
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.fragmentation
Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2 fragmentation). Acceptable values are yes (the default since 5.5.1), accept (since versions:5.5.3), force and no.
- If set to yes, and the peer supports it, oversized IKE messages will be sent in fragments.
- If set to accept, support for fragmentation is announced to the peer but the daemon does not send its own messages in fragments.
- If set to force (only supported for IKEv1) the initial IKE message will already be fragmented if required.
- Finally, setting the option to no will disable announcing support for this feature.
Note that fragmented IKE messages sent by a peer are always processed irrespective of the value of this option (even when set to no).
StrongSwan default: "yes"
Type: null or one of "yes", "accept", "force", "no"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.if_id_in
XFRM interface ID set on inbound policies/SA, can be overridden by child config, see there for details.
StrongSwan default: "0"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.if_id_out
XFRM interface ID set on outbound policies/SA, can be overridden by child config, see there for details.
StrongSwan default: "0"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.keyingtries
Number of retransmission sequences to perform during initial connect. Instead of giving up initiation after the first retransmission sequence with the default value of 1, additional sequences may be started according to the configured value. A value of 0 initiates a new sequence until the connection establishes or fails with a permanent error.
StrongSwan default: 1
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.local
Section for a local authentication round. A local authentication round defines the rules how authentication is performed for the local peer. Multiple rounds may be defined to use IKEv2 RFC 4739 Multiple Authentication or IKEv1 XAuth.
Each round is defined in a section having local as prefix, and an optional unique suffix. To define a single authentication round, the suffix may be omitted.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.aaa_id
Server side EAP-Identity to expect in the EAP method. Some EAP methods, such as EAP-TLS, use an identity for the server to perform mutual authentication. This identity may differ from the IKE identity, especially when EAP authentication is delegated from the IKE responder to an AAA backend.
For EAP-(T)TLS, this defines the identity for which the server must provide a certificate in the TLS exchange.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.auth
Authentication to perform locally.
- The default pubkey uses public key authentication using a private key associated to a usable certificate.
- psk uses pre-shared key authentication.
- The IKEv1 specific xauth is used for XAuth or Hybrid authentication,
- while the IKEv2 specific eap keyword defines EAP authentication.
- For xauth, a specific backend name may be appended, separated by a dash. The appropriate xauth backend is selected to perform the XAuth exchange. For traditional XAuth, the xauth method is usually defined in the second authentication round following an initial pubkey (or psk) round. Using xauth in the first round performs Hybrid Mode client authentication.
- For eap, a specific EAP method name may be appended, separated by a dash. An EAP module implementing the appropriate method is selected to perform the EAP conversation.
- Since 5.4.0, if both peers support RFC 7427 ("Signature Authentication in IKEv2") specific hash algorithms to be used during IKEv2 authentication may be configured. To do so use ike: followed by a trust chain signature scheme constraint (see description of the remote section's auth keyword). For example, with ike:pubkey-sha384-sha256 a public key signature scheme with either SHA-384 or SHA-256 would get used for authentication, in that order and depending on the hash algorithms supported by the peer. If no specific hash algorithms are configured, the default is to prefer an algorithm that matches or exceeds the strength of the signature key. If no constraints with ike: prefix are configured any signature scheme constraint (without ike: prefix) will also apply to IKEv2 authentication, unless this is disabled in strongswan.conf. To use RSASSA-PSS signatures use rsa/pss instead of pubkey or rsa as in e.g. ike:rsa/pss-sha256. If pubkey or rsa constraints are configured RSASSA-PSS signatures will only be used if enabled in strongswan.conf(5).
StrongSwan default: "pubkey"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert
Section for a certificate candidate to use for authentication. Certificates in certs are transmitted as binary blobs, these sections offer more flexibility.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.file
Absolute path to the certificate to load. Passed as-is to the daemon, so it must be readable by it.
Configure either this or handle, but not both, in one section.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.handle
Hex-encoded CKA_ID or handle of the certificate on a token or TPM, respectively.
Configure either this or file, but not both, in one section.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.module
Optional PKCS#11 module name.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.slot
Optional slot number of the token that stores the certificate.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.certs
List of certificate candidates to use for authentication. The certificates may use a relative path from the swanctl x509 directory or an absolute path.
The certificate used for authentication is selected based on the received certificate request payloads. If no appropriate CA can be located, the first certificate is used.
StrongSwan default: []
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.eap_id
Client EAP-Identity to use in EAP-Identity exchange and the EAP method.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.id
IKE identity to use for authentication round. When using certificate authentication, the IKE identity must be contained in the certificate, either as subject or as subjectAltName.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.pubkeys
List of raw public key candidates to use for authentication. The public keys may use a relative path from the swanctl pubkey directory or an absolute path.
Even though multiple local public keys could be defined in principle, only the first public key in the list is used for authentication.
StrongSwan default: []
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.round
Optional numeric identifier by which authentication rounds are sorted. If not specified rounds are ordered by their position in the config file/vici message.
StrongSwan default: 0
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.xauth_id
Client XAuth username used in the XAuth exchange.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.local_addrs
Local address(es) to use for IKE communication. Takes single IPv4/IPv6 addresses, DNS names, CIDR subnets or IP address ranges.
As initiator, the first non-range/non-subnet is used to initiate the connection from. As responder, the local destination address must match at least to one of the specified addresses, subnets or ranges.
If FQDNs are assigned they are resolved every time a configuration lookup is done. If DNS resolution times out, the lookup is delayed for that time.
StrongSwan default: []
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.local_port
Local UDP port for IKE communication. By default the port of the socket backend is used, which is usually 500. If port 500 is used, automatic IKE port floating to port 4500 is used to work around NAT issues.
Using a non-default local IKE port requires support from the socket backend in use (socket-dynamic).
StrongSwan default: 500
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.mediated_by
The name of the connection to mediate this connection through. If given, the connection will be mediated through the named mediation connection. The mediation connection must have mediation enabled.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.mediation
Whether this connection is a mediation connection, that is, whether this connection is used to mediate other connections using the IKEv2 Mediation Extension. Mediation connections create no CHILD_SA.
StrongSwan default: false
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.mediation_peer
Identity under which the peer is registered at the mediation server, that is, the IKE identity the other end of this connection uses as its local identity on its connection to the mediation server. This is the identity we request the mediation server to mediate us with. Only relevant on connections that set mediated_by. If it is not given, the remote IKE identity of the first authentication round of this connection will be used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.mobike
Enables MOBIKE on IKEv2 connections. MOBIKE is enabled by default on IKEv2 connections, and allows mobility of clients and multi-homing on servers by migrating active IPsec tunnels.
Usually keeping MOBIKE enabled is unproblematic, as it is not used if the peer does not indicate support for it. However, due to the design of MOBIKE, IKEv2 always floats to port 4500 starting from the second exchange. Some implementations don't like this behavior, hence it can be disabled.
StrongSwan default: true
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.over_time
Hard IKE_SA lifetime if rekey/reauth does not complete, as time. To avoid having an IKE/ISAKMP kept alive if IKE reauthentication or rekeying fails perpetually, a maximum hard lifetime may be specified. If the IKE_SA fails to rekey or reauthenticate within the specified time, the IKE_SA gets closed.
In contrast to CHILD_SA rekeying, over_time is relative in time to the rekey_time and reauth_time values, as it applies to both.
The default is 10% of the longer of rekey_time and reauth_time.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.pools
List of named IP pools to allocate virtual IP addresses and other configuration attributes from. Each name references a pool by name from either the pools section or an external pool.
StrongSwan default: []
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.ppk_id
String identifying the Postquantum Preshared Key (PPK) to be used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.ppk_required
Whether a Postquantum Preshared Key (PPK) is required for this connection.
StrongSwan default: false
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.proposals
A proposal is a set of algorithms. For non-AEAD algorithms, this includes for IKE an encryption algorithm, an integrity algorithm, a pseudo random function and a Diffie-Hellman group. For AEAD algorithms, instead of encryption and integrity algorithms, a combined algorithm is used.
In IKEv2, multiple algorithms of the same kind can be specified in a single proposal, from which one gets selected. In IKEv1, only one algorithm per kind is allowed per proposal, more algorithms get implicitly stripped. Use multiple proposals to offer different algorithms combinations in IKEv1.
Algorithm keywords get separated using dashes. Multiple proposals may be specified in a list. The special value default forms a default proposal of supported algorithms considered safe, and is usually a good choice for interoperability.
StrongSwan default: ["default"]
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.pull
If the default of yes is used, Mode Config works in pull mode, where the initiator actively requests a virtual IP. With no, push mode is used, where the responder pushes down a virtual IP to the initiating peer.
Push mode is currently supported for IKEv1, but not in IKEv2. It is used by a few implementations only, pull mode is recommended.
StrongSwan default: true
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.rand_time
Time range from which to choose a random value to subtract from rekey/reauth times. To avoid having both peers initiating the rekey/reauth procedure simultaneously, a random time gets subtracted from the rekey/reauth times.
The default is equal to the configured over_time.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.reauth_time
Time to schedule IKE reauthentication. IKE reauthentication recreates the IKE/ISAKMP SA from scratch and re-evaluates the credentials. In asymmetric configurations (with EAP or configuration payloads) it might not be possible to actively reauthenticate as responder. The IKEv2 reauthentication lifetime negotiation can instruct the client to perform reauthentication.
Reauthentication is disabled by default. Enabling it usually may lead to small connection interruptions, as strongSwan uses a break-before-make policy with IKEv2 to avoid any conflicts with associated tunnel resources.
StrongSwan default: "0s"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.rekey_time
IKE rekeying refreshes key material using a Diffie-Hellman exchange, but does not re-check associated credentials. It is supported in IKEv2 only, IKEv1 performs a reauthentication procedure instead.
With the default value IKE rekeying is scheduled every 4 hours, minus the configured rand_time. If a reauth_time is configured, rekey_time defaults to zero, disabling rekeying; explicitly set both to enforce rekeying and reauthentication.
StrongSwan default: "4h"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.remote
Section for a remote authentication round. A remote authentication round defines the constraints how the peers must authenticate to use this connection. Multiple rounds may be defined to use IKEv2 RFC 4739 Multiple Authentication or IKEv1 XAuth.
Each round is defined in a section having remote as prefix, and an optional unique suffix. To define a single authentication round, the suffix may be omitted.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.auth
Authentication to expect from remote. See the local section's auth keyword description about the details of supported mechanisms.
Since 5.4.0, to require a trustchain public key strength for the remote side, specify the key type followed by the minimum strength in bits (for example ecdsa-384 or rsa-2048-ecdsa-256). To limit the acceptable set of hashing algorithms for trustchain validation, append hash algorithms to pubkey or a key strength definition (for example pubkey-sha256-sha512, rsa-2048-sha256-sha384-sha512 or rsa-2048-sha256-ecdsa-256-sha256-sha384). Unless disabled in strongswan.conf, or explicit IKEv2 signature constraints are configured (refer to the description of the local section's auth keyword for details), such key types and hash algorithms are also applied as constraints against IKEv2 signature authentication schemes used by the remote side. To require RSASSA-PSS signatures use rsa/pss instead of pubkey or rsa as in e.g. rsa/pss-sha256. If pubkey or rsa constraints are configured RSASSA-PSS signatures will only be accepted if enabled in strongswan.conf(5).
To specify trust chain constraints for EAP-(T)TLS, append a colon to the EAP method, followed by the key type/size and hash algorithm as discussed above (e.g. eap-tls:ecdsa-384-sha384).
StrongSwan default: "pubkey"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.ca_id
Identity in CA certificate to accept for authentication. The specified identity must be contained in one (intermediate) CA of the remote peer trustchain, either as subject or as subjectAltName. This has the same effect as specifying cacerts to force clients under a CA to specific connections; it does not require the CA certificate to be available locally, and can be received from the peer during the IKE exchange.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert
Section for a CA certificate to accept for authentication. Certificates in cacerts are transmitted as binary blobs, these sections offer more flexibility.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.file
Absolute path to the certificate to load. Passed as-is to the daemon, so it must be readable by it.
Configure either this or handle, but not both, in one section.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.handle
Hex-encoded CKA_ID or handle of the certificate on a token or TPM, respectively.
Configure either this or file, but not both, in one section.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.module
Optional PKCS#11 module name.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.slot
Optional slot number of the token that stores the certificate.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacerts
List of CA certificates to accept for authentication. The certificates may use a relative path from the swanctl x509ca directory or an absolute path.
StrongSwan default: []
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert
Section for a certificate candidate to use for authentication. Certificates in certs are transmitted as binary blobs, these sections offer more flexibility.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.file
Absolute path to the certificate to load. Passed as-is to the daemon, so it must be readable by it.
Configure either this or handle, but not both, in one section.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.handle
Hex-encoded CKA_ID or handle of the certificate on a token or TPM, respectively.
Configure either this or file, but not both, in one section.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.module
Optional PKCS#11 module name.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.slot
Optional slot number of the token that stores the certificate.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert_policy
List of certificate policy OIDs the peer's certificate must have. OIDs are specified using the numerical dotted representation.
StrongSwan default: []
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.certs
List of certificates to accept for authentication. The certificates may use a relative path from the swanctl x509 directory or an absolute path.
StrongSwan default: []
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.eap_id
Identity to use as peer identity during EAP authentication. If set to %any the EAP-Identity method will be used to ask the client for an EAP identity.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.groups
Authorization group memberships to require. The peer must prove membership to at least one of the specified groups. Group membership can be certified by different means, for example by appropriate Attribute Certificates or by an AAA backend involved in the authentication.
StrongSwan default: []
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.id
IKE identity to expect for authentication round. When using certificate authentication, the IKE identity must be contained in the certificate, either as subject or as subjectAltName.
StrongSwan default: "%any"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.pubkeys
List of raw public keys to accept for authentication. The public keys may use a relative path from the swanctl pubkey directory or an absolute path.
StrongSwan default: []
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.revocation
Certificate revocation policy for CRL or OCSP revocation.
- A strict revocation policy fails if no revocation information is available, i.e. the certificate is not known to be unrevoked.
- ifuri fails only if a CRL/OCSP URI is available, but certificate revocation checking fails, i.e. there should be revocation information available, but it could not be obtained.
- The default revocation policy relaxed fails only if a certificate is revoked, i.e. it is explicitly known that it is bad.
StrongSwan default: "relaxed"
Type: null or one of "strict", "ifuri", "relaxed"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.round
Optional numeric identifier by which authentication rounds are sorted. If not specified rounds are ordered by their position in the config file/vici message.
StrongSwan default: 0
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.remote_addrs
Remote address(es) to use for IKE communication. Takes single IPv4/IPv6 addresses, DNS names, CIDR subnets or IP address ranges.
As initiator, the first non-range/non-subnet is used to initiate the connection to. As responder, the initiator source address must match at least to one of the specified addresses, subnets or ranges.
If FQDNs are assigned they are resolved every time a configuration lookup is done. If DNS resolution times out, the lookup is delayed for that time. To initiate a connection, at least one specific address or DNS name must be specified.
StrongSwan default: []
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.remote_port
Remote UDP port for IKE communication. If the default of port 500 is used, automatic IKE port floating to port 4500 is used to work around NAT issues.
StrongSwan default: 500
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.send_cert
Send certificate payloads when using certificate authentication.
- With the default of ifasked the daemon sends certificate payloads only if certificate requests have been received.
- never disables sending of certificate payloads altogether,
- always causes certificate payloads to be sent unconditionally whenever certificate authentication is used.
StrongSwan default: "ifasked"
Type: null or one of "always", "never", "ifasked"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.send_certreq
Send certificate request payloads to offer trusted root CA certificates to the peer. Certificate requests help the peer to choose an appropriate certificate/private key for authentication and are enabled by default. Disabling certificate requests can be useful if too many trusted root CA certificates are installed, as each certificate request increases the size of the initial IKE packets.
StrongSwan default: true
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.unique
Connection uniqueness policy to enforce. To avoid multiple connections from the same user, a uniqueness policy can be enforced.
- The value never does never enforce such a policy, even if a peer included INITIAL_CONTACT notification messages,
- whereas no replaces existing connections for the same identity if a new one has the INITIAL_CONTACT notify.
- keep rejects new connection attempts if the same user already has an active connection,
- replace deletes any existing connection if a new one for the same user gets established.
To compare connections for uniqueness, the remote IKE identity is used. If EAP or XAuth authentication is involved, the EAP-Identity or XAuth username is used to enforce the uniqueness policy instead.
On initiators this setting specifies whether an INITIAL_CONTACT notify is sent during IKE_AUTH if no existing connection is found with the remote peer (determined by the identities of the first authentication round). Unless set to never the client will send a notify.
StrongSwan default: "no"
Type: null or one of "no", "never", "keep", "replace"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.version
IKE major version to use for connection.
- 1 uses IKEv1 aka ISAKMP,
- 2 uses IKEv2.
- A connection using the default of 0 accepts both IKEv1 and IKEv2 as responder, and initiates the connection actively with IKEv2.
StrongSwan default: 0
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.connections.<name>.vips
List of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all.
StrongSwan default: []
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.pools
Section defining named pools. Named pools may be referenced by connections with the pools option to assign virtual IPs and other configuration attributes. Each pool must have a unique name (denoted <name> below).
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.pools.<name>.addrs
Subnet or range defining addresses allocated in pool. Accepts a single CIDR subnet defining the pool to allocate addresses from or an address range (<from>-<to>). Pools must be unique and non-overlapping.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.pools.<name>.dhcp
Address or CIDR subnets
StrongSwan default: []
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.pools.<name>.dns
Address or CIDR subnets
StrongSwan default: []
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.pools.<name>.nbns
Address or CIDR subnets
StrongSwan default: []
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.pools.<name>.netmask
Address or CIDR subnets
StrongSwan default: []
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.pools.<name>.server
Address or CIDR subnets
StrongSwan default: []
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.pools.<name>.split_exclude
Address or CIDR subnets
StrongSwan default: []
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.pools.<name>.split_include
Address or CIDR subnets
StrongSwan default: []
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.pools.<name>.subnet
Address or CIDR subnets
StrongSwan default: []
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.eap
EAP secret section for a specific secret. Each EAP secret is defined in a unique section having the eap prefix. EAP secrets are used for XAuth authentication as well.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.eap.<name>.id
Identity the EAP/XAuth secret belongs to. Multiple unique identities may be specified, each having an id prefix, if a secret is shared between multiple users.
Type: attribute set of null or strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.eap.<name>.secret
Value of the EAP/XAuth secret. It may either be an ASCII string, a hex encoded string if it has a 0x prefix or a Base64 encoded string if it has a 0s prefix in its value.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.ecdsa
Private key decryption passphrase for a key in the ecdsa folder.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.ecdsa.<name>.file
File name in the ecdsa folder for which this passphrase should be used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.ecdsa.<name>.secret
Value of decryption passphrase for ECDSA key.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.ike
IKE preshared secret section for a specific secret. Each IKE PSK is defined in a unique section having the ike prefix.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.ike.<name>.id
IKE identity the IKE preshared secret belongs to. Multiple unique identities may be specified, each having an id prefix, if a secret is shared between multiple peers.
Type: attribute set of null or strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.ike.<name>.secret
Value of the IKE preshared secret. It may either be an ASCII string, a hex encoded string if it has a 0x prefix or a Base64 encoded string if it has a 0s prefix in its value.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.ntlm
NTLM secret section for a specific secret. Each NTLM secret is defined in a unique section having the ntlm prefix. NTLM secrets may only be used for EAP-MSCHAPv2 authentication.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.ntlm.<name>.id
Identity the NTLM secret belongs to. Multiple unique identities may be specified, each having an id prefix, if a secret is shared between multiple users.
Type: attribute set of null or strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.ntlm.<name>.secret
Value of the NTLM secret, which is the NT Hash of the actual secret, that is, MD4(UTF-16LE(secret)). The resulting 16-byte value may either be given as a hex encoded string with a 0x prefix or as a Base64 encoded string with a 0s prefix.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.pkcs12
PKCS#12 decryption passphrase for a container in the pkcs12 folder.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.file
File name in the pkcs12 folder for which this passphrase should be used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.secret
Value of decryption passphrase for PKCS#12 container.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.pkcs8
Private key decryption passphrase for a key in the pkcs8 folder.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.pkcs8.<name>.file
File name in the pkcs8 folder for which this passphrase should be used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.pkcs8.<name>.secret
Value of decryption passphrase for PKCS#8 key.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.ppk
Postquantum Preshared Key (PPK) section for a specific secret. Each PPK is defined in a unique section having the ppk prefix.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.ppk.<name>.id
PPK identity the PPK belongs to. Multiple unique identities may be specified, each having an id prefix, if a secret is shared between multiple peers.
Type: attribute set of null or strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.ppk.<name>.secret
Value of the PPK. It may either be an ASCII string, a hex encoded string if it has a 0x prefix or a Base64 encoded string if it has a 0s prefix in its value. Should have at least 256 bits of entropy for 128-bit security.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.private
Private key decryption passphrase for a key in the private folder.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.private.<name>.file
File name in the private folder for which this passphrase should be used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.private.<name>.secret
Value of decryption passphrase for private key.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.rsa
Private key decryption passphrase for a key in the rsa folder.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.rsa.<name>.file
File name in the rsa folder for which this passphrase should be used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.rsa.<name>.secret
Value of decryption passphrase for RSA key.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.token
Definition for a private key that's stored on a token/smartcard/TPM.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.token.<name>.handle
Hex-encoded CKA_ID or handle of the private key on the token or TPM, respectively.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.token.<name>.module
Optional PKCS#11 module name to access the token.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.token.<name>.pin
Optional PIN required to access the key on the token. If none is provided the user is prompted during an interactive --load-creds call.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.token.<name>.slot
Optional slot number to access the token.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.xauth
EAP secret section for a specific secret. Each EAP secret is defined in a unique section having the eap prefix. EAP secrets are used for XAuth authentication as well.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.xauth.<name>.id
Identity the EAP/XAuth secret belongs to. Multiple unique identities may be specified, each having an id prefix, if a secret is shared between multiple users.
Type: attribute set of null or strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.strongswan-swanctl.swanctl.secrets.xauth.<name>.secret
Value of the EAP/XAuth secret. It may either be an ASCII string, a hex encoded string if it has a 0x prefix or a Base64 encoded string if it has a 0s prefix in its value.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
- services.stubby.enable
Whether to enable Stubby DNS resolver.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
- services.stubby.authenticationMode
Selects the Strict or Opportunistic usage profile. For strict, set to GETDNS_AUTHENTICATION_REQUIRED. for opportunistic, use GETDNS_AUTHENTICATION_NONE.
Type: one of "GETDNS_AUTHENTICATION_REQUIRED", "GETDNS_AUTHENTICATION_NONE"
Default: "GETDNS_AUTHENTICATION_REQUIRED"
Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
- services.stubby.debugLogging
Enable or disable debug level logging.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
- services.stubby.extraConfig
Add additional configuration options. see stubby(1)for more options.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
- services.stubby.fallbackProtocols
Ordered list composed of one or more transport protocols. Strict mode should only use GETDNS_TRANSPORT_TLS. Other options are GETDNS_TRANSPORT_UDP and GETDNS_TRANSPORT_TCP.
Type: list of one of "GETDNS_TRANSPORT_TLS", "GETDNS_TRANSPORT_TCP", "GETDNS_TRANSPORT_UDP"s
Default: [ "GETDNS_TRANSPORT_TLS" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
- services.stubby.idleTimeout
EDNS0 option for keepalive idle timeout expressed in milliseconds.
Type: signed integer
Default: 10000
Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
- services.stubby.listenAddresses
Sets the listen address for the stubby daemon. Uses port 53 by default. Ise IP@port to specify a different port.
Type: list of strings
Default: [ "127.0.0.1" "0::1" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
- services.stubby.queryPaddingBlocksize
EDNS0 option to pad the size of the DNS query to the given blocksize.
Type: signed integer
Default: 128
Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
- services.stubby.roundRobinUpstreams
Instructs stubby to distribute queries across all available name servers. Default is true. Set to false in order to use the first available.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
- services.stubby.subnetPrivate
EDNS0 option for ECS client privacy. Default is true. If set, this option prevents the client subnet from being sent to authoritative nameservers.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
- services.stubby.upstreamServers
Replace default upstreams. See stubby (1) for an example of the entry formatting. In Strict mode, at least one of the following settings must be supplied for each nameserver: tls_auth_name or tls_pubkey_pinset.
Type: strings concatenated with "\n"
Default:
'' - address_data: 145.100.185.15 tls_auth_name: "dnsovertls.sinodun.com" tls_pubkey_pinset: - digest: "sha256" value: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4= - address_data: 145.100.185.16 tls_auth_name: "dnsovertls1.sinodun.com" tls_pubkey_pinset: - digest: "sha256" value: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA= - address_data: 185.49.141.37 tls_auth_name: "getdnsapi.net" tls_pubkey_pinset: - digest: "sha256" value: foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q= - address_data: 2001:610:1:40ba:145:100:185:15 tls_auth_name: "dnsovertls.sinodun.com" tls_pubkey_pinset: - digest: "sha256" value: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4= - address_data: 2001:610:1:40ba:145:100:185:16 tls_auth_name: "dnsovertls1.sinodun.com" tls_pubkey_pinset: - digest: "sha256" value: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA= - address_data: 2a04:b900:0:100::38 tls_auth_name: "getdnsapi.net" tls_pubkey_pinset: - digest: "sha256" value: foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q= ''Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
- services.stunnel.enable
Whether to enable the stunnel TLS tunneling service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
- services.stunnel.enableInsecureSSLv3
Enable support for the insecure SSLv3 protocol.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
- services.stunnel.clients
Define the client configurations.
Type: attribute set of submodules
Default: { }
Example: { foobar = { accept = "0.0.0.0:8080"; connect = "nixos.org:443"; verifyChain = false; } ; }
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
- services.stunnel.clients.<name>.CAFile
Path to a file containing certificates to validate against.
Type: null or path
Default: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
- services.stunnel.clients.<name>.CAPath
Path to a directory containing certificates to validate against.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
- services.stunnel.clients.<name>.accept
IP:Port on which connections should be accepted.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
- services.stunnel.clients.<name>.connect
IP:Port destination to connect to.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
- services.stunnel.clients.<name>.verifyChain
Check if the provided certificate has a valid certificate chain (against CAPath).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
- services.stunnel.clients.<name>.verifyHostname
If set, stunnel checks if the provided certificate is valid for the given hostname.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
- services.stunnel.clients.<name>.verifyPeer
Check if the provided certificate is contained in CAPath.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
- services.stunnel.fipsMode
Enable FIPS 140-2 mode required for compliance.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
- services.stunnel.group
The group under which stunnel runs.
Type: null or string
Default: "nogroup"
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
- services.stunnel.logLevel
Verbosity of stunnel output.
Type: one of "emerg", "alert", "crit", "err", "warning", "notice", "info", "debug"
Default: "info"
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
- services.stunnel.servers
Define the server configuations.
Type: attribute set of submodules
Default: { }
Example: { fancyWebserver = { accept = 443; cert = "/path/to/pem/file"; connect = 8080; } ; }
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
- services.stunnel.servers.<name>.accept
On which [host:]port stunnel should listen for incoming TLS connections. Note that unlike other softwares stunnel ipv6 address need no brackets, so to listen on all IPv6 addresses on port 1234 one would use ':::1234'.
Type: string or signed integer
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
- services.stunnel.servers.<name>.cert
File containing both the private and public keys.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
- services.stunnel.servers.<name>.connect
To which port the decrypted connection should be forwarded.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
- services.stunnel.user
The user under which stunnel runs.
Type: null or string
Default: "nobody"
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
- services.subsonic.enable
Whether to enable Subsonic daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
- services.subsonic.contextPath
The context path, i.e., the last part of the Subsonic URL. Typically '/' or '/subsonic'. Default '/'
Type: path
Default: "/"
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
- services.subsonic.defaultMusicFolder
Configure Subsonic to use this folder for music. This option only has effect the first time Subsonic is started.
Type: path
Default: "/var/music"
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
- services.subsonic.defaultPlaylistFolder
Configure Subsonic to use this folder for playlists. This option only has effect the first time Subsonic is started.
Type: path
Default: "/var/playlists"
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
- services.subsonic.defaultPodcastFolder
Configure Subsonic to use this folder for Podcasts. This option only has effect the first time Subsonic is started.
Type: path
Default: "/var/music/Podcast"
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
- services.subsonic.home
The directory where Subsonic will create files. Make sure it is writable.
Type: path
Default: "/var/lib/subsonic"
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
- services.subsonic.httpsPort
The port on which Subsonic will listen for incoming HTTPS traffic. Set to 0 to disable.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
- services.subsonic.listenAddress
The host name or IP address on which to bind Subsonic. Only relevant if you have multiple network interfaces and want to make Subsonic available on only one of them. The default value will bind Subsonic to all available network interfaces.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
- services.subsonic.maxMemory
The memory limit (max Java heap size) in megabytes. Default: 100
Type: signed integer
Default: 100
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
- services.subsonic.port
The port on which Subsonic will listen for incoming HTTP traffic. Set to 0 to disable.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 4040
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
- services.subsonic.transcoders
List of paths to transcoder executables that should be accessible from Subsonic. Symlinks will be created to each executable inside /var/lib/subsonic/transcoders.
Type: list of paths
Default: [ "${pkgs.ffmpeg.bin}/bin/ffmpeg" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
- services.sundtek.enable
Whether to enable Sundtek driver.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sundtek.nix>
- services.supybot.enable
Enable Supybot, an IRC bot (also known as Limnoria).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/supybot.nix>
- services.supybot.configFile
Path to initial supybot config file. This can be generated by running supybot-wizard.
Note: all paths should include the full path to the stateDir directory (backup conf data logs logs/plugins plugins tmp web).
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/supybot.nix>
- services.supybot.extraPackages
Extra Python packages available to supybot plugins. The value must be a function which receives the attrset defined in python3Packages as the sole argument.
Type: function that evaluates to a(n) listOf
Default: p: []
Example: p: [ p.lxml p.requests ]
Declared by:
<nixpkgs/nixos/modules/services/networking/supybot.nix>
- services.supybot.plugins
Attribute set of additional plugins that will be symlinked to the plugin subdirectory.
Please note that you still need to add the plugins to the config file (or with !load) using their attribute name.
Type: attribute set of paths
Default: { }
Example:
let plugins = pkgs.fetchzip { url = "https://github.com/ProgVal/Supybot-plugins/archive/57c2450c.zip"; sha256 = "077snf84ibnva3sbpzdfpfma6hcdw7dflwnhg6pw7mgnf0nd84qd"; }; in { Wikipedia = "${plugins}/Wikipedia"; Decide = ./supy-decide; }Declared by:
<nixpkgs/nixos/modules/services/networking/supybot.nix>
- services.supybot.stateDir
The root directory, logs and plugins are stored here
Type: path
Default: /var/lib/supybot
Declared by:
<nixpkgs/nixos/modules/services/networking/supybot.nix>
- services.svnserve.enable
Whether to enable svnserve to serve Subversion repositories through the SVN protocol.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/svnserve.nix>
- services.svnserve.svnBaseDir
Base directory from which Subversion repositories are accessed.
Type: string
Default: "/repos"
Declared by:
<nixpkgs/nixos/modules/services/misc/svnserve.nix>
- services.switcherooControl.enable
Whether to enable switcheroo-control, a D-Bus service to check the availability of dual-GPU.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/video/switcheroo-control.nix>
- services.sympa.enable
Whether to enable Sympa mailing list manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.sympa.database.createLocally
Whether to create a local database automatically.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.sympa.database.host
Database host address.
For MySQL, use localhost to connect using Unix domain socket.
For PostgreSQL, use path to directory (e.g. /run/postgresql) to connect using Unix domain socket located in this directory.
Use null to fall back on Sympa default, or when using services.sympa.database.createLocally.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.sympa.database.name
Database name. When using SQLite this must be an absolute path to the database file.
Type: string
Default: if database.type == "SQLite" then "/var/lib/sympa/sympa.sqlite" else "sympa"
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.sympa.database.passwordFile
A file containing the password for services.sympa.database.user.
Type: null or path
Default: null
Example: "/run/keys/sympa-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.sympa.database.port
Database port. Use null for default port.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.sympa.database.type
Database engine to use.
Type: one of "SQLite", "PostgreSQL", "MySQL"
Default: "SQLite"
Example: "MySQL"
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.sympa.database.user
Database user. The system user name is used as a default.
Type: null or string
Default: "sympa"
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.sympa.domains
Email domains handled by this instance. There have to be MX records for keys of this attribute set.
Type: attribute set of submodules
Example:
{ "lists.example.org" = { webHost = "lists.example.org"; webLocation = "/"; }; "sympa.example.com" = { webHost = "example.com"; webLocation = "/sympa"; }; }Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.sympa.domains.<name>.settings
The robot.conf configuration file as key value set. See https://sympa-community.github.io/gpldoc/man/sympa.conf.5.html for list of configuration parameters.
Type: attribute set of string or signed integer or booleans
Default: { }
Example: { default_max_list_members = 3; }
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.sympa.domains.<name>.webHost
Domain part of the web interface URL (no web interface for this domain if null). DNS record of type A (or AAAA or CNAME) has to exist with this value.
Type: null or string
Default: null
Example: "archive.example.org"
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.sympa.domains.<name>.webLocation
URL path part of the web interface.
Type: string
Default: "/"
Example: "/sympa"
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.sympa.lang
Default Sympa language. See https://github.com/sympa-community/sympa/tree/sympa-6.2/po/sympa for available options.
Type: string
Default: "en_US"
Example: "cs"
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.sympa.listMasters
The list of the email addresses of the listmasters (users authorized to perform global server commands).
Type: list of strings
Example: [ "postmaster@sympa.example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.sympa.mainDomain
Main domain to be used in sympa.conf. If null, one of the services.sympa.domains is chosen for you.
Type: null or string
Default: null
Example: "lists.example.org"
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.sympa.mta.type
Mail transfer agent (MTA) integration. Use none if you want to configure it yourself.
The postfix integration sets up local Postfix instance that will pass incoming messages from configured domains to Sympa. You still need to configure at least outgoing message handling using e.g. services.postfix.relayHost.
Type: one of "postfix", "none"
Default: "postfix"
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.sympa.settings
The sympa.conf configuration file as key value set. See https://sympa-community.github.io/gpldoc/man/sympa.conf.5.html for list of configuration parameters.
Type: attribute set of string or signed integer or booleans
Default: { }
Example:
{ default_home = "lists"; viewlogs_page_size = 50; }Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.sympa.settingsFile
Set of files to be linked in /var/lib/sympa.
Type: attribute set of submodules
Default: { }
Example:
{ "list_data/lists.example.org/help" = { text = "subject This list provides help to users"; }; }Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.sympa.settingsFile.<name>.enable
Whether this file should be generated. This option allows specific files to be disabled.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.sympa.settingsFile.<name>.source
Path of the source file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.sympa.settingsFile.<name>.text
Text of the file.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.sympa.web.enable
Whether to enable Sympa web interface.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.sympa.web.fcgiProcs
Number of FastCGI processes to fork.
Type: positive integer, meaning >0
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.sympa.web.https
Whether to use HTTPS. When nginx integration is enabled, this option forces SSL and enables ACME. Please note that Sympa web interface always uses https links even when this option is disabled.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.sympa.web.server
The webserver used for the Sympa web interface. Set it to `none` if you want to configure it yourself. Further nginx configuration can be done by adapting services.nginx.virtualHosts.name.
Type: one of "nginx", "none"
Default: "nginx"
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
- services.syncoid.enable
Whether to enable Syncoid ZFS synchronization service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
- services.syncoid.commands
Syncoid commands to run.
Type: attribute set of submodules
Default: { }
Example:
{ "pool/test".target = "root@target:pool/test"; }Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
- services.syncoid.commands.<name>.extraArgs
Extra syncoid arguments for this command.
Type: list of strings
Default: [ ]
Example: [ "--sshport 2222" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
- services.syncoid.commands.<name>.localSourceAllow
Permissions granted for the services.syncoid.user user for local source datasets. See https://openzfs.github.io/openzfs-docs/man/8/zfs-allow.8.html for available permissions. Defaults to services.syncoid.localSourceAllow option.
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
- services.syncoid.commands.<name>.localTargetAllow
Permissions granted for the services.syncoid.user user for local target datasets. See https://openzfs.github.io/openzfs-docs/man/8/zfs-allow.8.html for available permissions. Make sure to include the change-key permission if you send raw encrypted datasets, the compression permission if you send raw compressed datasets, and so on. For remote target datasets you'll have to set your remote user permissions by yourself.
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
- services.syncoid.commands.<name>.recursive
Whether to enable the transfer of child datasets.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
- services.syncoid.commands.<name>.recvOptions
Advanced options to pass to zfs recv. Options are specified without their leading dashes and separated by spaces.
Type: strings concatenated with " "
Default: ""
Example: "ux recordsize o compression=lz4"
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
- services.syncoid.commands.<name>.sendOptions
Advanced options to pass to zfs send. Options are specified without their leading dashes and separated by spaces.
Type: strings concatenated with " "
Default: ""
Example: "Lc e"
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
- services.syncoid.commands.<name>.service
Systemd configuration specific to this syncoid service.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
- services.syncoid.commands.<name>.source
Source ZFS dataset. Can be either local or remote. Defaults to the attribute name.
Type: string
Example: "pool/dataset"
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
- services.syncoid.commands.<name>.sshKey
SSH private key file to use to login to the remote system. Defaults to services.syncoid.sshKey option.
Type: null or path
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
- services.syncoid.commands.<name>.target
Target ZFS dataset. Can be either local (pool/dataset) or remote (user@server:pool/dataset).
Type: string
Example: "user@server:pool/dataset"
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
- services.syncoid.commands.<name>.useCommonArgs
Whether to add the configured common arguments to this command.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
- services.syncoid.commonArgs
Arguments to add to every syncoid command, unless disabled for that command. See https://github.com/jimsalterjrs/sanoid/#syncoid-command-line-options for available options.
Type: list of strings
Default: [ ]
Example: [ "--no-sync-snap" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
- services.syncoid.group
The group for the service.
Type: string
Default: "syncoid"
Example: "backup"
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
- services.syncoid.interval
Run syncoid at this interval. The default is to run hourly.
The format is described in systemd.time(7).
Type: string
Default: "hourly"
Example: "*-*-* *:15:00"
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
- services.syncoid.localSourceAllow
Permissions granted for the services.syncoid.user user for local source datasets. See https://openzfs.github.io/openzfs-docs/man/8/zfs-allow.8.html for available permissions.
Type: list of strings
Default: [ "bookmark" "hold" "send" "snapshot" "destroy" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
- services.syncoid.localTargetAllow
Permissions granted for the services.syncoid.user user for local target datasets. See https://openzfs.github.io/openzfs-docs/man/8/zfs-allow.8.html for available permissions. Make sure to include the change-key permission if you send raw encrypted datasets, the compression permission if you send raw compressed datasets, and so on. For remote target datasets you'll have to set your remote user permissions by yourself.
Type: list of strings
Default: [ "change-key" "compression" "create" "mount" "mountpoint" "receive" "rollback" ]
Example: [ "create" "mount" "receive" "rollback" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
- services.syncoid.service
Systemd configuration common to all syncoid services.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
- services.syncoid.sshKey
SSH private key file to use to login to the remote system. Can be overridden in individual commands.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
- services.syncoid.user
The user for the service. ZFS privilege delegation will be automatically configured for any local pools used by syncoid if this option is set to a user other than root. The user will be given the "hold" and "send" privileges on any pool that has datasets being sent and the "create", "mount", "receive", and "rollback" privileges on any pool that has datasets being received.
Type: string
Default: "syncoid"
Example: "backup"
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
- services.syncplay.enable
If enabled, start the Syncplay server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/syncplay.nix>
- services.syncplay.certDir
TLS certificates directory to use for encryption. See https://github.com/Syncplay/syncplay/wiki/TLS-support.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/syncplay.nix>
- services.syncplay.group
Group to use when running Syncplay.
Type: string
Default: "nogroup"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncplay.nix>
- services.syncplay.port
TCP port to bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8999
Declared by:
<nixpkgs/nixos/modules/services/networking/syncplay.nix>
- services.syncplay.salt
Salt to allow room operator passwords generated by this server instance to still work when the server is restarted.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/syncplay.nix>
- services.syncplay.user
User to use when running Syncplay.
Type: string
Default: "nobody"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncplay.nix>
- services.syncthing.enable
Whether to enable Syncthing, a self-hosted open-source alternative to Dropbox and Bittorrent Sync.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.package
The Syncthing package to use.
Type: package
Default: pkgs.syncthing
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.all_proxy
Overwrites the all_proxy environment variable for the Syncthing process to the given value. This is normally used to let Syncthing connect through a SOCKS5 proxy server. See https://docs.syncthing.net/users/proxying.html.
Type: null or string
Default: null
Example: "socks5://address.com:1234"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.cert
Path to the cert.pem file, which will be copied into Syncthing's configDir.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.configDir
The path where the settings and keys will exist.
Type: path
Default: dataDir + "/.config/syncthing"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.dataDir
The path where synchronised directories will exist.
Type: path
Default: "/var/lib/syncthing"
Example: "/home/yourUser"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.devices
Peers/devices which Syncthing should communicate with.
Note that you can still add devices manually, but those changes will be reverted on restart if overrideDevices is enabled.
Type: attribute set of submodules
Default: { }
Example: { bigbox = { addresses = [ "tcp://192.168.0.10:51820" ] ; id = "7CFNTQM-IMTJBHJ-3UWRDIU-ZGQJFR6-VCXZ3NB-XUH3KZO-N52ITXR-LAIYUAU"; } ; }
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.devices.<name>.addresses
The addresses used to connect to the device. If this is left empty, dynamic configuration is attempted.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.devices.<name>.autoAcceptFolders
Automatically create or share folders that this device advertises at the default path. See https://docs.syncthing.net/users/config.html?highlight=autoaccept#config-file-format.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.devices.<name>.id
The device ID. See https://docs.syncthing.net/dev/device-ids.html.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.devices.<name>.introducer
Whether the device should act as an introducer and be allowed to add folders on this computer. See https://docs.syncthing.net/users/introducer.html.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.devices.<name>.name
The name of the device.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.extraFlags
Extra flags passed to the syncthing command in the service definition.
Type: list of strings
Default: [ ]
Example: [ "--reset-deltas" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.extraOptions
Extra configuration options for Syncthing. See https://docs.syncthing.net/users/config.html.
Type: JSON value
Default: { }
Example: { gui = { theme = "black"; } ; options = { localAnnounceEnabled = false; } ; }
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.folders
Folders which should be shared by Syncthing.
Note that you can still add devices manually, but those changes will be reverted on restart if overrideDevices is enabled.
Type: attribute set of submodules
Default: { }
Example:
{ "/home/user/sync" = { id = "syncme"; devices = [ "bigbox" ]; }; }Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.folders.<name>.enable
Whether to share this folder. This option is useful when you want to define all folders in one place, but not every machine should share all folders.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.folders.<name>.devices
The devices this folder should be shared with. Each device must be defined in the devices option.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.folders.<name>.id
The ID of the folder. Must be the same on all devices.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.folders.<name>.ignoreDelete
Whether to skip deleting files that are deleted by peers. See https://docs.syncthing.net/advanced/folder-ignoredelete.html.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.folders.<name>.ignorePerms
Whether to ignore permission changes.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.folders.<name>.label
The label of the folder.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.folders.<name>.path
The path to the folder which should be shared.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.folders.<name>.rescanInterval
How often the folder should be rescanned for changes.
Type: signed integer
Default: 3600
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.folders.<name>.type
Whether to only send changes for this folder, only receive them or both.
Type: one of "sendreceive", "sendonly", "receiveonly"
Default: "sendreceive"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.folders.<name>.versioning
How to keep changed/deleted files with Syncthing. There are 4 different types of versioning with different parameters. See https://docs.syncthing.net/users/versioning.html.
Type: null or submodule
Default: null
Example:
[ { versioning = { type = "simple"; params.keep = "10"; }; } { versioning = { type = "trashcan"; params.cleanoutDays = "1000"; }; } { versioning = { type = "staggered"; params = { cleanInterval = "3600"; maxAge = "31536000"; versionsPath = "/syncthing/backup"; }; }; } { versioning = { type = "external"; params.versionsPath = pkgs.writers.writeBash "backup" '' folderpath="$1" filepath="$2" rm -rf "$folderpath/$filepath" ''; }; } ]Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.folders.<name>.versioning.params
The parameters for versioning. Structure depends on versioning.type. See https://docs.syncthing.net/users/versioning.html.
Type: attribute set of string or paths
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.folders.<name>.versioning.type
The type of versioning. See https://docs.syncthing.net/users/versioning.html.
Type: one of "external", "simple", "staggered", "trashcan"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.folders.<name>.watch
Whether the folder should be watched for changes by inotify.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.folders.<name>.watchDelay
The delay after an inotify event is triggered.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.group
The group to run Syncthing under. By default, a group named syncthing will be created.
Type: string
Default: "syncthing"
Example: "yourGroup"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.guiAddress
The address to serve the web interface at.
Type: string
Default: "127.0.0.1:8384"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.key
Path to the key.pem file, which will be copied into Syncthing's configDir.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.openDefaultPorts
Whether to open the default ports in the firewall: TCP/UDP 22000 for transfers and UDP 21027 for discovery.
If multiple users are running Syncthing on this machine, you will need to manually open a set of ports for each instance and leave this disabled. Alternatively, if you are running only a single instance on this machine using the default ports, enable this.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.overrideDevices
Whether to delete the devices which are not configured via the devices option. If set to false, devices added via the web interface will persist and will have to be deleted manually.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.overrideFolders
Whether to delete the folders which are not configured via the folders option. If set to false, folders added via the web interface will persist and will have to be deleted manually.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.relay.enable
Whether to enable Syncthing relay service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing-relay.nix>
- services.syncthing.relay.extraOptions
Extra command line arguments to pass to strelaysrv.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing-relay.nix>
- services.syncthing.relay.globalRateBps
Global bandwidth rate limit in bytes per second.
Type: null or positive integer, meaning >0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing-relay.nix>
- services.syncthing.relay.listenAddress
Address to listen on for relay traffic.
Type: string
Default: ""
Example: "1.2.3.4"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing-relay.nix>
- services.syncthing.relay.perSessionRateBps
Per session bandwidth rate limit in bytes per second.
Type: null or positive integer, meaning >0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing-relay.nix>
- services.syncthing.relay.pools
Relay pools to join. If null, uses the default global pool.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing-relay.nix>
- services.syncthing.relay.port
Port to listen on for relay traffic. This port should be added to networking.firewall.allowedTCPPorts.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 22067
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing-relay.nix>
- services.syncthing.relay.providedBy
Human-readable description of the provider of the relay (you).
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing-relay.nix>
- services.syncthing.relay.statusListenAddress
Address to listen on for serving the relay status API.
Type: string
Default: ""
Example: "1.2.3.4"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing-relay.nix>
- services.syncthing.relay.statusPort
Port to listen on for serving the relay status API. This port should be added to networking.firewall.allowedTCPPorts.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 22070
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing-relay.nix>
- services.syncthing.systemService
Whether to auto-launch Syncthing as a system service.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.syncthing.user
The user to run Syncthing as. By default, a user named syncthing will be created.
Type: string
Default: "syncthing"
Example: "yourUser"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
- services.synergy.client.enable
Whether to enable the Synergy client (receive keyboard and mouse events from a Synergy server).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
- services.synergy.client.autoStart
Whether the Synergy client should be started automatically.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
- services.synergy.client.screenName
Use the given name instead of the hostname to identify ourselves to the server.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
- services.synergy.client.serverAddress
The server address is of the form: [hostname][:port]. The hostname must be the address or hostname of the server. The port overrides the default port, 24800.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
- services.synergy.server.enable
Whether to enable the Synergy server (send keyboard and mouse events).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
- services.synergy.server.address
Address on which to listen for clients.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
- services.synergy.server.autoStart
Whether the Synergy server should be started automatically.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
- services.synergy.server.configFile
The Synergy server configuration file.
Type: path
Default: "/etc/synergy-server.conf"
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
- services.synergy.server.screenName
Use the given name instead of the hostname to identify this screen in the configuration.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
- services.synergy.server.tls.enable
Whether TLS encryption should be used.
Using this requires a TLS certificate that can be generated by starting the Synergy GUI once and entering a valid product key.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
- services.synergy.server.tls.cert
The TLS certificate to use for encryption.
Type: null or string
Default: null
Example: "~/.synergy/SSL/Synergy.pem"
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
- services.syslog-ng.enable
Whether to enable the syslog-ng daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/logging/syslog-ng.nix>
- services.syslog-ng.package
The package providing syslog-ng binaries.
Type: package
Default: pkgs.syslogng
Declared by:
<nixpkgs/nixos/modules/services/logging/syslog-ng.nix>
- services.syslog-ng.configHeader
The very first lines of the configuration file. Should usually contain the syslog-ng version header.
Type: strings concatenated with "\n"
Default:
'' @version: 3.6 @include "scl.conf" ''
Declared by:
<nixpkgs/nixos/modules/services/logging/syslog-ng.nix>
- services.syslog-ng.extraConfig
Configuration added to the end of syslog-ng.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/logging/syslog-ng.nix>
- services.syslog-ng.extraModulePaths
A list of paths that should be included in syslog-ng's --module-path option. They should usually end in /lib/syslog-ng
Type: list of strings
Default: [ ]
Example:
[ "${pkgs.syslogng_incubator}/lib/syslog-ng" ]Declared by:
<nixpkgs/nixos/modules/services/logging/syslog-ng.nix>
- services.syslogd.enable
Whether to enable syslogd. Note that systemd also logs syslog messages, so you normally don't need to run syslogd.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/logging/syslogd.nix>
- services.syslogd.enableNetworkInput
Accept logging through UDP. Option -r of syslogd(8).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/logging/syslogd.nix>
- services.syslogd.defaultConfig
The default syslog.conf file configures a fairly standard setup of log files, which can be extended by means of extraConfig.
Type: strings concatenated with "\n"
Default:
'' # Send emergency messages to all users. *.emerg * # "local1" is used for dhcpd messages. local1.* -/var/log/dhcpd mail.* -/var/log/mail *.=warning;*.=err -/var/log/warn *.crit /var/log/warn *.*;mail.none;local1.none -/var/log/messages ''
Declared by:
<nixpkgs/nixos/modules/services/logging/syslogd.nix>
- services.syslogd.extraConfig
Additional text appended to syslog.conf, i.e. the contents of defaultConfig.
Type: strings concatenated with "\n"
Default: ""
Example: "news.* -/var/log/news"
Declared by:
<nixpkgs/nixos/modules/services/logging/syslogd.nix>
- services.syslogd.extraParams
Additional parameters passed to syslogd.
Type: list of strings
Default: [ ]
Example: [ "-m 0" ]
Declared by:
<nixpkgs/nixos/modules/services/logging/syslogd.nix>
- services.syslogd.tty
The tty device on which syslogd will print important log messages. Leave this option blank to disable tty logging.
Type: string
Default: "tty10"
Declared by:
<nixpkgs/nixos/modules/services/logging/syslogd.nix>
- services.sysprof.enable
Whether to enable sysprof profiling daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sysprof.nix>
- services.sysstat.enable
Whether to enable sar system activity collection.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/sysstat.nix>
- services.sysstat.collect-args
Arguments to pass sa1 when collecting statistics
Type: string
Default: "1 1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/sysstat.nix>
- services.sysstat.collect-frequency
OnCalendar specification for sysstat-collect
Type: string
Default: "*:00/10"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/sysstat.nix>
- services.system-config-printer.enable
Whether to enable system-config-printer, a service for CUPS administration used by printing interfaces.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/system-config-printer.nix>
- services.tahoe.introducers
The Tahoe introducers.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tahoe.introducers.<name>.package
The package to use for the Tahoe LAFS daemon.
Type: package
Default: pkgs.tahoelafs
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tahoe.introducers.<name>.nickname
The nickname of this Tahoe introducer.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tahoe.introducers.<name>.tub.location
The external location that the introducer should listen on.
If specified, the port should be included.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tahoe.introducers.<name>.tub.port
The port on which the introducer will listen.
Type: signed integer
Default: 3458
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tahoe.nodes
The Tahoe nodes.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tahoe.nodes.<name>.package
The package to use for the Tahoe LAFS daemon.
Type: package
Default: pkgs.tahoelafs
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tahoe.nodes.<name>.client.helper
The furl for a Tahoe helper node.
Like all furls, keep this safe and don't share it.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tahoe.nodes.<name>.client.introducer
The furl for a Tahoe introducer node.
Like all furls, keep this safe and don't share it.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tahoe.nodes.<name>.client.shares.happy
The number of distinct storage nodes required to store a file.
Type: signed integer
Default: 7
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tahoe.nodes.<name>.client.shares.needed
The number of shares required to reconstitute a file.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tahoe.nodes.<name>.client.shares.total
The number of shares required to store a file.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tahoe.nodes.<name>.helper.enable
Whether to enable helper service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tahoe.nodes.<name>.nickname
The nickname of this Tahoe node.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tahoe.nodes.<name>.sftpd.enable
Whether to enable SFTP service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tahoe.nodes.<name>.sftpd.accounts.file
Path to the accounts file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tahoe.nodes.<name>.sftpd.accounts.url
URL of the accounts server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tahoe.nodes.<name>.sftpd.hostPrivateKeyFile
Path to the SSH host private key.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tahoe.nodes.<name>.sftpd.hostPublicKeyFile
Path to the SSH host public key.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tahoe.nodes.<name>.sftpd.port
The port on which the SFTP server will listen.
This is the correct setting to tweak if you want Tahoe's SFTP daemon to listen on a different port.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tahoe.nodes.<name>.storage.enable
Whether to enable storage service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tahoe.nodes.<name>.storage.reservedSpace
The amount of filesystem space to not use for storage.
Type: string
Default: "1G"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tahoe.nodes.<name>.tub.location
The external location that the node should listen on.
This is the setting to tweak if there are multiple interfaces and you want to alter which interface Tahoe is advertising.
If specified, the port should be included.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tahoe.nodes.<name>.tub.port
The port on which the tub will listen.
This is the correct setting to tweak if you want Tahoe's storage system to listen on a different port.
Type: signed integer
Default: 3457
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tahoe.nodes.<name>.web.port
The port on which the Web server will listen.
This is the correct setting to tweak if you want Tahoe's WUI to listen on a different port.
Type: signed integer
Default: 3456
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
- services.tailscale.enable
Whether to enable Tailscale client daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/tailscale.nix>
- services.tailscale.package
The package to use for tailscale
Type: package
Default: pkgs.tailscale
Declared by:
<nixpkgs/nixos/modules/services/networking/tailscale.nix>
- services.tailscale.interfaceName
The interface name for tunnel traffic. Use "userspace-networking" (beta) to not use TUN.
Type: string
Default: "tailscale0"
Declared by:
<nixpkgs/nixos/modules/services/networking/tailscale.nix>
- services.tailscale.port
The port to listen on for tunnel traffic (0=autoselect).
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 41641
Declared by:
<nixpkgs/nixos/modules/services/networking/tailscale.nix>
- services.target.enable
Whether to enable the kernel's LIO iscsi target.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/target.nix>
- services.target.config
Content of /etc/target/saveconfig.json This file is normally read and written by targetcli
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/target.nix>
- services.tarsnap.enable
Whether to enable periodic tarsnap backups.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
- services.tarsnap.archives
Tarsnap archive configurations. Each attribute names an archive to be created at a given time interval, according to the options associated with it. When uploading to the tarsnap server, archive names are suffixed by a 1 second resolution timestamp, with the format %Y%m%d%H%M%S.
For each member of the set is created a timer which triggers the instanced tarsnap-archive-name service unit. You may use systemctl start tarsnap-archive-name to manually trigger creation of archive-name at any time.
Type: attribute set of submodules
Default: { }
Example:
{ nixos = { directories = [ "/home" "/root/ssl" ]; }; gamedata = { directories = [ "/var/lib/minecraft" ]; period = "*:30"; }; }Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
- services.tarsnap.archives.<name>.aggressiveNetworking
Upload data over multiple TCP connections, potentially increasing tarsnap's bandwidth utilisation at the cost of slowing down all other network traffic. Not recommended unless TCP congestion is the dominant limiting factor.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
- services.tarsnap.archives.<name>.cachedir
The cache allows tarsnap to identify previously stored data blocks, reducing archival time and bandwidth usage.
Should the cache become desynchronized or corrupted, tarsnap will refuse to run until you manually rebuild the cache with tarsnap --fsck.
Set to null to disable caching.
Type: null or path
Default: "/var/cache/tarsnap/root-tarsnap.key"
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
- services.tarsnap.archives.<name>.checkpointBytes
Create a checkpoint every checkpointBytes of uploaded data (optionally specified using an SI prefix).
1GB is the minimum value. A higher value is recommended, as checkpointing is expensive.
Set to null to disable checkpointing.
Type: null or string
Default: "1GB"
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
- services.tarsnap.archives.<name>.directories
List of filesystem paths to archive.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
- services.tarsnap.archives.<name>.excludes
Exclude files and directories matching these patterns.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
- services.tarsnap.archives.<name>.explicitSymlinks
Whether to follow symlinks specified as archives.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
- services.tarsnap.archives.<name>.followSymlinks
Whether to follow all symlinks in archive trees.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
- services.tarsnap.archives.<name>.includes
Include only files and directories matching these patterns (the empty list includes everything).
Exclusions have precedence over inclusions.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
- services.tarsnap.archives.<name>.keyfile
Set a specific keyfile for this archive. This defaults to "/root/tarsnap.key" if left unspecified.
Use this option if you want to run multiple backups concurrently - each archive must have a unique key. You can generate a write-only key derived from your master key (which is recommended) using tarsnap-keymgmt(1).
Note: every archive must have an individual master key. You must generate multiple keys with tarsnap-keygen(1), and then generate write only keys from those.
The keyfile name should be given as a string and not a path, to avoid the key being copied into the Nix store.
Type: string
Default: "/root/tarsnap.key"
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
- services.tarsnap.archives.<name>.lowmem
Reduce memory consumption by not caching small files. Possibly beneficial if the average file size is smaller than 1 MB and the number of files is lower than the total amount of RAM in KB.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
- services.tarsnap.archives.<name>.maxbw
Abort archival if upstream bandwidth usage in bytes exceeds this threshold.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
- services.tarsnap.archives.<name>.maxbwRateDown
Download bandwidth rate limit in bytes.
Type: null or signed integer
Default: null
Example: 50 * 1000
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
- services.tarsnap.archives.<name>.maxbwRateUp
Upload bandwidth rate limit in bytes.
Type: null or signed integer
Default: null
Example: 25 * 1000
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
- services.tarsnap.archives.<name>.nodump
Exclude files with the nodump flag.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
- services.tarsnap.archives.<name>.period
Create archive at this interval.
The format is described in systemd.time(7).
Type: string
Default: "01:15"
Example: "hourly"
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
- services.tarsnap.archives.<name>.printStats
Print global archive statistics upon completion. The output is available via systemctl status tarsnap-archive-name.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
- services.tarsnap.archives.<name>.verbose
Whether to produce verbose logging output.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
- services.tarsnap.archives.<name>.verylowmem
Reduce memory consumption by a factor of 2 beyond what lowmem does, at the cost of significantly slowing down the archiving process.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
- services.tarsnap.keyfile
The keyfile which associates this machine with your tarsnap account. Create the keyfile with tarsnap-keygen.
Note that each individual archive (specified below) may also have its own individual keyfile specified. Tarsnap does not allow multiple concurrent backups with the same cache directory and key (starting a new backup will cause another one to fail). If you have multiple archives specified, you should either spread out your backups to be far apart, or specify a separate key for each archive. By default every archive defaults to using "/root/tarsnap.key".
It's recommended for backups that you generate a key for every archive using tarsnap-keygen(1), and then generate a write-only tarsnap key using tarsnap-keymgmt(1), and keep your master key(s) for a particular machine off-site.
The keyfile name should be given as a string and not a path, to avoid the key being copied into the Nix store.
Type: string
Default: "/root/tarsnap.key"
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
- services.taskserver.enable
Whether to enable the Taskwarrior server.
More instructions about NixOS in conjuction with Taskserver can be found in the NixOS manual at Chapter 36, Taskserver.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.allowedClientIDs
A list of regular expressions that are matched against the reported client id (such as task 2.3.0).
The values all or none have special meaning. Overidden by any entry in the option services.taskserver.disallowedClientIDs.
Type: string or list of strings
Default: [ ]
Example: [ "[Tt]ask [2-9]+" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.ciphers
List of GnuTLS ciphers to use. See the GnuTLS documentation about priority strings at https://gnutls.org/manual/html_node/Priority-Strings.html for full details.
Type: null or strings concatenated with ":"
Default: null
Example: "NORMAL:-VERS-SSL3.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.config
Configuration options to pass to Taskserver.
The options here are the same as described in taskdrc(5), but with one difference:
The server option is server.listen here, because the server option would collide with other options like server.cert and we would run in a type error (attribute set versus string).
Nix types like integers or booleans are automatically converted to the right values Taskserver would expect.
Type: attribute set
Example: { client = { cert = "/tmp/debugging.cert"; } ; }
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.confirmation
Determines whether certain commands are confirmed.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.dataDir
Data directory for Taskserver.
Type: path
Default: "/var/lib/taskserver"
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.debug
Logs debugging information.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.disallowedClientIDs
A list of regular expressions that are matched against the reported client id (such as task 2.3.0).
The values all or none have special meaning. Any entry here overrides those in services.taskserver.allowedClientIDs.
Type: string or list of strings
Default: [ ]
Example: [ "[Tt]ask [2-9]+" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.extensions
Fully qualified path of the Taskserver extension scripts. Currently there are none.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.fqdn
The fully qualified domain name of this server, which is also used as the common name in the certificates.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.group
Group for Taskserver.
Type: string
Default: "taskd"
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.ipLog
Logs the IP addresses of incoming requests.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.listenHost
The address (IPv4, IPv6 or DNS) to listen on.
If the value is something else than localhost the port defined by listenPort is automatically added to networking.firewall.allowedTCPPorts.
Type: string
Default: "localhost"
Example: "::"
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.listenPort
Port number of the Taskserver.
Type: signed integer
Default: 53589
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.organisations
An attribute set where the keys name the organisation and the values are a set of lists of users and groups.
Type: attribute set of submodules
Default: { }
Example: { myShinyOrganisation = { groups = [ "staff" "outsiders" ] ; users = [ "alice" "bob" ] ; } ; yetAnotherOrganisation = { users = [ "foo" "bar" ] ; } ; }
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.organisations.<name>.groups
A list of group names that belong to the organization.
Type: list of strings
Default: [ ]
Example: [ "workers" "slackers" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.organisations.<name>.users
A list of user names that belong to the organization.
Type: list of strings
Default: [ ]
Example: [ "alice" "bob" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.pki.auto.bits
The bit size for generated keys.
Note
This option is for the automatically handled CA and will be ignored if any of the services.taskserver.pki.manual.* options are set.Type: signed integer
Default: 4096
Example: 2048
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.pki.auto.expiration.ca
The expiration time of the CA certificate in days or null for no expiration time.
Note
This option is for the automatically handled CA and will be ignored if any of the services.taskserver.pki.manual.* options are set.Type: null or signed integer
Default: null
Example: 365
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.pki.auto.expiration.client
The expiration time of client certificates in days or null for no expiration time.
Note
This option is for the automatically handled CA and will be ignored if any of the services.taskserver.pki.manual.* options are set.Type: null or signed integer
Default: null
Example: 365
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.pki.auto.expiration.crl
The expiration time of the certificate revocation list (CRL) in days or null for no expiration time.
Note
This option is for the automatically handled CA and will be ignored if any of the services.taskserver.pki.manual.* options are set.Type: null or signed integer
Default: null
Example: 365
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.pki.auto.expiration.server
The expiration time of the server certificate in days or null for no expiration time.
Note
This option is for the automatically handled CA and will be ignored if any of the services.taskserver.pki.manual.* options are set.Type: null or signed integer
Default: null
Example: 365
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.pki.manual.ca.cert
Fully qualified path to the CA certificate.
Note
Setting this option will prevent automatic CA creation and handling.Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.pki.manual.server.cert
Fully qualified path to the server certificate.
Note
Setting this option will prevent automatic CA creation and handling.Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.pki.manual.server.crl
Fully qualified path to the server certificate revocation list.
Note
Setting this option will prevent automatic CA creation and handling.Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.pki.manual.server.key
Fully qualified path to the server key.
Note
Setting this option will prevent automatic CA creation and handling.Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.queueSize
Size of the connection backlog, see listen(2).
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.requestLimit
Size limit of incoming requests, in bytes.
Type: signed integer
Default: 1048576
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.trust
Determines how client certificates are validated.
The value allow all performs no client certificate validation. This is not recommended. The value strict causes the client certificate to be validated against a CA.
Type: one of "allow all", "strict"
Default: "strict"
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.taskserver.user
User for Taskserver.
Type: string
Default: "taskd"
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
- services.tautulli.enable
Whether to enable Tautulli Plex Monitor.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/tautulli.nix>
- services.tautulli.package
The Tautulli package to use.
Type: package
Default: pkgs.tautulli
Declared by:
<nixpkgs/nixos/modules/services/misc/tautulli.nix>
- services.tautulli.configFile
The location of Tautulli's config file.
Type: string
Default: "/var/lib/plexpy/config.ini"
Declared by:
<nixpkgs/nixos/modules/services/misc/tautulli.nix>
- services.tautulli.dataDir
The directory where Tautulli stores its data files.
Type: string
Default: "/var/lib/plexpy"
Declared by:
<nixpkgs/nixos/modules/services/misc/tautulli.nix>
- services.tautulli.group
Group under which Tautulli runs.
Type: string
Default: "nogroup"
Declared by:
<nixpkgs/nixos/modules/services/misc/tautulli.nix>
- services.tautulli.port
TCP port where Tautulli listens.
Type: signed integer
Default: 8181
Declared by:
<nixpkgs/nixos/modules/services/misc/tautulli.nix>
- services.tautulli.user
User account under which Tautulli runs.
Type: string
Default: "plexpy"
Declared by:
<nixpkgs/nixos/modules/services/misc/tautulli.nix>
- services.tcsd.enable
Whether to enable tcsd, a Trusted Computing management service that provides TCG Software Stack (TSS). The tcsd daemon is the only portal to the Trusted Platform Module (TPM), a hardware chip on the motherboard.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
- services.tcsd.conformanceCred
Path to the conformance credential for your TPM. See also the platformCred option
Type: path
Default: "/var/lib/tpm/conformance.cert"
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
- services.tcsd.endorsementCred
Path to the endorsement credential for your TPM. See also the platformCred option
Type: path
Default: "/var/lib/tpm/endorsement.cert"
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
- services.tcsd.firmwarePCRs
PCR indices used in the TPM for firmware measurements.
Type: string
Default: "0,1,2,3,4,5,6,7"
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
- services.tcsd.group
Group account under which tcsd runs.
Type: string
Default: "tss"
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
- services.tcsd.kernelPCRs
PCR indices used in the TPM for kernel measurements.
Type: string
Default: "8,9,10,11,12"
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
- services.tcsd.platformCred
Path to the platform credential for your TPM. Your TPM manufacturer may have provided you with a set of credentials (certificates) that should be used when creating identities using your TPM. When a user of your TPM makes an identity, this credential will be encrypted as part of that process. See the 1.1b TPM Main specification section 9.3 for information on this process.
Type: path
Default: "/var/lib/tpm/platform.cert"
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
- services.tcsd.stateDir
The location of the system persistent storage file. The system persistent storage file holds keys and data across restarts of the TCSD and system reboots.
Type: path
Default: "/var/lib/tpm"
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
- services.tcsd.user
User account under which tcsd runs.
Type: string
Default: "tss"
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
- services.teamspeak3.enable
Whether to run the Teamspeak3 voice communication server daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
- services.teamspeak3.dataDir
Directory to store TS3 database and other state/data files.
Type: path
Default: "/var/lib/teamspeak3-server"
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
- services.teamspeak3.defaultVoicePort
Default UDP port for clients to connect to virtual servers - used for first virtual server, subsequent ones will open on incrementing port numbers by default.
Type: signed integer
Default: 9987
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
- services.teamspeak3.fileTransferIP
IP on which the server instance will listen for incoming file transfer connections. Defaults to any IP.
Type: null or string
Default: null
Example: "[::]"
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
- services.teamspeak3.fileTransferPort
TCP port opened for file transfers.
Type: signed integer
Default: 30033
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
- services.teamspeak3.logPath
Directory to store log files in.
Type: path
Default: "/var/log/teamspeak3-server/"
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
- services.teamspeak3.openFirewall
Open ports in the firewall for the TeamSpeak3 server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
- services.teamspeak3.openFirewallServerQuery
Open ports in the firewall for the TeamSpeak3 serverquery (administration) system. Requires openFirewall.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
- services.teamspeak3.queryIP
IP on which the server instance will listen for incoming ServerQuery connections. Defaults to any IP.
Type: null or string
Default: null
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
- services.teamspeak3.queryPort
TCP port opened for ServerQuery connections.
Type: signed integer
Default: 10011
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
- services.teamspeak3.voiceIP
IP on which the server instance will listen for incoming voice connections. Defaults to any IP.
Type: null or string
Default: null
Example: "[::]"
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
- services.teamviewer.enable
Whether to enable TeamViewer daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/teamviewer.nix>
- services.tedicross.enable
Whether to enable the TediCross Telegram-Discord bridge service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/tedicross.nix>
- services.tedicross.config
settings.yaml configuration as a Nix attribute set. Secret tokens should be specified using environmentFile instead of this world-readable file.
Type: attribute set
Example:
{ telegram = { useFirstNameInsteadOfUsername = false; colonAfterSenderName = false; skipOldMessages = true; sendEmojiWithStickers = true; }; discord = { useNickname = false; skipOldMessages = true; displayTelegramReplies = "embed"; replyLength = 100; }; bridges = [ { name = "Default bridge"; direction = "both"; telegram = { chatId = -123456789; relayJoinMessages = true; relayLeaveMessages = true; sendUsernames = true; ignoreCommands = true; }; discord = { serverId = "DISCORD_SERVER_ID"; channelId = "DISCORD_CHANNEL_ID"; relayJoinMessages = true; relayLeaveMessages = true; sendUsernames = true; crossDeleteOnTelegram = true; }; } ]; debug = false; }Declared by:
<nixpkgs/nixos/modules/services/networking/tedicross.nix>
- services.tedicross.environmentFile
File containing environment variables to be passed to the TediCross service, in which secret tokens can be specified securely using the TELEGRAM_BOT_TOKEN and DISCORD_BOT_TOKEN keys.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/tedicross.nix>
- services.teeworlds.enable
Whether to enable Teeworlds Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/games/teeworlds.nix>
- services.teeworlds.extraOptions
Extra configuration lines for the teeworlds.cfg. See Teeworlds Documentation.
Type: list of strings
Default: [ ]
Example: [ "sv_map dm1" "sv_gametype dm" ]
Declared by:
<nixpkgs/nixos/modules/services/games/teeworlds.nix>
- services.teeworlds.motd
Set the server message of the day text.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/teeworlds.nix>
- services.teeworlds.name
Name of the server. Defaults to 'unnamed server'.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/teeworlds.nix>
- services.teeworlds.openPorts
Whether to open firewall ports for Teeworlds
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/teeworlds.nix>
- services.teeworlds.password
Password to connect to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/teeworlds.nix>
- services.teeworlds.port
Port the server will listen on.
Type: signed integer
Default: 8303
Declared by:
<nixpkgs/nixos/modules/services/games/teeworlds.nix>
- services.teeworlds.rconPassword
Password to access the remote console. If not set, a randomly generated one is displayed in the server log.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/teeworlds.nix>
- services.teeworlds.register
Whether the server registers as public server in the global server list. This is disabled by default because of privacy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/games/teeworlds.nix>
- services.telegraf.enable
Whether to enable telegraf server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/telegraf.nix>
- services.telegraf.package
Which telegraf derivation to use
Type: package
Default: pkgs.telegraf
Declared by:
<nixpkgs/nixos/modules/services/monitoring/telegraf.nix>
- services.telegraf.environmentFiles
File to load as environment file. Environment variables from this file will be interpolated into the config file using envsubst with this syntax: $ENVIRONMENT or ${VARIABLE}. This is useful to avoid putting secrets into the nix store.
Type: list of paths
Default: [ ]
Example: [ "/run/keys/telegraf.env" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/telegraf.nix>
- services.telegraf.extraConfig
Extra configuration options for telegraf
Type: TOML value
Default: { }
Example: { inputs = { statsd = { delete_timings = true; service_address = ":8125"; } ; } ; outputs = { influxdb = { database = "telegraf"; urls = [ "http://localhost:8086" ] ; } ; } ; }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/telegraf.nix>
- services.telepathy.enable
Whether to enable Telepathy service, a communications framework that enables real-time communication via pluggable protocol backends.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/telepathy.nix>
- services.terraria.enable
If enabled, starts a Terraria server. The server can be connected to via tmux -S /var/lib/terraria/terraria.sock attach for administration by users who are a part of the terraria group (use C-b d shortcut to detach again).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
- services.terraria.autoCreatedWorldSize
Specifies the size of the auto-created world if worldPath does not point to an existing world.
Type: one of "small", "medium", "large"
Default: "medium"
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
- services.terraria.banListPath
The path to the ban list.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
- services.terraria.dataDir
Path to variable state data directory for terraria.
Type: string
Default: "/var/lib/terraria"
Example: "/srv/terraria"
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
- services.terraria.maxPlayers
Sets the max number of players (between 1 and 255).
Type: 8 bit unsigned integer; between 0 and 255 (both inclusive)
Default: 255
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
- services.terraria.messageOfTheDay
Set the server message of the day text.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
- services.terraria.noUPnP
Disables automatic Universal Plug and Play.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
- services.terraria.openFirewall
Wheter to open ports in the firewall
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
- services.terraria.password
Sets the server password. Leave null for no password.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
- services.terraria.port
Specifies the port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 7777
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
- services.terraria.secure
Adds additional cheat protection to the server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
- services.terraria.worldPath
The path to the world file (.wld) which should be loaded. If no world exists at this path, one will be created with the size specified by autoCreatedWorldSize.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
- services.tftpd.enable
Whether to enable tftpd, a Trivial File Transfer Protocol server. The server will be run as an xinetd service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/tftpd.nix>
- services.tftpd.path
Where the tftp server files are stored.
Type: path
Default: "/srv/tftp"
Declared by:
<nixpkgs/nixos/modules/services/networking/tftpd.nix>
- services.thanos.package
The thanos package that should be used.
Type: package
Default: pkgs.thanos
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.compact.enable
Whether to enable the Thanos compactor which continuously compacts blocks in an object store bucket.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.compact.arguments
Arguments to the thanos compact command.
Defaults to a list of arguments formed by converting the structured options of services.thanos.compact to a list of arguments.
Overriding this option will cause none of the structured options to have any effect. So only set this if you know what you're doing!
Type: list of strings
Default: [ "--wait" ''--data-dir="/var/lib/thanos-compact"'' ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.compact.block-sync-concurrency
Number of goroutines to use when syncing block metadata from object storage.
Defaults to 20 in Thanos when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.compact.compact.concurrency
Number of goroutines to use when compacting groups.
Defaults to 1 in Thanos when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.compact.consistency-delay
Minimum age of fresh (non-compacted) blocks before they are being processed. Malformed blocks older than the maximum of consistency-delay and 30m0s will be removed.
Defaults to 30m in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.compact.downsampling.disable
Disables downsampling.
This is not recommended as querying long time ranges without non-downsampled data is not efficient and useful e.g it is not possible to render all samples for a human eye anyway
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.compact.http-address
Listen host:port for HTTP endpoints.
Defaults to 0.0.0.0:10902 in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.compact.log.format
Log format to use.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.compact.log.level
Log filtering level.
Defaults to info in Thanos when set to null.
Type: null or one of "debug", "info", "warn", "error", "fatal"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.compact.objstore.config
Object store configuration.
When not null the attribute set gets converted to a YAML file and stored in the Nix store. The option objstore.config-file will default to its path.
If objstore.config-file is set this option has no effect.
See format details: https://thanos.io/storage.md/#configuration
Type: null or attribute set
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.compact.objstore.config-file
Path to YAML file that contains object store configuration.
See format details: https://thanos.io/storage.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.objstore.config == null then null else toString (toYAML "objstore.yaml" config.services.thanos.<cmd>.objstore.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.compact.retention.resolution-1h
How long to retain samples of resolution 2 (1 hour) in bucket.
0d - disables this retention
Defaults to 0d in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.compact.retention.resolution-5m
How long to retain samples of resolution 1 (5 minutes) in bucket.
0d - disables this retention
Defaults to 0d in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.compact.retention.resolution-raw
How long to retain raw samples in bucket.
0d - disables this retention
Defaults to 0d in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.compact.startAt
When this option is set to a systemd.time specification the Thanos compactor will run at the specified period.
When this option is null the Thanos compactor service will run continuously. So it will not exit after all compactions have been processed but wait for new work.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.compact.stateDir
Data directory relative to /var/lib in which to cache blocks and process compactions.
Type: string
Default: "thanos-compact"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.compact.tracing.config
Tracing configuration.
When not null the attribute set gets converted to a YAML file and stored in the Nix store. The option tracing.config-file will default to its path.
If tracing.config-file is set this option has no effect.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or attribute set
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.compact.tracing.config-file
Path to YAML file that contains tracing configuration.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.tracing.config == null then null else toString (toYAML "tracing.yaml" config.services.thanos.<cmd>.tracing.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.downsample.enable
Whether to enable the Thanos downsampler which continuously downsamples blocks in an object store bucket.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.downsample.arguments
Arguments to the thanos downsample command.
Defaults to a list of arguments formed by converting the structured options of services.thanos.downsample to a list of arguments.
Overriding this option will cause none of the structured options to have any effect. So only set this if you know what you're doing!
Type: list of strings
Default: [ ''--data-dir="/var/lib/thanos-downsample"'' ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.downsample.log.format
Log format to use.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.downsample.log.level
Log filtering level.
Defaults to info in Thanos when set to null.
Type: null or one of "debug", "info", "warn", "error", "fatal"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.downsample.objstore.config
Object store configuration.
When not null the attribute set gets converted to a YAML file and stored in the Nix store. The option objstore.config-file will default to its path.
If objstore.config-file is set this option has no effect.
See format details: https://thanos.io/storage.md/#configuration
Type: null or attribute set
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.downsample.objstore.config-file
Path to YAML file that contains object store configuration.
See format details: https://thanos.io/storage.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.objstore.config == null then null else toString (toYAML "objstore.yaml" config.services.thanos.<cmd>.objstore.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.downsample.stateDir
Data directory relative to /var/lib in which to cache blocks and process downsamplings.
Type: string
Default: "thanos-downsample"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.downsample.tracing.config
Tracing configuration.
When not null the attribute set gets converted to a YAML file and stored in the Nix store. The option tracing.config-file will default to its path.
If tracing.config-file is set this option has no effect.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or attribute set
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.downsample.tracing.config-file
Path to YAML file that contains tracing configuration.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.tracing.config == null then null else toString (toYAML "tracing.yaml" config.services.thanos.<cmd>.tracing.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.enable
Whether to enable the Thanos query node exposing PromQL enabled Query API with data retrieved from multiple store nodes.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.arguments
Arguments to the thanos query command.
Defaults to a list of arguments formed by converting the structured options of services.thanos.query to a list of arguments.
Overriding this option will cause none of the structured options to have any effect. So only set this if you know what you're doing!
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.grpc-address
Listen ip:port address for gRPC endpoints (StoreAPI).
Make sure this address is routable from other components.
Defaults to 0.0.0.0:10901 in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.grpc-client-server-name
Server name to verify the hostname on the returned gRPC certificates. See https://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.grpc-client-tls-ca
TLS CA Certificates to use to verify gRPC servers
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.grpc-client-tls-cert
TLS Certificates to use to identify this client to the server
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.grpc-client-tls-key
TLS Key for the client's certificate
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.grpc-client-tls-secure
Use TLS when talking to the gRPC server
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.grpc-server-tls-cert
TLS Certificate for gRPC server, leave blank to disable TLS
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.grpc-server-tls-client-ca
TLS CA to verify clients against.
If no client CA is specified, there is no client verification on server side. (tls.NoClientCert)
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.grpc-server-tls-key
TLS Key for the gRPC server, leave blank to disable TLS
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.http-address
Listen host:port for HTTP endpoints.
Defaults to 0.0.0.0:10902 in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.log.format
Log format to use.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.log.level
Log filtering level.
Defaults to info in Thanos when set to null.
Type: null or one of "debug", "info", "warn", "error", "fatal"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.query.auto-downsampling
Enable automatic adjustment (step / 5) to what source of data should be used in store gateways if no max_source_resolution param is specified.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.query.default-evaluation-interval
Set default evaluation interval for sub queries.
Defaults to 1m in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.query.max-concurrent
Maximum number of queries processed concurrently by query node.
Defaults to 20 in Thanos when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.query.partial-response
Enable partial response for queries if no partial_response param is specified.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.query.replica-label
Label to treat as a replica indicator along which data is deduplicated.
Still you will be able to query without deduplication using dedup=false parameter.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.query.timeout
Maximum time to process query by query node.
Defaults to 2m in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.selector-labels
Query selector labels that will be exposed in info endpoint.
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.store.addresses
Addresses of statically configured store API servers.
The scheme may be prefixed with dns+ or dnssrv+ to detect store API servers through respective DNS lookups.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.store.response-timeout
If a Store doesn't send any data in this specified duration then a Store will be ignored and partial data will be returned if it's enabled. 0 disables timeout.
Defaults to 0ms in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.store.sd-dns-interval
Interval between DNS resolutions.
Defaults to 30s in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.store.sd-files
Path to files that contain addresses of store API servers. The path can be a glob pattern.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.store.sd-interval
Refresh interval to re-read file SD files. It is used as a resync fallback.
Defaults to 5m in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.store.unhealthy-timeout
Timeout before an unhealthy store is cleaned from the store UI page.
Defaults to 5m in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.tracing.config
Tracing configuration.
When not null the attribute set gets converted to a YAML file and stored in the Nix store. The option tracing.config-file will default to its path.
If tracing.config-file is set this option has no effect.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or attribute set
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.tracing.config-file
Path to YAML file that contains tracing configuration.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.tracing.config == null then null else toString (toYAML "tracing.yaml" config.services.thanos.<cmd>.tracing.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.web.external-prefix
Static prefix for all HTML links and redirect URLs in the UI query web interface.
Actual endpoints are still served on / or the web.route-prefix. This allows thanos UI to be served behind a reverse proxy that strips a URL sub-path.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.web.prefix-header
Name of HTTP request header used for dynamic prefixing of UI links and redirects.
This option is ignored if the option web.external-prefix is set.
Security risk: enable this option only if a reverse proxy in front of thanos is resetting the header.
The setting web.prefix-header="X-Forwarded-Prefix" can be useful, for example, if Thanos UI is served via Traefik reverse proxy with PathPrefixStrip option enabled, which sends the stripped prefix value in X-Forwarded-Prefix header. This allows thanos UI to be served on a sub-path.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.query.web.route-prefix
Prefix for API and UI endpoints.
This allows thanos UI to be served on a sub-path. This option is analogous to web.route-prefix of Promethus.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.receive.enable
Whether to enable the Thanos receiver which accept Prometheus remote write API requests and write to local tsdb (EXPERIMENTAL, this may change drastically without notice).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.receive.arguments
Arguments to the thanos receive command.
Defaults to a list of arguments formed by converting the structured options of services.thanos.receive to a list of arguments.
Overriding this option will cause none of the structured options to have any effect. So only set this if you know what you're doing!
Type: list of strings
Default: [ ''--tsdb.path="/var/lib/thanos-receive"'' ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.receive.grpc-address
Listen ip:port address for gRPC endpoints (StoreAPI).
Make sure this address is routable from other components.
Defaults to 0.0.0.0:10901 in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.receive.grpc-server-tls-cert
TLS Certificate for gRPC server, leave blank to disable TLS
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.receive.grpc-server-tls-client-ca
TLS CA to verify clients against.
If no client CA is specified, there is no client verification on server side. (tls.NoClientCert)
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.receive.grpc-server-tls-key
TLS Key for the gRPC server, leave blank to disable TLS
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.receive.http-address
Listen host:port for HTTP endpoints.
Defaults to 0.0.0.0:10902 in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.receive.labels
External labels to announce.
This flag will be removed in the future when handling multiple tsdb instances is added.
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.receive.log.format
Log format to use.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.receive.log.level
Log filtering level.
Defaults to info in Thanos when set to null.
Type: null or one of "debug", "info", "warn", "error", "fatal"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.receive.objstore.config
Object store configuration.
When not null the attribute set gets converted to a YAML file and stored in the Nix store. The option objstore.config-file will default to its path.
If objstore.config-file is set this option has no effect.
See format details: https://thanos.io/storage.md/#configuration
Type: null or attribute set
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.receive.objstore.config-file
Path to YAML file that contains object store configuration.
See format details: https://thanos.io/storage.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.objstore.config == null then null else toString (toYAML "objstore.yaml" config.services.thanos.<cmd>.objstore.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.receive.remote-write.address
Address to listen on for remote write requests.
Defaults to 0.0.0.0:19291 in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.receive.stateDir
Data directory relative to /var/lib of TSDB.
Type: string
Default: "thanos-receive"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.receive.tracing.config
Tracing configuration.
When not null the attribute set gets converted to a YAML file and stored in the Nix store. The option tracing.config-file will default to its path.
If tracing.config-file is set this option has no effect.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or attribute set
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.receive.tracing.config-file
Path to YAML file that contains tracing configuration.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.tracing.config == null then null else toString (toYAML "tracing.yaml" config.services.thanos.<cmd>.tracing.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.receive.tsdb.retention
How long to retain raw samples on local storage.
0d - disables this retention
Defaults to 15d in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.enable
Whether to enable the Thanos ruler service which evaluates Prometheus rules against given Query nodes, exposing Store API and storing old blocks in bucket.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.alert.label-drop
Labels by name to drop before sending to alertmanager.
This allows alert to be deduplicated on replica label.
Similar Prometheus alert relabelling
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.alert.query-url
The external Thanos Query URL that would be set in all alerts 'Source' field.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.alertmanagers.send-timeout
Timeout for sending alerts to alertmanager.
Defaults to 10s in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.alertmanagers.urls
Alertmanager replica URLs to push firing alerts.
Ruler claims success if push to at least one alertmanager from discovered succeeds. The scheme may be prefixed with dns+ or dnssrv+ to detect Alertmanager IPs through respective DNS lookups. The port defaults to 9093 or the SRV record's value. The URL path is used as a prefix for the regular Alertmanager API path.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.arguments
Arguments to the thanos rule command.
Defaults to a list of arguments formed by converting the structured options of services.thanos.rule to a list of arguments.
Overriding this option will cause none of the structured options to have any effect. So only set this if you know what you're doing!
Type: list of strings
Default: [ ''--data-dir="/var/lib/thanos-rule"'' ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.eval-interval
The default evaluation interval to use.
Defaults to 30s in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.grpc-address
Listen ip:port address for gRPC endpoints (StoreAPI).
Make sure this address is routable from other components.
Defaults to 0.0.0.0:10901 in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.grpc-server-tls-cert
TLS Certificate for gRPC server, leave blank to disable TLS
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.grpc-server-tls-client-ca
TLS CA to verify clients against.
If no client CA is specified, there is no client verification on server side. (tls.NoClientCert)
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.grpc-server-tls-key
TLS Key for the gRPC server, leave blank to disable TLS
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.http-address
Listen host:port for HTTP endpoints.
Defaults to 0.0.0.0:10902 in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.labels
Labels to be applied to all generated metrics.
Similar to external labels for Prometheus, used to identify ruler and its blocks as unique source.
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.log.format
Log format to use.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.log.level
Log filtering level.
Defaults to info in Thanos when set to null.
Type: null or one of "debug", "info", "warn", "error", "fatal"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.objstore.config
Object store configuration.
When not null the attribute set gets converted to a YAML file and stored in the Nix store. The option objstore.config-file will default to its path.
If objstore.config-file is set this option has no effect.
See format details: https://thanos.io/storage.md/#configuration
Type: null or attribute set
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.objstore.config-file
Path to YAML file that contains object store configuration.
See format details: https://thanos.io/storage.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.objstore.config == null then null else toString (toYAML "objstore.yaml" config.services.thanos.<cmd>.objstore.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.query.addresses
Addresses of statically configured query API servers.
The scheme may be prefixed with dns+ or dnssrv+ to detect query API servers through respective DNS lookups.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.query.sd-dns-interval
Interval between DNS resolutions.
Defaults to 30s in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.query.sd-files
Path to file that contain addresses of query peers. The path can be a glob pattern.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.query.sd-interval
Refresh interval to re-read file SD files. (used as a fallback)
Defaults to 5m in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.rule-files
Rule files that should be used by rule manager. Can be in glob format.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.stateDir
Data directory relative to /var/lib.
Type: string
Default: "thanos-rule"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.tracing.config
Tracing configuration.
When not null the attribute set gets converted to a YAML file and stored in the Nix store. The option tracing.config-file will default to its path.
If tracing.config-file is set this option has no effect.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or attribute set
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.tracing.config-file
Path to YAML file that contains tracing configuration.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.tracing.config == null then null else toString (toYAML "tracing.yaml" config.services.thanos.<cmd>.tracing.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.tsdb.block-duration
Block duration for TSDB block.
Defaults to 2h in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.tsdb.retention
Block retention time on local disk.
Defaults to 48h in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.web.external-prefix
Static prefix for all HTML links and redirect URLs in the UI query web interface.
Actual endpoints are still served on / or the web.route-prefix. This allows thanos UI to be served behind a reverse proxy that strips a URL sub-path.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.web.prefix-header
Name of HTTP request header used for dynamic prefixing of UI links and redirects.
This option is ignored if the option web.external-prefix is set.
Security risk: enable this option only if a reverse proxy in front of thanos is resetting the header.
The header X-Forwarded-Prefix can be useful, for example, if Thanos UI is served via Traefik reverse proxy with PathPrefixStrip option enabled, which sends the stripped prefix value in X-Forwarded-Prefix header. This allows thanos UI to be served on a sub-path.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.rule.web.route-prefix
Prefix for API and UI endpoints.
This allows thanos UI to be served on a sub-path.
This option is analogous to --web.route-prefix of Promethus.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.sidecar.enable
Whether to enable the Thanos sidecar for Prometheus server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.sidecar.arguments
Arguments to the thanos sidecar command.
Defaults to a list of arguments formed by converting the structured options of services.thanos.sidecar to a list of arguments.
Overriding this option will cause none of the structured options to have any effect. So only set this if you know what you're doing!
Type: list of strings
Default: [ ''--tsdb.path="/var/lib/prometheus2/data"'' ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.sidecar.grpc-address
Listen ip:port address for gRPC endpoints (StoreAPI).
Make sure this address is routable from other components.
Defaults to 0.0.0.0:10901 in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.sidecar.grpc-server-tls-cert
TLS Certificate for gRPC server, leave blank to disable TLS
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.sidecar.grpc-server-tls-client-ca
TLS CA to verify clients against.
If no client CA is specified, there is no client verification on server side. (tls.NoClientCert)
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.sidecar.grpc-server-tls-key
TLS Key for the gRPC server, leave blank to disable TLS
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.sidecar.http-address
Listen host:port for HTTP endpoints.
Defaults to 0.0.0.0:10902 in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.sidecar.log.format
Log format to use.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.sidecar.log.level
Log filtering level.
Defaults to info in Thanos when set to null.
Type: null or one of "debug", "info", "warn", "error", "fatal"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.sidecar.objstore.config
Object store configuration.
When not null the attribute set gets converted to a YAML file and stored in the Nix store. The option objstore.config-file will default to its path.
If objstore.config-file is set this option has no effect.
See format details: https://thanos.io/storage.md/#configuration
Type: null or attribute set
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.sidecar.objstore.config-file
Path to YAML file that contains object store configuration.
See format details: https://thanos.io/storage.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.objstore.config == null then null else toString (toYAML "objstore.yaml" config.services.thanos.<cmd>.objstore.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.sidecar.prometheus.url
URL at which to reach Prometheus's API.
For better performance use local network.
Defaults to http://localhost:9090 in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.sidecar.reloader.config-envsubst-file
Output file for environment variable substituted config file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.sidecar.reloader.config-file
Config file watched by the reloader.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.sidecar.reloader.rule-dirs
Rule directories for the reloader to refresh.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.sidecar.tracing.config
Tracing configuration.
When not null the attribute set gets converted to a YAML file and stored in the Nix store. The option tracing.config-file will default to its path.
If tracing.config-file is set this option has no effect.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or attribute set
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.sidecar.tracing.config-file
Path to YAML file that contains tracing configuration.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.tracing.config == null then null else toString (toYAML "tracing.yaml" config.services.thanos.<cmd>.tracing.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.sidecar.tsdb.path
Data directory of TSDB.
Type: string
Default: "/var/lib/${config.services.prometheus.stateDir}/data"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.store.enable
Whether to enable the Thanos store node giving access to blocks in a bucket provider..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.store.arguments
Arguments to the thanos store command.
Defaults to a list of arguments formed by converting the structured options of services.thanos.store to a list of arguments.
Overriding this option will cause none of the structured options to have any effect. So only set this if you know what you're doing!
Type: list of strings
Default: [ ''--data-dir="/var/lib/thanos-store"'' ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.store.block-sync-concurrency
Number of goroutines to use when syncing blocks from object storage.
Defaults to 20 in Thanos when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.store.chunk-pool-size
Maximum size of concurrently allocatable bytes for chunks.
Defaults to 2GB in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.store.grpc-address
Listen ip:port address for gRPC endpoints (StoreAPI).
Make sure this address is routable from other components.
Defaults to 0.0.0.0:10901 in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.store.grpc-server-tls-cert
TLS Certificate for gRPC server, leave blank to disable TLS
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.store.grpc-server-tls-client-ca
TLS CA to verify clients against.
If no client CA is specified, there is no client verification on server side. (tls.NoClientCert)
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.store.grpc-server-tls-key
TLS Key for the gRPC server, leave blank to disable TLS
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.store.http-address
Listen host:port for HTTP endpoints.
Defaults to 0.0.0.0:10902 in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.store.index-cache-size
Maximum size of items held in the index cache.
Defaults to 250MB in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.store.log.format
Log format to use.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.store.log.level
Log filtering level.
Defaults to info in Thanos when set to null.
Type: null or one of "debug", "info", "warn", "error", "fatal"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.store.max-time
End of time range limit to serve.
Thanos Store serves only blocks, which happened eariler than this value. Option can be a constant time in RFC3339 format or time duration relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y.
Defaults to 9999-12-31T23:59:59Z in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.store.min-time
Start of time range limit to serve.
Thanos Store serves only metrics, which happened later than this value. Option can be a constant time in RFC3339 format or time duration relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y.
Defaults to 0000-01-01T00:00:00Z in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.store.objstore.config
Object store configuration.
When not null the attribute set gets converted to a YAML file and stored in the Nix store. The option objstore.config-file will default to its path.
If objstore.config-file is set this option has no effect.
See format details: https://thanos.io/storage.md/#configuration
Type: null or attribute set
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.store.objstore.config-file
Path to YAML file that contains object store configuration.
See format details: https://thanos.io/storage.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.objstore.config == null then null else toString (toYAML "objstore.yaml" config.services.thanos.<cmd>.objstore.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.store.stateDir
Data directory relative to /var/lib in which to cache remote blocks.
Type: string
Default: "thanos-store"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.store.store.grpc.series-max-concurrency
Maximum number of concurrent Series calls.
Defaults to 20 in Thanos when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.store.store.grpc.series-sample-limit
Maximum amount of samples returned via a single Series call.
0 means no limit.
NOTE: for efficiency we take 120 as the number of samples in chunk (it cannot be bigger than that), so the actual number of samples might be lower, even though the maximum could be hit.
Defaults to 0 in Thanos when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.store.sync-block-duration
Repeat interval for syncing the blocks between local and remote view.
Defaults to 3m in Thanos when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.store.tracing.config
Tracing configuration.
When not null the attribute set gets converted to a YAML file and stored in the Nix store. The option tracing.config-file will default to its path.
If tracing.config-file is set this option has no effect.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or attribute set
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thanos.store.tracing.config-file
Path to YAML file that contains tracing configuration.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.tracing.config == null then null else toString (toYAML "tracing.yaml" config.services.thanos.<cmd>.tracing.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
- services.thelounge.enable
Whether to enable The Lounge web IRC client.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/thelounge.nix>
- services.thelounge.extraConfig
The Lounge's config.js contents as attribute set (will be converted to JSON to generate the configuration file).
The options defined here will be merged to the default configuration file. Note: In case of duplicate configuration, options from extraConfig have priority.
Documentation: https://thelounge.chat/docs/server/configuration
Type: attribute set
Default: { }
Example:
{ reverseProxy = true; defaults = { name = "Your Network"; host = "localhost"; port = 6697; }; }Declared by:
<nixpkgs/nixos/modules/services/networking/thelounge.nix>
- services.thelounge.port
TCP port to listen on for http connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9000
Declared by:
<nixpkgs/nixos/modules/services/networking/thelounge.nix>
- services.thelounge.private
Make your The Lounge instance private. You will need to configure user accounts by using the (thelounge) command or by adding entries in /var/lib/thelounge/users. You might need to restart The Lounge after making changes to the state directory.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/thelounge.nix>
- services.thermald.enable
Whether to enable thermald, the temperature management daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/thermald.nix>
- services.thermald.package
Which thermald package to use.
Type: package
Default: pkgs.thermald
Declared by:
<nixpkgs/nixos/modules/services/hardware/thermald.nix>
- services.thermald.configFile
the thermald manual configuration file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/thermald.nix>
- services.thermald.debug
Whether to enable debug logging.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/thermald.nix>
- services.thinkfan.enable
Whether to enable thinkfan, a fan control program.
Note
This module targets IBM/Lenovo thinkpads by default, for other hardware you will have configure it more carefully.Type: boolean
Default: false
Related packages:
pkgs.thinkfan (thinkfan-1.3.0): A simple, lightweight fan control program.
Thinkfan is a minimalist fan control program. Originally designed specifically for IBM/Lenovo Thinkpads, it now supports any kind of system via the sysfs hwmon interface (/sys/class/hwmon).
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
- services.thinkfan.extraArgs
A list of extra command line arguments to pass to thinkfan. Check the thinkfan(1) manpage for available arguments.
Type: list of strings
Default: [ ]
Example: [ "-b" "0" ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
- services.thinkfan.fans
List of fans thinkfan will control.
Note
This section slightly departs from the thinkfan.conf syntax. The type and path must be specified like this: type = "tpacpi"; query = "/proc/acpi/ibm/fan"; instead of a single declaration like: - tpacpi: /proc/acpi/ibm/fanType: list of attribute set of YAML valuess
Default: [ { query = "/proc/acpi/ibm/fan"; type = "tpacpi"; } ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
- services.thinkfan.fans.*.indices
A list of fans to pick in case multiple fans match the query.
Note
Indices start from 0.Type: null or list of unsigned integer, meaning >=0s
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
- services.thinkfan.fans.*.query
The query string used to match one or more fans: can be a fullpath to the temperature file (single fan) or a fullpath to a driver directory (multiple fans).
Note
When multiple fans match, the query can be restricted using the name or indices options.Type: string
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
- services.thinkfan.fans.*.type
The fan type, can be hwmon for standard fans,
atasmart to read the temperature via S.M.A.R.T (requires smartSupport to be enabled),
tpacpi for the legacy thinkpac_acpi driver, or
nvml for the (proprietary) nVidia driver.
Type: one of "hwmon", "atasmart", "tpacpi", "nvml"
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
services.thinkfan.levels
[LEVEL LOW HIGH]
LEVEL is the fan level to use: it can be an integer (0-7 with thinkpad_acpi), "level auto" (to keep the default firmware behavior), "level full-speed" or "level disengage" (to run the fan as fast as possible). LOW is the temperature at which to step down to the previous level. HIGH is the temperature at which to step up to the next level. All numbers are integers.
Type: list of tuple of (unsigned integer, meaning >=0 or one of "level auto", "level full-speed", "level disengage") (unsigned integer, meaning >=0) (unsigned integer, meaning >=0)s
Default: [ [ 0 0 55 ] [ 1 48 60 ] [ 2 50 61 ] [ 3 52 63 ] [ 6 56 65 ] [ 7 60 85 ] [ "level auto" 80 32767 ] ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
- services.thinkfan.sensors
List of temperature sensors thinkfan will monitor.
Note
This section slightly departs from the thinkfan.conf syntax. The type and path must be specified like this: type = "tpacpi"; query = "/proc/acpi/ibm/thermal"; instead of a single declaration like: - tpacpi: /proc/acpi/ibm/thermalType: list of attribute set of YAML valuess
Default: [ { query = "/proc/acpi/ibm/thermal"; type = "tpacpi"; } ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
- services.thinkfan.sensors.*.correction
A list of values to be added to the temperature of each sensor, can be used to equalize small discrepancies in temperature ratings.
Type: null or list of signed integers
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
- services.thinkfan.sensors.*.indices
A list of sensors to pick in case multiple sensors match the query.
Note
Indices start from 0.Type: null or list of unsigned integer, meaning >=0s
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
- services.thinkfan.sensors.*.query
The query string used to match one or more sensors: can be a fullpath to the temperature file (single sensor) or a fullpath to a driver directory (multiple sensors).
Note
When multiple sensors match, the query can be restricted using the name or indices options.Type: string
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
- services.thinkfan.sensors.*.type
The sensor type, can be hwmon for standard sensors,
atasmart to read the temperature via S.M.A.R.T (requires smartSupport to be enabled),
tpacpi for the legacy thinkpac_acpi driver, or
nvml for the (proprietary) nVidia driver.
Type: one of "hwmon", "atasmart", "tpacpi", "nvml"
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
- services.thinkfan.settings
Thinkfan settings. Use this option to configure thinkfan settings not exposed in a NixOS option or to bypass one. Before changing this, read the thinkfan.conf(5) manpage and take a look at the example config file at https://github.com/vmatare/thinkfan/blob/master/examples/thinkfan.yaml
Type: attribute set of YAML values
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
- services.thinkfan.smartSupport
Whether to build thinkfan with S.M.A.R.T. support to read temperatures directly from hard disks.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
- services.throttled.enable
Whether to enable fix for Intel CPU throttling.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/throttled.nix>
- services.throttled.extraConfig
Alternative configuration
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/throttled.nix>
- services.tiddlywiki.enable
Whether to enable TiddlyWiki nodejs server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/tiddlywiki.nix>
- services.tiddlywiki.listenOptions
Parameters passed to --listen command. Refer to https://tiddlywiki.com/#WebServer for details on supported values.
Type: attribute set
Default: { }
Example: { credentials = "../credentials.csv"; port = 3456; readers = "(authenticated)"; }
Declared by:
<nixpkgs/nixos/modules/services/misc/tiddlywiki.nix>
- services.timesyncd.enable
Enables the systemd NTP client daemon.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/timesyncd.nix>
- services.timesyncd.extraConfig
Extra config options for systemd-timesyncd. See timesyncd.conf(5) for available options.
Type: strings concatenated with "\n"
Default: ""
Example:
'' PollIntervalMaxSec=180 ''
Declared by:
<nixpkgs/nixos/modules/system/boot/timesyncd.nix>
- services.timesyncd.servers
The set of NTP servers from which to synchronise.
Type: list of strings
Default: [ "0.nixos.pool.ntp.org" "1.nixos.pool.ntp.org" "2.nixos.pool.ntp.org" "3.nixos.pool.ntp.org" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/timesyncd.nix>
- services.tinc.networks
Defines the tinc networks which will be started. Each network invokes a different daemon.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
- services.tinc.networks.<name>.package
The package to use for the tinc daemon's binary.
Type: package
Default: pkgs.tinc_pre
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
- services.tinc.networks.<name>.bindToAddress
The ip address to bind to (both listen on and send packets from).
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
- services.tinc.networks.<name>.chroot
Change process root directory to the directory where the config file is located (/etc/tinc/netname/), for added security. The chroot is performed after all the initialization is done, after writing pid files and opening network sockets.
Note that this currently breaks dns resolution and tinc can't run scripts anymore (such as tinc-down or host-up), unless it is setup to be runnable inside chroot environment.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
- services.tinc.networks.<name>.debugLevel
The amount of debugging information to add to the log. 0 means little logging while 5 is the most logging. man tincd for more details.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
- services.tinc.networks.<name>.ed25519PrivateKeyFile
Path of the private ed25519 keyfile.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
- services.tinc.networks.<name>.extraConfig
Extra lines to add to the tinc service configuration file.
Note that using the declarative service.tinc.networks.<name>.settings option is preferred.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
- services.tinc.networks.<name>.hostSettings
The name of the host in the network as well as the configuration for that host. This name should only contain alphanumerics and underscores.
Type: attribute set of submodules
Default: { }
Example:
{ host1 = { addresses = [ { address = "192.168.1.42"; } { address = "192.168.1.42"; port = 1655; } ]; subnets = [ { address = "10.0.0.42"; } ]; rsaPublicKey = "..."; settings = { Ed25519PublicKey = "..."; }; }; host2 = { subnets = [ { address = "10.0.1.0"; prefixLength = 24; weight = 2; } ]; rsaPublicKey = "..."; settings = { Compression = 10; }; }; }Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
- services.tinc.networks.<name>.hostSettings.<name>.addresses
The external address where the host can be reached. This will set this host's settings.Address option.
This variable is only required if you want to connect to this host.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
- services.tinc.networks.<name>.hostSettings.<name>.addresses.*.address
The external IP address or hostname where the host can be reached.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
- services.tinc.networks.<name>.hostSettings.<name>.addresses.*.port
The port where the host can be reached.
If no port is specified, the default Port is used.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
- services.tinc.networks.<name>.hostSettings.<name>.rsaPublicKey
Legacy RSA public key of the host in PEM format, including start and end markers.
This will be appended as-is in the host's configuration file.
The ed25519 public key can be specified using the settings.Ed25519PublicKey option instead.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
- services.tinc.networks.<name>.hostSettings.<name>.settings
Configuration for this host.
See https://tinc-vpn.org/documentation-1.1/Host-configuration-variables.html for supported values.
Type: attribute set of boolean or string or signed integer or list of boolean or string or signed integerss
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
- services.tinc.networks.<name>.hostSettings.<name>.subnets
The subnets which this tinc daemon will serve. This will set this host's settings.Subnet option.
Tinc tries to look up which other daemon it should send a packet to by searching the appropriate subnet. If the packet matches a subnet, it will be sent to the daemon who has this subnet in his host configuration file.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
- services.tinc.networks.<name>.hostSettings.<name>.subnets.*.address
The subnet of this host.
Subnets can either be single MAC, IPv4 or IPv6 addresses, in which case a subnet consisting of only that single address is assumed, or they can be a IPv4 or IPv6 network address with a prefix length.
IPv4 subnets are notated like 192.168.1.0/24, IPv6 subnets are notated like fec0:0:0:1::/64. MAC addresses are notated like 0:1a:2b:3c:4d:5e.
Note that subnets like 192.168.1.1/24 are invalid.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
- services.tinc.networks.<name>.hostSettings.<name>.subnets.*.prefixLength
The prefix length of the subnet.
If null, a subnet consisting of only that single address is assumed.
This conforms to standard CIDR notation as described in RFC1519.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
- services.tinc.networks.<name>.hostSettings.<name>.subnets.*.weight
Indicates the priority over identical Subnets owned by different nodes.
Lower values indicate higher priority. Packets will be sent to the node with the highest priority, unless that node is not reachable, in which case the node with the next highest priority will be tried, and so on.
Type: unsigned integer, meaning >=0
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
- services.tinc.networks.<name>.hosts
The name of the host in the network as well as the configuration for that host. This name should only contain alphanumerics and underscores.
Note that using the declarative service.tinc.networks.<name>.hostSettings option is preferred.
Type: attribute set of strings concatenated with "\n"s
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
- services.tinc.networks.<name>.interfaceType
The type of virtual interface used for the network connection.
Type: one of "tun", "tap"
Default: "tun"
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
- services.tinc.networks.<name>.listenAddress
The ip address to listen on for incoming connections.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
- services.tinc.networks.<name>.name
The name of the node which is used as an identifier when communicating with the remote nodes in the mesh. If null then the hostname of the system is used to derive a name (note that tinc may replace non-alphanumeric characters in hostnames by underscores).
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
- services.tinc.networks.<name>.rsaPrivateKeyFile
Path of the private RSA keyfile.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
- services.tinc.networks.<name>.settings
Configuration of the Tinc daemon for this network.
See https://tinc-vpn.org/documentation-1.1/Main-configuration-variables.html for supported values.
Type: attribute set of boolean or string or signed integer or list of boolean or string or signed integerss
Default: { }
Example:
{ Interface = "custom.interface"; DirectOnly = true; Mode = "switch"; }Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
- services.tinydns.enable
Whether to run the tinydns dns server
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/tinydns.nix>
- services.tinydns.data
The DNS data to serve, in the format described by tinydns-data(8)
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/tinydns.nix>
- services.tinydns.ip
IP address on which to listen for connections
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/tinydns.nix>
- services.tlp.enable
Whether to enable the TLP power management daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/tlp.nix>
- services.tlp.extraConfig
Verbatim additional configuration variables for TLP. DEPRECATED: use services.tlp.settings instead.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/tlp.nix>
- services.tlp.settings
Options passed to TLP. See https://linrunner.de/tlp for all supported options..
Type: attribute set of boolean or signed integer or floating point number or string or list of stringss
Default: { }
Example: { SATA_LINKPWR_ON_BAT = "med_power_with_dipm"; USB_BLACKLIST_PHONE = 1; }
Declared by:
<nixpkgs/nixos/modules/services/hardware/tlp.nix>
- services.tomcat.enable
Whether to enable Apache Tomcat.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
- services.tomcat.package
Which tomcat package to use.
Type: package
Default: pkgs.tomcat85
Example: pkgs.tomcat9
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
- services.tomcat.axis2.enable
Whether to enable an Apache Axis2 container
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
- services.tomcat.axis2.services
List containing AAR files or directories with AAR files which are web services to be deployed on Axis2
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
- services.tomcat.baseDir
Location where Tomcat stores configuration files, web applications and logfiles. Note that it is partially cleared on each service startup if `purifyOnStart` is enabled.
Type: path
Default: "/var/tomcat"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
- services.tomcat.catalinaOpts
Parameters to pass to the Java Virtual Machine which spawns the Catalina servlet container
Type: list of strings or string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
- services.tomcat.commonLibs
List containing JAR files or directories with JAR files which are libraries shared by the web applications and the servlet container
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
- services.tomcat.extraConfigFiles
Extra configuration files to pull into the tomcat conf directory
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
- services.tomcat.extraEnvironment
Environment Variables to pass to the tomcat service
Type: list of strings
Default: [ ]
Example: [ "ENVIRONMENT=production" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
- services.tomcat.extraGroups
Defines extra groups to which the tomcat user belongs.
Type: list of strings
Default: [ ]
Example: [ "users" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
- services.tomcat.group
Group account under which Apache Tomcat runs.
Type: string
Default: "tomcat"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
- services.tomcat.javaOpts
Parameters to pass to the Java Virtual Machine which spawns Apache Tomcat
Type: list of strings or string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
- services.tomcat.jdk
Which JDK to use.
Type: package
Default: pkgs.jdk
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
- services.tomcat.logDirs
Directories to create in baseDir/logs/
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
- services.tomcat.logPerVirtualHost
Whether to enable logging per virtual host.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
- services.tomcat.purifyOnStart
On startup, the `baseDir` directory is populated with various files, subdirectories and symlinks. If this option is enabled, these items (except for the `logs` and `work` subdirectories) are first removed. This prevents interference from remainders of an old configuration (libraries, webapps, etc.), so it's recommended to enable this option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
- services.tomcat.serverXml
Verbatim server.xml configuration. This is mutually exclusive with the virtualHosts options.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
- services.tomcat.sharedLibs
List containing JAR files or directories with JAR files which are libraries shared by the web applications
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
- services.tomcat.user
User account under which Apache Tomcat runs.
Type: string
Default: "tomcat"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
- services.tomcat.virtualHosts
List consisting of a virtual host name and a list of web applications to deploy on each virtual host
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
- services.tomcat.virtualHosts.*.aliases
aliases of the virtualhost
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
- services.tomcat.virtualHosts.*.name
name of the virtualhost
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
- services.tomcat.virtualHosts.*.webapps
List containing web application WAR files and/or directories containing web applications and configuration files for the virtual host.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
- services.tomcat.webapps
List containing WAR files or directories with WAR files which are web applications to be deployed on Tomcat
Type: list of paths
Default: [ pkgs.tomcat85.webapps ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
- services.tor.enable
Whether to enable Tor daemon. By default, the daemon is run without relay, exit, bridge or client connectivity.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.enableGeoIP
Whether to enable use of GeoIP databases. Disabling this will disable by-country statistics for bridges and relays and some client and third-party software functionality.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.package
Tor package to use.
Type: package
Default: pkgs.tor
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.client.enable
Whether to enable the routing of application connections. You might want to disable this if you plan running a dedicated Tor relay.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.client.dns.enable
Whether to enable DNS resolver.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.client.onionServices
See torrc manual.
Type: attribute set of submodules
Default: { }
Example: { xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx = { clientAuthorizations = [ "/run/keys/tor/alice.prv.x25519" ] ; } ; }
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.client.onionServices.<name>.clientAuthorizations
Clients' authorizations for a v3 onion service, as a list of files containing each one private key, in the format:
descriptor:x25519:<base32-private-key>
See torrc manual.
Type: list of paths
Default: [ ]
Example: [ "/run/keys/tor/alice.prv.x25519" ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.client.socksListenAddress
Bind to this address to listen for connections from Socks-speaking applications.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) or submodule
Default: { IsolateDestAddr = true; addr = "127.0.0.1"; port = 9050; }
Example: { IsolateDestAddr = true; addr = "192.168.0.1"; port = 9090; }
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.client.transparentProxy.enable
Whether to enable transparent proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.controlSocket.enable
Whether to enable control socket, created in /run/tor/control.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.openFirewall
Whether to enable opening of the relay port(s) in the firewall.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.relay.enable
Whether to enable relaying of Tor traffic for others.
See https://www.torproject.org/docs/tor-doc-relay for details.
Setting this to true requires setting services.tor.relay.role and services.tor.settings.ORPort options.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.relay.onionServices
See torrc manual.
Type: attribute set of submodules
Default: { }
Example: { example.org/www = { authorizedClients = [ "descriptor:x25519:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" ] ; map = [ 80 ] ; } ; }
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.relay.onionServices.<name>.authorizeClient
See torrc manual.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.relay.onionServices.<name>.authorizeClient.authType
Either "basic" for a general-purpose authorization protocol or "stealth" for a less scalable protocol that also hides service activity from unauthorized clients.
Type: one of "basic", "stealth"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.relay.onionServices.<name>.authorizeClient.clientNames
Only clients that are listed here are authorized to access the hidden service. Generated authorization data can be found in /var/lib/tor/onion/$name/hostname. Clients need to put this authorization data in their configuration file using services.tor.settings.HidServAuth.
Type: non-empty list of string matching the pattern [A-Za-z0-9+-_]+s
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.relay.onionServices.<name>.authorizedClients
Authorized clients for a v3 onion service, as a list of public key, in the format:
descriptor:x25519:<base32-public-key>
See torrc manual.
Type: list of strings
Default: [ ]
Example: [ "descriptor:x25519:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.relay.onionServices.<name>.map
See torrc manual.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive) or submodules
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.relay.onionServices.<name>.path
Path where to store the data files of the hidden service. If the secretKey is null this defaults to /var/lib/tor/onion/$onion, otherwise to /run/tor/onion/$onion.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.relay.onionServices.<name>.secretKey
Secret key of the onion service. If null, Tor reuses any preexisting secret key (in path) or generates a new one. The associated public key and hostname are deterministically regenerated from this file if they do not exist.
Type: null or path
Default: null
Example: "/run/keys/tor/onion/expyuzz4wqqyqhjn/hs_ed25519_secret_key"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.relay.onionServices.<name>.settings
Settings of the onion service. See torrc manual.
Type: settings option
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.relay.onionServices.<name>.settings.HiddenServiceAllowUnknownPorts
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.relay.onionServices.<name>.settings.HiddenServiceDirGroupReadable
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.relay.onionServices.<name>.settings.HiddenServiceExportCircuitID
See torrc manual.
Type: null or value "haproxy" (singular enum)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.relay.onionServices.<name>.settings.HiddenServiceMaxStreams
See torrc manual.
Type: null or integer between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.relay.onionServices.<name>.settings.HiddenServiceMaxStreamsCloseCircuit
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.relay.onionServices.<name>.settings.HiddenServiceNumIntroductionPoints
See torrc manual.
Type: null or integer between 0 and 20 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.relay.onionServices.<name>.settings.HiddenServiceSingleHopMode
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.relay.onionServices.<name>.settings.RendPostPeriod
See torrc manual.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.relay.onionServices.<name>.version
See torrc manual.
Type: null or one of 2, 3
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.relay.role
Your role in Tor network. There're several options:
- exit
An exit relay. This allows Tor users to access regular Internet services through your public IP.
Important
Running an exit relay may expose you to abuse complaints. See https://www.torproject.org/faq.html.en#ExitPolicies for more info.You can specify which services Tor users may access via your exit relay using settings.ExitPolicy option.
- relay
Regular relay. This allows Tor users to relay onion traffic to other Tor nodes, but not to public Internet.
Important
Note that some misconfigured and/or disrespectful towards privacy sites will block you even if your relay is not an exit relay. That is, just being listed in a public relay directory can have unwanted consequences. Which means you might not want to use this role if you browse public Internet from the same network as your relay, unless you want to write e-mails to those sites (you should!).See https://www.torproject.org/docs/tor-doc-relay.html.en for more info.
- bridge
Regular bridge. Works like a regular relay, but doesn't list you in the public relay directory and hides your Tor node behind obfs4proxy.
Using this option will make Tor advertise your bridge to users through various mechanisms like https://bridges.torproject.org/, though.
Important
WARNING: THE FOLLOWING PARAGRAPH IS NOT LEGAL ADVICE. Consult with your lawyer when in doubt.This role should be safe to use in most situations (unless the act of forwarding traffic for others is a punishable offence under your local laws, which would be pretty insane as it would make ISP illegal).
See https://www.torproject.org/docs/bridges.html.en for more info.
- private-bridge
Private bridge. Works like regular bridge, but does not advertise your node in any way.
Using this role means that you won't contribute to Tor network in any way unless you advertise your node yourself in some way.
Use this if you want to run a private bridge, for example because you'll give out your bridge addr manually to your friends.
Switching to this role after measurable time in "bridge" role is pretty useless as some Tor users would have learned about your node already. In the latter case you can still change port option.
See https://www.torproject.org/docs/bridges.html.en for more info.
Type: one of "exit", "relay", "bridge", "private-bridge"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings
See torrc manual for documentation.
Type: settings option
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.AccountingMax
See torrc manual.
Type: null or signed integer or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.AccountingStart
See torrc manual.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.Address
See torrc manual.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.AssumeReachable
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.AuthDirHasIPv6Connectivity
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.AuthDirListBadExits
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.AuthDirPinKeys
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.AuthDirSharedRandomness
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.AuthDirTestEd25519LinkKeys
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.AuthoritativeDirectory
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.AutomapHostsOnResolve
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.AutomapHostsSuffixes
See torrc manual.
Type: list of strings
Default: [ ".onion" ".exit" ]
Example: [ ".onion" ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.BandwidthBurst
See torrc manual.
Type: null or signed integer or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.BandwidthRate
See torrc manual.
Type: null or signed integer or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.BridgeAuthoritativeDir
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.BridgeRecordUsageByCountry
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.BridgeRelay
See torrc manual.
Type: null or boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.CacheDirectory
See torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.CacheDirectoryGroupReadable
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.CellStatistics
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ClientAutoIPv6ORPort
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ClientDNSRejectInternalAddresses
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ClientOnionAuthDir
See torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ClientPreferIPv6DirPort
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ClientPreferIPv6ORPort
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ClientRejectInternalAddresses
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ClientUseIPv4
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ClientUseIPv6
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ConnDirectionStatistics
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ConstrainedSockets
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ContactInfo
See torrc manual.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ControlPort
See torrc manual.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or list of 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or submodules
Default: [ ]
Example: [ { port = 9051; } ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ControlPortFileGroupReadable
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ControlPortWriteToFile
See torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ControlSocket
See torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ControlSocketsGroupWritable
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.CookieAuthFile
See torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.CookieAuthFileGroupReadable
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.CookieAuthentication
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.DNSPort
See torrc manual.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or submodule or list of 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.DataDirectory
See torrc manual.
Type: null or path
Default: "/var/lib/tor"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.DataDirectoryGroupReadable
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.DirAllowPrivateAddresses
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.DirCache
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.DirPolicy
See torrc manual.
Type: list of strings
Default: [ ]
Example: [ "accept *:*" ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.DirPort
See torrc manual.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or list of 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or submodules
Default: [ ]
Example: 443
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.DirPortFrontPage
See torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.DirReqStatistics
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.DisableAllSwap
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.DisableDebuggerAttachment
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.DisableNetwork
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.DisableOOSCheck
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.DoSCircuitCreationEnabled
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.DoSConnectionEnabled
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.DoSRefuseSingleHopClientRendezvous
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.DormantCanceledByStartup
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.DormantOnFirstStartup
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.DormantTimeoutDisabledByIdleStreams
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.DownloadExtraInfo
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.EnforceDistinctSubnets
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.EntryStatistics
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ExitPolicy
See torrc manual.
Type: list of strings
Default: [ "reject *:*" ]
Example: [ "accept *:*" ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ExitPolicyRejectLocalInterfaces
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ExitPolicyRejectPrivate
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ExitPortStatistics
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ExitRelay
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ExtORPort
See torrc manual.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ExtORPortCookieAuthFile
See torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ExtORPortCookieAuthFileGroupReadable
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ExtendAllowPrivateAddresses
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ExtraInfoStatistics
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.FascistFirewall
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.FetchDirInfoEarly
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.FetchDirInfoExtraEarly
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.FetchHidServDescriptors
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.FetchServerDescriptors
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.FetchUselessDescriptors
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.GeoIPFile
See torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.GeoIPv6File
See torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.GuardfractionFile
See torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.HSLayer2Nodes
See torrc manual.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.HSLayer3Nodes
See torrc manual.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.HTTPTunnelPort
See torrc manual.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or submodule or list of 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.HidServAuth
See torrc manual.
Type: list of submodules
Default: [ ]
Example: [ { auth = "xxxxxxxxxxxxxxxxxxxxxx"; onion = "xxxxxxxxxxxxxxxx.onion"; } ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.HidServAuth.*.auth
Authentication cookie.
Type: string matching the pattern [A-Za-z0-9+/]{22}
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.HidServAuth.*.onion
Onion address.
Type: string matching the pattern [a-z2-7]{16}\.onion
Example: "xxxxxxxxxxxxxxxx.onion"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.HiddenServiceNonAnonymousMode
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.HiddenServiceStatistics
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.IPv6Exit
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.KeyDirectory
See torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.KeyDirectoryGroupReadable
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.LogMessageDomains
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.LongLivedPorts
See torrc manual.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)s
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.MainloopStats
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.MaxAdvertisedBandwidth
See torrc manual.
Type: null or signed integer or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.MaxCircuitDirtiness
See torrc manual.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.MaxClientCircuitsPending
See torrc manual.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.NATDPort
See torrc manual.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or submodule or list of 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.NewCircuitPeriod
See torrc manual.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.Nickname
See torrc manual.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ORPort
See torrc manual.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or list of 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or submodules
Default: [ ]
Example: 443
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.OfflineMasterKey
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.OptimisticData
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.PaddingStatistics
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.PerConnBWBurst
See torrc manual.
Type: null or signed integer or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.PerConnBWRate
See torrc manual.
Type: null or signed integer or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.PidFile
See torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ProtocolWarnings
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.PublishHidServDescriptors
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.PublishServerDescriptor
See torrc manual.
Type: null or one of false, true, 0, 1, "0", "1", "v3", "bridge"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ReachableAddresses
See torrc manual.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ReachableDirAddresses
See torrc manual.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ReachableORAddresses
See torrc manual.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ReducedExitPolicy
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.RefuseUnknownExits
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.RejectPlaintextPorts
See torrc manual.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)s
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.RelayBandwidthBurst
See torrc manual.
Type: null or signed integer or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.RelayBandwidthRate
See torrc manual.
Type: null or signed integer or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.SOCKSPort
See torrc manual.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive) or submodules
Default: [ ]
Example: [ { port = 9090; } ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.Sandbox
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ServerDNSAllowBrokenConfig
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ServerDNSAllowNonRFC953Hostnames
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ServerDNSDetectHijacking
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ServerDNSRandomizeCase
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ServerDNSResolvConfFile
See torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ServerDNSSearchDomains
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ServerTransportPlugin
See torrc manual.
Type: null or submodule
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ServerTransportPlugin.exec
Command of pluggable transport.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.ServerTransportPlugin.transports
List of pluggable transports.
Type: list of strings
Example: [ "obfs2" "obfs3" "obfs4" "scramblesuit" ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.SocksPolicy
See torrc manual.
Type: list of strings
Default: [ ]
Example: [ "accept *:*" ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.TestingTorNetwork
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.TransPort
See torrc manual.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or submodule or list of 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.TransProxyType
See torrc manual.
Type: null or one of "default", "TPROXY", "ipfw", "pf-divert"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.UnixSocksGroupWritable
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.UseDefaultFallbackDirs
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.UseMicrodescriptors
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.V3AuthUseLegacyKey
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.V3AuthoritativeDirectory
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.VersioningAuthoritativeDirectory
See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.VirtualAddrNetworkIPv4
See torrc manual.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.VirtualAddrNetworkIPv6
See torrc manual.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.settings.WarnPlaintextPorts
See torrc manual.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)s
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
- services.tor.torsocks.enable
Whether to build /etc/tor/torsocks.conf containing the specified global torsocks configuration.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
- services.tor.torsocks.allowInbound
Set Torsocks to accept inbound connections. If set to true, listen() and accept() will be allowed to be used with non localhost address.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
- services.tor.torsocks.fasterServer
IP/Port of the Tor SOCKS server for torsocks-faster wrapper suitable for HTTP. Currently, hostnames are NOT supported by torsocks.
Type: string
Default: "127.0.0.1:9063"
Example: "192.168.0.20:1234"
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
- services.tor.torsocks.onionAddrRange
Tor hidden sites do not have real IP addresses. This specifies what range of IP addresses will be handed to the application as "cookies" for .onion names. Of course, you should pick a block of addresses which you aren't going to ever need to actually connect to. This is similar to the MapAddress feature of the main tor daemon.
Type: string
Default: "127.42.42.0/24"
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
- services.tor.torsocks.server
IP/Port of the Tor SOCKS server. Currently, hostnames are NOT supported by torsocks.
Type: string
Default: "127.0.0.1:9050"
Example: "192.168.0.20:1234"
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
- services.tor.torsocks.socks5Password
SOCKS5 password. The TORSOCKS_PASSWORD environment variable overrides this option if it is set.
Type: null or string
Default: null
Example: "sekret"
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
- services.tor.torsocks.socks5Username
SOCKS5 username. The TORSOCKS_USERNAME environment variable overrides this option if it is set.
Type: null or string
Default: null
Example: "bob"
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
- services.tor.tsocks.enable
Whether to build tsocks wrapper script to relay application traffic via Tor.
Important
You shouldn't use this unless you know what you're doing because your installation of Tor already comes with its own superior (doesn't leak DNS queries) torsocks wrapper which does pretty much exactly the same thing as this.Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/torify.nix>
- services.tor.tsocks.config
Extra configuration. Contents will be added verbatim to TSocks configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/security/torify.nix>
- services.tor.tsocks.server
IP address of TOR client to use.
Type: string
Default: "localhost:9050"
Example: "192.168.0.20"
Declared by:
<nixpkgs/nixos/modules/services/security/torify.nix>
- services.torque.mom.enable
Whether to enable torque computing node.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/computing/torque/mom.nix>
- services.torque.mom.serverNode
Hostname running pbs server.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/computing/torque/mom.nix>
- services.torque.server.enable
Whether to enable torque server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/computing/torque/server.nix>
- services.touchegg.enable
Whether to enable touchegg, a multi-touch gesture recognizer.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/touchegg.nix>
- services.touchegg.package
touchegg derivation to use.
Type: package
Default: pkgs.touchegg
Declared by:
<nixpkgs/nixos/modules/services/x11/touchegg.nix>
- services.tox-node.enable
Whether to enable Tox Node service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-node.nix>
- services.tox-node.keysFile
Path to the file where DHT keys are stored.
Type: string
Default: "/var/lib/tox-node/keys"
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-node.nix>
- services.tox-node.lanDiscovery
Enable local network discovery.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-node.nix>
- services.tox-node.logType
Logging implementation.
Type: one of "Stderr", "Stdout", "Syslog", "None"
Default: "Stderr"
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-node.nix>
- services.tox-node.motd
Message of the day
Type: string
Default: "Hi from tox-rs! I'm up {{uptime}}. TCP: incoming {{tcp_packets_in}}, outgoing {{tcp_packets_out}}, UDP: incoming {{udp_packets_in}}, outgoing {{udp_packets_out}}"
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-node.nix>
- services.tox-node.tcpAddresses
TCP addresses to run TCP relay.
Type: list of strings
Default: [ "0.0.0.0:33445" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-node.nix>
- services.tox-node.tcpConnectionLimit
Maximum number of active TCP connections relay can hold
Type: signed integer
Default: 8192
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-node.nix>
- services.tox-node.threads
Number of threads for execution
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-node.nix>
- services.tox-node.udpAddress
UDP address to run DHT node.
Type: string
Default: "0.0.0.0:33445"
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-node.nix>
- services.toxBootstrapd.enable
Whether to enable the Tox DHT bootstrap daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-bootstrapd.nix>
- services.toxBootstrapd.extraConfig
Configuration for bootstrap daemon. See https://github.com/irungentoo/toxcore/blob/master/other/bootstrap_daemon/tox-bootstrapd.conf and http://wiki.tox.im/Nodes.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-bootstrapd.nix>
- services.toxBootstrapd.keysFile
Node key file.
Type: string
Default: "/var/lib/tox-bootstrapd/keys"
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-bootstrapd.nix>
- services.toxBootstrapd.port
Listening port (UDP).
Type: signed integer
Default: 33445
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-bootstrapd.nix>
- services.toxvpn.enable
Whether to enable toxvpn running on startup.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/toxvpn.nix>
- services.toxvpn.auto_add_peers
peers to automatically connect to on startup
Type: list of strings
Default: [ ]
Example: [ "toxid1" "toxid2" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/toxvpn.nix>
- services.toxvpn.localip
your ip on the vpn
Type: string
Default: "10.123.123.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/toxvpn.nix>
- services.toxvpn.port
udp port for toxcore, port-forward to help with connectivity if you run many nodes behind one NAT
Type: signed integer
Default: 33445
Declared by:
<nixpkgs/nixos/modules/services/networking/toxvpn.nix>
- services.tp-auto-kbbl.enable
Whether to enable Auto toggle keyboard back-lighting on Thinkpads (and maybe other laptops) for Linux.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/tp-auto-kbbl.nix>
- services.tp-auto-kbbl.package
Package providing tp-auto-kbbl.
Type: package
Default: pkgs.tp-auto-kbbl
Declared by:
<nixpkgs/nixos/modules/services/misc/tp-auto-kbbl.nix>
- services.tp-auto-kbbl.arguments
List of arguments appended to ./tp-auto-kbbl --device [device] [arguments]
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/tp-auto-kbbl.nix>
- services.tp-auto-kbbl.device
Device watched for activities.
Type: string
Default: "/dev/input/event0"
Declared by:
<nixpkgs/nixos/modules/services/misc/tp-auto-kbbl.nix>
- services.trac.enable
Whether to enable Trac service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/trac.nix>
- services.trac.dataDir
The directory for storing the Trac data.
Type: path
Default: "/var/lib/trac"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/trac.nix>
- services.trac.listen.ip
IP address that Trac should listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/trac.nix>
- services.trac.listen.port
Listen port for Trac.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/trac.nix>
- services.trac.openFirewall
Open ports in the firewall for Trac.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/trac.nix>
- services.traefik.enable
Whether to enable Traefik web server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/traefik.nix>
- services.traefik.package
Traefik package to use.
Type: package
Default: pkgs.traefik
Declared by:
<nixpkgs/nixos/modules/services/web-servers/traefik.nix>
- services.traefik.dataDir
Location for any persistent data traefik creates, ie. acme
Type: path
Default: "/var/lib/traefik"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/traefik.nix>
- services.traefik.dynamicConfigFile
Path to traefik's dynamic configuration to use. (Using that option has precedence over dynamicConfigOptions)
Type: null or path
Default: null
Example: /path/to/dynamic_config.toml
Declared by:
<nixpkgs/nixos/modules/services/web-servers/traefik.nix>
- services.traefik.dynamicConfigOptions
Dynamic configuration for Traefik.
Type: JSON value
Default: { }
Example: { http = { routers = { router1 = { rule = "Host(`localhost`)"; service = "service1"; } ; } ; services = { service1 = { loadBalancer = { servers = [ { url = "http://localhost:8080"; } ] ; } ; } ; } ; } ; }
Declared by:
<nixpkgs/nixos/modules/services/web-servers/traefik.nix>
- services.traefik.group
Set the group that traefik runs under. For the docker backend this needs to be set to docker instead.
Type: string
Default: "traefik"
Example: "docker"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/traefik.nix>
- services.traefik.staticConfigFile
Path to traefik's static configuration to use. (Using that option has precedence over staticConfigOptions and dynamicConfigOptions)
Type: null or path
Default: null
Example: /path/to/static_config.toml
Declared by:
<nixpkgs/nixos/modules/services/web-servers/traefik.nix>
- services.traefik.staticConfigOptions
Static configuration for Traefik.
Type: JSON value
Default: { entryPoints = { http = { address = ":80"; } ; } ; }
Example: { api = { } ; entryPoints = { http = { address = ":80"; } ; web = { address = ":8080"; } ; } ; }
Declared by:
<nixpkgs/nixos/modules/services/web-servers/traefik.nix>
- services.trafficserver.enable
Whether to enable Apache Traffic Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
- services.trafficserver.cache
Caching rules that overrule the origin's caching policy.
Consult the upstream documentation for more details.
Type: strings concatenated with "\n"
Default: ""
Example: "dest_domain=example.com suffix=js action=never-cache"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
- services.trafficserver.hosting
Partition the cache according to origin server or domain
Consult the upstream documentation for more details.
Type: strings concatenated with "\n"
Default: ""
Example: "domain=example.com volume=1"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
- services.trafficserver.ipAllow
Control client access to Traffic Server and Traffic Server connections to upstream servers.
Consult the upstream documentation for more details.
Type: null or YAML value
Default: upstream defaults
Example:
{ ip_allow = [{ apply = "in"; ip_addrs = "127.0.0.1"; action = "allow"; methods = "ALL"; }]; }Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
- services.trafficserver.logging
Configure logs.
Consult the upstream documentation for more details.
Type: null or YAML value
Default: upstream defaults
Example: { }
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
- services.trafficserver.parent
Identify the parent proxies used in an cache hierarchy.
Consult the upstream documentation for more details.
Type: strings concatenated with "\n"
Default: ""
Example:
'' dest_domain=. method=get parent="p1.example:8080; p2.example:8080" round_robin=true ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
- services.trafficserver.plugins
Controls run-time loadable plugins available to Traffic Server, as well as their configuration.
Consult the upstream documentation for more details.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
- services.trafficserver.plugins.*.arg
arguments to pass to the plugin
Type: string
Default: ""
Example: "--header=ATS-My-Debug"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
- services.trafficserver.plugins.*.path
Path to plugin. The path can either be absolute, or relative to the plugin directory.
Type: string
Example: "xdebug.so"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
- services.trafficserver.records
List of configurable variables used by Traffic Server.
Consult the upstream documentation for more details.
Type: Traffic Server records value
Default: { }
Example: { proxy = { config = { proxy_name = "my_server"; } ; } ; }
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
- services.trafficserver.remap
URL remapping rules used by Traffic Server.
Consult the upstream documentation for more details.
Type: strings concatenated with "\n"
Default: ""
Example: "map http://from.example http://origin.example"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
- services.trafficserver.sni
Configure aspects of TLS connection handling for both inbound and outbound connections.
Consult the upstream documentation for more details.
Type: null or YAML value
Default: null
Example:
{ sni = [{ fqdn = "no-http2.example.com"; https = "off"; }]; }Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
- services.trafficserver.splitDns
Specify the DNS server that Traffic Server should use under specific conditions.
Consult the upstream documentation for more details.
Type: strings concatenated with "\n"
Default: ""
Example:
'' dest_domain=internal.corp.example named="255.255.255.255:212 255.255.255.254" def_domain=corp.example search_list="corp.example corp1.example" dest_domain=!internal.corp.example named=255.255.255.253 ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
- services.trafficserver.sslMulticert
Configure SSL server certificates to terminate the SSL sessions.
Consult the upstream documentation for more details.
Type: strings concatenated with "\n"
Default: ""
Example: "dest_ip=* ssl_cert_name=default.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
- services.trafficserver.storage
List all the storage that make up the Traffic Server cache.
Consult the upstream documentation for more details.
Type: strings concatenated with "\n"
Default: "/var/cache/trafficserver 256M"
Example: "/dev/disk/by-id/XXXXX volume=1"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
- services.trafficserver.strategies
Specify the next hop proxies used in an cache hierarchy and the algorithms used to select the next proxy.
Consult the upstream documentation for more details.
Type: null or YAML value
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
- services.trafficserver.volume
Manage cache space more efficiently and restrict disk usage by creating cache volumes of different sizes.
Consult the upstream documentation for more details.
Type: null or YAML value
Default: ""
Example: "volume=1 scheme=http size=20%"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
- services.transmission.enable
Whether to enable the headless Transmission BitTorrent daemon.
Transmission daemon can be controlled via the RPC interface using transmission-remote, the WebUI (http://127.0.0.1:9091/ by default), or other clients like stig or tremc.
Torrents are downloaded to services.transmission.home/Downloads by default and are accessible to users in the "transmission" group.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.credentialsFile
Path to a JSON file to be merged with the settings. Useful to merge a file which is better kept out of the Nix store to set secret config parameters like rpc-password.
Type: path
Default: "/dev/null"
Example: "/var/lib/secrets/transmission/settings.json"
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.downloadDirPermissions
The permissions set by systemd.activationScripts.transmission-daemon on the directories services.transmission.settings.download-dir and services.transmission.settings.incomplete-dir. Note that you may also want to change services.transmission.settings.umask.
Type: string
Default: "770"
Example: "775"
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.extraFlags
Extra flags passed to the transmission command in the service definition.
Type: list of strings
Default: [ ]
Example: [ "--log-debug" ]
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.group
Group account under which Transmission runs.
Type: string
Default: "transmission"
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.home
The directory where Transmission will create .config/transmission-daemon. as well as Downloads/ unless services.transmission.settings.download-dir is changed, and .incomplete/ unless services.transmission.settings.incomplete-dir is changed.
Type: path
Default: "/var/lib/transmission"
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.openFirewall
Alias of services.transmission.openPeerPorts.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.openPeerPorts
Whether to enable opening of the peer port(s) in the firewall.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.openRPCPort
Whether to enable opening of the RPC port in the firewall.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.performanceNetParameters
Whether to enable tweaking of kernel parameters to open many more connections at the same time.
Note that you may also want to increase peer-limit-global". And be aware that these settings are quite aggressive and might not suite your regular desktop use. For instance, SSH sessions may time out more easily.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.settings
Settings whose options overwrite fields in .config/transmission-daemon/settings.json (each time the service starts).
See Transmission's Wiki for documentation of settings not explicitely covered by this module.
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.settings.download-dir
Directory where to download torrents.
Type: path
Default: "/var/lib/transmission/Downloads"
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.settings.incomplete-dir
When enabled with services.transmission.home services.transmission.settings.incomplete-dir-enabled, new torrents will download the files to this directory. When complete, the files will be moved to download-dir services.transmission.settings.download-dir.
Type: path
Default: "/var/lib/transmission/.incomplete"
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.settings.incomplete-dir-enabled
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.settings.message-level
Set verbosity of transmission messages.
Type: integer between 0 and 2 (both inclusive)
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.settings.peer-port
The peer port to listen for incoming connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 51413
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.settings.peer-port-random-high
The maximum peer port to listen to for incoming connections when services.transmission.settings.peer-port-random-on-start is enabled.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 65535
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.settings.peer-port-random-low
The minimal peer port to listen to for incoming connections when services.transmission.settings.peer-port-random-on-start is enabled.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 65535
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.settings.peer-port-random-on-start
Randomize the peer port.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.settings.rpc-bind-address
Where to listen for RPC connections. Use \"0.0.0.0\" to listen on all interfaces.
Type: string
Default: "127.0.0.1"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.settings.rpc-port
The RPC port to listen to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9091
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.settings.script-torrent-done-enabled
Whether to run services.transmission.settings.script-torrent-done-filename at torrent completion.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.settings.script-torrent-done-filename
Executable to be run at torrent completion.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.settings.trash-original-torrent-files
Whether to delete torrents added from the services.transmission.settings.watch-dir.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.settings.umask
Sets transmission's file mode creation mask. See the umask(2) manpage for more information. Users who want their saved torrents to be world-writable may want to set this value to 0. Bear in mind that the json markup language only accepts numbers in base 10, so the standard umask(2) octal notation "022" is written in settings.json as 18.
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.settings.utp-enabled
Whether to enable Micro Transport Protocol (µTP).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.settings.watch-dir
Watch a directory for torrent files and add them to transmission.
Type: path
Default: "/var/lib/transmission/watchdir"
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.settings.watch-dir-enabled
Whether to enable the services.transmission.settings.watch-dir.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.transmission.user
User account under which Transmission runs.
Type: string
Default: "transmission"
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
- services.trezord.enable
Enable Trezor bridge daemon, for use with Trezor hardware bitcoin wallets.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/trezord.nix>
- services.trezord.emulator.enable
Enable Trezor emulator support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/trezord.nix>
- services.trezord.emulator.port
Listening port for the Trezor emulator.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 21324
Declared by:
<nixpkgs/nixos/modules/services/hardware/trezord.nix>
- services.trickster.enable
Enable Trickster.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/trickster.nix>
- services.trickster.package
Package that should be used for trickster.
Type: package
Default: pkgs.trickster
Declared by:
<nixpkgs/nixos/modules/services/networking/trickster.nix>
- services.trickster.configFile
Path to configuration file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/trickster.nix>
- services.trickster.instance-id
Instance ID for when running multiple processes (default null).
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/trickster.nix>
- services.trickster.log-level
Level of Logging to use (debug, info, warn, error) (default "info").
Type: string
Default: "info"
Declared by:
<nixpkgs/nixos/modules/services/networking/trickster.nix>
- services.trickster.metrics-port
Port that the /metrics endpoint will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8082
Declared by:
<nixpkgs/nixos/modules/services/networking/trickster.nix>
- services.trickster.origin
URL to the Prometheus Origin. Enter it like you would in grafana, e.g., http://prometheus:9090 (default http://prometheus:9090).
Type: string
Default: "http://prometheus:9090"
Declared by:
<nixpkgs/nixos/modules/services/networking/trickster.nix>
- services.trickster.profiler-port
Port that the /debug/pprof endpoint will listen on.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/trickster.nix>
- services.trickster.proxy-port
Port that the Proxy server will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9090
Declared by:
<nixpkgs/nixos/modules/services/networking/trickster.nix>
- services.triggerhappy.enable
Whether to enable the triggerhappy hotkey daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/triggerhappy.nix>
- services.triggerhappy.bindings
Key bindings for triggerhappy.
Type: list of submodules
Default: [ ]
Example:
[ { keys = ["PLAYPAUSE"]; cmd = "${pkgs.mpc_cli}/bin/mpc -q toggle"; } ]Declared by:
<nixpkgs/nixos/modules/services/hardware/triggerhappy.nix>
- services.triggerhappy.bindings.*.cmd
What to run.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/hardware/triggerhappy.nix>
- services.triggerhappy.bindings.*.event
Event to match.
Type: one of "press", "hold", "release"
Default: "press"
Declared by:
<nixpkgs/nixos/modules/services/hardware/triggerhappy.nix>
- services.triggerhappy.bindings.*.keys
List of keys to match. Key names as defined in linux/input-event-codes.h
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/hardware/triggerhappy.nix>
- services.triggerhappy.extraConfig
Literal contents to append to the end of triggerhappy configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/triggerhappy.nix>
- services.triggerhappy.user
User account under which triggerhappy runs.
Type: string
Default: "nobody"
Example: "root"
Declared by:
<nixpkgs/nixos/modules/services/hardware/triggerhappy.nix>
- services.trilium-server.enable
Whether to enable trilium-server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/trilium.nix>
- services.trilium-server.dataDir
The directory storing the notes database and the configuration.
Type: string
Default: "/var/lib/trilium"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/trilium.nix>
- services.trilium-server.host
The host address to bind to (defaults to localhost).
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/trilium.nix>
- services.trilium-server.instanceName
Instance name used to distinguish between different instances
Type: string
Default: "Trilium"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/trilium.nix>
- services.trilium-server.nginx
Configuration for nginx reverse proxy.
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/trilium.nix>
- services.trilium-server.nginx.enable
Configure the nginx reverse proxy settings.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/trilium.nix>
- services.trilium-server.nginx.hostName
The hostname use to setup the virtualhost configuration
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/trilium.nix>
- services.trilium-server.noBackup
Disable periodic database backups.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/trilium.nix>
- services.trilium-server.port
The port number to bind to.
Type: signed integer
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/web-apps/trilium.nix>
- services.tsmBackup.enable
Whether to enable automatic backups with the IBM Spectrum Protect (Tivoli Storage Manager, TSM) client. This also enables programs.tsmClient.enable .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/tsm.nix>
- services.tsmBackup.autoTime
The backup service will be invoked automatically at the given date/time, which must be in the format described in systemd.time(5). The default null disables automatic backups.
Type: null or string matching the pattern .+
Default: null
Example: "12:00"
Declared by:
<nixpkgs/nixos/modules/services/backup/tsm.nix>
- services.tsmBackup.command
The actual command passed to the dsmc executable to start the backup.
Type: string matching the pattern .+
Default: "backup"
Example: "incr"
Declared by:
<nixpkgs/nixos/modules/services/backup/tsm.nix>
- services.tsmBackup.servername
Create a systemd system service tsm-backup.service that starts a backup based on the given servername's stanza. Note that this server's passwdDir will default to /var/lib/tsm-backup/password (but may be overridden); also, the service will use /var/lib/tsm-backup as HOME when calling dsmc.
Type: string matching the pattern .+
Example: "mainTsmServer"
Declared by:
<nixpkgs/nixos/modules/services/backup/tsm.nix>
- services.tt-rss.enable
Whether to enable tt-rss.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.enableGZipOutput
Selectively gzip output to improve wire performance. This requires PHP Zlib extension on the server. Enabling this can break tt-rss in several httpd/php configurations, if you experience weird errors and tt-rss failing to start, blank pages after login, or content encoding errors, disable it.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.auth.autoCreate
Allow authentication modules to auto-create users in tt-rss internal database when authenticated successfully.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.auth.autoLogin
Automatically login user on remote or other kind of externally supplied authentication, otherwise redirect to login form as normal. If set to true, users won't be able to set application language and settings profile.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.database.createLocally
Create the database and database user locally.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.database.host
Host of the database. Leave null to use Unix domain socket.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.database.name
Name of the existing database.
Type: string
Default: "tt_rss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.database.password
The database user's password.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.database.passwordFile
The database user's password.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.database.port
The database's port. If not set, the default ports will be provided (5432 and 3306 for pgsql and mysql respectively).
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.database.type
Database to store feeds. Supported are pgsql and mysql.
Type: one of "pgsql", "mysql"
Default: "pgsql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.database.user
The database user. The user must exist and has access to the specified database.
Type: string
Default: "tt_rss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.email.digestSubject
Subject line for email digests.
Type: string
Default: "[tt-rss] New headlines for last 24 hours"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.email.fromAddress
Address for sending outgoing mail. This applies to password reset notifications, digest emails and any other mail.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.email.fromName
Name for sending outgoing mail. This applies to password reset notifications, digest emails and any other mail.
Type: string
Default: "Tiny Tiny RSS"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.email.login
SMTP authentication login used when sending outgoing mail.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.email.password
SMTP authentication password used when sending outgoing mail.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.email.security
Used to select a secure SMTP connection. Allowed values: ssl, tls, or empty.
Type: one of "", "ssl", "tls"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.email.server
Hostname:port combination to send outgoing mail. Blank - use system MTA.
Type: string
Default: ""
Example: "localhost:25"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.extraConfig
Additional lines to append to config.php.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.feedCryptKey
Key used for encryption of passwords for password-protected feeds in the database. A string of 24 random characters. If left blank, encryption is not used. Requires mcrypt functions. Warning: changing this key will make your stored feed passwords impossible to decrypt.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.forceArticlePurge
When this option is not 0, users ability to control feed purging intervals is disabled and all articles (which are not starred) older than this amount of days are purged.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.logDestination
Log destination to use. Possible values: sql (uses internal logging you can read in Preferences -> System), syslog - logs to system log. Setting this to blank uses PHP logging (usually to http server error.log).
Type: one of "", "sql", "syslog"
Default: "sql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.pluginPackages
List of plugins to install. The list elements are expected to be derivations. All elements in this derivation are automatically copied to the plugins.local directory.
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.plugins
List of plugins to load automatically for all users. System plugins have to be specified here. Please enable at least one authentication plugin here (auth_*). Users may enable other user plugins from Preferences/Plugins but may not disable plugins specified in this list. Disabling auth_internal in this list would automatically disable reset password link on the login form.
Type: list of strings
Default: [ "auth_internal" "note" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.pool
Name of existing phpfpm pool that is used to run web-application. If not specified a pool will be created automatically with default values.
Type: string
Default: "tt-rss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.pubSubHubbub.enable
Enable client PubSubHubbub support in tt-rss. When disabled, tt-rss won't try to subscribe to PUSH feed updates.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.pubSubHubbub.hub
URL to a PubSubHubbub-compatible hub server. If defined, "Published articles" generated feed would automatically become PUSH-enabled.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.registration.enable
Allow users to register themselves. Please be aware that allowing random people to access your tt-rss installation is a security risk and potentially might lead to data loss or server exploit. Disabled by default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.registration.maxUsers
Maximum amount of users which will be allowed to register on this system. 0 - no limit.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.registration.notifyAddress
Email address to send new user notifications to.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.root
Root of the application.
Type: path
Default: "/var/lib/tt-rss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.selfUrlPath
Full URL of your tt-rss installation. This should be set to the location of tt-rss directory, e.g. http://example.org/tt-rss/ You need to set this option correctly otherwise several features including PUSH, bookmarklets and browser integration will not work properly.
Type: string
Example: "http://localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.sessionCookieLifetime
Default lifetime of a session (e.g. login) cookie. In seconds, 0 means cookie will be deleted when browser closes.
Type: signed integer
Default: 86400
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.simpleUpdateMode
Enables fallback update mode where tt-rss tries to update feeds in background while tt-rss is open in your browser. If you don't have a lot of feeds and don't want to or can't run background processes while not running tt-rss, this method is generally viable to keep your feeds up to date. Still, there are more robust (and recommended) updating methods available, you can read about them here: http://tt-rss.org/wiki/UpdatingFeeds
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.singleUserMode
Operate in single user mode, disables all functionality related to multiple users and authentication. Enabling this assumes you have your tt-rss directory protected by other means (e.g. http auth).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.sphinx.index
Index names in Sphinx configuration. Example configuration files are available on tt-rss wiki.
Type: list of strings
Default: [ "ttrss" "delta" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.sphinx.server
Hostname:port combination for the Sphinx server.
Type: string
Default: "localhost:9312"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.themePackages
List of themes to install. The list elements are expected to be derivations. All elements in this derivation are automatically copied to the themes.local directory.
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.user
User account under which both the update daemon and the web-application run.
Type: string
Default: "tt_rss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.tt-rss.virtualHost
Name of the nginx virtualhost to use and setup. If null, do not setup any virtualhost.
Type: null or string
Default: "tt-rss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
- services.ttyd.enable
Whether to enable ttyd daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
- services.ttyd.enableIPv6
Whether or not to enable IPv6 support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
- services.ttyd.enableSSL
Whether or not to enable SSL (https) support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
- services.ttyd.caFile
SSL CA file path for client certificate verification.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
- services.ttyd.certFile
SSL certificate file path.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
- services.ttyd.checkOrigin
Whether to allow a websocket connection from a different origin.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
- services.ttyd.clientOptions
Attribute set of client options for xtermjs. https://xtermjs.org/docs/api/terminal/interfaces/iterminaloptions/
Type: attribute set of strings
Default: { }
Example:
{ fontSize = "16"; fontFamily = "Fira Code"; }Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
- services.ttyd.indexFile
Custom index.html path
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
- services.ttyd.interface
Network interface to bind.
Type: null or string
Default: null
Example: "eth0"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
- services.ttyd.keyFile
SSL key file path. For insecurely putting the keyFile in the globally readable store use pkgs.writeText "ttydKeyFile" "SSLKEY".
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
- services.ttyd.logLevel
Set log level.
Type: signed integer
Default: 7
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
- services.ttyd.maxClients
Maximum clients to support (0, no limit)
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
- services.ttyd.passwordFile
File containing the password to use for basic authentication. For insecurely putting the password in the globally readable store use pkgs.writeText "ttydpw" "MyPassword".
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
- services.ttyd.port
Port to listen on (use 0 for random port)
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 7681
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
- services.ttyd.signal
Signal to send to the command on session close.
Type: 8 bit unsigned integer; between 0 and 255 (both inclusive)
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
- services.ttyd.socket
UNIX domain socket path to bind.
Type: null or path
Default: null
Example: "/var/run/ttyd.sock"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
- services.ttyd.terminalType
Terminal type to report.
Type: string
Default: "xterm-256color"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
- services.ttyd.username
Username for basic authentication.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
- services.tumbler.enable
Whether to enable Tumbler, A D-Bus thumbnailer service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/tumbler.nix>
- services.tuptime.enable
Whether to enable the total uptime service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/tuptime.nix>
- services.tuptime.timer.enable
Whether to regularly log uptime to detect bad shutdowns.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/tuptime.nix>
- services.tuptime.timer.period
systemd calendar event
Type: string
Default: "*:0/5"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/tuptime.nix>
- services.tvheadend.enable
Whether to enable Tvheadend.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/tvheadend.nix>
- services.tvheadend.htspPort
Port to bind HTSP to.
Type: signed integer
Default: 9982
Declared by:
<nixpkgs/nixos/modules/services/networking/tvheadend.nix>
- services.tvheadend.httpPort
Port to bind HTTP to.
Type: signed integer
Default: 9981
Declared by:
<nixpkgs/nixos/modules/services/networking/tvheadend.nix>
- services.tzupdate.enable
Enable the tzupdate timezone updating service. This provides a one-shot service which can be activated with systemctl to update the timezone.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/tzupdate.nix>
- services.u9fs.enable
Whether to run the u9fs 9P server for Unix.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/u9fs.nix>
- services.u9fs.extraArgs
Extra arguments to pass on invocation, see man 4 u9fs
Type: string
Default: ""
Example: "-a none"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/u9fs.nix>
- services.u9fs.listenStreams
Sockets to listen for clients on. See man 5 systemd.socket for socket syntax.
Type: list of strings
Default: [ "564" ]
Example: [ "192.168.16.1:564" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/u9fs.nix>
- services.u9fs.user
User to run u9fs under.
Type: string
Default: "nobody"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/u9fs.nix>
- services.udev.packages
List of packages containing udev rules. All files found in pkg/etc/udev/rules.d and pkg/lib/udev/rules.d will be included.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
- services.udev.extraHwdb
Additional hwdb files. They'll be written into file 99-local.hwdb. Thus they are read after all other files.
Type: strings concatenated with "\n"
Default: ""
Example:
'' evdev:input:b0003v05AFp8277* KEYBOARD_KEY_70039=leftalt KEYBOARD_KEY_700e2=leftctrl ''
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
- services.udev.extraRules
Additional udev rules. They'll be written into file 99-local.rules. Thus they are read and applied after all other rules.
Type: strings concatenated with "\n"
Default: ""
Example:
'' ENV{ID_VENDOR_ID}=="046d", ENV{ID_MODEL_ID}=="0825", ENV{PULSE_IGNORE}="1" ''Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
- services.udev.initrdRules
udev rules to include in the initrd only. They'll be written into file 99-local.rules. Thus they are read and applied after the essential initrd rules.
Type: strings concatenated with "\n"
Default: ""
Example:
'' SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:1D:60:B9:6D:4F", KERNEL=="eth*", NAME="my_fast_network_card" ''Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
- services.udev.path
Packages added to the PATH environment variable when executing programs from Udev rules.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
- services.udisks2.enable
Whether to enable Udisks, a DBus service that allows applications to query and manipulate storage devices.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/udisks2.nix>
- services.uhub
Uhub ADC hub instances
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
- services.uhub.<name>.enable
Whether to enable hub instance.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
- services.uhub.<name>.enableTLS
Whether to enable TLS support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
- services.uhub.<name>.plugins
Uhub plugin configuration.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
- services.uhub.<name>.plugins.*.plugin
Path to plugin file.
Type: path
Example: $${pkgs.uhub}/plugins/mod_auth_sqlite.so
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
- services.uhub.<name>.plugins.*.settings
Settings specific to this plugin.
Type: attribute set of strings
Example: { file = "/etc/uhub/users.db"; }
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
- services.uhub.<name>.settings
Configuration of uhub. See https://www.uhub.org/doc/config.php for a list of options.
Type: attribute set of boolean or signed integer or strings
Default: { }
Example: { hub_description = "Yet another ADC hub"; hub_name = "My Public Hub"; max_users = 150; server_bind_addr = "any"; server_port = 1511; }
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
- services.unbound.enable
Whether to enable Unbound domain name server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
- services.unbound.enableRootTrustAnchor
Use and update root trust anchor for DNSSEC validation.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
- services.unbound.package
The unbound package to use
Type: package
Default: pkgs.unbound-with-systemd
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
- services.unbound.group
Group under which unbound runs.
Type: string
Default: "unbound"
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
- services.unbound.localControlSocketPath
When not set to null this option defines the path at which the unbound remote control socket should be created at. The socket will be owned by the unbound user (unbound) and group will be nogroup.
Users that should be permitted to access the socket must be in the config.services.unbound.group group.
If this option is null remote control will not be enabled. Unbounds default values apply.
Type: null or string
Default: null
Example: "/run/unbound/unbound.ctl"
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
- services.unbound.resolveLocalQueries
Whether unbound should resolve local queries (i.e. add 127.0.0.1 to /etc/resolv.conf).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
- services.unbound.settings
Declarative Unbound configuration See the unbound.conf(5) manpage for a list of available options.
Type: unbound.conf configuration type. The format consist of an attribute set of settings. Each settings can be either one value, a list of values or an attribute set. The allowed values are integers, strings, booleans or floats.
Default: { }
Example:
{ server = { interface = [ "127.0.0.1" ]; }; forward-zone = [ { name = "."; forward-addr = "1.1.1.1@853#cloudflare-dns.com"; } { name = "example.org."; forward-addr = [ "1.1.1.1@853#cloudflare-dns.com" "1.0.0.1@853#cloudflare-dns.com" ]; } ]; remote-control.control-enable = true; };Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
- services.unbound.stateDir
Directory holding all state for unbound to run.
Type: unspecified
Default: "/var/lib/unbound"
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
- services.unbound.user
User account under which unbound runs.
Type: string
Default: "unbound"
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
- services.unclutter.enable
Enable unclutter to hide your mouse cursor when inactive
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter.nix>
- services.unclutter.package
unclutter derivation to use.
Type: package
Default: pkgs.unclutter
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter.nix>
- services.unclutter.excluded
Names of windows where unclutter should not apply
Type: list of strings
Default: [ ]
Example: [ "" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter.nix>
- services.unclutter.extraOptions
More arguments to pass to the unclutter command
Type: list of strings
Default: [ ]
Example: [ "noevent" "grab" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter.nix>
- services.unclutter.keystroke
Wait for a keystroke before hiding the cursor
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter.nix>
- services.unclutter.threshold
Minimum number of pixels considered cursor movement
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter.nix>
- services.unclutter.timeout
Number of seconds before the cursor is marked inactive
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter.nix>
- services.unclutter-xfixes.enable
Enable unclutter-xfixes to hide your mouse cursor when inactive.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter-xfixes.nix>
- services.unclutter-xfixes.package
unclutter-xfixes derivation to use.
Type: package
Default: pkgs.unclutter-xfixes
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter-xfixes.nix>
- services.unclutter-xfixes.extraOptions
More arguments to pass to the unclutter-xfixes command.
Type: list of strings
Default: [ ]
Example: [ "exclude-root" "ignore-scrolling" "fork" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter-xfixes.nix>
- services.unclutter-xfixes.threshold
Minimum number of pixels considered cursor movement.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter-xfixes.nix>
- services.unclutter-xfixes.timeout
Number of seconds before the cursor is marked inactive.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter-xfixes.nix>
- services.undervolt.enable
Whether to enable Undervolting service for Intel CPUs.
Warning: This service is not endorsed by Intel and may permanently damage your hardware. Use at your own risk! .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
- services.undervolt.package
undervolt derivation to use.
Type: package
Default: pkgs.undervolt
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
- services.undervolt.analogioOffset
The amount of voltage in mV to offset analogio by.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
- services.undervolt.coreOffset
The amount of voltage in mV to offset the CPU cores by.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
- services.undervolt.gpuOffset
The amount of voltage in mV to offset the GPU by.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
- services.undervolt.p1.limit
The P1 Power Limit in Watts. Both limit and window must be set.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
- services.undervolt.p1.window
The P1 Time Window in seconds. Both limit and window must be set.
Type: null or floating point number or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
- services.undervolt.p2.limit
The P2 Power Limit in Watts. Both limit and window must be set.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
- services.undervolt.p2.window
The P2 Time Window in seconds. Both limit and window must be set.
Type: null or floating point number or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
- services.undervolt.temp
The temperature target in Celsius degrees.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
- services.undervolt.tempAc
The temperature target on AC power in Celsius degrees.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
- services.undervolt.tempBat
The temperature target on battery power in Celsius degrees.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
- services.undervolt.uncoreOffset
The amount of voltage in mV to offset uncore by.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
- services.undervolt.useTimer
Whether to set a timer that applies the undervolt settings every 30s. This will cause spam in the journal but might be required for some hardware under specific conditions. Enable this if your undervolt settings don't hold.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
- services.undervolt.verbose
Whether to enable verbose logging.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
- services.unifi.enable
Whether or not to enable the unifi controller service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/unifi.nix>
- services.unifi.initialJavaHeapSize
Set the initial heap size for the JVM in MB. If this option isn't set, the JVM will decide this value at runtime.
Type: null or signed integer
Default: null
Example: 1024
Declared by:
<nixpkgs/nixos/modules/services/networking/unifi.nix>
- services.unifi.jrePackage
The JRE package to use. Check the release notes to ensure it is supported.
Type: package
Default: pkgs.jre8
Declared by:
<nixpkgs/nixos/modules/services/networking/unifi.nix>
- services.unifi.maximumJavaHeapSize
Set the maximimum heap size for the JVM in MB. If this option isn't set, the JVM will decide this value at runtime.
Type: null or signed integer
Default: null
Example: 4096
Declared by:
<nixpkgs/nixos/modules/services/networking/unifi.nix>
- services.unifi.mongodbPackage
The mongodb package to use.
Type: package
Default: pkgs.mongodb
Declared by:
<nixpkgs/nixos/modules/services/networking/unifi.nix>
- services.unifi.openPorts
Whether or not to open the minimum required ports on the firewall.
This is necessary to allow firmware upgrades and device discovery to work. For remote login, you should additionally open (or forward) port 8443.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/unifi.nix>
- services.unifi.unifiPackage
The unifi package to use.
Type: package
Default: pkgs.unifiLTS
Declared by:
<nixpkgs/nixos/modules/services/networking/unifi.nix>
- services.unifi-poller.enable
Whether to enable unifi-poller.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.influxdb.db
Database name. Database should exist.
Type: string
Default: "unifi"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.influxdb.disable
Whether to disable the influxdb ouput plugin.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.influxdb.interval
Setting this lower than the Unifi controller's refresh interval may lead to zeroes in your database.
Type: string
Default: "30s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.influxdb.pass
Path of a file containing the password for influxdb. This file needs to be readable by the unifi-poller user.
Type: path
Default: unifi-poller-influxdb-default.password
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.influxdb.url
URL of the influxdb host.
Type: string
Default: "http://127.0.0.1:8086"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.influxdb.user
Username for the influxdb.
Type: string
Default: "unifipoller"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.influxdb.verify_ssl
Verify the influxdb's certificate.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.loki.interval
How often the events are polled and pushed to Loki.
Type: string
Default: "2m"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.loki.pass
Path of a file containing the password for Loki. This file needs to be readable by the unifi-poller user.
Type: path
Default: "unifi-poller-influxdb-default.password"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.loki.tenant_id
Tenant ID to use in Loki.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.loki.timeout
Should be increased in case of timeout errors.
Type: string
Default: "10s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.loki.url
URL of the Loki host.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.loki.user
Username for Loki.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.loki.verify_ssl
Verify Loki's certificate.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.poller.debug
Turns on line numbers, microsecond logging, and a per-device log. This may be noisy if you have a lot of devices. It adds one line per device.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.poller.plugins
Load additional plugins.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.poller.quiet
Turns off per-interval logs. Only startup and error logs will be emitted.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.prometheus.disable
Whether to disable the prometheus ouput plugin.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.prometheus.http_listen
Bind the prometheus exporter to this IP or hostname.
Type: string
Default: "[::]:9130"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.prometheus.report_errors
Whether to report errors.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.controllers
List of Unifi controllers to poll. Use defaults if empty.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.controllers.*.hash_pii
Hash, with md5, client names and MAC addresses. This attempts to protect personally identifiable information.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.controllers.*.pass
Path of a file containing the password for the unifi service user. This file needs to be readable by the unifi-poller user.
Type: path
Default: unifi-poller-unifi-default.password
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.controllers.*.save_alarms
Collect and save data from UniFi alarms to influxdb and Loki.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.controllers.*.save_anomalies
Collect and save data from UniFi anomalies to influxdb and Loki.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.controllers.*.save_dpi
Collect and save data from deep packet inspection. Adds around 150 data points and impacts performance.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.controllers.*.save_events
Collect and save data from UniFi events to influxdb and Loki.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.controllers.*.save_ids
Collect and save data from the intrusion detection system to influxdb and Loki.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.controllers.*.save_sites
Collect and save site data.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.controllers.*.sites
List of site names for which statistics should be exported. Or the string "default" for the default site or the string "all" for all sites.
Type: one of "default", "all" or list of strings
Default: "all"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.controllers.*.url
URL of the Unifi controller.
Type: string
Default: "https://unifi:8443"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.controllers.*.user
Unifi service user name.
Type: string
Default: "unifi"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.controllers.*.verify_ssl
Verify the Unifi controller's certificate.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.defaults.hash_pii
Hash, with md5, client names and MAC addresses. This attempts to protect personally identifiable information.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.defaults.pass
Path of a file containing the password for the unifi service user. This file needs to be readable by the unifi-poller user.
Type: path
Default: unifi-poller-unifi-default.password
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.defaults.save_alarms
Collect and save data from UniFi alarms to influxdb and Loki.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.defaults.save_anomalies
Collect and save data from UniFi anomalies to influxdb and Loki.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.defaults.save_dpi
Collect and save data from deep packet inspection. Adds around 150 data points and impacts performance.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.defaults.save_events
Collect and save data from UniFi events to influxdb and Loki.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.defaults.save_ids
Collect and save data from the intrusion detection system to influxdb and Loki.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.defaults.save_sites
Collect and save site data.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.defaults.sites
List of site names for which statistics should be exported. Or the string "default" for the default site or the string "all" for all sites.
Type: one of "default", "all" or list of strings
Default: "all"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.defaults.url
URL of the Unifi controller.
Type: string
Default: "https://unifi:8443"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.defaults.user
Unifi service user name.
Type: string
Default: "unifi"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.defaults.verify_ssl
Verify the Unifi controller's certificate.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-poller.unifi.dynamic
Let prometheus select which controller to poll when scraping. Use with default credentials. See unifi-poller wiki for more.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unifi-poller.nix>
- services.unifi-video.enable
Whether or not to enable the unifi-video service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/video/unifi-video.nix>
- services.unifi-video.dataDir
Where to store the database and other data.
Type: string
Default: "/var/lib/unifi-video/data"
Declared by:
<nixpkgs/nixos/modules/services/video/unifi-video.nix>
- services.unifi-video.jrePackage
The JRE package to use. Check the release notes to ensure it is supported.
Type: package
Default: pkgs.jre8
Declared by:
<nixpkgs/nixos/modules/services/video/unifi-video.nix>
- services.unifi-video.logDir
Where to store the logs.
Type: string
Default: "/var/lib/unifi-video/logs"
Declared by:
<nixpkgs/nixos/modules/services/video/unifi-video.nix>
- services.unifi-video.maximumJavaHeapSize
Set the maximimum heap size for the JVM in MB.
Type: null or signed integer
Default: 1024
Example: 4096
Declared by:
<nixpkgs/nixos/modules/services/video/unifi-video.nix>
- services.unifi-video.mongodbPackage
The mongodb package to use.
Type: package
Default: pkgs.mongodb
Declared by:
<nixpkgs/nixos/modules/services/video/unifi-video.nix>
- services.unifi-video.openPorts
Whether or not to open the required ports on the firewall.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/video/unifi-video.nix>
- services.unifi-video.pidFile
Location of unifi-video pid file.
Type: path
Default: "/var/lib/unifi-video/data/unifi-video.pid"
Declared by:
<nixpkgs/nixos/modules/services/video/unifi-video.nix>
- services.unifi-video.unifiVideoPackage
The unifi-video package to use.
Type: package
Default: pkgs.unifi-video
Declared by:
<nixpkgs/nixos/modules/services/video/unifi-video.nix>
- services.unit.enable
Whether to enable Unit App Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/unit/default.nix>
- services.unit.package
Unit package to use.
Type: package
Default: pkgs.unit
Declared by:
<nixpkgs/nixos/modules/services/web-servers/unit/default.nix>
- services.unit.config
Unit configuration in JSON format. More details here https://unit.nginx.org/configuration
Type: string
Default:
'' { "listeners": {}, "applications": {} } ''Example:
'' { "listeners": { "*:8300": { "application": "example-php-72" } }, "applications": { "example-php-72": { "type": "php 7.2", "processes": 4, "user": "nginx", "group": "nginx", "root": "/var/www", "index": "index.php", "options": { "file": "/etc/php.d/default.ini", "admin": { "max_execution_time": "30", "max_input_time": "30", "display_errors": "off", "display_startup_errors": "off", "open_basedir": "/dev/urandom:/proc/cpuinfo:/proc/meminfo:/etc/ssl/certs:/var/www", "disable_functions": "exec,passthru,shell_exec,system" } } } } } ''Declared by:
<nixpkgs/nixos/modules/services/web-servers/unit/default.nix>
- services.unit.group
Group account under which unit runs.
Type: string
Default: "unit"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/unit/default.nix>
- services.unit.logDir
Unit log directory.
Type: path
Default: "/var/log/unit"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/unit/default.nix>
- services.unit.stateDir
Unit data directory.
Type: path
Default: "/var/spool/unit"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/unit/default.nix>
- services.unit.user
User account under which unit runs.
Type: string
Default: "unit"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/unit/default.nix>
- services.upower.enable
Whether to enable Upower, a DBus service that provides power management support to applications.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
- services.upower.enableWattsUpPro
Enable the Watts Up Pro device.
The Watts Up Pro contains a generic FTDI USB device without a specific vendor and product ID. When we probe for WUP devices, we can cause the user to get a perplexing "Device or resource busy" error when attempting to use their non-WUP device.
The generic FTDI device is known to also be used on:
- Sparkfun FT232 breakout board
- Parallax Propeller
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
- services.upower.package
Which upower package to use.
Type: package
Default: pkgs.upower
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
- services.upower.criticalPowerAction
The action to take when timeAction or percentageAction has been reached for the batteries (UPS or laptop batteries) supplying the computer
Type: one of "PowerOff", "Hibernate", "HybridSleep"
Default: "HybridSleep"
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
- services.upower.ignoreLid
Do we ignore the lid state
Some laptops are broken. The lid state is either inverted, or stuck on or off. We can't do much to fix these problems, but this is a way for users to make the laptop panel vanish, a state that might be used by a couple of user-space daemons. On Linux systems, see also logind.conf(5).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
- services.upower.noPollBatteries
Don't poll the kernel for battery level changes.
Some hardware will send us battery level changes through events, rather than us having to poll for it. This option allows disabling polling for hardware that sends out events.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
- services.upower.percentageAction
When usePercentageForPolicy is true, the levels at which UPower will take action for the critical battery level.
This will also be used for batteries which don't have time information such as that of peripherals.
If any value (of percentageLow, percentageCritical and percentageAction) is invalid, or not in descending order, the defaults will be used.
Type: unsigned integer, meaning >=0
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
- services.upower.percentageCritical
When usePercentageForPolicy is true, the levels at which UPower will consider the battery critical.
This will also be used for batteries which don't have time information such as that of peripherals.
If any value (of percentageLow, percentageCritical and percentageAction) is invalid, or not in descending order, the defaults will be used.
Type: unsigned integer, meaning >=0
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
- services.upower.percentageLow
When usePercentageForPolicy is true, the levels at which UPower will consider the battery low.
This will also be used for batteries which don't have time information such as that of peripherals.
If any value (of percentageLow, percentageCritical and percentageAction) is invalid, or not in descending order, the defaults will be used.
Type: unsigned integer, meaning >=0
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
- services.upower.timeAction
When usePercentageForPolicy is false, the time remaining at which UPower will take action for the critical battery level.
If any value (of timeLow, timeCritical and timeAction) is invalid, or not in descending order, the defaults will be used.
Type: unsigned integer, meaning >=0
Default: 120
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
- services.upower.timeCritical
When usePercentageForPolicy is false, the time remaining at which UPower will consider the battery critical.
If any value (of timeLow, timeCritical and timeAction) is invalid, or not in descending order, the defaults will be used.
Type: unsigned integer, meaning >=0
Default: 300
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
- services.upower.timeLow
When usePercentageForPolicy is false, the time remaining at which UPower will consider the battery low.
If any value (of timeLow, timeCritical and timeAction) is invalid, or not in descending order, the defaults will be used.
Type: unsigned integer, meaning >=0
Default: 1200
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
- services.upower.usePercentageForPolicy
Policy for warnings and action based on battery levels
Whether battery percentage based policy should be used. The default is to use the percentage, which should work around broken firmwares. It is also more reliable than the time left (frantically saving all your files is going to use more battery than letting it rest for example).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
- services.uptime.enableSeparateMonitoringService
Whether to enable the uptime monitoring service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
- services.uptime.enableWebService
Whether to enable the uptime monitoring program web service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
- services.uptime.configFile
The uptime configuration file
If mongodb: server != localhost, please set usesRemoteMongo = true
If you only want to run the monitor, please set enableWebService = false and enableSeparateMonitoringService = true
If autoStartMonitor: false (recommended) and you want to run both services, please set enableSeparateMonitoringService = true
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
- services.uptime.nodeEnv
The node environment to run in (development, production, etc.)
Type: string
Default: "production"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
- services.uptime.usesRemoteMongo
Whether the configuration file specifies a remote mongo instance
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
- services.uptimed.enable
Enable uptimed, allowing you to track your highest uptimes.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/system/uptimed.nix>
- services.urserver.enable
Whether to enable urserver.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/urserver.nix>
- services.urxvtd.enable
Enable urxvtd, the urxvt terminal daemon. To use urxvtd, run "urxvtc".
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/urxvtd.nix>
- services.urxvtd.package
Package to install. Usually pkgs.rxvt-unicode.
Type: package
Default: pkgs.rxvt-unicode
Declared by:
<nixpkgs/nixos/modules/services/x11/urxvtd.nix>
- services.usbguard.enable
Whether to enable USBGuard daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
- services.usbguard.package
The usbguard package to use. If you do not need the Qt GUI, use pkgs.usbguard-nox to save disk space.
Type: package
Default: pkgs.usbguard
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
- services.usbguard.IPCAllowedGroups
A list of groupnames that the daemon will accept IPC connections from.
Type: list of strings
Default: [ ]
Example: [ "wheel" ]
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
- services.usbguard.IPCAllowedUsers
A list of usernames that the daemon will accept IPC connections from.
Type: list of strings
Default: [ "root" ]
Example: [ "root" "yourusername" ]
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
- services.usbguard.deviceRulesWithPort
Generate device specific rules including the "via-port" attribute.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
- services.usbguard.implictPolicyTarget
How to treat USB devices that don't match any rule in the policy. Target should be one of allow, block or reject (logically remove the device node from the system).
Type: one of "allow", "block", "reject", "keep", "apply-policy"
Default: "block"
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
- services.usbguard.insertedDevicePolicy
How to treat USB devices that are already connected after the daemon starts. One of block, reject, apply-policy.
Type: one of "allow", "block", "reject", "keep", "apply-policy"
Default: "apply-policy"
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
- services.usbguard.presentControllerPolicy
How to treat USB controller devices that are already connected when the daemon starts. One of allow, block, reject, keep or apply-policy.
Type: one of "allow", "block", "reject", "keep", "apply-policy"
Default: "keep"
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
- services.usbguard.presentDevicePolicy
How to treat USB devices that are already connected when the daemon starts. Policy should be one of allow, block, reject, keep (keep whatever state the device is currently in) or apply-policy (evaluate the rule set for every present device).
Type: one of "allow", "block", "reject", "keep", "apply-policy"
Default: "apply-policy"
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
- services.usbguard.restoreControllerDeviceState
The USBGuard daemon modifies some attributes of controller devices like the default authorization state of new child device instances. Using this setting, you can controll whether the daemon will try to restore the attribute values to the state before modificaton on shutdown.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
- services.usbguard.rules
The USBGuard daemon will load this as the policy rule set. As these rules are NixOS managed they are immutable and can't be changed by the IPC interface.
If you do not set this option, the USBGuard daemon will load it's policy rule set from /var/lib/usbguard/rules.conf. This file can be changed manually or via the IPC interface.
Running usbguard generate-policy as root will generate a config for your currently plugged in devices.
For more details see usbguard-rules.conf(5).
Type: null or strings concatenated with "\n"
Default: null
Example:
'' allow with-interface equals { 08:*:* } ''Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
- services.usbmuxd.enable
Enable the usbmuxd ("USB multiplexing daemon") service. This daemon is in charge of multiplexing connections over USB to an iOS device. This is needed for transferring data from and to iOS devices (see ifuse). Also this may enable plug-n-play tethering for iPhones.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/usbmuxd.nix>
- services.usbmuxd.group
The group usbmuxd should use to run after startup.
Type: string
Default: "usbmux"
Declared by:
<nixpkgs/nixos/modules/services/hardware/usbmuxd.nix>
- services.usbmuxd.user
The user usbmuxd should use to run after startup.
Type: string
Default: "usbmux"
Declared by:
<nixpkgs/nixos/modules/services/hardware/usbmuxd.nix>
- services.uvcvideo.dynctrl.enable
Whether to enable uvcvideo dynamic controls.
Note that enabling this brings the uvcdynctrl tool into your environment and register all dynamic controls from specified packages to the uvcvideo driver.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/video/uvcvideo/default.nix>
- services.uvcvideo.dynctrl.packages
List of packages containing uvcvideo dynamic controls rules. All files found in pkg/share/uvcdynctrl/data will be included.
Note that these will serve as input to the libwebcam package which through its own udev rule will register the dynamic controls from specified packages to the uvcvideo driver.
Type: list of paths
Example: [ pkgs.tiscamera ]
Declared by:
<nixpkgs/nixos/modules/hardware/video/uvcvideo/default.nix>
- services.uwsgi.enable
Enable uWSGI
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/uwsgi.nix>
- services.uwsgi.capabilities
Grant capabilities to the uWSGI instance. See the capabilities(7) for available values.
Note
uWSGI runs as an unprivileged user (even as Emperor) with the minimal capabilities required. This option can be used to add fine-grained permissions without running the service as root.When in Emperor mode, any capability to be inherited by a vassal must be specified again in the vassal configuration using cap. See the uWSGI docs for more information.
Type: list of strings
Default: [ ]
Example:
[ "CAP_NET_BIND_SERVICE" # bind on ports <1024 "CAP_NET_RAW" # open raw sockets ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/uwsgi.nix>
- services.uwsgi.group
Group account under which uWSGI runs.
Type: string
Default: "uwsgi"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/uwsgi.nix>
- services.uwsgi.instance
uWSGI configuration. It awaits an attribute type inside which can be either normal or emperor.
For normal mode you can specify pythonPackages as a function from libraries set into a list of libraries. pythonpath will be set accordingly.
For emperor mode, you should use vassals attribute which should be either a set of names and configurations or a path to a directory.
Other attributes will be used in configuration file as-is. Notice that you can redefine plugins setting here.
Type: Json value or lambda
Default: { type = "normal"; }
Example:
{ type = "emperor"; vassals = { moin = { type = "normal"; pythonPackages = self: with self; [ moinmoin ]; socket = "/run/uwsgi/uwsgi.sock"; }; }; }Declared by:
<nixpkgs/nixos/modules/services/web-servers/uwsgi.nix>
- services.uwsgi.plugins
Plugins used with uWSGI
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/uwsgi.nix>
- services.uwsgi.runDir
Where uWSGI communication sockets can live
Type: path
Default: "/run/uwsgi"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/uwsgi.nix>
- services.uwsgi.user
User account under which uWSGI runs.
Type: string
Default: "uwsgi"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/uwsgi.nix>
- services.v2ray.enable
Whether to run v2ray server.
Either configFile or config must be specified.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/v2ray.nix>
- services.v2ray.package
Which v2ray package to use.
Type: package
Default: pkgs.v2ray
Declared by:
<nixpkgs/nixos/modules/services/networking/v2ray.nix>
- services.v2ray.config
The configuration object.
Either `configFile` or `config` must be specified.
See https://www.v2fly.org/en_US/config/overview.html.
Type: null or attribute set of unspecifieds
Default: null
Example: { inbounds = [ { listen = "127.0.0.1"; port = 1080; protocol = "http"; } ] ; outbounds = [ { protocol = "freedom"; } ] ; }
Declared by:
<nixpkgs/nixos/modules/services/networking/v2ray.nix>
- services.v2ray.configFile
The absolute path to the configuration file.
Either configFile or config must be specified.
See https://www.v2fly.org/en_US/config/overview.html.
Type: null or string
Default: null
Example: "/etc/v2ray/config.json"
Declared by:
<nixpkgs/nixos/modules/services/networking/v2ray.nix>
- services.varnish.enable
Whether to enable Varnish Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
- services.varnish.enableConfigCheck
Whether to enable checking the config during build time.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
- services.varnish.package
The package to use
Type: package
Default: pkgs.varnish
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
- services.varnish.config
Verbatim default.vcl configuration.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
- services.varnish.extraCommandLine
Command line switches for varnishd (run 'varnishd -?' to get list of options)
Type: string
Default: ""
Example: "-s malloc,256M"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
- services.varnish.extraModules
Varnish modules (except 'std').
Type: list of packages
Default: [ ]
Example: [ pkgs.varnishPackages.geoip ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
- services.varnish.http_address
HTTP listen address and port.
Type: string
Default: "*:6081"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
- services.varnish.stateDir
Directory holding all state for Varnish to run.
Type: path
Default: "/var/spool/varnish/nixos"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
- services.vault.enable
Whether to enable Vault daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
- services.vault.package
This option specifies the vault package to use.
Type: package
Default: pkgs.vault
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
- services.vault.address
The name of the ip interface to listen to
Type: string
Default: "127.0.0.1:8200"
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
- services.vault.extraConfig
Extra text appended to vault.hcl.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
- services.vault.extraSettingsPaths
Configuration files to load besides the immutable one defined by the NixOS module. This can be used to avoid putting credentials in the Nix store, which can be read by any user.
Each path can point to a JSON- or HCL-formatted file, or a directory to be scanned for files with .hcl or .json extensions.
To upload the confidential file with NixOps, use for example:
# https://releases.nixos.org/nixops/latest/manual/manual.html#opt-deployment.keys deployment.keys."vault.hcl" = let db = import ./db-credentials.nix; in { text = '' storage "postgresql" { connection_url = "postgres://${db.username}:${db.password}@host.example.com/exampledb?sslmode=verify-ca" } ''; user = "vault"; }; services.vault.extraSettingsPaths = ["/run/keys/vault.hcl"]; services.vault.storageBackend = "postgresql"; users.users.vault.extraGroups = ["keys"];Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
- services.vault.listenerExtraConfig
Extra text appended to the listener section.
Type: strings concatenated with "\n"
Default:
'' tls_min_version = "tls12" ''
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
- services.vault.storageBackend
The name of the type of storage backend
Type: one of "inmem", "file", "consul", "zookeeper", "s3", "azure", "dynamodb", "etcd", "mssql", "mysql", "postgresql", "swift", "gcs", "raft"
Default: "inmem"
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
- services.vault.storageConfig
HCL configuration to insert in the storageBackend section.
Confidential values should not be specified here because this option's value is written to the Nix store, which is publicly readable. Provide credentials and such in a separate file using services.vault.extraSettingsPaths.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
- services.vault.storagePath
Data directory for file backend
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
- services.vault.telemetryConfig
Telemetry configuration
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
- services.vault.tlsCertFile
TLS certificate file. TLS will be disabled unless this option is set
Type: null or string
Default: null
Example: "/path/to/your/cert.pem"
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
- services.vault.tlsKeyFile
TLS private key file. TLS will be disabled unless this option is set
Type: null or string
Default: null
Example: "/path/to/your/key.pem"
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
- services.vaultwarden.enable
Whether to enable vaultwarden.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/vaultwarden/default.nix>
- services.vaultwarden.package
Vaultwarden package to use.
Type: package
Default: pkgs.vaultwarden
Declared by:
<nixpkgs/nixos/modules/services/security/vaultwarden/default.nix>
- services.vaultwarden.backupDir
The directory under which vaultwarden will backup its persistent data.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/vaultwarden/default.nix>
- services.vaultwarden.config
The configuration of vaultwarden is done through environment variables, therefore the names are converted from camel case (e.g. disable2FARemember) to upper case snake case (e.g. DISABLE_2FA_REMEMBER). In this conversion digits (0-9) are handled just like upper case characters, so foo2 would be converted to FOO_2. Names already in this format remain unchanged, so FOO2 remains FOO2 if passed as such, even though foo2 would have been converted to FOO_2. This allows working around any potential future conflicting naming conventions.
Based on the attributes passed to this config option an environment file will be generated that is passed to vaultwarden's systemd service.
The available configuration options can be found in the environment template file.
Type: attribute set of null or boolean or signed integer or strings
Default: { }
Example:
{ domain = "https://bw.domain.tld:8443"; signupsAllowed = true; rocketPort = 8222; rocketLog = "critical"; }Declared by:
<nixpkgs/nixos/modules/services/security/vaultwarden/default.nix>
- services.vaultwarden.dbBackend
Which database backend vaultwarden will be using.
Type: one of "sqlite", "mysql", "postgresql"
Default: "sqlite"
Declared by:
<nixpkgs/nixos/modules/services/security/vaultwarden/default.nix>
- services.vaultwarden.environmentFile
Additional environment file as defined in systemd.exec(5).
Secrets like ADMIN_TOKEN and SMTP_PASSWORD may be passed to the service without adding them to the world-readable Nix store.
Note that this file needs to be available on the host on which vaultwarden is running.
Type: null or path
Default: null
Example: "/root/vaultwarden.env"
Declared by:
<nixpkgs/nixos/modules/services/security/vaultwarden/default.nix>
- services.vaultwarden.webVaultPackage
Web vault package to use.
Type: package
Default: pkgs.vaultwarden-vault
Declared by:
<nixpkgs/nixos/modules/services/security/vaultwarden/default.nix>
- services.vdr.enable
Whether to enable VDR. Please put config into /var/lib/vdr.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/vdr.nix>
- services.vdr.enableLirc
Whether to enable LIRC.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/vdr.nix>
- services.vdr.package
Package to use.
Type: package
Default: pkgs.vdr
Example: pkgs.wrapVdr.override { plugins = with pkgs.vdrPlugins; [ hello ]; }
Declared by:
<nixpkgs/nixos/modules/services/hardware/vdr.nix>
- services.vdr.extraArguments
Additional command line arguments to pass to VDR.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/vdr.nix>
- services.vdr.videoDir
Recording directory
Type: path
Default: "/srv/vdr/video"
Declared by:
<nixpkgs/nixos/modules/services/hardware/vdr.nix>
- services.vector.enable
Whether to enable Vector.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/logging/vector.nix>
- services.vector.journaldAccess
Enable Vector to access journald.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/logging/vector.nix>
- services.vector.settings
Specify the configuration for Vector in Nix.
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/logging/vector.nix>
- services.victoriametrics.enable
Whether to enable victoriametrics.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/victoriametrics.nix>
- services.victoriametrics.package
The VictoriaMetrics distribution to use.
Type: package
Default: pkgs.victoriametrics
Declared by:
<nixpkgs/nixos/modules/services/databases/victoriametrics.nix>
- services.victoriametrics.extraOptions
Extra options to pass to VictoriaMetrics. See the README: https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/README.md or victoriametrics -help for more information.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/databases/victoriametrics.nix>
- services.victoriametrics.listenAddress
The listen address for the http interface.
Type: string
Default: ":8428"
Declared by:
<nixpkgs/nixos/modules/services/databases/victoriametrics.nix>
- services.victoriametrics.retentionPeriod
Retention period in months.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/databases/victoriametrics.nix>
- services.vikunja.enable
Whether to enable vikunja service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
- services.vikunja.package-api
vikunja-api derivation to use.
Type: package
Default: pkgs.vikunja-api
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
- services.vikunja.package-frontend
vikunja-frontend derivation to use.
Type: package
Default: pkgs.vikunja-frontend
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
- services.vikunja.database.database
Database name.
Type: string
Default: "vikunja"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
- services.vikunja.database.host
Database host address. Can also be a socket.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
- services.vikunja.database.path
Path to the sqlite3 database file.
Type: string
Default: "/var/lib/vikunja/vikunja.db"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
- services.vikunja.database.type
Database engine to use.
Type: one of "sqlite", "mysql", "postgres"
Default: "sqlite"
Example: "postgres"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
- services.vikunja.database.user
Database user.
Type: string
Default: "vikunja"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
- services.vikunja.environmentFiles
List of environment files set in the vikunja systemd service. For example passwords should be set in one of these files.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
- services.vikunja.frontendHostname
The Hostname under which the frontend is running.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
- services.vikunja.frontendScheme
Whether the site is available via http or https. This does not configure https or ACME in nginx!
Type: one of "http", "https"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
- services.vikunja.settings
Vikunja configuration. Refer to https://vikunja.io/docs/config-options/ for details on supported values.
Type: YAML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
- services.vikunja.setupNginx
Whether to setup NGINX. Further nginx configuration can be done by changing services.nginx.virtualHosts.<frontendHostname>. This does not enable TLS or ACME by default. To enable this, set the services.nginx.virtualHosts.<frontendHostname>.enableACME to true and if appropriate do the same for services.nginx.virtualHosts.<frontendHostname>.forceSSL.
Type: boolean
Default: config.services.nginx.enable
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
- services.virtlyst.enable
Whether to enable Virtlyst libvirt web interface.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/virtlyst.nix>
- services.virtlyst.adminPassword
Initial admin password with which the database will be seeded.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/virtlyst.nix>
- services.virtlyst.httpSocket
IP and/or port to which to bind the http socket.
Type: string
Default: "localhost:3000"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/virtlyst.nix>
- services.virtuoso.enable
Whether to enable Virtuoso Opensource database server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/virtuoso.nix>
- services.virtuoso.config
Extra options to put into Virtuoso configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/databases/virtuoso.nix>
- services.virtuoso.dirsAllowed
A list of directories Virtuoso is allowed to access
Type: null or string
Default: null
Example: "/www, /home/"
Declared by:
<nixpkgs/nixos/modules/services/databases/virtuoso.nix>
- services.virtuoso.httpListenAddress
ip:port or port for Virtuoso HTTP server to listen on.
Type: null or string
Default: null
Example: "myserver:8080"
Declared by:
<nixpkgs/nixos/modules/services/databases/virtuoso.nix>
- services.virtuoso.listenAddress
ip:port or port to listen on.
Type: string
Default: "1111"
Example: "myserver:1323"
Declared by:
<nixpkgs/nixos/modules/services/databases/virtuoso.nix>
- services.virtuoso.parameters
Extra options to put into [Parameters] section of Virtuoso configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/databases/virtuoso.nix>
- services.vnstat.enable
Whether to enable update of network usage statistics via vnstatd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/vnstat.nix>
- services.vsftpd.enable
Whether to enable vsftpd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.enableVirtualUsers
Whether to enable the pam_userdb-based virtual user system
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.allowWriteableChroot
Allow the use of writeable root inside chroot().
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.anonymousMkdirEnable
Whether any uploads are permitted to anonymous users.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.anonymousUmask
Anonymous write umask.
Type: string
Default: "077"
Example: "002"
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.anonymousUploadEnable
Whether any uploads are permitted to anonymous users.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.anonymousUser
Whether to enable the anonymous FTP user.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.anonymousUserHome
Directory to consider the HOME of the anonymous user.
Type: path
Default: "/home/ftp/"
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.anonymousUserNoPassword
Whether to disable the password for the anonymous FTP user.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.chrootlocalUser
Whether local users are confined to their home directory.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.extraConfig
Extra configuration to add at the bottom of the generated configuration file.
Type: strings concatenated with "\n"
Default: ""
Example: "ftpd_banner=Hello"
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.forceLocalDataSSL
Only applies if sslEnable is true. Non anonymous (local) users must use a secure SSL connection for sending/receiving data on data connection.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.forceLocalLoginsSSL
Only applies if sslEnable is true. Non anonymous (local) users must use a secure SSL connection to send a password.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.localRoot
This option represents a directory which vsftpd will try to change into after a local (i.e. non- anonymous) login.
Failure is silently ignored.
Type: null or string
Default: null
Example: "/var/www/$USER"
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.localUsers
Whether to enable FTP for local users.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.portPromiscuous
Set to YES if you want to disable the PORT security check that ensures that outgoing data connections can only connect to the client. Only enable if you know what you are doing!
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.rsaCertFile
RSA certificate file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.rsaKeyFile
RSA private key file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.ssl_sslv2
Only applies if ssl_enable is activated. If enabled, this option will permit SSL v2 protocol connections. TLS v1 connections are preferred.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.ssl_sslv3
Only applies if ssl_enable is activated. If enabled, this option will permit SSL v3 protocol connections. TLS v1 connections are preferred.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.ssl_tlsv1
Only applies if ssl_enable is activated. If enabled, this option will permit TLS v1 protocol connections. TLS v1 connections are preferred.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.userDbPath
Only applies if enableVirtualUsers is true. Path pointing to the pam_userdb user database used by vsftpd to authenticate the virtual users.
This user list should be stored in the Berkeley DB database format.
To generate a new user database, create a text file, add your users using the following format:
user1 password1 user2 password2
You can then install pkgs.db to generate the Berkeley DB using
db_load -T -t hash -f logins.txt userDb.db
Caution: pam_userdb will automatically append a .db suffix to the filename you provide though this option. This option shouldn't include this filetype suffix.
Type: null or string
Default: null
Example: "/etc/vsftpd/userDb"
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.userlist
See userlistFile.
Type: unspecified
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.userlistDeny
Specifies whether userlistFile is a list of user names to allow or deny access. The default false means whitelist/allow.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.userlistEnable
Whether users are included.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.userlistFile
Newline separated list of names to be allowed/denied if userlistEnable is true. Meaning see userlistDeny.
The default is a file containing the users from userlist.
If explicitely set to null userlist_file will not be set in vsftpd's config file.
Type: path
Default: pkgs.writeText "userlist" (concatMapStrings (x: "${x}\n") cfg.userlist)
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.virtualUseLocalPrivs
If enabled, virtual users will use the same privileges as local users. By default, virtual users will use the same privileges as anonymous users, which tends to be more restrictive (especially in terms of write access).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.vsftpd.writeEnable
Whether any write activity is permitted to users.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
- services.wasabibackend.enable
Whether to enable Wasabi backend service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
- services.wasabibackend.customConfigFile
Defines the path to a custom configuration file that is copied to the user's directory. Overrides any config options.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
- services.wasabibackend.dataDir
The data directory for the Wasabi backend node.
Type: path
Default: "/var/lib/wasabibackend"
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
- services.wasabibackend.endpoint.ip
IP address for P2P connection to bitcoind.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
- services.wasabibackend.endpoint.port
Port for P2P connection to bitcoind.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8333
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
- services.wasabibackend.group
The group as which to run the wasabibackend node.
Type: string
Default: "wasabibackend"
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
- services.wasabibackend.network
The network to use for the Wasabi backend service.
Type: one of "mainnet", "testnet", "regtest"
Default: "mainnet"
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
- services.wasabibackend.rpc.ip
IP address for RPC connection to bitcoind.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
- services.wasabibackend.rpc.password
RPC password for the bitcoin endpoint. Warning: this is stored in cleartext in the Nix store! Use configFile or passwordFile if needed.
Type: string
Default: "password"
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
- services.wasabibackend.rpc.passwordFile
File that contains the password of the RPC user.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
- services.wasabibackend.rpc.port
Port for RPC connection to bitcoind.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8332
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
- services.wasabibackend.rpc.user
RPC user for the bitcoin endpoint.
Type: string
Default: "bitcoin"
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
- services.wasabibackend.user
The user as which to run the wasabibackend node.
Type: string
Default: "wasabibackend"
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
- services.webdav.enable
Whether to enable WebDAV server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/webdav.nix>
- services.webdav.configFile
Path to config file. If this option is set, it will override any configuration done in options.services.webdav.settings.
Type: path
Default: "Config file generated from services.webdav.settings"
Example: "/etc/webdav/config.yaml"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/webdav.nix>
- services.webdav.environmentFile
Environment file as defined in systemd.exec(5).
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/webdav.nix>
- services.webdav.group
Group under which WebDAV runs.
Type: string
Default: "webdav"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/webdav.nix>
- services.webdav.settings
Attrset that is converted and passed as config file. Available options can be found at here.
This program supports reading username and password configuration from environment variables, so it's strongly recommended to store username and password in a separate EnvironmentFile. This prevents adding secrets to the world-readable Nix store.
Type: YAML value
Default: { }
Example:
{ address = "0.0.0.0"; port = 8080; scope = "/srv/public"; modify = true; auth = true; users = [ { username = "{env}ENV_USERNAME"; password = "{env}ENV_PASSWORD"; } ]; }Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/webdav.nix>
- services.webdav.user
User account under which WebDAV runs.
Type: string
Default: "webdav"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/webdav.nix>
- services.weechat.enable
Whether to enable weechat.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/weechat.nix>
- services.weechat.binary
Binary to execute.
Type: path
Default: "${pkgs.weechat}/bin/weechat"
Example: "${pkgs.weechat}/bin/weechat-headless"
Declared by:
<nixpkgs/nixos/modules/services/misc/weechat.nix>
- services.weechat.root
Weechat state directory.
Type: string
Default: "/var/lib/weechat"
Declared by:
<nixpkgs/nixos/modules/services/misc/weechat.nix>
- services.weechat.sessionName
Name of the `screen' session for weechat.
Type: string
Default: "weechat-screen"
Declared by:
<nixpkgs/nixos/modules/services/misc/weechat.nix>
- services.whitebophir.enable
Whether to enable whitebophir, an online collaborative whiteboard server (persistent state will be maintained under /var/lib/whitebophir).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/whitebophir.nix>
- services.whitebophir.package
Whitebophir package to use.
Type: package
Default: pkgs.whitebophir
Declared by:
<nixpkgs/nixos/modules/services/web-apps/whitebophir.nix>
- services.whitebophir.listenAddress
Address to listen on (use 0.0.0.0 to allow access from any address).
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/whitebophir.nix>
- services.whitebophir.port
Port to bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5001
Declared by:
<nixpkgs/nixos/modules/services/web-apps/whitebophir.nix>
- services.wiki-js.enable
Whether to enable wiki-js.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wiki-js.nix>
- services.wiki-js.environmentFile
Environment fiel to inject e.g. secrets into the configuration.
Type: null or path
Default: null
Example: "/root/wiki-js.env"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wiki-js.nix>
- services.wiki-js.settings
Settings to configure wiki-js. This directly corresponds to the upstream configuration options.
Secrets can be injected via the environment by
- specifying services.wiki-js.environmentFile to contain secrets
- and setting sensitive values to $(ENVIRONMENT_VAR) with this value defined in the environment-file.
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wiki-js.nix>
- services.wiki-js.settings.bindIP
IPs the service should listen to.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wiki-js.nix>
- services.wiki-js.settings.db.db
Name of the database to use.
Type: string
Default: "wiki"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wiki-js.nix>
- services.wiki-js.settings.db.host
Hostname or socket-path to connect to.
Type: string
Example: "/run/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wiki-js.nix>
- services.wiki-js.settings.db.type
Database driver to use for persistence. Please note that sqlite is currently not supported as the build process for it is currently not implemented in pkgs.wiki-js and it's not recommended by upstream for production use.
Type: one of "postgres", "mysql", "mariadb", "mssql"
Default: "postgres"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wiki-js.nix>
- services.wiki-js.settings.logLevel
Define how much detail is supposed to be logged at runtime.
Type: one of "error", "warn", "info", "verbose", "debug", "silly"
Default: "info"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wiki-js.nix>
- services.wiki-js.settings.offline
Disable latest file updates and enable sideloading.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wiki-js.nix>
- services.wiki-js.settings.port
TCP port the process should listen to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wiki-js.nix>
- services.wiki-js.stateDirectoryName
Name of the directory in /var/lib.
Type: string
Default: "wiki-js"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wiki-js.nix>
- services.wordpress
Wordpress configuration
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.<name>.package
Which WordPress package to use.
Type: package
Default: pkgs.wordpress
- services.wordpress.<name>.database.createLocally
Create the database and database user locally.
Type: boolean
Default: true
- services.wordpress.<name>.database.host
Database host address.
Type: string
Default: "localhost"
- services.wordpress.<name>.database.name
Database name.
Type: string
Default: "wordpress"
- services.wordpress.<name>.database.passwordFile
A file containing the password corresponding to database.user.
Type: null or path
Default: null
Example: "/run/keys/wordpress-dbpassword"
- services.wordpress.<name>.database.port
Database host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3306
- services.wordpress.<name>.database.socket
Path to the unix socket file to use for authentication.
Type: null or path
Default: /run/mysqld/mysqld.sock
- services.wordpress.<name>.database.tablePrefix
The $table_prefix is the value placed in the front of your database tables. Change the value if you want to use something other than wp_ for your database prefix. Typically this is changed if you are installing multiple WordPress blogs in the same database.
See https://codex.wordpress.org/Editing_wp-config.php#table_prefix.
Type: string
Default: "wp_"
- services.wordpress.<name>.database.user
Database user.
Type: string
Default: "wordpress"
- services.wordpress.<name>.extraConfig
Any additional text to be appended to the wp-config.php configuration file. This is a PHP script. For configuration settings, see https://codex.wordpress.org/Editing_wp-config.php.
Type: strings concatenated with "\n"
Default: ""
Example:
'' define( 'AUTOSAVE_INTERVAL', 60 ); // Seconds ''
- services.wordpress.<name>.plugins
List of path(s) to respective plugin(s) which are copied from the 'plugins' directory.
Note
These plugins need to be packaged before use, see example.Type: list of paths
Default: [ ]
Example:
let # Wordpress plugin 'embed-pdf-viewer' installation example embedPdfViewerPlugin = pkgs.stdenv.mkDerivation { name = "embed-pdf-viewer-plugin"; # Download the theme from the wordpress site src = pkgs.fetchurl { url = "https://downloads.wordpress.org/plugin/embed-pdf-viewer.2.0.3.zip"; sha256 = "1rhba5h5fjlhy8p05zf0p14c9iagfh96y91r36ni0rmk6y891lyd"; }; # We need unzip to build this package nativeBuildInputs = [ pkgs.unzip ]; # Installing simply means copying all files to the output directory installPhase = "mkdir -p $out; cp -R * $out/"; }; # And then pass this theme to the themes list like this: in [ embedPdfViewerPlugin ]- services.wordpress.<name>.poolConfig
Options for the WordPress PHP pool. See the documentation on php-fpm.conf for details on configuration directives.
Type: attribute set of string or signed integer or booleans
Default: { pm = "dynamic"; pm.max_children = 32; pm.max_requests = 500; pm.max_spare_servers = 4; pm.min_spare_servers = 2; pm.start_servers = 2; }
- services.wordpress.<name>.themes
List of path(s) to respective theme(s) which are copied from the 'theme' directory.
Note
These themes need to be packaged before use, see example.Type: list of paths
Default: [ ]
Example:
let # Let's package the responsive theme responsiveTheme = pkgs.stdenv.mkDerivation { name = "responsive-theme"; # Download the theme from the wordpress site src = pkgs.fetchurl { url = "https://downloads.wordpress.org/theme/responsive.3.14.zip"; sha256 = "0rjwm811f4aa4q43r77zxlpklyb85q08f9c8ns2akcarrvj5ydx3"; }; # We need unzip to build this package nativeBuildInputs = [ pkgs.unzip ]; # Installing simply means copying all files to the output directory installPhase = "mkdir -p $out; cp -R * $out/"; }; # And then pass this theme to the themes list like this: in [ responsiveTheme ]- services.wordpress.<name>.uploadsDir
This directory is used for uploads of pictures. The directory passed here is automatically created and permissions adjusted as required.
Type: path
Default: "/var/lib/wordpress/‹name›/uploads"
- services.wordpress.<name>.virtualHost
Apache configuration can be done by adapting services.httpd.virtualHosts.
Type: submodule
Example:
{ adminAddr = "webmaster@example.org"; forceSSL = true; enableACME = true; }- services.wordpress.<name>.virtualHost.enableACME
Whether to ask Let's Encrypt to sign a certificate for this vhost. Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: false
- services.wordpress.<name>.virtualHost.enableUserDir
Whether to enable serving ~/public_html as /~username.
Type: boolean
Default: false
- services.wordpress.<name>.virtualHost.acmeRoot
Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
Type: string
Default: "/var/lib/acme/acme-challenge"
- services.wordpress.<name>.virtualHost.addSSL
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443).
Type: boolean
Default: false
- services.wordpress.<name>.virtualHost.adminAddr
E-mail address of the server administrator.
Type: null or string
Default: null
Example: "admin@example.org"
- services.wordpress.<name>.virtualHost.documentRoot
The path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root.
Type: null or path
Default: null
Example: "/data/webserver/docs"
- services.wordpress.<name>.virtualHost.extraConfig
These lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default.
Type: strings concatenated with "\n"
Default: ""
Example:
'' <Directory /home> Options FollowSymlinks AllowOverride All </Directory> ''
- services.wordpress.<name>.virtualHost.forceSSL
Whether to add a separate nginx server block that permanently redirects (301) all plain HTTP traffic to HTTPS. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
- services.wordpress.<name>.virtualHost.globalRedirect
If set, all requests for this host are redirected permanently to the given URL.
Type: null or string
Default: null
Example: "http://newserver.example.org/"
- services.wordpress.<name>.virtualHost.hostName
Canonical hostname for the server.
Type: string
Default: "‹name›"
- services.wordpress.<name>.virtualHost.http2
Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. However, if you use the prefork mpm, there will be severe restrictions. Refer to https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config for details.
Type: boolean
Default: true
- services.wordpress.<name>.virtualHost.listen
Listen addresses and ports for this virtual host.
Note
This option overrides addSSL, forceSSL and onlySSL.If you only want to set the addresses manually and not the ports, take a look at listenAddresses.
Type: list of submodules
Default: [ ]
Example: [ { ip = "195.154.1.1"; port = 443; ssl = true; } { ip = "192.154.1.1"; port = 80; } { ip = "*"; port = 8080; } ]
- services.wordpress.<name>.virtualHost.listen.*.ip
IP to listen on. 0.0.0.0 for IPv4 only, * for all.
Type: string
Default: "*"
- services.wordpress.<name>.virtualHost.listen.*.port
Port to listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
- services.wordpress.<name>.virtualHost.listen.*.ssl
Whether to enable SSL (https) support.
Type: boolean
Default: false
- services.wordpress.<name>.virtualHost.listenAddresses
Listen addresses for this virtual host. Compared to listen this only sets the addreses and the ports are chosen automatically.
Type: non-empty list of strings
Default: [ "*" ]
Example: [ "127.0.0.1" ]
- services.wordpress.<name>.virtualHost.locations
Declarative location config. See https://httpd.apache.org/docs/2.4/mod/core.html#location for details.
Type: attribute set of submodules
Default: { }
Example:
{ "/" = { proxyPass = "http://localhost:3000"; }; "/foo/bar.png" = { alias = "/home/eelco/some-file.png"; }; };- services.wordpress.<name>.virtualHost.locations.<name>.alias
Alias directory for requests. See https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias.
Type: null or path
Default: null
Example: "/your/alias/directory"
- services.wordpress.<name>.virtualHost.locations.<name>.extraConfig
These lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
- services.wordpress.<name>.virtualHost.locations.<name>.index
Adds DirectoryIndex directive. See https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex.
Type: null or string
Default: null
Example: "index.php index.html"
- services.wordpress.<name>.virtualHost.locations.<name>.priority
Order of this location block in relation to the others in the vhost. The semantics are the same as with `lib.mkOrder`. Smaller values have a greater priority.
Type: signed integer
Default: 1000
- services.wordpress.<name>.virtualHost.locations.<name>.proxyPass
Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
Type: null or string
Default: null
Example: "http://www.example.org/"
- services.wordpress.<name>.virtualHost.logFormat
Log format for Apache's log files. Possible values are: combined, common, referer, agent.
Type: string
Default: "common"
Example: "combined"
- services.wordpress.<name>.virtualHost.onlySSL
Whether to enable HTTPS and reject plain HTTP connections. This will set defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
- services.wordpress.<name>.virtualHost.robotsEntries
Specification of pages to be ignored by web crawlers. See http://www.robotstxt.org/ for details.
Type: strings concatenated with "\n"
Default: ""
Example: "Disallow: /foo/"
- services.wordpress.<name>.virtualHost.servedDirs
This option provides a simple way to serve static directories.
Type: list of attribute sets
Default: [ ]
Example: [ { dir = "/home/eelco/Dev/nix-homepage"; urlPath = "/nix"; } ]
- services.wordpress.<name>.virtualHost.servedFiles
This option provides a simple way to serve individual, static files.
Note
This option has been deprecated and will be removed in a future version of NixOS. You can achieve the same result by making use of the locations.<name>.alias option.Type: list of attribute sets
Default: [ ]
Example: [ { file = "/home/eelco/some-file.png"; urlPath = "/foo/bar.png"; } ]
- services.wordpress.<name>.virtualHost.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of strings
Default: [ ]
Example: [ "www.example.org" "www.example.org:8080" "example.org" ]
- services.wordpress.<name>.virtualHost.sslServerCert
Path to server SSL certificate.
Type: path
Example: "/var/host.cert"
- services.wordpress.<name>.virtualHost.sslServerChain
Path to server SSL chain file.
Type: null or path
Default: null
Example: "/var/ca.pem"
- services.wordpress.<name>.virtualHost.sslServerKey
Path to server SSL certificate key.
Type: path
Example: "/var/host.key"
- services.wordpress.<name>.virtualHost.useACMEHost
A host of an existing Let's Encrypt certificate to use. This is useful if you have many subdomains and want to avoid hitting the rate limit. Alternately, you can generate a certificate through enableACME. Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
- services.wordpress.sites
Specification of one or more WordPress sites to serve
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.package
Which WordPress package to use.
Type: package
Default: pkgs.wordpress
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.database.createLocally
Create the database and database user locally.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.database.host
Database host address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.database.name
Database name.
Type: string
Default: "wordpress"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.database.passwordFile
A file containing the password corresponding to database.user.
Type: null or path
Default: null
Example: "/run/keys/wordpress-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.database.port
Database host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3306
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.database.socket
Path to the unix socket file to use for authentication.
Type: null or path
Default: /run/mysqld/mysqld.sock
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.database.tablePrefix
The $table_prefix is the value placed in the front of your database tables. Change the value if you want to use something other than wp_ for your database prefix. Typically this is changed if you are installing multiple WordPress blogs in the same database.
See https://codex.wordpress.org/Editing_wp-config.php#table_prefix.
Type: string
Default: "wp_"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.database.user
Database user.
Type: string
Default: "wordpress"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.extraConfig
Any additional text to be appended to the wp-config.php configuration file. This is a PHP script. For configuration settings, see https://codex.wordpress.org/Editing_wp-config.php.
Type: strings concatenated with "\n"
Default: ""
Example:
'' define( 'AUTOSAVE_INTERVAL', 60 ); // Seconds ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.plugins
List of path(s) to respective plugin(s) which are copied from the 'plugins' directory.
Note
These plugins need to be packaged before use, see example.Type: list of paths
Default: [ ]
Example:
let # Wordpress plugin 'embed-pdf-viewer' installation example embedPdfViewerPlugin = pkgs.stdenv.mkDerivation { name = "embed-pdf-viewer-plugin"; # Download the theme from the wordpress site src = pkgs.fetchurl { url = "https://downloads.wordpress.org/plugin/embed-pdf-viewer.2.0.3.zip"; sha256 = "1rhba5h5fjlhy8p05zf0p14c9iagfh96y91r36ni0rmk6y891lyd"; }; # We need unzip to build this package nativeBuildInputs = [ pkgs.unzip ]; # Installing simply means copying all files to the output directory installPhase = "mkdir -p $out; cp -R * $out/"; }; # And then pass this theme to the themes list like this: in [ embedPdfViewerPlugin ]Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.poolConfig
Options for the WordPress PHP pool. See the documentation on php-fpm.conf for details on configuration directives.
Type: attribute set of string or signed integer or booleans
Default: { pm = "dynamic"; pm.max_children = 32; pm.max_requests = 500; pm.max_spare_servers = 4; pm.min_spare_servers = 2; pm.start_servers = 2; }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.themes
List of path(s) to respective theme(s) which are copied from the 'theme' directory.
Note
These themes need to be packaged before use, see example.Type: list of paths
Default: [ ]
Example:
let # Let's package the responsive theme responsiveTheme = pkgs.stdenv.mkDerivation { name = "responsive-theme"; # Download the theme from the wordpress site src = pkgs.fetchurl { url = "https://downloads.wordpress.org/theme/responsive.3.14.zip"; sha256 = "0rjwm811f4aa4q43r77zxlpklyb85q08f9c8ns2akcarrvj5ydx3"; }; # We need unzip to build this package nativeBuildInputs = [ pkgs.unzip ]; # Installing simply means copying all files to the output directory installPhase = "mkdir -p $out; cp -R * $out/"; }; # And then pass this theme to the themes list like this: in [ responsiveTheme ]Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.uploadsDir
This directory is used for uploads of pictures. The directory passed here is automatically created and permissions adjusted as required.
Type: path
Default: "/var/lib/wordpress/‹name›/uploads"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost
Apache configuration can be done by adapting services.httpd.virtualHosts.
Type: submodule
Example:
{ adminAddr = "webmaster@example.org"; forceSSL = true; enableACME = true; }Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.enableACME
Whether to ask Let's Encrypt to sign a certificate for this vhost. Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.enableUserDir
Whether to enable serving ~/public_html as /~username.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.acmeRoot
Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
Type: string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.addSSL
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.adminAddr
E-mail address of the server administrator.
Type: null or string
Default: null
Example: "admin@example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.documentRoot
The path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.extraConfig
These lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default.
Type: strings concatenated with "\n"
Default: ""
Example:
'' <Directory /home> Options FollowSymlinks AllowOverride All </Directory> ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.forceSSL
Whether to add a separate nginx server block that permanently redirects (301) all plain HTTP traffic to HTTPS. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.globalRedirect
If set, all requests for this host are redirected permanently to the given URL.
Type: null or string
Default: null
Example: "http://newserver.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.hostName
Canonical hostname for the server.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.http2
Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. However, if you use the prefork mpm, there will be severe restrictions. Refer to https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config for details.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.listen
Listen addresses and ports for this virtual host.
Note
This option overrides addSSL, forceSSL and onlySSL.If you only want to set the addresses manually and not the ports, take a look at listenAddresses.
Type: list of submodules
Default: [ ]
Example: [ { ip = "195.154.1.1"; port = 443; ssl = true; } { ip = "192.154.1.1"; port = 80; } { ip = "*"; port = 8080; } ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.listen.*.ip
IP to listen on. 0.0.0.0 for IPv4 only, * for all.
Type: string
Default: "*"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.listen.*.port
Port to listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.listen.*.ssl
Whether to enable SSL (https) support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.listenAddresses
Listen addresses for this virtual host. Compared to listen this only sets the addreses and the ports are chosen automatically.
Type: non-empty list of strings
Default: [ "*" ]
Example: [ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.locations
Declarative location config. See https://httpd.apache.org/docs/2.4/mod/core.html#location for details.
Type: attribute set of submodules
Default: { }
Example:
{ "/" = { proxyPass = "http://localhost:3000"; }; "/foo/bar.png" = { alias = "/home/eelco/some-file.png"; }; };Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.locations.<name>.alias
Alias directory for requests. See https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.locations.<name>.extraConfig
These lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.locations.<name>.index
Adds DirectoryIndex directive. See https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.locations.<name>.priority
Order of this location block in relation to the others in the vhost. The semantics are the same as with `lib.mkOrder`. Smaller values have a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.locations.<name>.proxyPass
Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.logFormat
Log format for Apache's log files. Possible values are: combined, common, referer, agent.
Type: string
Default: "common"
Example: "combined"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.onlySSL
Whether to enable HTTPS and reject plain HTTP connections. This will set defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.robotsEntries
Specification of pages to be ignored by web crawlers. See http://www.robotstxt.org/ for details.
Type: strings concatenated with "\n"
Default: ""
Example: "Disallow: /foo/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.servedDirs
This option provides a simple way to serve static directories.
Type: list of attribute sets
Default: [ ]
Example: [ { dir = "/home/eelco/Dev/nix-homepage"; urlPath = "/nix"; } ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.servedFiles
This option provides a simple way to serve individual, static files.
Note
This option has been deprecated and will be removed in a future version of NixOS. You can achieve the same result by making use of the locations.<name>.alias option.Type: list of attribute sets
Default: [ ]
Example: [ { file = "/home/eelco/some-file.png"; urlPath = "/foo/bar.png"; } ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of strings
Default: [ ]
Example: [ "www.example.org" "www.example.org:8080" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.sslServerCert
Path to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.sslServerChain
Path to server SSL chain file.
Type: null or path
Default: null
Example: "/var/ca.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.sslServerKey
Path to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.sites.<name>.virtualHost.useACMEHost
A host of an existing Let's Encrypt certificate to use. This is useful if you have many subdomains and want to avoid hitting the rate limit. Alternately, you can generate a certificate through enableACME. Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.wordpress.webserver
Whether to use apache2 or nginx for virtual host management.
Further nginx configuration can be done by adapting services.nginx.virtualHosts.<name>. See services.nginx.virtualHosts for further information.
Further apache2 configuration can be done by adapting services.httpd.virtualHosts.<name>. See services.httpd.virtualHosts for further information.
Type: one of "httpd", "nginx", "caddy"
Default: "httpd"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
- services.x2goserver.enable
Enables the x2goserver module. NOTE: This will create a good amount of symlinks in `/usr/local/bin`
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/x2goserver.nix>
- services.x2goserver.nxagentDefaultOptions
List of default nx agent options.
Type: list of strings
Default: [ "-extension GLX" "-nolisten tcp" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/x2goserver.nix>
- services.x2goserver.settings
x2goserver.conf ini configuration as nix attributes. See `x2goserver.conf(5)` for details
Type: attribute set of attribute sets
Default: { }
Example:
{ superenicer = { "enable" = "yes"; "idle-nice-level" = 19; }; telekinesis = { "enable" = "no"; }; }Declared by:
<nixpkgs/nixos/modules/services/networking/x2goserver.nix>
- services.x2goserver.superenicer.enable
Enables the SupeReNicer code in x2gocleansessions, this will renice suspended sessions to nice level 19 and renice them to level 0 if the session becomes marked as running again
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/x2goserver.nix>
- services.xandikos.enable
Whether to enable Xandikos CalDAV and CardDAV server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/xandikos.nix>
- services.xandikos.package
The Xandikos package to use.
Type: package
Default: pkgs.xandikos
Declared by:
<nixpkgs/nixos/modules/services/networking/xandikos.nix>
- services.xandikos.address
The IP address on which Xandikos will listen. By default listens on localhost.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/xandikos.nix>
- services.xandikos.extraOptions
Extra command line arguments to pass to xandikos.
Type: list of strings
Default: [ ]
Example:
[ "--autocreate" "--defaults" "--current-user-principal user" "--dump-dav-xml" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/xandikos.nix>
- services.xandikos.nginx
Configuration for nginx reverse proxy.
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/xandikos.nix>
- services.xandikos.nginx.enable
Configure the nginx reverse proxy settings.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/xandikos.nix>
- services.xandikos.nginx.hostName
The hostname use to setup the virtualhost configuration
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/xandikos.nix>
- services.xandikos.port
The port of the Xandikos web application
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/networking/xandikos.nix>
- services.xandikos.routePrefix
Path to Xandikos. Useful when Xandikos is behind a reverse proxy.
Type: string
Default: "/"
Declared by:
<nixpkgs/nixos/modules/services/networking/xandikos.nix>
- services.xbanish.enable
Whether to enable xbanish.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/xbanish.nix>
- services.xbanish.arguments
Arguments to pass to xbanish command
Type: string
Default: ""
Example: "-d -i shift"
Declared by:
<nixpkgs/nixos/modules/services/x11/xbanish.nix>
- services.xe-guest-utilities.enable
Whether to enable the Xen guest utilities daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/xe-guest-utilities.nix>
- services.xfs.enable
Whether to enable the X Font Server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/xfs.nix>
- services.xinetd.enable
Whether to enable the xinetd super-server daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
- services.xinetd.extraDefaults
Additional configuration lines added to the default section of xinetd's configuration.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
- services.xinetd.services
A list of services provided by xinetd.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
- services.xinetd.services.*.extraConfig
Extra configuration-lines added to the section of the service.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
- services.xinetd.services.*.flags
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
- services.xinetd.services.*.name
Name of the service.
Type: string
Example: "login"
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
- services.xinetd.services.*.port
Port number of the service.
Type: signed integer
Default: 0
Example: 123
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
- services.xinetd.services.*.protocol
Protocol of the service. Usually tcp or udp.
Type: string
Default: "tcp"
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
- services.xinetd.services.*.server
Path of the program that implements the service.
Type: string
Example: "/foo/bin/ftpd"
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
- services.xinetd.services.*.serverArgs
Command-line arguments for the server program.
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
- services.xinetd.services.*.unlisted
Whether this server is listed in /etc/services. If so, the port number can be omitted.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
- services.xinetd.services.*.user
User account for the service
Type: string
Default: "nobody"
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
- services.xl2tpd.enable
Whether to enable xl2tpd, the Layer 2 Tunnelling Protocol Daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/xl2tpd.nix>
- services.xl2tpd.clientIpRange
The range from which client IPs are drawn.
Type: string
Default: "10.125.125.2-11"
Declared by:
<nixpkgs/nixos/modules/services/networking/xl2tpd.nix>
- services.xl2tpd.extraPppdOptions
Adds extra lines to the pppd options file.
Type: strings concatenated with "\n"
Default: ""
Example:
'' ms-dns 8.8.8.8 ms-dns 8.8.4.4 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/xl2tpd.nix>
- services.xl2tpd.extraXl2tpOptions
Adds extra lines to the xl2tpd configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/xl2tpd.nix>
- services.xl2tpd.serverIp
The server-side IP address.
Type: string
Default: "10.125.125.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/xl2tpd.nix>
- services.xmr-stak.enable
Whether to enable xmr-stak miner.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/xmr-stak.nix>
- services.xmr-stak.configFiles
Content of config files like config.txt, pools.txt or cpu.txt.
Type: attribute set of strings
Default: { }
Example:
{ "config.txt" = '' "verbose_level" : 4, "h_print_time" : 60, "tls_secure_algo" : true, ''; "pools.txt" = '' "currency" : "monero7", "pool_list" : [ { "pool_address" : "pool.supportxmr.com:443", "wallet_address" : "my-wallet-address", "rig_id" : "", "pool_password" : "nixos", "use_nicehash" : false, "use_tls" : true, "tls_fingerprint" : "", "pool_weight" : 23 }, ], ''; }Declared by:
<nixpkgs/nixos/modules/services/misc/xmr-stak.nix>
- services.xmr-stak.cudaSupport
Whether to enable support for CUDA (NVidia graphics cards).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/xmr-stak.nix>
- services.xmr-stak.extraArgs
List of parameters to pass to xmr-stak.
Type: list of strings
Default: [ ]
Example: [ "--noCPU" "--currency monero" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/xmr-stak.nix>
- services.xmr-stak.openclSupport
Whether to enable support for OpenCL (AMD/ATI graphics cards).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/xmr-stak.nix>
- services.xmrig.enable
Whether to enable XMRig Mining Software.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/xmrig.nix>
- services.xmrig.package
XMRig package to use.
Type: package
Default: (build of xmrig-6.15.0)
Example: pkgs.xmrig-mo
Declared by:
<nixpkgs/nixos/modules/services/misc/xmrig.nix>
- services.xmrig.settings
XMRig configuration. Refer to https://xmrig.com/docs/miner/config for details on supported values.
Type: JSON value
Default: { }
Example:
{ autosave = true; cpu = true; opencl = false; cuda = false; pools = [ { url = "pool.supportxmr.com:443"; user = "your-wallet"; keepalive = true; tls = true; } ] }Declared by:
<nixpkgs/nixos/modules/services/misc/xmrig.nix>
- services.xrdp.enable
Whether to enable xrdp, the Remote Desktop Protocol server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/xrdp.nix>
- services.xrdp.package
The package to use for the xrdp daemon's binary.
Type: package
Default: pkgs.xrdp
Declared by:
<nixpkgs/nixos/modules/services/networking/xrdp.nix>
- services.xrdp.defaultWindowManager
The script to run when user log in, usually a window manager, e.g. "icewm", "xfce4-session" This is per-user overridable, if file ~/startwm.sh exists it will be used instead.
Type: string
Default: "xterm"
Example: "xfce4-session"
Declared by:
<nixpkgs/nixos/modules/services/networking/xrdp.nix>
- services.xrdp.openFirewall
Whether to open the firewall for the specified RDP port.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/xrdp.nix>
- services.xrdp.port
Specifies on which port the xrdp daemon listens.
Type: signed integer
Default: 3389
Declared by:
<nixpkgs/nixos/modules/services/networking/xrdp.nix>
- services.xrdp.sslCert
ssl certificate path A self-signed certificate will be generated if file not exists.
Type: string
Default: "/etc/xrdp/cert.pem"
Example: "/path/to/your/cert.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/xrdp.nix>
- services.xrdp.sslKey
ssl private key path A self-signed certificate will be generated if file not exists.
Type: string
Default: "/etc/xrdp/key.pem"
Example: "/path/to/your/key.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/xrdp.nix>
- services.xserver.enable
Whether to enable the X server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.enableCtrlAltBackspace
Whether to enable the DontZap option, which binds Ctrl+Alt+Backspace to forcefully kill X. This can lead to data loss and is disabled by default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.enableTCP
Whether to allow the X server to accept TCP connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.autoRepeatDelay
Sets the autorepeat delay (length of time in milliseconds that a key must be depressed before autorepeat starts).
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.autoRepeatInterval
Sets the autorepeat interval (length of time in milliseconds that should elapse between autorepeat-generated keystrokes).
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.autorun
Whether to start the X server automatically.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.cmt.enable
Enable chrome multitouch input (cmt). Touchpad drivers that are configured for chromebooks.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/cmt.nix>
- services.xserver.cmt.models
Which models to enable cmt for. Enter the Code Name for your Chromebook. Code Name can be found at https://www.chromium.org/chromium-os/developer-information-for-chrome-os-devices.
Type: one of "atlas", "banjo", "candy", "caroline", "cave", "celes", "clapper", "cyan", "daisy", "elan", "elm", "enguarde", "eve", "expresso", "falco", "gandof", "glimmer", "gnawty", "heli", "kevin", "kip", "leon", "lulu", "orco", "pbody", "peppy", "pi", "pit", "puppy", "quawks", "rambi", "samus", "snappy", "spring", "squawks", "swanky", "winky", "wolf", "auron_paine", "auron_yuna", "daisy_skate", "nyan_big", "nyan_blaze", "veyron_jaq", "veyron_jerry", "veyron_mighty", "veyron_minnie", "veyron_speedy"
Example: "banjo"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/cmt.nix>
- services.xserver.config
The contents of the configuration file of the X server (xorg.conf).
This option is set by multiple modules, and the configs are concatenated together.
In Xorg configs the last config entries take precedence, so you may want to use lib.mkAfter on this option to override NixOS's defaults.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.defaultDepth
Default colour depth.
Type: signed integer
Default: 0
Example: 8
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.desktopManager.cde.enable
Whether to enable Common Desktop Environment.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/cde.nix>
- services.xserver.desktopManager.cde.extraPackages
Extra packages to be installed system wide.
Type: list of packages
Default:
with pkgs.xorg; [ xclock bitmap xlsfonts xfd xrefresh xload xwininfo xdpyinfo xwd xwud ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/cde.nix>
- services.xserver.desktopManager.cinnamon.enable
Whether to enable the cinnamon desktop manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/cinnamon.nix>
- services.xserver.desktopManager.cinnamon.extraGSettingsOverridePackages
List of packages for which gsettings are overridden.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/cinnamon.nix>
- services.xserver.desktopManager.cinnamon.extraGSettingsOverrides
Additional gsettings overrides.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/cinnamon.nix>
- services.xserver.desktopManager.cinnamon.sessionPath
Additional list of packages to be added to the session search path. Useful for GSettings-conditional autostart.
Note that this should be a last resort; patching the package is preferred (see GPaste).
Type: list of packages
Default: [ ]
Example: [ pkgs.gnome.gpaste ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/cinnamon.nix>
- services.xserver.desktopManager.default
Deprecated, please use services.xserver.displayManager.defaultSession instead.
Default desktop manager loaded if none have been chosen.
Type: null or string
Default: null
Example: "none"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/default.nix>
- services.xserver.desktopManager.enlightenment.enable
Enable the Enlightenment desktop environment.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/enlightenment.nix>
- services.xserver.desktopManager.gnome.enable
Enable GNOME desktop manager.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
- services.xserver.desktopManager.gnome.debug
Whether to enable gnome-session debug messages.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
- services.xserver.desktopManager.gnome.extraGSettingsOverridePackages
List of packages for which gsettings are overridden.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
- services.xserver.desktopManager.gnome.extraGSettingsOverrides
Additional gsettings overrides.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
- services.xserver.desktopManager.gnome.flashback.enableMetacity
Whether to enable the standard GNOME Flashback session with Metacity.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
- services.xserver.desktopManager.gnome.flashback.customSessions
Other GNOME Flashback sessions to enable.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
- services.xserver.desktopManager.gnome.flashback.customSessions.*.enableGnomePanel
Whether to enable the GNOME panel in this session.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
- services.xserver.desktopManager.gnome.flashback.customSessions.*.wmCommand
The executable of the window manager to use.
Type: string
Example: "${pkgs.haskellPackages.xmonad}/bin/xmonad"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
- services.xserver.desktopManager.gnome.flashback.customSessions.*.wmLabel
The name of the window manager to show in the session chooser.
Type: string
Example: "XMonad"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
- services.xserver.desktopManager.gnome.flashback.customSessions.*.wmName
A unique identifier for the window manager.
Type: string matching the pattern [a-zA-Z0-9_-]+
Example: "xmonad"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
- services.xserver.desktopManager.gnome.flashback.panelModulePackages
Packages containing modules that should be made available to gnome-panel (usually for applets).
If you're packaging something to use here, please install the modules in $out/lib/gnome-panel/modules.
Type: list of paths
Default: [ pkgs.gnome.gnome-applets ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
- services.xserver.desktopManager.gnome.sessionPath
Additional list of packages to be added to the session search path. Useful for GNOME Shell extensions or GSettings-conditional autostart.
Note that this should be a last resort; patching the package is preferred (see GPaste).
Type: list of packages
Default: [ ]
Example: [ pkgs.gnome.gpaste ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
- services.xserver.desktopManager.kodi.enable
Enable the kodi multimedia center.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/kodi.nix>
- services.xserver.desktopManager.kodi.package
Package that should be used for Kodi.
Type: package
Default: pkgs.kodi
Example: pkgs.kodi.withPackages (p: with p; [ jellyfin pvr-iptvsimple vfs-sftp ])
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/kodi.nix>
- services.xserver.desktopManager.lumina.enable
Enable the Lumina desktop manager
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/lumina.nix>
- services.xserver.desktopManager.lxqt.enable
Enable the LXQt desktop manager
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/lxqt.nix>
- services.xserver.desktopManager.mate.enable
Enable the MATE desktop environment
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix>
- services.xserver.desktopManager.mate.debug
Whether to enable mate-session debug messages.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix>
- services.xserver.desktopManager.pantheon.enable
Enable the pantheon desktop manager
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix>
- services.xserver.desktopManager.pantheon.debug
Whether to enable gnome-session debug messages.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix>
- services.xserver.desktopManager.pantheon.extraGSettingsOverridePackages
List of packages for which gsettings are overridden.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix>
- services.xserver.desktopManager.pantheon.extraGSettingsOverrides
Additional gsettings overrides.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix>
- services.xserver.desktopManager.pantheon.extraSwitchboardPlugs
Plugs to add to Switchboard.
Type: null or list of packages
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix>
- services.xserver.desktopManager.pantheon.extraWingpanelIndicators
Indicators to add to Wingpanel.
Type: null or list of packages
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix>
- services.xserver.desktopManager.pantheon.sessionPath
Additional list of packages to be added to the session search path. Useful for GSettings-conditional autostart.
Note that this should be a last resort; patching the package is preferred (see GPaste).
Type: list of packages
Default: [ ]
Example: [ pkgs.gnome.gpaste ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix>
- services.xserver.desktopManager.plasma5.enable
Enable the Plasma 5 (KDE 5) desktop environment.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix>
- services.xserver.desktopManager.plasma5.phononBackend
Phonon audio backend to install.
Type: one of "gstreamer", "vlc"
Default: "gstreamer"
Example: "vlc"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix>
- services.xserver.desktopManager.plasma5.runUsingSystemd
Use systemd to manage the Plasma session
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix>
- services.xserver.desktopManager.plasma5.supportDDC
Support setting monitor brightness via DDC.
This is not needed for controlling brightness of the internal monitor of a laptop and as it is considered experimental by upstream, it is disabled by default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix>
- services.xserver.desktopManager.plasma5.useQtScaling
Enable HiDPI scaling in Qt.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix>
- services.xserver.desktopManager.surf-display.enable
Whether to enable surf-display as a kiosk browser session.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/surf-display.nix>
- services.xserver.desktopManager.surf-display.defaultWwwUri
Default URI to display.
Type: string
Default: "${pkgs.surf-display}/share/surf-display/empty-page.html"
Example: "https://www.example.com/"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/surf-display.nix>
- services.xserver.desktopManager.surf-display.extraConfig
Extra configuration options to append to /etc/default/surf-display.
Type: strings concatenated with "\n"
Default: ""
Example:
'' # Enforce fixed resolution for all displays (default: not set): DEFAULT_RESOLUTION="1920x1080" # HTTP proxy URL, if needed (default: not set). HTTP_PROXY_URL="http://webcache:3128" # Configure individual display screens with host specific parameters: DISPLAYS['display-host-0']="www_uri=https://www.displayserver.comany.net/display-1/index.html" DISPLAYS['display-host-1']="www_uri=https://www.displayserver.comany.net/display-2/index.html" DISPLAYS['display-host-2']="www_uri=https://www.displayserver.comany.net/display-3/index.html|res=1920x1280" DISPLAYS['display-host-3']="www_uri=https://www.displayserver.comany.net/display-4/index.html"|res=1280x1024" DISPLAYS['display-host-local-file']="www_uri=file:///usr/share/doc/surf-display/empty-page.html" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/surf-display.nix>
- services.xserver.desktopManager.surf-display.hideIdlePointer
Hide idle mouse pointer.
Type: string
Default: "yes"
Example: "no"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/surf-display.nix>
- services.xserver.desktopManager.surf-display.inactivityInterval
Setting for internal inactivity timer to restart surf-display if the user goes inactive/idle to get a fresh session for the next user of the kiosk.
If this value is set to zero, the whole feature of restarting due to inactivity is disabled.
Type: signed integer
Default: 300
Example: 0
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/surf-display.nix>
- services.xserver.desktopManager.surf-display.pointerButtonMap
Disable right and middle pointer device click in browser sessions while keeping scrolling wheels' functionality intact. See pointer subcommand on man xmodmap for details.
Type: string
Default: "1 0 0 4 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/surf-display.nix>
- services.xserver.desktopManager.surf-display.screensaverSettings
Screensaver settings, see man 1 xset for possible options.
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/surf-display.nix>
- services.xserver.desktopManager.wallpaper.combineScreens
When set to true the wallpaper will stretch across all screens. When set to false the wallpaper is duplicated to all screens.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/default.nix>
- services.xserver.desktopManager.wallpaper.mode
The file ~/.background-image is used as a background image. This option specifies the placement of this image onto your desktop.
Possible values: center: Center the image on the background. If it is too small, it will be surrounded by a black border. fill: Like scale, but preserves aspect ratio by zooming the image until it fits. Either a horizontal or a vertical part of the image will be cut off. max: Like fill, but scale the image to the maximum size that fits the screen with black borders on one side. scale: Fit the file into the background without repeating it, cutting off stuff or using borders. But the aspect ratio is not preserved either. tile: Tile (repeat) the image in case it is too small for the screen.
Type: one of "center", "fill", "max", "scale", "tile"
Default: "scale"
Example: "fill"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/default.nix>
- services.xserver.desktopManager.xfce.enable
Enable the Xfce desktop environment.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix>
- services.xserver.desktopManager.xfce.enableXfwm
Enable the XFWM (default) window manager.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix>
- services.xserver.desktopManager.xfce.noDesktop
Don't install XFCE desktop components (xfdesktop and panel).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix>
- services.xserver.desktopManager.xfce.thunarPlugins
A list of plugin that should be installed with Thunar.
Type: list of packages
Default: [ ]
Example: [ pkgs.xfce.thunar-archive-plugin ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix>
- services.xserver.desktopManager.xterm.enable
Enable a xterm terminal as a desktop manager.
Type: boolean
Default: versionOlder config.system.stateVersion "19.09" && config.services.xserver.enable;
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/xterm.nix>
- services.xserver.deviceSection
Contents of the first Device section of the X server configuration file.
Type: strings concatenated with "\n"
Default: ""
Example: "VideoRAM 131072"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.digimend.enable
Whether to enable the digimend drivers for Huion/XP-Pen/etc. tablets.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/digimend.nix>
- services.xserver.display
Display number for the X server.
Type: null or signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.displayManager.autoLogin
Auto login configuration attrset.
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
- services.xserver.displayManager.autoLogin.enable
Automatically log in as autoLogin.user.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
- services.xserver.displayManager.autoLogin.user
User to be used for the automatic login.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
- services.xserver.displayManager.defaultSession
Graphical session to pre-select in the session chooser (only effective for GDM, LightDM and SDDM).
On GDM, LightDM and SDDM, it will also be used as a session for auto-login.
Type: session name
Default: null
Example: "gnome"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
- services.xserver.displayManager.gdm.enable
Whether to enable GDM, the GNOME Display Manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix>
- services.xserver.displayManager.gdm.autoLogin.delay
Seconds of inactivity after which the autologin will be performed.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix>
- services.xserver.displayManager.gdm.autoSuspend
On the GNOME Display Manager login screen, suspend the machine after inactivity. (Does not affect automatic suspend while logged in, or at lock screen.)
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix>
- services.xserver.displayManager.gdm.debug
Whether to enable debugging messages in GDM.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix>
- services.xserver.displayManager.gdm.nvidiaWayland
Whether to allow wayland to be used with the proprietary NVidia graphics driver.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix>
- services.xserver.displayManager.gdm.settings
Options passed to the gdm daemon. See here for supported options.
Type: attribute set of attribute set of INI atom (null, bool, int, float or string)ss
Default: { }
Example: { debug = { enable = true; } ; }
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix>
- services.xserver.displayManager.gdm.wayland
Allow GDM to run on Wayland instead of Xserver. Note to enable Wayland with Nvidia you need to enable the nvidiaWayland.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix>
- services.xserver.displayManager.hiddenUsers
A list of users which will not be shown in the display manager.
Type: list of strings
Default: [ "nobody" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
- services.xserver.displayManager.job.environment
Additional environment variables needed by the display manager.
Type: attribute set of unspecifieds
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
- services.xserver.displayManager.job.execCmd
Command to start the display manager.
Type: string
Example: "${pkgs.lightdm}/bin/lightdm"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
- services.xserver.displayManager.job.logToFile
Whether the display manager redirects the output of the session script to ~/.xsession-errors.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
- services.xserver.displayManager.job.logToJournal
Whether the display manager redirects the output of the session script to the systemd journal.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
- services.xserver.displayManager.job.preStart
Script executed before the display manager is started.
Type: strings concatenated with "\n"
Default: ""
Example: "rm -f /var/log/my-display-manager.log"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
- services.xserver.displayManager.lightdm.enable
Whether to enable lightdm as the display manager.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
- services.xserver.displayManager.lightdm.autoLogin.timeout
Show the greeter for this many seconds before automatic login occurs.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
- services.xserver.displayManager.lightdm.background
The background image or color to use.
Type: path or string matching the pattern ^#[0-9]{6}$
Default: pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom.gnomeFilePath
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
- services.xserver.displayManager.lightdm.extraConfig
Extra lines to append to LightDM section.
Type: strings concatenated with "\n"
Default: ""
Example:
'' user-authority-in-system-dir = true ''
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
- services.xserver.displayManager.lightdm.extraSeatDefaults
Extra lines to append to SeatDefaults section.
Type: strings concatenated with "\n"
Default: ""
Example:
'' greeter-show-manual-login=true ''
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
- services.xserver.displayManager.lightdm.greeter.enable
If set to false, run lightdm in greeterless mode. This only works if autologin is enabled and autoLogin.timeout is zero.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
- services.xserver.displayManager.lightdm.greeter.package
The LightDM greeter to login via. The package should be a directory containing a .desktop file matching the name in the 'name' option.
Type: package
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
- services.xserver.displayManager.lightdm.greeter.name
The name of a .desktop file in the directory specified in the 'package' option.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
- services.xserver.displayManager.lightdm.greeters.enso.enable
Whether to enable enso-os-greeter as the lightdm greeter
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix>
- services.xserver.displayManager.lightdm.greeters.enso.blur
Whether or not to enable blur
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix>
- services.xserver.displayManager.lightdm.greeters.enso.brightness
Brightness
Type: signed integer
Default: 7
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix>
- services.xserver.displayManager.lightdm.greeters.enso.cursorTheme.package
The package path that contains the cursor theme given in the name option.
Type: package
Default: pkgs.capitaine-cursors
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix>
- services.xserver.displayManager.lightdm.greeters.enso.cursorTheme.name
Name of the cursor theme to use for the lightdm-enso-os-greeter
Type: string
Default: "capitane-cursors"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix>
- services.xserver.displayManager.lightdm.greeters.enso.extraConfig
Extra configuration that should be put in the greeter.conf configuration file
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix>
- services.xserver.displayManager.lightdm.greeters.enso.iconTheme.package
The package path that contains the icon theme given in the name option.
Type: package
Default: pkgs.papirus-icon-theme
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix>
- services.xserver.displayManager.lightdm.greeters.enso.iconTheme.name
Name of the icon theme to use for the lightdm-enso-os-greeter
Type: string
Default: "ePapirus"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix>
- services.xserver.displayManager.lightdm.greeters.enso.theme.package
The package path that contains the theme given in the name option.
Type: package
Default: pkgs.gnome.gnome-themes-extra
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix>
- services.xserver.displayManager.lightdm.greeters.enso.theme.name
Name of the theme to use for the lightdm-enso-os-greeter
Type: string
Default: "Adwaita"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix>
- services.xserver.displayManager.lightdm.greeters.gtk.enable
Whether to enable lightdm-gtk-greeter as the lightdm greeter.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
- services.xserver.displayManager.lightdm.greeters.gtk.clock-format
Clock format string (as expected by strftime, e.g. "%H:%M") to use with the lightdm gtk greeter panel.
If set to null the default clock format is used.
Type: null or string
Default: null
Example: "%F"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
- services.xserver.displayManager.lightdm.greeters.gtk.cursorTheme.package
The package path that contains the cursor theme given in the name option.
Type: package
Default: pkgs.gnome.adwaita-icon-theme
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
- services.xserver.displayManager.lightdm.greeters.gtk.cursorTheme.name
Name of the cursor theme to use for the lightdm-gtk-greeter.
Type: string
Default: "Adwaita"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
- services.xserver.displayManager.lightdm.greeters.gtk.cursorTheme.size
Size of the cursor theme to use for the lightdm-gtk-greeter.
Type: signed integer
Default: 16
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
- services.xserver.displayManager.lightdm.greeters.gtk.extraConfig
Extra configuration that should be put in the lightdm-gtk-greeter.conf configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
- services.xserver.displayManager.lightdm.greeters.gtk.iconTheme.package
The package path that contains the icon theme given in the name option.
Type: package
Default: pkgs.gnome.adwaita-icon-theme
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
- services.xserver.displayManager.lightdm.greeters.gtk.iconTheme.name
Name of the icon theme to use for the lightdm-gtk-greeter.
Type: string
Default: "Adwaita"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
- services.xserver.displayManager.lightdm.greeters.gtk.indicators
List of allowed indicator modules to use for the lightdm gtk greeter panel.
Built-in indicators include "~a11y", "~language", "~session", "~power", "~clock", "~host", "~spacer". Unity indicators can be represented by short name (e.g. "sound", "power"), service file name, or absolute path.
If set to null the default indicators are used.
Type: null or list of strings
Default: null
Example: [ "~host" "~spacer" "~clock" "~spacer" "~session" "~language" "~a11y" "~power" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
- services.xserver.displayManager.lightdm.greeters.gtk.theme.package
The package path that contains the theme given in the name option.
Type: package
Default: pkgs.gnome.gnome-themes-extra
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
- services.xserver.displayManager.lightdm.greeters.gtk.theme.name
Name of the theme to use for the lightdm-gtk-greeter.
Type: string
Default: "Adwaita"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
- services.xserver.displayManager.lightdm.greeters.mini.enable
Whether to enable lightdm-mini-greeter as the lightdm greeter.
Note that this greeter starts only the default X session. You can configure the default X session using services.xserver.displayManager.defaultSession.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/mini.nix>
- services.xserver.displayManager.lightdm.greeters.mini.extraConfig
Extra configuration that should be put in the lightdm-mini-greeter.conf configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/mini.nix>
- services.xserver.displayManager.lightdm.greeters.mini.user
The user to login as.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/mini.nix>
- services.xserver.displayManager.lightdm.greeters.pantheon.enable
Whether to enable elementary-greeter as the lightdm greeter.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/pantheon.nix>
- services.xserver.displayManager.lightdm.greeters.tiny.enable
Whether to enable lightdm-tiny-greeter as the lightdm greeter.
Note that this greeter starts only the default X session. You can configure the default X session using services.xserver.displayManager.defaultSession.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/tiny.nix>
- services.xserver.displayManager.lightdm.greeters.tiny.extraConfig
Section to describe style and ui.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/tiny.nix>
- services.xserver.displayManager.lightdm.greeters.tiny.label.pass
The string to represent the pass_text label.
Type: string
Default: "Password"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/tiny.nix>
- services.xserver.displayManager.lightdm.greeters.tiny.label.user
The string to represent the user_text label.
Type: string
Default: "Username"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/tiny.nix>
- services.xserver.displayManager.sddm.enable
Whether to enable sddm as the display manager.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
- services.xserver.displayManager.sddm.enableHidpi
Whether to enable automatic HiDPI mode.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
- services.xserver.displayManager.sddm.autoLogin.minimumUid
Minimum user ID for auto-login user.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
- services.xserver.displayManager.sddm.autoLogin.relogin
If true automatic login will kick in again on session exit (logout), otherwise it will only log in automatically when the display-manager is started.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
- services.xserver.displayManager.sddm.autoNumlock
Enable numlock at login.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
- services.xserver.displayManager.sddm.settings
Extra settings merged in and overwritting defaults in sddm.conf.
Type: attribute set of attribute set of INI atom (null, bool, int, float or string)ss
Default: { }
Example: { Autologin = { Session = "plasma.desktop"; User = "john"; } ; }
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
- services.xserver.displayManager.sddm.setupScript
A script to execute when starting the display server. DEPRECATED, please use services.xserver.displayManager.setupCommands.
Type: string
Default: ""
Example:
'' # workaround for using NVIDIA Optimus without Bumblebee xrandr --setprovideroutputsource modesetting NVIDIA-0 xrandr --auto ''
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
- services.xserver.displayManager.sddm.stopScript
A script to execute when stopping the display server.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
- services.xserver.displayManager.sddm.theme
Greeter theme to use.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
- services.xserver.displayManager.session
List of sessions supported with the command used to start each session. Each session script can set the waitPID shell variable to make this script wait until the end of the user session. Each script is used to define either a window manager or a desktop manager. These can be differentiated by setting the attribute manage either to "window" or "desktop".
The list of desktop manager and window manager should appear inside the display manager with the desktop manager name followed by the window manager name.
Type: unspecified
Default: [ ]
Example:
[ { manage = "desktop"; name = "xterm"; start = '' ${pkgs.xterm}/bin/xterm -ls & waitPID=$! ''; } ]Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
- services.xserver.displayManager.sessionCommands
Shell commands executed just before the window or desktop manager is started. These commands are not currently sourced for Wayland sessions.
Type: strings concatenated with "\n"
Default: ""
Example:
'' xmessage "Hello World!" & ''
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
- services.xserver.displayManager.sessionPackages
A list of packages containing x11 or wayland session files to be passed to the display manager.
Type: list of package with provided sessionss
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
- services.xserver.displayManager.setupCommands
Shell commands executed just after the X server has started.
This option is only effective for display managers for which this feature is supported; currently these are LightDM, GDM and SDDM.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
- services.xserver.displayManager.startx.enable
Whether to enable the dummy "startx" pseudo-display manager, which allows users to start X manually via the "startx" command from a vt shell. The X server runs under the user's id, not as root. The user must provide a ~/.xinitrc file containing session startup commands, see startx(1). This is not automatically generated from the desktopManager and windowManager settings.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/startx.nix>
- services.xserver.displayManager.sx.enable
Whether to enable the "sx" pseudo-display manager, which allows users to start manually via the "sx" command from a vt shell. The X server runs under the user's id, not as root. The user must provide a ~/.config/sx/sxrc file containing session startup commands, see sx(1). This is not automatically generated from the desktopManager and windowManager settings. sx doesn't have a way to directly set X server flags, but it can be done by overriding its xorgserver dependency.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sx.nix>
- services.xserver.displayManager.xpra.enable
Whether to enable xpra as display manager.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix>
- services.xserver.displayManager.xpra.auth
Authentication to use when connecting to xpra
Type: string
Default: "pam"
Example: "password:value=mysecret"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix>
- services.xserver.displayManager.xpra.bindTcp
Bind xpra to TCP
Type: null or string
Default: "127.0.0.1:10000"
Example: "0.0.0.0:10000"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix>
- services.xserver.displayManager.xpra.extraOptions
Extra xpra options
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix>
- services.xserver.displayManager.xpra.pulseaudio
Whether to enable pulseaudio audio streaming.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix>
- services.xserver.displayManager.xserverArgs
List of arguments for the X server.
Type: list of strings
Default: [ ]
Example: [ "-ac" "-logverbose" "-verbose" "-nolisten tcp" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
- services.xserver.displayManager.xserverBin
Path to the X server used by display managers.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
- services.xserver.dpi
Force global DPI resolution to use for X server. It's recommended to use this only when DPI is detected incorrectly; also consider using Monitor section in configuration file instead.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.exportConfiguration
Whether to symlink the X server configuration under /etc/X11/xorg.conf.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.extraConfig
Additional contents (sections) included in the X server configuration file
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.extraDisplaySettings
Lines to be added to every Display subsection of the Screen section.
Type: strings concatenated with "\n"
Default: ""
Example: "Virtual 2048 2048"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.extraLayouts
Extra custom layouts that will be included in the xkb configuration. Information on how to create a new layout can be found here: https://www.x.org/releases/current/doc/xorg-docs/input/XKB-Enhancing.html#Defining_New_Layouts. For more examples see https://wiki.archlinux.org/index.php/X_KeyBoard_extension#Basic_examples
Type: attribute set of submodules
Default: { }
Example:
{ mine = { description = "My custom xkb layout."; languages = [ "eng" ]; symbolsFile = /path/to/my/layout; }; }Declared by:
<nixpkgs/nixos/modules/services/x11/extra-layouts.nix>
- services.xserver.extraLayouts.<name>.compatFile
The path to the xkb compat file. This file sets the compatibility state, used to preserve compatibility with xkb-unaware programs. It must contain a xkb_compat "name" { ... } block.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/extra-layouts.nix>
- services.xserver.extraLayouts.<name>.description
A short description of the layout.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/x11/extra-layouts.nix>
- services.xserver.extraLayouts.<name>.geometryFile
The path to the xkb geometry file. This (completely optional) file describes the physical layout of keyboard, which maybe be used by programs to depict it. It must contain a xkb_geometry "name" { ... } block.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/extra-layouts.nix>
- services.xserver.extraLayouts.<name>.keycodesFile
The path to the xkb keycodes file. This file specifies the range and the interpretation of the raw keycodes sent by the keyboard. It must contain a xkb_keycodes "name" { ... } block.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/extra-layouts.nix>
- services.xserver.extraLayouts.<name>.languages
A list of languages provided by the layout. (Use ISO 639-2 codes, for example: "eng" for english)
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/services/x11/extra-layouts.nix>
- services.xserver.extraLayouts.<name>.symbolsFile
The path to the xkb symbols file. This is the most important file: it defines which symbol or action maps to each key and must contain a xkb_symbols "name" { ... } block.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/extra-layouts.nix>
- services.xserver.extraLayouts.<name>.typesFile
The path to the xkb types file. This file specifies the key types that can be associated with the various keyboard keys. It must contain a xkb_types "name" { ... } block.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/extra-layouts.nix>
- services.xserver.filesSection
Contents of the first Files section of the X server configuration file.
Type: strings concatenated with "\n"
Default: ""
Example: ''FontPath "/path/to/my/fonts"''
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.fontPath
Set the X server FontPath. Defaults to null, which means the compiled in defaults will be used. See man xorg.conf for details.
Type: null or string
Default: null
Example: "unix/:7100"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.gdk-pixbuf.modulePackages
Packages providing GDK-Pixbuf modules, for cache generation.
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/x11/gdk-pixbuf.nix>
- services.xserver.imwheel.enable
Whether to enable IMWheel service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/imwheel.nix>
- services.xserver.imwheel.extraOptions
Additional command-line arguments to pass to imwheel.
Type: list of strings
Default: [ "--buttons=45" ]
Example: [ "--debug" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/imwheel.nix>
- services.xserver.imwheel.rules
Window class translation rules. /etc/X11/imwheelrc is generated based on this config which means this config is global for all users. See offical man pages for more informations.
Type: attribute set of strings
Default: { }
Example:
{ ".*" = '' None, Up, Button4, 8 None, Down, Button5, 8 Shift_L, Up, Shift_L|Button4, 4 Shift_L, Down, Shift_L|Button5, 4 Control_L, Up, Control_L|Button4 Control_L, Down, Control_L|Button5 ''; }Declared by:
<nixpkgs/nixos/modules/services/x11/imwheel.nix>
- services.xserver.inputClassSections
Content of additional InputClass sections of the X server configuration file.
Type: list of strings concatenated with "\n"s
Default: [ ]
Example:
[ '' Identifier "Trackpoint Wheel Emulation" MatchProduct "ThinkPad USB Keyboard with TrackPoint" Option "EmulateWheel" "true" Option "EmulateWheelButton" "2" Option "Emulate3Buttons" "false" '' ]Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.layout
Keyboard layout, or multiple keyboard layouts separated by commas.
Type: string
Default: "us"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.libinput.enable
Whether to enable libinput.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.mouse.accelProfile
Sets the pointer acceleration profile to the given profile. Permitted values are adaptive, flat. Not all devices support this option or all profiles. If a profile is unsupported, the default profile for this is used. flat: Pointer motion is accelerated by a constant (device-specific) factor, depending on the current speed. adaptive: Pointer acceleration depends on the input speed. This is the default profile for most devices.
Type: one of "flat", "adaptive"
Default: "adaptive"
Example: "flat"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.mouse.accelSpeed
Cursor acceleration (how fast speed increases from minSpeed to maxSpeed).
Type: null or string
Default: null
Example: "-0.5"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.mouse.additionalOptions
Additional options for libinput mouse driver. See libinput(4) for available options.";
Type: strings concatenated with "\n"
Default: ""
Example:
'' Option "DragLockButtons" "L1 B1 L2 B2" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.mouse.buttonMapping
Sets the logical button mapping for this device, see XSetPointerMapping(3). The string must be a space-separated list of button mappings in the order of the logical buttons on the device, starting with button 1. The default mapping is "1 2 3 ... 32". A mapping of 0 deac- tivates the button. Multiple buttons can have the same mapping. Invalid mapping strings are discarded and the default mapping is used for all buttons. Buttons not specified in the user's mapping use the default mapping. See section BUTTON MAPPING for more details.
Type: null or string
Default: null
Example: "1 6 3 4 5 0 7"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.mouse.calibrationMatrix
A string of 9 space-separated floating point numbers. Sets the calibration matrix to the 3x3 matrix where the first row is (abc), the second row is (def) and the third row is (ghi).
Type: null or string
Default: null
Example: "0.5 0 0 0 0.8 0.1 0 0 1"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.mouse.clickMethod
Enables a click method. Permitted values are none, buttonareas, clickfinger. Not all devices support all methods, if an option is unsupported, the default click method for this device is used.
Type: null or one of "none", "buttonareas", "clickfinger"
Default: null
Example: "buttonareas"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.mouse.dev
Path for mouse device. Set to null to apply to any auto-detected mouse.
Type: null or string
Default: null
Example: "/dev/input/event0"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.mouse.disableWhileTyping
Disable input method while typing.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.mouse.horizontalScrolling
Disables horizontal scrolling. When disabled, this driver will discard any horizontal scroll events from libinput. Note that this does not disable horizontal scrolling, it merely discards the horizontal axis from any scroll events.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.mouse.leftHanded
Enables left-handed button orientation, i.e. swapping left and right buttons.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.mouse.middleEmulation
Enables middle button emulation. When enabled, pressing the left and right buttons simultaneously produces a middle mouse button click.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.mouse.naturalScrolling
Enables or disables natural scrolling behavior.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.mouse.scrollButton
Designates a button as scroll button. If the ScrollMethod is button and the button is logically held down, x/y axis movement is converted into scroll events.
Type: null or signed integer
Default: null
Example: 1
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.mouse.scrollMethod
Specify the scrolling method: twofinger, edge, button, or none
Type: one of "twofinger", "edge", "button", "none"
Default: "twofinger"
Example: "edge"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.mouse.sendEventsMode
Sets the send events mode to disabled, enabled, or disabled-on-external-mouse
Type: one of "disabled", "enabled", "disabled-on-external-mouse"
Default: "enabled"
Example: "disabled"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.mouse.tapping
Enables or disables tap-to-click behavior.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.mouse.tappingDragLock
Enables or disables drag lock during tapping behavior. When enabled, a finger up during tap- and-drag will not immediately release the button. If the finger is set down again within the timeout, the draging process continues.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.mouse.transformationMatrix
A string of 9 space-separated floating point numbers. Sets the transformation matrix to the 3x3 matrix where the first row is (abc), the second row is (def) and the third row is (ghi).
Type: null or string
Default: null
Example: "0.5 0 0 0 0.8 0.1 0 0 1"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.touchpad.accelProfile
Sets the pointer acceleration profile to the given profile. Permitted values are adaptive, flat. Not all devices support this option or all profiles. If a profile is unsupported, the default profile for this is used. flat: Pointer motion is accelerated by a constant (device-specific) factor, depending on the current speed. adaptive: Pointer acceleration depends on the input speed. This is the default profile for most devices.
Type: one of "flat", "adaptive"
Default: "adaptive"
Example: "flat"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.touchpad.accelSpeed
Cursor acceleration (how fast speed increases from minSpeed to maxSpeed).
Type: null or string
Default: null
Example: "-0.5"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.touchpad.additionalOptions
Additional options for libinput touchpad driver. See libinput(4) for available options.";
Type: strings concatenated with "\n"
Default: ""
Example:
'' Option "DragLockButtons" "L1 B1 L2 B2" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.touchpad.buttonMapping
Sets the logical button mapping for this device, see XSetPointerMapping(3). The string must be a space-separated list of button mappings in the order of the logical buttons on the device, starting with button 1. The default mapping is "1 2 3 ... 32". A mapping of 0 deac- tivates the button. Multiple buttons can have the same mapping. Invalid mapping strings are discarded and the default mapping is used for all buttons. Buttons not specified in the user's mapping use the default mapping. See section BUTTON MAPPING for more details.
Type: null or string
Default: null
Example: "1 6 3 4 5 0 7"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.touchpad.calibrationMatrix
A string of 9 space-separated floating point numbers. Sets the calibration matrix to the 3x3 matrix where the first row is (abc), the second row is (def) and the third row is (ghi).
Type: null or string
Default: null
Example: "0.5 0 0 0 0.8 0.1 0 0 1"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.touchpad.clickMethod
Enables a click method. Permitted values are none, buttonareas, clickfinger. Not all devices support all methods, if an option is unsupported, the default click method for this device is used.
Type: null or one of "none", "buttonareas", "clickfinger"
Default: null
Example: "buttonareas"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.touchpad.dev
Path for touchpad device. Set to null to apply to any auto-detected touchpad.
Type: null or string
Default: null
Example: "/dev/input/event0"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.touchpad.disableWhileTyping
Disable input method while typing.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.touchpad.horizontalScrolling
Disables horizontal scrolling. When disabled, this driver will discard any horizontal scroll events from libinput. Note that this does not disable horizontal scrolling, it merely discards the horizontal axis from any scroll events.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.touchpad.leftHanded
Enables left-handed button orientation, i.e. swapping left and right buttons.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.touchpad.middleEmulation
Enables middle button emulation. When enabled, pressing the left and right buttons simultaneously produces a middle mouse button click.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.touchpad.naturalScrolling
Enables or disables natural scrolling behavior.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.touchpad.scrollButton
Designates a button as scroll button. If the ScrollMethod is button and the button is logically held down, x/y axis movement is converted into scroll events.
Type: null or signed integer
Default: null
Example: 1
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.touchpad.scrollMethod
Specify the scrolling method: twofinger, edge, button, or none
Type: one of "twofinger", "edge", "button", "none"
Default: "twofinger"
Example: "edge"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.touchpad.sendEventsMode
Sets the send events mode to disabled, enabled, or disabled-on-external-mouse
Type: one of "disabled", "enabled", "disabled-on-external-mouse"
Default: "enabled"
Example: "disabled"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.touchpad.tapping
Enables or disables tap-to-click behavior.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.touchpad.tappingDragLock
Enables or disables drag lock during tapping behavior. When enabled, a finger up during tap- and-drag will not immediately release the button. If the finger is set down again within the timeout, the draging process continues.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.libinput.touchpad.transformationMatrix
A string of 9 space-separated floating point numbers. Sets the transformation matrix to the 3x3 matrix where the first row is (abc), the second row is (def) and the third row is (ghi).
Type: null or string
Default: null
Example: "0.5 0 0 0 0.8 0.1 0 0 1"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
- services.xserver.logFile
Controls the file Xorg logs to.
The default of /dev/null is set so that systemd services (like displayManagers) only log to the journal and don't create their own log files.
Setting this to null will not pass the -logfile argument to Xorg which allows it to log to its default logfile locations instead (see man Xorg). You probably only want this behaviour when running Xorg manually (e.g. via startx).
Type: null or string
Default: "/dev/null"
Example: "/var/log/Xorg.0.log"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.moduleSection
Contents of the Module section of the X server configuration file.
Type: strings concatenated with "\n"
Default: ""
Example:
'' SubSection "extmod" EndSubsection ''
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.modules
Packages to be added to the module search path of the X server.
Type: list of paths
Default: [ ]
Example: [ pkgs.xf86_input_wacom ]
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.monitorSection
Contents of the first Monitor section of the X server configuration file.
Type: strings concatenated with "\n"
Default: ""
Example: "HorizSync 28-49"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.resolutions
The screen resolutions for the X server. The first element is the default resolution. If this list is empty, the X server will automatically configure the resolution.
Type: list of attribute sets
Default: [ ]
Example: [ { x = 1600; y = 1200; } { x = 1024; y = 786; } ]
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.screenSection
Contents of the first Screen section of the X server configuration file.
Type: strings concatenated with "\n"
Default: ""
Example:
'' Option "RandRRotation" "on" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.serverFlagsSection
Contents of the ServerFlags section of the X server configuration file.
Type: strings concatenated with "\n"
Default: ""
Example:
'' Option "BlankTime" "0" Option "StandbyTime" "0" Option "SuspendTime" "0" Option "OffTime" "0" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.serverLayoutSection
Contents of the ServerLayout section of the X server configuration file.
Type: strings concatenated with "\n"
Default: ""
Example:
'' Option "AIGLX" "true" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.synaptics.enable
Whether to enable touchpad support. Deprecated: Consider services.xserver.libinput.enable.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
- services.xserver.synaptics.accelFactor
Cursor acceleration (how fast speed increases from minSpeed to maxSpeed).
Type: null or string
Default: "0.001"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
- services.xserver.synaptics.additionalOptions
Additional options for synaptics touchpad driver.
Type: string
Default: ""
Example:
'' Option "RTCornerButton" "2" Option "RBCornerButton" "3" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
- services.xserver.synaptics.buttonsMap
Remap touchpad buttons.
Type: list of signed integers
Default: [ 1 2 3 ]
Example: [ 1 3 2 ]
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
- services.xserver.synaptics.dev
Path for touchpad device. Set to null to apply to any auto-detected touchpad.
Type: null or string
Default: null
Example: "/dev/input/event0"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
- services.xserver.synaptics.fingersMap
Remap several-fingers taps.
Type: list of signed integers
Default: [ 1 2 3 ]
Example: [ 1 3 2 ]
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
- services.xserver.synaptics.horizEdgeScroll
Whether to enable horizontal edge drag-scrolling.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
- services.xserver.synaptics.horizTwoFingerScroll
Whether to enable horizontal two-finger drag-scrolling.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
- services.xserver.synaptics.horizontalScroll
Whether to enable horizontal scrolling (on touchpad)
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
- services.xserver.synaptics.maxSpeed
Cursor speed factor for highest-speed finger motion.
Type: null or string
Default: "1.0"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
- services.xserver.synaptics.minSpeed
Cursor speed factor for precision finger motion.
Type: null or string
Default: "0.6"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
- services.xserver.synaptics.palmDetect
Whether to enable palm detection (hardware support required)
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
- services.xserver.synaptics.palmMinWidth
Minimum finger width at which touch is considered a palm
Type: null or signed integer
Default: null
Example: 5
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
- services.xserver.synaptics.palmMinZ
Minimum finger pressure at which touch is considered a palm
Type: null or signed integer
Default: null
Example: 20
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
- services.xserver.synaptics.scrollDelta
Move distance of the finger for a scroll event.
Type: null or signed integer
Default: null
Example: 75
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
- services.xserver.synaptics.tapButtons
Whether to enable tap buttons.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
- services.xserver.synaptics.twoFingerScroll
Whether to enable two-finger drag-scrolling. Overridden by horizTwoFingerScroll and vertTwoFingerScroll.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
- services.xserver.synaptics.vertEdgeScroll
Whether to enable vertical edge drag-scrolling.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
- services.xserver.synaptics.vertTwoFingerScroll
Whether to enable vertical two-finger drag-scrolling.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
- services.xserver.terminateOnReset
Whether to terminate X upon server reset.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.tty
Virtual console for the X server.
Type: null or signed integer
Default: 7
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.updateDbusEnvironment
Whether to update the DBus activation environment after launching the desktop manager.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.useGlamor
Whether to use the Glamor module for 2D acceleration, if possible.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.verbose
Controls verbosity of X logging.
Type: null or signed integer
Default: 3
Example: 7
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.videoDriver
The name of the video driver for your graphics card. This option is obsolete; please set the services.xserver.videoDrivers instead.
Type: null or string
Default: null
Example: "i810"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.videoDrivers
The names of the video drivers the configuration supports. They will be tried in order until one that supports your card is found. Don't combine those with "incompatible" OpenGL implementations, e.g. free ones (mesa-based) with proprietary ones.
For unfree "nvidia*", the supported GPU lists are on https://www.nvidia.com/object/unix.html
Type: list of strings
Default: [ "amdgpu" "radeon" "nouveau" "modesetting" "fbdev" ]
Example: [ "nvidia" "nvidiaLegacy390" "nvidiaLegacy340" "nvidiaLegacy304" "amdgpu-pro" ]
Related packages:
- amdgpu aka pkgs.xorg.xf86videoamdgpu (xf86-video-amdgpu-21.0.0): ???.
- apm aka pkgs.xorg.xf86videoapm (xf86-video-apm-1.3.0): ???.
- ark aka pkgs.xorg.xf86videoark (xf86-video-ark-0.7.5) [UNAVAILABLE]: ???.
- ast aka pkgs.xorg.xf86videoast (xf86-video-ast-1.1.5): ???.
- ati aka pkgs.xorg.xf86videoati (xf86-video-ati-19.1.0): ???.
- chips aka pkgs.xorg.xf86videochips (xf86-video-chips-1.4.0): ???.
- cirrus aka pkgs.xorg.xf86videocirrus (xf86-video-cirrus-1.5.3): ???.
- dummy aka pkgs.xorg.xf86videodummy (xf86-video-dummy-0.3.8): ???.
- fbdev aka pkgs.xorg.xf86videofbdev (xf86-video-fbdev-0.5.0): ???.
- geode aka pkgs.xorg.xf86videogeode (xf86-video-geode-2.11.19) [UNAVAILABLE]: ???.
- glide aka pkgs.xorg.xf86videoglide (xf86-video-glide-1.2.2) [UNAVAILABLE]: ???.
- glint aka pkgs.xorg.xf86videoglint (xf86-video-glint-1.2.9): ???.
- i128 aka pkgs.xorg.xf86videoi128 (xf86-video-i128-1.4.0) [UNAVAILABLE]: ???.
- i740 aka pkgs.xorg.xf86videoi740 (xf86-video-i740-1.4.0): ???.
- intel aka pkgs.xorg.xf86videointel (xf86-video-intel-2019-12-09): ???.
- mga aka pkgs.xorg.xf86videomga (xf86-video-mga-2.0.0): ???.
- neomagic aka pkgs.xorg.xf86videoneomagic (xf86-video-neomagic-1.3.0): ???.
- newport aka pkgs.xorg.xf86videonewport (xf86-video-newport-0.2.4) [UNAVAILABLE]: ???.
- nouveau aka pkgs.xorg.xf86videonouveau (xf86-video-nouveau-1.0.17): ???.
- nv aka pkgs.xorg.xf86videonv (xf86-video-nv-2.1.21): ???.
- omap aka pkgs.xorg.xf86videoomap (xf86-video-omap-0.4.5): ???.
- openchrome aka pkgs.xorg.xf86videoopenchrome (xf86-video-openchrome-0.6.0): ???.
- qxl aka pkgs.xorg.xf86videoqxl (xf86-video-qxl-0.1.5): ???.
- r128 aka pkgs.xorg.xf86videor128 (xf86-video-r128-6.11.0): ???.
- rendition aka pkgs.xorg.xf86videorendition (xf86-video-rendition-4.2.7): ???.
- s3virge aka pkgs.xorg.xf86videos3virge (xf86-video-s3virge-1.11.0) [UNAVAILABLE]: ???.
- savage aka pkgs.xorg.xf86videosavage (xf86-video-savage-2.3.9) [UNAVAILABLE]: ???.
- siliconmotion aka pkgs.xorg.xf86videosiliconmotion (xf86-video-siliconmotion-1.7.9): ???.
- sis aka pkgs.xorg.xf86videosis (xf86-video-sis-0.11.0): ???.
- sisusb aka pkgs.xorg.xf86videosisusb (xf86-video-sisusb-0.9.7): ???.
- suncg6 aka pkgs.xorg.xf86videosuncg6 (xf86-video-suncg6-1.1.2): ???.
- sunffb aka pkgs.xorg.xf86videosunffb (xf86-video-sunffb-1.2.2): ???.
- sunleo aka pkgs.xorg.xf86videosunleo (xf86-video-sunleo-1.2.2): ???.
- tdfx aka pkgs.xorg.xf86videotdfx (xf86-video-tdfx-1.5.0): ???.
- tga aka pkgs.xorg.xf86videotga (xf86-video-tga-1.2.2) [UNAVAILABLE]: ???.
- trident aka pkgs.xorg.xf86videotrident (xf86-video-trident-1.3.8): ???.
- v4l aka pkgs.xorg.xf86videov4l (xf86-video-v4l-0.3.0) [UNAVAILABLE]: ???.
- vboxvideo aka pkgs.xorg.xf86videovboxvideo (xf86-video-vboxvideo-1.0.0): ???.
- vesa aka pkgs.xorg.xf86videovesa (xf86-video-vesa-2.5.0): ???.
- vmware aka pkgs.xorg.xf86videovmware (xf86-video-vmware-13.3.0): ???.
- voodoo aka pkgs.xorg.xf86videovoodoo (xf86-video-voodoo-1.2.5) [UNAVAILABLE]: ???.
- wsfb aka pkgs.xorg.xf86videowsfb (xf86-video-wsfb-0.4.0) [UNAVAILABLE]: ???.
- xgi aka pkgs.xorg.xf86videoxgi (xf86-video-xgi-1.6.1): ???.
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.virtualScreen
Virtual screen size for Xrandr.
Type: null or attribute set
Default: null
Example: { x = 2048; y = 2048; }
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.wacom.enable
Whether to enable the Wacom touchscreen/digitizer/tablet. If you ever have any issues such as, try switching to terminal (ctrl-alt-F1) and back which will make Xorg reconfigure the device ?
If you're not satisfied by the default behaviour you can override environment.etc."X11/xorg.conf.d/70-wacom.conf" in configuration.nix easily.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/wacom.nix>
- services.xserver.windowManager.2bwm.enable
Whether to enable 2bwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/2bwm.nix>
- services.xserver.windowManager.afterstep.enable
Whether to enable afterstep.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/afterstep.nix>
- services.xserver.windowManager.awesome.enable
Whether to enable Awesome window manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/awesome.nix>
- services.xserver.windowManager.awesome.package
Package to use for running the Awesome WM.
Type: null or package
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/awesome.nix>
- services.xserver.windowManager.awesome.luaModules
List of lua packages available for being used in the Awesome configuration.
Type: list of packages
Default: [ ]
Example: [ pkgs.luaPackages.vicious ]
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/awesome.nix>
- services.xserver.windowManager.awesome.noArgb
Disable client transparency support, which can be greatly detrimental to performance in some setups
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/awesome.nix>
- services.xserver.windowManager.berry.enable
Whether to enable berry.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/berry.nix>
- services.xserver.windowManager.bspwm.enable
Whether to enable bspwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/bspwm.nix>
- services.xserver.windowManager.bspwm.package
bspwm package to use.
Type: package
Default: pkgs.bspwm
Example: pkgs.bspwm-unstable
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/bspwm.nix>
- services.xserver.windowManager.bspwm.configFile
Path to the bspwm configuration file. If null, $HOME/.config/bspwm/bspwmrc will be used.
Type: null or path
Default: null
Example: "${pkgs.bspwm}/share/doc/bspwm/examples/bspwmrc"
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/bspwm.nix>
- services.xserver.windowManager.bspwm.sxhkd.package
sxhkd package to use.
Type: package
Default: pkgs.sxhkd
Example: pkgs.sxhkd-unstable
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/bspwm.nix>
- services.xserver.windowManager.bspwm.sxhkd.configFile
Path to the sxhkd configuration file. If null, $HOME/.config/sxhkd/sxhkdrc will be used.
Type: null or path
Default: null
Example: "${pkgs.bspwm}/share/doc/bspwm/examples/sxhkdrc"
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/bspwm.nix>
- services.xserver.windowManager.clfswm.enable
Whether to enable clfswm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/clfswm.nix>
- services.xserver.windowManager.clfswm.package
clfswm package to use.
Type: package
Default: pkgs.lispPackages.clfswm
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/clfswm.nix>
- services.xserver.windowManager.cwm.enable
Whether to enable cwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/cwm.nix>
- services.xserver.windowManager.default
Deprecated, please use services.xserver.displayManager.defaultSession instead.
Default window manager loaded if none have been chosen.
Type: null or string
Default: null
Example: "wmii"
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/default.nix>
- services.xserver.windowManager.dwm.enable
Whether to enable dwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/dwm.nix>
- services.xserver.windowManager.e16.enable
Whether to enable e16.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/e16.nix>
- services.xserver.windowManager.evilwm.enable
Whether to enable evilwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/evilwm.nix>
- services.xserver.windowManager.exwm.enable
Whether to enable exwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/exwm.nix>
- services.xserver.windowManager.exwm.enableDefaultConfig
Enable an uncustomised exwm configuration.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/exwm.nix>
- services.xserver.windowManager.exwm.extraPackages
Extra packages available to Emacs. The value must be a function which receives the attrset defined in emacs.pkgs as the sole argument.
Type: function that evaluates to a(n) listOf
Default: epkgs: []
Example:
epkgs: [ epkgs.emms epkgs.magit epkgs.proofgeneral ]
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/exwm.nix>
- services.xserver.windowManager.exwm.loadScript
Emacs lisp code to be run after loading the user's init file. If enableDefaultConfig is true, this will be run before loading the default config.
Type: strings concatenated with "\n"
Default: "(require 'exwm)"
Example:
'' (require 'exwm) (exwm-enable) ''
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/exwm.nix>
- services.xserver.windowManager.fluxbox.enable
Whether to enable fluxbox.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/fluxbox.nix>
- services.xserver.windowManager.fvwm.enable
Whether to enable Fvwm window manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/fvwm.nix>
- services.xserver.windowManager.fvwm.gestures
Whether or not to enable libstroke for gesture support
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/fvwm.nix>
- services.xserver.windowManager.herbstluftwm.enable
Whether to enable herbstluftwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/herbstluftwm.nix>
- services.xserver.windowManager.herbstluftwm.package
Herbstluftwm package to use.
Type: package
Default: pkgs.herbstluftwm
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/herbstluftwm.nix>
- services.xserver.windowManager.herbstluftwm.configFile
Path to the herbstluftwm configuration file. If left at the default value, $XDG_CONFIG_HOME/herbstluftwm/autostart will be used.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/herbstluftwm.nix>
- services.xserver.windowManager.i3.enable
Whether to enable i3 window manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/i3.nix>
- services.xserver.windowManager.i3.package
i3 package to use.
Type: package
Default: pkgs.i3
Example: pkgs.i3-gaps
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/i3.nix>
- services.xserver.windowManager.i3.configFile
Path to the i3 configuration file. If left at the default value, $HOME/.i3/config will be used.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/i3.nix>
- services.xserver.windowManager.i3.extraPackages
Extra packages to be installed system wide.
Type: list of packages
Default:
with pkgs; [ dmenu i3status i3lock ]
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/i3.nix>
- services.xserver.windowManager.i3.extraSessionCommands
Shell commands executed just before i3 is started.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/i3.nix>
- services.xserver.windowManager.icewm.enable
Whether to enable icewm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/icewm.nix>
- services.xserver.windowManager.jwm.enable
Whether to enable jwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/jwm.nix>
- services.xserver.windowManager.leftwm.enable
Whether to enable leftwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/leftwm.nix>
- services.xserver.windowManager.lwm.enable
Whether to enable lwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/lwm.nix>
- services.xserver.windowManager.metacity.enable
Whether to enable metacity.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/metacity.nix>
- services.xserver.windowManager.mlvwm.enable
Whether to enable Macintosh-like Virtual Window Manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/mlvwm.nix>
- services.xserver.windowManager.mlvwm.configFile
Path to the mlvwm configuration file. If left at the default value, $HOME/.mlvwmrc will be used.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/mlvwm.nix>
- services.xserver.windowManager.mwm.enable
Whether to enable mwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/mwm.nix>
- services.xserver.windowManager.notion.enable
Whether to enable notion.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/notion.nix>
- services.xserver.windowManager.openbox.enable
Whether to enable openbox.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/openbox.nix>
- services.xserver.windowManager.pekwm.enable
Whether to enable pekwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/pekwm.nix>
- services.xserver.windowManager.qtile.enable
Whether to enable qtile.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/qtile.nix>
- services.xserver.windowManager.ratpoison.enable
Whether to enable ratpoison.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/ratpoison.nix>
- services.xserver.windowManager.sawfish.enable
Whether to enable sawfish.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/sawfish.nix>
- services.xserver.windowManager.smallwm.enable
Whether to enable smallwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/smallwm.nix>
- services.xserver.windowManager.spectrwm.enable
Whether to enable spectrwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/spectrwm.nix>
- services.xserver.windowManager.stumpwm.enable
Whether to enable stumpwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/stumpwm.nix>
- services.xserver.windowManager.tinywm.enable
Whether to enable tinywm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/tinywm.nix>
- services.xserver.windowManager.twm.enable
Whether to enable twm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/twm.nix>
- services.xserver.windowManager.windowlab.enable
Whether to enable windowlab.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/windowlab.nix>
- services.xserver.windowManager.windowmaker.enable
Whether to enable windowmaker.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/windowmaker.nix>
- services.xserver.windowManager.wmderland.enable
Whether to enable wmderland.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/wmderland.nix>
- services.xserver.windowManager.wmderland.extraPackages
Extra packages to be installed system wide.
Type: list of packages
Default:
with pkgs; [ rofi dunst light hsetroot feh rxvt-unicode ]
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/wmderland.nix>
- services.xserver.windowManager.wmderland.extraSessionCommands
Shell commands executed just before wmderland is started.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/wmderland.nix>
- services.xserver.windowManager.wmii.enable
Whether to enable wmii.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/wmii.nix>
- services.xserver.windowManager.xmonad.enable
Whether to enable xmonad.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
- services.xserver.windowManager.xmonad.enableContribAndExtras
Enable xmonad-{contrib,extras} in Xmonad.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
- services.xserver.windowManager.xmonad.config
Configuration from which XMonad gets compiled. If no value is specified, a vanilla xmonad binary is put in PATH, which will attempt to recompile and exec your xmonad config from $HOME/.xmonad. This setup is then analogous to other (non-NixOS) linux distributions.
If you do set this option, you likely want to use "launch" as your entry point for xmonad (as in the example), to avoid xmonad's recompilation logic on startup. Doing so will render the default "mod+q" restart key binding dysfunctional though, because that attempts to call your binary with the "--restart" command line option, unless you implement that yourself. You way mant to bind "mod+q" to (restart "xmonad" True) instead, which will just restart xmonad from PATH. This allows e.g. switching to the new xmonad binary after rebuilding your system with nixos-rebuild. For the same reason, ghc is not added to the environment when this option is set.
If you actually want to run xmonad with a config specified here, but also be able to recompile and restart it from a copy of that source in $HOME/.xmonad on the fly, you will have to implement that yourself using something like "compileRestart" from the example. This should allow you to switch at will between the local xmonad and the one NixOS puts in your PATH.
Type: null or path or string
Default: null
Example:
'' import XMonad import XMonad.Util.EZConfig (additionalKeys) import Control.Monad (when) import Text.Printf (printf) import System.Posix.Process (executeFile) import System.Info (arch,os) import System.Environment (getArgs) import System.FilePath ((</>)) compiledConfig = printf "xmonad-%s-%s" arch os compileRestart resume = whenX (recompile True) $ when resume writeStateToFile *> catchIO ( do dir <- getXMonadDataDir args <- getArgs executeFile (dir </> compiledConfig) False args Nothing ) main = launch defaultConfig { modMask = mod4Mask -- Use Super instead of Alt , terminal = "urxvt" } `additionalKeys` [ ( (mod4Mask,xK_r), compileRestart True) , ( (mod4Mask,xK_q), restart "xmonad" True ) ] ''Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
- services.xserver.windowManager.xmonad.extraPackages
Extra packages available to ghc when rebuilding Xmonad. The value must be a function which receives the attrset defined in haskellPackages as the sole argument.
Type: function that evaluates to a(n) listOf
Default: self: []
Example:
haskellPackages: [ haskellPackages.xmonad-contrib haskellPackages.monad-logger ]
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
- services.xserver.windowManager.xmonad.ghcArgs
Command line arguments passed to the compiler (ghc) invocation when xmonad.config is set.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
- services.xserver.windowManager.xmonad.haskellPackages
haskellPackages used to build Xmonad and other packages. This can be used to change the GHC version used to build Xmonad and the packages listed in extraPackages.
Type: unspecified
Default: pkgs.haskellPackages
Example: pkgs.haskell.packages.ghc784
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
- services.xserver.windowManager.xmonad.xmonadCliArgs
Command line arguments passed to the xmonad binary.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
- services.xserver.windowManager.yeahwm.enable
Whether to enable yeahwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/yeahwm.nix>
- services.xserver.xautolock.enable
Whether to enable xautolock.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
- services.xserver.xautolock.enableNotifier
Whether to enable the notifier feature of xautolock. This publishes a notification before the autolock.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
- services.xserver.xautolock.extraOptions
Additional command-line arguments to pass to xautolock.
Type: list of strings
Default: [ ]
Example: [ "-detectsleep" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
- services.xserver.xautolock.killer
The script to use when nothing has happend for as long as killtime
Type: null or string
Default: null
Example: "/run/current-system/systemd/bin/systemctl suspend"
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
- services.xserver.xautolock.killtime
Minutes xautolock waits until it executes the script specified in killer (Has to be at least 10 minutes)
Type: signed integer
Default: 20
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
- services.xserver.xautolock.locker
The script to use when automatically locking the computer.
Type: string
Default: "${pkgs.xlockmore}/bin/xlock"
Example: "${pkgs.i3lock}/bin/i3lock -i /path/to/img"
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
- services.xserver.xautolock.notifier
Notification script to be used to warn about the pending autolock.
Type: null or string
Default: null
Example: "${pkgs.libnotify}/bin/notify-send 'Locking in 10 seconds'"
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
- services.xserver.xautolock.notify
Time (in seconds) before the actual lock when the notification about the pending lock should be published.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
- services.xserver.xautolock.nowlocker
The script to use when manually locking the computer with xautolock -locknow.
Type: null or string
Default: null
Example: "${pkgs.i3lock}/bin/i3lock -i /path/to/img"
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
- services.xserver.xautolock.time
Idle time (in minutes) to wait until xautolock locks the computer.
Type: signed integer
Default: 15
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
- services.xserver.xkbDir
Path used for -xkbdir xserver parameter.
Type: path
Default: "${pkgs.xkeyboard_config}/etc/X11/xkb"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.xkbModel
Keyboard model.
Type: string
Default: "pc104"
Example: "presario"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.xkbOptions
X keyboard options; layout switching goes here.
Type: strings concatenated with ","
Default: "terminate:ctrl_alt_bksp"
Example: "grp:caps_toggle,grp_led:scroll"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.xkbVariant
X keyboard variant.
Type: string
Default: ""
Example: "colemak"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.xrandrHeads
Multiple monitor configuration, just specify a list of XRandR outputs. The individual elements should be either simple strings or an attribute set of output options.
If the element is a string, it is denoting the physical output for a monitor, if it's an attribute set, you must at least provide the output option.
The monitors will be mapped from left to right in the order of the list.
By default, the first monitor will be set as the primary monitor if none of the elements contain an option that has set primary to true.
Note
Only one monitor is allowed to be primary.Be careful using this option with multiple graphic adapters or with drivers that have poor support for XRandR, unexpected things might happen with those.
Type: list of submodule or string convertible to its
Default: [ ]
Example: [ "HDMI-0" { output = "DVI-0"; primary = true; } { monitorConfig = ''Option "Rotate" "left"''; output = "DVI-1"; } ]
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.xrandrHeads.*.monitorConfig
Extra lines to append to the Monitor section verbatim. Available options are documented in the MONITOR section in xorg.conf(5).
Type: strings concatenated with "\n"
Default: ""
Example:
'' DisplaySize 408 306 Option "DPMS" "false" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.xrandrHeads.*.output
The output name of the monitor, as shown by xrandr(1) invoked without arguments.
Type: string
Example: "DVI-0"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xserver.xrandrHeads.*.primary
Whether this head is treated as the primary monitor,
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
- services.xtreemfs.enable
Whether to enable XtreemFS.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.dir.enable
Whether to enable XtreemFS DIR service.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.dir.address
If specified, it defines the interface to listen on. If not specified, the service will listen on all interfaces (any).
Type: string
Default: ""
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.dir.extraConfig
Configuration of XtreemFS DIR service. WARNING: configuration is saved as plaintext inside nix store. For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html
Type: strings concatenated with "\n"
Default: ""
Example:
'' # specify whether SSL is required ssl.enabled = true ssl.service_creds.pw = passphrase ssl.service_creds.container = pkcs12 ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/dir.p12 ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks ssl.trusted_certs.pw = jks_passphrase ssl.trusted_certs.container = jks ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.dir.httpPort
Specifies the listen port for the HTTP service that returns the status page.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 30638
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.dir.port
The port to listen on for incoming connections (TCP).
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 32638
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.dir.replication.enable
Whether to enable XtreemFS DIR replication plugin.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.dir.replication.extraConfig
Configuration of XtreemFS DIR replication plugin. WARNING: configuration is saved as plaintext inside nix store. For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html
Type: strings concatenated with "\n"
Example:
'' # participants of the replication including this replica babudb.repl.participant.0 = 192.168.0.10 babudb.repl.participant.0.port = 35676 babudb.repl.participant.1 = 192.168.0.11 babudb.repl.participant.1.port = 35676 babudb.repl.participant.2 = 192.168.0.12 babudb.repl.participant.2.port = 35676 # number of servers that at least have to be up to date # To have a fault-tolerant system, this value has to be set to the # majority of nodes i.e., if you have three replicas, set this to 2 # Please note that a setup with two nodes provides no fault-tolerance. babudb.repl.sync.n = 2 # specify whether SSL is required babudb.ssl.enabled = true babudb.ssl.protocol = tlsv12 # server credentials for SSL handshakes babudb.ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/osd.p12 babudb.ssl.service_creds.pw = passphrase babudb.ssl.service_creds.container = pkcs12 # trusted certificates for SSL handshakes babudb.ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks babudb.ssl.trusted_certs.pw = jks_passphrase babudb.ssl.trusted_certs.container = jks babudb.ssl.authenticationWithoutEncryption = false ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.dir.syncMode
The sync mode influences how operations are committed to the disk log before the operation is acknowledged to the caller.
-ASYNC mode the writes to the disk log are buffered in memory by the operating system. This is the fastest mode but will lead to data loss in case of a crash, kernel panic or power failure. -SYNC_WRITE_METADATA opens the file with O_SYNC, the system will not buffer any writes. The operation will be acknowledged when data has been safely written to disk. This mode is slow but offers maximum data safety. However, BabuDB cannot influence the disk drive caches, this depends on the OS and hard disk model. -SYNC_WRITE similar to SYNC_WRITE_METADATA but opens file with O_DSYNC which means that only the data is commit to disk. This can lead to some data loss depending on the implementation of the underlying file system. Linux does not implement this mode. -FDATASYNC is similar to SYNC_WRITE but opens the file in asynchronous mode and calls fdatasync() after writing the data to disk. -FSYNC is similar to SYNC_WRITE_METADATA but opens the file in asynchronous mode and calls fsync() after writing the data to disk.
For best throughput use ASYNC, for maximum data safety use FSYNC.
(If xtreemfs.dir.replication.enable is true then FDATASYNC is forced)
Type: one of "ASYNC", "SYNC_WRITE_METADATA", "SYNC_WRITE", "FDATASYNC", "FSYNC"
Default: "FSYNC"
Example: "FDATASYNC"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.dir.uuid
Must be set to a unique identifier, preferably a UUID according to RFC 4122. UUIDs can be generated with `uuidgen` command, found in the `util-linux` package.
Type: string
Example: "eacb6bab-f444-4ebf-a06a-3f72d7465e40"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.homeDir
XtreemFS home dir for the xtreemfs user.
Type: path
Default: "/var/lib/xtreemfs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.mrc.enable
Whether to enable XtreemFS MRC service.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.mrc.address
If specified, it defines the interface to listen on. If not specified, the service will listen on all interfaces (any).
Type: string
Default: ""
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.mrc.extraConfig
Configuration of XtreemFS MRC service. WARNING: configuration is saved as plaintext inside nix store. For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html
Type: strings concatenated with "\n"
Example:
'' osd_check_interval = 300 no_atime = true local_clock_renewal = 0 remote_time_sync = 30000 authentication_provider = org.xtreemfs.common.auth.NullAuthProvider # shared secret between the MRC and all OSDs capability_secret = iNG8UuQJrJ6XVDTe dir_service.host = 192.168.0.10 dir_service.port = 32638 # if replication is enabled dir_service.1.host = 192.168.0.11 dir_service.1.port = 32638 dir_service.2.host = 192.168.0.12 dir_service.2.port = 32638 # specify whether SSL is required ssl.enabled = true ssl.protocol = tlsv12 ssl.service_creds.pw = passphrase ssl.service_creds.container = pkcs12 ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/mrc.p12 ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks ssl.trusted_certs.pw = jks_passphrase ssl.trusted_certs.container = jks ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.mrc.httpPort
Specifies the listen port for the HTTP service that returns the status page.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 30636
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.mrc.port
The port to listen on for incoming connections (TCP).
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 32636
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.mrc.replication.enable
Whether to enable XtreemFS MRC replication plugin.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.mrc.replication.extraConfig
Configuration of XtreemFS MRC replication plugin. WARNING: configuration is saved as plaintext inside nix store. For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html
Type: strings concatenated with "\n"
Example:
'' # participants of the replication including this replica babudb.repl.participant.0 = 192.168.0.10 babudb.repl.participant.0.port = 35678 babudb.repl.participant.1 = 192.168.0.11 babudb.repl.participant.1.port = 35678 babudb.repl.participant.2 = 192.168.0.12 babudb.repl.participant.2.port = 35678 # number of servers that at least have to be up to date # To have a fault-tolerant system, this value has to be set to the # majority of nodes i.e., if you have three replicas, set this to 2 # Please note that a setup with two nodes provides no fault-tolerance. babudb.repl.sync.n = 2 # specify whether SSL is required babudb.ssl.enabled = true babudb.ssl.protocol = tlsv12 # server credentials for SSL handshakes babudb.ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/osd.p12 babudb.ssl.service_creds.pw = passphrase babudb.ssl.service_creds.container = pkcs12 # trusted certificates for SSL handshakes babudb.ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks babudb.ssl.trusted_certs.pw = jks_passphrase babudb.ssl.trusted_certs.container = jks babudb.ssl.authenticationWithoutEncryption = false ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.mrc.syncMode
The sync mode influences how operations are committed to the disk log before the operation is acknowledged to the caller.
-ASYNC mode the writes to the disk log are buffered in memory by the operating system. This is the fastest mode but will lead to data loss in case of a crash, kernel panic or power failure. -SYNC_WRITE_METADATA opens the file with O_SYNC, the system will not buffer any writes. The operation will be acknowledged when data has been safely written to disk. This mode is slow but offers maximum data safety. However, BabuDB cannot influence the disk drive caches, this depends on the OS and hard disk model. -SYNC_WRITE similar to SYNC_WRITE_METADATA but opens file with O_DSYNC which means that only the data is commit to disk. This can lead to some data loss depending on the implementation of the underlying file system. Linux does not implement this mode. -FDATASYNC is similar to SYNC_WRITE but opens the file in asynchronous mode and calls fdatasync() after writing the data to disk. -FSYNC is similar to SYNC_WRITE_METADATA but opens the file in asynchronous mode and calls fsync() after writing the data to disk.
For best throughput use ASYNC, for maximum data safety use FSYNC.
(If xtreemfs.mrc.replication.enable is true then FDATASYNC is forced)
Type: one of "ASYNC", "SYNC_WRITE_METADATA", "SYNC_WRITE", "FDATASYNC", "FSYNC"
Default: "FSYNC"
Example: "FDATASYNC"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.mrc.uuid
Must be set to a unique identifier, preferably a UUID according to RFC 4122. UUIDs can be generated with `uuidgen` command, found in the `util-linux` package.
Type: string
Example: "eacb6bab-f444-4ebf-a06a-3f72d7465e41"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.osd.enable
Whether to enable XtreemFS OSD service.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.osd.address
If specified, it defines the interface to listen on. If not specified, the service will listen on all interfaces (any).
Type: string
Default: ""
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.osd.extraConfig
Configuration of XtreemFS OSD service. WARNING: configuration is saved as plaintext inside nix store. For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html
Type: strings concatenated with "\n"
Example:
'' local_clock_renewal = 0 remote_time_sync = 30000 report_free_space = true capability_secret = iNG8UuQJrJ6XVDTe dir_service.host = 192.168.0.10 dir_service.port = 32638 # if replication is used dir_service.1.host = 192.168.0.11 dir_service.1.port = 32638 dir_service.2.host = 192.168.0.12 dir_service.2.port = 32638 # specify whether SSL is required ssl.enabled = true ssl.service_creds.pw = passphrase ssl.service_creds.container = pkcs12 ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/osd.p12 ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks ssl.trusted_certs.pw = jks_passphrase ssl.trusted_certs.container = jks ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.osd.httpPort
Specifies the listen port for the HTTP service that returns the status page.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 30640
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.osd.port
The port to listen on for incoming connections (TCP and UDP).
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 32640
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.xtreemfs.osd.uuid
Must be set to a unique identifier, preferably a UUID according to RFC 4122. UUIDs can be generated with `uuidgen` command, found in the `util-linux` package.
Type: string
Example: "eacb6bab-f444-4ebf-a06a-3f72d7465e42"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
- services.yandex-disk.enable
Whether to enable Yandex-disk client. See https://disk.yandex.ru/
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix>
- services.yandex-disk.directory
The directory to use for Yandex.Disk storage
Type: path
Default: "/home/Yandex.Disk"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix>
- services.yandex-disk.excludes
Comma-separated list of directories which are excluded from synchronization.
Type: strings concatenated with ","
Default: ""
Example: "data,backup"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix>
- services.yandex-disk.password
Your yandex.com password. Warning: it will be world-readable in /nix/store.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix>
- services.yandex-disk.user
The user the yandex-disk daemon should run as.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix>
- services.yandex-disk.username
Your yandex.com login name.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix>
- services.yggdrasil.enable
Whether to enable the yggdrasil system service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/yggdrasil.nix>
- services.yggdrasil.package
Yggdrasil package to use.
Type: package
Default: pkgs.yggdrasil
Declared by:
<nixpkgs/nixos/modules/services/networking/yggdrasil.nix>
- services.yggdrasil.config
Configuration for yggdrasil, as a Nix attribute set.
Warning: this is stored in the WORLD-READABLE Nix store! Therefore, it is not appropriate for private keys. If you wish to specify the keys, use configFile.
If the persistentKeys is enabled then the keys that are generated during activation will override those in config or configFile.
If no keys are specified then ephemeral keys are generated and the Yggdrasil interface will have a random IPv6 address each time the service is started, this is the default.
If both configFile and config are supplied, they will be combined, with values from configFile taking precedence.
You can use the command nix-shell -p yggdrasil --run "yggdrasil -genconf" to generate default configuration values with documentation.
Type: attribute set
Default: { }
Example: { Listen = [ "tcp://0.0.0.0:xxxxx" ] ; Peers = [ "tcp://aa.bb.cc.dd:eeeee" "tcp://[aaaa:bbbb:cccc:dddd::eeee]:fffff" ] ; }
Declared by:
<nixpkgs/nixos/modules/services/networking/yggdrasil.nix>
- services.yggdrasil.configFile
A file which contains JSON configuration for yggdrasil. See the config option for more information.
Type: null or path
Default: null
Example: "/run/keys/yggdrasil.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/yggdrasil.nix>
- services.yggdrasil.denyDhcpcdInterfaces
Disable the DHCP client for any interface whose name matches any of the shell glob patterns in this list. Use this option to prevent the DHCP client from broadcasting requests on the yggdrasil network. It is only necessary to do so when yggdrasil is running in TAP mode, because TUN interfaces do not support broadcasting.
Type: list of strings
Default: [ ]
Example: [ "tap*" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/yggdrasil.nix>
- services.yggdrasil.group
Group to grant access to the Yggdrasil control socket.
Type: string
Default: "root"
Example: "wheel"
Declared by:
<nixpkgs/nixos/modules/services/networking/yggdrasil.nix>
- services.yggdrasil.openMulticastPort
Whether to open the UDP port used for multicast peer discovery. The NixOS firewall blocks link-local communication, so in order to make local peering work you will also need to set LinkLocalTCPPort in your yggdrasil configuration (config or configFile) to a port number other than 0, and then add that port to networking.firewall.allowedTCPPorts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/yggdrasil.nix>
- services.yggdrasil.persistentKeys
Whether to enable If enabled then keys will be generated once and Yggdrasil will retain the same IPv6 address when the service is restarted. Keys are stored at /var/lib/yggdrasil/keys.json. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/yggdrasil.nix>
- services.ympd.enable
Whether to enable ympd, the MPD Web GUI.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/ympd.nix>
- services.ympd.mpd.host
The host where MPD is listening.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/audio/ympd.nix>
- services.ympd.mpd.port
The port where MPD is listening.
Type: signed integer
Default: 6600
Example: 6600
Declared by:
<nixpkgs/nixos/modules/services/audio/ympd.nix>
- services.ympd.webPort
The port where ympd's web interface will be available.
Type: string or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: "8080"
Example: "ssl://8080:/path/to/ssl-private-key.pem"
Declared by:
<nixpkgs/nixos/modules/services/audio/ympd.nix>
- services.youtrack.enable
Whether to enable YouTrack service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
- services.youtrack.package
Package to use.
Type: package
Default: pkgs.youtrack
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
- services.youtrack.address
The interface youtrack will listen on.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
- services.youtrack.baseUrl
Base URL for youtrack. Will be auto-detected and stored in database.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
- services.youtrack.extraParams
Extra parameters to pass to youtrack. See https://www.jetbrains.com/help/youtrack/standalone/YouTrack-Java-Start-Parameters.html for more information.
Type: attribute set of strings
Default: { }
Example:
{ "jetbrains.youtrack.overrideRootPassword" = "tortuga"; }Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
- services.youtrack.jvmOpts
Extra options to pass to the JVM. See https://www.jetbrains.com/help/youtrack/standalone/Configure-JVM-Options.html for more information.
Type: strings concatenated with " "
Default: ""
Example: "-XX:MetaspaceSize=250m"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
- services.youtrack.maxMemory
Maximum Java heap size
Type: string
Default: "1g"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
- services.youtrack.maxMetaspaceSize
Maximum java Metaspace memory.
Type: string
Default: "350m"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
- services.youtrack.port
The port youtrack will listen on.
Type: signed integer
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
- services.youtrack.statePath
Where to keep the youtrack database.
Type: path
Default: "/var/lib/youtrack"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
- services.youtrack.virtualHost
Name of the nginx virtual host to use and setup. If null, do not setup anything.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
- services.yubikey-agent.enable
Whether to start yubikey-agent when you log in. Also sets SSH_AUTH_SOCK to point at yubikey-agent.
Note that yubikey-agent will use whatever pinentry is specified in programs.gnupg.agent.pinentryFlavor.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/yubikey-agent.nix>
- services.yubikey-agent.package
The package used for the yubikey-agent daemon.
Type: package
Default: pkgs.yubikey-agent
Declared by:
<nixpkgs/nixos/modules/services/security/yubikey-agent.nix>
- services.zabbixAgent.enable
Whether to enable the Zabbix Agent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
- services.zabbixAgent.package
The Zabbix package to use.
Type: package
Default: pkgs.zabbix.agent
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
- services.zabbixAgent.extraPackages
Packages to be added to the Zabbix PATH. Typically used to add executables for scripts, but can be anything.
Type: list of packages
Default: with pkgs; [ nettools ]
Example: with pkgs; [ nettools mysql ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
- services.zabbixAgent.listen.ip
List of comma delimited IP addresses that the agent should listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
- services.zabbixAgent.listen.port
Agent will listen on this port for connections from the server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 10050
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
- services.zabbixAgent.modules
A set of modules to load.
Type: attribute set of packages
Default: { }
Example:
{ "dummy.so" = pkgs.stdenv.mkDerivation { name = "zabbix-dummy-module-${cfg.package.version}"; src = cfg.package.src; buildInputs = [ cfg.package ]; sourceRoot = "zabbix-${cfg.package.version}/src/modules/dummy"; installPhase = '' mkdir -p $out/lib cp dummy.so $out/lib/ ''; }; }Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
- services.zabbixAgent.openFirewall
Open ports in the firewall for the Zabbix Agent.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
- services.zabbixAgent.server
The IP address or hostname of the Zabbix server to connect to.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
- services.zabbixAgent.settings
Zabbix Agent configuration. Refer to https://www.zabbix.com/documentation/current/manual/appendix/config/zabbix_agentd for details on supported values.
Type: attribute set of signed integer or string or list of stringss
Default: { }
Example: { DebugLevel = 4; Hostname = "example.org"; }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
- services.zabbixProxy.enable
Whether to enable the Zabbix Proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
- services.zabbixProxy.package
The Zabbix package to use.
Type: package
Default: pkgs.zabbix.proxy-pgsql
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
- services.zabbixProxy.database.createLocally
Whether to create a local database automatically.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
- services.zabbixProxy.database.host
Database host address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
- services.zabbixProxy.database.name
Database name.
Type: string
Default: zabbix
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
- services.zabbixProxy.database.passwordFile
A file containing the password corresponding to database.user.
Type: null or path
Default: null
Example: "/run/keys/zabbix-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
- services.zabbixProxy.database.port
Database host port.
Type: signed integer
Default: 5432
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
- services.zabbixProxy.database.socket
Path to the unix socket file to use for authentication.
Type: null or path
Default: null
Example: "/run/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
- services.zabbixProxy.database.type
Database engine to use.
Type: one of "mysql", "pgsql", "sqlite"
Default: "pgsql"
Example: "mysql"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
- services.zabbixProxy.database.user
Database user.
Type: string
Default: "zabbix"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
- services.zabbixProxy.extraPackages
Packages to be added to the Zabbix PATH. Typically used to add executables for scripts, but can be anything.
Type: list of packages
Default: [ nettools nmap traceroute ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
- services.zabbixProxy.listen.ip
List of comma delimited IP addresses that the trapper should listen on. Trapper will listen on all network interfaces if this parameter is missing.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
- services.zabbixProxy.listen.port
Listen port for trapper.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 10051
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
- services.zabbixProxy.modules
A set of modules to load.
Type: attribute set of packages
Default: { }
Example:
{ "dummy.so" = pkgs.stdenv.mkDerivation { name = "zabbix-dummy-module-${cfg.package.version}"; src = cfg.package.src; buildInputs = [ cfg.package ]; sourceRoot = "zabbix-${cfg.package.version}/src/modules/dummy"; installPhase = '' mkdir -p $out/lib cp dummy.so $out/lib/ ''; }; }Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
- services.zabbixProxy.openFirewall
Open ports in the firewall for the Zabbix Proxy.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
- services.zabbixProxy.server
The IP address or hostname of the Zabbix server to connect to.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
- services.zabbixProxy.settings
Zabbix Proxy configuration. Refer to https://www.zabbix.com/documentation/current/manual/appendix/config/zabbix_proxy for details on supported values.
Type: attribute set of signed integer or string or list of stringss
Default: { }
Example: { CacheSize = "1G"; SSHKeyLocation = "/var/lib/zabbix/.ssh"; StartPingers = 32; }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
- services.zabbixServer.enable
Whether to enable the Zabbix Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
- services.zabbixServer.package
The Zabbix package to use.
Type: package
Default: pkgs.zabbix.server-pgsql
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
- services.zabbixServer.database.createLocally
Whether to create a local database automatically.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
- services.zabbixServer.database.host
Database host address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
- services.zabbixServer.database.name
Database name.
Type: string
Default: "zabbix"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
- services.zabbixServer.database.passwordFile
A file containing the password corresponding to database.user.
Type: null or path
Default: null
Example: "/run/keys/zabbix-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
- services.zabbixServer.database.port
Database host port.
Type: signed integer
Default: 5432
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
- services.zabbixServer.database.socket
Path to the unix socket file to use for authentication.
Type: null or path
Default: null
Example: "/run/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
- services.zabbixServer.database.type
Database engine to use.
Type: one of "mysql", "pgsql"
Default: "pgsql"
Example: "mysql"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
- services.zabbixServer.database.user
Database user.
Type: string
Default: "zabbix"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
- services.zabbixServer.extraPackages
Packages to be added to the Zabbix PATH. Typically used to add executables for scripts, but can be anything.
Type: list of packages
Default: [ nettools nmap traceroute ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
- services.zabbixServer.listen.ip
List of comma delimited IP addresses that the trapper should listen on. Trapper will listen on all network interfaces if this parameter is missing.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
- services.zabbixServer.listen.port
Listen port for trapper.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 10051
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
- services.zabbixServer.modules
A set of modules to load.
Type: attribute set of packages
Default: { }
Example:
{ "dummy.so" = pkgs.stdenv.mkDerivation { name = "zabbix-dummy-module-${cfg.package.version}"; src = cfg.package.src; buildInputs = [ cfg.package ]; sourceRoot = "zabbix-${cfg.package.version}/src/modules/dummy"; installPhase = '' mkdir -p $out/lib cp dummy.so $out/lib/ ''; }; }Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
- services.zabbixServer.openFirewall
Open ports in the firewall for the Zabbix Server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
- services.zabbixServer.settings
Zabbix Server configuration. Refer to https://www.zabbix.com/documentation/current/manual/appendix/config/zabbix_server for details on supported values.
Type: attribute set of signed integer or string or list of stringss
Default: { }
Example: { CacheSize = "1G"; SSHKeyLocation = "/var/lib/zabbix/.ssh"; StartPingers = 32; }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
- services.zabbixWeb.enable
Whether to enable the Zabbix web interface.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.package
Which Zabbix package to use.
Type: package
Default: zabbix.web
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.database.host
Database host address.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.database.name
Database name.
Type: string
Default: "zabbix"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.database.passwordFile
A file containing the password corresponding to database.user.
Type: null or path
Default: null
Example: "/run/keys/zabbix-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.database.port
Database host port.
Type: signed integer
Default: 5432
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.database.socket
Path to the unix socket file to use for authentication.
Type: null or path
Default: null
Example: "/run/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.database.type
Database engine to use.
Type: one of "mysql", "pgsql", "oracle"
Default: "pgsql"
Example: "mysql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.database.user
Database user.
Type: string
Default: "zabbix"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.extraConfig
Additional configuration to be copied verbatim into zabbix.conf.php.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.poolConfig
Options for the Zabbix PHP pool. See the documentation on php-fpm.conf for details on configuration directives.
Type: attribute set of string or signed integer or booleans
Default: { pm = "dynamic"; pm.max_children = 32; pm.max_requests = 500; pm.max_spare_servers = 4; pm.min_spare_servers = 2; pm.start_servers = 2; }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.server.address
The IP address or hostname of the Zabbix server to connect to.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.server.port
The port of the Zabbix server to connect to.
Type: signed integer
Default: 10051
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost
Apache configuration can be done by adapting services.httpd.virtualHosts.<name>. See services.httpd.virtualHosts for further information.
Type: submodule
Example:
{ hostName = "zabbix.example.org"; adminAddr = "webmaster@example.org"; forceSSL = true; enableACME = true; }Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.enableACME
Whether to ask Let's Encrypt to sign a certificate for this vhost. Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.enableUserDir
Whether to enable serving ~/public_html as /~username.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.acmeRoot
Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
Type: string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.addSSL
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.adminAddr
E-mail address of the server administrator.
Type: null or string
Default: null
Example: "admin@example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.documentRoot
The path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.extraConfig
These lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default.
Type: strings concatenated with "\n"
Default: ""
Example:
'' <Directory /home> Options FollowSymlinks AllowOverride All </Directory> ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.forceSSL
Whether to add a separate nginx server block that permanently redirects (301) all plain HTTP traffic to HTTPS. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.globalRedirect
If set, all requests for this host are redirected permanently to the given URL.
Type: null or string
Default: null
Example: "http://newserver.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.hostName
Canonical hostname for the server.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.http2
Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. However, if you use the prefork mpm, there will be severe restrictions. Refer to https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config for details.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.listen
Listen addresses and ports for this virtual host.
Note
This option overrides addSSL, forceSSL and onlySSL.If you only want to set the addresses manually and not the ports, take a look at listenAddresses.
Type: list of submodules
Default: [ ]
Example: [ { ip = "195.154.1.1"; port = 443; ssl = true; } { ip = "192.154.1.1"; port = 80; } { ip = "*"; port = 8080; } ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.listen.*.ip
IP to listen on. 0.0.0.0 for IPv4 only, * for all.
Type: string
Default: "*"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.listen.*.port
Port to listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.listen.*.ssl
Whether to enable SSL (https) support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.listenAddresses
Listen addresses for this virtual host. Compared to listen this only sets the addreses and the ports are chosen automatically.
Type: non-empty list of strings
Default: [ "*" ]
Example: [ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.locations
Declarative location config. See https://httpd.apache.org/docs/2.4/mod/core.html#location for details.
Type: attribute set of submodules
Default: { }
Example:
{ "/" = { proxyPass = "http://localhost:3000"; }; "/foo/bar.png" = { alias = "/home/eelco/some-file.png"; }; };Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.locations.<name>.alias
Alias directory for requests. See https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.locations.<name>.extraConfig
These lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.locations.<name>.index
Adds DirectoryIndex directive. See https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.locations.<name>.priority
Order of this location block in relation to the others in the vhost. The semantics are the same as with `lib.mkOrder`. Smaller values have a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.locations.<name>.proxyPass
Sets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.logFormat
Log format for Apache's log files. Possible values are: combined, common, referer, agent.
Type: string
Default: "common"
Example: "combined"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.onlySSL
Whether to enable HTTPS and reject plain HTTP connections. This will set defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.robotsEntries
Specification of pages to be ignored by web crawlers. See http://www.robotstxt.org/ for details.
Type: strings concatenated with "\n"
Default: ""
Example: "Disallow: /foo/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.servedDirs
This option provides a simple way to serve static directories.
Type: list of attribute sets
Default: [ ]
Example: [ { dir = "/home/eelco/Dev/nix-homepage"; urlPath = "/nix"; } ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.servedFiles
This option provides a simple way to serve individual, static files.
Note
This option has been deprecated and will be removed in a future version of NixOS. You can achieve the same result by making use of the locations.<name>.alias option.Type: list of attribute sets
Default: [ ]
Example: [ { file = "/home/eelco/some-file.png"; urlPath = "/foo/bar.png"; } ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of strings
Default: [ ]
Example: [ "www.example.org" "www.example.org:8080" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.sslServerCert
Path to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.sslServerChain
Path to server SSL chain file.
Type: null or path
Default: null
Example: "/var/ca.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.sslServerKey
Path to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zabbixWeb.virtualHost.useACMEHost
A host of an existing Let's Encrypt certificate to use. This is useful if you have many subdomains and want to avoid hitting the rate limit. Alternately, you can generate a certificate through enableACME. Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
- services.zeitgeist.enable
Whether to enable zeitgeist.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/zeitgeist.nix>
- services.zerobin.enable
Whether to enable 0bin.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/zerobin.nix>
- services.zerobin.dataDir
Path to the 0bin data directory
Type: string
Default: "/var/lib/zerobin"
Declared by:
<nixpkgs/nixos/modules/services/networking/zerobin.nix>
- services.zerobin.extraConfig
Extra configuration to be appended to the 0bin config file (see https://0bin.readthedocs.org/en/latest/en/options.html)
Type: strings concatenated with "\n"
Default: ""
Example:
'' MENU = ( ('Home', '/'), ) COMPRESSED_STATIC_FILE = True ''Declared by:
<nixpkgs/nixos/modules/services/networking/zerobin.nix>
- services.zerobin.group
The group 0bin should run as
Type: string
Default: "zerobin"
Declared by:
<nixpkgs/nixos/modules/services/networking/zerobin.nix>
- services.zerobin.listenAddress
The address zerobin should listen to
Type: string
Default: "localhost"
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/zerobin.nix>
- services.zerobin.listenPort
The port zerobin should listen on
Type: signed integer
Default: 8000
Example: 1357
Declared by:
<nixpkgs/nixos/modules/services/networking/zerobin.nix>
- services.zerobin.user
The user 0bin should run as
Type: string
Default: "zerobin"
Declared by:
<nixpkgs/nixos/modules/services/networking/zerobin.nix>
- services.zeronet.enable
Whether to enable zeronet.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/zeronet.nix>
- services.zeronet.fileserverPort
Zeronet fileserver port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 12261
Declared by:
<nixpkgs/nixos/modules/services/networking/zeronet.nix>
- services.zeronet.port
Optional zeronet web UI port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 43110
Declared by:
<nixpkgs/nixos/modules/services/networking/zeronet.nix>
- services.zeronet.settings
zeronet.conf configuration. Refer to https://zeronet.readthedocs.io/en/latest/faq/#is-it-possible-to-use-a-configuration-file for details on supported values;
Type: attribute set of string or signed integer or boolean or list of stringss
Default: { }
Example: { global.tor = enable; }
Declared by:
<nixpkgs/nixos/modules/services/networking/zeronet.nix>
- services.zeronet.tor
Use TOR for zeronet traffic where possible.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/zeronet.nix>
- services.zeronet.torAlways
Use TOR for all zeronet traffic.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/zeronet.nix>
- services.zerotierone.enable
Whether to enable ZeroTierOne.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/zerotierone.nix>
- services.zerotierone.package
ZeroTier One package to use.
Type: package
Default: pkgs.zerotierone
Declared by:
<nixpkgs/nixos/modules/services/networking/zerotierone.nix>
- services.zerotierone.joinNetworks
List of ZeroTier Network IDs to join on startup
Type: list of strings
Default: [ ]
Example: [ "a8a2c3c10c1a68de" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/zerotierone.nix>
- services.zerotierone.port
Network port used by ZeroTier.
Type: signed integer
Default: 9993
Declared by:
<nixpkgs/nixos/modules/services/networking/zerotierone.nix>
- services.zfs.autoReplication.enable
Whether to enable ZFS snapshot replication..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/zfs-replication.nix>
- services.zfs.autoReplication.followDelete
Remove remote snapshots that don't have a local correspondant.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/backup/zfs-replication.nix>
- services.zfs.autoReplication.host
Remote host where snapshots should be sent. lz4 is expected to be installed on this host.
Type: string
Example: "example.com"
Declared by:
<nixpkgs/nixos/modules/services/backup/zfs-replication.nix>
- services.zfs.autoReplication.identityFilePath
Path to SSH key used to login to host.
Type: path
Example: "/home/username/.ssh/id_rsa"
Declared by:
<nixpkgs/nixos/modules/services/backup/zfs-replication.nix>
- services.zfs.autoReplication.localFilesystem
Local ZFS fileystem from which snapshots should be sent. Defaults to the attribute name.
Type: string
Example: "pool/file/path"
Declared by:
<nixpkgs/nixos/modules/services/backup/zfs-replication.nix>
- services.zfs.autoReplication.recursive
Recursively discover snapshots to send.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/backup/zfs-replication.nix>
- services.zfs.autoReplication.remoteFilesystem
Remote ZFS filesystem where snapshots should be sent.
Type: string
Example: "pool/file/path"
Declared by:
<nixpkgs/nixos/modules/services/backup/zfs-replication.nix>
- services.zfs.autoReplication.username
Username used by SSH to login to remote host.
Type: string
Example: "username"
Declared by:
<nixpkgs/nixos/modules/services/backup/zfs-replication.nix>
- services.zfs.autoScrub.enable
Whether to enable periodic scrubbing of ZFS pools.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
- services.zfs.autoScrub.interval
Systemd calendar expression when to scrub ZFS pools. See systemd.time(7).
Type: string
Default: "Sun, 02:00"
Example: "daily"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
- services.zfs.autoScrub.pools
List of ZFS pools to periodically scrub. If empty, all pools will be scrubbed.
Type: list of strings
Default: [ ]
Example: [ "tank" ]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
- services.zfs.autoSnapshot.enable
Enable the (OpenSolaris-compatible) ZFS auto-snapshotting service. Note that you must set the com.sun:auto-snapshot property to true on all datasets which you wish to auto-snapshot.
You can override a child dataset to use, or not use auto-snapshotting by setting its flag with the given interval: zfs set com.sun:auto-snapshot:weekly=false DATASET
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
- services.zfs.autoSnapshot.daily
Number of daily auto-snapshots that you wish to keep.
Type: signed integer
Default: 7
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
- services.zfs.autoSnapshot.flags
Flags to pass to the zfs-auto-snapshot command.
Run zfs-auto-snapshot (without any arguments) to see available flags.
If it's not too inconvenient for snapshots to have timestamps in UTC, it is suggested that you append --utc to the list of default options (see example).
Otherwise, snapshot names can cause name conflicts or apparent time reversals due to daylight savings, timezone or other date/time changes.
Type: string
Default: "-k -p"
Example: "-k -p --utc"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
- services.zfs.autoSnapshot.frequent
Number of frequent (15-minute) auto-snapshots that you wish to keep.
Type: signed integer
Default: 4
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
- services.zfs.autoSnapshot.hourly
Number of hourly auto-snapshots that you wish to keep.
Type: signed integer
Default: 24
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
- services.zfs.autoSnapshot.monthly
Number of monthly auto-snapshots that you wish to keep.
Type: signed integer
Default: 12
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
- services.zfs.autoSnapshot.weekly
Number of weekly auto-snapshots that you wish to keep.
Type: signed integer
Default: 4
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
- services.zfs.expandOnBoot
After importing, expand each device in the specified pools.
Set the value to the plain string "all" to expand all pools on boot:
services.zfs.expandOnBoot = "all";
or set the value to a list of pools to expand the disks of specific pools:
services.zfs.expandOnBoot = [ "tank" "dozer" ];
Type: one of "disabled", "all" or list of strings
Default: "disabled"
Example: [ "tank" "dozer" ]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
- services.zfs.trim.enable
Whether to enable periodic TRIM on all ZFS pools.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
- services.zfs.trim.interval
How often we run trim. For most desktop and server systems a sufficient trimming frequency is once a week.
The format is described in systemd.time(7).
Type: string
Default: "weekly"
Example: "daily"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
- services.zfs.zed.enableMail
Whether to enable ZED's ability to send emails.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
- services.zfs.zed.settings
ZFS Event Daemon /etc/zfs/zed.d/zed.rc content
See zed(8) for details on ZED and the scripts in /etc/zfs/zed.d to find the possible variables
Type: attribute set of string or signed integer or boolean or list of stringss
Example:
{ ZED_DEBUG_LOG = "/tmp/zed.debug.log"; ZED_EMAIL_ADDR = [ "root" ]; ZED_EMAIL_PROG = "mail"; ZED_EMAIL_OPTS = "-s '@SUBJECT@' @ADDRESS@"; ZED_NOTIFY_INTERVAL_SECS = 3600; ZED_NOTIFY_VERBOSE = false; ZED_USE_ENCLOSURE_LEDS = true; ZED_SCRUB_AFTER_RESILVER = false; }Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
- services.zigbee2mqtt.enable
Whether to enable enable zigbee2mqtt service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/zigbee2mqtt.nix>
- services.zigbee2mqtt.package
Zigbee2mqtt package to use
Type: package
Default:
pkgs.zigbee2mqtt { dataDir = services.zigbee2mqtt.dataDir }Declared by:
<nixpkgs/nixos/modules/services/misc/zigbee2mqtt.nix>
- services.zigbee2mqtt.dataDir
Zigbee2mqtt data directory
Type: path
Default: "/var/lib/zigbee2mqtt"
Declared by:
<nixpkgs/nixos/modules/services/misc/zigbee2mqtt.nix>
- services.zigbee2mqtt.settings
Your configuration.yaml as a Nix attribute set. Check the documentation for possible options.
Type: YAML value
Default: { }
Example:
{ homeassistant = config.services.home-assistant.enable; permit_join = true; serial = { port = "/dev/ttyACM1"; }; }Declared by:
<nixpkgs/nixos/modules/services/misc/zigbee2mqtt.nix>
- services.znapzend.enable
Whether to enable ZnapZend ZFS backup daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.autoCreation
Automatically create the destination dataset if it does not exist.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.features.compressed
Whether to enable compressed feature which adds the options -Lce to the zfs send command. When this is enabled, make sure that both the sending and receiving pool have the same relevant features enabled. Using -c will skip unneccessary decompress-compress stages, -L is for large block support and -e is for embedded data support. see znapzend(1) and zfs(8) for more info. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.features.lowmemRecurse
Whether to enable use lowmemRecurse on systems where you have too many datasets, so a recursive listing of attributes to find backup plans exhausts the memory available to znapzend: instead, go the slower way to first list all impacted dataset names, and then query their configs one by one. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.features.oracleMode
Whether to enable Destroy snapshots one by one instead of using one long argument list. If source and destination are out of sync for a long time, you may have so many snapshots to destroy that the argument gets is too long and the command fails. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.features.recvu
Whether to enable recvu feature which uses -u on the receiving end to keep the destination filesystem unmounted. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.features.sendRaw
Whether to enable sendRaw feature which adds the options -w to the zfs send command. For encrypted source datasets this instructs zfs not to decrypt before sending which results in a remote backup that can't be read without the encryption key/passphrase, useful when the remote isn't fully trusted or not physically secure. This option must be used consistently, raw incrementals cannot be based on non-raw snapshots and vice versa. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.features.skipIntermediates
Whether to enable Enable the skipIntermediates feature to send a single increment between latest common snapshot and the newly made one. It may skip several source snaps if the destination was offline for some time, and it should skip snapshots not managed by znapzend. Normally for online destinations, the new snapshot is sent as soon as it is created on the source, so there are no automatic increments to skip. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.features.zfsGetType
Whether to enable use zfsGetType if your zfs get supports a -t argument for filtering by dataset type at all AND lists properties for snapshots by default when recursing, so that there is too much data to process while searching for backup plans. If these two conditions apply to your system, the time needed for a --recursive search for backup plans can literally differ by hundreds of times (depending on the amount of snapshots in that dataset tree... and a decent backup plan will ensure you have a lot of those), so you would benefit from requesting this feature. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.logLevel
The log level when logging to file. Any of debug, info, warning, err, alert. Default in daemonized form is debug.
Type: one of "debug", "info", "warning", "err", "alert"
Default: "debug"
Example: "warning"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.logTo
Where to log to (syslog::<facility> or <filepath>).
Type: string
Default: "syslog::daemon"
Example: "/var/log/znapzend.log"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.noDestroy
Does all changes to the filesystem except destroy.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.pure
Do not persist any stateful znapzend setups. If this option is enabled, your previously set znapzend setups will be cleared and only the ones defined with this module will be applied.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.zetup
Znapzend configuration.
Type: attribute set of submodules
Default: { }
Example:
{ "tank/home" = { # Make snapshots of tank/home every hour, keep those for 1 day, # keep every days snapshot for 1 month, etc. plan = "1d=>1h,1m=>1d,1y=>1m"; recursive = true; # Send all those snapshots to john@example.com:rtank/john as well destinations.remote = { host = "john@example.com"; dataset = "rtank/john"; }; }; };Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.zetup.<name>.enable
Whether to enable this source.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.zetup.<name>.dataset
The dataset to use for this source.
Type: string
Example: "tank/home"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.zetup.<name>.destinations
Additional destinations.
Type: attribute set of submodules
Default: { }
Example:
{ local = { dataset = "btank/backup"; presend = "zpool import -N btank"; postsend = "zpool export btank"; }; remote = { host = "john@example.com"; dataset = "tank/john"; }; };Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.zetup.<name>.destinations.<name>.dataset
Dataset name to send snapshots to.
Type: string
Example: "tank/main"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.zetup.<name>.destinations.<name>.host
Host to use for the destination dataset. Can be prefixed with user@ to specify the ssh user.
Type: null or string
Default: null
Example: "john@example.com"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.zetup.<name>.destinations.<name>.label
Label for this destination. Defaults to the attribute name.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.zetup.<name>.destinations.<name>.plan
The znapzend backup plan to use for the source.
The plan specifies how often to backup and for how long to keep the backups. It consists of a series of retention periodes to interval associations:
retA=>intA,retB=>intB,...
Both intervals and retention periods are expressed in standard units of time or multiples of them. You can use both the full name or a shortcut according to the following listing:
second|sec|s, minute|min, hour|h, day|d, week|w, month|mon|m, year|y
See znapzendzetup(1) for more info.
Type: string
Example: "1h=>10min,1d=>1h,1w=>1d,1m=>1w,1y=>1m"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.zetup.<name>.destinations.<name>.postsend
Command to run after sending the snapshot to the destination. Intended to run a remote script via ssh on the destination, e.g. to bring up a backup disk or server or to put a zpool online/offline. See also presend.
Type: null or string
Default: null
Example: "ssh root@bserv zpool export tank"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.zetup.<name>.destinations.<name>.presend
Command to run before sending the snapshot to the destination. Intended to run a remote script via ssh on the destination, e.g. to bring up a backup disk or server or to put a zpool online/offline. See also postsend.
Type: null or string
Default: null
Example: "ssh root@bserv zpool import -Nf tank"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.zetup.<name>.mbuffer.enable
Whether to use mbuffer.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.zetup.<name>.mbuffer.port
Port to use for mbuffer.
If this is null, it will run mbuffer through ssh.
If this is not null, it will run mbuffer directly through TCP, which is not encrypted but faster. In that case the given port needs to be open on the destination host.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.zetup.<name>.mbuffer.size
The size for mbuffer. Supports the units b, k, M, G.
Type: string of the form number{b|k|M|G}
Default: "1G"
Example: "128M"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.zetup.<name>.plan
The znapzend backup plan to use for the source.
The plan specifies how often to backup and for how long to keep the backups. It consists of a series of retention periodes to interval associations:
retA=>intA,retB=>intB,...
Both intervals and retention periods are expressed in standard units of time or multiples of them. You can use both the full name or a shortcut according to the following listing:
second|sec|s, minute|min, hour|h, day|d, week|w, month|mon|m, year|y
See znapzendzetup(1) for more info.
Type: string
Example: "1h=>10min,1d=>1h,1w=>1d,1m=>1w,1y=>1m"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.zetup.<name>.postsnap
Command to run after snapshots are taken on the source dataset, e.g. for database unlocking. See also presnap.
Type: null or string
Default: null
Example:
"${pkgs.coreutils}/bin/kill `${pkgs.coreutils}/bin/cat /tmp/mariadblock.pid`;${pkgs.coreutils}/bin/rm /tmp/mariadblock.pid"Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.zetup.<name>.presnap
Command to run before snapshots are taken on the source dataset, e.g. for database locking/flushing. See also postsnap.
Type: null or string
Default: null
Example:
''${pkgs.mariadb}/bin/mysql -e "set autocommit=0;flush tables with read lock;\\! ${pkgs.coreutils}/bin/sleep 600" & ${pkgs.coreutils}/bin/echo $! > /tmp/mariadblock.pid ; sleep 10''Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.zetup.<name>.recursive
Whether to do recursive snapshots.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.zetup.<name>.sendDelay
Specify delay (in seconds) before sending snaps to the destination. May be useful if you want to control sending time.
Type: signed integer
Default: 0
Example: 60
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znapzend.zetup.<name>.timestampFormat
The timestamp format to use for constructing snapshot names. The syntax is strftime-like. The string must consist of the mandatory %Y %m %d %H %M %S. Optionally - _ . : characters as well as any alphanumeric character are allowed. If suffixed by a Z, times will be in UTC.
Type: string containing all of the characters %Y, %m, %d, %H, %M, %S
Default: "%Y-%m-%d-%H%M%S"
Example: "znapzend-%m.%d.%Y-%H%M%SZ"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
- services.znc.enable
Whether to enable ZNC.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/default.nix>
- services.znc.confOptions.extraZncConf
Extra config to `znc.conf` file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
- services.znc.confOptions.modules
A list of modules to include in the `znc.conf` file.
Type: list of strings
Default: [ "webadmin" "adminlog" ]
Example: [ "partyline" "webadmin" "adminlog" "log" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
- services.znc.confOptions.networks
IRC networks to connect the user to.
Type: attribute set of submodules
Default: { }
Example:
{ "libera" = { server = "irc.libera.chat"; port = 6697; useSSL = true; modules = [ "simple_away" ]; }; };Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
- services.znc.confOptions.networks.<name>.channels
IRC channels to join.
Type: list of strings
Default: [ ]
Example: [ "nixos" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
- services.znc.confOptions.networks.<name>.extraConf
Extra config for the network. Consider using services.znc.config instead.
Type: strings concatenated with "\n"
Default: ""
Example:
'' Encoding = ^UTF-8 FloodBurst = 4 FloodRate = 1.00 IRCConnectEnabled = true Ident = johntron JoinDelay = 0 Nick = johntron ''
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
- services.znc.confOptions.networks.<name>.hasBitlbeeControlChannel
Whether to add the special Bitlbee operations channel.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
- services.znc.confOptions.networks.<name>.modules
ZNC network modules to load.
Type: list of strings
Default: [ "simple_away" ]
Example: [ "simple_away" "sasl" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
- services.znc.confOptions.networks.<name>.password
IRC server password, such as for a Slack gateway.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
- services.znc.confOptions.networks.<name>.port
IRC server port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 6697
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
- services.znc.confOptions.networks.<name>.server
IRC server address.
Type: string
Example: "irc.libera.chat"
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
- services.znc.confOptions.networks.<name>.useSSL
Whether to use SSL to connect to the IRC server.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
- services.znc.confOptions.nick
The IRC nick.
Type: string
Default: "znc-user"
Example: "john"
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
- services.znc.confOptions.passBlock
Generate with `nix-shell -p znc --command "znc --makepass"`. This is the password used to log in to the ZNC web admin interface. You can also set this through services.znc.config.User.<username>.Pass.Method and co.
Type: string
Example:
'' <Pass password> Method = sha256 Hash = e2ce303c7ea75c571d80d8540a8699b46535be6a085be3414947d638e48d9e93 Salt = l5Xryew4g*!oa(ECfX2o </Pass> ''
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
- services.znc.confOptions.port
Specifies the port on which to listen.
Type: signed integer
Default: 5000
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
- services.znc.confOptions.uriPrefix
An optional URI prefix for the ZNC web interface. Can be used to make ZNC available behind a reverse proxy.
Type: null or string
Default: null
Example: "/znc/"
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
- services.znc.confOptions.useSSL
Indicates whether the ZNC server should use SSL when listening on the specified port. A self-signed certificate will be generated.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
- services.znc.confOptions.userModules
A list of user modules to include in the `znc.conf` file.
Type: list of strings
Default: [ "chansaver" "controlpanel" ]
Example: [ "chansaver" "controlpanel" "fish" "push" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
- services.znc.confOptions.userName
The user name used to log in to the ZNC web admin interface.
Type: string
Default: "znc"
Example: "johntron"
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
- services.znc.config
Configuration for ZNC, see https://wiki.znc.in/Configuration for details. The Nix value declared here will be translated directly to the xml-like format ZNC expects. This is much more flexible than the legacy options under services.znc.confOptions.*, but also can't do any type checking.
You can use nix-instantiate --eval --strict '<nixpkgs/nixos>' -A config.services.znc.config to view the current value. By default it contains a listener for port 5000 with SSL enabled.
Nix attributes called extraConfig will be inserted verbatim into the resulting config file.
If services.znc.useLegacyConfig is turned on, the option values in services.znc.confOptions.* will be gracefully be applied to this option.
If you intend to update the configuration through this option, be sure to enable services.znc.mutable, otherwise none of the changes here will be applied after the initial deploy.
Type: attribute set of znc values (null, atoms (str, int, bool), list of atoms, or attrsets of znc values)s
Default: { }
Example:
{ LoadModule = [ "webadmin" "adminlog" ]; User.paul = { Admin = true; Nick = "paul"; AltNick = "paul1"; LoadModule = [ "chansaver" "controlpanel" ]; Network.libera = { Server = "irc.libera.chat +6697"; LoadModule = [ "simple_away" ]; Chan = { "#nixos" = { Detached = false; }; "##linux" = { Disabled = true; }; }; }; Pass.password = { Method = "sha256"; Hash = "e2ce303c7ea75c571d80d8540a8699b46535be6a085be3414947d638e48d9e93"; Salt = "l5Xryew4g*!oa(ECfX2o"; }; }; }Declared by:
<nixpkgs/nixos/modules/services/networking/znc/default.nix>
- services.znc.configFile
Configuration file for ZNC. It is recommended to use the config option instead.
Setting this option will override any auto-generated config file through the confOptions or config options.
Type: path
Example: ~/.znc/configs/znc.conf
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/default.nix>
- services.znc.dataDir
The state directory for ZNC. The config and the modules will be linked to from this directory as well.
Type: path
Default: "/var/lib/znc"
Example: "/home/john/.znc"
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/default.nix>
- services.znc.extraFlags
Extra arguments to use for executing znc.
Type: list of strings
Default: [ ]
Example: [ "--debug" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/default.nix>
- services.znc.group
Group to own the ZNC process.
Type: string
Default: "znc"
Example: "users"
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/default.nix>
- services.znc.modulePackages
A list of global znc module packages to add to znc.
Type: list of packages
Default: [ ]
Example: [ pkgs.zncModules.fish pkgs.zncModules.push ]
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/default.nix>
- services.znc.mutable
Indicates whether to allow the contents of the dataDir directory to be changed by the user at run-time.
If enabled, modifications to the ZNC configuration after its initial creation are not overwritten by a NixOS rebuild. If disabled, the ZNC configuration is rebuilt on every NixOS rebuild.
If the user wants to manage the ZNC service using the web admin interface, this option should be enabled.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/default.nix>
- services.znc.openFirewall
Whether to open ports in the firewall for ZNC. Does work with ports for listeners specified in services.znc.config.Listener.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/default.nix>
- services.znc.useLegacyConfig
Whether to propagate the legacy options under services.znc.confOptions.* to the znc config. If this is turned on, the znc config will contain a user with the default name "znc", global modules "webadmin" and "adminlog" will be enabled by default, and more, all controlled through the services.znc.confOptions.* options. You can use nix-instantiate --eval --strict '<nixpkgs/nixos>' -A config.services.znc.config to view the current value of the config.
In any case, if you need more flexibility, services.znc.config can be used to override/add to all of the legacy options.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
- services.znc.user
The name of an existing user account to use to own the ZNC server process. If not specified, a default user will be created.
Type: string
Default: "znc"
Example: "john"
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/default.nix>
- services.zoneminder.enable
Whether to enable ZoneMinder
If you intend to run the database locally, you should set `config.services.zoneminder.database.createLocally` to true. Otherwise, when set to `false` (the default), you will have to create the database and database user as well as populate the database yourself. Additionally, you will need to run `zmupdate.pl` yourself when upgrading to a newer version. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
- services.zoneminder.cameras
Set this to the number of cameras you expect to support.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
- services.zoneminder.database.createLocally
Create the database and database user locally.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
- services.zoneminder.database.host
Hostname hosting the database.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
- services.zoneminder.database.name
Name of database.
Type: string
Default: "zm"
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
- services.zoneminder.database.password
Username for accessing the database. Not used if createLocally is set.
Type: string
Default: "zmpass"
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
- services.zoneminder.database.username
Username for accessing the database.
Type: string
Default: "zmuser"
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
- services.zoneminder.extraConfig
Additional configuration added verbatim to the configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
- services.zoneminder.hostname
The hostname on which to listen.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
- services.zoneminder.openFirewall
Open the firewall port(s).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
- services.zoneminder.port
The port on which to listen.
Type: signed integer
Default: 8095
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
- services.zoneminder.storageDir
ZoneMinder can generate quite a lot of data, so in case you don't want to use the default /var/lib/zoneminder, you can override the path here.
Type: null or string
Default: null
Example: "/storage/tank"
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
- services.zoneminder.webserver
The webserver to configure for the PHP frontend.
Set it to `none` if you want to configure it yourself. PRs are welcome for support for other web servers.
Type: one of "nginx", "none"
Default: "nginx"
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
- services.zookeeper.enable
Whether to enable Zookeeper.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
- services.zookeeper.package
The zookeeper package to use
Type: package
Default: pkgs.zookeeper
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
- services.zookeeper.dataDir
Data directory for Zookeeper
Type: path
Default: "/var/lib/zookeeper"
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
- services.zookeeper.extraCmdLineOptions
Extra command line options for the Zookeeper launcher.
Type: list of strings
Default: [ "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.local.only=true" ]
Example: [ "-Djava.net.preferIPv4Stack=true" "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.local.only=true" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
- services.zookeeper.extraConf
Extra configuration for Zookeeper.
Type: strings concatenated with "\n"
Default:
'' initLimit=5 syncLimit=2 tickTime=2000 ''
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
- services.zookeeper.id
Zookeeper ID.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
- services.zookeeper.logging
Zookeeper logging configuration.
Type: strings concatenated with "\n"
Default:
'' zookeeper.root.logger=INFO, CONSOLE log4j.rootLogger=INFO, CONSOLE log4j.logger.org.apache.zookeeper.audit.Log4jAuditLogger=INFO, CONSOLE log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout log4j.appender.CONSOLE.layout.ConversionPattern=[myid:%X{myid}] - %-5p [%t:%C{1}@%L] - %m%n ''Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
- services.zookeeper.port
Zookeeper Client port.
Type: signed integer
Default: 2181
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
- services.zookeeper.preferIPv4
Add the -Djava.net.preferIPv4Stack=true flag to the Zookeeper server.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
- services.zookeeper.purgeInterval
The time interval in hours for which the purge task has to be triggered. Set to a positive integer (1 and above) to enable the auto purging.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
- services.zookeeper.servers
All Zookeeper Servers.
Type: strings concatenated with "\n"
Default: ""
Example:
'' server.0=host0:2888:3888 server.1=host1:2888:3888 server.2=host2:2888:3888 ''
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
- services.zope2.instances
zope2 instances to be created automaticaly by the system.
Type: attribute set of submodules
Default: { }
Example:
{ plone01 = { http_address = "127.0.0.1:8080"; extra = '' <zodb_db main> mount-point / cache-size 30000 <blobstorage> blob-dir /var/lib/zope2/plone01/blobstorage <filestorage> path /var/lib/zope2/plone01/filestorage/Data.fs </filestorage> </blobstorage> </zodb_db> ''; }; }Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
- services.zope2.instances.<name>.packages
The list of packages you want to make available to the zope2 instance.
Type: list of packages
Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
- services.zope2.instances.<name>.clientHome
Home directory of zope2 instance.
Type: path
Default: "/var/lib/zope2/‹name›"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
- services.zope2.instances.<name>.extra
Extra zope.conf
Type: strings concatenated with "\n"
Default:
'' <zodb_db main> mount-point / cache-size 30000 <blobstorage> blob-dir /var/lib/zope2/‹name›/blobstorage <filestorage> path /var/lib/zope2/‹name›/filestorage/Data.fs </filestorage> </blobstorage> </zodb_db> ''Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
- services.zope2.instances.<name>.http_address
Give a port and address for the HTTP server.
Type: string
Default: "localhost:8080"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
- services.zope2.instances.<name>.name
The name of the zope2 instance. If undefined, the name of the attribute set will be used.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
- services.zope2.instances.<name>.threads
Specify the number of threads that Zope's ZServer web server will use to service requests.
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
- services.zope2.instances.<name>.user
The name of the effective user for the Zope process.
Type: string
Default: "zope2"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
- services.zrepl.enable
Whether to enable zrepl.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/zrepl.nix>
- services.zrepl.settings
Configuration for zrepl. See https://zrepl.github.io/configuration.html for more information.
Type: YAML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/backup/zrepl.nix>
- snapraid.enable
Whether to enable SnapRAID.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/tasks/snapraid.nix>
- snapraid.contentFiles
SnapRAID content list files.
Type: list of strings
Default: [ ]
Example: [ "/var/snapraid.content" "/mnt/disk1/snapraid.content" "/mnt/disk2/snapraid.content" ]
Declared by:
<nixpkgs/nixos/modules/tasks/snapraid.nix>
- snapraid.dataDisks
SnapRAID data disks.
Type: attribute set of strings
Default: { }
Example: { d1 = "/mnt/disk1/"; d2 = "/mnt/disk2/"; d3 = "/mnt/disk3/"; }
Declared by:
<nixpkgs/nixos/modules/tasks/snapraid.nix>
- snapraid.exclude
SnapRAID exclude directives.
Type: list of strings
Default: [ ]
Example: [ "*.unrecoverable" "/tmp/" "/lost+found/" ]
Declared by:
<nixpkgs/nixos/modules/tasks/snapraid.nix>
- snapraid.extraConfig
Extra config options for SnapRAID.
Type: strings concatenated with "\n"
Default: ""
Example:
'' nohidden blocksize 256 hashsize 16 autosave 500 pool /pool ''
Declared by:
<nixpkgs/nixos/modules/tasks/snapraid.nix>
- snapraid.parityFiles
SnapRAID parity files.
Type: list of strings
Default: [ ]
Example: [ "/mnt/diskp/snapraid.parity" "/mnt/diskq/snapraid.2-parity" "/mnt/diskr/snapraid.3-parity" "/mnt/disks/snapraid.4-parity" "/mnt/diskt/snapraid.5-parity" "/mnt/disku/snapraid.6-parity" ]
Declared by:
<nixpkgs/nixos/modules/tasks/snapraid.nix>
- snapraid.scrub.interval
How often to run snapraid scrub.
Type: string
Default: "Mon *-*-* 02:00:00"
Example: "weekly"
Declared by:
<nixpkgs/nixos/modules/tasks/snapraid.nix>
- snapraid.scrub.olderThan
Number of days since data was last scrubbed before it can be scrubbed again.
Type: signed integer
Default: 10
Example: 20
Declared by:
<nixpkgs/nixos/modules/tasks/snapraid.nix>
- snapraid.scrub.plan
Percent of the array that should be checked by snapraid scrub.
Type: signed integer
Default: 8
Example: 5
Declared by:
<nixpkgs/nixos/modules/tasks/snapraid.nix>
- snapraid.sync.interval
How often to run snapraid sync.
Type: string
Default: "01:00"
Example: "daily"
Declared by:
<nixpkgs/nixos/modules/tasks/snapraid.nix>
- snapraid.touchBeforeSync
Whether snapraid touch should be run before snapraid sync.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/tasks/snapraid.nix>
- sound.enable
Whether to enable ALSA sound.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
- sound.enableOSSEmulation
Whether to enable ALSA OSS emulation (with certain cards sound mixing may not work!).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
- sound.extraConfig
Set addition configuration for system-wide alsa.
Type: strings concatenated with "\n"
Default: ""
Example:
'' defaults.pcm.!card 3 ''
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
- sound.mediaKeys.enable
Whether to enable volume and capture control with keyboard media keys.
You want to leave this disabled if you run a desktop environment like KDE, Gnome, Xfce, etc, as those handle such things themselves. You might want to enable this if you run a minimalistic desktop environment or work from bare linux ttys/framebuffers.
Enabling this will turn on services.actkbd.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
- sound.mediaKeys.volumeStep
The value by which to increment/decrement volume on media keys.
See amixer(1) for allowed values.
Type: string
Default: "1"
Example: "1%"
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
- specialisation
Additional configurations to build. If inheritParentConfig is true, the system will be based on the overall system configuration.
To switch to a specialised configuration (e.g. fewJobsManyCores) at runtime, run:
# sudo /run/current-system/specialisation/fewJobsManyCores/bin/switch-to-configuration test
Type: attribute set of submodules
Default: { }
Example: { fewJobsManyCores.configuration = { nix.buildCores = 0; nix.maxJobs = 1; }; }
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
- specialisation.<name>.configuration
Arbitrary NixOS configuration options.
Type: unspecified
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
- specialisation.<name>.inheritParentConfig
Include the entire system's configuration. Set to false to make a completely differently configured system.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
- swapDevices
The swap devices and swap files. These must have been initialised using mkswap. Each element should be an attribute set specifying either the path of the swap device or file (device) or the label of the swap device (label, see mkswap -L). Using a label is recommended.
Type: list of submodules
Default: [ ]
Example: [ { device = "/dev/hda7"; } { device = "/var/swapfile"; } { label = "bigswap"; } ]
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
<nixpkgs/nixos/modules/config/swap.nix>- swapDevices.*.device
Path of the device or swap file.
Type: string
Example: "/dev/sda3"
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
- swapDevices.*.discardPolicy
Specify the discard policy for the swap device. If "once", then the whole swap space is discarded at swapon invocation. If "pages", asynchronous discard on freed pages is performed, before returning to the available pages pool. With "both", both policies are activated. See swapon(8) for more information.
Type: null or one of "once", "pages", "both"
Default: null
Example: "once"
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
- swapDevices.*.encrypted.enable
The block device is backed by an encrypted one, adds this device as a initrd luks entry.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
- swapDevices.*.encrypted.blkDev
Location of the backing encrypted device.
Type: null or string
Default: null
Example: "/dev/sda1"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
- swapDevices.*.encrypted.keyFile
Path to a keyfile used to unlock the backing encrypted device. At the time this keyfile is accessed, the neededForBoot filesystems (see fileSystems.<name?>.neededForBoot) will have been mounted under /mnt-root, so the keyfile path should usually start with "/mnt-root/".
Type: null or string
Default: null
Example: "/mnt-root/root/.swapkey"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
- swapDevices.*.encrypted.label
Label of the unlocked encrypted device. Set fileSystems.<name?>.device to /dev/mapper/<label> to mount the unlocked device.
Type: null or string
Default: null
Example: "rootfs"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
- swapDevices.*.label
Label of the device. Can be used instead of device.
Type: string
Example: "swap"
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
- swapDevices.*.options
Options used to mount the swap.
Type: list of non-empty strings
Default: [ "defaults" ]
Example: [ "nofail" ]
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
- swapDevices.*.priority
Specify the priority of the swap device. Priority is a value between 0 and 32767. Higher numbers indicate higher priority. null lets the kernel choose a priority, which will show up as a negative value.
Type: null or signed integer
Default: null
Example: 2048
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
- swapDevices.*.randomEncryption
Encrypt swap device with a random key. This way you won't have a persistent swap device.
HINT: run "cryptsetup benchmark" to test cipher performance on your machine.
WARNING: Don't try to hibernate when you have at least one swap partition with this option enabled! We have no way to set the partition into which hibernation image is saved, so if your image ends up on an encrypted one you would lose it!
WARNING #2: Do not use /dev/disk/by-uuid/... or /dev/disk/by-label/... as your swap device when using randomEncryption as the UUIDs and labels will get erased on every boot when the partition is encrypted. Best to use /dev/disk/by-partuuid/...
Type: submodule or boolean convertible to it
Default: false
Example: { cipher = "serpent-xts-plain64"; enable = true; source = "/dev/random"; }
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
- swapDevices.*.randomEncryption.enable
Encrypt swap device with a random key. This way you won't have a persistent swap device.
WARNING: Don't try to hibernate when you have at least one swap partition with this option enabled! We have no way to set the partition into which hibernation image is saved, so if your image ends up on an encrypted one you would lose it!
WARNING #2: Do not use /dev/disk/by-uuid/... or /dev/disk/by-label/... as your swap device when using randomEncryption as the UUIDs and labels will get erased on every boot when the partition is encrypted. Best to use /dev/disk/by-partuuid/...
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
- swapDevices.*.randomEncryption.allowDiscards
Whether to allow TRIM requests to the underlying device. This option has security implications; please read the LUKS documentation before activating it.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
- swapDevices.*.randomEncryption.cipher
Use specified cipher for randomEncryption.
Hint: Run "cryptsetup benchmark" to see which one is fastest on your machine.
Type: string
Default: "aes-xts-plain64"
Example: "serpent-xts-plain64"
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
- swapDevices.*.randomEncryption.source
Define the source of randomness to obtain a random key for encryption.
Type: string
Default: "/dev/urandom"
Example: "/dev/random"
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
- swapDevices.*.size
If this option is set, ‘device’ is interpreted as the path of a swapfile that will be created automatically with the indicated size (in megabytes).
Type: null or signed integer
Default: null
Example: 2048
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
- system.activationScripts
A set of shell script fragments that are executed when a NixOS system configuration is activated. Examples are updating /etc, creating accounts, and so on. Since these are executed every time you boot the system or run nixos-rebuild, it's important that they are idempotent and fast.
Type: attribute set of string or submodules
Default: { }
Example:
{ stdio.text = '' # Needed by some programs. ln -sfn /proc/self/fd /dev/fd ln -sfn /proc/self/fd/0 /dev/stdin ln -sfn /proc/self/fd/1 /dev/stdout ln -sfn /proc/self/fd/2 /dev/stderr ''; }Declared by:
<nixpkgs/nixos/modules/system/activation/activation-script.nix>
- system.autoUpgrade.enable
Whether to periodically upgrade NixOS to the latest version. If enabled, a systemd timer will run nixos-rebuild switch --upgrade once a day.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/auto-upgrade.nix>
- system.autoUpgrade.allowReboot
Reboot the system into the new generation instead of a switch if the new generation uses a different kernel, kernel modules or initrd than the booted system.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/auto-upgrade.nix>
- system.autoUpgrade.channel
The URI of the NixOS channel to use for automatic upgrades. By default, this is the channel set using nix-channel (run nix-channel --list to see the current value).
Type: null or string
Default: null
Example: "https://nixos.org/channels/nixos-14.12-small"
Declared by:
<nixpkgs/nixos/modules/tasks/auto-upgrade.nix>
- system.autoUpgrade.dates
Specification (in the format described by systemd.time(7)) of the time at which the update will occur.
Type: string
Default: "04:40"
Declared by:
<nixpkgs/nixos/modules/tasks/auto-upgrade.nix>
- system.autoUpgrade.flags
Any additional flags passed to nixos-rebuild.
If you are using flakes and use a local repo you can add [ "--update-input" "nixpkgs" "--commit-lock-file" ] to update nixpkgs.
Type: list of strings
Default: [ ]
Example: [ "-I" "stuff=/home/alice/nixos-stuff" "--option" "extra-binary-caches" "http://my-cache.example.org/" ]
Declared by:
<nixpkgs/nixos/modules/tasks/auto-upgrade.nix>
- system.autoUpgrade.flake
The Flake URI of the NixOS configuration to build. Disables the option system.autoUpgrade.channel.
Type: null or string
Default: null
Example: "github:kloenk/nix"
Declared by:
<nixpkgs/nixos/modules/tasks/auto-upgrade.nix>
- system.autoUpgrade.randomizedDelaySec
Add a randomized delay before each automatic upgrade. The delay will be chozen between zero and this value. This value must be a time span in the format specified by systemd.time(7)
Type: string
Default: "0"
Example: "45min"
Declared by:
<nixpkgs/nixos/modules/tasks/auto-upgrade.nix>
- system.configurationRevision
The Git revision of the top-level flake from which this configuration was built.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/misc/version.nix>
- system.copySystemConfiguration
If enabled, copies the NixOS configuration file (usually /etc/nixos/configuration.nix) and links it from the resulting system (getting to /run/current-system/configuration.nix). Note that only this single file is copied, even if it imports others.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
- system.extraDependencies
A list of packages that should be included in the system closure but not otherwise made available to users. This is primarily used by the installation tests.
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
- system.name
The name of the system used in the system.build.toplevel derivation.
That derivation has the following name: "nixos-system-${config.system.name}-${config.system.nixos.label}"
Type: string
Default:
if config.networking.hostName == "" then "unnamed" else config.networking.hostName;
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
- system.nixos.codeName
The NixOS release code name (e.g. Emu).
Type: string (read only)
Default: "Porcupine"
Declared by:
<nixpkgs/nixos/modules/misc/version.nix>
- system.nixos.label
NixOS version name to be used in the names of generated outputs and boot labels.
If you ever wanted to influence the labels in your GRUB menu, this is the option for you.
The default is system.nixos.tags separated by "-" + "-" + NIXOS_LABEL_VERSION environment variable (defaults to the value of system.nixos.version).
Can be overriden by setting NIXOS_LABEL.
Useful for not loosing track of configurations built from different nixos branches/revisions, e.g.:
#!/bin/sh today=`date +%Y%m%d` branch=`(cd nixpkgs ; git branch 2>/dev/null | sed -n '/^\* / { s|^\* ||; p; }')` revision=`(cd nixpkgs ; git rev-parse HEAD)` export NIXOS_LABEL_VERSION="$today.$branch-${revision:0:7}" nixos-rebuild switchType: string
Declared by:
<nixpkgs/nixos/modules/misc/label.nix>
- system.nixos.release
The NixOS release (e.g. 16.03).
Type: string (read only)
Default: "21.11"
Declared by:
<nixpkgs/nixos/modules/misc/version.nix>
- system.nixos.tags
Strings to prefix to the default system.nixos.label.
Useful for not loosing track of configurations built with different options, e.g.:
{ system.nixos.tags = [ "with-xen" ]; virtualisation.xen.enable = true; }Type: list of strings
Default: [ ]
Example: [ "with-xen" ]
Declared by:
<nixpkgs/nixos/modules/misc/label.nix>
- system.nssDatabases.group
List of group entries to configure in /etc/nsswitch.conf.
Note that "files" is always prepended while "systemd" is appended if nscd is enabled.
This option only takes effect if nscd is enabled.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/config/nsswitch.nix>
- system.nssDatabases.hosts
List of hosts entries to configure in /etc/nsswitch.conf.
Note that "files" is always prepended, and "dns" and "myhostname" are always appended.
This option only takes effect if nscd is enabled.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/config/nsswitch.nix>
- system.nssDatabases.passwd
List of passwd entries to configure in /etc/nsswitch.conf.
Note that "files" is always prepended while "systemd" is appended if nscd is enabled.
This option only takes effect if nscd is enabled.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/config/nsswitch.nix>
- system.nssDatabases.services
List of services entries to configure in /etc/nsswitch.conf.
Note that "files" is always prepended.
This option only takes effect if nscd is enabled.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/config/nsswitch.nix>
- system.nssDatabases.shadow
List of shadow entries to configure in /etc/nsswitch.conf.
Note that "files" is always prepended.
This option only takes effect if nscd is enabled.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/config/nsswitch.nix>
- system.replaceRuntimeDependencies
List of packages to override without doing a full rebuild. The original derivation and replacement derivation must have the same name length, and ideally should have close-to-identical directory layout.
Type: list of submodules
Default: [ ]
Example: [ ({ original = pkgs.openssl; replacement = pkgs.callPackage /path/to/openssl { }; }) ]
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
- system.replaceRuntimeDependencies.*.original
The original package to override.
Type: package
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
- system.replaceRuntimeDependencies.*.replacement
The replacement package.
Type: package
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
- system.stateVersion
Every once in a while, a new NixOS release may change configuration defaults in a way incompatible with stateful data. For instance, if the default version of PostgreSQL changes, the new version will probably be unable to read your existing databases. To prevent such breakage, you should set the value of this option to the NixOS release with which you want to be compatible. The effect is that NixOS will use defaults corresponding to the specified release (such as using an older version of PostgreSQL). It‘s perfectly fine and recommended to leave this value at the release version of the first install of this system. Changing this option will not upgrade your system. In fact it is meant to stay constant exactly when you upgrade your system. You should only bump this option, if you are sure that you can or have migrated all state on your system which is affected by this option.
Type: string
Default: "21.11"
Declared by:
<nixpkgs/nixos/modules/misc/version.nix>
- system.userActivationScripts
A set of shell script fragments that are executed by a systemd user service when a NixOS system configuration is activated. Examples are rebuilding the .desktop file cache for showing applications in the menu. Since these are executed every time you run nixos-rebuild, it's important that they are idempotent and fast.
Type: attribute set of string or submodules
Default: { }
Example:
{ plasmaSetup = { text = '' ${pkgs.libsForQt5.kservice}/bin/kbuildsycoca5" ''; deps = []; }; }Declared by:
<nixpkgs/nixos/modules/system/activation/activation-script.nix>
- systemd.enableCgroupAccounting
Whether to enable cgroup accounting.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.enableEmergencyMode
Whether to enable emergency mode, which is an sulogin shell started on the console if mounting a filesystem fails. Since some machines (like EC2 instances) have no console of any kind, emergency mode doesn't make sense, and it's better to continue with the boot insofar as possible.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/emergency-mode.nix>
- systemd.enableUnifiedCgroupHierarchy
Whether to enable the unified cgroup hierarchy (cgroupsv2).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.package
The systemd package.
Type: package
Default: pkgs.systemd
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.packages
Packages providing systemd units and hooks.
Type: list of packages
Default: [ ]
Example: [ pkgs.systemd-cryptsetup-generator ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.additionalUpstreamSystemUnits
Additional units shipped with systemd that shall be enabled.
Type: list of strings
Default: [ ]
Example: [ "debug-shell.service" "systemd-quotacheck.service" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.automounts
Definition of systemd automount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from the 'where' attribute.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.automounts.*.enable
If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started. Note that enable=true does not make a unit start by default at boot; if you want that, see wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.automounts.*.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.automounts.*.aliases
Aliases of that unit.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.automounts.*.automountConfig
Each attribute in this set specifies an option in the [Automount] section of the unit. See systemd.automount(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { DirectoryMode = "0775"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.automounts.*.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.automounts.*.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.automounts.*.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.automounts.*.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.automounts.*.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.automounts.*.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.automounts.*.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.automounts.*.requiredBy
Units that require (i.e. depend on and need to go down with) this unit. The discussion under wantedBy applies here as well: inverse .requires symlinks are established.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.automounts.*.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.automounts.*.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.automounts.*.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.automounts.*.startLimitBurst
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.automounts.*.startLimitIntervalSec
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.automounts.*.unitConfig
Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { RequiresMountsFor = "/data"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.automounts.*.wantedBy
Units that want (i.e. depend on) this unit. The standard way to make a unit start by default at boot is to set this option to [ "multi-user.target" ]. That's despite the fact that the systemd.unit(5) manpage says this option goes in the [Install] section that controls the behaviour of systemctl enable. Since such a process is stateful and thus contrary to the design of NixOS, setting this option instead causes the equivalent inverse .wants symlink to be present, establishing the same desired relationship in a stateless way.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.automounts.*.wants
Start the specified units when this unit is started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.automounts.*.where
Absolute path of a directory of the mount point. Will be created if it doesn't exist. (Mandatory)
Type: string
Example: "/mnt"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.coredump.enable
Whether core dumps should be processed by systemd-coredump. If disabled, core dumps appear in the current directory of the crashing process.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.coredump.extraConfig
Extra config options for systemd-coredump. See coredump.conf(5) man page for available options.
Type: strings concatenated with "\n"
Default: ""
Example: "Storage=journal"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.ctrlAltDelUnit
Target that should be started when Ctrl-Alt-Delete is pressed.
Type: string
Default: "reboot.target"
Example: "poweroff.target"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.defaultUnit
Default unit started when the system boots.
Type: string
Default: "multi-user.target"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.extraConfig
Extra config options for systemd. See man systemd-system.conf for available options.
Type: strings concatenated with "\n"
Default: ""
Example: "DefaultLimitCORE=infinity"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.generators
Definition of systemd generators. For each NAME = VALUE pair of the attrSet, a link is generated from /etc/systemd/system-generators/NAME to VALUE.
Type: attribute set of paths
Default: { }
Example: { systemd-gpt-auto-generator = "/dev/null"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.globalEnvironment
Environment variables passed to all systemd units.
Type: attribute set of null or string or path or packages
Default: { }
Example: { TZ = "CET"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts
Definition of systemd mount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from the 'where' attribute.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts.*.enable
If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started. Note that enable=true does not make a unit start by default at boot; if you want that, see wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts.*.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts.*.aliases
Aliases of that unit.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts.*.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts.*.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts.*.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts.*.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts.*.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts.*.mountConfig
Each attribute in this set specifies an option in the [Mount] section of the unit. See systemd.mount(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { DirectoryMode = "0775"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts.*.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts.*.options
Options used to mount the file system.
Type: strings concatenated with ","
Default: ""
Example: "noatime"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts.*.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts.*.requiredBy
Units that require (i.e. depend on and need to go down with) this unit. The discussion under wantedBy applies here as well: inverse .requires symlinks are established.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts.*.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts.*.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts.*.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts.*.startLimitBurst
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts.*.startLimitIntervalSec
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts.*.type
File system type.
Type: string
Default: ""
Example: "ext4"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts.*.unitConfig
Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { RequiresMountsFor = "/data"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts.*.wantedBy
Units that want (i.e. depend on) this unit. The standard way to make a unit start by default at boot is to set this option to [ "multi-user.target" ]. That's despite the fact that the systemd.unit(5) manpage says this option goes in the [Install] section that controls the behaviour of systemctl enable. Since such a process is stateful and thus contrary to the design of NixOS, setting this option instead causes the equivalent inverse .wants symlink to be present, establishing the same desired relationship in a stateless way.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts.*.wants
Start the specified units when this unit is started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts.*.what
Absolute path of device node, file or other resource. (Mandatory)
Type: string
Example: "/dev/sda1"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.mounts.*.where
Absolute path of a directory of the mount point. Will be created if it doesn't exist. (Mandatory)
Type: string
Example: "/mnt"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.network.enable
Whether to enable networkd or not.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.links
Definition of systemd network links.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.links.<name>.enable
Whether to enable this .link unit. It's handled by udev no matter if systemd-networkd is enabled or not
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.links.<name>.extraConfig
Extra configuration append to unit
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.links.<name>.linkConfig
Each attribute in this set specifies an option in the [Link] section of the unit. See systemd.link(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { MACAddress = "00:ff:ee:aa:cc:dd"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.links.<name>.matchConfig
Each attribute in this set specifies an option in the [Match] section of the unit. See systemd.link(5) systemd.netdev(5) systemd.network(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { Name = "eth0"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.netdevs
Definition of systemd network devices.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.netdevs.<name>.enable
Whether to manage network configuration using systemd-network.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.netdevs.<name>.batmanAdvancedConfig
Each attribute in this set specifies an option in the [BatmanAdvanced] section of the unit. See systemd.netdev(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { GatewayMode = "server"; RoutingAlgorithm = "batman-v"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.netdevs.<name>.bondConfig
Each attribute in this set specifies an option in the [Bond] section of the unit. See systemd.netdev(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { Mode = "802.3ad"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.netdevs.<name>.extraConfig
Extra configuration append to unit
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.netdevs.<name>.fooOverUDPConfig
Each attribute in this set specifies an option in the [FooOverUDP] section of the unit. See systemd.netdev(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { Port = 9001; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.netdevs.<name>.macvlanConfig
Each attribute in this set specifies an option in the [MACVLAN] section of the unit. See systemd.netdev(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { Mode = "private"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.netdevs.<name>.matchConfig
Each attribute in this set specifies an option in the [Match] section of the unit. See systemd.link(5) systemd.netdev(5) systemd.network(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { Name = "eth0"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.netdevs.<name>.netdevConfig
Each attribute in this set specifies an option in the [Netdev] section of the unit. See systemd.netdev(5) for details.
Type: attribute set of systemd options
Example: { Kind = "bridge"; Name = "mybridge"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.netdevs.<name>.peerConfig
Each attribute in this set specifies an option in the [Peer] section of the unit. See systemd.netdev(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { Name = "veth2"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.netdevs.<name>.tapConfig
Each attribute in this set specifies an option in the [Tap] section of the unit. See systemd.netdev(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { User = "openvpn"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.netdevs.<name>.tunConfig
Each attribute in this set specifies an option in the [Tun] section of the unit. See systemd.netdev(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { User = "openvpn"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.netdevs.<name>.tunnelConfig
Each attribute in this set specifies an option in the [Tunnel] section of the unit. See systemd.netdev(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { Remote = "192.168.1.1"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.netdevs.<name>.vlanConfig
Each attribute in this set specifies an option in the [VLAN] section of the unit. See systemd.netdev(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { Id = 4; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.netdevs.<name>.vrfConfig
Each attribute in this set specifies an option in the [VRF] section of the unit. See systemd.netdev(5) for details. A detailed explanation about how VRFs work can be found in the kernel docs.
Type: attribute set of systemd options
Default: { }
Example: { Table = 2342; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.netdevs.<name>.vxlanConfig
Each attribute in this set specifies an option in the [VXLAN] section of the unit. See systemd.netdev(5) for details.
Type: attribute set of systemd options
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.netdevs.<name>.wireguardConfig
Each attribute in this set specifies an option in the [WireGuard] section of the unit. See systemd.netdev(5) for details. Use PrivateKeyFile instead of PrivateKey: the nix store is world-readable.
Type: attribute set of systemd options
Default: { }
Example: { FirewallMark = 42; ListenPort = 51820; PrivateKeyFile = "/etc/wireguard/secret.key"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.netdevs.<name>.wireguardPeers
Each item in this array specifies an option in the [WireGuardPeer] section of the unit. See systemd.netdev(5) for details. Use PresharedKeyFile instead of PresharedKey: the nix store is world-readable.
Type: list of submodules
Default: [ ]
Example: [ { wireguardPeerConfig = { AllowedIPs = [ "10.0.0.1/32" ] ; Endpoint = "192.168.1.1:51820"; PersistentKeepalive = 15; PresharedKeyFile = "/etc/wireguard/psk.key"; PublicKey = "27s0OvaBBdHoJYkH9osZpjpgSOVNw+RaKfboT/Sfq0g="; } ; } ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.netdevs.<name>.wireguardPeers.*.wireguardPeerConfig
Each attribute in this set specifies an option in the [WireGuardPeer] section of the unit. See systemd.network(5) for details.
Type: attribute set of systemd options
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.netdevs.<name>.xfrmConfig
Each attribute in this set specifies an option in the [Xfrm] section of the unit. See systemd.netdev(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { InterfaceId = 1; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks
Definition of systemd networks.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.enable
Whether to manage network configuration using systemd-network.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.DHCP
Whether to enable DHCP on the interfaces matched.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.address
A list of addresses to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.addresses
A list of address sections to be added to the unit. See systemd.network(5) for details.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.addresses.*.addressConfig
Each attribute in this set specifies an option in the [Address] section of the unit. See systemd.network(5) for details.
Type: attribute set of systemd options
Example: { Address = "192.168.0.100/24"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.bond
A list of bond interfaces to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.bridge
A list of bridge interfaces to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.dhcpServerConfig
Each attribute in this set specifies an option in the [DHCPServer] section of the unit. See systemd.network(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { EmitDNS = false; PoolOffset = 50; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.dhcpV4Config
Each attribute in this set specifies an option in the [DHCPv4] section of the unit. See systemd.network(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { UseDNS = true; UseRoutes = true; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.dhcpV6Config
Each attribute in this set specifies an option in the [DHCPv6] section of the unit. See systemd.network(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { UseDNS = true; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.dhcpV6PrefixDelegationConfig
Each attribute in this set specifies an option in the [DHCPv6PrefixDelegation] section of the unit. See systemd.network(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { Announce = true; SubnetId = "auto"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.dns
A list of dns servers to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.domains
A list of domains to pass to the network config.
Type: null or list of strings
Default: null
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.extraConfig
Extra configuration append to unit
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.gateway
A list of gateways to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.ipv6AcceptRAConfig
Each attribute in this set specifies an option in the [IPv6AcceptRA] section of the unit. See systemd.network(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { DHCPv6Client = "always"; UseDNS = true; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.ipv6Prefixes
A list of ipv6Prefix sections to be added to the unit. See systemd.network(5) for details.
Type: list of submodules
Default: [ ]
Example: [ { AddressAutoconfiguration = true; OnLink = true; } ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.ipv6Prefixes.*.ipv6PrefixConfig
Each attribute in this set specifies an option in the [IPv6Prefix] section of the unit. See systemd.network(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { Prefix = "fd00::/64"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.ipv6SendRAConfig
Each attribute in this set specifies an option in the [IPv6SendRA] section of the unit. See systemd.network(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { EmitDNS = true; Managed = true; OtherInformation = true; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.linkConfig
Each attribute in this set specifies an option in the [Link] section of the unit. See systemd.network(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { Unmanaged = true; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.macvlan
A list of macvlan interfaces to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.matchConfig
Each attribute in this set specifies an option in the [Match] section of the unit. See systemd.link(5) systemd.netdev(5) systemd.network(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { Name = "eth0"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.name
The name of the network interface to match against.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.networkConfig
Each attribute in this set specifies an option in the [Network] section of the unit. See systemd.network(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { Description = "My Network"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.ntp
A list of ntp servers to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.routes
A list of route sections to be added to the unit. See systemd.network(5) for details.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.routes.*.routeConfig
Each attribute in this set specifies an option in the [Route] section of the unit. See systemd.network(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { Gateway = "192.168.0.1"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.routingPolicyRules
A list of routing policy rules sections to be added to the unit. See systemd.network(5) for details.
Type: list of submodules
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.routingPolicyRules.*.routingPolicyRuleConfig
Each attribute in this set specifies an option in the [RoutingPolicyRule] section of the unit. See systemd.network(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { Family = "both"; IncomingInterface = "eth1"; Table = 10; }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.tunnel
A list of tunnel interfaces to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.vlan
A list of vlan interfaces to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.vrf
A list of vrf interfaces to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.vxlan
A list of vxlan interfaces to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.network.networks.<name>.xfrm
A list of xfrm interfaces to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
- systemd.nspawn
Definition of systemd-nspawn configurations.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd-nspawn.nix>
- systemd.nspawn.<name>.enable
If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started. Note that enable=true does not make a unit start by default at boot; if you want that, see wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd-nspawn.nix>
- systemd.nspawn.<name>.aliases
Aliases of that unit.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd-nspawn.nix>
- systemd.nspawn.<name>.execConfig
Each attribute in this set specifies an option in the [Exec] section of this unit. See systemd.nspawn(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { Parameters = "/bin/sh"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd-nspawn.nix>
- systemd.nspawn.<name>.filesConfig
Each attribute in this set specifies an option in the [Files] section of this unit. See systemd.nspawn(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { Bind = [ "/home/alice" ] ; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd-nspawn.nix>
- systemd.nspawn.<name>.networkConfig
Each attribute in this set specifies an option in the [Network] section of this unit. See systemd.nspawn(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { Private = false; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd-nspawn.nix>
- systemd.nspawn.<name>.requiredBy
Units that require (i.e. depend on and need to go down with) this unit. The discussion under wantedBy applies here as well: inverse .requires symlinks are established.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd-nspawn.nix>
- systemd.nspawn.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way to make a unit start by default at boot is to set this option to [ "multi-user.target" ]. That's despite the fact that the systemd.unit(5) manpage says this option goes in the [Install] section that controls the behaviour of systemctl enable. Since such a process is stateful and thus contrary to the design of NixOS, setting this option instead causes the equivalent inverse .wants symlink to be present, establishing the same desired relationship in a stateless way.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd-nspawn.nix>
- systemd.paths
Definition of systemd path units.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.paths.<name>.enable
If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started. Note that enable=true does not make a unit start by default at boot; if you want that, see wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.paths.<name>.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.paths.<name>.aliases
Aliases of that unit.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.paths.<name>.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.paths.<name>.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.paths.<name>.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.paths.<name>.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.paths.<name>.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.paths.<name>.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.paths.<name>.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.paths.<name>.pathConfig
Each attribute in this set specifies an option in the [Path] section of the unit. See systemd.path(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { PathChanged = "/some/path"; Unit = "changedpath.service"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.paths.<name>.requiredBy
Units that require (i.e. depend on and need to go down with) this unit. The discussion under wantedBy applies here as well: inverse .requires symlinks are established.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.paths.<name>.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.paths.<name>.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.paths.<name>.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.paths.<name>.startLimitBurst
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.paths.<name>.startLimitIntervalSec
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.paths.<name>.unitConfig
Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { RequiresMountsFor = "/data"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.paths.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way to make a unit start by default at boot is to set this option to [ "multi-user.target" ]. That's despite the fact that the systemd.unit(5) manpage says this option goes in the [Install] section that controls the behaviour of systemctl enable. Since such a process is stateful and thus contrary to the design of NixOS, setting this option instead causes the equivalent inverse .wants symlink to be present, establishing the same desired relationship in a stateless way.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.paths.<name>.wants
Start the specified units when this unit is started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services
Definition of systemd service units.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/testing/service-runner.nix>
<nixpkgs/nixos/modules/system/boot/systemd.nix>
<nixpkgs/nixos/modules/security/systemd-confinement.nix>- systemd.services.<name>.enable
If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started. Note that enable=true does not make a unit start by default at boot; if you want that, see wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.aliases
Aliases of that unit.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.confinement.enable
If set, all the required runtime store paths for this service are bind-mounted into a tmpfs-based chroot(2).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/systemd-confinement.nix>
- systemd.services.<name>.confinement.packages
Additional packages or strings with context to add to the closure of the chroot. By default, this includes all the packages from the serviceConfig.ExecReload, serviceConfig.ExecStartPost, serviceConfig.ExecStartPre, serviceConfig.ExecStop, serviceConfig.ExecStopPost and serviceConfig.ExecStart options. If you want to have all the dependencies of this systemd unit, you can use confinement.fullUnit.
Note
The store paths listed in path are not included in the closure as well as paths from other options except those listed above.Type: list of string or packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/systemd-confinement.nix>
- systemd.services.<name>.confinement.binSh
The program to make available as /bin/sh inside the chroot. If this is set to null, no /bin/sh is provided at all.
This is useful for some applications, which for example use the system(3) library function to execute commands.
Type: null or path
Default: config.environment.binsh
Example: "${pkgs.dash}/bin/dash"
Declared by:
<nixpkgs/nixos/modules/security/systemd-confinement.nix>
- systemd.services.<name>.confinement.fullUnit
Whether to include the full closure of the systemd unit file into the chroot, instead of just the dependencies for the executables.
Warning
While it may be tempting to just enable this option to make things work quickly, please be aware that this might add paths to the closure of the chroot that you didn't anticipate. It's better to use confinement.packages to explicitly add additional store paths to the chroot.Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/systemd-confinement.nix>
- systemd.services.<name>.confinement.mode
The value full-apivfs (the default) sets up private /dev, /proc, /sys and /tmp file systems in a separate user name space.
If this is set to chroot-only, only the file system name space is set up along with the call to chroot(2).
Note
This doesn't cover network namespaces and is solely for file system level isolation.Type: one of "full-apivfs", "chroot-only"
Default: "full-apivfs"
Declared by:
<nixpkgs/nixos/modules/security/systemd-confinement.nix>
- systemd.services.<name>.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.environment
Environment variables passed to the service's processes.
Type: attribute set of null or string or path or packages
Default: { }
Example: { LANG = "nl_NL.UTF-8"; PATH = "/foo/bar/bin"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.path
Packages added to the service's PATH environment variable. Both the bin and sbin subdirectories of each package are added.
Type: list of package or strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.postStart
Shell commands executed after the service's main process is started.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.postStop
Shell commands executed after the service's main process has exited.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.preStart
Shell commands executed before the service's main process is started.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.preStop
Shell commands executed to stop the service.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.reload
Shell commands executed when the service's main process is reloaded.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.reloadIfChanged
Whether the service should be reloaded during a NixOS configuration switch if its definition has changed. If enabled, the value of restartIfChanged is ignored.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.requiredBy
Units that require (i.e. depend on and need to go down with) this unit. The discussion under wantedBy applies here as well: inverse .requires symlinks are established.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.restartIfChanged
Whether the service should be restarted during a NixOS configuration switch if its definition has changed.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.script
Shell commands executed as the service's main process.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.scriptArgs
Arguments passed to the main process script.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.serviceConfig
Each attribute in this set specifies an option in the [Service] section of the unit. See systemd.service(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { RestartSec = 5; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.startAt
Automatically start this unit at the given date/time, which must be in the format described in systemd.time(7). This is equivalent to adding a corresponding timer unit with OnCalendar set to the value given here.
Type: string or list of strings
Default: [ ]
Example: "Sun 14:00:00"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.startLimitBurst
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.startLimitIntervalSec
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.stopIfChanged
If set, a changed unit is restarted by calling systemctl stop in the old configuration, then systemctl start in the new one. Otherwise, it is restarted in a single step using systemctl restart in the new configuration. The latter is less correct because it runs the ExecStop commands from the new configuration.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.unitConfig
Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { RequiresMountsFor = "/data"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way to make a unit start by default at boot is to set this option to [ "multi-user.target" ]. That's despite the fact that the systemd.unit(5) manpage says this option goes in the [Install] section that controls the behaviour of systemctl enable. Since such a process is stateful and thus contrary to the design of NixOS, setting this option instead causes the equivalent inverse .wants symlink to be present, establishing the same desired relationship in a stateless way.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.services.<name>.wants
Start the specified units when this unit is started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.shutdown
Definition of systemd shutdown executables. For each NAME = VALUE pair of the attrSet, a link is generated from /etc/systemd/system-shutdown/NAME to VALUE.
Type: attribute set of paths
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.sleep.extraConfig
Extra config options for systemd sleep state logic. See sleep.conf.d(5) man page for available options.
Type: strings concatenated with "\n"
Default: ""
Example: "HibernateDelaySec=1h"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.slices
Definition of slice configurations.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.slices.<name>.enable
If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started. Note that enable=true does not make a unit start by default at boot; if you want that, see wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.slices.<name>.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.slices.<name>.aliases
Aliases of that unit.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.slices.<name>.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.slices.<name>.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.slices.<name>.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.slices.<name>.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.slices.<name>.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.slices.<name>.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.slices.<name>.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.slices.<name>.requiredBy
Units that require (i.e. depend on and need to go down with) this unit. The discussion under wantedBy applies here as well: inverse .requires symlinks are established.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.slices.<name>.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.slices.<name>.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.slices.<name>.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.slices.<name>.sliceConfig
Each attribute in this set specifies an option in the [Slice] section of the unit. See systemd.slice(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { MemoryMax = "2G"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.slices.<name>.startLimitBurst
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.slices.<name>.startLimitIntervalSec
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.slices.<name>.unitConfig
Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { RequiresMountsFor = "/data"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.slices.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way to make a unit start by default at boot is to set this option to [ "multi-user.target" ]. That's despite the fact that the systemd.unit(5) manpage says this option goes in the [Install] section that controls the behaviour of systemctl enable. Since such a process is stateful and thus contrary to the design of NixOS, setting this option instead causes the equivalent inverse .wants symlink to be present, establishing the same desired relationship in a stateless way.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.slices.<name>.wants
Start the specified units when this unit is started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.sockets
Definition of systemd socket units.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.sockets.<name>.enable
If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started. Note that enable=true does not make a unit start by default at boot; if you want that, see wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.sockets.<name>.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.sockets.<name>.aliases
Aliases of that unit.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.sockets.<name>.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.sockets.<name>.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.sockets.<name>.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.sockets.<name>.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.sockets.<name>.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.sockets.<name>.listenDatagrams
For each item in this list, a ListenDatagram option in the [Socket] section will be created.
Type: list of strings
Default: [ ]
Example: [ "0.0.0.0:993" "/run/my-socket" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.sockets.<name>.listenStreams
For each item in this list, a ListenStream option in the [Socket] section will be created.
Type: list of strings
Default: [ ]
Example: [ "0.0.0.0:993" "/run/my-socket" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.sockets.<name>.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.sockets.<name>.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.sockets.<name>.requiredBy
Units that require (i.e. depend on and need to go down with) this unit. The discussion under wantedBy applies here as well: inverse .requires symlinks are established.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.sockets.<name>.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.sockets.<name>.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.sockets.<name>.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.sockets.<name>.socketConfig
Each attribute in this set specifies an option in the [Socket] section of the unit. See systemd.socket(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { ListenStream = "/run/my-socket"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.sockets.<name>.startLimitBurst
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.sockets.<name>.startLimitIntervalSec
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.sockets.<name>.unitConfig
Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { RequiresMountsFor = "/data"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.sockets.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way to make a unit start by default at boot is to set this option to [ "multi-user.target" ]. That's despite the fact that the systemd.unit(5) manpage says this option goes in the [Install] section that controls the behaviour of systemctl enable. Since such a process is stateful and thus contrary to the design of NixOS, setting this option instead causes the equivalent inverse .wants symlink to be present, establishing the same desired relationship in a stateless way.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.sockets.<name>.wants
Start the specified units when this unit is started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.suppressedSystemUnits
A list of units to suppress when generating system systemd configuration directory. This has priority over upstream units, systemd.units, and systemd.additionalUpstreamSystemUnits. The main purpose of this is to suppress a upstream systemd unit with any modifications made to it by other NixOS modules.
Type: list of strings
Default: [ ]
Example: [ "systemd-backlight@.service" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.targets
Definition of systemd target units.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.targets.<name>.enable
If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started. Note that enable=true does not make a unit start by default at boot; if you want that, see wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.targets.<name>.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.targets.<name>.aliases
Aliases of that unit.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.targets.<name>.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.targets.<name>.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.targets.<name>.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.targets.<name>.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.targets.<name>.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.targets.<name>.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.targets.<name>.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.targets.<name>.requiredBy
Units that require (i.e. depend on and need to go down with) this unit. The discussion under wantedBy applies here as well: inverse .requires symlinks are established.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.targets.<name>.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.targets.<name>.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.targets.<name>.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.targets.<name>.startLimitBurst
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.targets.<name>.startLimitIntervalSec
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.targets.<name>.unitConfig
Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { RequiresMountsFor = "/data"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.targets.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way to make a unit start by default at boot is to set this option to [ "multi-user.target" ]. That's despite the fact that the systemd.unit(5) manpage says this option goes in the [Install] section that controls the behaviour of systemctl enable. Since such a process is stateful and thus contrary to the design of NixOS, setting this option instead causes the equivalent inverse .wants symlink to be present, establishing the same desired relationship in a stateless way.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.targets.<name>.wants
Start the specified units when this unit is started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.timers
Definition of systemd timer units.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.timers.<name>.enable
If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started. Note that enable=true does not make a unit start by default at boot; if you want that, see wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.timers.<name>.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.timers.<name>.aliases
Aliases of that unit.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.timers.<name>.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.timers.<name>.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.timers.<name>.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.timers.<name>.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.timers.<name>.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.timers.<name>.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.timers.<name>.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.timers.<name>.requiredBy
Units that require (i.e. depend on and need to go down with) this unit. The discussion under wantedBy applies here as well: inverse .requires symlinks are established.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.timers.<name>.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.timers.<name>.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.timers.<name>.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.timers.<name>.startLimitBurst
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.timers.<name>.startLimitIntervalSec
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.timers.<name>.timerConfig
Each attribute in this set specifies an option in the [Timer] section of the unit. See systemd.timer(5) and systemd.time(7) for details.
Type: attribute set of systemd options
Default: { }
Example: { OnCalendar = "Sun 14:00:00"; Unit = "foo.service"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.timers.<name>.unitConfig
Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { RequiresMountsFor = "/data"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.timers.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way to make a unit start by default at boot is to set this option to [ "multi-user.target" ]. That's despite the fact that the systemd.unit(5) manpage says this option goes in the [Install] section that controls the behaviour of systemctl enable. Since such a process is stateful and thus contrary to the design of NixOS, setting this option instead causes the equivalent inverse .wants symlink to be present, establishing the same desired relationship in a stateless way.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.timers.<name>.wants
Start the specified units when this unit is started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.tmpfiles.packages
List of packages containing systemd-tmpfiles rules.
All files ending in .conf found in pkg/lib/tmpfiles.d will be included. If this folder does not exist or does not contain any files an error will be returned instead.
If a lib output is available, rules are searched there and only there. If there is no lib output it will fall back to out and if that does not exist either, the default output will be used.
Type: list of packages
Default: [ ]
Example: [ pkgs.lvm2 ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.tmpfiles.rules
Rules for creation, deletion and cleaning of volatile and temporary files automatically. See tmpfiles.d(5) for the exact format.
Type: list of strings
Default: [ ]
Example: [ "d /tmp 1777 root root 10d" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.units
Definition of systemd units.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.units.<name>.enable
If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started. Note that enable=true does not make a unit start by default at boot; if you want that, see wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.units.<name>.aliases
Aliases of that unit.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.units.<name>.requiredBy
Units that require (i.e. depend on and need to go down with) this unit. The discussion under wantedBy applies here as well: inverse .requires symlinks are established.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.units.<name>.text
Text of this systemd unit.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.units.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way to make a unit start by default at boot is to set this option to [ "multi-user.target" ]. That's despite the fact that the systemd.unit(5) manpage says this option goes in the [Install] section that controls the behaviour of systemctl enable. Since such a process is stateful and thus contrary to the design of NixOS, setting this option instead causes the equivalent inverse .wants symlink to be present, establishing the same desired relationship in a stateless way.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.extraConfig
Extra config options for systemd user instances. See man systemd-user.conf for available options.
Type: strings concatenated with "\n"
Default: ""
Example: "DefaultCPUAccounting=yes"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.paths
Definition of systemd per-user path units.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.paths.<name>.enable
If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started. Note that enable=true does not make a unit start by default at boot; if you want that, see wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.paths.<name>.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.paths.<name>.aliases
Aliases of that unit.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.paths.<name>.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.paths.<name>.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.paths.<name>.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.paths.<name>.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.paths.<name>.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.paths.<name>.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.paths.<name>.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.paths.<name>.pathConfig
Each attribute in this set specifies an option in the [Path] section of the unit. See systemd.path(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { PathChanged = "/some/path"; Unit = "changedpath.service"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.paths.<name>.requiredBy
Units that require (i.e. depend on and need to go down with) this unit. The discussion under wantedBy applies here as well: inverse .requires symlinks are established.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.paths.<name>.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.paths.<name>.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.paths.<name>.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.paths.<name>.startLimitBurst
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.paths.<name>.startLimitIntervalSec
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.paths.<name>.unitConfig
Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { RequiresMountsFor = "/data"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.paths.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way to make a unit start by default at boot is to set this option to [ "multi-user.target" ]. That's despite the fact that the systemd.unit(5) manpage says this option goes in the [Install] section that controls the behaviour of systemctl enable. Since such a process is stateful and thus contrary to the design of NixOS, setting this option instead causes the equivalent inverse .wants symlink to be present, establishing the same desired relationship in a stateless way.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.paths.<name>.wants
Start the specified units when this unit is started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services
Definition of systemd per-user service units.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.enable
If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started. Note that enable=true does not make a unit start by default at boot; if you want that, see wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.aliases
Aliases of that unit.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.environment
Environment variables passed to the service's processes.
Type: attribute set of null or string or path or packages
Default: { }
Example: { LANG = "nl_NL.UTF-8"; PATH = "/foo/bar/bin"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.path
Packages added to the service's PATH environment variable. Both the bin and sbin subdirectories of each package are added.
Type: list of package or strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.postStart
Shell commands executed after the service's main process is started.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.postStop
Shell commands executed after the service's main process has exited.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.preStart
Shell commands executed before the service's main process is started.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.preStop
Shell commands executed to stop the service.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.reload
Shell commands executed when the service's main process is reloaded.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.reloadIfChanged
Whether the service should be reloaded during a NixOS configuration switch if its definition has changed. If enabled, the value of restartIfChanged is ignored.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.requiredBy
Units that require (i.e. depend on and need to go down with) this unit. The discussion under wantedBy applies here as well: inverse .requires symlinks are established.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.restartIfChanged
Whether the service should be restarted during a NixOS configuration switch if its definition has changed.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.script
Shell commands executed as the service's main process.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.scriptArgs
Arguments passed to the main process script.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.serviceConfig
Each attribute in this set specifies an option in the [Service] section of the unit. See systemd.service(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { RestartSec = 5; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.startAt
Automatically start this unit at the given date/time, which must be in the format described in systemd.time(7). This is equivalent to adding a corresponding timer unit with OnCalendar set to the value given here.
Type: string or list of strings
Default: [ ]
Example: "Sun 14:00:00"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.startLimitBurst
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.startLimitIntervalSec
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.stopIfChanged
If set, a changed unit is restarted by calling systemctl stop in the old configuration, then systemctl start in the new one. Otherwise, it is restarted in a single step using systemctl restart in the new configuration. The latter is less correct because it runs the ExecStop commands from the new configuration.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.unitConfig
Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { RequiresMountsFor = "/data"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way to make a unit start by default at boot is to set this option to [ "multi-user.target" ]. That's despite the fact that the systemd.unit(5) manpage says this option goes in the [Install] section that controls the behaviour of systemctl enable. Since such a process is stateful and thus contrary to the design of NixOS, setting this option instead causes the equivalent inverse .wants symlink to be present, establishing the same desired relationship in a stateless way.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.services.<name>.wants
Start the specified units when this unit is started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.slices
Definition of systemd per-user slice units.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.slices.<name>.enable
If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started. Note that enable=true does not make a unit start by default at boot; if you want that, see wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.slices.<name>.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.slices.<name>.aliases
Aliases of that unit.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.slices.<name>.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.slices.<name>.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.slices.<name>.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.slices.<name>.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.slices.<name>.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.slices.<name>.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.slices.<name>.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.slices.<name>.requiredBy
Units that require (i.e. depend on and need to go down with) this unit. The discussion under wantedBy applies here as well: inverse .requires symlinks are established.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.slices.<name>.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.slices.<name>.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.slices.<name>.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.slices.<name>.sliceConfig
Each attribute in this set specifies an option in the [Slice] section of the unit. See systemd.slice(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { MemoryMax = "2G"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.slices.<name>.startLimitBurst
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.slices.<name>.startLimitIntervalSec
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.slices.<name>.unitConfig
Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { RequiresMountsFor = "/data"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.slices.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way to make a unit start by default at boot is to set this option to [ "multi-user.target" ]. That's despite the fact that the systemd.unit(5) manpage says this option goes in the [Install] section that controls the behaviour of systemctl enable. Since such a process is stateful and thus contrary to the design of NixOS, setting this option instead causes the equivalent inverse .wants symlink to be present, establishing the same desired relationship in a stateless way.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.slices.<name>.wants
Start the specified units when this unit is started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.sockets
Definition of systemd per-user socket units.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.sockets.<name>.enable
If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started. Note that enable=true does not make a unit start by default at boot; if you want that, see wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.sockets.<name>.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.sockets.<name>.aliases
Aliases of that unit.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.sockets.<name>.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.sockets.<name>.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.sockets.<name>.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.sockets.<name>.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.sockets.<name>.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.sockets.<name>.listenDatagrams
For each item in this list, a ListenDatagram option in the [Socket] section will be created.
Type: list of strings
Default: [ ]
Example: [ "0.0.0.0:993" "/run/my-socket" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.sockets.<name>.listenStreams
For each item in this list, a ListenStream option in the [Socket] section will be created.
Type: list of strings
Default: [ ]
Example: [ "0.0.0.0:993" "/run/my-socket" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.sockets.<name>.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.sockets.<name>.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.sockets.<name>.requiredBy
Units that require (i.e. depend on and need to go down with) this unit. The discussion under wantedBy applies here as well: inverse .requires symlinks are established.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.sockets.<name>.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.sockets.<name>.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.sockets.<name>.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.sockets.<name>.socketConfig
Each attribute in this set specifies an option in the [Socket] section of the unit. See systemd.socket(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { ListenStream = "/run/my-socket"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.sockets.<name>.startLimitBurst
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.sockets.<name>.startLimitIntervalSec
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.sockets.<name>.unitConfig
Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { RequiresMountsFor = "/data"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.sockets.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way to make a unit start by default at boot is to set this option to [ "multi-user.target" ]. That's despite the fact that the systemd.unit(5) manpage says this option goes in the [Install] section that controls the behaviour of systemctl enable. Since such a process is stateful and thus contrary to the design of NixOS, setting this option instead causes the equivalent inverse .wants symlink to be present, establishing the same desired relationship in a stateless way.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.sockets.<name>.wants
Start the specified units when this unit is started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.targets
Definition of systemd per-user target units.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.targets.<name>.enable
If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started. Note that enable=true does not make a unit start by default at boot; if you want that, see wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.targets.<name>.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.targets.<name>.aliases
Aliases of that unit.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.targets.<name>.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.targets.<name>.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.targets.<name>.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.targets.<name>.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.targets.<name>.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.targets.<name>.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.targets.<name>.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.targets.<name>.requiredBy
Units that require (i.e. depend on and need to go down with) this unit. The discussion under wantedBy applies here as well: inverse .requires symlinks are established.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.targets.<name>.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.targets.<name>.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.targets.<name>.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.targets.<name>.startLimitBurst
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.targets.<name>.startLimitIntervalSec
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.targets.<name>.unitConfig
Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { RequiresMountsFor = "/data"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.targets.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way to make a unit start by default at boot is to set this option to [ "multi-user.target" ]. That's despite the fact that the systemd.unit(5) manpage says this option goes in the [Install] section that controls the behaviour of systemctl enable. Since such a process is stateful and thus contrary to the design of NixOS, setting this option instead causes the equivalent inverse .wants symlink to be present, establishing the same desired relationship in a stateless way.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.targets.<name>.wants
Start the specified units when this unit is started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.timers
Definition of systemd per-user timer units.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.timers.<name>.enable
If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started. Note that enable=true does not make a unit start by default at boot; if you want that, see wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.timers.<name>.after
If the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.timers.<name>.aliases
Aliases of that unit.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.timers.<name>.before
If the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.timers.<name>.bindsTo
Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.timers.<name>.conflicts
If the specified units are started, then this unit is stopped and vice versa.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.timers.<name>.description
Description of this unit used in systemd messages and progress indicators.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.timers.<name>.documentation
A list of URIs referencing documentation for this unit or its configuration.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.timers.<name>.onFailure
A list of one or more units that are activated when this unit enters the "failed" state.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.timers.<name>.partOf
If the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.timers.<name>.requiredBy
Units that require (i.e. depend on and need to go down with) this unit. The discussion under wantedBy applies here as well: inverse .requires symlinks are established.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.timers.<name>.requires
Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.timers.<name>.requisite
Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.timers.<name>.restartTriggers
An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecifieds
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.timers.<name>.startLimitBurst
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.timers.<name>.startLimitIntervalSec
Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.timers.<name>.timerConfig
Each attribute in this set specifies an option in the [Timer] section of the unit. See systemd.timer(5) and systemd.time(7) for details.
Type: attribute set of systemd options
Default: { }
Example: { OnCalendar = "Sun 14:00:00"; Unit = "foo.service"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.timers.<name>.unitConfig
Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.
Type: attribute set of systemd options
Default: { }
Example: { RequiresMountsFor = "/data"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.timers.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way to make a unit start by default at boot is to set this option to [ "multi-user.target" ]. That's despite the fact that the systemd.unit(5) manpage says this option goes in the [Install] section that controls the behaviour of systemctl enable. Since such a process is stateful and thus contrary to the design of NixOS, setting this option instead causes the equivalent inverse .wants symlink to be present, establishing the same desired relationship in a stateless way.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.timers.<name>.wants
Start the specified units when this unit is started.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.units
Definition of systemd per-user units.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.units.<name>.enable
If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started. Note that enable=true does not make a unit start by default at boot; if you want that, see wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.units.<name>.aliases
Aliases of that unit.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.units.<name>.requiredBy
Units that require (i.e. depend on and need to go down with) this unit. The discussion under wantedBy applies here as well: inverse .requires symlinks are established.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.units.<name>.text
Text of this systemd unit.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.user.units.<name>.wantedBy
Units that want (i.e. depend on) this unit. The standard way to make a unit start by default at boot is to set this option to [ "multi-user.target" ]. That's despite the fact that the systemd.unit(5) manpage says this option goes in the [Install] section that controls the behaviour of systemctl enable. Since such a process is stateful and thus contrary to the design of NixOS, setting this option instead causes the equivalent inverse .wants symlink to be present, establishing the same desired relationship in a stateless way.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.watchdog.device
The path to a hardware watchdog device which will be managed by systemd. If not specified, systemd will default to /dev/watchdog.
Type: null or path
Default: null
Example: "/dev/watchdog"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.watchdog.kexecTime
The amount of time which can elapse when kexec is being executed before a watchdog hardware device will automatically reboot the system. This option should only be enabled if reloadTime is also enabled. Valid time units include "ms", "s", "min", "h", "d", and "w".
Type: null or string
Default: null
Example: "10m"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.watchdog.rebootTime
The amount of time which can elapse after a reboot has been triggered before a watchdog hardware device will automatically reboot the system. Valid time units include "ms", "s", "min", "h", "d", and "w".
Type: null or string
Default: null
Example: "10m"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- systemd.watchdog.runtimeTime
The amount of time which can elapse before a watchdog hardware device will automatically reboot the system. Valid time units include "ms", "s", "min", "h", "d", and "w".
Type: null or string
Default: null
Example: "30s"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
- time.hardwareClockInLocalTime
If set, keep the hardware clock in local time instead of UTC.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/locale.nix>
- time.timeZone
The time zone used when displaying times and dates. See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones for a comprehensive list of possible values for this setting.
If null, the timezone will default to UTC and can be set imperatively using timedatectl.
Type: null or string without spaces
Default: null
Example: "America/New_York"
Declared by:
<nixpkgs/nixos/modules/config/locale.nix>
- users.defaultUserShell
This option defines the default shell assigned to user accounts. This can be either a full system path or a shell package.
This must not be a store path, since the path is used outside the store (in particular in /etc/passwd).
Type: path or package
Example: pkgs.zsh
Declared by:
<nixpkgs/nixos/modules/programs/shadow.nix>
- users.enforceIdUniqueness
Whether to require that no two users/groups share the same uid/gid.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraGroups
Alias of users.groups.
Type: attribute set of submodules
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraGroups.<name>.gid
The group GID. If the GID is null, a free GID is picked on activation.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraGroups.<name>.members
The user names of the group members, added to the /etc/group file.
Type: list of string, not containing newlines or colonss
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraGroups.<name>.name
The name of the group. If undefined, the name of the attribute set will be used.
Type: string, not containing newlines or colons
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers
Alias of users.users.
Type: attribute set of submodules
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.packages
The set of packages that should be made available to the user. This is in contrast to environment.systemPackages, which adds packages to all users.
Type: list of packages
Default: [ ]
Example: [ pkgs.firefox pkgs.thunderbird ]
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.createHome
Whether to create the home directory and ensure ownership as well as permissions to match the user.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.cryptHomeLuks
Path to encrypted luks device that contains the user's home directory.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.description
A short description of the user account, typically the user's full name. This is actually the “GECOS” or “comment” field in /etc/passwd.
Type: string, not containing newlines or colons
Default: ""
Example: "Alice Q. User"
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.extraGroups
The user's auxiliary groups.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.group
The user's primary group.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.hashedPassword
Specifies the hashed password for the user. The options hashedPassword, password and passwordFile controls what password is set for the user. hashedPassword overrides both password and passwordFile. password overrides passwordFile. If none of these three options are set, no password is assigned to the user, and the user will not be able to do password logins. If the option users.mutableUsers is true, the password defined in one of the three options will only be set when the user is created for the first time. After that, you are free to change the password with the ordinary user management commands. If users.mutableUsers is false, you cannot change user passwords, they will always be set according to the password options.
To generate a hashed password run mkpasswd -m sha-512.
If set to an empty string (""), this user will be able to log in without being asked for a password (but not via remote services such as SSH, or indirectly via su or sudo). This should only be used for e.g. bootable live systems. Note: this is different from setting an empty password, which ca be achieved using users.users.<name?>.password.
If set to null (default) this user will not be able to log in using a password (i.e. via login command).
Type: null or string, not containing newlines or colons
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.home
The user's home directory.
Type: path, not containing newlines or colons
Default: "/var/empty"
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.initialHashedPassword
Specifies the initial hashed password for the user, i.e. the hashed password assigned if the user does not already exist. If users.mutableUsers is true, the password can be changed subsequently using the passwd command. Otherwise, it's equivalent to setting the hashedPassword option.
To generate a hashed password run mkpasswd -m sha-512.
If set to an empty string (""), this user will be able to log in without being asked for a password (but not via remote services such as SSH, or indirectly via su or sudo). This should only be used for e.g. bootable live systems. Note: this is different from setting an empty password, which ca be achieved using users.users.<name?>.password.
If set to null (default) this user will not be able to log in using a password (i.e. via login command).
Type: null or string, not containing newlines or colons
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.initialPassword
Specifies the initial password for the user, i.e. the password assigned if the user does not already exist. If users.mutableUsers is true, the password can be changed subsequently using the passwd command. Otherwise, it's equivalent to setting the password option. The same caveat applies: the password specified here is world-readable in the Nix store, so it should only be used for guest accounts or passwords that will be changed promptly.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.isNormalUser
Indicates whether this is an account for a “real” user. This automatically sets group to users, createHome to true, home to /home/username, useDefaultShell to true, and isSystemUser to false. Exactly one of isNormalUser and isSystemUser must be true.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.isSystemUser
Indicates if the user is a system user or not. This option only has an effect if uid is null, in which case it determines whether the user's UID is allocated in the range for system users (below 500) or in the range for normal users (starting at 1000). Exactly one of isNormalUser and isSystemUser must be true.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.name
The name of the user account. If undefined, the name of the attribute set will be used.
Type: string, not containing newlines or colons
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.openssh.authorizedKeys.keyFiles
A list of files each containing one OpenSSH public key that should be added to the user's authorized keys. The contents of the files are read at build time and added to a file that the SSH daemon reads in addition to the the user's authorized_keys file. You can combine the keyFiles and keys options.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- users.extraUsers.<name>.openssh.authorizedKeys.keys
A list of verbatim OpenSSH public keys that should be added to the user's authorized keys. The keys are added to a file that the SSH daemon reads in addition to the the user's authorized_keys file. You can combine the keys and keyFiles options. Warning: If you are using NixOps then don't use this option since it will replace the key required for deployment via ssh.
Type: list of strings
Default: [ ]
Example: [ "ssh-rsa AAAAB3NzaC1yc2etc/etc/etcjwrsh8e596z6J0l7 example@host" "ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ foo@bar" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- users.extraUsers.<name>.pamMount
Attributes for user's entry in pam_mount.conf.xml. Useful attributes might include path, options, fstype, and server. See http://pam-mount.sourceforge.net/pam_mount.conf.5.html for more information.
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.password
Specifies the (clear text) password for the user. Warning: do not set confidential information here because it is world-readable in the Nix store. This option should only be used for public accounts. The options hashedPassword, password and passwordFile controls what password is set for the user. hashedPassword overrides both password and passwordFile. password overrides passwordFile. If none of these three options are set, no password is assigned to the user, and the user will not be able to do password logins. If the option users.mutableUsers is true, the password defined in one of the three options will only be set when the user is created for the first time. After that, you are free to change the password with the ordinary user management commands. If users.mutableUsers is false, you cannot change user passwords, they will always be set according to the password options.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.passwordFile
The full path to a file that contains the user's password. The password file is read on each system activation. The file should contain exactly one line, which should be the password in an encrypted form that is suitable for the chpasswd -e command. The options hashedPassword, password and passwordFile controls what password is set for the user. hashedPassword overrides both password and passwordFile. password overrides passwordFile. If none of these three options are set, no password is assigned to the user, and the user will not be able to do password logins. If the option users.mutableUsers is true, the password defined in one of the three options will only be set when the user is created for the first time. After that, you are free to change the password with the ordinary user management commands. If users.mutableUsers is false, you cannot change user passwords, they will always be set according to the password options.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.shell
The path to the user's shell. Can use shell derivations, like pkgs.bashInteractive. Don’t forget to enable your shell in programs if necessary, like programs.zsh.enable = true;.
Type: null or package or path, not containing newlines or colons
Default: pkgs.shadow
Example: pkgs.bashInteractive
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.subGidRanges
Subordinate group ids that user is allowed to use. They are set into /etc/subgid and are used by newgidmap for user namespaces.
Type: list of submodules
Default: [ ]
Example: [ { count = 1; startGid = 100; } { count = 999; startGid = 1001; } ]
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.subGidRanges.*.count
Count of subordinate group ids
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.subGidRanges.*.startGid
Start of the range of subordinate group ids that user is allowed to use.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.subUidRanges
Subordinate user ids that user is allowed to use. They are set into /etc/subuid and are used by newuidmap for user namespaces.
Type: list of submodules
Default: [ ]
Example: [ { count = 1; startUid = 1000; } { count = 65534; startUid = 100001; } ]
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.subUidRanges.*.count
Count of subordinate user ids
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.subUidRanges.*.startUid
Start of the range of subordinate user ids that user is allowed to use.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.uid
The account UID. If the UID is null, a free UID is picked on activation.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.extraUsers.<name>.useDefaultShell
If true, the user's shell will be set to users.defaultUserShell.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.groups
Additional groups to be created automatically by the system.
Type: attribute set of submodules
Default: { }
Example: { hackers = { } ; students = { gid = 1001; } ; }
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.groups.<name>.gid
The group GID. If the GID is null, a free GID is picked on activation.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.groups.<name>.members
The user names of the group members, added to the /etc/group file.
Type: list of string, not containing newlines or colonss
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.groups.<name>.name
The name of the group. If undefined, the name of the attribute set will be used.
Type: string, not containing newlines or colons
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.ldap.enable
Whether to enable authentication against an LDAP server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
- users.ldap.base
The distinguished name of the search base.
Type: string
Example: "dc=example,dc=org"
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
- users.ldap.bind.distinguishedName
The distinguished name to bind to the LDAP server with. If this is not specified, an anonymous bind will be done.
Type: string
Default: ""
Example: "cn=admin,dc=example,dc=com"
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
- users.ldap.bind.passwordFile
The path to a file containing the credentials to use when binding to the LDAP server (if not binding anonymously).
Type: string
Default: "/etc/ldap/bind.password"
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
- users.ldap.bind.policy
Specifies the policy to use for reconnecting to an unavailable LDAP server. The default is hard_open, which reconnects if opening the connection to the directory server failed. By contrast, hard_init reconnects if initializing the connection failed. Initializing may not actually contact the directory server, and it is possible that a malformed configuration file will trigger reconnection. If soft is specified, then nss_ldap will return immediately on server failure. All hard reconnect policies block with exponential backoff before retrying.
Type: one of "hard_open", "hard_init", "soft"
Default: "hard_open"
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
- users.ldap.bind.timeLimit
Specifies the time limit (in seconds) to use when connecting to the directory server. This is distinct from the time limit specified in users.ldap.timeLimit and affects the initial server connection only.
Type: signed integer
Default: 30
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
- users.ldap.daemon.enable
Whether to let the nslcd daemon (nss-pam-ldapd) handle the LDAP lookups for NSS and PAM. This can improve performance, and if you need to bind to the LDAP server with a password, it increases security, since only the nslcd user needs to have access to the bindpw file, not everyone that uses NSS and/or PAM. If this option is enabled, a local nscd user is created automatically, and the nslcd service is started automatically when the network get up.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
- users.ldap.daemon.extraConfig
Extra configuration options that will be added verbatim at the end of the nslcd configuration file (nslcd.conf(5)).
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
- users.ldap.daemon.rootpwmoddn
The distinguished name to use to bind to the LDAP server when the root user tries to modify a user's password.
Type: string
Default: ""
Example: "cn=admin,dc=example,dc=com"
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
- users.ldap.daemon.rootpwmodpwFile
The path to a file containing the credentials with which to bind to the LDAP server if the root user tries to change a user's password.
Type: string
Default: ""
Example: "/run/keys/nslcd.rootpwmodpw"
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
- users.ldap.extraConfig
Extra configuration options that will be added verbatim at the end of the ldap configuration file (ldap.conf(5)). If users.ldap.daemon is enabled, this configuration will not be used. In that case, use users.ldap.daemon.extraConfig instead.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
- users.ldap.loginPam
Whether to include authentication against LDAP in login PAM.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
- users.ldap.nsswitch
Whether to include lookup against LDAP in NSS.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
- users.ldap.server
The URL of the LDAP server.
Type: string
Example: "ldap://ldap.example.org/"
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
- users.ldap.timeLimit
Specifies the time limit (in seconds) to use when performing searches. A value of zero (0), which is the default, is to wait indefinitely for searches to be completed.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
- users.ldap.useTLS
If enabled, use TLS (encryption) over an LDAP (port 389) connection. The alternative is to specify an LDAPS server (port 636) in users.ldap.server or to forego security.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
- users.motd
Message of the day shown to users when they log in.
Type: null or strings concatenated with "\n"
Default: null
Example: "Today is Sweetmorn, the 4th day of The Aftermath in the YOLD 3178."
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
- users.mutableUsers
If set to true, you are free to add new users and groups to the system with the ordinary useradd and groupadd commands. On system activation, the existing contents of the /etc/passwd and /etc/group files will be merged with the contents generated from the users.users and users.groups options. The initial password for a user will be set according to users.users, but existing passwords will not be changed.
Warning
If set to false, the contents of the user and group files will simply be replaced on system activation. This also holds for the user passwords; all changed passwords will be reset according to the users.users configuration on activation.Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users
Additional user accounts to be created automatically by the system. This can also be used to set options for root.
Type: attribute set of submodules
Default: { }
Example: { alice = { createHome = true; description = "Alice Q. User"; extraGroups = [ "wheel" ] ; group = "users"; home = "/home/alice"; shell = "/bin/sh"; uid = 1234; } ; }
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
<nixpkgs/nixos/modules/config/users-groups.nix>- users.users.<name>.packages
The set of packages that should be made available to the user. This is in contrast to environment.systemPackages, which adds packages to all users.
Type: list of packages
Default: [ ]
Example: [ pkgs.firefox pkgs.thunderbird ]
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users.<name>.createHome
Whether to create the home directory and ensure ownership as well as permissions to match the user.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users.<name>.cryptHomeLuks
Path to encrypted luks device that contains the user's home directory.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users.<name>.description
A short description of the user account, typically the user's full name. This is actually the “GECOS” or “comment” field in /etc/passwd.
Type: string, not containing newlines or colons
Default: ""
Example: "Alice Q. User"
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users.<name>.extraGroups
The user's auxiliary groups.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users.<name>.group
The user's primary group.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users.<name>.hashedPassword
Specifies the hashed password for the user. The options hashedPassword, password and passwordFile controls what password is set for the user. hashedPassword overrides both password and passwordFile. password overrides passwordFile. If none of these three options are set, no password is assigned to the user, and the user will not be able to do password logins. If the option users.mutableUsers is true, the password defined in one of the three options will only be set when the user is created for the first time. After that, you are free to change the password with the ordinary user management commands. If users.mutableUsers is false, you cannot change user passwords, they will always be set according to the password options.
To generate a hashed password run mkpasswd -m sha-512.
If set to an empty string (""), this user will be able to log in without being asked for a password (but not via remote services such as SSH, or indirectly via su or sudo). This should only be used for e.g. bootable live systems. Note: this is different from setting an empty password, which ca be achieved using users.users.<name?>.password.
If set to null (default) this user will not be able to log in using a password (i.e. via login command).
Type: null or string, not containing newlines or colons
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users.<name>.home
The user's home directory.
Type: path, not containing newlines or colons
Default: "/var/empty"
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users.<name>.initialHashedPassword
Specifies the initial hashed password for the user, i.e. the hashed password assigned if the user does not already exist. If users.mutableUsers is true, the password can be changed subsequently using the passwd command. Otherwise, it's equivalent to setting the hashedPassword option.
To generate a hashed password run mkpasswd -m sha-512.
If set to an empty string (""), this user will be able to log in without being asked for a password (but not via remote services such as SSH, or indirectly via su or sudo). This should only be used for e.g. bootable live systems. Note: this is different from setting an empty password, which ca be achieved using users.users.<name?>.password.
If set to null (default) this user will not be able to log in using a password (i.e. via login command).
Type: null or string, not containing newlines or colons
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users.<name>.initialPassword
Specifies the initial password for the user, i.e. the password assigned if the user does not already exist. If users.mutableUsers is true, the password can be changed subsequently using the passwd command. Otherwise, it's equivalent to setting the password option. The same caveat applies: the password specified here is world-readable in the Nix store, so it should only be used for guest accounts or passwords that will be changed promptly.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users.<name>.isNormalUser
Indicates whether this is an account for a “real” user. This automatically sets group to users, createHome to true, home to /home/username, useDefaultShell to true, and isSystemUser to false. Exactly one of isNormalUser and isSystemUser must be true.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users.<name>.isSystemUser
Indicates if the user is a system user or not. This option only has an effect if uid is null, in which case it determines whether the user's UID is allocated in the range for system users (below 500) or in the range for normal users (starting at 1000). Exactly one of isNormalUser and isSystemUser must be true.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users.<name>.name
The name of the user account. If undefined, the name of the attribute set will be used.
Type: string, not containing newlines or colons
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users.<name>.openssh.authorizedKeys.keyFiles
A list of files each containing one OpenSSH public key that should be added to the user's authorized keys. The contents of the files are read at build time and added to a file that the SSH daemon reads in addition to the the user's authorized_keys file. You can combine the keyFiles and keys options.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- users.users.<name>.openssh.authorizedKeys.keys
A list of verbatim OpenSSH public keys that should be added to the user's authorized keys. The keys are added to a file that the SSH daemon reads in addition to the the user's authorized_keys file. You can combine the keys and keyFiles options. Warning: If you are using NixOps then don't use this option since it will replace the key required for deployment via ssh.
Type: list of strings
Default: [ ]
Example: [ "ssh-rsa AAAAB3NzaC1yc2etc/etc/etcjwrsh8e596z6J0l7 example@host" "ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ foo@bar" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
- users.users.<name>.pamMount
Attributes for user's entry in pam_mount.conf.xml. Useful attributes might include path, options, fstype, and server. See http://pam-mount.sourceforge.net/pam_mount.conf.5.html for more information.
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users.<name>.password
Specifies the (clear text) password for the user. Warning: do not set confidential information here because it is world-readable in the Nix store. This option should only be used for public accounts. The options hashedPassword, password and passwordFile controls what password is set for the user. hashedPassword overrides both password and passwordFile. password overrides passwordFile. If none of these three options are set, no password is assigned to the user, and the user will not be able to do password logins. If the option users.mutableUsers is true, the password defined in one of the three options will only be set when the user is created for the first time. After that, you are free to change the password with the ordinary user management commands. If users.mutableUsers is false, you cannot change user passwords, they will always be set according to the password options.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users.<name>.passwordFile
The full path to a file that contains the user's password. The password file is read on each system activation. The file should contain exactly one line, which should be the password in an encrypted form that is suitable for the chpasswd -e command. The options hashedPassword, password and passwordFile controls what password is set for the user. hashedPassword overrides both password and passwordFile. password overrides passwordFile. If none of these three options are set, no password is assigned to the user, and the user will not be able to do password logins. If the option users.mutableUsers is true, the password defined in one of the three options will only be set when the user is created for the first time. After that, you are free to change the password with the ordinary user management commands. If users.mutableUsers is false, you cannot change user passwords, they will always be set according to the password options.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users.<name>.shell
The path to the user's shell. Can use shell derivations, like pkgs.bashInteractive. Don’t forget to enable your shell in programs if necessary, like programs.zsh.enable = true;.
Type: null or package or path, not containing newlines or colons
Default: pkgs.shadow
Example: pkgs.bashInteractive
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users.<name>.subGidRanges
Subordinate group ids that user is allowed to use. They are set into /etc/subgid and are used by newgidmap for user namespaces.
Type: list of submodules
Default: [ ]
Example: [ { count = 1; startGid = 100; } { count = 999; startGid = 1001; } ]
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users.<name>.subGidRanges.*.count
Count of subordinate group ids
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users.<name>.subGidRanges.*.startGid
Start of the range of subordinate group ids that user is allowed to use.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users.<name>.subUidRanges
Subordinate user ids that user is allowed to use. They are set into /etc/subuid and are used by newuidmap for user namespaces.
Type: list of submodules
Default: [ ]
Example: [ { count = 1; startUid = 1000; } { count = 65534; startUid = 100001; } ]
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users.<name>.subUidRanges.*.count
Count of subordinate user ids
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users.<name>.subUidRanges.*.startUid
Start of the range of subordinate user ids that user is allowed to use.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users.<name>.uid
The account UID. If the UID is null, a free UID is picked on activation.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- users.users.<name>.useDefaultShell
If true, the user's shell will be set to users.defaultUserShell.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
- virtualisation.additionalPaths
A list of paths whose closure should be made available to the VM.
When 9p is used, the closure is registered in the Nix database in the VM. All other paths in the host Nix store appear in the guest Nix store as well, but are considered garbage (because they are not registered in the Nix database of the guest).
When virtualisation.useNixStoreImage is set, the closure is copied to the Nix store image.
Type: list of paths
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.anbox.enable
Whether to enable Anbox.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/anbox.nix>
- virtualisation.anbox.extraInit
Extra shell commands to be run inside the container image during init.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/virtualisation/anbox.nix>
- virtualisation.anbox.image
Base android image for Anbox.
Type: package
Default: pkgs.anbox.image
Declared by:
<nixpkgs/nixos/modules/virtualisation/anbox.nix>
- virtualisation.anbox.ipv4.container.address
IPv4 Container address.
Type: string
Default: "192.168.250.2"
Declared by:
<nixpkgs/nixos/modules/virtualisation/anbox.nix>
- virtualisation.anbox.ipv4.container.prefixLength
Subnet mask of the Container address, specified as the number of bits in the prefix (24).
Type: signed integer
Default: 24
Declared by:
<nixpkgs/nixos/modules/virtualisation/anbox.nix>
- virtualisation.anbox.ipv4.dns
Container DNS server.
Type: string
Default: "1.1.1.1"
Declared by:
<nixpkgs/nixos/modules/virtualisation/anbox.nix>
- virtualisation.anbox.ipv4.gateway.address
IPv4 Host address.
Type: string
Default: "192.168.250.1"
Declared by:
<nixpkgs/nixos/modules/virtualisation/anbox.nix>
- virtualisation.anbox.ipv4.gateway.prefixLength
Subnet mask of the Host address, specified as the number of bits in the prefix (24).
Type: signed integer
Default: 24
Declared by:
<nixpkgs/nixos/modules/virtualisation/anbox.nix>
- virtualisation.bios
An alternate BIOS (such as qboot) with which to start the VM. Should contain a file named bios.bin. If null, QEMU's builtin SeaBIOS will be used.
Type: null or package
Default: null
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.bootDevice
The disk to be used for the root filesystem.
Type: path
Example: "/dev/vda"
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.containerd.enable
Whether to enable containerd container runtime.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/containerd.nix>
- virtualisation.containerd.args
extra args to append to the containerd cmdline
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/containerd.nix>
- virtualisation.containerd.configFile
Path to containerd config file. Setting this option will override any configuration applied by the settings option.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/virtualisation/containerd.nix>
- virtualisation.containerd.settings
Verbatim lines to add to containerd.toml
Type: TOML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/containerd.nix>
- virtualisation.containers.enable
This option enables the common /etc/containers configuration module.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
- virtualisation.containers.containersConf.cniPlugins
CNI plugins to install on the system.
Type: list of packages
Default:
[ pkgs.cni-plugins ]
Example:
[ pkgs.cniPlugins.dnsname ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
- virtualisation.containers.containersConf.settings
containers.conf configuration
Type: TOML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
- virtualisation.containers.ociSeccompBpfHook.enable
Enable the OCI seccomp BPF hook
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
- virtualisation.containers.policy
Signature verification policy file. If this option is empty the default policy file from skopeo will be used.
Type: attribute set
Default: { }
Example:
{ default = [ { type = "insecureAcceptAnything"; } ]; transports = { docker-daemon = { "" = [ { type = "insecureAcceptAnything"; } ]; }; }; }Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
- virtualisation.containers.registries.block
List of blocked repositories.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
- virtualisation.containers.registries.insecure
List of insecure repositories.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
- virtualisation.containers.registries.search
List of repositories to search.
Type: list of strings
Default: [ "docker.io" "quay.io" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
- virtualisation.containers.storage.settings
storage.conf configuration
Type: TOML value
Default: { storage = { driver = "overlay"; graphroot = "/var/lib/containers/storage"; runroot = "/run/containers/storage"; } ; }
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
- virtualisation.cores
Specify the number of cores the guest is permitted to use. The number can be higher than the available cores on the host system.
Type: positive integer, meaning >0
Default: 1
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.cri-o.enable
Whether to enable Container Runtime Interface for OCI (CRI-O).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/cri-o.nix>
- virtualisation.cri-o.extraPackages
Extra packages to be installed in the CRI-O wrapper.
Type: list of packages
Default: [ ]
Example:
[ pkgs.gvisor ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/cri-o.nix>
- virtualisation.cri-o.logLevel
Log level to be used
Type: one of "trace", "debug", "info", "warn", "error", "fatal"
Default: "info"
Declared by:
<nixpkgs/nixos/modules/virtualisation/cri-o.nix>
- virtualisation.cri-o.pauseCommand
Override the default pause command
Type: null or string
Default: null
Example: "/pause"
Declared by:
<nixpkgs/nixos/modules/virtualisation/cri-o.nix>
- virtualisation.cri-o.pauseImage
Override the default pause image for pod sandboxes
Type: null or string
Default: null
Example: "k8s.gcr.io/pause:3.2"
Declared by:
<nixpkgs/nixos/modules/virtualisation/cri-o.nix>
- virtualisation.cri-o.runtime
Override the default runtime
Type: null or string
Default: null
Example: "crun"
Declared by:
<nixpkgs/nixos/modules/virtualisation/cri-o.nix>
- virtualisation.cri-o.settings
Configuration for cri-o, see https://github.com/cri-o/cri-o/blob/master/docs/crio.conf.5.md.
Type: TOML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/cri-o.nix>
- virtualisation.cri-o.storageDriver
Storage driver to be used
Type: one of "btrfs", "overlay", "vfs"
Default: "overlay"
Declared by:
<nixpkgs/nixos/modules/virtualisation/cri-o.nix>
- virtualisation.diskImage
Path to the disk image containing the root filesystem. The image will be created on startup if it does not exist.
Type: string
Default: "./nixos.qcow2"
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.diskSize
The disk size in megabytes of the virtual machine.
Type: null or positive integer, meaning >0
Default: 1024
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.docker.enable
This option enables docker, a daemon that manages linux containers. Users in the "docker" group can interact with the daemon (e.g. to start or stop containers) using the docker command line tool.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
- virtualisation.docker.enableNvidia
Enable nvidia-docker wrapper, supporting NVIDIA GPUs inside docker containers.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
- virtualisation.docker.enableOnBoot
When enabled dockerd is started on boot. This is required for containers which are created with the --restart=always flag to work. If this option is disabled, docker might be started on demand by socket activation.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
- virtualisation.docker.package
Docker package to be used in the module.
Type: package
Default: pkgs.docker
Example: pkgs.docker-edge
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
- virtualisation.docker.autoPrune.enable
Whether to periodically prune Docker resources. If enabled, a systemd timer will run docker system prune -f as specified by the dates option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
- virtualisation.docker.autoPrune.dates
Specification (in the format described by systemd.time(7)) of the time at which the prune will occur.
Type: string
Default: "weekly"
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
- virtualisation.docker.autoPrune.flags
Any additional flags passed to docker system prune.
Type: list of strings
Default: [ ]
Example: [ "--all" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
- virtualisation.docker.extraOptions
The extra command-line options to pass to docker daemon.
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
- virtualisation.docker.listenOptions
A list of unix and tcp docker should listen to. The format follows ListenStream as described in systemd.socket(5).
Type: list of strings
Default: [ "/run/docker.sock" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
- virtualisation.docker.liveRestore
Allow dockerd to be restarted without affecting running container. This option is incompatible with docker swarm.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
- virtualisation.docker.logDriver
This option determines which Docker log driver to use.
Type: one of "none", "json-file", "syslog", "journald", "gelf", "fluentd", "awslogs", "splunk", "etwlogs", "gcplogs"
Default: "journald"
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
- virtualisation.docker.storageDriver
This option determines which Docker storage driver to use. By default it let's docker automatically choose preferred storage driver.
Type: null or one of "aufs", "btrfs", "devicemapper", "overlay", "overlay2", "zfs"
Default: null
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
- virtualisation.efiVars
Path to nvram image containing UEFI variables. The will be created on startup if it does not exist.
Type: string
Default: "./nixos-efi-vars.fd"
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.emptyDiskImages
Additional disk images to provide to the VM. The value is a list of size in megabytes of each disk. These disks are writeable by the VM.
Type: list of positive integer, meaning >0s
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.fileSystems
The file systems to be mounted. It must include an entry for the root directory (mountPoint = "/"). Each entry in the list is an attribute set with the following fields: mountPoint, device, fsType (a file system type recognised by mount; defaults to "auto"), and options (the mount options passed to mount using the -o flag; defaults to [ "defaults" ]).
Instead of specifying device, you can also specify a volume label (label) for file systems that support it, such as ext2/ext3 (see mke2fs -L).
Type: attribute set of submodules
Default: { }
Example:
{ "/".device = "/dev/hda1"; "/data" = { device = "/dev/hda2"; fsType = "ext3"; options = [ "data=journal" ]; }; "/bigdisk".label = "bigdisk"; }Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.fileSystems.<name>.autoFormat
If the device does not currently contain a filesystem (as determined by blkid, then automatically format it with the filesystem type specified in fsType. Use with caution.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- virtualisation.fileSystems.<name>.autoResize
If set, the filesystem is grown to its maximum size before being mounted. (This is typically the size of the containing partition.) This is currently only supported for ext2/3/4 filesystems that are mounted during early boot.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- virtualisation.fileSystems.<name>.depends
List of paths that should be mounted before this one. This filesystem's device and mountPoint are always checked and do not need to be included explicitly. If a path is added to this list, any other filesystem whose mount point is a parent of the path will be mounted before this filesystem. The paths do not need to actually be the mountPoint of some other filesystem.
Type: list of string (with check: non-empty without trailing slash)s
Default: [ ]
Example: [ "/persist" ]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- virtualisation.fileSystems.<name>.device
Location of the device.
Type: null or string (with check: non-empty)
Default: null
Example: "/dev/sda"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- virtualisation.fileSystems.<name>.encrypted.enable
The block device is backed by an encrypted one, adds this device as a initrd luks entry.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
- virtualisation.fileSystems.<name>.encrypted.blkDev
Location of the backing encrypted device.
Type: null or string
Default: null
Example: "/dev/sda1"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
- virtualisation.fileSystems.<name>.encrypted.keyFile
Path to a keyfile used to unlock the backing encrypted device. At the time this keyfile is accessed, the neededForBoot filesystems (see fileSystems.<name?>.neededForBoot) will have been mounted under /mnt-root, so the keyfile path should usually start with "/mnt-root/".
Type: null or string
Default: null
Example: "/mnt-root/root/.swapkey"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
- virtualisation.fileSystems.<name>.encrypted.label
Label of the unlocked encrypted device. Set fileSystems.<name?>.device to /dev/mapper/<label> to mount the unlocked device.
Type: null or string
Default: null
Example: "rootfs"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
- virtualisation.fileSystems.<name>.formatOptions
If autoFormat option is set specifies extra options passed to mkfs.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- virtualisation.fileSystems.<name>.fsType
Type of the file system.
Type: string (with check: non-empty)
Default: "auto"
Example: "ext3"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- virtualisation.fileSystems.<name>.label
Label of the device (if any).
Type: null or string (with check: non-empty)
Default: null
Example: "root-partition"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- virtualisation.fileSystems.<name>.mountPoint
Location of the mounted the file system.
Type: string (with check: non-empty without trailing slash)
Example: "/mnt/usb"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- virtualisation.fileSystems.<name>.neededForBoot
If set, this file system will be mounted in the initial ramdisk. Note that the file system will always be mounted in the initial ramdisk if its mount point is one of the following: /, /nix, /nix/store, /var, /var/log, /var/lib, /var/lib/nixos, /etc, /usr.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
- virtualisation.fileSystems.<name>.noCheck
Disable running fsck on this filesystem.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- virtualisation.fileSystems.<name>.options
Options used to mount the file system.
Type: list of string (with check: non-empty)s
Default: [ "defaults" ]
Example: [ "data=journal" ]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
- virtualisation.forwardPorts
When using the SLiRP user networking (default), this option allows to forward ports to/from the host/guest.
Warning
If the NixOS firewall on the virtual machine is enabled, you also have to open the guest ports to enable the traffic between host and guest.Note
Currently QEMU supports only IPv4 forwarding.Type: list of submodules
Default: [ ]
Example:
[ # forward local port 2222 -> 22, to ssh into the VM { from = "host"; host.port = 2222; guest.port = 22; } # forward local port 80 -> 10.0.2.10:80 in the VLAN { from = "guest"; guest.address = "10.0.2.10"; guest.port = 80; host.address = "127.0.0.1"; host.port = 80; } ]Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.forwardPorts.*.from
Controls the direction in which the ports are mapped:
- "host" means traffic from the host ports is forwarded to the given guest port.
- "guest" means traffic from the guest ports is forwarded to the given host port.
Type: one of "host", "guest"
Default: "host"
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.forwardPorts.*.guest.address
The IPv4 address on the guest VLAN.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.forwardPorts.*.guest.port
The guest port to be mapped.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.forwardPorts.*.host.address
The IPv4 address of the host.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.forwardPorts.*.host.port
The host port to be mapped.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.forwardPorts.*.proto
The protocol to forward.
Type: one of "tcp", "udp"
Default: "tcp"
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.graphics
Whether to run QEMU with a graphics window, or in nographic mode. Serial console will be enabled on both settings, but this will change the preferred console.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.hypervGuest.enable
Whether to enable Hyper-V Guest Support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/hyperv-guest.nix>
- virtualisation.hypervGuest.videoMode
Resolution at which to initialize the video adapter.
Supports screen resolution up to Full HD 1920x1080 with 32 bit color on Windows Server 2012, and 1600x1200 with 16 bit color on Windows Server 2008 R2 or earlier.
Type: string
Default: "1152x864"
Example: "1024x768"
Declared by:
<nixpkgs/nixos/modules/virtualisation/hyperv-guest.nix>
- virtualisation.kvmgt.enable
Whether to enable KVMGT (iGVT-g) VGPU support. Allows Qemu/KVM guests to share host's Intel integrated graphics card. Currently only one graphical device can be shared. To allow users to access the device without root add them to the kvm group: users.extraUsers.<yourusername>.extraGroups = [ "kvm" ]; .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/kvmgt.nix>
- virtualisation.kvmgt.device
PCI ID of graphics card. You can figure it with ls /sys/class/mdev_bus.
Type: string
Default: "0000:00:02.0"
Declared by:
<nixpkgs/nixos/modules/virtualisation/kvmgt.nix>
- virtualisation.kvmgt.vgpus
Virtual GPUs to be used in Qemu. You can find devices via ls /sys/bus/pci/devices/*/mdev_supported_types and find info about device via cat /sys/bus/pci/devices/*/mdev_supported_types/i915-GVTg_V5_4/description
Type: attribute set of submodules
Default: { }
Example: { i915-GVTg_V5_8 = { uuid = [ "a297db4a-f4c2-11e6-90f6-d3b88d6c9525" ] ; } ; }
Declared by:
<nixpkgs/nixos/modules/virtualisation/kvmgt.nix>
- virtualisation.kvmgt.vgpus.<name>.uuid
UUID(s) of VGPU device. You can generate one with libossp_uuid.
Type: list of strings
Declared by:
<nixpkgs/nixos/modules/virtualisation/kvmgt.nix>
- virtualisation.libvirtd.enable
This option enables libvirtd, a daemon that manages virtual machines. Users in the "libvirtd" group can interact with the daemon (e.g. to start or stop VMs) using the virsh command line tool, among others.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
- virtualisation.libvirtd.package
libvirt package to use.
Type: package
Default: pkgs.libvirt
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
- virtualisation.libvirtd.allowedBridges
List of bridge devices that can be used by qemu:///session
Type: list of strings
Default: [ "virbr0" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
- virtualisation.libvirtd.extraConfig
Extra contents appended to the libvirtd configuration file, libvirtd.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
- virtualisation.libvirtd.extraOptions
Extra command line arguments passed to libvirtd on startup.
Type: list of strings
Default: [ ]
Example: [ "--verbose" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
- virtualisation.libvirtd.onBoot
Specifies the action to be done to / on the guests when the host boots. The "start" option starts all guests that were running prior to shutdown regardless of their autostart settings. The "ignore" option will not start the formerly running guest on boot. However, any guest marked as autostart will still be automatically started by libvirtd.
Type: one of "start", "ignore"
Default: "start"
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
- virtualisation.libvirtd.onShutdown
When shutting down / restarting the host what method should be used to gracefully halt the guests. Setting to "shutdown" will cause an ACPI shutdown of each guest. "suspend" will attempt to save the state of the guests ready to restore on boot.
Type: one of "shutdown", "suspend"
Default: "suspend"
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
- virtualisation.libvirtd.qemu
QEMU related options.
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
- virtualisation.libvirtd.qemu.package
Qemu package to use with libvirt. `pkgs.qemu` can emulate alien architectures (e.g. aarch64 on x86) `pkgs.qemu_kvm` saves disk space allowing to emulate only host architectures.
Type: package
Default: pkgs.qemu
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
- virtualisation.libvirtd.qemu.ovmf
QEMU's OVMF options.
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
- virtualisation.libvirtd.qemu.ovmf.enable
Allows libvirtd to take advantage of OVMF when creating new QEMU VMs with UEFI boot.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
- virtualisation.libvirtd.qemu.ovmf.package
OVMF package to use.
Type: package
Default: pkgs.OVMF
Example: pkgs.OVMFFull
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
- virtualisation.libvirtd.qemu.runAsRoot
If true, libvirtd runs qemu as root. If false, libvirtd runs qemu as unprivileged user qemu-libvirtd. Changing this option to false may cause file permission issues for existing guests. To fix these, manually change ownership of affected files in /var/lib/libvirt/qemu to qemu-libvirtd.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
- virtualisation.libvirtd.qemu.swtpm
QEMU's swtpm options.
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
- virtualisation.libvirtd.qemu.swtpm.enable
Allows libvirtd to use swtpm to create an emulated TPM.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
- virtualisation.libvirtd.qemu.swtpm.package
swtpm package to use.
Type: package
Default: pkgs.swtpm
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
- virtualisation.libvirtd.qemu.verbatimConfig
Contents written to the qemu configuration file, qemu.conf. Make sure to include a proper namespace configuration when supplying custom configuration.
Type: strings concatenated with "\n"
Default:
'' namespaces = [] ''
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
- virtualisation.lxc.enable
This enables Linux Containers (LXC), which provides tools for creating and managing system or application containers on Linux.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxc.nix>
- virtualisation.lxc.defaultConfig
Default config (default.conf) for new containers, i.e. for network config. See lxc.container.conf (5).
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxc.nix>
- virtualisation.lxc.lxcfs.enable
This enables LXCFS, a FUSE filesystem for LXC. To use lxcfs in include the following configuration in your container configuration: virtualisation.lxc.defaultConfig = "lxc.include = ${pkgs.lxcfs}/share/lxc/config/common.conf.d/00-lxcfs.conf";
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxcfs.nix>
- virtualisation.lxc.systemConfig
This is the system-wide LXC config. See lxc.system.conf(5).
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxc.nix>
- virtualisation.lxc.usernetConfig
This is the config file for managing unprivileged user network administration access in LXC. See lxc-usernet(5).
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxc.nix>
- virtualisation.lxd.enable
This option enables lxd, a daemon that manages containers. Users in the "lxd" group can interact with the daemon (e.g. to start or stop containers) using the lxc command line tool, among others.
Most of the time, you'll also want to start lxcfs, so that containers can "see" the limits: virtualisation.lxc.lxcfs.enable = true;
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxd.nix>
- virtualisation.lxd.package
The LXD package to use.
Type: package
Default: pkgs.lxd
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxd.nix>
- virtualisation.lxd.lxcPackage
The LXC package to use with LXD (required for AppArmor profiles).
Type: package
Default: pkgs.lxc
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxd.nix>
- virtualisation.lxd.recommendedSysctlSettings
Enables various settings to avoid common pitfalls when running containers requiring many file operations. Fixes errors like "Too many open files" or "neighbour: ndisc_cache: neighbor table overflow!". See https://lxd.readthedocs.io/en/latest/production-setup/ for details.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxd.nix>
- virtualisation.lxd.startTimeout
Time to wait (in seconds) for LXD to become ready to process requests. If LXD does not reply within the configured time, lxd.service will be considered failed and systemd will attempt to restart it.
Type: signed integer
Default: 600
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxd.nix>
- virtualisation.lxd.zfsSupport
Enables lxd to use zfs as a storage for containers.
This option is enabled by default if a zfs pool is configured with nixos.
Type: boolean
Default: config.boot.zfs.enabled
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxd.nix>
- virtualisation.memorySize
The memory size in megabytes of the virtual machine.
Type: positive integer, meaning >0
Default: 1024
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.msize
The msize (maximum packet size) option passed to 9p file systems, in bytes. Increasing this should increase performance significantly, at the cost of higher RAM usage.
Type: positive integer, meaning >0
Default: 16384
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.oci-containers.backend
The underlying Docker implementation to use.
Type: one of "podman", "docker"
Default: "docker"
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
- virtualisation.oci-containers.containers
OCI (Docker) containers to run as systemd services.
Type: attribute set of submodules
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
- virtualisation.oci-containers.containers.<name>.autoStart
When enabled, the container is automatically started on boot. If this option is set to false, the container has to be started on-demand via its service.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
- virtualisation.oci-containers.containers.<name>.cmd
Commandline arguments to pass to the image's entrypoint.
Type: list of strings
Default: [ ]
Example:
["--port=9000"]
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
- virtualisation.oci-containers.containers.<name>.dependsOn
Define which other containers this one depends on. They will be added to both After and Requires for the unit.
Use the same name as the attribute under virtualisation.oci-containers.containers.
Type: list of strings
Default: [ ]
Example:
virtualisation.oci-containers.containers = { node1 = {}; node2 = { dependsOn = [ "node1" ]; } }Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
- virtualisation.oci-containers.containers.<name>.entrypoint
Override the default entrypoint of the image.
Type: null or string
Default: null
Example: "/bin/my-app"
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
- virtualisation.oci-containers.containers.<name>.environment
Environment variables to set for this container.
Type: attribute set of strings
Default: { }
Example:
{ DATABASE_HOST = "db.example.com"; DATABASE_PORT = "3306"; }Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
- virtualisation.oci-containers.containers.<name>.environmentFiles
Environment files for this container.
Type: list of paths
Default: [ ]
Example:
[ /path/to/.env /path/to/.env.secret ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
- virtualisation.oci-containers.containers.<name>.extraOptions
Extra options for docker run.
Type: list of strings
Default: [ ]
Example:
["--network=host"]
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
- virtualisation.oci-containers.containers.<name>.image
OCI image to run.
Type: string
Example: "library/hello-world"
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
- virtualisation.oci-containers.containers.<name>.imageFile
Path to an image file to load instead of pulling from a registry. If defined, do not pull from registry.
You still need to set the image attribute, as it will be used as the image name for docker to start a container.
Type: null or package
Default: null
Example: pkgs.dockerTools.buildDockerImage {...};
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
- virtualisation.oci-containers.containers.<name>.log-driver
Logging driver for the container. The default of "journald" means that the container's logs will be handled as part of the systemd unit.
For more details and a full list of logging drivers, refer to respective backends documentation.
For Docker: Docker engine documentation
For Podman: Refer to the docker-run(1) man page.
Type: string
Default: "journald"
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
- virtualisation.oci-containers.containers.<name>.login.passwordFile
Path to file containing password.
Type: null or string
Default: null
Example: "/etc/nixos/dockerhub-password.txt"
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
- virtualisation.oci-containers.containers.<name>.login.registry
Registry where to login to.
Type: null or string
Default: null
Example: "https://docker.pkg.github.com"
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
- virtualisation.oci-containers.containers.<name>.login.username
Username for login.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
- virtualisation.oci-containers.containers.<name>.ports
Network ports to publish from the container to the outer host.
Valid formats:
- <ip>:<hostPort>:<containerPort>
- <ip>::<containerPort>
- <hostPort>:<containerPort>
- <containerPort>
Both hostPort and containerPort can be specified as a range of ports. When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. Example: 1234-1236:1234-1236/tcp
When specifying a range for hostPort only, the containerPort must not be a range. In this case, the container port is published somewhere within the specified hostPort range. Example: 1234-1236:1234/tcp
Refer to the Docker engine documentation for full details.
Type: list of strings
Default: [ ]
Example:
[ "8080:9000" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
- virtualisation.oci-containers.containers.<name>.user
Override the username or UID (and optionally groupname or GID) used in the container.
Type: null or string
Default: null
Example: "nobody:nogroup"
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
- virtualisation.oci-containers.containers.<name>.volumes
List of volumes to attach to this container.
Note that this is a list of "src:dst" strings to allow for src to refer to /nix/store paths, which would be difficult with an attribute set. There are also a variety of mount options available as a third field; please refer to the docker engine documentation for details.
Type: list of strings
Default: [ ]
Example:
[ "volume_name:/path/inside/container" "/path/on/host:/path/inside/container" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
- virtualisation.oci-containers.containers.<name>.workdir
Override the default working directory for the container.
Type: null or string
Default: null
Example: "/var/lib/hello_world"
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
- virtualisation.podman.enable
This option enables Podman, a daemonless container engine for developing, managing, and running OCI Containers on your Linux System.
It is a drop-in replacement for the docker command.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman.nix>
- virtualisation.podman.enableNvidia
Enable use of NVidia GPUs from within podman containers.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman.nix>
- virtualisation.podman.defaultNetwork.dnsname.enable
Enable DNS resolution in the default podman network.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman-dnsname.nix>
- virtualisation.podman.defaultNetwork.extraPlugins
Extra CNI plugin configurations to add to podman's default network.
Type: list of JSON values
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman.nix>
- virtualisation.podman.dockerCompat
Create an alias mapping docker to podman.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman.nix>
- virtualisation.podman.dockerSocket.enable
Make the Podman socket available in place of the Docker socket, so Docker tools can find the Podman socket.
Podman implements the Docker API.
Users must be in the podman group in order to connect. As with Docker, members of this group can gain root access.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman.nix>
- virtualisation.podman.extraPackages
Extra packages to be installed in the Podman wrapper.
Type: list of packages
Default: [ ]
Example:
[ pkgs.gvisor ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman.nix>
- virtualisation.podman.networkSocket.enable
Make the Podman and Docker compatibility API available over the network with TLS client certificate authentication.
This allows Docker clients to connect with the equivalents of the Docker CLI -H and --tls* family of options.
For certificate setup, see https://docs.docker.com/engine/security/protect-access/
This option is independent of virtualisation.podman.dockerSocket.enable.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman-network-socket.nix>
- virtualisation.podman.networkSocket.listenAddress
Interface address for receiving TLS connections.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman-network-socket.nix>
- virtualisation.podman.networkSocket.openFirewall
Whether to open the port in the firewall.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman-network-socket.nix>
- virtualisation.podman.networkSocket.port
TCP port number for receiving TLS connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 2376
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman-network-socket.nix>
- virtualisation.podman.networkSocket.server
Choice of TLS proxy server.
Type: value "ghostunnel" (singular enum)
Example: "ghostunnel"
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman-network-socket.nix>
<nixpkgs/nixos/modules/virtualisation/podman-network-socket-ghostunnel.nix>- virtualisation.podman.networkSocket.tls.cacert
Path to CA certificate to use for client authentication.
Type: path
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman-network-socket.nix>
- virtualisation.podman.networkSocket.tls.cert
Path to certificate describing the server.
Type: path
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman-network-socket.nix>
- virtualisation.podman.networkSocket.tls.key
Path to the private key corresponding to the server certificate.
Use a string for this setting. Otherwise it will be copied to the Nix store first, where it is readable by any system process.
Type: path
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman-network-socket.nix>
- virtualisation.qemu.package
QEMU package to use.
Type: package
Default: (build of qemu-host-cpu-only-6.1.0)
Example: "pkgs.qemu_test"
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.qemu.consoles
The output console devices to pass to the kernel command line via the console parameter, the primary console is the last item of this list.
By default it enables both serial console and tty0. The preferred console (last one) is based on the value of virtualisation.graphics.
Type: list of strings
Default: [ "ttyS0,115200n8" "tty0" ]
Example: [ "console=tty1" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.qemu.diskInterface
The interface used for the virtual hard disks.
Type: one of "virtio", "scsi", "ide"
Default: "virtio"
Example: "scsi"
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.qemu.drives
Drives passed to qemu.
Type: list of submodules
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.qemu.drives.*.deviceExtraOpts
Extra options passed to device flag.
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.qemu.drives.*.driveExtraOpts
Extra options passed to drive flag.
Type: attribute set of strings
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.qemu.drives.*.file
The file image used for this drive.
Type: string
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.qemu.drives.*.name
A name for the drive. Must be unique in the drives list. Not passed to qemu.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.qemu.guestAgent.enable
Enable the Qemu guest agent.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.qemu.networkingOptions
Networking-related command-line options that should be passed to qemu. The default is to use userspace networking (SLiRP).
If you override this option, be advised to keep ${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} (as seen in the example) to keep the default runtime behaviour.
Type: list of strings
Default: [ ]
Example: [ "-net nic,netdev=user.0,model=virtio" "-netdev user,id=user.0,\${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.qemu.options
Options passed to QEMU.
Type: list of strings
Default: [ ]
Example: [ "-vga std" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.resolution
The resolution of the virtual machine display.
Type: attribute set
Default: { x = 1024; y = 768; }
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.sharedDirectories
An attributes set of directories that will be shared with the virtual machine using VirtFS (9P filesystem over VirtIO). The attribute name will be used as the 9P mount tag.
Type: attribute set of submodules
Default: { }
Example: { my-share = { source = "/path/to/be/shared"; target = "/mnt/shared"; } ; }
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.sharedDirectories.<name>.source
The path of the directory to share, can be a shell variable
Type: string
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.sharedDirectories.<name>.target
The mount point of the directory inside the virtual machine
Type: path
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.spiceUSBRedirection.enable
Install the SPICE USB redirection helper with setuid privileges. This allows unprivileged users to pass USB devices connected to this machine to libvirt VMs, both local and remote. Note that this allows users arbitrary access to USB devices.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/spice-usb-redirection.nix>
- virtualisation.useBootLoader
If enabled, the virtual machine will be booted using the regular boot loader (i.e., GRUB 1 or 2). This allows testing of the boot loader. If disabled (the default), the VM directly boots the NixOS kernel and initial ramdisk, bypassing the boot loader altogether.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.useEFIBoot
If enabled, the virtual machine will provide a EFI boot manager. useEFIBoot is ignored if useBootLoader == false.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.useNixStoreImage
Build and use a disk image for the Nix store, instead of accessing the host's one through 9p.
For applications which do a lot of reads from the store, this can drastically improve performance, but at the cost of disk space and image build time.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.virtualbox.guest.enable
Whether to enable the VirtualBox service and other guest additions.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>
- virtualisation.virtualbox.guest.x11
Whether to enable x11 graphics
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>
- virtualisation.virtualbox.host.enable
Whether to enable VirtualBox.
Note
In order to pass USB devices from the host to the guests, the user needs to be in the vboxusers group.Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix>
- virtualisation.virtualbox.host.enableExtensionPack
Whether to install the Oracle Extension Pack for VirtualBox.
Important
You must set nixpkgs.config.allowUnfree = true in order to use this. This requires you accept the VirtualBox PUEL.Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix>
- virtualisation.virtualbox.host.enableHardening
Enable hardened VirtualBox, which ensures that only the binaries in the system path get access to the devices exposed by the kernel modules instead of all users in the vboxusers group.
Important
Disabling this can put your system's security at risk, as local users in the vboxusers group can tamper with the VirtualBox device files.Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix>
- virtualisation.virtualbox.host.enableWebService
Build VirtualBox web service tool (vboxwebsrv) to allow managing VMs via other webpage frontend tools. Useful for headless servers.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix>
- virtualisation.virtualbox.host.package
Which VirtualBox package to use.
Type: package
Default: pkgs.virtualbox
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix>
- virtualisation.virtualbox.host.addNetworkInterface
Automatically set up a vboxnet0 host-only network interface.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix>
- virtualisation.virtualbox.host.headless
Use VirtualBox installation without GUI and Qt dependency. Useful to enable on servers and when virtual machines are controlled only via SSH.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix>
- virtualisation.vlans
Virtual networks to which the VM is connected. Each number N in this list causes the VM to have a virtual Ethernet interface attached to a separate virtual network on which it will be assigned IP address 192.168.N.M, where M is the index of this VM in the list of VMs.
Type: list of unsigned integer, meaning >=0s
Default: [ 1 ]
Example: [ 1 2 ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.vmware.guest.enable
Whether to enable VMWare Guest Support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/vmware-guest.nix>
- virtualisation.vmware.guest.headless
Whether to disable X11-related features.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/vmware-guest.nix>
- virtualisation.vswitch.enable
Whether to enable Open vSwitch. A configuration daemon (ovs-server) will be started.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/openvswitch.nix>
- virtualisation.vswitch.package
Open vSwitch package to use.
Type: package
Default: pkgs.openvswitch
Declared by:
<nixpkgs/nixos/modules/virtualisation/openvswitch.nix>
- virtualisation.vswitch.ipsec
Whether to start racoon service for openvswitch. Supported only if openvswitch version is less than 2.6.0. Use virtualisation.vswitch.package = pkgs.openvswitch-lts for a version that supports ipsec over GRE.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/openvswitch.nix>
- virtualisation.vswitch.resetOnStart
Whether to reset the Open vSwitch configuration database to a default configuration on every start of the systemd ovsdb.service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/openvswitch.nix>
- virtualisation.waydroid.enable
Whether to enable Waydroid.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/waydroid.nix>
- virtualisation.writableStore
If enabled, the Nix store in the VM is made writable by layering an overlay filesystem on top of the host's Nix store.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.writableStoreUseTmpfs
Use a tmpfs for the writable store instead of writing to the VM's own filesystem.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
- virtualisation.xen.enable
Setting this option enables the Xen hypervisor, a virtualisation technology that allows multiple virtual machines, known as domains, to run concurrently on the physical machine. NixOS runs as the privileged Domain 0. This option requires a reboot to take effect.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
- virtualisation.xen.package
The package used for Xen binary.
Type: package
Default: pkgs.xen
Example: pkgs.xen-light
Related packages:
pkgs.xen (xen-4.10.4) [UNAVAILABLE]: Xen hypervisor and related components (vanilla).
Vanilla version of Xen. Uses forks of Qemu and Seabios bundled with Xen. This gives vanilla experince, but wastes space and build time: typical NixOS setup that runs lots of VMs will build three different versions of Qemu when using this (two forks and upstream). Includes: * firmware/etherboot/ipxe.git: Xen's fork of iPXE. * firmware/seabios-dir-remote: Xen's fork of Seabios. * qemu-xen: Xen's fork of upstream Qemu. * qemu-xen-traditional: Xen's fork of upstream Qemu that uses old device model. * xen-libhvm-dir-remote: Helper library for reading ACPI and SMBIOS firmware values from the host system for use with the HVM guest firmware pass-through feature in Xen.
pkgs.xen-light (xen-4.10.4) [UNAVAILABLE]: Xen hypervisor and related components (light).
Slimmed-down version of Xen without `qemu-traditional` (you don't need it if you don't know what it is). Use with `qemu_xen-light` from nixpkgs. Includes: * firmware/etherboot/ipxe.git: Xen's fork of iPXE. * xen-libhvm-dir-remote: Helper library for reading ACPI and SMBIOS firmware values from the host system for use with the HVM guest firmware pass-through feature in Xen.
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
- virtualisation.xen.package-qemu
The package with qemu binaries for dom0 qemu and xendomains.
Type: package
Default: pkgs.xen
Example: pkgs.qemu_xen-light
Related packages:
pkgs.xen (xen-4.10.4) [UNAVAILABLE]: Xen hypervisor and related components (vanilla).
Vanilla version of Xen. Uses forks of Qemu and Seabios bundled with Xen. This gives vanilla experince, but wastes space and build time: typical NixOS setup that runs lots of VMs will build three different versions of Qemu when using this (two forks and upstream). Includes: * firmware/etherboot/ipxe.git: Xen's fork of iPXE. * firmware/seabios-dir-remote: Xen's fork of Seabios. * qemu-xen: Xen's fork of upstream Qemu. * qemu-xen-traditional: Xen's fork of upstream Qemu that uses old device model. * xen-libhvm-dir-remote: Helper library for reading ACPI and SMBIOS firmware values from the host system for use with the HVM guest firmware pass-through feature in Xen.
pkgs.qemu_xen-light (qemu-xen-host-cpu-only-6.1.0): A generic and open source machine emulator and virtualizer.
For use with pkgs.xen-light.
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
- virtualisation.xen.bootParams
Parameters passed to the Xen hypervisor at boot time.
Type: list of strings
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
- virtualisation.xen.bridge.address
IPv4 address of the bridge.
Type: string
Default: "172.16.0.1"
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
- virtualisation.xen.bridge.forwardDns
If set to true, the DNS queries from the hosts connected to the bridge will be forwarded to the DNS servers specified in /etc/resolv.conf .
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
- virtualisation.xen.bridge.name
Name of bridge the Xen domUs connect to.
Type: string
Default: "xenbr0"
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
- virtualisation.xen.bridge.prefixLength
Subnet mask of the bridge interface, specified as the number of bits in the prefix (24). A DHCP server will provide IP addresses for the whole, remaining subnet.
Type: signed integer
Default: 16
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
- virtualisation.xen.domain0MemorySize
Amount of memory (in MiB) allocated to Domain 0 on boot. If set to 0, all memory is assigned to Domain 0.
Type: signed integer
Default: 0
Example: 512
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
- virtualisation.xen.domains.extraConfig
Options defined here will override the defaults for xendomains. The default options can be seen in the file included from /etc/default/xendomains.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
- virtualisation.xen.stored
Xen Store daemon to use. Defaults to oxenstored of the xen package.
Type: path
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
- virtualisation.xen.trace
Whether to enable Xen tracing.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
- xdg.autostart.enable
Whether to install files to support the XDG Autostart specification.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/xdg/autostart.nix>
- xdg.icons.enable
Whether to install files to support the XDG Icon Theme specification.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/xdg/icons.nix>
- xdg.menus.enable
Whether to install files to support the XDG Desktop Menu specification.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/xdg/menus.nix>
- xdg.mime.enable
Whether to install files to support the XDG Shared MIME-info specification and the XDG MIME Applications specification.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/xdg/mime.nix>
- xdg.mime.addedAssociations
Adds associations between mimetypes and applications. See the specifications for more information.
Type: attribute set of string or list of strings or string convertible to its
Default: { }
Example: { application/pdf = "firefox.desktop"; text/xml = [ "nvim.desktop" "codium.desktop" ] ; }
Declared by:
<nixpkgs/nixos/modules/config/xdg/mime.nix>
- xdg.mime.defaultApplications
Sets the default applications for given mimetypes. See the specifications for more information.
Type: attribute set of string or list of strings or string convertible to its
Default: { }
Example: { application/pdf = "firefox.desktop"; image/png = [ "sxiv.desktop" "gimp.desktop" ] ; }
Declared by:
<nixpkgs/nixos/modules/config/xdg/mime.nix>
- xdg.mime.removedAssociations
Removes associations between mimetypes and applications. See the specifications for more information.
Type: attribute set of string or list of strings or string convertible to its
Default: { }
Example: { audio/mp3 = [ "mpv.desktop" "umpv.desktop" ] ; inode/directory = "codium.desktop"; }
Declared by:
<nixpkgs/nixos/modules/config/xdg/mime.nix>
- xdg.portal.enable
Whether to enable xdg desktop integration.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/config/xdg/portal.nix>
- xdg.portal.extraPortals
List of additional portals to add to path. Portals allow interaction with system, like choosing files or taking screenshots. At minimum, a desktop portal implementation should be listed. GNOME and KDE already adds xdg-desktop-portal-gtk; and xdg-desktop-portal-kde respectively. On other desktop environments you probably want to add them yourself.
Type: list of packages
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/config/xdg/portal.nix>
- xdg.portal.gtkUsePortal
Sets environment variable GTK_USE_PORTAL to 1. This is needed for packages ran outside Flatpak to respect and use XDG Desktop Portals. For example, you'd need to set this for non-flatpak Firefox to use native filechoosers. Defaults to false to respect its opt-in nature.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/xdg/portal.nix>
- xdg.portal.wlr.enable
Whether to enable desktop portal for wlroots-based desktops
This will add the xdg-desktop-portal-wlr package into the xdg.portal.extraPortals option, and provide the configuration file .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/config/xdg/portals/wlr.nix>
- xdg.portal.wlr.settings
Configuration for xdg-desktop-portal-wlr.
See xdg-desktop-portal-wlr(5) for supported values.
Type: attribute set of attribute set of INI atom (null, bool, int, float or string)ss
Default: { }
Example:
{ screencast = { output_name = "HDMI-A-1"; max_fps = 30; exec_before = "disable_notifications.sh"; exec_after = "enable_notifications.sh"; chooser_type = "simple"; chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or"; }; }Declared by:
<nixpkgs/nixos/modules/config/xdg/portals/wlr.nix>
- xdg.sounds.enable
Whether to install files to support the XDG Sound Theme specification.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/xdg/sounds.nix>
- zramSwap.enable
Enable in-memory compressed devices and swap space provided by the zram kernel module. See https://www.kernel.org/doc/Documentation/blockdev/zram.txt.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/zram.nix>
- zramSwap.algorithm
Compression algorithm. lzo has good compression, but is slow. lz4 has bad compression, but is fast. zstd is both good compression and fast, but requires newer kernel. You can check what other algorithms are supported by your zram device with
cat /sys/class/block/zram*/comp_algorithm
Type: one of "lzo", "lz4", "zstd" or string
Default: "zstd"
Example: "lz4"
Declared by:
<nixpkgs/nixos/modules/config/zram.nix>
- zramSwap.memoryMax
Maximum total amount of memory (in bytes) that can be used by the zram swap devices.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/config/zram.nix>
- zramSwap.memoryPercent
Maximum amount of memory that can be used by the zram swap devices (as a percentage of your total memory). Defaults to 1/2 of your total RAM. Run zramctl to check how good memory is compressed.
Type: signed integer
Default: 50
Declared by:
<nixpkgs/nixos/modules/config/zram.nix>
- zramSwap.numDevices
Number of zram devices to create. See also zramSwap.swapDevices
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/config/zram.nix>
- zramSwap.priority
Priority of the zram swap devices. It should be a number higher than the priority of your disk-based swap devices (so that the system will fill the zram swap devices before falling back to disk swap).
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/config/zram.nix>
- zramSwap.swapDevices
Number of zram devices to be used as swap. Must be <= zramSwap.numDevices. Default is same as zramSwap.numDevices, recommended is 1.
Type: null or signed integer
Default: null
Example: 1
Declared by:
<nixpkgs/nixos/modules/config/zram.nix>
Author
Eelco Dolstra
Author
Copyright
Copyright © 2007-2020 Eelco Dolstra