Appendix A. Configuration Options

boot.blacklistedKernelModules

List of names of kernel modules that should not be loaded automatically by the hardware probing code.

Type: "list of strings"

Default: [ ]

Example: [ "cirrusfb" "i2c_piix4" ]

Declared by:

<nixpkgs/nixos/modules/system/boot/modprobe.nix>
boot.cleanTmpDir

Whether to delete all files in /tmp during boot.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/tmp.nix>
boot.consoleLogLevel

The kernel console log level. Only log messages with a priority numerically less than this will appear on the console.

Type: "integer"

Default: 4

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.crashDump.enable

If enabled, NixOS will set up a kernel that will boot on crash, and leave the user to a stage1 debug1devices interactive shell to be able to save the crashed kernel dump. It also activates the NMI watchdog.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/misc/crashdump.nix>
boot.crashDump.kernelPackages

This will override the boot.kernelPackages, and will add some kernel configuration parameters for the crash dump to work.

Type: "unspecified"

Default: "pkgs.linuxPackages"

Example:

pkgs.linuxPackages_2_6_25

Declared by:

<nixpkgs/nixos/modules/misc/crashdump.nix>
boot.crashDump.kernelParams

Parameters that will be passed to the kernel kexec-ed on crash.

Type: "list of strings"

Default: [ "debug1devices" ]

Declared by:

<nixpkgs/nixos/modules/misc/crashdump.nix>
boot.devShmSize

Size limit for the /dev/shm tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.

Type: "string"

Default: "50%"

Example: "256m"

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-2.nix>
boot.devSize

Size limit for the /dev tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.

Type: "string"

Default: "5%"

Example: "32m"

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-2.nix>
boot.enableContainers

Whether to enable support for nixos containers.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
boot.extraModprobeConfig

Any additional configuration to be appended to the generated modprobe.conf. This is typically used to specify module options. See modprobe.conf(5) for details.

Type: "string"

Default: ""

Example:

''
options parport_pc io=0x378 irq=7 dma=1
''

Declared by:

<nixpkgs/nixos/modules/system/boot/modprobe.nix>
boot.extraModulePackages

A list of additional packages supplying kernel modules.

Type: "list of paths"

Default: [ ]

Example:

[ pkgs.linuxPackages.nvidia_x11 ]

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.extraTTYs

Tty (virtual console) devices, in addition to the consoles on which mingetty and syslogd run, that must be initialised. Only useful if you have some program that you want to run on some fixed console. For example, the NixOS installation CD opens the manual in a web browser on console 7, so it sets boot.extraTTYs to ["tty7"].

Type: "list of strings"

Default: [ ]

Example: [ "tty8" "tty9" ]

Declared by:

<nixpkgs/nixos/modules/tasks/kbd.nix>
boot.hardwareScan

Whether to try to load kernel modules for all detected hardware. Usually this does a good job of providing you with the modules you need, but sometimes it can crash the system or cause other nasty effects.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/udev.nix>
boot.initrd.availableKernelModules

The set of kernel modules in the initial ramdisk used during the boot process. This set must include all modules necessary for mounting the root device. That is, it should include modules for the physical device (e.g., SCSI drivers) and for the file system (e.g., ext3). The set specified here is automatically closed under the module dependency relation, i.e., all dependencies of the modules list here are included automatically. The modules listed here are available in the initrd, but are only loaded on demand (e.g., the ext3 module is loaded automatically when an ext3 filesystem is mounted, and modules for PCI devices are loaded when they match the PCI ID of a device in your system). To force a module to be loaded, include it in boot.initrd.kernelModules.

Type: "list of strings"

Default: [ ]

Example: [ "sata_nv" "ext3" ]

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.initrd.checkJournalingFS

Whether to run fsck on journaling filesystems such as ext3.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.kernelModules

List of modules that are always loaded by the initrd.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.initrd.luks.cryptoModules

A list of cryptographic kernel modules needed to decrypt the root device(s). The default includes all common modules.

Type: "list of strings"

Default: [ "aes" "aes_generic" "blowfish" "twofish" "serpent" "cbc" "xts" "lrw" "sha1" "sha256" "sha512" "aes_x86_64" ]

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices

The list of devices that should be decrypted using LUKS before trying to mount the root partition. This works for both LVM-over-LUKS and LUKS-over-LVM setups. The devices are decrypted to the device mapper names defined. Make sure that initrd has the crypto modules needed for decryption.

Type: "list of submodules"

Default: [ ]

Example: [ { device = "/dev/sda3"; name = "luksroot"; preLVM = true; } ]

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.*.allowDiscards

Whether to allow TRIM requests to the underlying device. This option has security implications, please read the LUKS documentation before activating in.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.*.device

Path of the underlying block device.

Type: "string"

Example: "/dev/sda2"

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.*.keyFile

The name of the file (can be a raw device or a partition) that should be used as the decryption key for the encrypted device. If not specified, you will be prompted for a passphrase instead.

Type: "null or string"

Default: null

Example: "/dev/sdb1"

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.*.keyFileSize

The size of the key file. Use this if only the beginning of the key file should be used as a key (often the case if a raw device or partition is used as key file). If not specified, the whole keyFile will be used decryption, instead of just the first keyFileSize bytes.

Type: "null or integer"

Default: null

Example: 4096

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.*.name

Named to be used for the generated device in /dev/mapper.

Type: "string"

Example: "luksroot"

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.*.preLVM

Whether the luksOpen will be attempted before LVM scan or after it.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.*.yubikey

The options to use for this LUKS device in Yubikey-PBA. If null (the default), Yubikey-PBA will be disabled for this device.

Type: "null or submodule"

Default: null

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.*.yubikey.gracePeriod

Time in seconds to wait before attempting to find the Yubikey

Type: "integer"

Default: 2

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.*.yubikey.iterationStep

How much the iteration count for PBKDF2 is increased at each successful authentication

Type: "integer"

Default: 0

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.*.yubikey.keyLength

Length of the LUKS slot key derived with PBKDF2 in byte

Type: "integer"

Default: 64

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.*.yubikey.ramfsMountPoint

Path where the ramfs used to update the LUKS key will be mounted in stage-1

Type: "string"

Default: "/crypt-ramfs"

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.*.yubikey.saltLength

Length of the new salt in byte (64 is the effective maximum)

Type: "integer"

Default: 16

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.*.yubikey.slot

Which slot on the Yubikey to challenge

Type: "integer"

Default: 2

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.*.yubikey.storage.device

An unencrypted device that will temporarily be mounted in stage-1. Must contain the current salt to create the challenge for this LUKS device.

Type: "path"

Default: "/dev/sda1"

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.*.yubikey.storage.fsType

The filesystem of the unencrypted device

Type: "string"

Default: "vfat"

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.*.yubikey.storage.mountPoint

Path where the unencrypted device will be mounted in stage-1

Type: "string"

Default: "/crypt-storage"

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.*.yubikey.storage.path

Absolute path of the salt on the unencrypted device with that device's root directory as "/".

Type: "string"

Default: "/crypt-storage/default"

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.*.yubikey.twoFactor

Whether to use a passphrase and a Yubikey (true), or only a Yubikey (false)

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.mitigateDMAAttacks

Unless enabled, encryption keys can be easily recovered by an attacker with physical access to any machine with PCMCIA, ExpressCard, ThunderBolt or FireWire port. More information is available at http://en.wikipedia.org/wiki/DMA_attack. This option blacklists FireWire drivers, but doesn't remove them. You can manually load the drivers if you need to use a FireWire device, but don't forget to unload them!

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.yubikeySupport

Enables support for authenticating with a Yubikey on LUKS devices. See the NixOS wiki for information on how to properly setup a LUKS device and a Yubikey to work with this feature.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.mdadmConf

Contents of /etc/mdadm.conf in stage 1.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.postDeviceCommands

Shell commands to be executed immediately after stage 1 of the boot has loaded kernel modules and created device nodes in /dev.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.postMountCommands

Shell commands to be executed immediately after the stage 1 filesystems have been mounted.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.preLVMCommands

Shell commands to be executed immediately before LVM discovery.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.prepend

Other initrd files to prepend to the final initrd we are building.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.supportedFilesystems

Names of supported filesystem types in the initial ramdisk.

Type: "list of strings"

Default: [ ]

Example: [ "btrfs" ]

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.isContainer

Whether this NixOS machine is a lightweight container running in another NixOS system.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
boot.kernel.sysctl

Runtime parameters of the Linux kernel, as set by sysctl(8). Note that sysctl parameters names must be enclosed in quotes (e.g. "vm.swappiness" instead of vm.swappiness). The value of each parameter may be a string, integer, boolean, or null (signifying the option will not appear at all).

Type: "attribute set of sysctl option values"

Default: { }

Example: { net.ipv4.tcp_syncookies = false; vm.swappiness = 60; }

Declared by:

<nixpkgs/nixos/modules/config/sysctl.nix>
boot.kernelModules

The set of kernel modules to be loaded in the second stage of the boot process. Note that modules that are needed to mount the root file system should be added to boot.initrd.availableKernelModules or boot.initrd.kernelModules.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.kernelPackages

This option allows you to override the Linux kernel used by NixOS. Since things like external kernel module packages are tied to the kernel you're using, it also overrides those. This option is a function that takes Nixpkgs as an argument (as a convenience), and returns an attribute set containing at the very least an attribute kernel. Additional attributes may be needed depending on your configuration. For instance, if you use the NVIDIA X driver, then it also needs to contain an attribute nvidia_x11.

Type: "unspecified"

Default: "pkgs.linuxPackages"

Example:

pkgs.linuxPackages_2_6_25

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.kernelParams

Parameters added to the kernel command line.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.loader.efi.canTouchEfiVariables

Whether or not the installation process should modify efi boot variables.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/efi.nix>
boot.loader.efi.efiSysMountPoint

Where the EFI System Partition is mounted.

Type: "string"

Default: "/boot"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/efi.nix>
boot.loader.generationsDir.copyKernels

Whether copy the necessary boot files into /boot, so /nix/store is not needed by the boot loader.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix>
boot.loader.generationsDir.enable

Whether to create symlinks to the system generations under /boot. When enabled, /boot/default/kernel, /boot/default/initrd, etc., are updated to point to the current generation's kernel image, initial RAM disk, and other bootstrap files. This optional is not necessary with boot loaders such as GNU GRUB for which the menu is updated to point to the latest bootstrap files. However, it is needed for U-Boot on platforms where the boot command line is stored in flash memory rather than in a menu file.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix>
boot.loader.grub.configurationLimit

Maximum of configurations in boot menu. GRUB has problems when there are too many entries.

Type: "integer"

Default: 100

Example: 120

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.configurationName

GRUB entry name instead of default.

Type: "string"

Default: ""

Example: "Stable 2.6.21"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.copyKernels

Whether the GRUB menu builder should copy kernels and initial ramdisks to /boot. This is done automatically if /boot is on a different partition than /.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.default

Index of the default menu item to be booted.

Type: "integer"

Default: 0

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.device

The device on which the GRUB boot loader will be installed. The special value nodev means that a GRUB boot menu will be generated, but GRUB itself will not actually be installed. To install GRUB on multiple devices, use boot.loader.grub.devices.

Type: "string"

Default: ""

Example: "/dev/hda"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.devices

The devices on which the boot loader, GRUB, will be installed. Can be used instead of device to install grub into multiple devices (e.g., if as softraid arrays holding /boot).

Type: "list of strings"

Default: [ ]

Example: [ "/dev/hda" ]

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.efiSupport

Whether grub should be build with EFI support. EFI support is only available for GRUB v2. This option is ignored for GRUB v1.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.enable

Whether to enable the GNU GRUB boot loader.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.enableCryptodisk

Enable support for encrypted partitions. Grub should automatically unlock the correct encrypted partition and look for filesystems.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraConfig

Additional GRUB commands inserted in the configuration file just before the menu entries.

Type: "string"

Default: ""

Example: "serial; terminal_output.serial"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraEntries

Any additional entries you want added to the GRUB boot menu.

Type: "string"

Default: ""

Example:

''
# GRUB 1 example (not GRUB 2 compatible)
title Windows
  chainloader (hd0,1)+1

# GRUB 2 example
menuentry "Windows 7" {
  chainloader (hd0,4)+1
}
''

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraEntriesBeforeNixOS

Whether extraEntries are included before the default option.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraFiles

A set of files to be copied to /boot. Each attribute name denotes the destination file name in /boot, while the corresponding attribute value specifies the source file.

Type: "unspecified"

Default: { }

Example:

{ "memtest.bin" = "${pkgs.memtest86plus}/memtest.bin"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraPerEntryConfig

Additional GRUB commands inserted in the configuration file at the start of each NixOS menu entry.

Type: "string"

Default: ""

Example: "root (hd0)"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraPrepareConfig

Additional bash commands to be run at the script that prepares the grub menu entries.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.fsIdentifier

Determines how grub will identify devices when generating the configuration file. A value of uuid / label signifies that grub will always resolve the uuid or label of the device before using it in the configuration. A value of provided means that grub will use the device name as show in df or mount. Note, zfs zpools / datasets are ignored and will always be mounted using their labels.

Type: "string"

Default: "uuid"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.ipxe

Set of iPXE scripts available for booting from the GRUB boot menu.

Type: "attribute set of path or strings"

Default: { }

Example:

{ demo = ''
    #!ipxe
    dhcp
    chain http://boot.ipxe.org/demo/boot.php
  '';
};

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/ipxe.nix>
boot.loader.grub.memtest86.enable

Make Memtest86+, a memory testing program, available from the GRUB boot menu.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/memtest.nix>
boot.loader.grub.memtest86.params

Parameters added to the Memtest86+ command line. As of memtest86+ 5.01 the following list of (apparently undocumented) parameters are accepted:

  • console=..., set up a serial console. Examples: console=ttyS0, console=ttyS0,9600 or console=ttyS0,115200n8.

  • btrace, enable boot trace.

  • maxcpus=N, limit number of CPUs.

  • onepass, run one pass and exit if there are no errors.

  • tstlist=..., list of tests to run. Example: 0,1,2.

  • cpumask=..., set a CPU mask, to select CPUs to use for testing.

This list of command line options was obtained by reading the Memtest86+ source code.

Type: "list of strings"

Default: [ ]

Example: [ "console=ttyS0,115200" ]

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/memtest.nix>
boot.loader.grub.splashImage

Background image used for GRUB. It must be a 640x480, 14-colour image in XPM format, optionally compressed with gzip or bzip2. Set to null to run GRUB in text mode.

Type: "null or path"

Example:

./my-background.png

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.timeout

Timeout (in seconds) until GRUB boots the default menu item.

Type: "integer"

Default: 5

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.version

The version of GRUB to use: 1 for GRUB Legacy (versions 0.9x), or 2 (the default) for GRUB 2.

Type: "integer"

Default: 2

Example: 1

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.zfsSupport

Whether grub should be build against libzfs. ZFS support is only available for GRUB v2. This option is ignored for GRUB v1.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.gummiboot.enable

Whether to enable the gummiboot UEFI boot manager

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/gummiboot/gummiboot.nix>
boot.loader.gummiboot.timeout

Timeout (in seconds) for how long to show the menu (null if none). Note that even with no timeout the menu can be forced if the space key is pressed during bootup

Type: "null or integer"

Default: 5

Example: 4

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/gummiboot/gummiboot.nix>
boot.loader.initScript.enable

Some systems require a /sbin/init script which is started. Or having it makes starting NixOS easier. This applies to some kind of hosting services and user mode linux. Additionally this script will create /boot/init-other-configurations-contents.txt containing contents of remaining configurations. You can copy paste them into /sbin/init manually running a rescue system or such.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/init-script/init-script.nix>
boot.loader.raspberryPi.enable

Whether to create files with the system generations in /boot. /boot/old will hold files from old generations.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>
boot.loader.timeout

Timeout (in seconds) until loader boots the default menu item. Use null if the loader menu should be displayed indefinitely.

Type: "null or integer"

Default: 5

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/loader.nix>
boot.postBootCommands

Shell commands to be executed just before systemd is started.

Type: "string"

Default: ""

Example: "rm -f /var/log/messages"

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-2.nix>
boot.resumeDevice

Device for manual resume attempt during boot. This should be used primarily if you want to resume from file. If left empty, the swap partitions are used. Specify here the device where the file resides. You should also use boot.kernelParams to specify resume_offset.

Type: "string"

Default: ""

Example: "/dev/sda3"

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.runSize

Size limit for the /run tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.

Type: "string"

Default: "25%"

Example: "256m"

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-2.nix>
boot.supportedFilesystems

Names of supported filesystem types.

Type: "list of strings"

Default: [ ]

Example: [ "btrfs" ]

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.tmpOnTmpfs

Whether to mount a tmpfs on /tmp during boot.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/tmp.nix>
boot.vesa

Whether to activate VESA video mode on boot.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.zfs.extraPools

Name or GUID of extra ZFS pools that you wish to import during boot. Usually this is not necessary. Instead, you should set the mountpoint property of ZFS filesystems to legacy and add the ZFS filesystems to NixOS's fileSystems option, which makes NixOS automatically import the associated pool. However, in some cases (e.g. if you have many filesystems) it may be preferable to exclusively use ZFS commands to manage filesystems. If so, since NixOS/systemd will not be managing those filesystems, you will need to specify the ZFS pool here so that NixOS automatically imports it on every boot.

Type: "list of strings"

Default: [ ]

Example: [ "tank" "data" ]

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
boot.zfs.forceImportAll

Forcibly import all ZFS pool(s). This is enabled by default for backwards compatibility purposes, but it is highly recommended to disable this option, as it bypasses some of the safeguards ZFS uses to protect your ZFS pools. If you set this option to false and NixOS subsequently fails to import your non-root ZFS pool(s), you should manually import each pool with "zpool import -f <pool-name>", and then reboot. You should only need to do this once.

Type: "boolean"

Default: true

Example: false

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
boot.zfs.forceImportRoot

Forcibly import the ZFS root pool(s) during early boot. This is enabled by default for backwards compatibility purposes, but it is highly recommended to disable this option, as it bypasses some of the safeguards ZFS uses to protect your ZFS pools. If you set this option to false and NixOS subsequently fails to boot because it cannot import the root pool, you should boot with the zfs_force=1 option as a kernel parameter (e.g. by manually editing the kernel params in grub during boot). You should only need to do this once.

Type: "boolean"

Default: true

Example: false

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
boot.zfs.useGit

Use the git version of the SPL and ZFS packages. Note that these are unreleased versions, with less testing, and therefore may be more unstable.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
containers

A set of NixOS system configurations to be run as lightweight containers. Each container appears as a service container-name on the host system, allowing it to be started and stopped via systemctl .

Type: "attribute set of submodules"

Default: { }

Example:

{ webserver =
    { path = "/nix/var/nix/profiles/webserver";
    };
  database =
    { config =
        { config, pkgs, ... }:
        { services.postgresql.enable = true;
          services.postgresql.package = pkgs.postgresql92;
        };
    };
}

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.autoStart

Wether the container is automatically started at boot-time.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.config

A specification of the desired configuration of this container, as a NixOS module.

Type: "unspecified"

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.hostAddress

The IPv4 address assigned to the host interface.

Type: "null or string"

Default: null

Example: "10.231.136.1"

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.localAddress

The IPv4 address assigned to eth0 in the container.

Type: "null or string"

Default: null

Example: "10.231.136.2"

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.path

As an alternative to specifying config, you can specify the path to the evaluated NixOS system configuration, typically a symlink to a system profile.

Type: "path"

Example: "/nix/var/nix/profiles/containers/webserver"

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.privateNetwork

Whether to give the container its own private virtual Ethernet interface. The interface is called eth0, and is hooked up to the interface ve-container-name on the host. If this option is not set, then the container shares the network interfaces of the host, and can bind to any port on any interface.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
environment.binsh

The shell executable that is linked system-wide to /bin/sh. Please note that NixOS assumes all over the place that shell to be Bash, so override the default setting only if you know exactly what you're doing.

Type: "path"

Default: "/nix/store/hhp7yd9hsxb2x0a01lk4girjlr5s7pyj-bash-4.3-p33/bin/sh"

Example:

"${pkgs.dash}/bin/dash"

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.blcr.enable

Whether to enable support for the BLCR checkpointing tool.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/programs/blcr.nix>
environment.checkConfigurationOptions

Alias of _module.check.

Type: "unspecified"

Declared by:

<nixpkgs/nixos/modules/rename.nix>
environment.etc

Set of files that have to be linked in /etc.

Type: "list or attribute set of submodules"

Default: { }

Example:

{ hosts =
    { source = "/nix/store/.../etc/dir/file.conf.example";
      mode = "0440";
    };
  "default/useradd".text = "GROUP=100 ...";
}

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name?>.enable

Whether this /etc file should be generated. This option allows specific /etc files to be disabled.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name?>.gid

GID of created file. Only takes affect when the file is copied (that is, the mode is not 'symlink').

Type: "integer"

Default: 0

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name?>.mode

If set to something else than symlink, the file is copied instead of symlinked, with the given file mode.

Type: "string"

Default: "symlink"

Example: "0600"

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name?>.source

Path of the source file.

Type: "path"

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name?>.target

Name of symlink (relative to /etc). Defaults to the attribute name.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name?>.text

Text of the file.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name?>.uid

UID of created file. Only takes affect when the file is copied (that is, the mode is not 'symlink').

Type: "integer"

Default: 0

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.extraInit

Shell script code called during global environment initialisation after all variables and profileVariables have been set. This code is asumed to be shell-independent, which means you should stick to pure sh without sh word split.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.freetds

Configure freetds database entries. Each attribute denotes a section within freetds.conf, and the value (a string) is the config content for that section. When at least one entry is configured the global environment variables FREETDSCONF, FREETDS and SYBASE will be configured to allow the programs that use freetds to find the library and config.

Type: "attribute set of strings"

Default: { }

Example: { MYDATABASE = "host = 10.0.2.100\nport = 1433\ntds version = 7.2\n"; }

Declared by:

<nixpkgs/nixos/modules/programs/freetds.nix>
environment.gnome3.excludePackages

Which packages gnome should exclude from the default environment

Type: "list of derivations"

Default: [ ]

Example:

[ pkgs.gnome3.totem ]

Declared by:

<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix>
environment.gnome3.packageSet

Which GNOME 3 package set to use.

Type: "unspecified"

Default: null

Example:

pkgs.gnome3_12

Declared by:

<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix>
environment.interactiveShellInit

Shell script code called during interactive shell initialisation. This code is asumed to be shell-independent, which means you should stick to pure sh without sh word split.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.loginShellInit

Shell script code called during login shell initialisation. This code is asumed to be shell-independent, which means you should stick to pure sh without sh word split.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.noXlibs

Switch off the options in the default configuration that require X11 libraries. This includes client-side font configuration and SSH forwarding of X11 authentication in. Thus, you probably do not want to enable this option if you want to run X11 programs on this machine via SSH.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/config/no-x-libs.nix>
environment.pathsToLink

List of directories to be symlinked in `/run/current-system/sw'.

Type: "list of strings"

Default: [ ]

Example: [ "/" ]

Declared by:

<nixpkgs/nixos/modules/config/system-path.nix>
environment.profileRelativeEnvVars

Attribute set of environment variable. Each attribute maps to a list of relative paths. Each relative path is appended to the each profile of environment.profiles to form the content of the corresponding environment variable.

Type: "attribute set of list of stringss"

Example: { MANPATH = [ "/man" "/share/man" ] ; PATH = [ "/bin" "/sbin" ] ; }

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.profiles

A list of profiles used to setup the global environment.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.sessionVariables

A set of environment variables used in the global environment. These variables will be set by PAM. The value of each variable can be either a string or a list of strings. The latter is concatenated, interspersed with colon characters.

Type: "attribute set of a string or a list of stringss"

Default: { }

Declared by:

<nixpkgs/nixos/modules/config/system-environment.nix>
environment.shellAliases

An attribute set that maps aliases (the top level attribute names in this option) to command strings or directly to build outputs. The aliases are added to all users' shells.

Type: "attribute set"

Default: { }

Example: { ll = "ls -l"; }

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.shellInit

Shell script code called during shell initialisation. This code is asumed to be shell-independent, which means you should stick to pure sh without sh word split.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.shells

A list of permissible login shells for user accounts. No need to mention /bin/sh here, it is placed into this list implicitly.

Type: "list of paths"

Default: [ ]

Example: [ "/run/current-system/sw/bin/zsh" ]

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.systemPackages

The set of packages that appear in /run/current-system/sw. These packages are automatically available to all users, and are automatically updated every time you rebuild the system configuration. (The latter is the main difference with installing them in the default profile, /nix/var/nix/profiles/default.

Type: "list of paths"

Default: [ ]

Example:

[ pkgs.firefox pkgs.thunderbird ]

Declared by:

<nixpkgs/nixos/modules/config/system-path.nix>
environment.unixODBCDrivers

Specifies Unix ODBC drivers to be registered in /etc/odbcinst.ini. You may also want to add pkgs.unixODBC to the system path to get a command line client to connnect to ODBC databases.

Type: "unspecified"

Default: [ ]

Example:

map (x : x.ini) (with pkgs.unixODBCDrivers; [ mysql psql psqlng ] )

Declared by:

<nixpkgs/nixos/modules/config/unix-odbc-drivers.nix>
environment.variables

A set of environment variables used in the global environment. These variables will be set on shell initialisation. The value of each variable can be either a string or a list of strings. The latter is concatenated, interspersed with colon characters.

Type: "attribute set of a string or a list of stringss"

Default: { }

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.wvdial.dialerDefaults

Contents of the "Dialer Defaults" section of /etc/wvdial.conf.

Type: "string"

Default: ""

Example: ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"''

Declared by:

<nixpkgs/nixos/modules/programs/wvdial.nix>
environment.wvdial.pppDefaults

Default ppp settings for wvdial.

Type: "string"

Default:

''
noipdefault
usepeerdns
defaultroute
persist
noauth
''

Declared by:

<nixpkgs/nixos/modules/programs/wvdial.nix>
fileSystems

The file systems to be mounted. It must include an entry for the root directory (mountPoint = "/"). Each entry in the list is an attribute set with the following fields: mountPoint, device, fsType (a file system type recognised by mount; defaults to "auto"), and options (the mount options passed to mount using the -o flag; defaults to "defaults"). Instead of specifying device, you can also specify a volume label (label) for file systems that support it, such as ext2/ext3 (see mke2fs -L).

Type: "list or attribute set of submodules"

Default: { }

Example: { / = { device = "/dev/hda1"; } ; /bigdisk = { label = "bigdisk"; } ; /data = { device = "/dev/hda2"; fsType = "ext3"; options = "data=journal"; } ; }

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
fileSystems.<name?>.autoFormat

If the device does not currently contain a filesystem (as determined by blkid, then automatically format it with the filesystem type specified in fsType. Use with caution.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name?>.device

Location of the device.

Type: "null or string"

Default: null

Example: "/dev/sda"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name?>.encrypted.blkDev

Location of the backing encrypted device.

Type: "null or string"

Default: null

Example: "/dev/sda1"

Declared by:

<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
fileSystems.<name?>.encrypted.enable

The block device is backed by an encrypted one, adds this device as a initrd luks entry.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
fileSystems.<name?>.encrypted.keyFile

File system location of keyfile.

Type: "null or string"

Default: null

Example: "/root/.swapkey"

Declared by:

<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
fileSystems.<name?>.encrypted.label

Label of the backing encrypted device.

Type: "null or string"

Default: null

Example: "rootfs"

Declared by:

<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
fileSystems.<name?>.fsType

Type of the file system.

Type: "string"

Default: "auto"

Example: "ext3"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name?>.label

Label of the device (if any).

Type: "null or string"

Default: null

Example: "root-partition"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name?>.mountPoint

Location of the mounted the file system.

Type: "string"

Example: "/mnt/usb"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name?>.neededForBoot

If set, this file system will be mounted in the initial ramdisk. By default, this applies to the root file system and to the file system containing /nix/store.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
fileSystems.<name?>.noCheck

Disable running fsck on this filesystem.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name?>.options

Options used to mount the file system.

Type: "string"

Default: "defaults,relatime"

Example: "data=journal"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fonts.enableCoreFonts

Whether to include Microsoft's proprietary Core Fonts. These fonts are redistributable, but only verbatim, among other restrictions. See http://corefonts.sourceforge.net/eula.htm for details.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/config/fonts/corefonts.nix>
fonts.enableFontDir

Whether to create a directory with links to all fonts in /run/current-system/sw/share/X11-fonts.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontdir.nix>
fonts.enableGhostscriptFonts

Whether to add the fonts provided by Ghostscript (such as various URW fonts and the “Base-14” Postscript fonts) to the list of system fonts, making them available to X11 applications.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/config/fonts/ghostscript.nix>
fonts.fontconfig.antialias

Enable font antialiasing.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.defaultFonts.monospace

System-wide default monospace font(s). Multiple fonts may be listed in case multiple languages must be supported.

Type: "list of strings"

Default: [ "DejaVu Sans Mono" ]

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.defaultFonts.sansSerif

System-wide default sans serif font(s). Multiple fonts may be listed in case multiple languages must be supported.

Type: "list of strings"

Default: [ "DejaVu Sans" ]

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.defaultFonts.serif

System-wide default serif font(s). Multiple fonts may be listed in case multiple languages must be supported.

Type: "list of strings"

Default: [ "DejaVu Serif" ]

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.dpi

Force DPI setting. Setting to 0 disables DPI forcing; the DPI detected for the display will be used.

Type: "integer"

Default: 0

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.enable

If enabled, a Fontconfig configuration file will be built pointing to a set of default fonts. If you don't care about running X11 applications or any other program that uses Fontconfig, you can turn this option off and prevent a dependency on all those fonts.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.hinting.autohint

Enable the autohinter, which provides hinting for otherwise un-hinted fonts. The results are usually lower quality than correctly-hinted fonts.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.hinting.enable

Enable TrueType hinting.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.hinting.style

TrueType hinting style, one of none, slight, medium, or full.

Type: "string"

Default: "full"

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.includeUserConf

Include the user configuration from ~/.config/fontconfig/fonts.conf or ~/.config/fontconfig/conf.d.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.subpixel.lcdfilter

FreeType LCD filter, one of none, default, light, or legacy.

Type: "string"

Default: "default"

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.subpixel.rgba

Subpixel order, one of none, rgb, bgr, vrgb, or vbgr.

Type: "string"

Default: "rgb"

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.ultimate.allowBitmaps

Allow bitmap fonts. Set to false to ban all bitmap fonts.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig-ultimate.nix>
fonts.fontconfig.ultimate.allowType1

Allow Type-1 fonts. Default is false because of poor rendering.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig-ultimate.nix>
fonts.fontconfig.ultimate.enable

Enable fontconfig-ultimate settings (formerly known as Infinality). Besides the customizable settings in this NixOS module, fontconfig-ultimate also provides many font-specific rendering tweaks.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig-ultimate.nix>
fonts.fontconfig.ultimate.forceAutohint

Force use of the TrueType Autohinter. Useful for debugging or free-software purists.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig-ultimate.nix>
fonts.fontconfig.ultimate.renderMonoTTFAsBitmap

Render some monospace TTF fonts as bitmaps.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig-ultimate.nix>
fonts.fontconfig.ultimate.rendering

FreeType rendering settings presets. The default is pkgs.fontconfig-ultimate.rendering.ultimate. The other available styles are: ultimate-lighter, ultimate-darker, ultimate-lightest, ultimate-darkest, default (the original Infinality default), osx, ipad, ubuntu, linux, winxplight, win7light, winxp, win7, vanilla, classic, nudge, push, shove, sharpened, infinality. Any of the presets may be customized by editing the attributes. To disable, set this option to the empty attribute set {}.

Type: "attribute set"

Default: { INFINALITY_FT_CHROMEOS_STYLE_SHARPENING_STRENGTH = "20"; INFINALITY_FT_FILTER_PARAMS = "08 24 36 24 08"; INFINALITY_FT_FRINGE_FILTER_STRENGTH = "50"; INFINALITY_FT_USE_VARIOUS_TWEAKS = "true"; }

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig-ultimate.nix>
fonts.fontconfig.ultimate.substitutions

Font substitutions to replace common Type 1 fonts with nicer TrueType fonts. free uses free fonts, ms uses Microsoft fonts, combi uses a combination, and none disables the substitutions.

Type: "string"

Default: "free"

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig-ultimate.nix>
fonts.fontconfig.ultimate.useEmbeddedBitmaps

Use embedded bitmaps in fonts like Calibri.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig-ultimate.nix>
fonts.fonts

List of primary font paths.

Type: "list of paths"

Example:

[ pkgs.dejavu_fonts ]

Declared by:

<nixpkgs/nixos/modules/config/fonts/fonts.nix>
gnu

When enabled, GNU software is chosen by default whenever a there is a choice between GNU and non-GNU software (e.g., GNU lsh vs. OpenSSH).

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/config/gnu.nix>
gtkPlugins

Plugin packages for GTK+ such as input methods.

Type: "list of paths"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/config/gtk-exe-env.nix>
hardware.amdHybridGraphics.disable

Completely disable the AMD graphics card and use the integrated graphics processor instead.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/amd-hybrid-graphics.nix>
hardware.bluetooth.enable

Whether to enable support for Bluetooth.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
hardware.bumblebee.connectDisplay

Set to true if you intend to connect your discrete card to a monitor. This option will set up your Nvidia card for EDID discovery and to turn on the monitor signal. Only nvidia driver is supported so far.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
hardware.bumblebee.enable

Enable the bumblebee daemon to manage Optimus hybrid video cards. This should power off secondary GPU until its use is requested by running an application with optirun. Only nvidia driver is supported so far.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
hardware.bumblebee.group

Group for bumblebee socket

Type: "string"

Default: "wheel"

Example: "video"

Declared by:

<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
hardware.cpu.amd.updateMicrocode

Update the CPU microcode for AMD processors.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/amd-microcode.nix>
hardware.cpu.intel.updateMicrocode

Update the CPU microcode for Intel processors.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/intel-microcode.nix>
hardware.enableAllFirmware

Turn on this option if you want to enable all the firmware shipped in linux-firmware.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/all-firmware.nix>
hardware.enableKSM

Whether to enable Kernel Same-Page Merging.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/ksm.nix>
hardware.firmware

List of directories containing firmware files. Such files will be loaded automatically if the kernel asks for them (i.e., when it has detected specific hardware that requires firmware to function). If more than one path contains a firmware file with the same name, the first path in the list takes precedence. Note that you must rebuild your system if you add files to any of these directories. For quick testing, put firmware files in /root/test-firmware and add that directory to the list. Note that you can also add firmware packages to this list as these are directories in the nix store.

Type: "list of paths"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/hardware/udev.nix>
hardware.nvidiaOptimus.disable

Completely disable the NVIDIA graphics card and use the integrated graphics processor instead.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/nvidia-optimus.nix>
hardware.opengl.driSupport

Whether to enable accelerated OpenGL rendering through the Direct Rendering Interface (DRI).

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/hardware/opengl.nix>
hardware.opengl.driSupport32Bit

On 64-bit systems, whether to support Direct Rendering for 32-bit applications (such as Wine). This is currently only supported for the nvidia and ati_unfree drivers, as well as Mesa.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/opengl.nix>
hardware.opengl.s3tcSupport

Make S3TC(S3 Texture Compression) via libtxc_dxtn available to OpenGL drivers instead of the patent-free S2TC replacement. Using this library may require a patent license depending on your location.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/opengl.nix>
hardware.parallels.enable

This enables Parallel Tools for Linux guests, along with provided video, mouse and other hardware drivers.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/virtualisation/parallels-guest.nix>
hardware.pcmcia.config

Path to the configuration file which maps the memory, IRQs and ports used by the PCMCIA hardware.

Type: "unspecified"

Default: null

Declared by:

<nixpkgs/nixos/modules/hardware/pcmcia.nix>
hardware.pcmcia.enable

Enable this option to support PCMCIA card.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/pcmcia.nix>
hardware.pcmcia.firmware

List of firmware used to handle specific PCMCIA card.

Type: "list of paths"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/hardware/pcmcia.nix>
hardware.pulseaudio.configFile

The path to the configuration the PulseAudio server should use. By default, the "default.pa" configuration from the PulseAudio distribution is used.

Type: "path"

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.daemon.logLevel

The log level that the system-wide pulseaudio daemon should use, if activated.

Type: "string"

Default: "notice"

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.enable

Whether to enable the PulseAudio sound server.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.systemWide

If false, a PulseAudio server is launched automatically for each user that tries to use the sound system. The server runs with user privileges. This is the recommended and most secure way to use PulseAudio. If true, one system-wide PulseAudio server is launched on boot, running as the user "pulse". Please read the PulseAudio documentation for more details.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.sane.configDir

The value of SANE_CONFIG_DIR.

Type: "string"

Default: "/nix/store/b8zzz0shp9m561c0zbbfky6angymqzj6-sane-config/etc/sane.d"

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane.nix>
hardware.sane.enable

Enable support for SANE scanners.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane.nix>
hardware.sane.extraBackends

Packages providing extra SANE backends to enable.

Type: "list of paths"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane.nix>
hardware.sane.snapshot

Use a development snapshot of SANE scanner drivers.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane.nix>
hardware.trackpoint.emulateWheel

Enable scrolling while holding the middle mouse button.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/trackpoint.nix>
hardware.trackpoint.enable

Enable sensitivity and speed configuration for trackpoints.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/trackpoint.nix>
hardware.trackpoint.sensitivity

Configure the trackpoint sensitivity. By default, the kernel configures 128.

Type: "integer"

Default: 128

Example: 255

Declared by:

<nixpkgs/nixos/modules/tasks/trackpoint.nix>
hardware.trackpoint.speed

Configure the trackpoint sensitivity. By default, the kernel configures 97.

Type: "integer"

Default: 97

Example: 255

Declared by:

<nixpkgs/nixos/modules/tasks/trackpoint.nix>
i18n.consoleFont

The font used for the virtual consoles. Leave empty to use whatever the setfont program considers the default font.

Type: "string"

Default: "lat9w-16"

Example: "LatArCyrHeb-16"

Declared by:

<nixpkgs/nixos/modules/config/i18n.nix>
i18n.consoleKeyMap

The keyboard mapping table for the virtual consoles.

Type: "string or path"

Default: "us"

Example: "fr"

Declared by:

<nixpkgs/nixos/modules/config/i18n.nix>
i18n.defaultLocale

The default locale. It determines the language for program messages, the format for dates and times, sort order, and so on. It also determines the character set, such as UTF-8.

Type: "string"

Default: "en_US.UTF-8"

Example: "nl_NL.UTF-8"

Declared by:

<nixpkgs/nixos/modules/config/i18n.nix>
i18n.supportedLocales

List of locales that the system should support. The value "all" means that all locales supported by Glibc will be installed. A full list of supported locales can be found at http://sourceware.org/cgi-bin/cvsweb.cgi/libc/localedata/SUPPORTED?cvsroot=glibc.

Type: "list of strings"

Default: [ "all" ]

Example: [ "en_US.UTF-8/UTF-8" "nl_NL.UTF-8/UTF-8" "nl_NL/ISO-8859-1" ]

Declared by:

<nixpkgs/nixos/modules/config/i18n.nix>
jobs

This option is a legacy method to define system services, dating from the era where NixOS used Upstart instead of systemd. You should use systemd.services instead. Services defined using jobs are mapped automatically to systemd.services, but may not work perfectly; in particular, most startOn conditions are not supported.

Type: "list or attribute set of submodules"

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.after

If the specified units are started at the same time as this unit, delay this unit until they have started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.before

If the specified units are started at the same time as this unit, delay them until this unit has started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.bindsTo

Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.conflicts

If the specified units are started, then this unit is stopped and vice versa.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.daemonType

Determines how systemd detects when a daemon should be considered “running”. The value none means that the daemon is considered ready immediately. The value fork means that the daemon will fork once. The value daemon means that the daemon will fork twice. The value stop means that the daemon will raise the SIGSTOP signal to indicate readiness.

Type: "string"

Default: "none"

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.description

Description of this unit used in systemd messages and progress indicators.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.enable

If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.environment

Environment variables passed to the service's processes.

Type: "attribute set"

Default: { }

Example: { LANG = "nl_NL.UTF-8"; PATH = "/foo/bar/bin"; }

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.exec

Command to start the job's main process. If empty, the job has no main process, but can still have pre/post-start and pre/post-stop scripts, and is considered “running” until it is stopped.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.name

Name of the job, mapped to the systemd unit name.service.

Type: "string"

Example: "sshd"

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.partOf

If the specified units are stopped or restarted, then this unit is stopped or restarted as well.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.path

Packages added to the job's PATH environment variable. Both the bin and sbin subdirectories of each package are added.

Type: "unspecified"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.postStart

Shell commands executed after the job is started (i.e. after the job's main process is started), but before the job is considered “running”.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.postStop

Shell commands executed after the job has stopped (i.e. after the job's main process has terminated).

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.preStart

Shell commands executed before the service's main process is started.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.preStop

Shell commands executed before the job is stopped (i.e. before systemd kills the job's main process). This can be used to cleanly shut down a daemon.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.reload

Shell commands executed when the service's main process is reloaded.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.reloadIfChanged

Whether the service should be reloaded during a NixOS configuration switch if its definition has changed. If enabled, the value of restartIfChanged is ignored.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.requiredBy

Units that require (i.e. depend on and need to go down with) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.requires

Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.requisite

Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.respawn

Whether to restart the job automatically if its process ends unexpectedly.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.restartIfChanged

Whether the service should be restarted during a NixOS configuration switch if its definition has changed.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.restartTriggers

An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.

Type: "list of unspecifieds"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.script

Shell commands executed as the service's main process.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.scriptArgs

Arguments passed to the main process script.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.serviceConfig

Each attribute in this set specifies an option in the [Service] section of the unit. See systemd.service(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { RestartSec = 5; StartLimitInterval = 10; }

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.setgid

Run the daemon as a different group.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.setuid

Run the daemon as a different user.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.startAt

Automatically start this unit at the given date/time, which must be in the format described in systemd.time(5). This is equivalent to adding a corresponding timer unit with OnCalendar set to the value given here.

Type: "string"

Default: ""

Example: "Sun 14:00:00"

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.startOn

The Upstart event that triggers this job to be started. Some are mapped to systemd dependencies; otherwise you will get a warning. If empty, the job will not start automatically.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.stopIfChanged

If set, a changed unit is restarted by calling systemctl stop in the old configuration, then systemctl start in the new one. Otherwise, it is restarted in a single step using systemctl restart in the new configuration. The latter is less correct because it runs the ExecStop commands from the new configuration.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.stopOn

Ignored; this was the Upstart event that triggers this job to be stopped.

Type: "string"

Default: "starting shutdown"

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.task

Whether this job is a task rather than a service. Tasks are executed only once, while services are restarted when they exit.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.unit

Generated definition of the systemd unit corresponding to this job.

Type: "unspecified"

Default: { after = [ ] ; before = [ ] ; description = ""; environment = { } ; partOf = [ ] ; path = [ ] ; requires = [ ] ; restartIfChanged = true; serviceConfig = { RemainAfterExit = true; Type = "oneshot"; } ; unitConfig = { } ; wantedBy = [ ] ; wants = [ ] ; }

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.unitConfig

Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { RequiresMountsFor = "/data"; }

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.wantedBy

Units that want (i.e. depend on) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
jobs.<name?>.wants

Start the specified units when this unit is started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/upstart/upstart.nix>
krb5.defaultRealm

Default realm.

Type: "unspecified"

Default: "ATENA.MIT.EDU"

Declared by:

<nixpkgs/nixos/modules/config/krb5.nix>
krb5.domainRealm

Default domain realm.

Type: "unspecified"

Default: "atena.mit.edu"

Declared by:

<nixpkgs/nixos/modules/config/krb5.nix>
krb5.enable

Whether to enable Kerberos V.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/config/krb5.nix>
krb5.kdc

Kerberos Domain Controller.

Type: "unspecified"

Default: "kerberos.mit.edu"

Declared by:

<nixpkgs/nixos/modules/config/krb5.nix>
krb5.kerberosAdminServer

Kerberos Admin Server.

Type: "unspecified"

Default: "kerberos.mit.edu"

Declared by:

<nixpkgs/nixos/modules/config/krb5.nix>
lib

This option allows modules to define helper functions, constants, etc.

Type: "attribute set of attribute sets"

Default: { }

Declared by:

<nixpkgs/nixos/modules/misc/lib.nix>
nesting.children

Additional configurations to build.

Type: "unspecified"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/activation/top-level.nix>
nesting.clone

Additional configurations to build based on the current configuration which then has a lower priority.

Type: "unspecified"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/activation/top-level.nix>
networking.WLANInterface

Obsolete. Use networking.wireless.interfaces instead.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
networking.bonds

This option allows you to define bond devices that aggregate multiple, underlying networking interfaces together. The value of this option is an attribute set. Each attribute specifies a bond, with the attribute name specifying the name of the bond's network interface

Type: "attribute set of submodules"

Default: { }

Example: { bond0 = { interfaces = [ "eth0" "wlan0" ] ; miimon = 100; mode = "active-backup"; } ; fatpipe = { interfaces = [ "enp4s0f0" "enp4s0f1" "enp5s0f0" "enp5s0f1" ] ; } ; }

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bonds.<name>.interfaces

The interfaces to bond together

Type: "list of strings"

Example: [ "enp4s0f0" "enp4s0f1" "wlan0" ]

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bonds.<name>.lacp_rate

Option specifying the rate in which we'll ask our link partner to transmit LACPDU packets in 802.3ad mode.

Type: "null or string"

Default: null

Example: "fast"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bonds.<name>.miimon

Miimon is the number of millisecond in between each round of polling by the device driver for failed links. By default polling is not enabled and the driver is trusted to properly detect and handle failure scenarios.

Type: "null or integer"

Default: null

Example: 100

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bonds.<name>.mode

The mode which the bond will be running. The default mode for the bonding driver is balance-rr, optimizing for throughput. More information about valid modes can be found at https://www.kernel.org/doc/Documentation/networking/bonding.txt

Type: "null or string"

Default: null

Example: "active-backup"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bonds.<name>.xmit_hash_policy

Selects the transmit hash policy to use for slave selection in balance-xor, 802.3ad, and tlb modes.

Type: "null or string"

Default: null

Example: "layer2+3"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bridges

This option allows you to define Ethernet bridge devices that connect physical networks together. The value of this option is an attribute set. Each attribute specifies a bridge, with the attribute name specifying the name of the bridge's network interface.

Type: "attribute set of submodules"

Default: { }

Example: { br0 = { interfaces = [ "eth0" "eth1" ] ; } ; br1 = { interfaces = [ "eth2" "wlan0" ] ; } ; }

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bridges.<name>.interfaces

The physical network interfaces connected by the bridge.

Type: "list of strings"

Example: [ "eth0" "eth1" ]

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bridges.<name>.rstp

Whether the bridge interface should enable rstp.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.connman.enable

Whether to use ConnMan for managing your network connections.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/connman.nix>
networking.defaultGateway

The default gateway. It can be left empty if it is auto-detected through DHCP.

Type: "null or string"

Default: null

Example: "131.211.84.1"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.defaultGateway6

The default ipv6 gateway. It can be left empty if it is auto-detected through DHCP.

Type: "null or string"

Default: null

Example: "2001:4d0:1e04:895::1"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.defaultGatewayWindowSize

The window size of the default gateway. It limits maximal data bursts that TCP peers are allowed to send to us.

Type: "null or integer"

Default: null

Example: 524288

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.defaultMailServer.authPass

Password used for SMTP auth. (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)

Type: "string"

Default: ""

Example: "correctHorseBatteryStaple"

Declared by:

<nixpkgs/nixos/modules/programs/ssmtp.nix>
networking.defaultMailServer.authUser

Username used for SMTP auth. Leave blank to disable.

Type: "string"

Default: ""

Example: "foo@example.org"

Declared by:

<nixpkgs/nixos/modules/programs/ssmtp.nix>
networking.defaultMailServer.directDelivery

Use the trivial Mail Transfer Agent (MTA) ssmtp package to allow programs to send e-mail. If you don't want to run a “real” MTA like sendmail or postfix on your machine, set this option to true, and set the option networking.defaultMailServer.hostName to the host name of your preferred mail server.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/programs/ssmtp.nix>
networking.defaultMailServer.domain

The domain from which mail will appear to be sent.

Type: "string"

Default: ""

Example: "example.org"

Declared by:

<nixpkgs/nixos/modules/programs/ssmtp.nix>
networking.defaultMailServer.hostName

The host name of the default mail server to use to deliver e-mail.

Type: "string"

Example: "mail.example.org"

Declared by:

<nixpkgs/nixos/modules/programs/ssmtp.nix>
networking.defaultMailServer.root

The e-mail to which mail for users with UID < 1000 is forwarded.

Type: "string"

Default: ""

Example: "root@example.org"

Declared by:

<nixpkgs/nixos/modules/programs/ssmtp.nix>
networking.defaultMailServer.useSTARTTLS

Whether the STARTTLS should be used to connect to the default mail server. (This is needed for TLS-capable mail servers running on the default SMTP port 25.)

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/programs/ssmtp.nix>
networking.defaultMailServer.useTLS

Whether TLS should be used to connect to the default mail server.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/programs/ssmtp.nix>
networking.dhcpcd.allowInterfaces

Enable the DHCP client for any interface whose name matches any of the shell glob patterns in this list. Any interface not explicitly matched by this pattern will be denied. This pattern only applies when non-null.

Type: "null or list of strings"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
networking.dhcpcd.denyInterfaces

Disable the DHCP client for any interface whose name matches any of the shell glob patterns in this list. The purpose of this option is to blacklist virtual interfaces such as those created by Xen, libvirt, LXC, etc.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
networking.dhcpcd.extraConfig

Literal string to append to the config file generated for dhcpcd.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
networking.dhcpcd.persistent

Whenever to leave interfaces configured on dhcpcd daemon shutdown. Set to true if you have your root or store mounted over the network or this machine accepts SSH connections through DHCP interfaces and clients should be notified when it shuts down.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
networking.dhcpcd.runHook

Shell code that will be run after all other hooks. See `man dhcpcd-run-hooks` for details on what is possible.

Type: "string"

Default: ""

Example: "if [[ \$reason =~ BOUND ]]; then echo \$interface: Routers are \$new_routers - were \$old_routers; fi"

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
networking.dnsSingleRequest

Recent versions of glibc will issue both ipv4 (A) and ipv6 (AAAA) address queries at the same time, from the same port. Sometimes upstream routers will systemically drop the ipv4 queries. The symptom of this problem is that 'getent hosts example.com' only returns ipv6 (or perhaps only ipv4) addresses. The workaround for this is to specify the option 'single-request' in /etc/resolv.conf. This option enables that.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.domain

The domain. It can be left empty if it is auto-detected through DHCP.

Type: "null or string"

Default: null

Example: "home"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.enableB43Firmware

Turn on this option if you want firmware for the NICs supported by the b43 module.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/network/b43.nix>
networking.enableIPv6

Whether to enable support for IPv6.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.enableIntel2100BGFirmware

Turn on this option if you want firmware for the Intel PRO/Wireless 2100BG to be loaded automatically. This is required if you want to use this device.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/network/intel-2100bg.nix>
networking.enableIntel2200BGFirmware

Turn on this option if you want firmware for the Intel PRO/Wireless 2200BG to be loaded automatically. This is required if you want to use this device.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/network/intel-2200bg.nix>
networking.enableIntel3945ABGFirmware

This option enables automatic loading of the firmware for the Intel PRO/Wireless 3945ABG.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/network/intel-3945abg.nix>
networking.enableRTL8192cFirmware

Turn on this option if you want firmware for the RTL8192c (and related) NICs.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/network/rtl8192c.nix>
networking.enableRalinkFirmware

Turn on this option if you want firmware for the RT73 NIC.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/network/ralink.nix>
networking.extraHosts

Additional entries to be appended to /etc/hosts.

Type: "string"

Default: ""

Example: "192.168.0.1 lanlocalhost"

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.firewall.allowPing

Whether to respond to incoming ICMPv4 echo requests ("pings"). ICMPv6 pings are always allowed because the larger address space of IPv6 makes network scanning much less effective.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.allowedTCPPortRanges

A range of TCP ports on which incoming connections are accepted.

Type: "list of attribute set of integerss"

Default: [ ]

Example: [ { from = 8999; to = 9003; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.allowedTCPPorts

List of TCP ports on which incoming connections are accepted.

Type: "list of integers"

Default: [ ]

Example: [ 22 80 ]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.allowedUDPPortRanges

Range of open UDP ports.

Type: "list of attribute set of integerss"

Default: [ ]

Example: [ { from = 60000; to = 61000; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.allowedUDPPorts

List of open UDP ports.

Type: "list of integers"

Default: [ ]

Example: [ 53 ]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.autoLoadConntrackHelpers

Whether to auto-load connection-tracking helpers. See the description at networking.firewall.connectionTrackingModules (needs kernel 3.5+)

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.checkReversePath

Performs a reverse path filter test on a packet. If a reply to the packet would not be sent via the same interface that the packet arrived on, it is refused. If using asymmetric routing or other complicated routing, disable this setting and setup your own counter-measures. (needs kernel 3.3+)

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.connectionTrackingModules

List of connection-tracking helpers that are auto-loaded. The complete list of possible values is given in the example. As helpers can pose as a security risk, it is advised to set this to an empty list and disable the setting networking.firewall.autoLoadConntrackHelpers Loading of helpers is recommended to be done through the new CT target. More info: https://home.regit.org/netfilter-en/secure-use-of-helpers/

Type: "list of strings"

Default: [ "ftp" ]

Example: [ "ftp" "irc" "sane" "sip" "tftp" "amanda" "h323" "netbios_sn" "pptp" "snmp" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.enable

Whether to enable the firewall. This is a simple stateful firewall that blocks connection attempts to unauthorised TCP or UDP ports on this machine. It does not affect packet forwarding.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.extraCommands

Additional shell commands executed as part of the firewall initialisation script. These are executed just before the final "reject" firewall rule is added, so they can be used to allow packets that would otherwise be refused.

Type: "string"

Default: ""

Example: "iptables -A INPUT -p icmp -j ACCEPT"

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.extraStopCommands

Additional shell commands executed as part of the firewall shutdown script. These are executed just after the removal of the nixos input rule, or if the service enters a failed state.

Type: "string"

Default: ""

Example: "iptables -P INPUT ACCEPT"

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.logRefusedConnections

Whether to log rejected or dropped incoming connections.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.logRefusedPackets

Whether to log all rejected or dropped incoming packets. This tends to give a lot of log messages, so it's mostly useful for debugging.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.logRefusedUnicastsOnly

If networking.firewall.logRefusedPackets and this option are enabled, then only log packets specifically directed at this machine, i.e., not broadcasts or multicasts.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.pingLimit

If pings are allowed, this allows setting rate limits on them. If non-null, this option should be in the form of flags like "--limit 1/minute --limit-burst 5"

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.rejectPackets

If set, forbidden packets are rejected rather than dropped (ignored). This means that an ICMP "port unreachable" error message is sent back to the client. Rejecting packets makes port scanning somewhat easier.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.trustedInterfaces

Traffic coming in from these interfaces will be accepted unconditionally.

Type: "list of strings"

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.hostId

The 32-bit host ID of the machine, formatted as 8 hexadecimal characters. You should try to make this ID unique among your machines. You can generate a random 32-bit ID using the following commands: cksum /etc/machine-id | while read c rest; do printf "%x" $c; done (this derives it from the machine-id that systemd generates) or head -c4 /dev/urandom | od -A none -t x4

Type: "null or string"

Default: null

Example: "4e98920d"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.hostName

The name of the machine. Leave it empty if you want to obtain it from a DHCP server (if using DHCP).

Type: "string"

Default: "nixos"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaceMonitor.beep

If true, beep when an Ethernet cable is plugged in or unplugged.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/ifplugd.nix>
networking.interfaceMonitor.commands

Shell commands to be executed when the link status of an interface changes. On invocation, the shell variable iface contains the name of the interface, while the variable status contains either up or down to indicate the new status.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/ifplugd.nix>
networking.interfaceMonitor.enable

If true, monitor Ethernet interfaces for cables being plugged in or unplugged. When this occurs, the commands specified in networking.interfaceMonitor.commands are executed.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/ifplugd.nix>
networking.interfaces

The configuration for each network interface. If networking.useDHCP is true, then every interface not listed here will be configured using DHCP.

Type: "list or attribute set of submodules"

Default: { }

Example: { eth0 = { ip4 = [ { address = "131.211.84.78"; prefixLength = 25; } ] ; } ; }

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.ip4

List of IPv4 addresses that will be statically assigned to the interface.

Type: "list of submodules"

Default: [ ]

Example: [ { address = "10.0.0.1"; prefixLength = 16; } { address = "192.168.1.1"; prefixLength = 24; } ]

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.ip4.*.address

IPv4 address of the interface. Leave empty to configure the interface using DHCP.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.ip4.*.prefixLength

Subnet mask of the interface, specified as the number of bits in the prefix (24).

Type: "integer"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.ip6

List of IPv6 addresses that will be statically assigned to the interface.

Type: "list of submodules"

Default: [ ]

Example: [ { address = "fdfd:b3f0:482::1"; prefixLength = 48; } { address = "2001:1470:fffd:2098::e006"; prefixLength = 64; } ]

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.ip6.*.address

IPv6 address of the interface. Leave empty to configure the interface using DHCP.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.ip6.*.prefixLength

Subnet mask of the interface, specified as the number of bits in the prefix (64).

Type: "integer"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.ipAddress

IP address of the interface. Leave empty to configure the interface using DHCP.

Type: "null or string"

Default: null

Example: "10.0.0.1"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.ipv6Address

IPv6 address of the interface. Leave empty to configure the interface using NDP.

Type: "null or string"

Default: null

Example: "2001:1470:fffd:2098::e006"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.ipv6PrefixLength

Subnet mask of the interface, specified as the number of bits in the prefix (64).

Type: "integer"

Default: 64

Example: 64

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.macAddress

MAC address of the interface. Leave empty to use the default.

Type: "null or string"

Default: null

Example: "00:11:22:33:44:55"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.mtu

MTU size for packets leaving the interface. Leave empty to use the default.

Type: "null or integer"

Default: null

Example: 9000

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.name

Name of the interface.

Type: "string"

Example: "eth0"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.prefixLength

Subnet mask of the interface, specified as the number of bits in the prefix (24).

Type: "null or integer"

Default: null

Example: 24

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.proxyARP

Turn on proxy_arp for this device (and proxy_ndp for ipv6). This is mainly useful for creating pseudo-bridges between a real interface and a virtual network such as VPN or a virtual machine for interfaces that don't support real bridging (most wlan interfaces). As ARP proxying acts slightly above the link-layer, below-ip traffic isn't bridged, so things like DHCP won't work. The advantage above using NAT lies in the fact that no IP addresses are shared, so all hosts are reachable/routeable. WARNING: turns on ip-routing, so if you have multiple interfaces, you should think of the consequence and setup firewall rules to limit this.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.subnetMask

Defunct, supply the prefix length instead.

Type: "unspecified"

Default: null

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.useDHCP

Whether this interface should be configured with dhcp. Null implies the old behavior which depends on whether ip addresses are specified or not.

Type: "null or boolean"

Default: null

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.virtual

Whether this interface is virtual and should be created by tunctl. This is mainly useful for creating bridges between a host a virtual network such as VPN or a virtual machine.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.virtualOwner

In case of a virtual device, the user who owns it.

Type: "string"

Default: "root"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.virtualType

The explicit type of interface to create. Accepts tun or tap strings. Also accepts null to implicitly detect the type of device.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.localCommands

Shell commands to be executed at the end of the network-setup systemd service. Note that if you are using DHCP to obtain the network configuration, interfaces may not be fully configured yet.

Type: "unspecified"

Default: ""

Example: "text=anything; echo You can put \$text here."

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.macvlans

This option allows you to define macvlan interfaces which should be automatically created.

Type: "attribute set of submodules"

Default: { }

Example: { wan = { interface = "enp2s0"; mode = "vepa"; } ; }

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.macvlans.<name>.interface

The interface the macvlan will transmit packets through.

Type: "string"

Example: "enp4s0"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.macvlans.<name>.mode

The mode of the macvlan device.

Type: "null or string"

Default: null

Example: "vepa"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.nameservers

The list of nameservers. It can be left empty if it is auto-detected through DHCP.

Type: "unspecified"

Default: [ ]

Example: [ "130.161.158.4" "130.161.33.17" ]

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.nat.enable

Whether to enable Network Address Translation (NAT).

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.externalIP

The public IP address to which packets from the local network are to be rewritten. If this is left empty, the IP address associated with the external interface will be used.

Type: "null or string"

Default: null

Example: "203.0.113.123"

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.externalInterface

The name of the external network interface.

Type: "string"

Example: "eth1"

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.forwardPorts

List of forwarded ports from the external interface to internal destinations by using DNAT.

Type: "list of submodules"

Default: [ ]

Example: [ { destination = "10.0.0.1:80"; sourcePort = 8080; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.forwardPorts.*.destination

Forward tcp connection to destination ip:port

Type: "string"

Example: "10.0.0.1:80"

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.forwardPorts.*.sourcePort

Source port of the external interface

Type: "integer"

Example: 8080

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.internalIPs

The IP address ranges for which to perform NAT. Packets coming from these addresses (on any interface) and destined for the external interface will be rewritten.

Type: "list of strings"

Default: [ ]

Example: [ "192.168.1.0/24" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.internalInterfaces

The interfaces for which to perform NAT. Packets coming from these interface and destined for the external interface will be rewritten.

Type: "list of strings"

Default: [ ]

Example: [ "eth0" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.networkmanager.appendNameservers

A list of name servers that should be appended to the ones configured in NetworkManager or received by DHCP.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.dispatcherScripts

A list of scripts which will be executed in response to network events.

Type: "list of submodules"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.dispatcherScripts.*.source

A script source.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.dispatcherScripts.*.type

Dispatcher hook type. Only basic hooks are currently available.

Type: "one of basic"

Default: "basic"

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.enable

Whether to use NetworkManager to obtain an IP address and other configuration for all network interfaces that are not manually configured. If enabled, a group networkmanager will be created. Add all users that should have permission to change network settings to this group.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.insertNameservers

A list of name servers that should be inserted before the ones configured in NetworkManager or received by DHCP.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.packages

Extra packages that provide NetworkManager plugins.

Type: "list of paths"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.proxy.default

This option specifies the default value for httpProxy, httpsProxy, ftpProxy and rsyncProxy.

Type: "null or string"

Default: null

Example: "http://127.0.0.1:3128"

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.proxy.ftpProxy

This option specifies the ftp_proxy environment variable.

Type: "null or string"

Default: null

Example: "http://127.0.0.1:3128"

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.proxy.httpProxy

This option specifies the http_proxy environment variable.

Type: "null or string"

Default: null

Example: "http://127.0.0.1:3128"

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.proxy.httpsProxy

This option specifies the https_proxy environment variable.

Type: "null or string"

Default: null

Example: "http://127.0.0.1:3128"

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.proxy.noProxy

This option specifies the no_proxy environment variable. If a default proxy is used and noProxy is null, then noProxy will be set to 127.0.0.1,localhost.

Type: "null or string"

Default: null

Example: "127.0.0.1,localhost,.localdomain"

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.proxy.rsyncProxy

This option specifies the rsync_proxy environment variable.

Type: "null or string"

Default: null

Example: "http://127.0.0.1:3128"

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.search

The list of search paths used when resolving domain names.

Type: "list of strings"

Default: [ ]

Example: [ "example.com" "local.domain" ]

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.sits

This option allows you to define 6-to-4 interfaces which should be automatically created.

Type: "attribute set of submodules"

Default: { }

Example: { hurricane = { local = "10.0.0.22"; remote = "10.0.0.1"; ttl = 255; } ; msipv6 = { dev = "enp3s0"; remote = "192.168.0.1"; ttl = 127; } ; }

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.sits.<name>.dev

The underlying network device on which the tunnel resides.

Type: "null or string"

Default: null

Example: "enp4s0f0"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.sits.<name>.local

The address of the local endpoint which the remote side should send packets to.

Type: "null or string"

Default: null

Example: "10.0.0.22"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.sits.<name>.remote

The address of the remote endpoint to forward traffic over.

Type: "null or string"

Default: null

Example: "10.0.0.1"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.sits.<name>.ttl

The time-to-live of the connection to the remote tunnel endpoint.

Type: "null or integer"

Default: null

Example: 255

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.tcpcrypt.enable

Whether to enable opportunistic TCP encryption. If the other end speaks Tcpcrypt, then your traffic will be encrypted; otherwise it will be sent in clear text. Thus, Tcpcrypt alone provides no guarantees -- it is best effort. If, however, a Tcpcrypt connection is successful and any attackers that exist are passive, then Tcpcrypt guarantees privacy.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/tcpcrypt.nix>
networking.useDHCP

Whether to use DHCP to obtain an IP address and other configuration for all network interfaces that are not manually configured.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.useHostResolvConf

In containers, whether to use the resolv.conf supplied by the host.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.useNetworkd

Whether we should use networkd as the network configuration backend or the legacy script based system. Note that this option is experimental, enable at your own risk.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.usePredictableInterfaceNames

Whether to assign predictable names to network interfaces. If enabled, interfaces are assigned names that contain topology information (e.g. wlp3s0) and thus should be stable across reboots. If disabled, names depend on the order in which interfaces are discovered by the kernel, which may change randomly across reboots; for instance, you may find eth0 and eth1 flipping unpredictably.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/udev.nix>
networking.vlans

This option allows you to define vlan devices that tag packets on top of a physical interface. The value of this option is an attribute set. Each attribute specifies a vlan, with the name specifying the name of the vlan interface.

Type: "attribute set of submodules"

Default: { }

Example: { vlan0 = { id = 3; interface = "enp3s0"; } ; vlan1 = { id = 1; interface = "wlan0"; } ; }

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.vlans.<name>.id

The vlan identifier

Type: "integer"

Example: 1

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.vlans.<name>.interface

The interface the vlan will transmit packets through.

Type: "string"

Example: "enp4s0"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.vpnc.services

The names of cisco VPNs and their associated definitions

Type: "attribute set of strings"

Default: { }

Example: { test = "IPSec gateway 192.168.1.1 \nIPSec ID someID\nIPSec secret secretKey\nXauth username name\nXauth password pass\n"; }

Declared by:

<nixpkgs/nixos/modules/config/vpnc.nix>
networking.wicd.enable

Whether to start wicd. Wired and wireless network configurations can then be managed by wicd-client.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/wicd.nix>
networking.wireless.driver

Force a specific wpa_supplicant driver.

Type: "string"

Default: "nl80211,wext"

Declared by:

<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
networking.wireless.enable

Whether to start wpa_supplicant to scan for and associate with wireless networks. Note: NixOS currently does not manage wpa_supplicant's configuration file, /etc/wpa_supplicant.conf. You should edit this file yourself to define wireless networks, WPA keys and so on (see wpa_supplicant.conf(5)), or use networking.wireless.userControlled.* to allow users to add entries through wpa_cli and wpa_gui.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
networking.wireless.interfaces

The interfaces wpa_supplicant will use. If empty, it will automatically use all wireless interfaces.

Type: "list of strings"

Default: [ ]

Example: [ "wlan0" "wlan1" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
networking.wireless.userControlled.enable

Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli. This is useful for laptop users that switch networks a lot and don't want to depend on a large package such as NetworkManager just to pick nearby access points. When you want to use this, make sure /etc/wpa_supplicant.conf doesn't exist. It will be created for you. Currently it is also necessary to explicitly specify networking.wireless.interfaces.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
networking.wireless.userControlled.group

Members of this group can control wpa_supplicant.

Type: "string"

Default: "wheel"

Example: "network"

Declared by:

<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
nix.binaryCachePublicKeys

List of public keys used to sign binary caches. If nix.requireSignedBinaryCaches is enabled, then Nix will use a binary from a binary cache if and only if it is signed by any of the keys listed here. By default, only the key for cache.nixos.org is included.

Type: "list of strings"

Example: [ "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.binaryCaches

List of binary cache URLs used to obtain pre-built binaries of Nix packages.

Type: "list of strings"

Default: [ "https://cache.nixos.org/" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.buildCores

This option defines the maximum number of concurrent tasks during one build. It affects, e.g., -j option for make. The default is 1. The special value 0 means that the builder should use all available CPU cores in the system. Some builds may become non-deterministic with this option; use with care! Packages will only be affected if enableParallelBuilding is set for them.

Type: "integer"

Default: 1

Example: 64

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.buildMachines

This option lists the machines to be used if distributed builds are enabled (see nix.distributedBuilds). Nix will perform derivations on those machines via SSH by copying the inputs to the Nix store on the remote machine, starting the build, then copying the output back to the local Nix store. Each element of the list should be an attribute set containing the machine's host name (hostname), the user name to be used for the SSH connection (sshUser), the Nix system type (system, e.g., "i686-linux"), the maximum number of jobs to be run in parallel on that machine (maxJobs), the path to the SSH private key to be used to connect (sshKey), a list of supported features of the machine (supportedFeatures) and a list of mandatory features of the machine (mandatoryFeatures). The SSH private key should not have a passphrase, and the corresponding public key should be added to ~sshUser/authorized_keys on the remote machine.

Type: "list of attribute sets"

Default: [ ]

Example: [ { hostName = "voila.labs.cs.uu.nl"; maxJobs = 1; sshKey = "/root/.ssh/id_buildfarm"; sshUser = "nix"; system = "powerpc-darwin"; } { hostName = "linux64.example.org"; mandatoryFeatures = "perf"; maxJobs = 2; sshKey = "/root/.ssh/id_buildfarm"; sshUser = "buildfarm"; supportedFeatures = "kvm"; system = "x86_64-linux"; } ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.chrootDirs

Directories from the host filesystem to be included in the chroot.

Type: "list of strings"

Default: [ ]

Example: [ "/dev" "/proc" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.daemonIONiceLevel

Nix daemon process I/O priority. This priority propagates to build processes. 0 is the default Unix process I/O priority, 7 is the lowest.

Type: "integer"

Default: 0

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.daemonNiceLevel

Nix daemon process priority. This priority propagates to build processes. 0 is the default Unix process priority, 20 is the lowest.

Type: "integer"

Default: 0

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.distributedBuilds

Whether to distribute builds to the machines listed in nix.buildMachines.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.extraOptions

Additional text appended to nix.conf.

Type: "string"

Default: ""

Example:

''
gc-keep-outputs = true
gc-keep-derivations = true
''

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.gc.automatic

Automatically run the garbage collector at a specific time.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
nix.gc.dates

Specification (in the format described by systemd.time(5)) of the time at which the garbage collector will run.

Type: "string"

Default: "03:15"

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
nix.gc.options

Options given to nix-collect-garbage when the garbage collector is run automatically.

Type: "string"

Default: ""

Example: "--max-freed \$((64 * 1024**3))"

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
nix.maxJobs

This option defines the maximum number of jobs that Nix will try to build in parallel. The default is 1. You should generally set it to the number of CPUs in your system (e.g., 2 on an Athlon 64 X2).

Type: "integer"

Default: 1

Example: 64

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.nrBuildUsers

Number of nixbld user accounts created to perform secure concurrent builds. If you receive an error message saying that “all build users are currently in use”, you should increase this value.

Type: "integer"

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.readOnlyStore

If set, NixOS will enforce the immutability of the Nix store by making /nix/store a read-only bind mount. Nix will automatically make the store writable when needed.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.requireSignedBinaryCaches

If enabled, Nix will only download binaries from binary caches if they are cryptographically signed with any of the keys listed in nix.binaryCachePublicKeys. If disabled (the default), signatures are neither required nor checked, so it's strongly recommended that you use only trustworthy caches and https to prevent man-in-the-middle attacks.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.sshServe.enable

Whether to enable serving the Nix store as a binary cache via SSH.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-ssh-serve.nix>
nix.sshServe.keys

A list of SSH public keys allowed to access the binary cache via SSH.

Type: "list of strings"

Default: [ ]

Example: [ "ssh-dss AAAAB3NzaC1k... alice@example.org" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-ssh-serve.nix>
nix.trustedBinaryCaches

List of binary cache URLs that non-root users can use (in addition to those specified using nix.binaryCaches by passing --option binary-caches to Nix commands.

Type: "list of strings"

Default: [ ]

Example: [ "http://hydra.nixos.org/" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.useChroot

If set, Nix will perform builds in a chroot-environment that it will set up automatically for each build. This prevents impurities in builds by disallowing access to dependencies outside of the Nix store.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nixpkgs.config

The configuration of the Nix Packages collection. (For details, see the Nixpkgs documentation.) It allows you to set package configuration options, and to override packages globally through the packageOverrides option. The latter is a function that takes as an argument the original Nixpkgs, and must evaluate to a set of new or overridden packages.

Type: "nixpkgs config"

Default: { }

Example:

{ firefox.enableGeckoMediaPlayer = true;
  packageOverrides = pkgs: {
    firefox60Pkgs = pkgs.firefox60Pkgs.override {
      enableOfficialBranding = true;
    };
  };
}

Declared by:

<nixpkgs/nixos/modules/misc/nixpkgs.nix>
nixpkgs.system

Specifies the Nix platform type for which NixOS should be built. If unset, it defaults to the platform type of your host system. Specifying this option is useful when doing distributed multi-platform deployment, or when building virtual machines.

Type: "string"

Example: "i686-linux"

Declared by:

<nixpkgs/nixos/modules/misc/nixpkgs.nix>
power.ups.enable

Enables support for Power Devices, such as Uninterruptible Power Supplies, Power Distribution Units and Solar Controllers.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/ups.nix>
power.ups.maxStartDelay

This can be set as a global variable above your first UPS definition and it can also be set in a UPS section. This value controls how long upsdrvctl will wait for the driver to finish starting. This keeps your system from getting stuck due to a broken driver or UPS.

Type: "integer"

Default: 45

Declared by:

<nixpkgs/nixos/modules/services/monitoring/ups.nix>
power.ups.mode

The MODE determines which part of the NUT is to be started, and which configuration files must be modified. The values of MODE can be: - none: NUT is not configured, or use the Integrated Power Management, or use some external system to startup NUT components. So nothing is to be started. - standalone: This mode address a local only configuration, with 1 UPS protecting the local system. This implies to start the 3 NUT layers (driver, upsd and upsmon) and the matching configuration files. This mode can also address UPS redundancy. - netserver: same as for the standalone configuration, but also need some more ACLs and possibly a specific LISTEN directive in upsd.conf. Since this MODE is opened to the network, a special care should be applied to security concerns. - netclient: this mode only requires upsmon.

Type: "string"

Default: "standalone"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/ups.nix>
power.ups.schedulerRules

File which contains the rules to handle UPS events.

Type: "string"

Example: "/etc/nixos/upssched.conf"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/ups.nix>
power.ups.ups

This is where you configure all the UPSes that this system will be monitoring directly. These are usually attached to serial ports, but USB devices are also supported.

Type: "attribute set of submodules"

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/monitoring/ups.nix>
power.ups.ups.<name>.description

Description of the UPS.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/monitoring/ups.nix>
power.ups.ups.<name>.directives

List of configuration directives for this UPS.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/monitoring/ups.nix>
power.ups.ups.<name>.driver

Specify the program to run to talk to this UPS. apcsmart, bestups, and sec are some examples.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/ups.nix>
power.ups.ups.<name>.maxStartDelay

This can be set as a global variable above your first UPS definition and it can also be set in a UPS section. This value controls how long upsdrvctl will wait for the driver to finish starting. This keeps your system from getting stuck due to a broken driver or UPS.

Type: "null or integer"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/monitoring/ups.nix>
power.ups.ups.<name>.port

The serial port to which your UPS is connected. /dev/ttyS0 is usually the first port on Linux boxes, for example.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/ups.nix>
power.ups.ups.<name>.shutdownOrder

When you have multiple UPSes on your system, you usually need to turn them off in a certain order. upsdrvctl shuts down all the 0s, then the 1s, 2s, and so on. To exclude a UPS from the shutdown sequence, set this to -1.

Type: "integer"

Default: 0

Declared by:

<nixpkgs/nixos/modules/services/monitoring/ups.nix>
power.ups.ups.<name>.summary

Lines which would be added inside ups.conf for handling this UPS.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/monitoring/ups.nix>
powerManagement.cpuFreqGovernor

Configure the governor used to regulate the frequence of the available CPUs. By default, the kernel configures the on-demand governor.

Type: "null or string"

Default: null

Example: "ondemand"

Declared by:

<nixpkgs/nixos/modules/tasks/cpu-freq.nix>
powerManagement.enable

Whether to enable power management. This includes support for suspend-to-RAM and powersave features on laptops.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/config/power-management.nix>
powerManagement.powerDownCommands

Commands executed when the machine powers down. That is, they're executed both when the system shuts down and when it goes to suspend or hibernation.

Type: "string"

Default: ""

Example:

"${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda"

Declared by:

<nixpkgs/nixos/modules/config/power-management.nix>
powerManagement.powerUpCommands

Commands executed when the machine powers up. That is, they're executed both when the system first boots and when it resumes from suspend or hibernation.

Type: "string"

Default: ""

Example:

"${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda"

Declared by:

<nixpkgs/nixos/modules/config/power-management.nix>
powerManagement.resumeCommands

Commands executed after the system resumes from suspend-to-RAM.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/power-management.nix>
powerManagement.scsiLinkPolicy

Configure the SCSI link power management policy. By default, the kernel configures "max_performance".

Type: "string"

Default: ""

Example: "min_power"

Declared by:

<nixpkgs/nixos/modules/tasks/scsi-link-power-management.nix>
programs.atop.settings

Parameters to be written to /etc/atoprc.

Type: "attribute set"

Default: { }

Example: { flags = "a1f"; interval = 5; }

Declared by:

<nixpkgs/nixos/modules/programs/atop.nix>
programs.bash.enableCompletion

Enable Bash completion for all interactive bash shells.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/programs/bash/bash.nix>
programs.bash.interactiveShellInit

Shell script code called during interactive bash shell initialisation.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/bash/bash.nix>
programs.bash.loginShellInit

Shell script code called during login bash shell initialisation.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/bash/bash.nix>
programs.bash.promptInit

Shell script code used to initialise the bash prompt.

Type: "string"

Default:

''
# Provide a nice prompt.
PROMPT_COLOR="1;31m"
let $UID && PROMPT_COLOR="1;32m"
PS1="\n\[\033[$PROMPT_COLOR\][\u@\h:\w]\\$\[\033[0m\] "
if test "$TERM" = "xterm"; then
  PS1="\[\033]2;\h:\u:\w\007\]$PS1"
fi
''

Declared by:

<nixpkgs/nixos/modules/programs/bash/bash.nix>
programs.bash.shellAliases

Set of aliases for bash shell. See environment.shellAliases for an option format description.

Type: "attribute set"

Default: { l = "ls -alh"; ll = "ls -l"; ls = "ls --color=tty"; restart = "systemctl restart"; start = "systemctl start"; status = "systemctl status"; stop = "systemctl stop"; which = "type -P"; }

Declared by:

<nixpkgs/nixos/modules/programs/bash/bash.nix>
programs.bash.shellInit

Shell script code called during bash shell initialisation.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/bash/bash.nix>
programs.cdemu.enable

Whether to enable cdemu for users of appropriate group (default cdrom)

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/programs/cdemu.nix>
programs.cdemu.group

Required group for users of cdemu

Type: "unspecified"

Default: "cdrom"

Declared by:

<nixpkgs/nixos/modules/programs/cdemu.nix>
programs.cdemu.gui

Whether to install cdemu GUI (gCDEmu)

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/programs/cdemu.nix>
programs.cdemu.image-analyzer

Whether to install image analyzer

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/programs/cdemu.nix>
programs.ibus.enable

Enable IBus input method

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/programs/ibus.nix>
programs.ibus.plugins

IBus plugin packages

Type: "list of paths"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/programs/ibus.nix>
programs.light.enable

Whether to install Light backlight control with setuid wrapper.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/programs/light.nix>
programs.nano.nanorc

The system-wide nano configuration. See nanorc(5).

Type: "string"

Default: ""

Example:

''
set nowrap
set tabstospaces
set tabsize 4
''

Declared by:

<nixpkgs/nixos/modules/programs/nano.nix>
programs.screen.screenrc

The contents of /etc/screenrc file.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/screen.nix>
programs.ssh.agentTimeout

How long to keep the private keys in memory. Use null to keep them forever.

Type: "null or string"

Default: null

Example: "1h"

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.askPassword

Program used by SSH to ask for passwords.

Type: "string"

Default: "/nix/store/dsi5p2v34y8rqj957yj5vpgw43sbf818-x11-ssh-askpass-1.2.4.1/libexec/x11-ssh-askpass"

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.extraConfig

Extra configuration text appended to ssh_config. See ssh_config(5) for help.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.forwardX11

Whether to request X11 forwarding on outgoing connections by default. This is useful for running graphical programs on the remote machine and have them display to your local X11 server. Historically, this value has depended on the value used by the local sshd daemon, but there really isn't a relation between the two. Note: there are some security risks to forwarding an X11 connection. NixOS's X server is built with the SECURITY extension, which prevents some obvious attacks. To enable or disable forwarding on a per-connection basis, see the -X and -x options to ssh. The -Y option to ssh enables trusted forwarding, which bypasses the SECURITY extension.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.package

The package used for the openssh client and daemon.

Type: "unspecified"

Default: (build of openssh-6.8p1)

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.setXAuthLocation

Whether to set the path to xauth for X11-forwarded connections. This causes a dependency on X11 packages.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.startAgent

Whether to start the OpenSSH agent when you log in. The OpenSSH agent remembers private keys for you so that you don't have to type in passphrases every time you make an SSH connection. Use ssh-add to add a key to the agent.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.zsh.enable

Whenever to configure Zsh as an interactive shell.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
programs.zsh.interactiveShellInit

Shell script code called during interactive zsh shell initialisation.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
programs.zsh.loginShellInit

Shell script code called during zsh login shell initialisation.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
programs.zsh.promptInit

Shell script code used to initialise the zsh prompt.

Type: "string"

Default:

''
autoload -U promptinit && promptinit && prompt walters
''

Declared by:

<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
programs.zsh.shellAliases

Set of aliases for zsh shell. See environment.shellAliases for an option format description.

Type: "attribute set"

Default: { l = "ls -alh"; ll = "ls -l"; ls = "ls --color=tty"; restart = "systemctl restart"; start = "systemctl start"; status = "systemctl status"; stop = "systemctl stop"; }

Declared by:

<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
programs.zsh.shellInit

Shell script code called during zsh shell initialisation.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
qtPlugins

Plugin packages for Qt such as input methods.

Type: "list of paths"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/config/qt-plugin-env.nix>
security.apparmor.confineSUIDApplications

Install AppArmor profiles for commonly-used SUID application to mitigate potential privilege escalation attacks due to bugs in such applications. Currently available profiles: ping

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/security/apparmor-suid.nix>
security.apparmor.enable

Enable the AppArmor Mandatory Access Control system.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/apparmor.nix>
security.apparmor.profiles

List of files containing AppArmor profiles.

Type: "list of paths"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/security/apparmor.nix>
security.duosec.acceptEnvFactor

Look for factor selection or passcode in the $DUO_PASSCODE environment variable before prompting the user for input. When $DUO_PASSCODE is non-empty, it will override autopush. The SSH client will need SendEnv DUO_PASSCODE in its configuration, and the SSH server will similarly need AcceptEnv DUO_PASSCODE.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.allowTcpForwarding

By default, when SSH forwarding, enabling Duo Security will disable TCP forwarding. By enabling this, you potentially undermine some of the SSH based login security. Note this is not needed if you use PAM.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.autopush

If true, Duo Unix will automatically send a push login request to the user’s phone, falling back on a phone call if push is unavailable. If false, the user will be prompted to choose an authentication method. When configured with autopush = yes, we recommend setting prompts = 1.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.failmode

On service or configuration errors that prevent Duo authentication, fail "safe" (allow access) or "secure" (deny access). The default is "safe".

Type: "string"

Default: "safe"

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.fallbackLocalIP

Duo Unix reports the IP address of the authorizing user, for the purposes of authorization and whitelisting. If Duo Unix cannot detect the IP address of the client, setting fallbackLocalIP = yes will cause Duo Unix to send the IP address of the server it is running on. If you are using IP whitelisting, enabling this option could cause unauthorized logins if the local IP is listed in the whitelist.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.group

Use Duo authentication for users only in this group.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.host

Duo API hostname.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.ikey

Integration key.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.motd

Print the contents of /etc/motd to screen after a successful login.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.pam.enable

If enabled, protect logins with Duo Security using PAM support.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.prompts

If a user fails to authenticate with a second factor, Duo Unix will prompt the user to authenticate again. This option sets the maximum number of prompts that Duo Unix will display before denying access. Must be 1, 2, or 3. Default is 3. For example, when prompts = 1, the user will have to successfully authenticate on the first prompt, whereas if prompts = 2, if the user enters incorrect information at the initial prompt, he/she will be prompted to authenticate again. When configured with autopush = true, we recommend setting prompts = 1.

Type: "integer"

Default: 3

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.pushinfo

Include information such as the command to be executed in the Duo Push message.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.skey

Secret key.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.ssh.enable

If enabled, protect SSH logins with Duo Security.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.grsecurity.config.denyChrootChmod

If true, then set GRKERN_CHROOT_CHMOD y. If enabled, this denies processes inside a chroot from setting the suid or sgid bits using chmod or fchmod. By default this protection is disabled - it makes it impossible to use Nix to build software on your system, which is what most users want. If you are using NixOps to deploy your software to a remote machine, you're encouraged to enable this as you won't need to compile code.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/grsecurity.nix>
security.grsecurity.config.denyUSB

If true, then set GRKERNSEC_DENYUSB y. This enables a sysctl with name kernel.grsecurity.deny_new_usb. Setting its value to 1 will prevent any new USB devices from being recognized by the OS. Any attempted USB device insertion will be logged. This option is intended to be used against custom USB devices designed to exploit vulnerabilities in various USB device drivers.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/grsecurity.nix>
security.grsecurity.config.disableRBAC

If true, then set GRKERN_NO_RBAC y. This disables the /dev/grsec device, which in turn disables the RBAC system (and gradm).

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/grsecurity.nix>
security.grsecurity.config.hardwareVirtualisation

grsecurity hardware virtualisation configuration. Set to true if your machine supports hardware accelerated virtualisation.

Type: "null or boolean"

Default: null

Example: true

Declared by:

<nixpkgs/nixos/modules/security/grsecurity.nix>
security.grsecurity.config.kernelExtraConfig

Extra kernel configuration parameters.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/security/grsecurity.nix>
security.grsecurity.config.mode

grsecurity configuration mode. This specifies whether grsecurity is auto-configured or otherwise completely manually configured.

Type: "one of auto, custom"

Default: "auto"

Declared by:

<nixpkgs/nixos/modules/security/grsecurity.nix>
security.grsecurity.config.priority

grsecurity configuration priority. This specifies whether the kernel configuration should emphasize speed or security.

Type: "one of security, performance"

Default: "security"

Declared by:

<nixpkgs/nixos/modules/security/grsecurity.nix>
security.grsecurity.config.restrictProc

If true, then set GRKERN_PROC_USER y. This restricts non-root users to only viewing their own processes and restricts network-related information, kernel symbols, and module information.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/grsecurity.nix>
security.grsecurity.config.restrictProcWithGroup

If true, then set GRKERN_PROC_USERGROUP y. This is similar to restrictProc except it allows a special group (specified by unrestrictProcGid) to still access otherwise classified information in /proc.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/security/grsecurity.nix>
security.grsecurity.config.sysctl

If true, then set GRKERN_SYSCTL y. If enabled then grsecurity can be controlled using sysctl (and turned off). You are advised to *never* enable this, but if you do, make sure to always set the sysctl kernel.grsecurity.grsec_lock to non-zero as soon as all sysctl options are set. *THIS IS EXTREMELY IMPORTANT*!

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/grsecurity.nix>
security.grsecurity.config.system

grsecurity system configuration.

Type: "one of desktop, server"

Default: "desktop"

Declared by:

<nixpkgs/nixos/modules/security/grsecurity.nix>
security.grsecurity.config.unrestrictProcGid

If set, specifies a GID which is exempt from /proc restrictions (set by GRKERN_PROC_USERGROUP). By default, this is set to the GID for grsecurity, a predefined NixOS group, which the root account is a member of. You may conveniently add other users to this group if you need access to /proc

Type: "integer"

Default: 121

Declared by:

<nixpkgs/nixos/modules/security/grsecurity.nix>
security.grsecurity.config.verboseVersion

Use verbose version in kernel localversion.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/grsecurity.nix>
security.grsecurity.config.virtualisationConfig

grsecurity virtualisation configuration. This specifies the virtualisation role of the machine - that is, whether it will be a virtual machine guest, a virtual machine host, or neither.

Type: "null or one of host, guest"

Default: null

Declared by:

<nixpkgs/nixos/modules/security/grsecurity.nix>
security.grsecurity.config.virtualisationSoftware

Configure grsecurity for use with this virtualisation software.

Type: "null or one of kvm, xen, vmware, virtualbox"

Default: null

Declared by:

<nixpkgs/nixos/modules/security/grsecurity.nix>
security.grsecurity.enable

Enable grsecurity support. This enables advanced exploit hardening for the Linux kernel, and adds support for administrative Role-Based Acess Control (RBAC) via gradm. It also includes traditional utilities for PaX.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/grsecurity.nix>
security.grsecurity.stable

Enable the stable grsecurity patch, based on Linux 3.14.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/grsecurity.nix>
security.grsecurity.testing

Enable the testing grsecurity patch, based on Linux 3.19.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/grsecurity.nix>
security.pam.enableEcryptfs

Enable eCryptfs PAM module (mounting ecryptfs home directory on login).

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.enableOATH

Enable the OATH (one-time password) PAM module.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.enableOTPW

Enable the OTPW (one-time password) PAM module.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.enableSSHAgentAuth

Enable sudo logins if the user's SSH agent provides a key present in ~/.ssh/authorized_keys. This allows machines to exclusively use SSH keys instead of passwords.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.loginLimits

Define resource limits that should apply to users or groups. Each item in the list should be an attribute set with a domain, type, item, and value attribute. The syntax and semantics of these attributes must be that described in the limits.conf(5) man page.

Type: "unspecified"

Default: [ ]

Example: [ { domain = "ftp"; item = "nproc"; type = "hard"; value = "0"; } { domain = "@student"; item = "maxlogins"; type = "-"; value = "4"; } ]

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services

This option defines the PAM services. A service typically corresponds to a program that uses PAM, e.g. login or passwd. Each attribute of this set defines a PAM service, with the attribute name defining the name of the service.

Type: "list or attribute set of submodules"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.allowNullPassword

Whether to allow logging into accounts that have no password set (i.e., have an empty password field in /etc/passwd or /etc/group). This does not enable logging into disabled accounts (i.e., that have the password field set to !). Note that regardless of what the pam_unix documentation says, accounts with hashed empty passwords are always allowed to log in.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.forwardXAuth

Whether X authentication keys should be passed from the calling user to the target user (e.g. for su)

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.fprintAuth

If set, fingerprint reader will be used (if exists and your fingerprints are enrolled).

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.limits

Attribute set describing resource limits. Defaults to the value of security.pam.loginLimits.

Type: "unspecified"

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.logFailures

Whether to log authentication failures in /var/log/faillog.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.makeHomeDir

Whether to try to create home directories for users with $HOMEs pointing to nonexistent locations on session login.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.name

Name of the PAM service.

Type: "string"

Example: "sshd"

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.oathAuth

If set, the OATH Toolkit will be used.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.otpwAuth

If set, the OTPW system will be used (if ~/.otpw exists).

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.requireWheel

Whether to permit root access only to members of group wheel.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.rootOK

If set, root doesn't need to authenticate (e.g. for the useradd service).

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.setLoginUid

Set the login uid of the process (/proc/self/loginuid) for auditing purposes. The login uid is only set by ‘entry points’ like login and sshd, not by commands like sudo.

Type: "boolean"

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.showMotd

Whether to show the message of the day.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.sshAgentAuth

If set, the calling user's SSH agent is used to authenticate against the keys in the calling user's ~/.ssh/authorized_keys. This is useful for sudo on password-less remote systems.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.startSession

If set, the service will register a new session with systemd's login manager. For local sessions, this will give the user access to audio devices, CD-ROM drives. In the default PolicyKit configuration, it also allows the user to reboot the system.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.text

Contents of the PAM service file.

Type: "null or string"

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.unixAuth

Whether users can log in with passwords defined in /etc/shadow.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.updateWtmp

Whether to update /var/log/wtmp.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.usbAuth

If set, users listed in /etc/pamusb.conf are able to log in with the associated USB key.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.usb.enable

Enable USB login for all login systems that support it. For more information, visit http://pamusb.org/doc/quickstart#setting_up.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam_usb.nix>
security.pki.certificateFiles

A list of files containing trusted root certificates in PEM format. These are concatenated to form /etc/ssl/certs/ca-bundle.crt, which is used by many programs that use OpenSSL, such as curl and git.

Type: "list of paths"

Default: [ ]

Example:

[ "${pkgs.cacert}/etc/ca-bundle.crt" ]

Declared by:

<nixpkgs/nixos/modules/security/ca.nix>
security.pki.certificates

A list of trusted root certificates in PEM format.

Type: "list of strings"

Default: [ ]

Example: [ "NixOS.org\n=========\n-----BEGIN CERTIFICATE-----\nMIIGUDCCBTigAwIBAgIDD8KWMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ\nTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0\n...\n-----END CERTIFICATE-----\n" ]

Declared by:

<nixpkgs/nixos/modules/security/ca.nix>
security.polkit.adminIdentities

Specifies which users are considered “administrators”, for those actions that require the user to authenticate as an administrator (i.e. have an auth_admin value). By default, this is the root user and all users in the wheel group.

Type: "list of strings"

Default: [ "unix-user:0" "unix-group:wheel" ]

Example: [ "unix-user:alice" "unix-group:admin" ]

Declared by:

<nixpkgs/nixos/modules/security/polkit.nix>
security.polkit.enable

Whether to enable PolKit.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/security/polkit.nix>
security.polkit.extraConfig

Any polkit rules to be added to config (in JavaScript ;-). See: http://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html#polkit-rules

Type: "string"

Default: ""

Example:

''
/* Log authorization checks. */
polkit.addRule(function(action, subject) {
  polkit.log("user " +  subject.user + " is attempting action " + action.id + " from PID " + subject.pid);
});

/* Allow any local user to do anything (dangerous!). */
polkit.addRule(function(action, subject) {
  if (subject.local) return "yes";
});
''

Declared by:

<nixpkgs/nixos/modules/security/polkit.nix>
security.rngd.enable

Whether to enable the rng daemon, which adds entropy from hardware sources of randomness to the kernel entropy pool when available.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/security/rngd.nix>
security.rtkit.enable

Whether to enable the RealtimeKit system service, which hands out realtime scheduling priority to user processes on demand. For example, the PulseAudio server uses this to acquire realtime priority.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/rtkit.nix>
security.setuidOwners

This option allows the ownership and permissions on the setuid wrappers for specific programs to be overridden from the default (setuid root, but not setgid root).

Type: "list of attribute sets"

Default: [ ]

Example: [ { group = "postdrop"; owner = "nobody"; permissions = "u+rx,g+x,o+x"; program = "sendmail"; setgid = true; setuid = false; } ]

Declared by:

<nixpkgs/nixos/modules/security/setuid-wrappers.nix>
security.setuidPrograms

The Nix store cannot contain setuid/setgid programs directly. For this reason, NixOS can automatically generate wrapper programs that have the necessary privileges. This option lists the names of programs in the system environment for which setuid root wrappers should be created.

Type: "list of strings"

Default: [ ]

Example: [ "passwd" ]

Declared by:

<nixpkgs/nixos/modules/security/setuid-wrappers.nix>
security.sudo.configFile

This string contains the contents of the sudoers file.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/security/sudo.nix>
security.sudo.enable

Whether to enable the sudo command, which allows non-root users to execute commands as root.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/security/sudo.nix>
security.sudo.extraConfig

Extra configuration text appended to sudoers.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/security/sudo.nix>
security.sudo.wheelNeedsPassword

Whether users of the wheel group can execute commands as super user without entering a password.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/security/sudo.nix>
services.accounts-daemon.enable

Whether to enable AccountsService, a DBus service for accessing the list of user accounts and information attached to those accounts.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/desktops/accountsservice.nix>
services.acpid.acEventCommands

Shell commands to execute on an ac_adapter.* event.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/hardware/acpid.nix>
services.acpid.enable

Whether to enable the ACPI daemon.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/acpid.nix>
services.acpid.lidEventCommands

Shell commands to execute on a button/lid.* event.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/hardware/acpid.nix>
services.acpid.powerEventCommands

Shell commands to execute on a button/power.* event.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/hardware/acpid.nix>
services.activemq.baseDir

The base directory where ActiveMQ stores its persistent data and logs. This will be overridden if you set "activemq.base" and "activemq.data" in the javaProperties option. You can also override this in activemq.xml.

Type: "string"

Default: "/var/activemq"

Declared by:

<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
services.activemq.configurationDir

The base directory for ActiveMQ's configuration. By default, this directory is searched for a file named activemq.xml, which should contain the configuration for the broker service.

Type: "unspecified"

Default: "/nix/store/3sci0dk3m2bcvil01nl6d7dhfrmc0y5b-apache-activemq-5.8.0/conf"

Declared by:

<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
services.activemq.configurationURI

The URI that is passed along to the BrokerFactory to set up the configuration of the ActiveMQ broker service. You should not need to change this. For custom configuration, set the configurationDir instead, and create an activemq.xml configuration file in it.

Type: "string"

Default: "xbean:activemq.xml"

Declared by:

<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
services.activemq.enable

Enable the Apache ActiveMQ message broker service.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
services.activemq.extraJavaOptions

Add extra options here that you want to be sent to the Java runtime when the broker service is started.

Type: "string"

Default: ""

Example: "-Xmx2G -Xms2G -XX:MaxPermSize=512M"

Declared by:

<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
services.activemq.javaProperties

Specifies Java properties that are sent to the ActiveMQ broker service with the "-D" option. You can set properties here to change the behaviour and configuration of the broker. All essential properties that are not set here are automatically given reasonable defaults.

Type: "attribute set"

Default: { }

Example: { java.net.preferIPv4Stack = "true"; }

Declared by:

<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
services.aiccu.automatic

Automatic Login and Tunnel activation

Type: "boolean"

Default: true

Example: false

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.behindNAT

Notify the user that a NAT-kind network is detected

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.defaultRoute

Add a default route

Type: "boolean"

Default: true

Example: false

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.enable

Enable aiccu IPv6 over IPv4 SiXXs tunnel

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.interfaceName

The name of the interface that will be used as a tunnel interface. On *BSD the ipv6_interface should be set to gifX (eg gif0) for proto-41 tunnels or tunX (eg tun0) for AYIYA tunnels.

Type: "string"

Default: "aiccu"

Example: "sixxs"

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.localIPv4Override

Overrides the IPv4 parameter received from TIC This allows one to configure a NAT into "DMZ" mode and then forwarding the proto-41 packets to an internal host. This is only needed for static proto-41 tunnels! AYIYA and heartbeat tunnels don't require this.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.makeHeartBeats

In general you don't want to turn this off Of course only applies to AYIYA and heartbeat tunnels not to static ones

Type: "boolean"

Default: true

Example: false

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.noConfigure

Don't configure anything

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.password

Login credential

Type: "null or string"

Default: null

Example: "TmAkRbBEr0"

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.pidFile

Location of PID File

Type: "path"

Default: "/run/aiccu.pid"

Example: "/var/lib/aiccu/aiccu.pid"

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.protocol

Protocol to use for setting up the tunnel

Type: "string"

Default: "tic"

Example: "tic|tsp|l2tp"

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.requireTLS

When set to true, if TLS is not supported on the server the TIC transaction will fail. When set to false, it will try a starttls, when that is not supported it will continue. In any case if AICCU is build with TLS support it will try to do a 'starttls' to the TIC server to see if that is supported.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.server

Server to use for setting up the tunnel

Type: "string"

Default: "tic.sixxs.net"

Example: "enabled.ipv6server.net"

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.setupScript

Script to run after setting up the interfaces

Type: "null or path"

Default: null

Example: "/var/lib/aiccu/fix-subnets.sh"

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.tunnelID

The tunnel id to use, only required when there are multiple tunnels in the list

Type: "null or string"

Default: null

Example: "T12345"

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.username

Login credential

Type: "null or string"

Default: null

Example: "FAB5-SIXXS"

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.verbose

Be verbose?

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.almir.director_address

IP/Hostname for Director to connect with bconsole.

Type: "unspecified"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/backup/almir.nix>
services.almir.director_name

Name of the Director to connect with bconsole.

Type: "unspecified"

Declared by:

<nixpkgs/nixos/modules/services/backup/almir.nix>
services.almir.director_password

Password for Director to connect with bconsole.

Type: "unspecified"

Declared by:

<nixpkgs/nixos/modules/services/backup/almir.nix>
services.almir.director_port

Port for Director to connect with bconsole.

Type: "integer"

Default: 9101

Declared by:

<nixpkgs/nixos/modules/services/backup/almir.nix>
services.almir.enable

Enable Almir web server. Also configures postgresql database and installs bacula.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/backup/almir.nix>
services.almir.port

Port for Almir web server to listen on.

Type: "integer"

Default: 35000

Declared by:

<nixpkgs/nixos/modules/services/backup/almir.nix>
services.almir.sqlalchemy_engine_url

Define SQL database connection to bacula catalog as specified in http://docs.sqlalchemy.org/en/latest/core/engines.html#database-urls

Type: "unspecified"

Default: "postgresql:///bacula"

Example:

''
postgresql://bacula:bacula@localhost:5432/bacula
mysql+mysqlconnector://<user>:<password>@<hostname>/<database>'
sqlite:////var/lib/bacula/bacula.db'
''

Declared by:

<nixpkgs/nixos/modules/services/backup/almir.nix>
services.almir.timezone

Timezone as specified in https://en.wikipedia.org/wiki/List_of_tz_database_time_zones

Type: "unspecified"

Example: "Europe/Ljubljana"

Declared by:

<nixpkgs/nixos/modules/services/backup/almir.nix>
services.amule.dataDir

The directory holding configuration, incoming and temporary files.

Type: "unspecified"

Default: "/home/amule/"

Declared by:

<nixpkgs/nixos/modules/services/networking/amuled.nix>
services.amule.enable

Whether to run the AMule daemon. You need to manually run "amuled --ec-config" to configure the service for the first time.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/amuled.nix>
services.amule.user

The user the AMule daemon should run as.

Type: "unspecified"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/amuled.nix>
services.apache-kafka.brokerId

Broker ID.

Type: "integer"

Default: 0

Declared by:

<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
services.apache-kafka.enable

Whether to enable Apache Kafka.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
services.apache-kafka.extraProperties

Extra properties for server.properties.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
services.apache-kafka.hostname

Hostname the broker should bind to.

Type: "string"

Default: "localhost"

Declared by:

<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
services.apache-kafka.jvmOptions

Extra command line options for the JVM running Kafka.

Type: "list of strings"

Default: [ "-server" "-Xmx1G" "-Xms1G" "-XX:+UseCompressedOops" "-XX:+UseParNewGC" "-XX:+UseConcMarkSweepGC" "-XX:+CMSClassUnloadingEnabled" "-XX:+CMSScavengeBeforeRemark" "-XX:+DisableExplicitGC" "-Djava.awt.headless=true" "-Djava.net.preferIPv4Stack=true" ]

Example: [ "-Djava.net.preferIPv4Stack=true" "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.local.only=true" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
services.apache-kafka.log4jProperties

Kafka log4j property configuration.

Type: "string"

Default:

''
log4j.rootLogger=INFO, stdout 

log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=[%d] %p %m (%c)%n
''

Declared by:

<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
services.apache-kafka.logDirs

Log file directories

Type: "list of paths"

Default: [ "/tmp/kafka-logs" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
services.apache-kafka.port

Port number the broker should listen on.

Type: "integer"

Default: 9092

Declared by:

<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
services.apache-kafka.serverProperties

Complete server.properties content. Other server.properties config options will be ignored if this option is used.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
services.apache-kafka.zookeeper

Zookeeper connection string

Type: "string"

Default: "localhost:2181"

Declared by:

<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
services.apcupsd.configText

Contents of the runtime configuration file, apcupsd.conf. The default settings makes apcupsd autodetect USB UPSes, limit network access to localhost and shutdown the system when the battery level is below 50 percent, or when the UPS has calculated that it has 5 minutes or less of remaining power-on time. See man apcupsd.conf for details.

Type: "string"

Default:

''
UPSTYPE usb
NISIP 127.0.0.1
BATTERYLEVEL 50
MINUTES 5
''

Declared by:

<nixpkgs/nixos/modules/services/monitoring/apcupsd.nix>
services.apcupsd.enable

Whether to enable the APC UPS daemon. apcupsd monitors your UPS and permits orderly shutdown of your computer in the event of a power failure. User manual: http://www.apcupsd.com/manual/manual.html. Note that apcupsd runs as root (to allow shutdown of computer). You can check the status of your UPS with the "apcaccess" command.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/apcupsd.nix>
services.apcupsd.hooks

Each attribute in this option names an apcupsd event and the string value it contains will be executed in a shell, in response to that event (prior to the default action). See "man apccontrol" for the list of events and what they represent. A hook script can stop apccontrol from doing its default action by exiting with value 99. Do not do this unless you know what you're doing.

Type: "attribute set of strings"

Default: { }

Example: { doshutdown = "# shell commands to notify that the computer is shutting down"; }

Declared by:

<nixpkgs/nixos/modules/services/monitoring/apcupsd.nix>
services.atd.allowEveryone

Whether to make /var/spool/at{jobs,spool} writeable by everyone (and sticky). This is normally not needed since the at commands are setuid/setgid atd.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/scheduling/atd.nix>
services.atd.enable

Whether to enable the at daemon, a command scheduler.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/scheduling/atd.nix>
services.atftpd.enable

Whenever to enable the atftpd TFTP server.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/atftpd.nix>
services.atftpd.root

Document root directory for the atftpd.

Type: "string"

Default: "/var/empty"

Declared by:

<nixpkgs/nixos/modules/services/networking/atftpd.nix>
services.avahi.browseDomains

List of non-local DNS domains to be browsed.

Type: "unspecified"

Default: [ "0pointer.de" "zeroconf.org" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
services.avahi.enable

Whether to run the Avahi daemon, which allows Avahi clients to use Avahi's service discovery facilities and also allows the local machine to advertise its presence and services (through the mDNS responder implemented by `avahi-daemon').

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
services.avahi.hostName

Host name advertised on the LAN. If not set, avahi will use the value of config.networking.hostName.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
services.avahi.ipv4

Whether to use IPv4

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
services.avahi.ipv6

Whether to use IPv6

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
services.avahi.nssmdns

Whether to enable the mDNS NSS (Name Service Switch) plug-in. Enabling it allows applications to resolve names in the `.local' domain by transparently querying the Avahi daemon.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
services.avahi.publishing

Whether to allow publishing.

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
services.avahi.wideArea

Whether to enable wide-area service discovery.

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
services.bacula-dir.enable

Whether to enable Bacula Director Daemon.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-dir.extraConfig

Extra configuration for Bacula Director Daemon.

Type: "unspecified"

Default: ""

Example:

''
TODO
''

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-dir.extraDirectorConfig

Extra configuration to be passed in Director directive.

Type: "unspecified"

Default: ""

Example:

''
Maximum Concurrent Jobs = 20;
Heartbeat Interval = 30;
''

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-dir.extraMessagesConfig

Extra configuration to be passed in Messages directive.

Type: "unspecified"

Default: ""

Example:

''
console = all
''

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-dir.name

The director name used by the system administrator. This directive is required.

Type: "unspecified"

Default: "nixos-dir"

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-dir.password

Specifies the password that must be supplied for a Director.

Type: "unspecified"

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-dir.port

Specify the port (a positive integer) on which the Director daemon will listen for Bacula Console connections. This same port number must be specified in the Director resource of the Console configuration file. The default is 9101, so normally this directive need not be specified. This directive should not be used if you specify DirAddresses (N.B plural) directive.

Type: "integer"

Default: 9101

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-fd.director

This option defines director resources in Bacula File Daemon.

Type: "attribute set of submodules"

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-fd.director.<name>.monitor

If Monitor is set to no (default), this director will have full

Type: "unspecified"

Default: "no"

Example: "yes"

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-fd.director.<name>.password

Specifies the password that must be supplied for a Director to b

Type: "unspecified"

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-fd.enable

Whether to enable Bacula File Daemon.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-fd.extraClientConfig

Extra configuration to be passed in Client directive.

Type: "unspecified"

Default: ""

Example:

''
Maximum Concurrent Jobs = 20;
Heartbeat Interval = 30;
''

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-fd.extraMessagesConfig

Extra configuration to be passed in Messages directive.

Type: "unspecified"

Default: ""

Example:

''
console = all
''

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-fd.name

The client name that must be used by the Director when connecting. Generally, it is a good idea to use a name related to the machine so that error messages can be easily identified if you have multiple Clients. This directive is required.

Type: "unspecified"

Default: "nixos-fd"

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-fd.port

This specifies the port number on which the Client listens for Director connections. It must agree with the FDPort specified in the Client resource of the Director's configuration file. The default is 9102.

Type: "integer"

Default: 9102

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-sd.device

This option defines Device resources in Bacula Storage Daemon.

Type: "attribute set of submodules"

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-sd.device.<name>.archiveDevice

The specified name-string gives the system file name of the storage device managed by this storage daemon. This will usually be the device file name of a removable storage device (tape drive), for example " /dev/nst0" or "/dev/rmt/0mbn". For a DVD-writer, it will be for example /dev/hdc. It may also be a directory name if you are archiving to disk storage.

Type: "unspecified"

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-sd.device.<name>.extraDeviceConfig

Extra configuration to be passed in Device directive.

Type: "unspecified"

Default: ""

Example:

''
LabelMedia = yes
Random Access = no
AutomaticMount = no
RemovableMedia = no
MaximumOpenWait = 60
AlwaysOpen = no
''

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-sd.device.<name>.mediaType

The specified name-string names the type of media supported by this device, for example, "DLT7000". Media type names are arbitrary in that you set them to anything you want, but they must be known to the volume database to keep track of which storage daemons can read which volumes. In general, each different storage type should have a unique Media Type associated with it. The same name-string must appear in the appropriate Storage resource definition in the Director's configuration file.

Type: "unspecified"

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-sd.director

This option defines Director resources in Bacula Storage Daemon.

Type: "attribute set of submodules"

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-sd.director.<name>.monitor

If Monitor is set to no (default), this director will have full

Type: "unspecified"

Default: "no"

Example: "yes"

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-sd.director.<name>.password

Specifies the password that must be supplied for a Director to b

Type: "unspecified"

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-sd.enable

Whether to enable Bacula Storage Daemon.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-sd.extraMessagesConfig

Extra configuration to be passed in Messages directive.

Type: "unspecified"

Default: ""

Example:

''
console = all
''

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-sd.extraStorageConfig

Extra configuration to be passed in Storage directive.

Type: "unspecified"

Default: ""

Example:

''
Maximum Concurrent Jobs = 20;
Heartbeat Interval = 30;
''

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-sd.name

Specifies the Name of the Storage daemon.

Type: "unspecified"

Default: "nixos-sd"

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-sd.port

Specifies port number on which the Storage daemon listens for Director connections. The default is 9103.

Type: "integer"

Default: 9103

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bind.blockedNetworks

What networks are just blocked.

Type: "unspecified"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/bind.nix>
services.bind.cacheNetworks

What networks are allowed to use us as a resolver.

Type: "unspecified"

Default: [ "127.0.0.0/24" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/bind.nix>
services.bind.configFile

Overridable config file to use for named. By default, that generated by nixos.

Type: "unspecified"

Default: (build of named.conf)

Declared by:

<nixpkgs/nixos/modules/services/networking/bind.nix>
services.bind.enable

Whether to enable BIND domain name server.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/bind.nix>
services.bind.forwarders

List of servers we should forward requests to.

Type: "unspecified"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/bind.nix>
services.bind.ipv4Only

Only use ipv4, even if the host supports ipv6.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/bind.nix>
services.bind.zones

List of zones we claim authority over. master=false means slave server; slaves means addresses who may request zone transfer.

Type: "unspecified"

Default: [ ]

Example: [ { file = "/var/dns/example.com"; master = false; masters = [ "192.168.0.1" ] ; name = "example.com"; slaves = [ ] ; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/bind.nix>
services.bitlbee.authMode

The following authentication modes are available: Open -- Accept connections from anyone, use NickServ for user authentication. Closed -- Require authorization (using the PASS command during login) before allowing the user to connect at all. Registered -- Only allow registered users to use this server; this disables the register- and the account command until the user identifies himself.

Type: "string"

Default: "Open"

Declared by:

<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
services.bitlbee.enable

Whether to run the BitlBee IRC to other chat network gateway. Running it allows you to access the MSN, Jabber, Yahoo! and ICQ chat networks via an IRC client.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
services.bitlbee.extraDefaults

Will be inserted in the Default section of the config file.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
services.bitlbee.extraSettings

Will be inserted in the Settings section of the config file.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
services.bitlbee.interface

The interface the BitlBee deamon will be listening to. If `127.0.0.1', only clients on the local host can connect to it; if `0.0.0.0', clients can access it from any network interface.

Type: "unspecified"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
services.bitlbee.portNumber

Number of the port BitlBee will be listening to.

Type: "unspecified"

Default: 6667

Declared by:

<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
services.bosun.enable

Whether to run bosun.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
services.bosun.extraConfig

Extra configuration options for Bosun. You should describe your desired templates, alerts, macros, etc through this configuration option. A detailed description of the supported syntax can be found at-spi2-atk http://bosun.org/configuration.html

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
services.bosun.group

Group account under which bosun runs.

Type: "string"

Default: "bosun"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
services.bosun.listenAddress

The host address and port that bosun's web interface will listen on.

Type: "string"

Default: ":8070"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
services.bosun.opentsdbHost

Host and port of the OpenTSDB database that stores bosun data.

Type: "string"

Default: "localhost:4242"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
services.bosun.stateFile

Path to bosun's state file.

Type: "string"

Default: "/var/lib/bosun/bosun.state"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
services.bosun.user

User account under which bosun runs.

Type: "string"

Default: "bosun"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
services.btsync.apiKey

API key, which enables the developer API.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.checkForUpdates

Determines whether to check for updates and alert the user about them in the UI.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.deviceName

Name of the Bittorrent Sync device.

Type: "string"

Example: "Voltron"

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.downloadLimit

Download speed limit. 0 is unlimited (default).

Type: "integer"

Default: 0

Example: 1024

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.enable

If enabled, start the Bittorrent Sync daemon. Once enabled, you can interact with the service through the Web UI, or configure it in your NixOS configuration. Enabling the btsync service also installs a multi-instance systemd unit which can be used to start user-specific copies of the daemon. Once installed, you can use systemctl start btsync@user to start the daemon only for user user, using the configuration file located at $HOME/.config/btsync.conf.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.enableWebUI

Enable Web UI for administration. Bound to the specified httpListenAddress and httpListenPort.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.encryptLAN

Encrypt LAN data.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.httpListenAddr

HTTP address to bind to.

Type: "string"

Default: "0.0.0.0"

Example: "1.2.3.4"

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.httpListenPort

HTTP port to bind on.

Type: "integer"

Default: 9000

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.httpLogin

HTTP web login username.

Type: "string"

Default: ""

Example: "allyourbase"

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.httpPass

HTTP web login password.

Type: "string"

Default: ""

Example: "arebelongtous"

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.listeningPort

Listening port. Defaults to 0 which randomizes the port.

Type: "integer"

Default: 0

Example: 44444

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.sharedFolders

Shared folder list. If enabled, web UI must be disabled. Secrets can be generated using btsync --generate-secret. Note that this secret will be put inside the Nix store, so it is realistically not very secret. If you would like to be able to modify the contents of this directories, it is recommended that you make your user a member of the btsync group. Directories in this list should be in the btsync group, and that group must have write access to the directory. It is also recommended that chmod g+s is applied to the directory so that any sub directories created will also belong to the btsync group. Also, setfacl -d -m group:btsync:rwx and setfacl -m group:btsync:rwx should also be applied so that the sub directories are writable by the group.

Type: "unspecified"

Default: [ ]

Example: [ { directory = "/home/user/sync_test"; knownHosts = [ "192.168.1.2:4444" "192.168.1.3:4444" ] ; searchLAN = true; secret = "AHMYFPCQAHBM7LQPFXQ7WV6Y42IGUXJ5Y"; useDHT = false; useRelayServer = true; useSyncTrash = true; useTracker = true; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.storagePath

Where to store the bittorrent sync files.

Type: "path"

Default: "/var/lib/btsync"

Example: "/var/lib/btsync"

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.uploadLimit

Upload speed limit. 0 is unlimited (default).

Type: "integer"

Default: 0

Example: 1024

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.useUpnp

Use Universal Plug-n-Play (UPnP)

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.cadvisor.enable

Whether to enable cadvisor service.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
services.cadvisor.host

Cadvisor listening host

Type: "string"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
services.cadvisor.port

Cadvisor listening port

Type: "integer"

Default: 8080

Declared by:

<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
services.cadvisor.storageDriver

Cadvisor storage driver.

Type: "null or string"

Default: null

Example: "influxdb"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
services.cadvisor.storageDriverDb

Cadvisord storage driver database name.

Type: "string"

Default: "root"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
services.cadvisor.storageDriverHost

Cadvisor storage driver host.

Type: "string"

Default: "localhost:8086"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
services.cadvisor.storageDriverPassword

Cadvisor storage driver password.

Type: "string"

Default: "root"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
services.cadvisor.storageDriverSecure

Cadvisor storage driver, enable secure communication.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
services.cadvisor.storageDriverUser

Cadvisor storage driver username.

Type: "string"

Default: "root"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
services.canto-daemon.enable

Whether to enable the canto RSS daemon.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/canto-daemon.nix>
services.cgminer.config

Additional config

Type: "unspecified"

Default: { }

Example: { auto-fan = true; auto-gpu = true; expiry = 120; failover-only = true; gpu-threads = 2; log = 5; queue = 1; scan-time = 60; temp-histeresys = 3; }

Declared by:

<nixpkgs/nixos/modules/services/misc/cgminer.nix>
services.cgminer.enable

Whether to enable cgminer, an ASIC/FPGA/GPU miner for bitcoin and litecoin.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/cgminer.nix>
services.cgminer.hardware

List of config options for every GPU

Type: "unspecified"

Default: [ ]

Example: [ { gpu-engine = "0-985"; gpu-fan = "0-85"; gpu-memclock = 860; gpu-powertune = 20; intensity = 9; temp-cutoff = 95; temp-overheat = 85; temp-target = 75; } { gpu-engine = "0-950"; gpu-fan = "0-85"; gpu-memclock = 825; gpu-powertune = 20; intensity = 9; temp-cutoff = 95; temp-overheat = 85; temp-target = 75; } ]

Declared by:

<nixpkgs/nixos/modules/services/misc/cgminer.nix>
services.cgminer.pools

List of pools where to mine

Type: "unspecified"

Default: [ ]

Example: [ { password = "X"; url = "http://p2pool.org:9332"; username = "17EUZxTvs9uRmPsjPZSYUU3zCz9iwstudk"; } ]

Declared by:

<nixpkgs/nixos/modules/services/misc/cgminer.nix>
services.cgminer.user

User account under which cgminer runs

Type: "unspecified"

Default: "cgminer"

Declared by:

<nixpkgs/nixos/modules/services/misc/cgminer.nix>
services.chronos.enable

Whether to enable graphite web frontend.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/scheduling/chronos.nix>
services.chronos.httpPort

Chronos listening port

Type: "integer"

Default: 4400

Declared by:

<nixpkgs/nixos/modules/services/scheduling/chronos.nix>
services.chronos.master

Chronos mesos master zookeeper address

Type: "string"

Default: "zk://localhost:2181/mesos"

Declared by:

<nixpkgs/nixos/modules/services/scheduling/chronos.nix>
services.chronos.zookeeperHosts

Chronos mesos zookepper addresses

Type: "list of strings"

Default: [ "localhost:2181" ]

Declared by:

<nixpkgs/nixos/modules/services/scheduling/chronos.nix>
services.chrony.enable

Whether to synchronise your machine's time using chrony. Make sure you disable NTP if you enable this service.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/chrony.nix>
services.chrony.extraConfig

Extra configuration directives that should be added to chrony.conf

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/chrony.nix>
services.chrony.initstepslew

Allow chronyd to make a rapid measurement of the system clock error at boot time, and to correct the system clock by stepping before normal operation begins.

Type: "unspecified"

Default: { enabled = true; servers = [ "0.nixos.pool.ntp.org" "1.nixos.pool.ntp.org" "2.nixos.pool.ntp.org" "3.nixos.pool.ntp.org" ] ; threshold = 1000; }

Declared by:

<nixpkgs/nixos/modules/services/networking/chrony.nix>
services.chrony.servers

The set of NTP servers from which to synchronise.

Type: "unspecified"

Default: [ "0.nixos.pool.ntp.org" "1.nixos.pool.ntp.org" "2.nixos.pool.ntp.org" "3.nixos.pool.ntp.org" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/chrony.nix>
services.cjdns.ETHInterface.beacon

Auto-connect to other cjdns nodes on the same network. Options: 0: Disabled. 1: Accept beacons, this will cause cjdns to accept incoming beacon messages and try connecting to the sender. 2: Accept and send beacons, this will cause cjdns to broadcast messages on the local network which contain a randomly generated per-session password, other nodes which have this set to 1 or 2 will hear the beacon messages and connect automatically.

Type: "integer"

Default: 2

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.ETHInterface.bind

Bind to this device for native ethernet operation.

Type: "unspecified"

Default: ""

Example: "eth0"

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.ETHInterface.connectTo

Credentials for connecting look similar to UDP credientials except they begin with the mac address.

Type: "attribute set of submodules"

Default: { }

Example: { 01:02:03:04:05:06 = { hostname = "homer.hype"; password = "5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM"; publicKey = "371zpkgs8ss387tmr81q04mp0hg1skb51hw34vk1cq644mjqhup0.k"; } ; }

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.ETHInterface.connectTo.<name>.hostname

Optional hostname to add to /etc/hosts; prevents reverse lookup failures.

Type: "string"

Default: ""

Example: "foobar.hype"

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.ETHInterface.connectTo.<name>.password

Authorized password to the opposite end of the tunnel.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.ETHInterface.connectTo.<name>.publicKey

Public key at the opposite end of the tunnel.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.UDPInterface.bind

Address and port to bind UDP tunnels to.

Type: "string"

Default: ""

Example: "192.168.1.32:43211"

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.UDPInterface.connectTo

Credentials for making UDP tunnels.

Type: "attribute set of submodules"

Default: { }

Example: { 192.168.1.1:27313 = { hostname = "homer.hype"; password = "5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM"; publicKey = "371zpkgs8ss387tmr81q04mp0hg1skb51hw34vk1cq644mjqhup0.k"; } ; }

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.UDPInterface.connectTo.<name>.hostname

Optional hostname to add to /etc/hosts; prevents reverse lookup failures.

Type: "string"

Default: ""

Example: "foobar.hype"

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.UDPInterface.connectTo.<name>.password

Authorized password to the opposite end of the tunnel.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.UDPInterface.connectTo.<name>.publicKey

Public key at the opposite end of the tunnel.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.admin.bind

Bind the administration port to this address and port.

Type: "string"

Default: "127.0.0.1:11234"

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.authorizedPasswords

Any remote cjdns nodes that offer these passwords on connection will be allowed to route through this node.

Type: "list of strings"

Default: [ ]

Example: [ "snyrfgkqsc98qh1y4s5hbu0j57xw5s0" "z9md3t4p45mfrjzdjurxn4wuj0d8swv" "49275fut6tmzu354pq70sr5b95qq0vj" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.confFile

Ignore all other cjdns options and load configuration from this file.

Type: "string"

Default: ""

Example: "/etc/cjdroute.conf"

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.enable

Whether to enable the cjdns network encryption and routing engine. A file at /etc/cjdns.keys will be created if it does not exist to contain a random secret key that your IPv6 address will be derived from.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.clamav.updater.config

Extra configuration for freshclam. Contents will be added verbatim to the configuration file.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/security/clamav.nix>
services.clamav.updater.enable

Whether to enable automatic ClamAV virus definitions database updates.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/security/clamav.nix>
services.clamav.updater.frequency

Number of database checks per day.

Type: "unspecified"

Default: 12

Declared by:

<nixpkgs/nixos/modules/services/security/clamav.nix>
services.cloud-init.enable

Enable the cloud-init service. This services reads configuration metadata in a cloud environment and configures the machine according to this metadata. This configuration is not completely compatible with the NixOS way of doing configuration, as configuration done by cloud-init might be overriden by a subsequent nixos-rebuild call. However, some parts of cloud-init fall outside of NixOS's responsibility, like filesystem resizing and ssh public key provisioning, and cloud-init is useful for that parts. Thus, be wary that using cloud-init in NixOS might come as some cost.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/system/cloud-init.nix>
services.cntlm.domain

Proxy account domain/workgroup name.

Type: "unspecified"

Declared by:

<nixpkgs/nixos/modules/services/networking/cntlm.nix>
services.cntlm.enable

Whether to enable the cntlm, which start a local proxy.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/cntlm.nix>
services.cntlm.extraConfig

Verbatim contents of cntlm.conf.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/cntlm.nix>
services.cntlm.netbios_hostname

The hostname of your machine.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/networking/cntlm.nix>
services.cntlm.password

Proxy account password. Note: use chmod 0600 on /etc/cntlm.password for security.

Type: "string"

Default: "/etc/cntlm.password"

Declared by:

<nixpkgs/nixos/modules/services/networking/cntlm.nix>
services.cntlm.port

Specifies on which ports the cntlm daemon listens.

Type: "unspecified"

Default: [ 3128 ]

Declared by:

<nixpkgs/nixos/modules/services/networking/cntlm.nix>
services.cntlm.proxy

A list of NTLM/NTLMv2 authenticating HTTP proxies. Parent proxy, which requires authentication. The same as proxy on the command-line, can be used more than once to specify unlimited number of proxies. Should one proxy fail, cntlm automatically moves on to the next one. The connect request fails only if the whole list of proxies is scanned and (for each request) and found to be invalid. Command-line takes precedence over the configuration file.

Type: "unspecified"

Declared by:

<nixpkgs/nixos/modules/services/networking/cntlm.nix>
services.cntlm.username

Proxy account name, without the possibility to include domain name ('at' sign is interpreted literally).

Type: "unspecified"

Declared by:

<nixpkgs/nixos/modules/services/networking/cntlm.nix>
services.collectd.autoLoadPlugin

Enable plugin autoloading.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
services.collectd.dataDir

Data directory for collectd agent.

Type: "path"

Default: "/var/lib/collectd"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
services.collectd.enable

Whether to enable collectd agent.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
services.collectd.extraConfig

Extra configuration for collectd.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
services.collectd.include

Additional paths to load config from.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
services.collectd.pidFile

Location of collectd pid file.

Type: "path"

Default: "/var/run/collectd.pid"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
services.collectd.user

User under which to run collectd.

Type: "null or string"

Default: "collectd"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
services.consul.alerts.consulAddr

Consul api listening adddress

Type: "string"

Default: "localhost:8500"

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.alerts.enable

Whether to enable Whether to enable consul-alerts.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.alerts.listenAddr

Api listening address.

Type: "string"

Default: "localhost:9000"

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.alerts.watchChecks

Whether to enable check watcher.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.alerts.watchEvents

Whether to enable event watcher.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.dropPrivileges

Whether the consul agent should be run as a non-root consul user.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.enable

Enables the consul daemon.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.extraConfig

Extra configuration options which are serialized to json and added to the config.json file.

Type: "unspecified"

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.extraConfigFiles

Additional configuration files to pass to consul NOTE: These will not trigger the service to be restarted when altered.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.forceIpv4

Whether we should force the interfaces to only pull ipv4 addresses.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.interface.advertise

The name of the interface to pull the advertise_addr from.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.interface.bind

The name of the interface to pull the bind_addr from.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.joinNodes

A list of addresses of nodes which should be joined at startup if the current node is in a left state.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.joinRetries

The number of times to retry connecting to the join nodes.

Type: "integer"

Default: 10

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.leaveOnStop

If enabled, causes a leave action to be sent when closing consul. This allows a clean termination of the node, but permanently removes it from the cluster. You probably don't want this option unless you are running a node which going offline in a permanent / semi-permanent fashion.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.webUi

Enables the web interface on the consul http port.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.couchdb.bindAddress

Defines the IP address by which CouchDB will be accessible.

Type: "string"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/databases/couchdb.nix>
services.couchdb.configFile

Configuration file for persisting runtime changes. File needs to be readable and writable from couchdb user/group.

Type: "string"

Default: "/var/lib/couchdb/couchdb.ini"

Declared by:

<nixpkgs/nixos/modules/services/databases/couchdb.nix>
services.couchdb.databaseDir

Specifies location of CouchDB database files (*.couch named). This location should be writable and readable for the user the CouchDB service runs as (couchdb by default).

Type: "path"

Default: "/var/lib/couchdb"

Declared by:

<nixpkgs/nixos/modules/services/databases/couchdb.nix>
services.couchdb.enable

Whether to run CouchDB Server.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/databases/couchdb.nix>
services.couchdb.extraConfig

Extra configuration. Overrides any other cofiguration.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/databases/couchdb.nix>
services.couchdb.group

Group account under which couchdb runs.

Type: "string"

Default: "couchdb"

Declared by:

<nixpkgs/nixos/modules/services/databases/couchdb.nix>
services.couchdb.logFile

Specifies the location of file for logging output.

Type: "path"

Default: "/var/log/couchdb.log"

Declared by:

<nixpkgs/nixos/modules/services/databases/couchdb.nix>
services.couchdb.port

Defined the port number to listen.

Type: "integer"

Default: 5984

Declared by:

<nixpkgs/nixos/modules/services/databases/couchdb.nix>
services.couchdb.uriFile

This file contains the full URI that can be used to access this instance of CouchDB. It is used to help discover the port CouchDB is running on (if it was set to 0 (e.g. automatically assigned any free one). This file should be writable and readable for the user that runs the CouchDB service (couchdb by default).

Type: "path"

Default: "/var/run/couchdb/couchdb.uri"

Declared by:

<nixpkgs/nixos/modules/services/databases/couchdb.nix>
services.couchdb.user

User account under which couchdb runs.

Type: "string"

Default: "couchdb"

Declared by:

<nixpkgs/nixos/modules/services/databases/couchdb.nix>
services.couchdb.viewIndexDir

Specifies location of CouchDB view index files. This location should be writable and readable for the user that runs the CouchDB service (couchdb by default).

Type: "path"

Default: "/var/lib/couchdb"

Declared by:

<nixpkgs/nixos/modules/services/databases/couchdb.nix>
services.cpuminer-cryptonight.enable

Whether to enable the cpuminer cryptonight miner.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
services.cpuminer-cryptonight.pass

Password for mining server

Type: "string"

Default: "x"

Declared by:

<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
services.cpuminer-cryptonight.threads

Number of miner threads, defaults to available processors

Type: "integer"

Default: 0

Declared by:

<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
services.cpuminer-cryptonight.url

URL of mining server

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
services.cpuminer-cryptonight.user

Username for mining server

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
services.crashplan.enable

Starts crashplan background service.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/backup/crashplan.nix>
services.cron.cronFiles

A list of extra crontab files that will be read and appended to the main crontab file when the cron service starts.

Type: "list of paths"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/scheduling/cron.nix>
services.cron.enable

Whether to enable the Vixie cron daemon.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/scheduling/cron.nix>
services.cron.mailto

Email address to which job output will be mailed.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/scheduling/cron.nix>
services.cron.systemCronJobs

A list of Cron jobs to be appended to the system-wide crontab. See the manual page for crontab for the expected format. If you want to get the results mailed you must setuid sendmail. See security.setuidOwners If neither /var/cron/cron.deny nor /var/cron/cron.allow exist only root will is allowed to have its own crontab file. The /var/cron/cron.deny file is created automatically for you. So every user can use a crontab. Many nixos modules set systemCronJobs, so if you decide to disable vixie cron and enable another cron daemon, you may want it to get its system crontab based on systemCronJobs.

Type: "list of strings"

Default: [ ]

Example:

[ "* * * * *  test   ls -l / > /tmp/cronout 2>&1"
  "* * * * *  eelco  echo Hello World > /home/eelco/cronout"
]

Declared by:

<nixpkgs/nixos/modules/services/scheduling/cron.nix>
services.dbus.enable

Whether to start the D-Bus message bus daemon, which is required by many other system services and applications.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/system/dbus.nix>
services.dbus.packages

Packages whose D-Bus configuration files should be included in the configuration of the D-Bus system-wide message bus. Specifically, every file in pkg/etc/dbus-1/system.d is included.

Type: "list of paths"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/system/dbus.nix>
services.dd-agent.api_key

The Datadog API key to associate the agent with your account

Type: "string"

Example: "ae0aa6a8f08efa988ba0a17578f009ab"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/dd-agent.nix>
services.dd-agent.enable

Whether to enable the dd-agent montioring service

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/dd-agent.nix>
services.dd-agent.hostname

The hostname to show in the Datadog dashboard (optional)

Type: "null or string"

Default: null

Example: "mymachine.mydomain"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/dd-agent.nix>
services.dd-agent.nginxConfig

Datadog nginx integration configuration

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/monitoring/dd-agent.nix>
services.dd-agent.postgresqlConfig

Datadog PostgreSQL integration configuration

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/monitoring/dd-agent.nix>
services.ddclient.domain

Domain name to synchronize.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/ddclient.nix>
services.ddclient.enable

Whether to synchronise your machine's IP address with a dynamic DNS provider (e.g. dyndns.org).

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/ddclient.nix>
services.ddclient.extraConfig

Extra configuration. Contents will be added verbatim to the configuration file.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/ddclient.nix>
services.ddclient.password

Password.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/ddclient.nix>
services.ddclient.protocol

Protocol to use with dynamic DNS provider (see http://sourceforge.net/apps/trac/ddclient/wiki/Protocols).

Type: "string"

Default: "dyndns2"

Declared by:

<nixpkgs/nixos/modules/services/networking/ddclient.nix>
services.ddclient.server

Server address.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/ddclient.nix>
services.ddclient.ssl

Whether to use to use SSL/TLS to connect to dynamic DNS provider.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/ddclient.nix>
services.ddclient.use

Method to determine the IP address to send to the dymanic DNS provider.

Type: "string"

Default: "web, web=checkip.dyndns.com/, web-skip='Current IP Address: '"

Declared by:

<nixpkgs/nixos/modules/services/networking/ddclient.nix>
services.ddclient.username

Username.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/ddclient.nix>
services.deluge.enable

Start Deluge daemon.

Type: "unspecified"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/torrent/deluge.nix>
services.deluge.web.enable

Start Deluge Web daemon.

Type: "unspecified"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/torrent/deluge.nix>
services.dhcpd.configFile

The path of the DHCP server configuration file. If no file is specified, a file is generated using the other options.

Type: "unspecified"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.dhcpd.enable

Whether to enable the DHCP server.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.dhcpd.extraConfig

Extra text to be appended to the DHCP server configuration file. Currently, you almost certainly need to specify something here, such as the options specifying the subnet mask, DNS servers, etc.

Type: "unspecified"

Default: ""

Example:

''
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.5;
option domain-name-servers 130.161.158.4, 130.161.33.17, 130.161.180.1;
option domain-name "example.org";
subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.100 192.168.1.200;
}
''

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.dhcpd.interfaces

The interfaces on which the DHCP server should listen.

Type: "unspecified"

Default: [ "eth0" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.dhcpd.machines

A list mapping ethernet addresses to IP addresses for the DHCP server.

Type: "unspecified"

Default: [ ]

Example: [ { ethernetAddress = "00:16:76:9a:32:1d"; hostName = "foo"; ipAddress = "192.168.1.10"; } { ethernetAddress = "00:19:d1:1d:c4:9a"; hostName = "bar"; ipAddress = "192.168.1.11"; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.dictd.DBs

List of databases to make available.

Type: "unspecified"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/misc/dictd.nix>
services.dictd.enable

Whether to enable the DICT.org dictionary server.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/dictd.nix>
services.diod.allsquash

Remap all users to "nobody". The attaching user need not be present in the password file.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
services.diod.authRequired

Allow clients to connect without authentication, i.e. without a valid MUNGE credential.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
services.diod.enable

Whether to enable the diod 9P file server.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
services.diod.exportall

Export all file systems listed in /proc/mounts. If new file systems are mounted after diod has started, they will become immediately mountable. If there is a duplicate entry for a file system in the exports list, any options listed in the exports entry will apply.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
services.diod.exportopts

Establish a default set of export options. These are overridden, not appended to, by opts attributes in an "exports" entry.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
services.diod.exports

List the file systems that clients will be allowed to mount. All paths should be fully qualified. The exports table can include two types of element: a string element (as above), or an alternate table element form { path="/path", opts="ro" }. In the alternate form, the (optional) opts attribute is a comma-separated list of export options. The two table element forms can be mixed in the exports table. Note that although diod will not traverse file system boundaries for a given mount due to inode uniqueness constraints, subdirectories of a file system can be separately exported.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
services.diod.extraConfig

Extra configuration options for diod.conf.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
services.diod.listen

[ "IP:PORT" [,"IP:PORT",...] ] List the interfaces and ports that diod should listen on.

Type: "list of strings"

Default: [ "0.0.0.0:564" ]

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
services.diod.logdest

Set the destination for logging. The value has the form of "syslog:facility:level" or "filename".

Type: "string"

Default: "syslog:daemon:err"

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
services.diod.nwthreads

Sets the (fixed) number of worker threads created to handle 9P requests for a unique aname.

Type: "integer"

Default: 16

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
services.diod.squashuser

Change the squash user. The squash user must be present in the password file.

Type: "string"

Default: "nobody"

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
services.diod.statfsPassthru

This option configures statfs to return the host file system's type rather than V9FS_MAGIC.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
services.diod.userdb

This option disables password/group lookups. It allows any uid to attach and assumes gid=uid, and supplementary groups contain only the primary gid.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
services.disnix.enable

Whether to enable Disnix

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/disnix.nix>
services.disnix.infrastructure

List of name value pairs containing properties for the infrastructure model

Type: "unspecified"

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/misc/disnix.nix>
services.disnix.publishAvahi

Whether to publish capabilities/properties as a Disnix service through Avahi

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/disnix.nix>
services.disnix.publishInfrastructure.enable

Whether to publish capabilities/properties of this machine in as attributes in the infrastructure option

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/disnix.nix>
services.disnix.publishInfrastructure.enableAuthentication

Whether to publish authentication credentials through the infrastructure attribute (not recommended in combination with Avahi)

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/disnix.nix>
services.disnix.useWebServiceInterface

Whether to enable the DisnixWebService interface running on Apache Tomcat

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/disnix.nix>
services.dnscrypt-proxy.enable

Enable dnscrypt-proxy. The proxy relays regular DNS queries to a DNSCrypt enabled upstream resolver. The traffic between the client and the upstream resolver is encrypted and authenticated, which may mitigate the risk of MITM attacks and third-party snooping (assuming the upstream is trustworthy).

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy.nix>
services.dnscrypt-proxy.localAddress

Listen for DNS queries on this address.

Type: "string"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy.nix>
services.dnscrypt-proxy.port

Listen on this port.

Type: "integer"

Default: 53

Declared by:

<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy.nix>
services.dnscrypt-proxy.resolverName

The name of the upstream DNSCrypt resolver to use. See /nix/store/8dlsxxga5cwyk669570z8ibzs18dv9ns-dnscrypt-proxy-1.4.3/share/dnscrypt-proxy/dnscrypt-resolvers.csv for alternative resolvers (e.g., if you are concerned about logging and/or server location).

Type: "string"

Default: "opendns"

Declared by:

<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy.nix>
services.dnscrypt-proxy.tcpOnly

Force sending encrypted DNS queries to the upstream resolver over TCP instead of UDP (on port 443). Enabling this option may help circumvent filtering, but should not be used otherwise.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy.nix>
services.dnsmasq.enable

Whether to run dnsmasq.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
services.dnsmasq.extraConfig

Extra configuration directives that should be added to dnsmasq.conf

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
services.dnsmasq.resolveLocalQueries

Whether dnsmasq should resolve local queries (i.e. add 127.0.0.1 to /etc/resolv.conf)

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
services.dnsmasq.servers

The DNS servers which dnsmasq should query.

Type: "unspecified"

Default: [ ]

Example: [ "8.8.8.8" "8.8.4.4" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
services.dockerRegistry.enable

Whether to enable docker registry server.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
services.dockerRegistry.extraConfig

Docker extra registry configuration. See https://github.com/docker/docker-registry/blob/master/config/config_sample.yml

Type: "attribute set of strings"

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
services.dockerRegistry.host

Docker registry host or ip to bind to.

Type: "string"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
services.dockerRegistry.port

Docker registry port to bind to.

Type: "integer"

Default: 5000

Declared by:

<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
services.dockerRegistry.storagePath

Docker registry storage path.

Type: "path"

Default: "/var/lib/docker/registry"

Declared by:

<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
services.dovecot2.configFile

Config file used for the whole dovecot configuration.

Type: "unspecified"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/mail/dovecot.nix>
services.dovecot2.enable

Whether to enable the Dovecot 2.x POP3/IMAP server.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/mail/dovecot.nix>
services.dovecot2.enableImap

Start the IMAP listener (when Dovecot is enabled).

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/mail/dovecot.nix>
services.dovecot2.enablePop3

Start the POP3 listener (when Dovecot is enabled).

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/mail/dovecot.nix>
services.dovecot2.extraConfig

Additional entries to put verbatim into Dovecot's config file.

Type: "unspecified"

Default: ""

Example: "mail_debug = yes"

Declared by:

<nixpkgs/nixos/modules/services/mail/dovecot.nix>
services.dovecot2.group

Dovecot group name.

Type: "unspecified"

Default: "dovecot2"

Declared by:

<nixpkgs/nixos/modules/services/mail/dovecot.nix>
services.dovecot2.mailLocation

Location that dovecot will use for mail folders. Dovecot mail_location option.

Type: "unspecified"

Default: "maildir:/var/spool/mail/%u"

Example: "maildir:~/mail:INBOX=/var/spool/mail/%u"

Declared by:

<nixpkgs/nixos/modules/services/mail/dovecot.nix>
services.dovecot2.showPAMFailure

Show the PAM failure message on authentication error (useful for OTPW).

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/mail/dovecot.nix>
services.dovecot2.sslCACert

CA certificate used by the server certificate.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/mail/dovecot.nix>
services.dovecot2.sslServerCert

Server certificate

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/mail/dovecot.nix>
services.dovecot2.sslServerKey

Server key.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/mail/dovecot.nix>
services.dovecot2.user

Dovecot user name.

Type: "unspecified"

Default: "dovecot2"

Declared by:

<nixpkgs/nixos/modules/services/mail/dovecot.nix>
services.drbd.config

Contents of the drbd.conf configuration file.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/drbd.nix>
services.drbd.enable

Whether to enable support for DRBD, the Distributed Replicated Block Device.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/drbd.nix>
services.ejabberd.confDir

Location of the config directory of ejabberd

Type: "unspecified"

Default: "/var/ejabberd"

Declared by:

<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
services.ejabberd.enable

Whether to enable ejabberd server

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
services.ejabberd.loadDumps

Configuration dump that should be loaded on the first startup

Type: "unspecified"

Default: [ ]

Example:

[ ./myejabberd.dump ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
services.ejabberd.logsDir

Location of the logfile directory of ejabberd

Type: "unspecified"

Default: "/var/log/ejabberd"

Declared by:

<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
services.ejabberd.spoolDir

Location of the spooldir of ejabberd

Type: "unspecified"

Default: "/var/lib/ejabberd"

Declared by:

<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
services.ejabberd.virtualHosts

Virtualhosts that ejabberd should host. Hostnames are surrounded with doublequotes and separated by commas

Type: "unspecified"

Default: ''"localhost"''

Declared by:

<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
services.elasticsearch.cluster_name

Elasticsearch name that identifies your cluster for auto-discovery.

Type: "string"

Default: "elasticsearch"

Declared by:

<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
services.elasticsearch.dataDir

Data directory for elasticsearch.

Type: "path"

Default: "/var/lib/elasticsearch"

Declared by:

<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
services.elasticsearch.enable

Whether to enable elasticsearch.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
services.elasticsearch.extraCmdLineOptions

Extra command line options for the elasticsearch launcher.

Type: "list of strings"

Default: [ ]

Example: [ "-Djava.net.preferIPv4Stack=true" ]

Declared by:

<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
services.elasticsearch.extraConf

Extra configuration for elasticsearch.

Type: "string"

Default: ""

Example:

''
node.name: "elasticsearch"
node.master: true
node.data: false
index.number_of_shards: 5
index.number_of_replicas: 1
''

Declared by:

<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
services.elasticsearch.host

Elasticsearch listen address.

Type: "string"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
services.elasticsearch.logging

Elasticsearch logging configuration.

Type: "string"

Default:

''
rootLogger: INFO, console
logger:
  action: INFO
  com.amazonaws: WARN
appender:
  console:
    type: console
    layout:
      type: consolePattern
      conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"
''

Declared by:

<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
services.elasticsearch.plugins

Extra elasticsearch plugins

Type: "list of derivations"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
services.elasticsearch.port

Elasticsearch port to listen for HTTP traffic.

Type: "integer"

Default: 9200

Declared by:

<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
services.elasticsearch.tcp_port

Elasticsearch port for the node to node communication.

Type: "integer"

Default: 9300

Declared by:

<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
services.etcd.advertiseClientUrls

Etcd list of this member's client URLs to advertise to the rest of the cluster.

Type: "list of strings"

Default: [ "http://localhost:4001" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/etcd.nix>
services.etcd.dataDir

Etcd data directory.

Type: "path"

Default: "/var/lib/etcd"

Declared by:

<nixpkgs/nixos/modules/services/misc/etcd.nix>
services.etcd.discovery

Etcd discovery url

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/misc/etcd.nix>
services.etcd.enable

Whether to enable etcd.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/etcd.nix>
services.etcd.extraConf

Etcd extra configuration. See https://github.com/coreos/etcd/blob/master/Documentation/configuration.md#environment-variables

Type: "attribute set of strings"

Default: { }

Example:

{
  "CORS": "*",
  "NAME": "default-name",
  "MAX_RESULT_BUFFER": "1024",
  "MAX_CLUSTER_SIZE": "9",
  "MAX_RETRY_ATTEMPTS": "3"
}

Declared by:

<nixpkgs/nixos/modules/services/misc/etcd.nix>
services.etcd.initialAdvertisePeerUrls

Etcd list of this member's peer URLs to advertise to rest of the cluster.

Type: "list of strings"

Default: [ "http://localhost:7001" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/etcd.nix>
services.etcd.initialCluster

Etcd initial cluster configuration for bootstrapping.

Type: "list of strings"

Default: [ "nixos=http://localhost:7001" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/etcd.nix>
services.etcd.initialClusterState

Etcd initial cluster configuration for bootstrapping.

Type: "one of new, existing"

Default: "new"

Declared by:

<nixpkgs/nixos/modules/services/misc/etcd.nix>
services.etcd.initialClusterToken

Etcd initial cluster token for etcd cluster during bootstrap.

Type: "string"

Default: "etcd-cluster"

Declared by:

<nixpkgs/nixos/modules/services/misc/etcd.nix>
services.etcd.listenClientUrls

Etcd list of URLs to listen on for client traffic.

Type: "list of strings"

Default: [ "http://localhost:4001" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/etcd.nix>
services.etcd.listenPeerUrls

Etcd list of URLs to listen on for peer traffic.

Type: "list of strings"

Default: [ "http://localhost:7001" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/etcd.nix>
services.etcd.name

Etcd unique node name.

Type: "string"

Default: "nixos"

Declared by:

<nixpkgs/nixos/modules/services/misc/etcd.nix>
services.exim.config

Verbatim Exim configuration. This should not contain exim_user, exim_group, exim_path, or spool_directory.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/mail/exim.nix>
services.exim.enable

Whether to enable the Exim mail transfer agent.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/mail/exim.nix>
services.exim.group

Group to use when no root privileges are required.

Type: "string"

Default: "exim"

Declared by:

<nixpkgs/nixos/modules/services/mail/exim.nix>
services.exim.spoolDir

Location of the spool directory of exim.

Type: "string"

Default: "/var/spool/exim"

Declared by:

<nixpkgs/nixos/modules/services/mail/exim.nix>
services.exim.user

User to use when no root privileges are required. In particular, this applies when receiving messages and when doing remote deliveries. (Local deliveries run as various non-root users, typically as the owner of a local mailbox.) Specifying this value as root is not supported.

Type: "string"

Default: "exim"

Declared by:

<nixpkgs/nixos/modules/services/mail/exim.nix>
services.fail2ban.daemonConfig

The contents of Fail2ban's main configuration file. It's generally not necessary to change it.

Type: "string"

Default:

''
[Definition]
loglevel  = INFO
logtarget = SYSLOG
socket    = /run/fail2ban/fail2ban.sock
pidfile   = /run/fail2ban/fail2ban.pid
''

Declared by:

<nixpkgs/nixos/modules/services/security/fail2ban.nix>
services.fail2ban.enable

Whether to enable the fail2ban service.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/security/fail2ban.nix>
services.fail2ban.jails

The configuration of each Fail2ban “jail”. A jail consists of an action (such as blocking a port using iptables) that is triggered when a filter applied to a log file triggers more than a certain number of times in a certain time period. Actions are defined in /etc/fail2ban/action.d, while filters are defined in /etc/fail2ban/filter.d.

Type: "attribute set of strings"

Default: { }

Example: { apache-nohome-iptables = "# Block an IP address if it accesses a non-existent\n# home directory more than 5 times in 10 minutes,\n# since that indicates that it's scanning.\nfilter = apache-nohome\naction = iptables-multiport[name=HTTP, port=\"http,https\"]\nlogpath = /var/log/httpd/error_log*\nfindtime = 600\nbantime = 600\nmaxretry = 5\n"; }

Declared by:

<nixpkgs/nixos/modules/services/security/fail2ban.nix>
services.fcgiwrap.enable

Whether to enable fcgiwrap, a server for running CGI applications over FastCGI.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix>
services.fcgiwrap.group

Group permissions for the socket.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix>
services.fcgiwrap.preforkProcesses

Number of processes to prefork.

Type: "integer"

Default: 1

Declared by:

<nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix>
services.fcgiwrap.socketAddress

Socket address. In case of a UNIX socket, this should be its filesystem path.

Type: "string"

Default: "/run/fcgiwrap.sock"

Example: "1.2.3.4:5678"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix>
services.fcgiwrap.socketType

Socket type: 'unix', 'tcp' or 'tcp6'.

Type: "string"

Default: "unix"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix>
services.fcgiwrap.user

User permissions for the socket.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix>
services.fcron.allow

Users allowed to use fcrontab and fcrondyn (one name per line, all for everyone).

Type: "list of strings"

Default: [ "all" ]

Declared by:

<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
services.fcron.deny

Users forbidden from using fcron.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
services.fcron.enable

Whether to enable the fcron daemon.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
services.fcron.maxSerialJobs

Maximum number of serial jobs which can run simultaneously.

Type: "integer"

Default: 1

Declared by:

<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
services.fcron.queuelen

Number of jobs the serial queue and the lavg queue can contain.

Type: "null or integer"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
services.fcron.systab

The "system" crontab contents.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
services.felix.bundles

List of bundles that should be activated on startup

Type: "unspecified"

Default: [ (build of apache-felix-remoteshell-bundle-1.0.4) ]

Declared by:

<nixpkgs/nixos/modules/services/misc/felix.nix>
services.felix.enable

Whether to enable the Apache Felix OSGi service

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/felix.nix>
services.felix.group

Group account under which Apache Felix runs.

Type: "unspecified"

Default: "osgi"

Declared by:

<nixpkgs/nixos/modules/services/misc/felix.nix>
services.felix.user

User account under which Apache Felix runs.

Type: "unspecified"

Default: "osgi"

Declared by:

<nixpkgs/nixos/modules/services/misc/felix.nix>
services.firebird.baseDir

Location containing data/ and system/ directories. data/ stores the databases, system/ stores the password database security2.fdb.

Type: "unspecified"

Default: "/var/db/firebird"

Declared by:

<nixpkgs/nixos/modules/services/databases/firebird.nix>
services.firebird.enable

Whether to enable the Firebird super server.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/databases/firebird.nix>
services.firebird.port

Port Firebird uses.

Type: "unspecified"

Default: "3050"

Declared by:

<nixpkgs/nixos/modules/services/databases/firebird.nix>
services.firebird.user

User account under which firebird runs.

Type: "unspecified"

Default: "firebird"

Declared by:

<nixpkgs/nixos/modules/services/databases/firebird.nix>
services.firefox.syncserver.allowNewUsers

Whether to allow new-user signups on the server. Only request by existing accounts will be honored.

Type: "boolean"

Default: true

Example: false

Declared by:

<nixpkgs/nixos/modules/services/networking/firefox/sync-server.nix>
services.firefox.syncserver.enable

Whether to enable a Firefox Sync Server, this give the opportunity to Firefox users to store all synchronized data on their own server. To use this server, Firefox users should visit the about:config, and replicate the following change

services.sync.tokenServerURI: http://localhost:5000/token/1.0/sync/1.5

where http://localhost:5000/ corresponds to the public url of the server.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/firefox/sync-server.nix>
services.firefox.syncserver.listen.address

Address on which the sync server listen to.

Type: "string"

Default: "127.0.0.1"

Example: "0.0.0.0"

Declared by:

<nixpkgs/nixos/modules/services/networking/firefox/sync-server.nix>
services.firefox.syncserver.listen.port

Port on which the sync server listen to.

Type: "integer"

Default: 5000

Declared by:

<nixpkgs/nixos/modules/services/networking/firefox/sync-server.nix>
services.firefox.syncserver.privateConfig

The private config file is used to extend the generated config with confidential information, such as the syncserver.sqlUri setting if it contains a password, and the syncserver.secret setting is used by the server to generate cryptographically-signed authentication tokens. If this file does not exists, then it is created with a generated syncserver.secret settings.

Type: "string"

Default: "/etc/firefox/syncserver-secret.ini"

Declared by:

<nixpkgs/nixos/modules/services/networking/firefox/sync-server.nix>
services.firefox.syncserver.publicUrl

Public URL with which firefox users can use to access the sync server.

Type: "string"

Default: "http://localhost:5000/"

Example: "http://sync.example.com/"

Declared by:

<nixpkgs/nixos/modules/services/networking/firefox/sync-server.nix>
services.firefox.syncserver.sqlUri

The location of the database. This URL is composed of dialect[+driver]://user:password@host/dbname[?key=value..], where dialect is a database name such as mysql, oracle, postgresql, etc., and driver the name of a DBAPI, such as psycopg2, pyodbc, cx_oracle, etc. The SQLAlchemy documentation provides more examples and describe the syntax of the expected URL.

Type: "string"

Default: "sqlite:////var/db/firefox-sync-server.db"

Example: "postgresql://scott:tiger@localhost/test"

Declared by:

<nixpkgs/nixos/modules/services/networking/firefox/sync-server.nix>
services.flashpolicyd.enable

Whether to enable the Flash Policy server. This is necessary if you want Flash applications to make connections to your server.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/flashpolicyd.nix>
services.flashpolicyd.policy

The policy to be served. The default is to allow connections from any domain to any port.

Type: "unspecified"

Default:

''
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy> 
  <site-control permitted-cross-domain-policies="master-only"/>
  <allow-access-from domain="*" to-ports="*" />
</cross-domain-policy>
''

Declared by:

<nixpkgs/nixos/modules/services/networking/flashpolicyd.nix>
services.fleet.enable

Whether to enable fleet service.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/cluster/fleet.nix>
services.fleet.etcdCafile

Fleet TLS ca file when SSL certificate authentication is enabled in etcd endpoints.

Type: "null or path"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/cluster/fleet.nix>
services.fleet.etcdCertfile

Fleet TLS cert file when SSL certificate authentication is enabled in etcd endpoints.

Type: "null or path"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/cluster/fleet.nix>
services.fleet.etcdKeyfile

Fleet TLS key file when SSL certificate authentication is enabled in etcd endpoints.

Type: "null or path"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/cluster/fleet.nix>
services.fleet.etcdServers

Fleet list of etcd endpoints to use.

Type: "list of strings"

Default: [ "http://127.0.0.1:4001" ]

Declared by:

<nixpkgs/nixos/modules/services/cluster/fleet.nix>
services.fleet.extraConfig

Fleet extra config. See https://github.com/coreos/fleet/blob/master/Documentation/deployment-and-configuration.md for configuration options.

Type: "attribute set of strings"

Default: { }

Example:

{
  VERBOSITY = 1;
  ETCD_REQUEST_TIMEOUT = "2.0";
  AGENT_TTL = "40s";
}

Declared by:

<nixpkgs/nixos/modules/services/cluster/fleet.nix>
services.fleet.listen

Fleet listening addresses.

Type: "list of strings"

Default: [ "/var/run/fleet.sock" ]

Example: [ "/var/run/fleet.sock" "127.0.0.1:49153" ]

Declared by:

<nixpkgs/nixos/modules/services/cluster/fleet.nix>
services.fleet.metadata

Key/value pairs that are published with the local to the fleet registry. This data can be used directly by a client of fleet to make scheduling decisions.

Type: "attribute set of strings"

Default: { }

Example:

{
  region = "us-west";
  az = "us-west-1";
}

Declared by:

<nixpkgs/nixos/modules/services/cluster/fleet.nix>
services.fleet.publicIp

Fleet IP address that should be published with the local Machine's state and any socket information. If not set, fleetd will attempt to detect the IP it should publish based on the machine's IP routing information.

Type: "null or string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/cluster/fleet.nix>
services.fluentd.config

Fluentd config.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/logging/fluentd.nix>
services.fluentd.enable

Whether to enable fluentd.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/logging/fluentd.nix>
services.foldingAtHome.config

Extra configuration. Contents will be added verbatim to the configuration file.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/misc/folding-at-home.nix>
services.foldingAtHome.enable

Whether to enable the Folding@Home to use idle CPU time.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/folding-at-home.nix>
services.foldingAtHome.nickname

A unique handle for statistics.

Type: "unspecified"

Default: "Anonymous"

Declared by:

<nixpkgs/nixos/modules/services/misc/folding-at-home.nix>
services.fourStore.database

RDF database name. If it doesn't exist, it will be created. Databases are stored in /var/lib/4store.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/databases/4store.nix>
services.fourStore.enable

Whether to enable 4Store RDF database server.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/databases/4store.nix>
services.fourStore.options

Extra CLI options to pass to 4Store.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/databases/4store.nix>
services.fourStoreEndpoint.database

RDF database name to expose via the endpoint. Defaults to local 4Store database name.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/databases/4store-endpoint.nix>
services.fourStoreEndpoint.enable

Whether to enable 4Store SPARQL endpoint.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/databases/4store-endpoint.nix>
services.fourStoreEndpoint.listenAddress

IP address to listen on.

Type: "unspecified"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/databases/4store-endpoint.nix>
services.fourStoreEndpoint.options

Extra CLI options to pass to 4Store's 4s-httpd process.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/databases/4store-endpoint.nix>
services.fourStoreEndpoint.port

port to listen on.

Type: "unspecified"

Default: 8080

Declared by:

<nixpkgs/nixos/modules/services/databases/4store-endpoint.nix>
services.fprintd.enable

Whether to enable fprintd daemon and PAM module for fingerprint readers handling.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/security/fprintd.nix>
services.fprot.updater.enable

Whether to enable automatic F-Prot virus definitions database updates.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/security/fprot.nix>
services.fprot.updater.frequency

Update virus definitions every X minutes.

Type: "unspecified"

Default: 30

Declared by:

<nixpkgs/nixos/modules/services/security/fprot.nix>
services.fprot.updater.licenseKeyfile

License keyfile. Defaults to the one supplied with installation package.

Type: "unspecified"

Declared by:

<nixpkgs/nixos/modules/services/security/fprot.nix>
services.fprot.updater.productData

product.data file. Defaults to the one supplied with installation package.

Type: "unspecified"

Declared by:

<nixpkgs/nixos/modules/services/security/fprot.nix>
services.frandom.enable

enable the /dev/frandom device (a very fast random number generator)

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/security/frandom.nix>
services.freefall.devices

Device paths to all internal spinning hard drives.

Type: "list of strings"

Default: [ "/dev/sda" ]

Declared by:

<nixpkgs/nixos/modules/services/hardware/freefall.nix>
services.freefall.enable

Whether to protect HP/Dell laptop hard drives (not SSDs) in free fall.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/freefall.nix>
services.freenet.enable

Enable the Freenet daemon

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/freenet.nix>
services.freenet.nice

Set the nice level for the Freenet daemon

Type: "integer"

Default: 10

Declared by:

<nixpkgs/nixos/modules/services/networking/freenet.nix>
services.geoclue2.enable

Whether to enable GeoClue 2 daemon, a DBus service that provides location informationfor accessing.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
services.ghostOne.config

Extra configuration options.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/games/ghost-one.nix>
services.ghostOne.enable

Enable Ghost-One Warcraft3 game hosting server.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/games/ghost-one.nix>
services.ghostOne.language

The language of bot messages: English, Spanish, Russian, Serbian or Turkish.

Type: "string"

Default: "English"

Declared by:

<nixpkgs/nixos/modules/services/games/ghost-one.nix>
services.ghostOne.mappath

The path to the directory where you keep your map files. GHost One doesn't require map files but if it has access to them it can send them to players and automatically calculate most map config values. GHost One will search [bot_mappath + map_localpath] for the map file (map_localpath is set in each map's config file).

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/games/ghost-one.nix>
services.ghostOne.war3path

The path to your local Warcraft III directory, which must contain war3.exe, storm.dll, and game.dll.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/games/ghost-one.nix>
services.gitDaemon.basePath

Remap all the path requests as relative to the given path. For example, if you set base-path to /srv/git, then if you later try to pull git://example.com/hello.git, Git daemon will interpret the path as /srv/git/hello.git.

Type: "string"

Default: ""

Example: "/srv/git/"

Declared by:

<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
services.gitDaemon.enable

Enable Git daemon, which allows public hosting of git repositories without any access controls. This is mostly intended for read-only access. You can allow write access by setting daemon.receivepack configuration item of the repository to true. This is solely meant for a closed LAN setting where everybody is friendly. If you need any access controls, use something else.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
services.gitDaemon.exportAll

Publish all directories that look like Git repositories (have the objects and refs subdirectories), even if they do not have the git-daemon-export-ok file. If disabled, you need to touch .git/git-daemon-export-ok in each repository you want the daemon to publish. Warning: enabling this without a repository whitelist or basePath publishes every git repository you have.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
services.gitDaemon.group

Group under which Git daemon would be running.

Type: "string"

Default: "git"

Declared by:

<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
services.gitDaemon.listenAddress

Listen on a specific IP address or hostname.

Type: "string"

Default: ""

Example: "example.com"

Declared by:

<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
services.gitDaemon.options

Extra configuration options to be passed to Git daemon.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
services.gitDaemon.port

Port to listen on.

Type: "integer"

Default: 9418

Declared by:

<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
services.gitDaemon.repositories

A whitelist of paths of git repositories, or directories containing repositories all of which would be published. Paths must not end in "/". Warning: leaving this empty and enabling exportAll publishes all repositories in your filesystem or basePath if specified.

Type: "list of strings"

Default: [ ]

Example: [ "/srv/git" "/home/user/git/repo2" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
services.gitDaemon.user

User under which Git daemon would be running.

Type: "string"

Default: "git"

Declared by:

<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
services.gitlab.backupPath

Gitlab path for backups.

Type: "string"

Default: "/var/gitlab/state/backup"

Declared by:

<nixpkgs/nixos/modules/services/misc/gitlab.nix>
services.gitlab.databaseHost

Gitlab database hostname.

Type: "string"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/misc/gitlab.nix>
services.gitlab.databaseName

Gitlab database name.

Type: "string"

Default: "gitlab"

Declared by:

<nixpkgs/nixos/modules/services/misc/gitlab.nix>
services.gitlab.databasePassword

Gitlab database user password.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/misc/gitlab.nix>
services.gitlab.databaseUsername

Gitlab database user.

Type: "string"

Default: "gitlab"

Declared by:

<nixpkgs/nixos/modules/services/misc/gitlab.nix>
services.gitlab.emailFrom

The source address for emails sent by gitlab.

Type: "string"

Default: "example@example.org"

Declared by:

<nixpkgs/nixos/modules/services/misc/gitlab.nix>
services.gitlab.enable

Enable the gitlab service.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/gitlab.nix>
services.gitlab.host

Gitlab host name. Used e.g. for copy-paste URLs.

Type: "string"

Default: "nixos"

Declared by:

<nixpkgs/nixos/modules/services/misc/gitlab.nix>
services.gitlab.port

Gitlab server listening port.

Type: "integer"

Default: 8080

Declared by:

<nixpkgs/nixos/modules/services/misc/gitlab.nix>
services.gitlab.satelliteDir

Gitlab directory to store checked out git trees requires for operation.

Type: "string"

Default: "/var/gitlab/git-satellites"

Declared by:

<nixpkgs/nixos/modules/services/misc/gitlab.nix>
services.gitlab.stateDir

Gitlab state directory, logs are stored here.

Type: "string"

Default: "/var/gitlab/state"

Declared by:

<nixpkgs/nixos/modules/services/misc/gitlab.nix>
services.gitolite.adminPubkey

Initial administrative public key for Gitolite. This should be an SSH Public Key. Note that this key will only be used once, upon the first initialization of the Gitolite user. The key string cannot have any line breaks in it.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/misc/gitolite.nix>
services.gitolite.commonHooks

A list of custom git hooks that get copied to ~/.gitolite/hooks/common.

Type: "list of paths"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/misc/gitolite.nix>
services.gitolite.dataDir

Gitolite home directory (used to store all the repositories).

Type: "string"

Default: "/var/lib/gitolite"

Declared by:

<nixpkgs/nixos/modules/services/misc/gitolite.nix>
services.gitolite.enable

Enable gitolite management under the gitolite user. After switching to a configuration with Gitolite enabled, you can then run git clone gitolite@host:gitolite-admin.git to manage it further.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/gitolite.nix>
services.gitolite.user

Gitolite user account. This is the username of the gitolite endpoint.

Type: "string"

Default: "gitolite"

Declared by:

<nixpkgs/nixos/modules/services/misc/gitolite.nix>
services.gnome3.at-spi2-core.enable

Whether to enable at-spi2-core, a service for the Assistive Technologies available on the GNOME platform.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/desktops/gnome3/at-spi2-core.nix>
services.gnome3.evolution-data-server.enable

Whether to enable Evolution Data Server, a collection of services for storing addressbooks and calendars.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/desktops/gnome3/evolution-data-server.nix>
services.gnome3.gnome-documents.enable

Whether to enable GNOME Documents services, a document manager application for GNOME.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/desktops/gnome3/gnome-documents.nix>
services.gnome3.gnome-keyring.enable

Whether to enable GNOME Keyring daemon, a service designed to take care of the user's security credentials, such as user names and passwordsa search engine.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/desktops/gnome3/gnome-keyring.nix>
services.gnome3.gnome-online-accounts.enable

Whether to enable GNOME Online Accounts daemon, a service that provides a single sign-on framework for the GNOME desktop.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/desktops/gnome3/gnome-online-accounts.nix>
services.gnome3.gnome-online-miners.enable

Whether to enable GNOME Online Miners, a service that crawls through your online content.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/desktops/gnome3/gnome-online-miners.nix>
services.gnome3.gnome-user-share.enable

Whether to enable GNOME User Share, a service that exports the contents of the Public folder in your home directory on the local network.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/desktops/gnome3/gnome-user-share.nix>
services.gnome3.gvfs.enable

Whether to enable gvfs backends, userspace virtual filesystem used by GNOME components via D-Bus.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/desktops/gnome3/gvfs.nix>
services.gnome3.seahorse.enable

Whether to enable Seahorse search provider for the GNOME Shell activity search.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/desktops/gnome3/seahorse.nix>
services.gnome3.sushi.enable

Whether to enable Sushi, a quick previewer for nautilus.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/desktops/gnome3/sushi.nix>
services.gnome3.tracker.enable

Whether to enable Tracker services, a search engine, search tool and metadata storage system.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/desktops/gnome3/tracker.nix>
services.gnunet.enable

Whether to run the GNUnet daemon. GNUnet is GNU's anonymous peer-to-peer communication and file sharing framework.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/gnunet.nix>
services.gnunet.extraOptions

Additional options that will be copied verbatim in `gnunet.conf'. See `gnunet.conf(5)' for details.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/gnunet.nix>
services.gnunet.fileSharing.quota

Maximum file system usage (in MiB) for file sharing.

Type: "unspecified"

Default: 1024

Declared by:

<nixpkgs/nixos/modules/services/networking/gnunet.nix>
services.gnunet.load.hardNetUpBandwidth

Hard bandwidth limit (in bits per second) when uploading data.

Type: "unspecified"

Default: 0

Declared by:

<nixpkgs/nixos/modules/services/networking/gnunet.nix>
services.gnunet.load.maxNetDownBandwidth

Maximum bandwidth usage (in bits per second) for GNUnet when downloading data.

Type: "unspecified"

Default: 50000

Declared by:

<nixpkgs/nixos/modules/services/networking/gnunet.nix>
services.gnunet.load.maxNetUpBandwidth

Maximum bandwidth usage (in bits per second) for GNUnet when downloading data.

Type: "unspecified"

Default: 50000

Declared by:

<nixpkgs/nixos/modules/services/networking/gnunet.nix>
services.gnunet.tcp.port

The TCP port for use by GNUnet.

Type: "unspecified"

Default: 2086

Declared by:

<nixpkgs/nixos/modules/services/networking/gnunet.nix>
services.gnunet.udp.port

The UDP port for use by GNUnet.

Type: "unspecified"

Default: 2086

Declared by:

<nixpkgs/nixos/modules/services/networking/gnunet.nix>
services.gogoclient.autorun

Whether to automatically start the tunnel.

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/gogoclient.nix>
services.gogoclient.enable

Enable the gogoCLIENT IPv6 tunnel.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/gogoclient.nix>
services.gogoclient.password

Path to a file (as a string), containing your gogoNET password, if any.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/gogoclient.nix>
services.gogoclient.server

The Gateway6 server to be used.

Type: "unspecified"

Default: "anonymous.freenet6.net"

Example: "broker.freenet6.net"

Declared by:

<nixpkgs/nixos/modules/services/networking/gogoclient.nix>
services.gogoclient.username

Your Gateway6 login name, if any.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/gogoclient.nix>
services.gpm.enable

Whether to enable GPM, the General Purpose Mouse daemon, which enables mouse support in virtual consoles.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/ttys/gpm.nix>
services.gpm.protocol

Mouse protocol to use.

Type: "string"

Default: "ps/2"

Declared by:

<nixpkgs/nixos/modules/services/ttys/gpm.nix>
services.gpsd.debugLevel

The debugging level.

Type: "integer"

Default: 0

Declared by:

<nixpkgs/nixos/modules/services/misc/gpsd.nix>
services.gpsd.device

A device may be a local serial device for GPS input, or a URL of the form: [{dgpsip|ntrip}://][user:passwd@]host[:port][/stream] in which case it specifies an input source for DGPS or ntrip data.

Type: "string"

Default: "/dev/ttyUSB0"

Declared by:

<nixpkgs/nixos/modules/services/misc/gpsd.nix>
services.gpsd.enable

Whether to enable `gpsd', a GPS service daemon.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/gpsd.nix>
services.gpsd.port

The port where to listen for TCP connections.

Type: "integer"

Default: 2947

Declared by:

<nixpkgs/nixos/modules/services/misc/gpsd.nix>
services.gpsd.readonly

Whether to enable the broken-device-safety, otherwise known as read-only mode. Some popular bluetooth and USB receivers lock up or become totally inaccessible when probed or reconfigured. This switch prevents gpsd from writing to a receiver. This means that gpsd cannot configure the receiver for optimal performance, but it also means that gpsd cannot break the receiver. A better solution would be for Bluetooth to not be so fragile. A platform independent method to identify serial-over-Bluetooth devices would also be nice.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/misc/gpsd.nix>
services.graphite.api.enable

Whether to enable graphite api. Graphite api is lightweight alternative to graphite web, with api and without dashboard. It's advised to use grafana as alternative dashboard and influxdb as alternative to graphite carbon. For more information visit http://graphite-api.readthedocs.org/en/latest/

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.api.extraConfig

Extra configuration for graphite api.

Type: "string"

Default:

''
whisper:
  directories:
      - /var/db/graphite/whisper
''

Example:

allowed_origins:
  - dashboard.example.com
cheat_times: true
influxdb:
  host: localhost
  port: 8086
  user: influxdb
  pass: influxdb
  db: metrics
cache:
  CACHE_TYPE: 'filesystem'
  CACHE_DIR: '/tmp/graphite-api-cache'

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.api.finders

List of finder plugins to load.

Type: "list of derivations"

Default: [ ]

Example: [ (build of python2.7-graphite-influxdb-0.3) ]

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.api.functions

List of functions to load.

Type: "list of strings"

Default: [ "graphite_api.functions.SeriesFunctions" "graphite_api.functions.PieFunctions" ]

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.api.host

Graphite web service listen address.

Type: "string"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.api.port

Graphite api service port.

Type: "integer"

Default: 8080

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.carbon.aggregationRules

Defines if and how received metrics will be agregated.

Type: "null or string"

Default: null

Example:

''
<env>.applications.<app>.all.requests (60) = sum <env>.applications.<app>.*.requests
<env>.applications.<app>.all.latency (60) = avg <env>.applications.<app>.*.latency
''

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.carbon.blacklist

Any metrics received which match one of the experssions will be dropped.

Type: "null or string"

Default: null

Example: "^some.noisy.metric.prefix..*"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.carbon.config

Content of carbon configuration file.

Type: "string"

Default:

''
[cache]
# Listen on localhost by default for security reasons
UDP_RECEIVER_INTERFACE = 127.0.0.1
PICKLE_RECEIVER_INTERFACE = 127.0.0.1
LINE_RECEIVER_INTERFACE = 127.0.0.1
CACHE_QUERY_INTERFACE = 127.0.0.1
# Do not log every update
LOG_UPDATES = False
LOG_CACHE_HITS = False
''

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.carbon.enableAggregator

Whether to enable carbon agregator, the carbon buffering service.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.carbon.enableCache

Whether to enable carbon cache, the graphite storage daemon.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.carbon.enableRelay

Whether to enable carbon relay, the carbon replication and sharding service.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.carbon.relayRules

Relay rules are used to send certain metrics to a certain backend.

Type: "null or string"

Default: null

Example:

''
[example]
pattern = ^mydata\.foo\..+
servers = 10.1.2.3, 10.1.2.4:2004, myserver.mydomain.com
''

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.carbon.rewriteRules

Regular expression patterns that can be used to rewrite metric names in a search and replace fashion.

Type: "null or string"

Default: null

Example:

''
[post]
_sum$ =
_avg$ =
''

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.carbon.storageAggregation

Defines how to aggregate data to lower-precision retentions.

Type: "null or string"

Default: null

Example:

''
[all_min]
pattern = \.min$
xFilesFactor = 0.1
aggregationMethod = min
''

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.carbon.storageSchemas

Defines retention rates for storing metrics.

Type: "null or string"

Default: ""

Example:

''
[apache_busyWorkers]
pattern = ^servers\.www.*\.workers\.busyWorkers$
retentions = 15s:7d,1m:21d,15m:5y
''

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.carbon.whitelist

Only metrics received which match one of the experssions will be persisted.

Type: "null or string"

Default: null

Example: ".*"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.dataDir

Data directory for graphite.

Type: "path"

Default: "/var/db/graphite"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.pager.alerts

Alerts configuration for graphite-pager.

Type: "string"

Default:

''
alerts:
  - target: constantLine(100)
    warning: 90
    critical: 200
    name: Test
''

Example:

pushbullet_key: pushbullet_api_key
alerts:
  - target: stats.seatgeek.app.deal_quality.venue_info_cache.hit
    warning: .5
    critical: 1
    name: Deal quality venue cache hits

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.pager.enable

Whether to enable graphite-pager service. For more information visit https://github.com/seatgeek/graphite-pager

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.pager.graphiteUrl

URL to your graphite service.

Type: "string"

Default: "http://127.0.0.1:8080"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.pager.redisUrl

Redis connection string.

Type: "string"

Default: "redis://localhost:6379/"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.seyren.enable

Whether to enable seyren service.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.seyren.extraConfig

Extra seyren configuration. See https://github.com/scobal/seyren#config

Type: "attribute set of strings"

Default: { }

Example:

{
  GRAPHITE_USERNAME = "user";
  GRAPHITE_PASSWORD = "pass";
}

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.seyren.graphiteUrl

Host where graphite service runs.

Type: "string"

Default: "http://127.0.0.1:8080"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.seyren.mongoUrl

Mongodb connection string.

Type: "string"

Default: "mongodb://127.0.0.1:27017/seyren"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.seyren.port

Seyren listening port.

Type: "integer"

Default: 8081

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.seyren.seyrenUrl

Host where seyren is accessible.

Type: "string"

Default: "http://localhost:8081/"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.web.enable

Whether to enable graphite web frontend.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.web.host

Graphite web frontend listen address.

Type: "string"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.graphite.web.port

Graphite web frontend port.

Type: "integer"

Default: 8080

Declared by:

<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
services.gvpe.configFile

GVPE config file, if already present

Type: "unspecified"

Default: null

Example: "/root/my-gvpe-conf"

Declared by:

<nixpkgs/nixos/modules/services/networking/gvpe.nix>
services.gvpe.configText

GVPE config contents

Type: "unspecified"

Default: null

Example:

''
tcp-port = 655
udp-port = 655
mtu = 1480
ifname = vpn0

node = alpha
hostname = alpha.example.org
connect = always
enable-udp = true
enable-tcp = true
on alpha if-up = if-up-0
on alpha pid-file = /var/gvpe/gvpe.pid
''

Declared by:

<nixpkgs/nixos/modules/services/networking/gvpe.nix>
services.gvpe.customIFSetup

Additional commands to apply in ifup script

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/gvpe.nix>
services.gvpe.enable

Whether to run gvpe

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/gvpe.nix>
services.gvpe.ipAddress

IP address to assign to GVPE interface

Type: "unspecified"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/gvpe.nix>
services.gvpe.nodename

GVPE node name

Type: "unspecified"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/gvpe.nix>
services.gvpe.startOn

Condition to start GVPE

Type: "unspecified"

Default: "started network-interfaces"

Declared by:

<nixpkgs/nixos/modules/services/networking/gvpe.nix>
services.gvpe.stopOn

Condition to stop GVPE

Type: "unspecified"

Default: "stopping network-interfaces"

Declared by:

<nixpkgs/nixos/modules/services/networking/gvpe.nix>
services.gvpe.subnet

IP subnet assigned to GVPE network

Type: "unspecified"

Default: null

Example: "10.0.0.0/8"

Declared by:

<nixpkgs/nixos/modules/services/networking/gvpe.nix>
services.haproxy.config

Contents of the HAProxy configuration file, haproxy.conf.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/haproxy.nix>
services.haproxy.enable

Whether to enable HAProxy, the reliable, high performance TCP/HTTP load balancer.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/haproxy.nix>
services.hardware.pommed.configFile

The path to the pommed.conf file.

Type: "path"

Declared by:

<nixpkgs/nixos/modules/services/hardware/pommed.nix>
services.hardware.pommed.enable

Whether to use the pommed tool to handle Apple laptop keyboard hotkeys.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/pommed.nix>
services.haveged.enable

Whether to enable to haveged entropy daemon, which refills /dev/random when low.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/security/haveged.nix>
services.haveged.refill_threshold

The number of bits of available entropy beneath which haveged should refill the entropy pool.

Type: "integer"

Default: 1024

Declared by:

<nixpkgs/nixos/modules/services/security/haveged.nix>
services.hbase.dataDir

Specifies location of HBase database files. This location should be writable and readable for the user the HBase service runs as (hbase by default).

Type: "path"

Default: "/var/lib/hbase"

Declared by:

<nixpkgs/nixos/modules/services/databases/hbase.nix>
services.hbase.enable

Whether to run HBase.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/databases/hbase.nix>
services.hbase.group

Group account under which HBase runs.

Type: "string"

Default: "hbase"

Declared by:

<nixpkgs/nixos/modules/services/databases/hbase.nix>
services.hbase.logDir

Specifies the location of HBase log files.

Type: "path"

Default: "/var/log/hbase"

Declared by:

<nixpkgs/nixos/modules/services/databases/hbase.nix>
services.hbase.user

User account under which HBase runs.

Type: "string"

Default: "hbase"

Declared by:

<nixpkgs/nixos/modules/services/databases/hbase.nix>
services.hostapd.channel

Channel number (IEEE 802.11) Please note that some drivers do not use this value from hostapd and the channel will need to be configured separately with iwconfig.

Type: "integer"

Default: 7

Example: 11

Declared by:

<nixpkgs/nixos/modules/services/networking/hostapd.nix>
services.hostapd.driver

Which driver hostapd will use. Most things will probably use the default.

Type: "string"

Default: "nl80211"

Example: "hostapd"

Declared by:

<nixpkgs/nixos/modules/services/networking/hostapd.nix>
services.hostapd.enable

Enable putting a wireless interface into infrastructure mode, allowing other wireless devices to associate with the wireless interface and do wireless networking. A simple access point will enable hostapd.wpa, and hostapd.wpa_passphrase, hostapd.ssid, dhcpd on the wireless interface to provide IP addresses to the associated stations, and nat (from the wireless interface to an upstream interface).

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/hostapd.nix>
services.hostapd.extraCfg

Extra configuration options to put in the hostapd.conf

Type: "string"

Default: ""

Example:

''
auth_algo=0
ieee80211n=1
ht_capab=[HT40-][SHORT-GI-40][DSSS_CCK-40]
''

Declared by:

<nixpkgs/nixos/modules/services/networking/hostapd.nix>
services.hostapd.group

members of this group can control hostapd

Type: "string"

Default: "wheel"

Example: "network"

Declared by:

<nixpkgs/nixos/modules/services/networking/hostapd.nix>
services.hostapd.hwMode

Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g

Type: "string"

Default: "b"

Example: "g"

Declared by:

<nixpkgs/nixos/modules/services/networking/hostapd.nix>
services.hostapd.interface

The interfaces hostapd will use.

Type: "unspecified"

Default: ""

Example: "wlan0"

Declared by:

<nixpkgs/nixos/modules/services/networking/hostapd.nix>
services.hostapd.ssid

SSID to be used in IEEE 802.11 management frames.

Type: "string"

Default: "nixos"

Example: "mySpecialSSID"

Declared by:

<nixpkgs/nixos/modules/services/networking/hostapd.nix>
services.hostapd.wpa

enable WPA (IEEE 802.11i/D3.0) to authenticate to the access point

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/hostapd.nix>
services.hostapd.wpaPassphrase

WPA-PSK (pre-shared-key) passphrase. Clients will need this passphrase to associate with this access point. Warning: This passphrase will get put into a world-readable file in the nix store.

Type: "string"

Default: "my_sekret"

Example: "any_64_char_string"

Declared by:

<nixpkgs/nixos/modules/services/networking/hostapd.nix>
services.httpd.adminAddr

E-mail address of the server administrator.

Type: "null or string"

Example: "admin@example.org"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.configFile

Override the configuration file used by Apache. By default, NixOS generates one automatically.

Type: "path"

Default: (build of httpd.conf)

Example:

pkgs.writeText "httpd.conf" "# my custom config file ...";

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.documentRoot

The path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root.

Type: "null or path"

Default: null

Example: "/data/webserver/docs"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.enable

Whether to enable the Apache HTTP Server.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.enablePHP

Whether to enable the PHP module.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.enableSSL

Whether to enable SSL (https) support.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.enableUserDir

Whether to enable serving ~/public_html as /~username.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.extraConfig

These lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default.

Type: "string"

Default: ""

Example:

''
<Directory /home>
  Options FollowSymlinks
  AllowOverride All
</Directory>
''

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.extraModules

Additional Apache modules to be used. These can be specified as a string in the case of modules distributed with Apache, or as an attribute set specifying the name and path of the module.

Type: "list of unspecifieds"

Default: [ ]

Example:

[ "proxy_connect" { name = "php5"; path = "${pkgs.php}/modules/libphp5.so"; } ]

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.extraSubservices

Extra subservices to enable in the webserver.

Type: "list of unspecifieds"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.globalRedirect

If set, all requests for this host are redirected permanently to the given URL.

Type: "null or string"

Default: null

Example: "http://newserver.example.org/"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.group

Group under which httpd runs. The account is created automatically if it doesn't exist.

Type: "string"

Default: "wwwrun"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.hostName

Canonical hostname for the server.

Type: "string"

Default: "localhost"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.logDir

Directory for Apache's log files. It is created automatically.

Type: "path"

Default: "/var/log/httpd"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.logFormat

Log format for Apache's log files. Possible values are: combined, common, referer, agent.

Type: "string"

Default: "common"

Example: "combined"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.logPerVirtualHost

If enabled, each virtual host gets its own access_log and error_log, namely suffixed by the hostName of the virtual host.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.maxClients

Maximum number of httpd processes (prefork)

Type: "integer"

Default: 150

Example: 8

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.maxRequestsPerChild

Maximum number of httpd requests answered per httpd child (prefork), 0 means unlimited

Type: "integer"

Default: 0

Example: 500

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.multiProcessingModule

Multi-processing module to be used by Apache. Available modules are prefork (the default; handles each request in a separate child process), worker (hybrid approach that starts a number of child processes each running a number of threads) and event (a recent variant of worker that handles persistent connections more efficiently).

Type: "string"

Default: "prefork"

Example: "worker"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.phpOptions

Options appended to the PHP configuration file php.ini.

Type: "string"

Default: ""

Example:

''
date.timezone = "CET"
''

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.port

Port for the server. 0 means use the default port: 80 for http and 443 for https (i.e. when enableSSL is set).

Type: "integer"

Default: 0

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.robotsEntries

Specification of pages to be ignored by web crawlers. See http://www.robotstxt.org/ for details.

Type: "string"

Default: ""

Example: "Disallow: /foo/"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.servedDirs

This option provides a simple way to serve static directories.

Type: "list of attribute sets"

Default: [ ]

Example: [ { dir = "/home/eelco/Dev/nix-homepage"; urlPath = "/nix"; } ]

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.servedFiles

This option provides a simple way to serve individual, static files.

Type: "list of attribute sets"

Default: [ ]

Example: [ { dir = "/home/eelco/some-file.png"; urlPath = "/foo/bar.png"; } ]

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.serverAliases

Additional names of virtual hosts served by this virtual host configuration.

Type: "list of strings"

Default: [ ]

Example: [ "www.example.org" "www.example.org:8080" "example.org" ]

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.sslServerCert

Path to server SSL certificate.

Type: "null or path"

Default: null

Example: "/var/host.cert"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.sslServerChain

Path to server SSL chain file.

Type: "path"

Example: "/var/ca.pem"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.sslServerKey

Path to server SSL certificate key.

Type: "path"

Example: "/var/host.key"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.stateDir

Directory for Apache's transient runtime state (such as PID files). It is created automatically. Note that the default, /run/httpd, is deleted at boot time.

Type: "path"

Default: "/run/httpd"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.user

User account under which httpd runs. The account is created automatically if it doesn't exist.

Type: "string"

Default: "wwwrun"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.virtualHosts

Specification of the virtual hosts served by Apache. Each element should be an attribute set specifying the configuration of the virtual host. The available options are the non-global options permissible for the main host.

Type: "list of submodules"

Default: [ ]

Example: [ { documentRoot = "/data/webroot-foo"; hostName = "foo"; } { documentRoot = "/data/webroot-bar"; hostName = "bar"; } ]

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.virtualHosts.*.adminAddr

E-mail address of the server administrator.

Type: "null or string"

Default: null

Example: "admin@example.org"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.virtualHosts.*.documentRoot

The path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root.

Type: "null or path"

Default: null

Example: "/data/webserver/docs"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.virtualHosts.*.enableSSL

Whether to enable SSL (https) support.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.virtualHosts.*.enableUserDir

Whether to enable serving ~/public_html as /~username.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.virtualHosts.*.extraConfig

These lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default.

Type: "string"

Default: ""

Example:

''
<Directory /home>
  Options FollowSymlinks
  AllowOverride All
</Directory>
''

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.virtualHosts.*.extraSubservices

Extra subservices to enable in the webserver.

Type: "list of unspecifieds"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.virtualHosts.*.globalRedirect

If set, all requests for this host are redirected permanently to the given URL.

Type: "null or string"

Default: null

Example: "http://newserver.example.org/"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.virtualHosts.*.hostName

Canonical hostname for the server.

Type: "string"

Default: "localhost"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.virtualHosts.*.logFormat

Log format for Apache's log files. Possible values are: combined, common, referer, agent.

Type: "string"

Default: "common"

Example: "combined"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.virtualHosts.*.port

Port for the server. 0 means use the default port: 80 for http and 443 for https (i.e. when enableSSL is set).

Type: "integer"

Default: 0

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.virtualHosts.*.robotsEntries

Specification of pages to be ignored by web crawlers. See http://www.robotstxt.org/ for details.

Type: "string"

Default: ""

Example: "Disallow: /foo/"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.virtualHosts.*.servedDirs

This option provides a simple way to serve static directories.

Type: "list of attribute sets"

Default: [ ]

Example: [ { dir = "/home/eelco/Dev/nix-homepage"; urlPath = "/nix"; } ]

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.virtualHosts.*.servedFiles

This option provides a simple way to serve individual, static files.

Type: "list of attribute sets"

Default: [ ]

Example: [ { dir = "/home/eelco/some-file.png"; urlPath = "/foo/bar.png"; } ]

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.virtualHosts.*.serverAliases

Additional names of virtual hosts served by this virtual host configuration.

Type: "list of strings"

Default: [ ]

Example: [ "www.example.org" "www.example.org:8080" "example.org" ]

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.virtualHosts.*.sslServerCert

Path to server SSL certificate.

Type: "null or path"

Default: null

Example: "/var/host.cert"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.virtualHosts.*.sslServerChain

Path to server SSL chain file.

Type: "path"

Example: "/var/ca.pem"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.httpd.virtualHosts.*.sslServerKey

Path to server SSL certificate key.

Type: "path"

Example: "/var/host.key"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
services.i2pd.eep.host

Address to forward incoming traffic to. 127.0.0.1 by default.

Type: "string"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/networking/i2pd.nix>
services.i2pd.eep.keyFile

File name containing destination keys. privKeys.dat by default.

Type: "string"

Default: "privKeys.dat"

Declared by:

<nixpkgs/nixos/modules/services/networking/i2pd.nix>
services.i2pd.eep.port

Port to forward incoming traffic to. 80 by default.

Type: "integer"

Default: 80

Declared by:

<nixpkgs/nixos/modules/services/networking/i2pd.nix>
services.i2pd.enable

Enables I2Pd as a running service upon activation.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/i2pd.nix>
services.i2pd.enableIPv6

Enables IPv6 connectivity. Disabled by default.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/i2pd.nix>
services.i2pd.extIp

Your external IP.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/i2pd.nix>
services.i2pd.http.port

HTTP listen port.

Type: "integer"

Default: 7070

Declared by:

<nixpkgs/nixos/modules/services/networking/i2pd.nix>
services.i2pd.irc.dest

Destination I2P tunnel endpoint address of IRC server. irc.postman.i2p by default.

Type: "string"

Default: "irc.postman.i2p"

Declared by:

<nixpkgs/nixos/modules/services/networking/i2pd.nix>
services.i2pd.irc.keyFile

File name containing destination keys. privKeys.dat by default.

Type: "string"

Default: "privKeys.dat"

Declared by:

<nixpkgs/nixos/modules/services/networking/i2pd.nix>
services.i2pd.irc.port

Local IRC tunnel endoint port to listen on. 6668 by default.

Type: "integer"

Default: 6668

Declared by:

<nixpkgs/nixos/modules/services/networking/i2pd.nix>
services.i2pd.port

I2P listen port. If no one is given the router will pick between 9111 and 30777.

Type: "null or integer"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/i2pd.nix>
services.i2pd.proxy.httpPort

HTTP proxy listen port.

Type: "integer"

Default: 4446

Declared by:

<nixpkgs/nixos/modules/services/networking/i2pd.nix>
services.i2pd.proxy.socksPort

SOCKS proxy listen port.

Type: "integer"

Default: 4447

Declared by:

<nixpkgs/nixos/modules/services/networking/i2pd.nix>
services.i2pd.sam.port

Local SAM tunnel endpoint. Usually 7656. SAM is disabled if not specified.

Type: "null or integer"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/i2pd.nix>
services.i2pd.unreachable

If the router is declared to be unreachable and needs introduction nodes.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/i2pd.nix>
services.icecast.admin.password

Password used for all administration functions.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/audio/icecast.nix>
services.icecast.admin.user

Username used for all administration functions.

Type: "string"

Default: "admin"

Declared by:

<nixpkgs/nixos/modules/services/audio/icecast.nix>
services.icecast.enable

Whether to enable Icecast server.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/audio/icecast.nix>
services.icecast.extraConf

icecast.xml content.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/audio/icecast.nix>
services.icecast.group

Group privileges for the server.

Type: "string"

Default: "nogroup"

Declared by:

<nixpkgs/nixos/modules/services/audio/icecast.nix>
services.icecast.hostname

DNS name or IP address that will be used for the stream directory lookups or possibily the playlist generation if a Host header is not provided.

Type: "string"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/audio/icecast.nix>
services.icecast.listen.address

Address Icecast will listen on.

Type: "string"

Default: "::"

Declared by:

<nixpkgs/nixos/modules/services/audio/icecast.nix>
services.icecast.listen.port

TCP port that will be used to accept client connections.

Type: "integer"

Default: 8000

Declared by:

<nixpkgs/nixos/modules/services/audio/icecast.nix>
services.icecast.logDir

Base directory used for logging.

Type: "path"

Default: "/var/log/icecast"

Declared by:

<nixpkgs/nixos/modules/services/audio/icecast.nix>
services.icecast.user

User privileges for the server.

Type: "string"

Default: "nobody"

Declared by:

<nixpkgs/nixos/modules/services/audio/icecast.nix>
services.influxdb.adminPort

The port where influxdb admin listens

Type: "integer"

Default: 8083

Declared by:

<nixpkgs/nixos/modules/services/databases/influxdb.nix>
services.influxdb.apiExtraConfig

Extra influxdb api configuration

Type: "string"

Default:

''
read-timeout = "5s"
''

Example:

''
ssl-port = 8084
ssl-cert = /path/to/cert.pem
read-timeout = "5s"
''

Declared by:

<nixpkgs/nixos/modules/services/databases/influxdb.nix>
services.influxdb.apiPort

The port where influxdb api listens

Type: "integer"

Default: 8086

Declared by:

<nixpkgs/nixos/modules/services/databases/influxdb.nix>
services.influxdb.bindAddress

Address where influxdb listens

Type: "string"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/databases/influxdb.nix>
services.influxdb.clusterConfig

Influxdb cluster configuration

Type: "string"

Default:

''
protobuf_port = 8099
protobuf_timeout = "2s"
protobuf_heartbeat = "200ms"
protobuf_min_backoff = "1s"
protobuf_max_backoff = "10s"

write-buffer-size = 10000
max-response-buffer-size = 100

concurrent-shard-query-limit = 10
''

Declared by:

<nixpkgs/nixos/modules/services/databases/influxdb.nix>
services.influxdb.dataDir

Data directory for influxd data files.

Type: "path"

Default: "/var/db/influxdb"

Declared by:

<nixpkgs/nixos/modules/services/databases/influxdb.nix>
services.influxdb.enable

Whether to enable the influxdb server

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/databases/influxdb.nix>
services.influxdb.extraConfig

Extra configuration options for influxdb

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/databases/influxdb.nix>
services.influxdb.group

Group under which influxdb runs

Type: "string"

Default: "influxdb"

Declared by:

<nixpkgs/nixos/modules/services/databases/influxdb.nix>
services.influxdb.inputPluginsConfig

Configuration of influxdb extra plugins

Type: "unspecified"

Default: ""

Example:

''
[input_plugins.graphite]
enabled = true
port = 2003
database = "graphite"
''

Declared by:

<nixpkgs/nixos/modules/services/databases/influxdb.nix>
services.influxdb.leveldbConfig

Influxdb leveldb configuration

Type: "string"

Default:

''
max-open-files = 40
lru-cache-size = "200m"
max-open-shards = 0
point-batch-size = 100
write-batch-size = 5000000
''

Declared by:

<nixpkgs/nixos/modules/services/databases/influxdb.nix>
services.influxdb.raftConfig

Influxdb raft configuration

Type: "string"

Default:

''
port = 8090
''

Declared by:

<nixpkgs/nixos/modules/services/databases/influxdb.nix>
services.influxdb.shardingConfig

Influxdb sharding configuration

Type: "string"

Default:

''
replication-factor = 1

[sharding.short-term]
duration = "7d"
split = 1

[sharding.long-term]
duration = "30d"
split = 1
''

Declared by:

<nixpkgs/nixos/modules/services/databases/influxdb.nix>
services.influxdb.storageConfig

Influxdb raft configuration

Type: "string"

Default:

''
write-buffer-size = 10000
''

Declared by:

<nixpkgs/nixos/modules/services/databases/influxdb.nix>
services.influxdb.user

User account under which influxdb runs

Type: "string"

Default: "influxdb"

Declared by:

<nixpkgs/nixos/modules/services/databases/influxdb.nix>
services.influxdb.walConfig

Influxdb write-ahead log configuration

Type: "string"

Default:

''
flush-after = 1000
bookmark-after = 1000
index-after = 1000
requests-per-logfile = 10000
''

Declared by:

<nixpkgs/nixos/modules/services/databases/influxdb.nix>
services.iodined.client

Start iodine in client mode

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/iodined.nix>
services.iodined.domain

Domain or subdomain of which nameservers point to us

Type: "string"

Default: ""

Example: "tunnel.mydomain.com"

Declared by:

<nixpkgs/nixos/modules/services/networking/iodined.nix>
services.iodined.enable

Enable iodine, ip over dns daemon

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/iodined.nix>
services.iodined.extraConfig

Additional command line parameters

Type: "string"

Default: ""

Example: "-P mysecurepassword -l 192.168.1.10 -p 23"

Declared by:

<nixpkgs/nixos/modules/services/networking/iodined.nix>
services.iodined.ip

Assigned ip address or ip range

Type: "string"

Default: ""

Example: "172.16.10.1/24"

Declared by:

<nixpkgs/nixos/modules/services/networking/iodined.nix>
services.ircdHybrid.adminEmail

IRCD server administrator e-mail.

Type: "unspecified"

Default: "<bit-bucket@example.com>"

Example: "<name@domain.tld>"

Declared by:

<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
services.ircdHybrid.certificate

IRCD server SSL certificate. There are some limitations - read manual.

Type: "unspecified"

Default: null

Example:

/root/certificates/irc.pem

Declared by:

<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
services.ircdHybrid.description

IRCD server description.

Type: "unspecified"

Default: "Hybrid-7 IRC server."

Declared by:

<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
services.ircdHybrid.enable

Enable IRCD.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
services.ircdHybrid.extraIPs

Extra IP's to bind.

Type: "unspecified"

Default: [ ]

Example: [ "127.0.0.1" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
services.ircdHybrid.extraPort

Extra port to avoid filtering.

Type: "unspecified"

Default: "7117"

Declared by:

<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
services.ircdHybrid.rsaKey

IRCD server RSA key.

Type: "unspecified"

Default: null

Example:

/root/certificates/irc.key

Declared by:

<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
services.ircdHybrid.serverName

IRCD server name.

Type: "unspecified"

Default: "hades.arpa"

Declared by:

<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
services.ircdHybrid.sid

IRCD server unique ID in a net of servers.

Type: "unspecified"

Default: "0NL"

Declared by:

<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
services.jboss.deployDir

Location of the deployment files

Type: "unspecified"

Default: "/nix/var/nix/profiles/default/server/default/deploy/"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
services.jboss.enable

Whether to enable jboss

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
services.jboss.libUrl

Location where the shared library JARs are stored

Type: "unspecified"

Default: "file:///nix/var/nix/profiles/default/server/default/lib"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
services.jboss.logDir

Location of the logfile directory of JBoss

Type: "unspecified"

Default: "/var/log/jboss"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
services.jboss.serverDir

Location of the server instance files

Type: "unspecified"

Default: "/var/jboss/server"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
services.jboss.tempDir

Location where JBoss stores its temp files

Type: "unspecified"

Default: "/tmp"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
services.jboss.useJK

Whether to use to connector to the Apache HTTP server

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
services.jboss.user

User account under which jboss runs.

Type: "unspecified"

Default: "nobody"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
services.jenkins.enable

Whether to enable the jenkins continuous integration server.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
services.jenkins.environment

Additional environment variables to be passed to the jenkins process. The environment will always include JENKINS_HOME.

Type: "attribute set of strings"

Default: { NIX_REMOTE = "daemon"; }

Declared by:

<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
services.jenkins.extraGroups

List of extra groups that the "jenkins" user should be a part of.

Type: "list of strings"

Default: [ ]

Example: [ "wheel" "dialout" ]

Declared by:

<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
services.jenkins.extraOptions

Additional command line arguments to pass to Jenkins.

Type: "list of strings"

Default: [ ]

Example: [ "--debug=9" "--httpListenAddress=localhost" ]

Declared by:

<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
services.jenkins.group

If the default user "jenkins" is configured then this is the primary group of that user.

Type: "string"

Default: "jenkins"

Declared by:

<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
services.jenkins.home

The path to use as JENKINS_HOME. If the default user "jenkins" is configured then this is the home of the "jenkins" user.

Type: "path"

Default: "/var/lib/jenkins"

Declared by:

<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
services.jenkins.packages

Packages to add to PATH for the jenkins process.

Type: "list of derivations"

Default: [ (build of stdenv) (build of git-minimal-2.3.5) (build of icedtea7-2.5.4) (build of ) (build of nix-1.8) ]

Declared by:

<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
services.jenkins.port

Specifies port number on which the jenkins HTTP interface listens. The default is 8080.

Type: "integer"

Default: 8080

Declared by:

<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
services.jenkins.user

User the jenkins server should execute under.

Type: "string"

Default: "jenkins"

Declared by:

<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
services.jenkinsSlave.enable

If true the system will be configured to work as a jenkins slave. If the system is also configured to work as a jenkins master then this has no effect. In progress: Currently only assures the jenkins user is configured.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix>
services.jenkinsSlave.group

If the default slave agent user "jenkins" is configured then this is the primary group of that user.

Type: "string"

Default: "jenkins"

Declared by:

<nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix>
services.jenkinsSlave.home

The path to use as JENKINS_HOME. If the default user "jenkins" is configured then this is the home of the "jenkins" user.

Type: "path"

Default: "/var/lib/jenkins"

Declared by:

<nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix>
services.jenkinsSlave.user

User the jenkins slave agent should execute under.

Type: "string"

Default: "jenkins"

Declared by:

<nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix>
services.journald.console

If non-empty, write log messages to the specified TTY device.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
services.journald.enableHttpGateway

Whether to enable the HTTP gateway to the journal.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
services.journald.extraConfig

Extra config options for systemd-journald. See man journald.conf for available options.

Type: "string"

Default: ""

Example: "Storage=volatile"

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
services.journald.rateLimitBurst

Configures the rate limiting burst limit (number of messages per interval) that is applied to all messages generated on the system. This rate limiting is applied per-service, so that two services which log do not interfere with each other's limit.

Type: "integer"

Default: 100

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
services.journald.rateLimitInterval

Configures the rate limiting interval that is applied to all messages generated on the system. This rate limiting is applied per-service, so that two services which log do not interfere with each other's limit. The value may be specified in the following units: s, min, h, ms, us. To turn off any kind of rate limiting, set either value to 0.

Type: "string"

Default: "10s"

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
services.kerberos_server.enable

Enable the kerberos authentification server.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/system/kerberos.nix>
services.kippo.enable

Enable the kippo honeypot ssh server.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/kippo.nix>
services.kippo.extraConfig

Extra verbatim configuration added to the end of kippo.cfg.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/kippo.nix>
services.kippo.hostname

Hostname for kippo to present to SSH login

Type: "string"

Default: "nas3"

Declared by:

<nixpkgs/nixos/modules/services/networking/kippo.nix>
services.kippo.logPath

Path of log files needed for operation and configuration.

Type: "string"

Default: "/var/log/kippo"

Declared by:

<nixpkgs/nixos/modules/services/networking/kippo.nix>
services.kippo.pidPath

Path of pid files needed for operation.

Type: "string"

Default: "/run/kippo"

Declared by:

<nixpkgs/nixos/modules/services/networking/kippo.nix>
services.kippo.port

TCP port number for kippo to bind to.

Type: "integer"

Default: 2222

Declared by:

<nixpkgs/nixos/modules/services/networking/kippo.nix>
services.kippo.varPath

Path of read/write files needed for operation and configuration.

Type: "string"

Default: "/var/lib/kippo"

Declared by:

<nixpkgs/nixos/modules/services/networking/kippo.nix>
services.klogd.enable

Whether to enable klogd, the kernel log message processing daemon. Since systemd handles logging of kernel messages on Linux 3.5 and later, this is only useful if you're running an older kernel.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/logging/klogd.nix>
services.kmscon.enable

Use kmscon as the virtual console instead of gettys. kmscon is a kms/dri-based userspace virtual terminal implementation. It supports a richer feature set than the standard linux console VT, including full unicode support, and when the video card supports drm should be much faster.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/ttys/kmscon.nix>
services.kmscon.extraConfig

Extra contents of the kmscon.conf file.

Type: "string"

Default: ""

Example: "font-size=14"

Declared by:

<nixpkgs/nixos/modules/services/ttys/kmscon.nix>
services.kmscon.hwRender

Whether to use 3D hardware acceleration to render the console.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/ttys/kmscon.nix>
services.kubernetes.apiserver.address

Kubernetes apiserver listening address.

Type: "string"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.apiserver.allowPrivileged

Whether to allow privileged containers on kubernetes.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.apiserver.authorizationMode

Kubernetes apiserver authorization mode (AlwaysAllow/AlwaysDeny/ABAC). See https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/authorization.md

Type: "one of AlwaysAllow, AlwaysDeny, ABAC"

Default: "AlwaysAllow"

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.apiserver.authorizationPolicy

Kubernetes apiserver authorization policy file. See https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/authorization.md

Type: "list of attribute sets"

Default: [ ]

Example:

[
  {user = "admin";}
  {user = "scheduler"; readonly = true; kind= "pods";}
  {user = "scheduler"; kind = "bindings";}
  {user = "kubelet";  readonly = true; kind = "bindings";}
  {user = "kubelet"; kind = "events";}
  {user= "alice"; ns = "projectCaribou";}
  {user = "bob"; readonly = true; ns = "projectCaribou";}
]

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.apiserver.enable

Whether to enable kubernetes apiserver.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.apiserver.extraOpts

Kubernetes apiserver extra command line options.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.apiserver.port

Kubernets apiserver listening port.

Type: "integer"

Default: 8080

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.apiserver.portalNet

Kubernetes CIDR notation IP range from which to assign portal IPs

Type: "string"

Default: "10.10.10.10/16"

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.apiserver.publicAddress

Kubernetes apiserver public listening address used for read only and secure port.

Type: "string"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.apiserver.readOnlyPort

Kubernets apiserver read-only port.

Type: "integer"

Default: 7080

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.apiserver.securePort

Kubernetes apiserver secure port.

Type: "integer"

Default: 6443

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.apiserver.tlsCertFile

Kubernetes apiserver certificate file.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.apiserver.tlsPrivateKeyFile

Kubernetes apiserver private key file.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.apiserver.tokenAuth

Kubernetes apiserver token authentication file. See https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/authentication.md

Type: "attribute set of strings"

Default: { }

Example:

{
  alice = "abc123";
  bob = "xyz987";
}

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.controllerManager.address

Kubernetes controller manager listening address.

Type: "string"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.controllerManager.enable

Whether to enable kubernetes controller manager.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.controllerManager.extraOpts

Kubernetes controller extra command line options.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.controllerManager.machines

Kubernetes controller list of machines to schedule to schedule onto

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.controllerManager.master

Kubernetes apiserver address

Type: "string"

Default: "127.0.0.1:8080"

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.controllerManager.port

Kubernets controller manager listening port.

Type: "integer"

Default: 10252

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.dataDir

Kubernetes root directory for managing kubelet files.

Type: "path"

Default: "/var/lib/kubernetes"

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.dockerCfg

Kubernetes contents of dockercfg file.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.etcdServers

Kubernetes list of etcd servers to watch.

Type: "list of strings"

Default: [ "127.0.0.1:4001" ]

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.kubelet.address

Kubernetes kubelet info server listening address.

Type: "string"

Default: "0.0.0.0"

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.kubelet.allowPrivileged

Whether to allow kubernetes containers to request privileged mode.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.kubelet.apiServers

Kubernetes kubelet list of Kubernetes API servers for publishing events, and reading pods and services.

Type: "list of strings"

Default: [ "127.0.0.1:8080" ]

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.kubelet.cadvisorPort

Kubernetes kubelet local cadvisor port.

Type: "integer"

Default: 8080

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.kubelet.clusterDns

Use alternative dns.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.kubelet.clusterDomain

Use alternative domain.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.kubelet.enable

Whether to enable kubernetes kubelet.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.kubelet.extraOpts

Kubernetes kubelet extra command line options.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.kubelet.hostname

Kubernetes kubelet hostname override

Type: "string"

Default: "nixos"

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.kubelet.port

Kubernets kubelet info server listening port.

Type: "integer"

Default: 10250

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.proxy.address

Kubernetes proxy listening address.

Type: "string"

Default: "0.0.0.0"

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.proxy.enable

Whether to enable kubernetes proxy.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.proxy.extraOpts

Kubernetes proxy extra command line options.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.roles

Kubernetes role that this machine should take. Master role will enable etcd, apiserver, scheduler and controller manager services. Node role will enable etcd, docker, kubelet and proxy services.

Type: "list of one of master, nodes"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.scheduler.address

Kubernetes scheduler listening address.

Type: "string"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.scheduler.enable

Whether to enable kubernetes scheduler.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.scheduler.extraOpts

Kubernetes scheduler extra command line options.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.scheduler.master

Kubernetes apiserver address

Type: "string"

Default: "127.0.0.1:8080"

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.scheduler.port

Kubernets scheduler listening port.

Type: "integer"

Default: 10251

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.kubernetes.verbose

Kubernetes enable verbose mode for debugging

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/cluster/kubernetes.nix>
services.lighttpd.cgit.configText

Verbatim contents of the cgit runtime configuration file. Documentation (with cgitrc example file) is available in "man cgitrc". Or online: http://git.zx2c4.com/cgit/tree/cgitrc.5.txt

Type: "string"

Default: ""

Example:

''
cache-size=1000
scan-path=/srv/git
''

Declared by:

<nixpkgs/nixos/modules/services/web-servers/lighttpd/cgit.nix>
services.lighttpd.cgit.enable

If true, enable cgit (fast web interface for git repositories) as a sub-service in lighttpd. cgit will be accessible at http://yourserver/cgit

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/web-servers/lighttpd/cgit.nix>
services.lighttpd.configText

Overridable config file contents to use for lighttpd. By default, use the contents automatically generated by NixOS.

Type: "string"

Default: ""

Example: "...verbatim config file contents..."

Declared by:

<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
services.lighttpd.document-root

Document-root of the web server. Must be readable by the "lighttpd" user.

Type: "path"

Default: "/srv/www"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
services.lighttpd.enable

Enable the lighttpd web server.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
services.lighttpd.enableModules

List of lighttpd modules to enable. Sub-services take care of enabling modules as needed, so this option is mainly for when you want to add custom stuff to services.lighttpd.extraConfig that depends on a certain module.

Type: "list of strings"

Default: [ ]

Example: [ "mod_cgi" "mod_status" ]

Declared by:

<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
services.lighttpd.extraConfig

These configuration lines will be appended to the generated lighttpd config file. Note that this mechanism does not work when the manual configText option is used.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
services.lighttpd.gitweb.enable

If true, enable gitweb in lighttpd. Access it at http://yourserver/gitweb

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/web-servers/lighttpd/gitweb.nix>
services.lighttpd.gitweb.extraConfig

Verbatim configuration text appended to the generated gitweb.conf file.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/web-servers/lighttpd/gitweb.nix>
services.lighttpd.gitweb.projectroot

Path to git projects (bare repositories) that should be served by gitweb. Must not end with a slash.

Type: "path"

Default: "/srv/git"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/lighttpd/gitweb.nix>
services.lighttpd.mod_status

Show server status overview at /server-status, statistics at /server-statistics and list of loaded modules at /server-config.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
services.lighttpd.mod_userdir

If true, requests in the form /~user/page.html are rewritten to take the file public_html/page.html from the home directory of the user.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
services.lighttpd.port

TCP port number for lighttpd to bind to.

Type: "integer"

Default: 80

Declared by:

<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
services.liquidsoap.streams

Set of Liquidsoap streams to start, one systemd service per stream.

Type: "attribute set of path or strings"

Default: { }

Example: { myStream1 = "/etc/liquidsoap/myStream1.liq"; myStream2 = ./myStream2.liq; myStream3 = "out(playlist("/srv/music/"))"; }

Declared by:

<nixpkgs/nixos/modules/services/audio/liquidsoap.nix>
services.locate.enable

If enabled, NixOS will periodically update the database of files used by the locate command.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/misc/locate.nix>
services.locate.extraFlags

Extra flags to append to updatedb.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/misc/locate.nix>
services.locate.localuser

The user to search non-network directories as, using su.

Type: "string"

Default: "nobody"

Declared by:

<nixpkgs/nixos/modules/misc/locate.nix>
services.locate.output

The database file to build.

Type: "path"

Default: "/var/cache/locatedb"

Declared by:

<nixpkgs/nixos/modules/misc/locate.nix>
services.locate.period

This option defines (in the format used by cron) when the locate database is updated. The default is to update at 02:15 at night every day.

Type: "string"

Default: "15 02 * * *"

Declared by:

<nixpkgs/nixos/modules/misc/locate.nix>
services.logcheck.config

Config options that you would like in logcheck.conf.

Type: "string"

Default: "FQDN=1"

Declared by:

<nixpkgs/nixos/modules/services/logging/logcheck.nix>
services.logcheck.enable

Enable the logcheck cron job.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/logging/logcheck.nix>
services.logcheck.extraGroups

Extra groups for the logcheck user, for example to be able to use sendmail, or to access certain log files.

Type: "list of strings"

Default: [ ]

Example: [ "postdrop" "mongodb" ]

Declared by:

<nixpkgs/nixos/modules/services/logging/logcheck.nix>
services.logcheck.extraRulesDirs

Directories with extra rules.

Type: "list of paths"

Default: [ ]

Example: "/etc/logcheck"

Declared by:

<nixpkgs/nixos/modules/services/logging/logcheck.nix>
services.logcheck.files

Which log files to check.

Type: "list of paths"

Default: [ "/var/log/messages" ]

Example: [ "/var/log/messages" "/var/log/mail" ]

Declared by:

<nixpkgs/nixos/modules/services/logging/logcheck.nix>
services.logcheck.ignore

This option defines extra ignore rules.

Type: "list or attribute set of submodules"

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/logging/logcheck.nix>
services.logcheck.ignore.<name?>.level

Set the logcheck level. Either "workstation", "server", or "paranoid".

Type: "string"

Default: "server"

Declared by:

<nixpkgs/nixos/modules/services/logging/logcheck.nix>
services.logcheck.ignore.<name?>.regex

Regex specifying which log lines to ignore.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/logging/logcheck.nix>
services.logcheck.ignoreCron

This option defines extra ignore rules for cronjobs.

Type: "list or attribute set of submodules"

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/logging/logcheck.nix>
services.logcheck.ignoreCron.<name?>.cmdline

Command line for the cron job. Will be turned into a regex for the logcheck ignore rule.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/logging/logcheck.nix>
services.logcheck.ignoreCron.<name?>.level

Set the logcheck level. Either "workstation", "server", or "paranoid".

Type: "string"

Default: "server"

Declared by:

<nixpkgs/nixos/modules/services/logging/logcheck.nix>
services.logcheck.ignoreCron.<name?>.regex

Regex specifying which log lines to ignore.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/logging/logcheck.nix>
services.logcheck.ignoreCron.<name?>.timeArgs

"min hr dom mon dow" crontab time args, to auto-create a cronjob too. Leave at null to not do this and just add a logcheck ignore rule.

Type: "null or string"

Default: null

Example: "02 06 * * *"

Declared by:

<nixpkgs/nixos/modules/services/logging/logcheck.nix>
services.logcheck.ignoreCron.<name?>.user

User that runs the cronjob.

Type: "string"

Default: "root"

Declared by:

<nixpkgs/nixos/modules/services/logging/logcheck.nix>
services.logcheck.level

Set the logcheck level. Either "workstation", "server", or "paranoid".

Type: "string"

Default: "server"

Declared by:

<nixpkgs/nixos/modules/services/logging/logcheck.nix>
services.logcheck.mailTo

Email address to send reports to.

Type: "string"

Default: "root"

Example: "you@domain.com"

Declared by:

<nixpkgs/nixos/modules/services/logging/logcheck.nix>
services.logcheck.timeOfDay

Time of day to run logcheck. A logcheck will be scheduled at xx:02 each day. Leave default (*) to run every hour. Of course when nothing special was logged, logcheck will be silent.

Type: "string"

Default: "*"

Example: "6"

Declared by:

<nixpkgs/nixos/modules/services/logging/logcheck.nix>
services.logcheck.user

Username for the logcheck user.

Type: "string"

Default: "logcheck"

Declared by:

<nixpkgs/nixos/modules/services/logging/logcheck.nix>
services.logind.extraConfig

Extra config options for systemd-logind. See man logind.conf for available options.

Type: "string"

Default: ""

Example: "HandleLidSwitch=ignore"

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
services.logrotate.config

The contents of the logrotate config file

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/logging/logrotate.nix>
services.logrotate.enable

Enable the logrotate cron job

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/logging/logrotate.nix>
services.logstash.address

Address on which to start webserver.

Type: "string"

Default: "0.0.0.0"

Declared by:

<nixpkgs/nixos/modules/services/logging/logstash.nix>
services.logstash.enable

Enable logstash.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/logging/logstash.nix>
services.logstash.enableWeb

Enable the logstash web interface.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/logging/logstash.nix>
services.logstash.filterConfig

logstash filter configuration.

Type: "string"

Default: "noop {}"

Example:

''
if [type] == "syslog" {
  # Keep only relevant systemd fields
  # http://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html
  prune {
    whitelist_names => [
      "type", "@timestamp", "@version",
      "MESSAGE", "PRIORITY", "SYSLOG_FACILITY",
    ]
  }
}
''

Declared by:

<nixpkgs/nixos/modules/services/logging/logstash.nix>
services.logstash.filterWorkers

The quantity of filter workers to run.

Type: "integer"

Default: 1

Declared by:

<nixpkgs/nixos/modules/services/logging/logstash.nix>
services.logstash.inputConfig

Logstash input configuration.

Type: "string"

Default: ''stdin { type => "example" }''

Example:

''
# Read from journal
pipe {
  command => "/nix/store/d0468c86p8akn438g1dcrg8lc93pk9sd-systemd-217/bin/journalctl -f -o json"
  type => "syslog" codec => json {}
}
''

Declared by:

<nixpkgs/nixos/modules/services/logging/logstash.nix>
services.logstash.logLevel

Logging verbosity level.

Type: "one of debug, info, warn, error, fatal"

Default: "warn"

Declared by:

<nixpkgs/nixos/modules/services/logging/logstash.nix>
services.logstash.outputConfig

Logstash output configuration.

Type: "string"

Default: ''stdout { debug => true debug_format => "json"}''

Example:

''
redis { host => "localhost" data_type => "list" key => "logstash" codec => json }
elasticsearch { embedded => true }
''

Declared by:

<nixpkgs/nixos/modules/services/logging/logstash.nix>
services.logstash.plugins

The paths to find other logstash plugins in.

Type: "list of paths"

Default: [ ]

Example:

[ pkgs.logstash-contrib ]

Declared by:

<nixpkgs/nixos/modules/services/logging/logstash.nix>
services.logstash.port

Port on which to start webserver.

Type: "string"

Default: "9292"

Declared by:

<nixpkgs/nixos/modules/services/logging/logstash.nix>
services.logstash.watchdogTimeout

Set watchdog timeout value in seconds.

Type: "integer"

Default: 10

Declared by:

<nixpkgs/nixos/modules/services/logging/logstash.nix>
services.lshd.enable

Whether to enable the GNU lshd SSH2 daemon, which allows secure remote login.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
services.lshd.hostKey

Path to the server's private key. Note that this key must have been created, e.g., using "lsh-keygen --server | lsh-writekey --server", so that you can run lshd.

Type: "unspecified"

Default: "/etc/lsh/host-key"

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
services.lshd.interfaces

List of network interfaces where listening for connections. When providing the empty list, `[]', lshd listens on all network interfaces.

Type: "unspecified"

Default: [ ]

Example: [ "localhost" "1.2.3.4:443" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
services.lshd.loginShell

If non-null, override the default login shell with the specified value.

Type: "unspecified"

Default: null

Example: "/nix/store/xyz-bash-10.0/bin/bash10"

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
services.lshd.passwordAuthentication

Whether to enable password authentication.

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
services.lshd.portNumber

The port on which to listen for connections.

Type: "unspecified"

Default: 22

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
services.lshd.publicKeyAuthentication

Whether to enable public key authentication.

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
services.lshd.rootLogin

Whether to enable remote root login.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
services.lshd.srpKeyExchange

Whether to enable SRP key exchange and user authentication.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
services.lshd.subsystems

List of subsystem-path pairs, where the head of the pair denotes the subsystem name, and the tail denotes the path to an executable implementing it.

Type: "unspecified"

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
services.lshd.syslog

Whether to enable syslog output.

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
services.lshd.tcpForwarding

Whether to enable TCP/IP forwarding.

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
services.lshd.x11Forwarding

Whether to enable X11 forwarding.

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
services.mail.freepopsd.bind

Bind over an IPv4 address instead of any.

Type: "string"

Default: "0.0.0.0"

Declared by:

<nixpkgs/nixos/modules/services/mail/freepops.nix>
services.mail.freepopsd.enable

Enables Freepops, a POP3 webmail wrapper.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/mail/freepops.nix>
services.mail.freepopsd.logFile

Filename of the log file or syslog to rely on the logging daemon.

Type: "string"

Default: "/var/log/freepopsd"

Example: "syslog"

Declared by:

<nixpkgs/nixos/modules/services/mail/freepops.nix>
services.mail.freepopsd.port

Port on which the pop server will listen.

Type: "integer"

Default: 2000

Declared by:

<nixpkgs/nixos/modules/services/mail/freepops.nix>
services.mail.freepopsd.suid.group

Group under which freepopsd will be after binding the port.

Type: "string"

Default: "nogroup"

Declared by:

<nixpkgs/nixos/modules/services/mail/freepops.nix>
services.mail.freepopsd.suid.user

User name under which freepopsd will be after binding the port.

Type: "string"

Default: "nobody"

Declared by:

<nixpkgs/nixos/modules/services/mail/freepops.nix>
services.mail.freepopsd.threads

Max simultaneous connections.

Type: "integer"

Default: 5

Declared by:

<nixpkgs/nixos/modules/services/mail/freepops.nix>
services.mail.sendmailSetuidWrapper

Configuration for the sendmail setuid wrwapper (like an element of security.setuidOwners)";

Type: "unspecified"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/mail/mail.nix>
services.mailpile.enable

Whether to enable Mailpile the mail client.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/mailpile.nix>
services.mailpile.hostname

Listen to this hostname or ip.

Type: "unspecified"

Default: "localhost"

Declared by:

<nixpkgs/nixos/modules/services/networking/mailpile.nix>
services.mailpile.port

Listen on this port.

Type: "unspecified"

Default: "33411"

Declared by:

<nixpkgs/nixos/modules/services/networking/mailpile.nix>
services.marathon.enable

Whether to enable the marathon mesos framework.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/scheduling/marathon.nix>
services.marathon.httpPort

Marathon listening port

Type: "integer"

Default: 8080

Declared by:

<nixpkgs/nixos/modules/services/scheduling/marathon.nix>
services.marathon.master

Marathon mesos master zookeeper address

Type: "string"

Default: "zk://localhost:2181/mesos"

Declared by:

<nixpkgs/nixos/modules/services/scheduling/marathon.nix>
services.marathon.zookeeperHosts

Marathon mesos zookepper addresses

Type: "list of strings"

Default: [ "localhost:2181" ]

Declared by:

<nixpkgs/nixos/modules/services/scheduling/marathon.nix>
services.mediatomb.customCfg

Allow mediatomb to create and use its own config file inside /var/lib/mediatomb.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
services.mediatomb.dataDir

The directory where mediatomb stores its state, data, etc.

Type: "path"

Default: "/var/lib/mediatomb"

Declared by:

<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
services.mediatomb.dsmSupport

Whether to enable D-Link DSM 320 specific tweaks. WARNING: incompatible with ps3 support.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
services.mediatomb.enable

Whether to enable the mediatomb DLNA server.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
services.mediatomb.group

Group account under which mediatomb runs.

Type: "unspecified"

Default: "mediatomb"

Declared by:

<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
services.mediatomb.port

The network port to listen on.

Type: "unspecified"

Default: 49152

Declared by:

<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
services.mediatomb.ps3Support

Whether to enable ps3 specific tweaks. WARNING: incompatible with DSM 320 support.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
services.mediatomb.serverName

How to identify the server on the network.

Type: "string"

Default: "mediatomb"

Declared by:

<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
services.mediatomb.tg100Support

Whether to enable Telegent TG100 specific tweaks.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
services.mediatomb.transcoding

Whether to enable transcoding.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
services.mediatomb.user

User account under which mediatomb runs.

Type: "unspecified"

Default: "mediatomb"

Declared by:

<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
services.mediatomb.uuid

A unique (on your network) to identify the server by.

Type: "unspecified"

Default: "fdfc8a4e-a3ad-4c1d-b43d-a2eedb03a687"

Declared by:

<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
services.memcached.enable

Whether to enable Memcached.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/databases/memcached.nix>
services.memcached.extraOptions

A list of extra options that will be added as a suffix when running memcached

Type: "unspecified"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/databases/memcached.nix>
services.memcached.listen

The IP address to bind to

Type: "unspecified"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/databases/memcached.nix>
services.memcached.maxConnections

The maximum number of simultaneous connections

Type: "unspecified"

Default: 1024

Declared by:

<nixpkgs/nixos/modules/services/databases/memcached.nix>
services.memcached.maxMemory

The maximum amount of memory to use for storage, in megabytes.

Type: "unspecified"

Default: 64

Declared by:

<nixpkgs/nixos/modules/services/databases/memcached.nix>
services.memcached.port

The port to bind to

Type: "unspecified"

Default: 11211

Declared by:

<nixpkgs/nixos/modules/services/databases/memcached.nix>
services.memcached.socket

Unix socket path to listen on. Setting this will disable network support

Type: "unspecified"

Default: ""

Example: "/var/run/memcached"

Declared by:

<nixpkgs/nixos/modules/services/databases/memcached.nix>
services.memcached.user

The user to run Memcached as

Type: "unspecified"

Default: "memcached"

Declared by:

<nixpkgs/nixos/modules/services/databases/memcached.nix>
services.mesos.master.enable

Whether to enable the Mesos Master.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/mesos-master.nix>
services.mesos.master.extraCmdLineOptions

Extra command line options for Mesos Master. See https://mesos.apache.org/documentation/latest/configuration/

Type: "list of strings"

Default: [ "" ]

Example: [ "--credentials=VALUE" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/mesos-master.nix>
services.mesos.master.logLevel

The logging level used. Possible values: 'INFO', 'WARNING', 'ERROR'

Type: "string"

Default: "INFO"

Declared by:

<nixpkgs/nixos/modules/services/misc/mesos-master.nix>
services.mesos.master.port

Mesos Master port

Type: "integer"

Default: 5050

Declared by:

<nixpkgs/nixos/modules/services/misc/mesos-master.nix>
services.mesos.master.quorum

The size of the quorum of replicas when using 'replicated_log' based registry. It is imperative to set this value to be a majority of masters i.e., quorum > (number of masters)/2. If 0 will fall back to --registry=in_memory.

Type: "integer"

Default: 0

Declared by:

<nixpkgs/nixos/modules/services/misc/mesos-master.nix>
services.mesos.master.workDir

The Mesos work directory.

Type: "string"

Default: "/var/lib/mesos/master"

Declared by:

<nixpkgs/nixos/modules/services/misc/mesos-master.nix>
services.mesos.master.zk

ZooKeeper URL (used for leader election amongst masters). May be one of: zk://host1:port1,host2:port2,.../mesos zk://username:password@host1:port1,host2:port2,.../mesos

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/misc/mesos-master.nix>
services.mesos.slave.attributes

Machine attributes for the slave instance. Use caution when changing this; you may need to manually reset slave metadata before the slave can re-register.

Type: "attribute set of strings"

Default: { }

Example: { host = "aabc123"; os = "nixos"; rack = "aa"; }

Declared by:

<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
services.mesos.slave.enable

Whether to enable the Mesos Slave.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
services.mesos.slave.extraCmdLineOptions

Extra command line options for Mesos Slave. See https://mesos.apache.org/documentation/latest/configuration/

Type: "list of strings"

Default: [ "" ]

Example: [ "--gc_delay=3days" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
services.mesos.slave.logLevel

The logging level used. Possible values: 'INFO', 'WARNING', 'ERROR'

Type: "string"

Default: "INFO"

Declared by:

<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
services.mesos.slave.master

May be one of: zk://host1:port1,host2:port2,.../path zk://username:password@host1:port1,host2:port2,.../path

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
services.mesos.slave.port

Mesos Slave port

Type: "integer"

Default: 5051

Declared by:

<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
services.mesos.slave.withHadoop

Add the HADOOP_HOME to the slave.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
services.mesos.slave.workDir

The Mesos work directory.

Type: "string"

Default: "/var/lib/mesos/slave"

Declared by:

<nixpkgs/nixos/modules/services/misc/mesos-slave.nix>
services.minecraft-server.dataDir

Directory to store minecraft database and other state/data files.

Type: "path"

Default: "/var/lib/minecraft"

Declared by:

<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
services.minecraft-server.enable

If enabled, start a Minecraft Server. The listening port for the server is always 25565. The server data will be loaded from and saved to /var/lib/minecraft.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
services.minecraft-server.jvmOpts

JVM options for the Minecraft Service.

Type: "string"

Default: "-Xmx2048M -Xms2048M"

Declared by:

<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
services.minecraft-server.openFirewall

Whether to open ports in the firewall (if enabled) for the server.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
services.minetest-server.configPath

Path to the config to use. If set to null, the config of the running user will be used: `~/.minetest/minetest.conf`.

Type: "null or path"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/games/minetest-server.nix>
services.minetest-server.enable

If enabled, starts a Minetest Server.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/games/minetest-server.nix>
services.minetest-server.gameId

Id of the game to use. To list available games run `minetestserver --gameid list`. If only one game exists, this option can be null.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/games/minetest-server.nix>
services.minetest-server.logPath

Path to logfile for logging. If set to null, logging will be output to stdout which means all output will be catched by systemd.

Type: "null or path"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/games/minetest-server.nix>
services.minetest-server.port

Port number to bind to. If set to null, the default 30000 will be used.

Type: "null or integer"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/games/minetest-server.nix>
services.minetest-server.world

Name of the world to use. To list available worlds run `minetestserver --world list`. If only one world exists, this option can be null.

Type: "null or path"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/games/minetest-server.nix>
services.mingetty.greetingLine

Welcome line printed by mingetty.

Type: "string"

Default: ''<<< Welcome to NixOS 15.05pre56789.gfedcba (\m) - \l >>>''

Declared by:

<nixpkgs/nixos/modules/services/ttys/agetty.nix>
services.mingetty.helpLine

Help line printed by mingetty below the welcome line. Used by the installation CD to give some hints on how to proceed.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/ttys/agetty.nix>
services.mingetty.serialSpeed

Bitrates to allow for agetty's listening on serial ports. Listing more bitrates gives more interoperability but at the cost of long delays for getting a sync on the line.

Type: "list of integers"

Default: [ 115200 57600 38400 9600 ]

Example: [ 38400 9600 ]

Declared by:

<nixpkgs/nixos/modules/services/ttys/agetty.nix>
services.minidlna.config

The contents of MiniDLNA's configuration file.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/networking/minidlna.nix>
services.minidlna.enable

Whether to enable MiniDLNA, a simple DLNA server. It serves media files such as video and music to DLNA client devices such as televisions and media players.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/minidlna.nix>
services.minidlna.mediaDirs

Directories to be scanned for media files. The prefixes A,, V, and P, restrict a directory to audio, video or image files. The directories must be accessible to the minidlna user account.

Type: "list of strings"

Default: [ ]

Example: [ "/data/media" "V,/home/alice/video" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/minidlna.nix>
services.mlmmj.enable

Enable mlmmj

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/mail/mlmmj.nix>
services.mlmmj.group

mailinglist local group

Type: "string"

Default: "mlmmj"

Declared by:

<nixpkgs/nixos/modules/services/mail/mlmmj.nix>
services.mlmmj.listDomain

Set the mailing list domain

Type: "string"

Default: "localhost"

Declared by:

<nixpkgs/nixos/modules/services/mail/mlmmj.nix>
services.mlmmj.mailLists

The collection of hosted maillists

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/mail/mlmmj.nix>
services.mlmmj.user

mailinglist local user

Type: "string"

Default: "mlmmj"

Declared by:

<nixpkgs/nixos/modules/services/mail/mlmmj.nix>
services.monetdb.dbfarmDir

Specifies location of Monetdb dbfarm (keeps database and auxiliary files).

Type: "path"

Default: "/var/lib/monetdb"

Declared by:

<nixpkgs/nixos/modules/services/databases/monetdb.nix>
services.monetdb.enable

Whether to enable MonetDB database server.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/databases/monetdb.nix>
services.monetdb.package

MonetDB package to use.

Type: "path"

Declared by:

<nixpkgs/nixos/modules/services/databases/monetdb.nix>
services.monetdb.port

Port to listen on.

Type: "unspecified"

Default: "50000"

Example: "50000"

Declared by:

<nixpkgs/nixos/modules/services/databases/monetdb.nix>
services.mongodb.bind_ip

IP to bind to

Type: "unspecified"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/databases/mongodb.nix>
services.mongodb.dbpath

Location where MongoDB stores its files

Type: "unspecified"

Default: "/var/db/mongodb"

Declared by:

<nixpkgs/nixos/modules/services/databases/mongodb.nix>
services.mongodb.enable

Whether to enable the MongoDB server.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/databases/mongodb.nix>
services.mongodb.extraConfig

MongoDB extra configuration

Type: "unspecified"

Default: ""

Example:

''
nojournal = true
''

Declared by:

<nixpkgs/nixos/modules/services/databases/mongodb.nix>
services.mongodb.pidFile

Location of MongoDB pid file

Type: "unspecified"

Default: "/var/run/mongodb.pid"

Declared by:

<nixpkgs/nixos/modules/services/databases/mongodb.nix>
services.mongodb.quiet

quieter output

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/databases/mongodb.nix>
services.mongodb.replSetName

If this instance is part of a replica set, set its name here. Otherwise, leave empty to run as single node.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/databases/mongodb.nix>
services.mongodb.user

User account under which MongoDB runs

Type: "unspecified"

Default: "mongodb"

Declared by:

<nixpkgs/nixos/modules/services/databases/mongodb.nix>
services.monit.config

monit.conf content

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/monitoring/monit.nix>
services.monit.enable

Whether to run Monit system watcher.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/monit.nix>
services.monit.startOn

What Monit supposes to be already present

Type: "unspecified"

Default: "started network-interfaces"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/monit.nix>
services.mopidy.configuration

The configuration that Mopidy should use.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/audio/mopidy.nix>
services.mopidy.dataDir

The directory where Mopidy stores its state.

Type: "string"

Default: "/var/lib/mopidy"

Declared by:

<nixpkgs/nixos/modules/services/audio/mopidy.nix>
services.mopidy.enable

Whether to enable Mopidy, a music player daemon.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/audio/mopidy.nix>
services.mopidy.extensionPackages

Mopidy extensions that should be loaded by the service.

Type: "list of derivations"

Default: [ ]

Example:

[ pkgs.mopidy-spotify ]

Declared by:

<nixpkgs/nixos/modules/services/audio/mopidy.nix>
services.mopidy.extraConfigFiles

Extra config file read by Mopidy when the service starts. Later files in the list overrides earlier configuration.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/audio/mopidy.nix>
services.mpd.dataDir

The directory where MPD stores its state, tag cache, playlists etc.

Type: "unspecified"

Default: "/var/lib/mpd"

Declared by:

<nixpkgs/nixos/modules/services/audio/mpd.nix>
services.mpd.dbFile

The path to MPD's database.

Type: "string"

Default: "/var/lib/mpd/tag_cache"

Declared by:

<nixpkgs/nixos/modules/services/audio/mpd.nix>
services.mpd.enable

Whether to enable MPD, the music player daemon.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/audio/mpd.nix>
services.mpd.extraConfig

Extra directives added to to the end of MPD's configuration file, mpd.conf. Basic configuration like file location and uid/gid is added automatically to the beginning of the file.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/audio/mpd.nix>
services.mpd.group

Group account under which MPD runs.

Type: "unspecified"

Default: "mpd"

Declared by:

<nixpkgs/nixos/modules/services/audio/mpd.nix>
services.mpd.musicDirectory

The directory where mpd reads music from.

Type: "unspecified"

Default: "/var/lib/mpd/music"

Declared by:

<nixpkgs/nixos/modules/services/audio/mpd.nix>
services.mpd.network.host

This setting sets the address for the daemon to listen on. Careful attention should be paid if this is assigned to anything other then the default, any. This setting can deny access to control of the daemon.

Type: "unspecified"

Default: "any"

Declared by:

<nixpkgs/nixos/modules/services/audio/mpd.nix>
services.mpd.network.port

This setting is the TCP port that is desired for the daemon to get assigned to.

Type: "unspecified"

Default: 6600

Declared by:

<nixpkgs/nixos/modules/services/audio/mpd.nix>
services.mpd.user

User account under which MPD runs.

Type: "unspecified"

Default: "mpd"

Declared by:

<nixpkgs/nixos/modules/services/audio/mpd.nix>
services.mstpd.enable

Whether to enable the multiple spanning tree protocol daemon.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/mstpd.nix>
services.munge.enable

Whether to enable munge service.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/security/munge.nix>
services.munge.password

The path to a daemon's secret key.

Type: "string"

Default: "/etc/munge/munge.key"

Declared by:

<nixpkgs/nixos/modules/services/security/munge.nix>
services.munin-cron.enable

Enable munin-cron. Takes care of all heavy lifting to collect data from nodes and draws graphs to html. Runs munin-update, munin-limits, munin-graphs and munin-html in that order. HTML output is in /var/www/munin/, configure your favourite webserver to serve static files.

Type: "unspecified"

Default: false

Example:

services = {
   munin-node.enable = true;
   munin-cron = {
     enable = true;
     hosts = ''
       [${config.networking.hostName}]
       address localhost
     '';
     extraGlobalConfig = ''
       contact.email.command mail -s "Munin notification for ${var:host}" someone@example.com
     '';
   };
};

Declared by:

<nixpkgs/nixos/modules/services/monitoring/munin.nix>
services.munin-cron.extraGlobalConfig

munin.conf extra global configuration. See http://munin-monitoring.org/wiki/munin.conf. Useful to setup notifications, see http://munin-monitoring.org/wiki/HowToContact

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/monitoring/munin.nix>
services.munin-cron.hosts

Definitions of hosts of nodes to collect data from. Needs at least one hosts for cron to succeed. See http://munin-monitoring.org/wiki/munin.conf

Type: "unspecified"

Example:

''
[''${config.networking.hostName}]
address localhost
''

Declared by:

<nixpkgs/nixos/modules/services/monitoring/munin.nix>
services.munin-node.enable

Enable Munin Node agent. Munin node listens on 0.0.0.0 and by default accepts connections only from 127.0.0.1 for security reasons. See http://munin-monitoring.org/wiki/munin-node.conf.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/munin.nix>
services.munin-node.extraConfig

munin-node.conf extra configuration. See http://munin-monitoring.org/wiki/munin-node.conf

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/monitoring/munin.nix>
services.murmur.allowHtml

Allow HTML in client messages, comments, and channel descriptions.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/murmur.nix>
services.murmur.autobanAttempts

Number of attempts a client is allowed to make in autobanTimeframe seconds, before being banned for autobanTime.

Type: "integer"

Default: 10

Declared by:

<nixpkgs/nixos/modules/services/networking/murmur.nix>
services.murmur.autobanTime

The amount of time an IP ban lasts (in seconds).

Type: "integer"

Default: 300

Declared by:

<nixpkgs/nixos/modules/services/networking/murmur.nix>
services.murmur.autobanTimeframe

Timeframe in which a client can connect without being banned for repeated attempts (in seconds).

Type: "integer"

Default: 120

Declared by:

<nixpkgs/nixos/modules/services/networking/murmur.nix>
services.murmur.bandwidth

Maximum bandwidth (in bits per second) that clients may send speech at.

Type: "integer"

Default: 72000

Declared by:

<nixpkgs/nixos/modules/services/networking/murmur.nix>
services.murmur.bonjour

Enable Bonjour auto-discovery, which allows clients over your LAN to automatically discover Murmur servers.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/murmur.nix>
services.murmur.clientCertRequired

Require clients to authenticate via certificates.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/murmur.nix>
services.murmur.enable

If enabled, start the Murmur Service.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/murmur.nix>
services.murmur.hostName

Host to bind to. Defaults binding on all addresses.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/murmur.nix>
services.murmur.imgMsgLength

Max length of image messages. Set 0 for no limit.

Type: "integer"

Default: 131072

Declared by:

<nixpkgs/nixos/modules/services/networking/murmur.nix>
services.murmur.logDays

How long to store RPC logs for in the database. Set 0 to keep logs forever, or -1 to disable DB logging.

Type: "integer"

Default: 31

Declared by:

<nixpkgs/nixos/modules/services/networking/murmur.nix>
services.murmur.password

Required password to join server, if specified.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/murmur.nix>
services.murmur.pidfile

Path to PID file for Murmur daemon.

Type: "path"

Default: "/tmp/murmurd.pid"

Declared by:

<nixpkgs/nixos/modules/services/networking/murmur.nix>
services.murmur.port

Ports to bind to (UDP and TCP).

Type: "integer"

Default: 64738

Declared by:

<nixpkgs/nixos/modules/services/networking/murmur.nix>
services.murmur.registerHostname

DNS hostname where your server can be reached. This is only needed if you want your server to be accessed by its hostname and not IP - but the name *must* resolve on the internet properly.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/murmur.nix>
services.murmur.registerName

Public server registration name, and also the name of the Root channel. Even if you don't publicly register your server, you probably still want to set this.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/murmur.nix>
services.murmur.registerPassword

Public server registry password, used authenticate your server to the registry to prevent impersonation; required for subsequent registry updates.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/murmur.nix>
services.murmur.registerUrl

URL website for your server.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/murmur.nix>
services.murmur.sendVersion

Send Murmur version in UDP response.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/murmur.nix>
services.murmur.sslCert

Path to your SSL certificate.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/murmur.nix>
services.murmur.sslKey

Path to your SSL key.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/murmur.nix>
services.murmur.textMsgLength

Max length of text messages. Set 0 for no limit.

Type: "integer"

Default: 5000

Declared by:

<nixpkgs/nixos/modules/services/networking/murmur.nix>
services.murmur.users

Maximum number of concurrent clients allowed.

Type: "integer"

Default: 100

Declared by:

<nixpkgs/nixos/modules/services/networking/murmur.nix>
services.murmur.welcome

Welcome message for connected clients.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/murmur.nix>
services.mysql.dataDir

Location where MySQL stores its table files

Type: "unspecified"

Default: "/var/mysql"

Declared by:

<nixpkgs/nixos/modules/services/databases/mysql.nix>
services.mysql.enable

Whether to enable the MySQL server.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/databases/mysql.nix>
services.mysql.extraOptions

Provide extra options to the MySQL configuration file. Please note, that these options are added to the [mysqld] section so you don't need to explicitly state it again.

Type: "unspecified"

Default: ""

Example:

''
key_buffer_size = 6G
table_cache = 1600
log-error = /var/log/mysql_err.log
''

Declared by:

<nixpkgs/nixos/modules/services/databases/mysql.nix>
services.mysql.initialDatabases

List of database names and their initial schemas that should be used to create databases on the first startup of MySQL

Type: "unspecified"

Default: [ ]

Example: [ { name = "foodatabase"; schema = ./foodatabase.sql; } { name = "bardatabase"; schema = ./bardatabase.sql; } ]

Declared by:

<nixpkgs/nixos/modules/services/databases/mysql.nix>
services.mysql.initialScript

A file containing SQL statements to be executed on the first startup. Can be used for granting certain permissions on the database

Type: "unspecified"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/databases/mysql.nix>
services.mysql.pidDir

Location of the file which stores the PID of the MySQL server

Type: "unspecified"

Default: "/run/mysqld"

Declared by:

<nixpkgs/nixos/modules/services/databases/mysql.nix>
services.mysql.port

Port of MySQL

Type: "unspecified"

Default: "3306"

Declared by:

<nixpkgs/nixos/modules/services/databases/mysql.nix>
services.mysql.replication.masterHost

Hostname of the MySQL master server

Type: "unspecified"

Declared by:

<nixpkgs/nixos/modules/services/databases/mysql.nix>
services.mysql.replication.masterPassword

Password of the MySQL replication user

Type: "unspecified"

Declared by:

<nixpkgs/nixos/modules/services/databases/mysql.nix>
services.mysql.replication.masterPort

Port number on which the MySQL master server runs

Type: "unspecified"

Default: 3306

Declared by:

<nixpkgs/nixos/modules/services/databases/mysql.nix>
services.mysql.replication.masterUser

Username of the MySQL replication user

Type: "unspecified"

Declared by:

<nixpkgs/nixos/modules/services/databases/mysql.nix>
services.mysql.replication.role

Role of the MySQL server instance. Can be either: master, slave or none

Type: "unspecified"

Default: "none"

Declared by:

<nixpkgs/nixos/modules/services/databases/mysql.nix>
services.mysql.replication.serverId

Id of the MySQL server instance. This number must be unique for each instance

Type: "unspecified"

Default: 1

Declared by:

<nixpkgs/nixos/modules/services/databases/mysql.nix>
services.mysql.rootPassword

Path to a file containing the root password, modified on the first startup. Not specifying a root password will leave the root password empty.

Type: "unspecified"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/databases/mysql.nix>
services.mysql.user

User account under which MySQL runs

Type: "unspecified"

Default: "mysql"

Declared by:

<nixpkgs/nixos/modules/services/databases/mysql.nix>
services.mysqlBackup.databases

List of database names to dump.

Type: "unspecified"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
services.mysqlBackup.enable

Whether to enable MySQL backups.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
services.mysqlBackup.location

Location to put the gzipped MySQL database dumps.

Type: "unspecified"

Default: "/var/backup/mysql"

Declared by:

<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
services.mysqlBackup.period

This option defines (in the format used by cron) when the databases should be dumped. The default is to update at 01:15 (at night) every day.

Type: "unspecified"

Default: "15 01 * * *"

Declared by:

<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
services.mysqlBackup.singleTransaction

Whether to create database dump in a single transaction

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
services.mysqlBackup.user

User to be used to perform backup.

Type: "unspecified"

Default: "mysql"

Declared by:

<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
services.nagios.cgiConfigFile

Derivation for the configuration file of Nagios CGI scripts that can be used in web servers for running the Nagios web interface.

Type: "unspecified"

Default: (build of nagios.cgi.conf)

Declared by:

<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
services.nagios.enable

Whether to use Nagios to monitor your system or network.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
services.nagios.enableWebInterface

Whether to enable the Nagios web interface. You should also enable Apache (services.httpd.enable).

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
services.nagios.mainConfigFile

Derivation for the main configuration file of Nagios.

Type: "unspecified"

Default: (build of nagios.cfg)

Declared by:

<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
services.nagios.objectDefs

A list of Nagios object configuration files that must define the hosts, host groups, services and contacts for the network that you want Nagios to monitor.

Type: "unspecified"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
services.nagios.plugins

Packages to be added to the Nagios PATH. Typically used to add plugins, but can be anything.

Type: "unspecified"

Default: [ (build of nagios-plugins-2.0.3) (build of ssmtp-2.64) ]

Declared by:

<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
services.nagios.urlPath

The URL path under which the Nagios web interface appears. That is, you can access the Nagios web interface through http://server/urlPath.

Type: "unspecified"

Default: "/nagios"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
services.neo4j.cert

Neo4j https certificate.

Type: "path"

Default: "/var/lib/neo4j/conf/ssl/neo4j.cert"

Declared by:

<nixpkgs/nixos/modules/services/databases/neo4j.nix>
services.neo4j.dataDir

Neo4j data directory.

Type: "path"

Default: "/var/lib/neo4j"

Declared by:

<nixpkgs/nixos/modules/services/databases/neo4j.nix>
services.neo4j.enable

Whether to enable neo4j.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/databases/neo4j.nix>
services.neo4j.enableHttps

Enable https for Neo4j.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/databases/neo4j.nix>
services.neo4j.extraServerConfig

Extra configuration for neo4j server.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/databases/neo4j.nix>
services.neo4j.host

Neo4j listen address.

Type: "string"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/databases/neo4j.nix>
services.neo4j.httpsPort

Neo4j port to listen for HTTPS traffic.

Type: "integer"

Default: 7473

Declared by:

<nixpkgs/nixos/modules/services/databases/neo4j.nix>
services.neo4j.key

Neo4j https certificate key.

Type: "path"

Default: "/var/lib/neo4j/conf/ssl/neo4j.key"

Declared by:

<nixpkgs/nixos/modules/services/databases/neo4j.nix>
services.neo4j.loggingConfig

Neo4j logging configuration.

Type: "string"

Default:

''
handlers=java.util.logging.ConsoleHandler
.level=INFO
org.neo4j.server.level=INFO

java.util.logging.ConsoleHandler.level=INFO
java.util.logging.ConsoleHandler.formatter=org.neo4j.server.logging.SimpleConsoleFormatter
java.util.logging.ConsoleHandler.filter=org.neo4j.server.logging.NeoLogFilter
''

Declared by:

<nixpkgs/nixos/modules/services/databases/neo4j.nix>
services.neo4j.port

Neo4j port to listen for HTTP traffic.

Type: "integer"

Default: 7474

Declared by:

<nixpkgs/nixos/modules/services/databases/neo4j.nix>
services.networking.websockify.enable

Whether to enable websockify to forward websocket connections to TCP connections.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/websockify.nix>
services.networking.websockify.portMap

Ports to map by default.

Type: "attribute set of integers"

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/networking/websockify.nix>
services.networking.websockify.sslCert

Path to the SSL certificate.

Type: "path"

Declared by:

<nixpkgs/nixos/modules/services/networking/websockify.nix>
services.networking.websockify.sslKey

Path to the SSL key.

Type: "path"

Default: "config.services.networking.websockify.sslCert"

Declared by:

<nixpkgs/nixos/modules/services/networking/websockify.nix>
services.nfs.lockdPort

Use fixed port for NFS lock manager kernel module (lockd/nlockmgr), useful if NFS server is behind firewall.

Type: "unspecified"

Default: null

Example: 4001

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/nfs.nix>
services.nfs.server.createMountPoints

Whether to create the mount points in the exports file at startup time.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
services.nfs.server.enable

Whether to enable the kernel's NFS server.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
services.nfs.server.exports

Contents of the /etc/exports file. See exports(5) for the format.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
services.nfs.server.hostName

Hostname or address on which NFS requests will be accepted. Default is all. See the -H option in nfsd(8).

Type: "unspecified"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
services.nfs.server.lockdPort

Fix the lockd port number. This can help setting firewall rules for NFS.

Type: "unspecified"

Default: 0

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
services.nfs.server.mountdPort

Use fixed port for rpc.mountd, useful if server is behind firewall.

Type: "unspecified"

Default: null

Example: 4002

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
services.nfs.server.nproc

Number of NFS server threads. Defaults to the recommended value of 8.

Type: "unspecified"

Default: 8

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
services.nfs.statdPort

Use fixed port for rpc.statd, useful if NFS server is behind firewall.

Type: "unspecified"

Default: null

Example: 4000

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/nfs.nix>
services.nginx.appendConfig

Configuration lines appended to the generated Nginx configuration file. Commonly used by different modules providing http snippets. appendConfig can be specified more than once and it's value will be concatenated (contrary to config which can be set only once).

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
services.nginx.config

Verbatim nginx.conf configuration.

Type: "unspecified"

Default: "events {}"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
services.nginx.enable

Enable the nginx Web Server.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
services.nginx.group

Group account under which nginx runs.

Type: "string"

Default: "nginx"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
services.nginx.httpConfig

Configuration lines to be appended inside of the http {} block.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
services.nginx.stateDir

Directory holding all state for nginx to run.

Type: "unspecified"

Default: "/var/spool/nginx"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
services.nginx.user

User account under which nginx runs.

Type: "string"

Default: "nginx"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
services.ngircd.config

The ngircd configuration (see ngircd.conf(5)).

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/networking/ngircd.nix>
services.ngircd.enable

Whether to enable the ngircd IRC server.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/ngircd.nix>
services.nixosManual.browser

Browser used to show the manual.

Type: "path"

Default: "/nix/store/h8pfaq57zpfl3k4k2y4p8a3n1356rif7-w3m-0.5.3/bin/w3m"

Declared by:

<nixpkgs/nixos/modules/services/misc/nixos-manual.nix>
services.nixosManual.enable

Whether to build the NixOS manual pages.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/misc/nixos-manual.nix>
services.nixosManual.showManual

Whether to show the NixOS manual on one of the virtual consoles.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/nixos-manual.nix>
services.nixosManual.ttyNumber

Virtual console on which to show the manual.

Type: "unspecified"

Default: "8"

Declared by:

<nixpkgs/nixos/modules/services/misc/nixos-manual.nix>
services.notbit.allowPrivateAddresses

If true, notbit will allow connections to to RFC 1918 addresses.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/notbit.nix>
services.notbit.enable

Enables the notbit daemon and provides a sendmail binary named `notbit-system-sendmail` for sending mail over the system instance of notbit. Users must be in the notbit group in order to send mail over the system notbit instance. Currently mail recipt is not supported.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/notbit.nix>
services.notbit.listenAddress

The addresses which notbit will use to listen for incoming connections. These addresses are advertised to connecting clients.

Type: "list of strings"

Default: [ ]

Example: [ "localhost" "myhostname" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/notbit.nix>
services.notbit.nice

Set the nice level for the notbit daemon

Type: "integer"

Default: 10

Declared by:

<nixpkgs/nixos/modules/services/networking/notbit.nix>
services.notbit.noBootstrap

If true, notbit will not bootstrap an initial peerlist from bitmessage.org servers

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/notbit.nix>
services.notbit.peers

The initial set of peers notbit will connect to.

Type: "list of strings"

Default: [ ]

Example: [ "bitmessage.org:8877" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/notbit.nix>
services.notbit.port

The port which the daemon listens for other bitmessage clients

Type: "integer"

Default: 8444

Declared by:

<nixpkgs/nixos/modules/services/networking/notbit.nix>
services.notbit.specifiedPeersOnly

If true, notbit will only connect to peers specified by the peers option.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/notbit.nix>
services.nscd.config

Configuration to use for Name Service Cache Daemon.

Type: "string"

Default:

''
server-user             nscd
threads                 1
paranoia                no
debug-level             0

enable-cache            passwd          yes
positive-time-to-live   passwd          600
negative-time-to-live   passwd          20
suggested-size          passwd          211
check-files             passwd          yes
persistent              passwd          no
shared                  passwd          yes

enable-cache            group           yes
positive-time-to-live   group           3600
negative-time-to-live   group           60
suggested-size          group           211
check-files             group           yes
persistent              group           no
shared                  group           yes

enable-cache            hosts           yes
positive-time-to-live   hosts           600
negative-time-to-live   hosts           5
suggested-size          hosts           211
check-files             hosts           yes
persistent              hosts           no
shared                  hosts           yes
''

Declared by:

<nixpkgs/nixos/modules/services/system/nscd.nix>
services.nscd.enable

Whether to enable the Name Service Cache Daemon.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/system/nscd.nix>
services.nsd.bind8Stats

Wheter to enable BIND8 like statisics.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.enable

Whether to enable the NSD authoritative domain name server.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.extraConfig

Extra nsd config.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.hideVersion

Wheter NSD should answer VERSION.BIND and VERSION.SERVER CHAOS class queries.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.identity

Identify the server (CH TXT ID.SERVER entry).

Type: "string"

Default: "unidentified server"

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.interfaces

What addresses the server should listen to.

Type: "list of strings"

Default: [ "127.0.0.0" "::1" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.ipTransparent

Allow binding to non local addresses.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.ipv4

Wheter to listen on IPv4 connections.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.ipv4EDNSSize

Preferred EDNS buffer size for IPv4.

Type: "integer"

Default: 4096

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.ipv6

Wheter to listen on IPv6 connections.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.ipv6EDNSSize

Preferred EDNS buffer size for IPv6.

Type: "integer"

Default: 4096

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.keys

Define your TSIG keys here.

Type: "attribute set of submodules"

Default: { }

Example: { tsig.example.org = { algorithm = "hmac-md5"; secret = "aaaaaabbbbbbccccccdddddd"; } ; }

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.keys.<name>.algorithm

Authentication algorithm for this key.

Type: "string"

Default: "hmac-sha256"

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.keys.<name>.keyFile

Path to the file which contains the actual base64 encoded key. The key will be copied into "/var/lib/nsd/private" before NSD starts. The copied file is only accessibly by the NSD user.

Type: "path"

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.nsid

NSID identity (hex string, or "ascii_somestring").

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.port

Port the service should bind do.

Type: "integer"

Default: 53

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.ratelimit.enable

Enable ratelimit capabilities.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.ratelimit.ipv4PrefixLength

IPv4 prefix length. Addresses are grouped by netblock.

Type: "null or integer"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.ratelimit.ipv6PrefixLength

IPv6 prefix length. Addresses are grouped by netblock.

Type: "null or integer"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.ratelimit.ratelimit

Max qps allowed from any query source. 0 means unlimited. With an verbosity of 2 blocked and unblocked subnets will be logged.

Type: "integer"

Default: 200

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.ratelimit.size

Size of the hashtable. More buckets use more memory but lower the chance of hash hash collisions.

Type: "integer"

Default: 1000000

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.ratelimit.slip

Number of packets that get discarded before replying a SLIP response. 0 disables SLIP responses. 1 will make every response a SLIP response.

Type: "null or integer"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.ratelimit.whitelistRatelimit

Max qps allowed from whitelisted sources. 0 means unlimited. Set the rrl-whitelist option for specific queries to apply this limit instead of the default to them.

Type: "integer"

Default: 2000

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.remoteControl.controlCertFile

Path to the client certificate signed with the server certificate. This file is used by nsd-control and generated by nsd-control-setup.

Type: "path"

Default: "/etc/nsd/nsd_control.pem"

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.remoteControl.controlKeyFile

Path to the client private key, which is used by nsd-control but not by the server. This file is generated by nsd-control-setup.

Type: "path"

Default: "/etc/nsd/nsd_control.key"

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.remoteControl.enable

Wheter to enable remote control via nsd-control(8).

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.remoteControl.interfaces

Which interfaces NSD should bind to for remote control.

Type: "list of strings"

Default: [ "127.0.0.1" "::1" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.remoteControl.port

Port number for remote control operations (uses TLS over TCP).

Type: "integer"

Default: 8952

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.remoteControl.serverCertFile

Path to the server self signed certificate, which is used by the server but and by nsd-control. This file is generated by nsd-control-setup.

Type: "path"

Default: "/etc/nsd/nsd_server.pem"

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.remoteControl.serverKeyFile

Path to the server private key, which is used by the server but not by nsd-control. This file is generated by nsd-control-setup.

Type: "path"

Default: "/etc/nsd/nsd_server.key"

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.rootServer

Wheter if this server will be a root server (a DNS root server, you usually don't want that).

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.serverCount

Number of NSD servers to fork. Put the number of CPUs to use here.

Type: "integer"

Default: 1

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.statistics

Statistics are produced every number of seconds. Prints to log. If null no statistics are logged.

Type: "null or integer"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.tcpCount

Maximum number of concurrent TCP connections per server.

Type: "integer"

Default: 100

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.tcpQueryCount

Maximum number of queries served on a single TCP connection. 0 means no maximum.

Type: "integer"

Default: 0

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.tcpTimeout

TCP timeout in seconds.

Type: "integer"

Default: 120

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.verbosity

Verbosity level.

Type: "integer"

Default: 0

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.xfrdReloadTimeout

Number of seconds between reloads triggered by xfrd.

Type: "integer"

Default: 1

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.zonefilesCheck

Wheter to check mtime of all zone files on start and sighup.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.zones

Define your zones here. Zones can cascade other zones and therefore inherit settings from parent zones. Look at the definition of children to learn about inheritance and child zones. The given example will define 3 zones (example.(com|org|net).). Both example.com. and example.org. inherit their configuration from serverGroup1.

Type: "attribute set of submodules"

Default: { }

Example: { example.net. = { data = "..."; provideXFR = [ "10.3.2.1 NOKEY" ] ; } ; serverGroup1 = { children = { example.com. = { data = "\$ORIGIN example.com.\n\$TTL 86400\n@ IN SOA a.ns.example.com. admin.example.com. (\n...\n"; } ; example.org. = { data = "\$ORIGIN example.org.\n\$TTL 86400\n@ IN SOA a.ns.example.com. admin.example.com. (\n...\n"; } ; } ; provideXFR = [ "10.1.2.3 NOKEY" ] ; } ; }

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.zones.<name>.allowAXFRFallback

If NSD as secondary server should be allowed to AXFR if the primary server does not allow IXFR.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.zones.<name>.allowNotify

Listed primary servers are allowed to notify this secondary server.

Format: <ip> <key-name | NOKEY | BLOCKED>

<ip> either a plain IPv4/IPv6 address or range. Valid patters for ranges:
* 10.0.0.0/24            # via subnet size
* 10.0.0.0&255.255.255.0 # via subnet mask
* 10.0.0.1-10.0.0.254    # via range

A optional port number could be added with a '@':
* 2001:1234::1@1234

<key-name | NOKEY | BLOCKED>
* <key-name> will use the specified TSIG key
* NOKEY      no TSIG signature is required
* BLOCKED    notifies from non-listed or blocked IPs will be ignored
* 

Type: "list of strings"

Default: [ ]

Example: [ "192.0.2.0/24 NOKEY" "10.0.0.1-10.0.0.5 my_tsig_key_name" "10.0.3.4&255.255.0.0 BLOCKED" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.zones.<name>.children

Children zones inherit all options of their parents. Attributes defined in a child will overwrite the ones of its parent. Only leaf zones will be actually served. This way it's possible to define maybe zones which share most attributes without duplicating everything. This mechanism replaces nsd's patterns in a save and functional way.

Type: "unspecified"

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.zones.<name>.data

The actual zone data. This is the content of your zone file. Use imports or pkgs.lib.readFile if you don't want this data in your config file.

Type: "string"

Default: ""

Example: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.zones.<name>.notify

This primary server will notify all given secondary servers about zone changes.

Format: <ip> <key-name | NOKEY>

<ip> a plain IPv4/IPv6 address with on optional port number (ip@port)

<key-name | NOKEY>
* <key-name> sign notifies with the specified key
* NOKEY      don't sign notifies

Type: "list of strings"

Default: [ ]

Example: [ "10.0.0.1@3721 my_key" "::5 NOKEY" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.zones.<name>.notifyRetry

Specifies the number of retries for failed notifies. Set this along with notify.

Type: "integer"

Default: 5

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.zones.<name>.outgoingInterface

This address will be used for zone-transfere requests if configured as a secondary server or notifications in case of a primary server. Supply either a plain IPv4 or IPv6 address with an optional port number (ip@port).

Type: "null or string"

Default: null

Example: "2000::1@1234"

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.zones.<name>.provideXFR

Allow these IPs and TSIG to transfer zones, addr TSIG|NOKEY|BLOCKED address range 192.0.2.0/24, 1.2.3.4&255.255.0.0, 3.0.2.20-3.0.2.40

Type: "list of strings"

Default: [ ]

Example: [ "192.0.2.0/24 NOKEY" "192.0.2.0/24 my_tsig_key_name" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.zones.<name>.requestXFR

Format: [AXFR|UDP] <ip-address> <key-name | NOKEY>

Type: "list of strings"

Default: [ ]

Example: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.zones.<name>.rrlWhitelist

Whitelists the given rrl-types. The RRL classification types are: nxdomain, error, referral, any, rrsig, wildcard, nodata, dnskey, positive, all

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.nsd.zones.<name>.zoneStats

When set to something distinct to null NSD is able to collect statistics per zone. All statistics of this zone(s) will be added to the group specified by this given name. Use "%s" to use the zones name as the group. The groups are output from nsd-control stats and stats_noreset.

Type: "null or string"

Default: null

Example: "%s"

Declared by:

<nixpkgs/nixos/modules/services/networking/nsd.nix>
services.ntopng.configText

Overridable configuration file contents to use for ntopng. By default, use the contents automatically generated by NixOS.

Type: "string"

Default: ""

Example:

''
--interface=any
--http-port=3000
--disable-login
''

Declared by:

<nixpkgs/nixos/modules/services/networking/ntopng.nix>
services.ntopng.enable

Enable ntopng, a high-speed web-based traffic analysis and flow collection tool. With the default configuration, ntopng monitors all network interfaces and displays its findings at http://localhost:3000. Default username and password is admin/admin. See the ntopng(8) manual page and http://www.ntop.org/products/ntop/ for more info. Note that enabling ntopng will also enable redis (key-value database server) for persistent data storage.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/ntopng.nix>
services.ntopng.extraConfig

Configuration lines that will be appended to the generated ntopng configuration file. Note that this mechanism does not work when the manual configText option is used.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/ntopng.nix>
services.ntopng.http-port

Sets the HTTP port of the embedded web server.

Type: "integer"

Default: 3000

Declared by:

<nixpkgs/nixos/modules/services/networking/ntopng.nix>
services.ntopng.interfaces

List of interfaces to monitor. Use "any" to monitor all interfaces.

Type: "list of strings"

Default: [ "any" ]

Example: [ "eth0" "wlan0" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ntopng.nix>
services.ntp.enable

Whether to synchronise your machine's time using the NTP protocol.

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/ntpd.nix>
services.ntp.servers

The set of NTP servers from which to synchronise.

Type: "unspecified"

Default: [ "0.nixos.pool.ntp.org" "1.nixos.pool.ntp.org" "2.nixos.pool.ntp.org" "3.nixos.pool.ntp.org" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ntpd.nix>
services.nylon.acceptInterface

Tell nylon which interface to listen for client requests on, default is "lo".

Type: "string"

Default: "lo"

Declared by:

<nixpkgs/nixos/modules/services/networking/nylon.nix>
services.nylon.allowedIPRanges

Allowed client IP ranges are evaluated first, defaults to ARIN IPv4 private ranges: [ "192.168.0.0/16" "127.0.0.0/8" "172.16.0.0/12" "10.0.0.0/8" ]

Type: "list of strings"

Default: [ "192.168.0.0/16" "127.0.0.1/8" "172.16.0.1/12" "10.0.0.0/8" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/nylon.nix>
services.nylon.bindInterface

Tell nylon which interface to use as an uplink, default is "enp3s0f0".

Type: "string"

Default: "enp3s0f0"

Declared by:

<nixpkgs/nixos/modules/services/networking/nylon.nix>
services.nylon.deniedIPRanges

Denied client IP ranges, these gets evaluated after the allowed IP ranges, defaults to all IPv4 addresses: [ "0.0.0.0/0" ] To block all other access than the allowed.

Type: "list of strings"

Default: [ "0.0.0.0/0" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/nylon.nix>
services.nylon.enable

Enables nylon as a running service upon activation.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/nylon.nix>
services.nylon.logging

Enable logging, default is no logging.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/nylon.nix>
services.nylon.nrConnections

The number of allowed simultaneous connections to the daemon, default 10.

Type: "integer"

Default: 10

Declared by:

<nixpkgs/nixos/modules/services/networking/nylon.nix>
services.nylon.port

What port to listen for client requests, default is 1080.

Type: "integer"

Default: 1080

Declared by:

<nixpkgs/nixos/modules/services/networking/nylon.nix>
services.nylon.verbosity

Enable verbose output, default is to not be verbose.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/nylon.nix>
services.oidentd.enable

Whether to enable ‘oidentd’, an implementation of the Ident protocol (RFC 1413). It allows remote systems to identify the name of the user associated with a TCP connection.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/oidentd.nix>
services.openafsClient.cacheDirectory

Cache directory.

Type: "unspecified"

Default: "/var/cache/openafs"

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/openafs-client/default.nix>
services.openafsClient.cacheSize

Cache size.

Type: "unspecified"

Default: "100000"

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/openafs-client/default.nix>
services.openafsClient.cellName

Cell name.

Type: "unspecified"

Default: "grand.central.org"

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/openafs-client/default.nix>
services.openafsClient.crypt

Whether to enable (weak) protocol encryption.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/openafs-client/default.nix>
services.openafsClient.enable

Whether to enable the OpenAFS client.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/openafs-client/default.nix>
services.openafsClient.sparse

Minimal cell list in /afs.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/openafs-client/default.nix>
services.openfire.enable

Whether to enable OpenFire XMPP server.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/openfire.nix>
services.openfire.usePostgreSQL

Whether you use PostgreSQL service for your storage back-end.

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/openfire.nix>
services.openldap.dataDir

The database directory.

Type: "string"

Default: "/var/db/openldap"

Declared by:

<nixpkgs/nixos/modules/services/databases/openldap.nix>
services.openldap.enable

Whether to enable the ldap server.

Type: "boolean"

Default: false

Example:

openldap.enable = true;
openldap.extraConfig = ''
  include ${pkgs.openldap}/etc/openldap/schema/core.schema
  include ${pkgs.openldap}/etc/openldap/schema/cosine.schema
  include ${pkgs.openldap}/etc/openldap/schema/inetorgperson.schema
  include ${pkgs.openldap}/etc/openldap/schema/nis.schema

  database bdb 
  suffix dc=example,dc=org 
  rootdn cn=admin,dc=example,dc=org 
  # NOTE: change after first start
  rootpw secret
  directory /var/db/openldap
'';

Declared by:

<nixpkgs/nixos/modules/services/databases/openldap.nix>
services.openldap.extraConfig

sldapd.conf configuration

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/databases/openldap.nix>
services.openldap.group

Group account under which slapd runs.

Type: "string"

Default: "openldap"

Declared by:

<nixpkgs/nixos/modules/services/databases/openldap.nix>
services.openldap.user

User account under which slapd runs.

Type: "string"

Default: "openldap"

Declared by:

<nixpkgs/nixos/modules/services/databases/openldap.nix>
services.openntpd.enable

Whether to enable OpenNTP time synchronization server.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/openntpd.nix>
services.openntpd.extraConfig

Additional text appended to openntpd.conf.

Type: "string"

Default: ""

Example:

''
listen on 127.0.0.1 
listen on ::1 
''

Declared by:

<nixpkgs/nixos/modules/services/networking/openntpd.nix>
services.openntpd.extraOptions

Extra options used when launching openntpd.

Type: "string"

Default: ""

Example: "-s"

Declared by:

<nixpkgs/nixos/modules/services/networking/openntpd.nix>
services.openntpd.servers

The set of NTP servers from which to synchronise.

Type: "list of strings"

Default: [ "0.nixos.pool.ntp.org" "1.nixos.pool.ntp.org" "2.nixos.pool.ntp.org" "3.nixos.pool.ntp.org" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/openntpd.nix>
services.opensmtpd.enable

Whether to enable the OpenSMTPD server.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/mail/opensmtpd.nix>
services.opensmtpd.extraServerArgs

Extra command line arguments provided when the smtpd process is started.

Type: "list of strings"

Default: [ ]

Example: [ "-v" "-P mta" ]

Declared by:

<nixpkgs/nixos/modules/services/mail/opensmtpd.nix>
services.opensmtpd.serverConfiguration

The contents of the smtpd.conf configuration file. See the OpenSMTPD documentation for syntax information. If this option is left empty, the OpenSMTPD server will not start.

Type: "string"

Default: ""

Example:

''
listen on lo
accept for any deliver to lmtp localhost:24
''

Declared by:

<nixpkgs/nixos/modules/services/mail/opensmtpd.nix>
services.openssh.allowSFTP

Whether to enable the SFTP subsystem in the SSH daemon. This enables the use of commands such as sftp and sshfs.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.authorizedKeysFiles

Files from with authorized keys are read.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.challengeResponseAuthentication

Specifies whether challenge/response authentication is allowed.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.enable

Whether to enable the OpenSSH secure shell daemon, which allows secure remote logins.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.extraConfig

Verbatim contents of sshd_config.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.forwardX11

Whether to allow X11 connections to be forwarded.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.gatewayPorts

Specifies whether remote hosts are allowed to connect to ports forwarded for the client. See sshd_config(5).

Type: "string"

Default: "no"

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.hostKeys

NixOS can automatically generate SSH host keys. This option specifies the path, type and size of each key. See ssh-keygen(1) for supported types and sizes.

Type: "list of attribute sets"

Default: [ { path = "/etc/ssh/ssh_host_dsa_key"; type = "dsa"; } { bits = 521; path = "/etc/ssh/ssh_host_ecdsa_key"; type = "ecdsa"; } { path = "/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.knownHosts

The set of system-wide known SSH hosts.

Type: "list or attribute set of submodules"

Default: { }

Example: [ { hostNames = [ "myhost" "myhost.mydomain.com" "10.10.1.4" ] ; publicKeyFile = ./pubkeys/myhost_ssh_host_dsa_key.pub; } { hostNames = [ "myhost2" ] ; publicKeyFile = ./pubkeys/myhost2_ssh_host_dsa_key.pub; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.knownHosts.<name?>.hostNames

A list of host names and/or IP numbers used for accessing the host's ssh service.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.knownHosts.<name?>.publicKey

The public key data for the host. You can fetch a public key from a running SSH server with the ssh-keyscan command. The public key should not include any host names, only the key type and the key itself. It is allowed to add several lines here, each line will be treated as type/key pair and the host names will be prepended to each line.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.knownHosts.<name?>.publicKeyFile

The path to the public key file for the host. The public key file is read at build time and saved in the Nix store. You can fetch a public key file from a running SSH server with the ssh-keyscan command. The content of the file should follow the same format as described for the publicKey option.

Type: "null or path"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.listenAddresses

List of addresses and ports to listen on (ListenAddress directive in config). If port is not specified for address sshd will listen on all ports specified by ports option. NOTE: this will override default listening on all local addresses and port 22. NOTE: setting this option won't automatically enable given ports in firewall configuration.

Type: "list of submodules"

Default: [ ]

Example: [ { addr = "192.168.3.1"; port = 22; } { addr = "0.0.0.0"; port = 64022; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.listenAddresses.*.addr

Host, IPv4 or IPv6 address to listen to.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.listenAddresses.*.port

Port to listen to.

Type: "null or integer"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.passwordAuthentication

Specifies whether password authentication is allowed.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.permitRootLogin

Whether the root user can login using ssh.

Type: "one of yes, without-password, forced-commands-only, no"

Default: "without-password"

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.ports

Specifies on which ports the SSH daemon listens.

Type: "list of integers"

Default: [ 22 ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.startWhenNeeded

If set, sshd is socket-activated; that is, instead of having it permanently running as a daemon, systemd will start an instance for each incoming connection.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.opentsdb.enable

Whether to run OpenTSDB.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/databases/opentsdb.nix>
services.opentsdb.group

Group account under which OpenTSDB runs.

Type: "string"

Default: "opentsdb"

Declared by:

<nixpkgs/nixos/modules/services/databases/opentsdb.nix>
services.opentsdb.port

Which port OpenTSDB listens on.

Type: "integer"

Default: 4242

Declared by:

<nixpkgs/nixos/modules/services/databases/opentsdb.nix>
services.opentsdb.user

User account under which OpenTSDB runs.

Type: "string"

Default: "opentsdb"

Declared by:

<nixpkgs/nixos/modules/services/databases/opentsdb.nix>
services.openvpn.enable

Whether to enable OpenVPN.

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/openvpn.nix>
services.openvpn.servers

Each attribute of this option defines a systemd service that runs an OpenVPN instance. These can be OpenVPN servers or clients. The name of each systemd service is openvpn-name.service, where name is the corresponding attribute name.

Type: "attribute set of submodules"

Default: { }

Example:

{
  server = {
    config = ''
      # Simplest server configuration: http://openvpn.net/index.php/documentation/miscellaneous/static-key-mini-howto.html.
      # server :
      dev tun
      ifconfig 10.8.0.1 10.8.0.2
      secret /root/static.key
    '';
    up = "ip route add ...";
    down = "ip route del ...";
  };

  client = {
    config = ''
      client
      remote vpn.example.org
      dev tun
      proto tcp-client
      port 8080
      ca /root/.vpn/ca.crt
      cert /root/.vpn/alice.crt
      key /root/.vpn/alice.key
    '';
    up = "echo nameserver $nameserver | ${pkgs.openresolv}/sbin/resolvconf -m 0 -a $dev";
    down = "${pkgs.openresolv}/sbin/resolvconf -d $dev";
  };
}

Declared by:

<nixpkgs/nixos/modules/services/networking/openvpn.nix>
services.openvpn.servers.<name>.autoStart

Whether this OpenVPN instance should be started automatically.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/openvpn.nix>
services.openvpn.servers.<name>.config

Configuration of this OpenVPN instance. See openvpn(8) for details.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/networking/openvpn.nix>
services.openvpn.servers.<name>.down

Shell commands executed when the instance is shutting down.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/openvpn.nix>
services.openvpn.servers.<name>.up

Shell commands executed when the instance is starting.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/openvpn.nix>
services.panamax.APIPort

Panamax UI listening port.

Type: "integer"

Default: 3000

Declared by:

<nixpkgs/nixos/modules/services/cluster/panamax.nix>
services.panamax.UIPort

Panamax UI listening port.

Type: "integer"

Default: 8888

Declared by:

<nixpkgs/nixos/modules/services/cluster/panamax.nix>
services.panamax.dataDir

Data dir for Panamax.

Type: "string"

Default: "/var/lib/panamax"

Declared by:

<nixpkgs/nixos/modules/services/cluster/panamax.nix>
services.panamax.enable

Whether to enable Panamax service.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/cluster/panamax.nix>
services.panamax.fleetctlEndpoint

Panamax fleetctl endpoint.

Type: "string"

Default: "http://127.0.0.1:4001"

Declared by:

<nixpkgs/nixos/modules/services/cluster/panamax.nix>
services.panamax.journalEndpoint

Panamax journal endpoint.

Type: "string"

Default: "http://127.0.0.1:19531"

Declared by:

<nixpkgs/nixos/modules/services/cluster/panamax.nix>
services.panamax.secretKey

Panamax secret key (do change this).

Type: "string"

Default: "SomethingVeryLong."

Declared by:

<nixpkgs/nixos/modules/services/cluster/panamax.nix>
services.parsoid.enable

Whether to enable Parsoid -- bidirectional wikitext parser.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/parsoid.nix>
services.parsoid.extraConfig

Extra configuration to add to parsoid configuration.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/misc/parsoid.nix>
services.parsoid.interface

Interface to listen on.

Type: "string"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/misc/parsoid.nix>
services.parsoid.interwikis

Used MediaWiki API endpoints.

Type: "attribute set of strings"

Example: { localhost = "http://localhost/api.php"; }

Declared by:

<nixpkgs/nixos/modules/services/misc/parsoid.nix>
services.parsoid.port

Port to listen on.

Type: "integer"

Default: 8000

Declared by:

<nixpkgs/nixos/modules/services/misc/parsoid.nix>
services.parsoid.workers

Number of Parsoid workers.

Type: "integer"

Default: 2

Declared by:

<nixpkgs/nixos/modules/services/misc/parsoid.nix>
services.pcscd.enable

Whether to enable the PCSC-Lite daemon.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/pcscd.nix>
services.peerflix.downloadDir

Peerflix temporary download directory.

Type: "path"

Default: "/var/lib/peerflix/torrents"

Declared by:

<nixpkgs/nixos/modules/services/torrent/peerflix.nix>
services.peerflix.enable

Whether to enable peerflix service.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/torrent/peerflix.nix>
services.peerflix.stateDir

Peerflix state directory.

Type: "path"

Default: "/var/lib/peerflix"

Declared by:

<nixpkgs/nixos/modules/services/torrent/peerflix.nix>
services.phd.enable

Enable daemons for phabricator.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/phd.nix>
services.phpfpm.extraConfig

Extra configuration that should be put in the global section of the PHP FPM configuration file. Do not specify the options pid, error_log or daemonize here, since they are generated by NixOS.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/web-servers/phpfpm.nix>
services.phpfpm.phpIni

php.ini file to use.

Type: "path"

Default: "/nix/store/sjknl3aba3rpb5iin9h8n42gijxcby9a-php-5.4.39/etc/php-recommended.ini"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/phpfpm.nix>
services.phpfpm.phpPackage

The PHP package to use for running the FPM service.

Type: "unspecified"

Default: (build of php-5.4.39)

Declared by:

<nixpkgs/nixos/modules/services/web-servers/phpfpm.nix>
services.phpfpm.poolConfigs

A mapping between PHP FPM pool names and their configurations. See the documentation on php-fpm.conf for details on configuration directives. If no pools are defined, the phpfpm service is disabled.

Type: "attribute set of strings"

Default: { }

Example: { mypool = "listen = /run/phpfpm/mypool\nuser = nobody\npm = dynamic\npm.max_children = 75\npm.start_servers = 10\npm.min_spare_servers = 5\npm.max_spare_servers = 20\npm.max_requests = 500\n"; }

Declared by:

<nixpkgs/nixos/modules/services/web-servers/phpfpm.nix>
services.polipo.allowedClients

List of IP addresses or network addresses that may connect to Polipo.

Type: "list of strings"

Default: [ "127.0.0.1" "::1" ]

Example: [ "127.0.0.1" "::1" "134.157.168.0/24" "2001:660:116::/48" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/polipo.nix>
services.polipo.enable

Whether to run the polipo caching web proxy.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/polipo.nix>
services.polipo.extraConfig

Polio configuration. Contents will be added verbatim to the configuration file.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/polipo.nix>
services.polipo.parentProxy

Hostname and port number of an HTTP parent proxy; it should have the form ‘host:port’.

Type: "string"

Default: ""

Example: "localhost:8124"

Declared by:

<nixpkgs/nixos/modules/services/networking/polipo.nix>
services.polipo.proxyAddress

IP address on which Polipo will listen.

Type: "string"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/networking/polipo.nix>
services.polipo.proxyPort

TCP port on which Polipo will listen.

Type: "integer"

Default: 8123

Declared by:

<nixpkgs/nixos/modules/services/networking/polipo.nix>
services.polipo.socksParentProxy

Hostname and port number of an SOCKS parent proxy; it should have the form ‘host:port’.

Type: "string"

Default: ""

Example: "localhost:9050"

Declared by:

<nixpkgs/nixos/modules/services/networking/polipo.nix>
services.postfix.destination

Full (!) list of domains we deliver locally. Leave blank for acceptable Postfix default.

Type: "unspecified"

Default: null

Example: [ "localhost" ]

Declared by:

<nixpkgs/nixos/modules/services/mail/postfix.nix>
services.postfix.domain

Domain to use. Leave blank to use hostname minus first component.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/mail/postfix.nix>
services.postfix.enable

Whether to run the Postfix mail server.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/mail/postfix.nix>
services.postfix.extraAliases

Additional entries to put verbatim into aliases file.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/mail/postfix.nix>
services.postfix.extraConfig

Extra lines to be added verbatim to the main.cf configuration file.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/mail/postfix.nix>
services.postfix.extraMasterConf

Extra lines to append to the generated master.cf file.

Type: "unspecified"

Default: ""

Example: "submission inet n - n - - smtpd"

Declared by:

<nixpkgs/nixos/modules/services/mail/postfix.nix>
services.postfix.group

What to call the Postfix group (must be used only for postfix).

Type: "unspecified"

Default: "postfix"

Declared by:

<nixpkgs/nixos/modules/services/mail/postfix.nix>
services.postfix.hostname

Hostname to use. Leave blank to use just the hostname of machine. It should be FQDN.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/mail/postfix.nix>
services.postfix.lookupMX

Whether relay specified is just domain whose MX must be used.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/mail/postfix.nix>
services.postfix.networks

Net masks for trusted - allowed to relay mail to third parties - hosts. Leave empty to use mynetworks_style configuration or use default (localhost-only).

Type: "unspecified"

Default: null

Example: [ "192.168.0.1/24" ]

Declared by:

<nixpkgs/nixos/modules/services/mail/postfix.nix>
services.postfix.networksStyle

Name of standard way of trusted network specification to use, leave blank if you specify it explicitly or if you want to use default (localhost-only).

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/mail/postfix.nix>
services.postfix.origin

Origin to use in outgoing e-mail. Leave blank to use hostname.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/mail/postfix.nix>
services.postfix.postmasterAlias

Who should receive postmaster e-mail.

Type: "unspecified"

Default: "root"

Declared by:

<nixpkgs/nixos/modules/services/mail/postfix.nix>
services.postfix.recipientDelimiter

Delimiter for address extension: so mail to user+test can be handled by ~user/.forward+test

Type: "unspecified"

Default: ""

Example: "+"

Declared by:

<nixpkgs/nixos/modules/services/mail/postfix.nix>
services.postfix.relayDomains

List of domains we agree to relay to. Default is the same as destination.

Type: "unspecified"

Default: null

Example: [ "localdomain" ]

Declared by:

<nixpkgs/nixos/modules/services/mail/postfix.nix>
services.postfix.relayHost

Mail relay for outbound mail.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/mail/postfix.nix>
services.postfix.rootAlias

Who should receive root e-mail. Blank for no redirection.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/mail/postfix.nix>
services.postfix.setSendmail

Whether to set the system sendmail to postfix's.

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/mail/postfix.nix>
services.postfix.setgidGroup

How to call postfix setgid group (for postdrop). Should be uniquely used group.

Type: "unspecified"

Default: "postdrop"

Declared by:

<nixpkgs/nixos/modules/services/mail/postfix.nix>
services.postfix.sslCACert

SSL certificate of CA.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/mail/postfix.nix>
services.postfix.sslCert

SSL certificate to use.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/mail/postfix.nix>
services.postfix.sslKey

SSL key to use.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/mail/postfix.nix>
services.postfix.user

What to call the Postfix user (must be used only for postfix).

Type: "unspecified"

Default: "postfix"

Declared by:

<nixpkgs/nixos/modules/services/mail/postfix.nix>
services.postfix.virtual

Entries for the virtual alias map.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/mail/postfix.nix>
services.postgresql.authentication

Defines how users authenticate themselves to the server. By default, "trust" access to local users will always be granted along with any other custom options. If you do not want this, set this option using "lib.mkForce" to override this behaviour.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/databases/postgresql.nix>
services.postgresql.dataDir

Data directory for PostgreSQL.

Type: "path"

Default: "/var/db/postgresql"

Declared by:

<nixpkgs/nixos/modules/services/databases/postgresql.nix>
services.postgresql.enable

Whether to run PostgreSQL.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/databases/postgresql.nix>
services.postgresql.enableTCPIP

Whether PostgreSQL should listen on all network interfaces. If disabled, the database can only be accessed via its Unix domain socket or via TCP connections to localhost.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/databases/postgresql.nix>
services.postgresql.extraConfig

Additional text to be appended to postgresql.conf.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/databases/postgresql.nix>
services.postgresql.extraPlugins

When this list contains elements a new store path is created. PostgreSQL and the elments are symlinked into it. Then pg_config, postgres and pc_ctl are copied to make them use the new $out/lib directory as pkglibdir. This makes it possible to use postgis without patching the .sql files which reference $libdir/postgis-1.5.

Type: "list of paths"

Default: [ ]

Example:

pkgs.postgis

Declared by:

<nixpkgs/nixos/modules/services/databases/postgresql.nix>
services.postgresql.identMap

Defines the mapping from system users to database users.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/databases/postgresql.nix>
services.postgresql.initialScript

A file containing SQL statements to execute on first startup.

Type: "null or path"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/databases/postgresql.nix>
services.postgresql.port

The port on which PostgreSQL listens.

Type: "integer"

Default: 5432

Declared by:

<nixpkgs/nixos/modules/services/databases/postgresql.nix>
services.postgresql.recoveryConfig

Contents of the recovery.conf file.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/databases/postgresql.nix>
services.postgresqlBackup.databases

List of database names to dump.

Type: "unspecified"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
services.postgresqlBackup.enable

Whether to enable PostgreSQL dumps.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
services.postgresqlBackup.location

Location to put the gzipped PostgreSQL database dumps.

Type: "unspecified"

Default: "/var/backup/postgresql"

Declared by:

<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
services.postgresqlBackup.period

This option defines (in the format used by cron) when the databases should be dumped. The default is to update at 01:15 (at night) every day.

Type: "unspecified"

Default: "15 01 * * *"

Declared by:

<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
services.prayer.enable

Whether to run the prayer webmail http server.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/prayer.nix>
services.prayer.extraConfig

Extra configuration. Contents will be added verbatim to the configuration file.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/prayer.nix>
services.prayer.port

Port the prayer http server is listening to.

Type: "unspecified"

Default: "2080"

Declared by:

<nixpkgs/nixos/modules/services/networking/prayer.nix>
services.prey.apiKey

API key obtained from https://panel.preyproject.com/profile

Type: "string"

Declared by:

<nixpkgs/nixos/modules/security/prey.nix>
services.prey.deviceKey

Device Key obtained from https://panel.preyproject.com/devices (and clicking on the device)

Type: "string"

Declared by:

<nixpkgs/nixos/modules/security/prey.nix>
services.prey.enable

Enables http://preyproject.com/ bash client. Be sure to specify api and device keys. Once setup, cronjob will run evert 15 minutes and report status.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/prey.nix>
services.printing.browsedConf

The contents of the configuration. file of the CUPS Browsed daemon (cups-browsed.conf)

Type: "string"

Default: ""

Example:

''
BrowsePoll cups.example.com
''

Declared by:

<nixpkgs/nixos/modules/services/printing/cupsd.nix>
services.printing.clientConf

The contents of the client configuration. (client.conf)

Type: "string"

Default: ""

Example:

''
ServerName server.example.com
Encryption Never
''

Declared by:

<nixpkgs/nixos/modules/services/printing/cupsd.nix>
services.printing.cupsFilesConf

The contents of the configuration file of the CUPS daemon (cups-files.conf).

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/printing/cupsd.nix>
services.printing.cupsdConf

The contents of the configuration file of the CUPS daemon (cupsd.conf).

Type: "string"

Default: ""

Example:

''
BrowsePoll cups.example.com
LogLevel debug
''

Declared by:

<nixpkgs/nixos/modules/services/printing/cupsd.nix>
services.printing.drivers

CUPS drivers to use. Drivers provided by CUPS, cups-filters, Ghostscript and Samba are added unconditionally.

Type: "list of paths"

Example:

[ pkgs.splix ]

Declared by:

<nixpkgs/nixos/modules/services/printing/cupsd.nix>
services.printing.enable

Whether to enable printing support through the CUPS daemon.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/printing/cupsd.nix>
services.printing.extraConf

Extra contents of the configuration file of the CUPS daemon (cupsd.conf).

Type: "string"

Default: ""

Example:

''
BrowsePoll cups.example.com
LogLevel debug
''

Declared by:

<nixpkgs/nixos/modules/services/printing/cupsd.nix>
services.printing.listenAddresses

A list of addresses and ports on which to listen.

Type: "list of strings"

Default: [ "127.0.0.1:631" ]

Example: [ "*:631" ]

Declared by:

<nixpkgs/nixos/modules/services/printing/cupsd.nix>
services.printing.tempDir

CUPSd temporary directory.

Type: "path"

Default: "/tmp"

Example: "/tmp/cups"

Declared by:

<nixpkgs/nixos/modules/services/printing/cupsd.nix>
services.privoxy.actionsFiles

List of paths to Privoxy action files. These paths may either be absolute or relative to the privoxy configuration directory.

Type: "list of strings"

Default: [ "match-all.action" "default.action" ]

Example: [ "match-all.action" "default.action" "/etc/privoxy/user.action" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/privoxy.nix>
services.privoxy.enable

Whether to enable the Privoxy non-caching filtering proxy.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/privoxy.nix>
services.privoxy.enableEditActions

Whether or not the web-based actions file editor may be used.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/privoxy.nix>
services.privoxy.extraConfig

Extra configuration. Contents will be added verbatim to the configuration file.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/privoxy.nix>
services.privoxy.filterFiles

List of paths to Privoxy filter files. These paths may either be absolute or relative to the privoxy configuration directory.

Type: "list of strings"

Default: [ "default.filter" ]

Example: [ "default.filter" "/etc/privoxy/user.filter" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/privoxy.nix>
services.privoxy.listenAddress

Address the proxy server is listening to.

Type: "string"

Default: "127.0.0.1:8118"

Declared by:

<nixpkgs/nixos/modules/services/networking/privoxy.nix>
services.prosody.admins

List of administrators of the current host

Type: "unspecified"

Default: [ ]

Example: [ "admin1@example.com" "admin2@example.com" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.prosody.allowRegistration

Allow account creation

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.prosody.enable

Whether to enable the prosody server

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.prosody.extraConfig

Additional prosody configuration

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.prosody.extraModules

Enable custom modules

Type: "unspecified"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.prosody.modules.bosh

Enable BOSH clients, aka 'Jabber over HTTP'

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.prosody.modules.console

telnet to port 5582

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.prosody.modules.dialback

s2s dialback support

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.prosody.modules.disco

Service discovery

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.prosody.modules.httpserver

Serve static files from a directory over HTTP

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.prosody.modules.legacyauth

Legacy authentication. Only used by some old clients and bots

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.prosody.modules.ping

Replies to XMPP pings with pongs

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.prosody.modules.roster

Allow users to have a roster

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.prosody.modules.saslauth

Authentication for clients and servers. Recommended if you want to log in.

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.prosody.modules.time

Let others know the time here on this server

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.prosody.modules.tls

Add support for secure TLS on c2s/s2s connections

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.prosody.modules.uptime

Report how long server has been running

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.prosody.modules.version

Replies to server version requests

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.prosody.modules.websocket

Enable WebSocket support

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.prosody.ssl

Paths to SSL files

Type: "unspecified"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.prosody.virtualHosts

Define the virtual hosts

Type: "list or attribute set of submodules"

Default: { localhost = { domain = "localhost"; enabled = true; } ; }

Example: { myhost = { domain = "my-xmpp-example-host.org"; enabled = true; } ; }

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.prosody.virtualHosts.<name?>.domain

Domain name

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.prosody.virtualHosts.<name?>.enabled

Whether to enable the virtual host

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.prosody.virtualHosts.<name?>.extraConfig

Additional virtual host specific configuration

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.prosody.virtualHosts.<name?>.ssl

Paths to SSL files

Type: "unspecified"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/prosody.nix>
services.psd.browsers

A list of browsers to sync. Available choices are: chromium chromium-dev conkeror.mozdev.org epiphany firefox firefox-trunk google-chrome google-chrome-beta google-chrome-unstable heftig-aurora icecat luakit midori opera opera-developer opera-beta qupzilla palemoon rekonq seamonkey An empty list will enable all browsers.

Type: "list of strings"

Default: [ ]

Example: [ "chromium" "firefox" ]

Declared by:

<nixpkgs/nixos/modules/services/desktops/profile-sync-daemon.nix>
services.psd.daemonFile

Where the pid and backup configuration files will be stored.

Type: "string"

Default: "/run/psd"

Declared by:

<nixpkgs/nixos/modules/services/desktops/profile-sync-daemon.nix>
services.psd.enable

Whether to enable the Profile Sync daemon.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/desktops/profile-sync-daemon.nix>
services.psd.resyncTimer

The amount of time to wait before syncing browser profiles back to the disk. Takes a systemd.unit time span. The time unit defaults to seconds if omitted.

Type: "string"

Default: "1h"

Example: "1h 30min"

Declared by:

<nixpkgs/nixos/modules/services/desktops/profile-sync-daemon.nix>
services.psd.users

A list of users whose browser profiles should be sync'd to tmpfs.

Type: "list of strings"

Default: [ ]

Example: [ "demo" ]

Declared by:

<nixpkgs/nixos/modules/services/desktops/profile-sync-daemon.nix>
services.psd.volatile

The directory where browser profiles should reside(this should be mounted as a tmpfs). Do not include a trailing backslash.

Type: "string"

Default: "/run/psd-profiles"

Declared by:

<nixpkgs/nixos/modules/services/desktops/profile-sync-daemon.nix>
services.quassel.dataDir

The directory holding configuration files, the SQlite database and the SSL Cert.

Type: "unspecified"

Default: "/home/quassel/.config/quassel-irc.org"

Declared by:

<nixpkgs/nixos/modules/services/networking/quassel.nix>
services.quassel.enable

Whether to run the Quassel IRC client daemon.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/quassel.nix>
services.quassel.interface

The interface the Quassel daemon will be listening to. If `127.0.0.1', only clients on the local host can connect to it; if `0.0.0.0', clients can access it from any network interface.

Type: "unspecified"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/networking/quassel.nix>
services.quassel.portNumber

The port number the Quassel daemon will be listening to.

Type: "unspecified"

Default: 4242

Declared by:

<nixpkgs/nixos/modules/services/networking/quassel.nix>
services.quassel.user

The existing user the Quassel daemon should run as. If left empty, a default "quassel" user will be created.

Type: "unspecified"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/quassel.nix>
services.rabbitmq.config

Verbatim configuration file contents. See http://www.rabbitmq.com/configure.htm

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
services.rabbitmq.cookie

Erlang cookie is a string of arbitrary length which must be the same for several nodes to be allowed to communicate. Leave empty to generate automatically.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
services.rabbitmq.dataDir

Data directory for rabbitmq.

Type: "path"

Default: "/var/lib/rabbitmq"

Declared by:

<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
services.rabbitmq.enable

Whether to enable the RabbitMQ server, an Advanced Message Queuing Protocol (AMQP) broker.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
services.rabbitmq.listenAddress

IP address on which RabbitMQ will listen for AMQP connections. Set to the empty string to listen on all interfaces. Note that RabbitMQ creates a user named guest with password guest by default, so you should delete this user if you intend to allow external access.

Type: "string"

Default: "127.0.0.1"

Example: ""

Declared by:

<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
services.rabbitmq.plugins

The names of plugins to enable

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
services.rabbitmq.port

Port on which RabbitMQ will listen for AMQP connections.

Type: "integer"

Default: 5672

Declared by:

<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
services.radicale.config

Radicale configuration, this will set the service configuration file

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/radicale.nix>
services.radicale.enable

Enable Radicale CalDAV and CardDAV server

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/radicale.nix>
services.radvd.config

The contents of the radvd configuration file.

Type: "unspecified"

Example:

''
interface eth0 {
  AdvSendAdvert on;
  prefix 2001:db8:1234:5678::/64 { };
};
''

Declared by:

<nixpkgs/nixos/modules/services/networking/radvd.nix>
services.radvd.enable

Whether to enable the Router Advertisement Daemon (radvd), which provides link-local advertisements of IPv6 router addresses and prefixes using the Neighbor Discovery Protocol (NDP). This enables stateless address autoconfiguration in IPv6 clients on the network.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/radvd.nix>
services.rdnssd.enable

Whether to enable the RDNSS daemon (rdnssd), which configures DNS servers in /etc/resolv.conf from RDNSS advertisements sent by IPv6 routers.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/rdnssd.nix>
services.redis.appendFsync

How often to fsync the append-only log, options: no, always, everysec.

Type: "string"

Default: "everysec"

Declared by:

<nixpkgs/nixos/modules/services/databases/redis.nix>
services.redis.appendOnly

By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/databases/redis.nix>
services.redis.appendOnlyFilename

Filename for the append-only file (stored inside of dbpath)

Type: "string"

Default: "appendonly.aof"

Declared by:

<nixpkgs/nixos/modules/services/databases/redis.nix>
services.redis.bind

The IP interface to bind to.

Type: "null or string"

Default: null

Example: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/databases/redis.nix>
services.redis.databases

Set the number of databases.

Type: "integer"

Default: 16

Declared by:

<nixpkgs/nixos/modules/services/databases/redis.nix>
services.redis.dbFilename

The filename where to dump the DB.

Type: "string"

Default: "dump.rdb"

Declared by:

<nixpkgs/nixos/modules/services/databases/redis.nix>
services.redis.dbpath

The DB will be written inside this directory, with the filename specified using the 'dbFilename' configuration.

Type: "path"

Default: "/var/lib/redis"

Declared by:

<nixpkgs/nixos/modules/services/databases/redis.nix>
services.redis.enable

Whether to enable the Redis server.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/databases/redis.nix>
services.redis.extraConfig

Extra configuration options for redis.conf.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/databases/redis.nix>
services.redis.logLevel

Specify the server verbosity level, options: debug, verbose, notice, warning.

Type: "string"

Default: "notice"

Example: "debug"

Declared by:

<nixpkgs/nixos/modules/services/databases/redis.nix>
services.redis.logfile

Specify the log file name. Also 'stdout' can be used to force Redis to log on the standard output.

Type: "string"

Default: "/dev/null"

Example: "/var/log/redis.log"

Declared by:

<nixpkgs/nixos/modules/services/databases/redis.nix>
services.redis.masterAuth

If the master is password protected (using the requirePass configuration) it is possible to tell the slave to authenticate before starting the replication synchronization process, otherwise the master will refuse the slave request. (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)

Type: "unspecified"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/databases/redis.nix>
services.redis.pidFile

Type: "path"

Default: "/var/lib/redis/redis.pid"

Declared by:

<nixpkgs/nixos/modules/services/databases/redis.nix>
services.redis.port

The port for Redis to listen to.

Type: "integer"

Default: 6379

Declared by:

<nixpkgs/nixos/modules/services/databases/redis.nix>
services.redis.requirePass

Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)

Type: "null or string"

Default: null

Example: "letmein!"

Declared by:

<nixpkgs/nixos/modules/services/databases/redis.nix>
services.redis.save

The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes.

Type: "list of list of integerss"

Default: [ [ 900 1 ] [ 300 10 ] [ 60 10000 ] ]

Example: [ [ 900 1 ] [ 300 10 ] [ 60 10000 ] ]

Declared by:

<nixpkgs/nixos/modules/services/databases/redis.nix>
services.redis.slaveOf

An attribute set with two attributes: ip and port to which this redis instance acts as a slave.

Type: "unspecified"

Default: null

Example: { ip = "192.168.1.100"; port = 6379; }

Declared by:

<nixpkgs/nixos/modules/services/databases/redis.nix>
services.redis.slowLogLogSlowerThan

Log queries whose execution take longer than X in milliseconds.

Type: "integer"

Default: 10000

Example: 1000

Declared by:

<nixpkgs/nixos/modules/services/databases/redis.nix>
services.redis.slowLogMaxLen

Maximum number of items to keep in slow log.

Type: "integer"

Default: 128

Declared by:

<nixpkgs/nixos/modules/services/databases/redis.nix>
services.redis.syslog

Enable logging to the system logger.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/databases/redis.nix>
services.redis.unixSocket

The path to the socket to bind to.

Type: "null or path"

Default: null

Example: "/var/run/redis.sock"

Declared by:

<nixpkgs/nixos/modules/services/databases/redis.nix>
services.redis.user

User account under which Redis runs.

Type: "string"

Default: "redis"

Declared by:

<nixpkgs/nixos/modules/services/databases/redis.nix>
services.redmine.databaseHost

Database hostname

Type: "string"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/misc/redmine.nix>
services.redmine.databaseName

Database name

Type: "string"

Default: "redmine"

Declared by:

<nixpkgs/nixos/modules/services/misc/redmine.nix>
services.redmine.databasePassword

Database user password

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/misc/redmine.nix>
services.redmine.databaseUsername

Database user

Type: "string"

Default: "redmine"

Declared by:

<nixpkgs/nixos/modules/services/misc/redmine.nix>
services.redmine.enable

Enable the redmine service.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/redmine.nix>
services.redmine.extraConfig

Extra configuration in configuration.yml

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/misc/redmine.nix>
services.redmine.plugins

Set of plugins

Type: "attribute set of paths"

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/misc/redmine.nix>
services.redmine.stateDir

The state directory, logs and plugins are stored here

Type: "string"

Default: "/var/redmine"

Declared by:

<nixpkgs/nixos/modules/services/misc/redmine.nix>
services.redmine.themes

Set of themes

Type: "attribute set of paths"

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/misc/redmine.nix>
services.redshift.brightness.day

Screen brightness to apply during the day (between 0.1 and 1.0)

Type: "string"

Default: "1"

Declared by:

<nixpkgs/nixos/modules/services/x11/redshift.nix>
services.redshift.brightness.night

Screen brightness to apply during the night (between 0.1 and 1.0)

Type: "string"

Default: "1"

Declared by:

<nixpkgs/nixos/modules/services/x11/redshift.nix>
services.redshift.enable

Enable Redshift to change your screen's colour temperature depending on the time of day

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/redshift.nix>
services.redshift.latitude

Your current latitude

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/x11/redshift.nix>
services.redshift.longitude

Your current longitude

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/x11/redshift.nix>
services.redshift.temperature.day

Colour temperature to use during day time

Type: "integer"

Default: 5500

Declared by:

<nixpkgs/nixos/modules/services/x11/redshift.nix>
services.redshift.temperature.night

Colour temperature to use during night time

Type: "integer"

Default: 3700

Declared by:

<nixpkgs/nixos/modules/services/x11/redshift.nix>
services.resolved.enable

Enables the systemd dns resolver daemon.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
services.riemann.config

Contents of the Riemann configuration file.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/riemann.nix>
services.riemann.configFiles

Extra files containing Riemann configuration. These files will be loaded at runtime by Riemann (with Clojure's load-file function) at the end of the configuration.

Type: "list of paths"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/monitoring/riemann.nix>
services.riemann.enable

Enable the Riemann network monitoring daemon.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/riemann.nix>
services.riemann.extraClasspathEntries

Extra entries added to the Java classpath when running Riemann.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/monitoring/riemann.nix>
services.riemann.extraJavaOpts

Extra Java options used when launching Riemann.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/monitoring/riemann.nix>
services.riemann-dash.config

Contents added to the end of the riemann-dash configuration file.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/riemann-dash.nix>
services.riemann-dash.dataDir

Location of the riemann-base dir. The dashboard configuration file is is stored to this directory. The directory is created automatically on service start, and owner is set to the riemanndash user.

Type: "string"

Default: "/var/riemann-dash"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/riemann-dash.nix>
services.riemann-dash.enable

Enable the riemann-dash dashboard daemon.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/riemann-dash.nix>
services.rippleDataApi.couchdb.create

Whether to create couchdb database needed by ripple data api.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
services.rippleDataApi.couchdb.db

Ripple data api couchdb database.

Type: "string"

Default: "rippled"

Declared by:

<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
services.rippleDataApi.couchdb.host

Ripple data api couchdb host.

Type: "string"

Default: "localhost"

Declared by:

<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
services.rippleDataApi.couchdb.pass

Ripple data api couchdb password.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
services.rippleDataApi.couchdb.port

Ripple data api couchdb port.

Type: "integer"

Default: 5984

Declared by:

<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
services.rippleDataApi.couchdb.user

Ripple data api couchdb username.

Type: "string"

Default: "rippled"

Declared by:

<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
services.rippleDataApi.enable

Whether to enable Whether to enable ripple data api..

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
services.rippleDataApi.port

Ripple data api port

Type: "integer"

Default: 5993

Declared by:

<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
services.rippleDataApi.redis.enable

Whether to enable caching of ripple data to redis.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
services.rippleDataApi.redis.host

Ripple data api redis host.

Type: "string"

Default: "localhost"

Declared by:

<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
services.rippleDataApi.redis.port

Ripple data api redis port.

Type: "integer"

Default: 5984

Declared by:

<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
services.rippleDataApi.rippleds

List of rippleds to be used by ripple data api.

Type: "list of strings"

Default: [ "http://s_east.ripple.com:51234" "http://s_west.ripple.com:51234" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
services.rippled.databasePath

Path to the ripple database.

Type: "path"

Default: "/var/lib/rippled/db"

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.enable

Whether to enable Whether to enable rippled.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.extraConfig

Extra lines to be added verbatim to the rippled.cfg configuration file.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.fetchDepth

The number of past ledgers to serve to other peers that request historical ledger data (or "full" for no limit).

Type: "integer or one of full"

Default: "full"

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.importDb

Settings for performing a one-time import.

Type: "null or submodule"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.importDb.advisoryDelete

If set, then require administrative RPC call "can_delete" to enable online deletion of ledger records.

Type: "null or boolean"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.importDb.compression

Whether to enable snappy compression.

Type: "null or boolean"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.importDb.extraOpts

Extra database options.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.importDb.onlineDelete

Enable automatic purging of older ledger information.

Type: "null or integer"

Default: 1296000

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.importDb.path

Location to store the database.

Type: "path"

Default: "/var/lib/rippled/db"

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.importDb.type

Rippled database type.

Type: "one of rocksdb, nudb, sqlite"

Default: "rocksdb"

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.ips

List of hostnames or ips where the Ripple protocol is served. For a starter list, you can either copy entries from: https://ripple.com/ripple.txt or if you prefer you can let it default to r.ripple.com 51235 A port may optionally be specified after adding a space to the address. By convention, if known, IPs are listed in from most to least trusted.

Type: "list of strings"

Default: [ "r.ripple.com 51235" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.ipsFixed

List of IP addresses or hostnames to which rippled should always attempt to maintain peer connections with. This is useful for manually forming private networks, for example to configure a validation server that connects to the Ripple network through a public-facing server, or for building a set of cluster peers. A port may optionally be specified after adding a space to the address

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.ledgerHistory

The number of past ledgers to acquire on server startup and the minimum to maintain while running.

Type: "integer or one of full"

Default: 1296000

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.logLevel

Logging verbosity.

Type: "one of debug, error, info"

Default: "error"

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.nodeDb

Rippled main database options.

Type: "null or submodule"

Default: { extraOpts = " open_files=2000\n filter_bits=12\n cache_mb=256\n file_size_pb=8\n file_size_mult=2;\n "; type = "rocksdb"; }

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.nodeDb.advisoryDelete

If set, then require administrative RPC call "can_delete" to enable online deletion of ledger records.

Type: "null or boolean"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.nodeDb.compression

Whether to enable snappy compression.

Type: "null or boolean"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.nodeDb.extraOpts

Extra database options.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.nodeDb.onlineDelete

Enable automatic purging of older ledger information.

Type: "null or integer"

Default: 1296000

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.nodeDb.path

Location to store the database.

Type: "path"

Default: "/var/lib/rippled/db"

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.nodeDb.type

Rippled database type.

Type: "one of rocksdb, nudb, sqlite"

Default: "rocksdb"

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.nodeSize

Rippled size of the node you are running. "tiny", "small", "medium", "large", and "huge"

Type: "one of tiny, small, medium, large, huge"

Default: "small"

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.ports

Ports exposed by rippled

Type: "attribute set of submodules"

Default: { peer = { ip = "0.0.0.0"; port = 51235; protocol = [ "peer" ] ; } ; rpc = { admin = true; port = 5005; protocol = [ "http" ] ; } ; ws_public = { ip = "0.0.0.0"; port = 5006; protocol = [ "ws" "wss" ] ; } ; }

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.ports.<name>.admin

Controls whether or not administrative commands are allowed.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.ports.<name>.ip

Ip where rippled listens.

Type: "string"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.ports.<name>.password

When set, these credentials will be required on HTTP/S requests.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.ports.<name>.port

Port where rippled listens.

Type: "integer"

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.ports.<name>.protocol

Protocols expose by rippled.

Type: "list of one of http, https, ws, wss, peers"

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.ports.<name>.ssl.cert

Specifies the path to the SSL certificate file in PEM format. This is not needed if the chain includes it.

Type: "null or path"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.ports.<name>.ssl.chain

If you need a certificate chain, specify the path to the certificate chain here. The chain may include the end certificate.

Type: "null or path"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.ports.<name>.ssl.key

Specifies the filename holding the SSL key in PEM format.

Type: "null or path"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.ports.<name>.user

When set, these credentials will be required on HTTP/S requests.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.sntpServers

IP address or domain of NTP servers to use for time synchronization.;

Type: "list of strings"

Default: [ "time.windows.com" "time.apple.com" "time.nist.gov" "pool.ntp.org" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.tempDb

Rippled temporary database options.

Type: "null or submodule"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.tempDb.advisoryDelete

If set, then require administrative RPC call "can_delete" to enable online deletion of ledger records.

Type: "null or boolean"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.tempDb.compression

Whether to enable snappy compression.

Type: "null or boolean"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.tempDb.extraOpts

Extra database options.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.tempDb.onlineDelete

Enable automatic purging of older ledger information.

Type: "null or integer"

Default: 1296000

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.tempDb.path

Location to store the database.

Type: "path"

Default: "/var/lib/rippled/db"

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.tempDb.type

Rippled database type.

Type: "one of rocksdb, nudb, sqlite"

Default: "rocksdb"

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.validationQuorum

The minimum number of trusted validations a ledger must have before the server considers it fully validated.

Type: "integer"

Default: 3

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rippled.validators

List of nodes to always accept as validators. Nodes are specified by domain or public key.

Type: "list of strings"

Default: [ "n949f75evCHwgyP4fPVgaHqNHxUVN15PsJEZ3B3HnXPcPjcZAoy7 RL1" "n9MD5h24qrQqiyBC8aeqqCWvpiBiYQ3jxSr91uiDvmrkyHRdYLUj RL2" "n9L81uNCaPgtUJfaHh89gmdvXKAmSt5Gdsw2g1iPWaPkAHW5Nm4C RL3" "n9KiYM9CgngLvtRCQHZwgC2gjpdaZcCcbt3VboxiNFcKuwFVujzS RL4" "n9LdgEtkmGB9E2h3K4Vp7iGUaKuq23Zr32ehxiU8FWY7xoxbWTSA RL5" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/rippled.nix>
services.rogue.enable

Whether to enable the Rogue game on one of the virtual consoles.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/rogue.nix>
services.rogue.tty

Virtual console on which to run Rogue.

Type: "string"

Default: "tty9"

Declared by:

<nixpkgs/nixos/modules/services/misc/rogue.nix>
services.rpcbind.enable

Whether to enable `rpcbind', an ONC RPC directory service notably used by NFS and NIS, and which can be queried using the rpcinfo(1) command. `rpcbind` is a replacement for `portmap`.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/rpcbind.nix>
services.rsnapshot.cronIntervals

Periodicity at which intervals should be run by cron. Note that the intervals also have to exist in configuration as retain options.

Type: "attribute set of strings"

Default: { }

Example: { daily = "50 21 * * *"; hourly = "0 * * * *"; }

Declared by:

<nixpkgs/nixos/modules/services/backup/rsnapshot.nix>
services.rsnapshot.enable

Whether to enable rsnapshot backups.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/backup/rsnapshot.nix>
services.rsnapshot.extraConfig

rsnapshot configuration option in addition to the defaults from rsnapshot and this module. Note that tabs are required to separate option arguments, and directory names require trailing slashes. The "extra" in the option name might be a little misleading right now, as it is required to get a functional configuration.

Type: "string"

Default: ""

Example:

''
retains hourly 24
retain daily 365
backup /home/ localhost/
''

Declared by:

<nixpkgs/nixos/modules/services/backup/rsnapshot.nix>
services.rsyncd.address

IP address the daemon will listen on; rsyncd will listen on all addresses if this is not specified.

Type: "unspecified"

Default: ""

Example: "192.168.1.2"

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
services.rsyncd.enable

Whether to enable the rsync daemon.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
services.rsyncd.extraConfig

Lines of configuration to add to rsyncd globally. See man rsyncd.conf for options.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
services.rsyncd.modules

A set describing exported directories. See man rsyncd.conf for options.

Type: "attribute set of attribute set of stringss"

Default: { }

Example: { srv = { comment = "Public rsync share."; path = "/srv"; read only = "yes"; } ; }

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
services.rsyncd.motd

Message of the day to display to clients on each connect. This usually contains site information and any legal notices.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
services.rsyncd.port

TCP port the daemon will listen on.

Type: "integer"

Default: 873

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
services.rsyslogd.defaultConfig

The default syslog.conf file configures a fairly standard setup of log files, which can be extended by means of extraConfig.

Type: "string"

Default:

''
# "local1" is used for dhcpd messages.
local1.*                     -/var/log/dhcpd

mail.*                       -/var/log/mail

*.=warning;*.=err            -/var/log/warn
*.crit                        /var/log/warn

*.*;mail.none;local1.none    -/var/log/messages
''

Declared by:

<nixpkgs/nixos/modules/services/logging/rsyslogd.nix>
services.rsyslogd.enable

Whether to enable syslogd. Note that systemd also logs syslog messages, so you normally don't need to run syslogd.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/logging/rsyslogd.nix>
services.rsyslogd.extraConfig

Additional text appended to syslog.conf, i.e. the contents of defaultConfig.

Type: "string"

Default: ""

Example: "news.* -/var/log/news"

Declared by:

<nixpkgs/nixos/modules/services/logging/rsyslogd.nix>
services.rsyslogd.extraParams

Additional parameters passed to rsyslogd.

Type: "list of strings"

Default: [ ]

Example: [ "-m 0" ]

Declared by:

<nixpkgs/nixos/modules/services/logging/rsyslogd.nix>
services.sabnzbd.configFile

Path to config file. (You need to create this file yourself!)

Type: "unspecified"

Default: "/var/sabnzbd/sabnzbd.ini"

Declared by:

<nixpkgs/nixos/modules/services/networking/sabnzbd.nix>
services.sabnzbd.enable

Whether to enable the sabnzbd FTP server.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/sabnzbd.nix>
services.samba.configText

Verbatim contents of smb.conf. If null (default), use the autogenerated file from NixOS instead.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
services.samba.enable

Whether to enable Samba, which provides file and print services to Windows clients through the SMB/CIFS protocol.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
services.samba.extraConfig

Additional global section and extra section lines go in here.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
services.samba.invalidUsers

List of users who are denied to login via Samba.

Type: "list of strings"

Default: [ "root" ]

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
services.samba.nsswins

Whether to enable the WINS NSS (Name Service Switch) plug-in. Enabling it allows applications to resolve WINS/NetBIOS names (a.k.a. Windows machine names) by transparently querying the winbindd daemon.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
services.samba.securityType

Samba security type

Type: "string"

Default: "user"

Example: "share"

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
services.samba.shares

A set describing shared resources. See man smb.conf for options.

Type: "attribute set of attribute set of unspecifiedss"

Default: { }

Example: { srv = { comment = "Public samba share."; path = "/srv"; read only = "yes"; } ; }

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
services.samba.syncPasswordsByPam

Enabling this will add a line directly after pam_unix.so. Whenever a password is changed the samba password will be updated as well. However you still yave to add the samba password once using smbpasswd -a user If you don't want to maintain an extra pwd database you still can send plain text passwords which is not secure.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
services.scollector.bosunHost

Host and port of the bosun server that will store the collected data.

Type: "string"

Default: "localhost:8070"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
services.scollector.collectors

An attribute set mapping the frequency of collection to a list of binaries that should be executed at that frequency. You can use "0" to run a binary forever.

Type: "attribute set"

Default: { }

Example:

{ 0 = [ "${postgresStats}/bin/collect-stats" ]; }

Declared by:

<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
services.scollector.enable

Whether to run scollector.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
services.scollector.extraOpts

Extra scollector command line options

Type: "list of strings"

Default: [ ]

Example: [ "-d" ]

Declared by:

<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
services.scollector.group

Group account under which scollector runs.

Type: "string"

Default: "scollector"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
services.scollector.user

User account under which scollector runs.

Type: "string"

Default: "scollector"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
services.searx.configFile

The path of the Searx server configuration file. If no file is specified, a default file is used (default config file has debug mode enabled).

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/searx.nix>
services.searx.enable

Whether to enable the Searx server. See https://github.com/asciimoo/searx

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/searx.nix>
services.seeks.confDir

The Seeks server configuration. If it is not specified, a default configuration is used (/nix/store/ginb3s4q3v3zhc7l6wsm4bs9swfmlnyv-seeks-0.4.1/etc/seeks).

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/seeks.nix>
services.seeks.enable

Whether to enable the Seeks server.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/seeks.nix>
services.siproxd.enable

Whether to enable the Siproxd SIP proxy/masquerading daemon.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/siproxd.nix>
services.siproxd.extraConfig

Extra configuration to add to siproxd configuration.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/misc/siproxd.nix>
services.siproxd.hostsAllowReg

Acess control list for incoming SIP registrations.

Type: "list of strings"

Default: [ ]

Example: [ "192.168.1.0/24" "192.168.2.0/24" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/siproxd.nix>
services.siproxd.hostsAllowSip

Acess control list for incoming SIP traffic.

Type: "list of strings"

Default: [ ]

Example: [ "123.45.0.0/16" "123.46.0.0/16" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/siproxd.nix>
services.siproxd.hostsDenySip

Acess control list for denying incoming SIP registrations and traffic.

Type: "list of strings"

Default: [ ]

Example: [ "10.0.0.0/8" "11.0.0.0/8" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/siproxd.nix>
services.siproxd.ifInbound

Local network interface

Type: "string"

Example: "eth0"

Declared by:

<nixpkgs/nixos/modules/services/misc/siproxd.nix>
services.siproxd.ifOutbound

Public network interface

Type: "string"

Example: "ppp0"

Declared by:

<nixpkgs/nixos/modules/services/misc/siproxd.nix>
services.siproxd.passwordFile

Path to per-user password file.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/misc/siproxd.nix>
services.siproxd.rtpDscp

DSCP (differentiated services) value to be assigned to RTP packets. Allows QOS aware routers to handle different types traffic with different priorities.

Type: "integer"

Default: 46

Declared by:

<nixpkgs/nixos/modules/services/misc/siproxd.nix>
services.siproxd.rtpPortHigh

Top of UDP port range for incoming and outgoing RTP traffic

Type: "integer"

Default: 7089

Declared by:

<nixpkgs/nixos/modules/services/misc/siproxd.nix>
services.siproxd.rtpPortLow

Bottom of UDP port range for incoming and outgoing RTP traffic

Type: "integer"

Default: 7070

Declared by:

<nixpkgs/nixos/modules/services/misc/siproxd.nix>
services.siproxd.rtpTimeout

Timeout for an RTP stream. If for the specified number of seconds no data is relayed on an active stream, it is considered dead and will be killed.

Type: "integer"

Default: 300

Declared by:

<nixpkgs/nixos/modules/services/misc/siproxd.nix>
services.siproxd.sipDscp

DSCP (differentiated services) value to be assigned to SIP packets. Allows QOS aware routers to handle different types traffic with different priorities.

Type: "integer"

Default: 0

Declared by:

<nixpkgs/nixos/modules/services/misc/siproxd.nix>
services.siproxd.sipListenPort

Port to listen for incoming SIP messages.

Type: "integer"

Default: 5060

Declared by:

<nixpkgs/nixos/modules/services/misc/siproxd.nix>
services.sitecopy.backups

List of attributesets describing the backups. Username/password are extracted from /var/spool/sitecopy/sitecopy.secrets at activation time. The secrets file lines should have the following structure:

  server username password

Type: "unspecified"

Default: [ ]

Example: [ { https = true; local = "/tmp/backup"; name = "test"; protocol = "webdav"; remote = "/staff-groups/ewi/st/strategoxt/backup/test"; server = "webdata.tudelft.nl"; symlinks = "maintain"; } ]

Declared by:

<nixpkgs/nixos/modules/services/backup/sitecopy-backup.nix>
services.sitecopy.enable

Whether to enable sitecopy backups of specified directories.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/backup/sitecopy-backup.nix>
services.sitecopy.period

This option defines (in the format used by cron) when the sitecopy backup are being run. The default is to update at 04:15 (at night) every day.

Type: "unspecified"

Default: "15 04 * * *"

Declared by:

<nixpkgs/nixos/modules/services/backup/sitecopy-backup.nix>
services.slurm.client.enable

Whether to enable slurm rlient daemon.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
services.slurm.controlAddr

Name that ControlMachine should be referred to in establishing a communications path.

Type: "null or string"

Default: null

Example: null

Declared by:

<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
services.slurm.controlMachine

The short hostname of the machine where SLURM control functions are executed (i.e. the name returned by the command "hostname -s", use "tux001" rather than "tux001.my.com").

Type: "null or string"

Default: null

Example: null

Declared by:

<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
services.slurm.extraConfig

Extra configuration options that will be added verbatim at the end of the slurm configuration file.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
services.slurm.nodeName

Name that SLURM uses to refer to a node (or base partition for BlueGene systems). Typically this would be the string that "/bin/hostname -s" returns. Note that now you have to write node's parameters after the name.

Type: "null or string"

Default: null

Example: "linux[1-32] CPUs=1 State=UNKNOWN"

Declared by:

<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
services.slurm.partitionName

Name by which the partition may be referenced. Note that now you have to write patrition's parameters after the name.

Type: "null or string"

Default: null

Example: "debug Nodes=linux[1-32] Default=YES MaxTime=INFINITE State=UP"

Declared by:

<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
services.slurm.server.enable

Whether to enable slurm control daemon.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
services.smartd.deviceOpts

Additional options for each device that is monitored. The example turns on SMART Automatic Offline Testing on startup, and schedules short self-tests daily, and long self-tests weekly.

Type: "string"

Default: ""

Example: "-o on -s (S/../.././02|L/../../7/04)"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
services.smartd.devices

List of devices to monitor. By default -- if this list is empty --, smartd will monitor all devices connected to the machine at the time it's being run. Configuring this option has the added benefit of enabling e-mail notifications to "root" every time smartd detects an error.

Type: "list of submodules"

Default: [ ]

Example: [ { device = "/dev/sda"; } { device = "/dev/sdb"; options = "-d sat"; } ]

Declared by:

<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
services.smartd.devices.*.device

Location of the device.

Type: "string"

Example: "/dev/sda"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
services.smartd.devices.*.options

Options that determine how smartd monitors the device.

Type: "string"

Default: ""

Example: "-d sat"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
services.smartd.enable

Run smartd from the smartmontools package. Note that e-mail notifications will not be enabled unless you configure the list of devices with services.smartd.devices as well.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
services.solr.enable

Enables the solr service.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/search/solr.nix>
services.solr.extraJars

List of paths pointing to jars. Jars are copied to commonLibFolder to be available to java/solr.

Type: "list of paths"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/search/solr.nix>
services.solr.extraJavaOptions

Extra command line options given to the java process running solr.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/search/solr.nix>
services.solr.extraWinstoneOptions

Extra command line options given to the Winstone, which is the servlet container hosting solr.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/search/solr.nix>
services.solr.group

The group that will own the working directory.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/search/solr.nix>
services.solr.log4jConfiguration

Contents of the log4j.properties used. By default, everything is logged to stdout (picked up by systemd) with level INFO.

Type: "string"

Default:

''
log4j.rootLogger=INFO, stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.Target=System.out
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n
''

Declared by:

<nixpkgs/nixos/modules/services/search/solr.nix>
services.solr.solrHome

The solr home directory. It is your own responsibility to make sure this directory contains a working solr configuration, and is writeable by the the user running the solr service. Failing to do so, the solr will not start properly.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/search/solr.nix>
services.solr.user

The user that should run the solr process and. the working directories.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/search/solr.nix>
services.spamassassin.debug

Whether to run the SpamAssassin daemon in debug mode.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/mail/spamassassin.nix>
services.spamassassin.enable

Whether to run the SpamAssassin daemon.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/mail/spamassassin.nix>
services.spiped.config

Configuration for a secure pipe daemon. The daemon can be started, stopped, or examined using systemctl, under the name spiped@foo.

Type: "attribute set of submodules"

Default: { }

Example:

{
  pipe1 =
    { keyfile = "/var/lib/spiped/pipe1.key";
      encrypt = true;
      source  = "localhost:6000";
      target  = "endpoint.example.com:7000";
    };
  pipe2 =
    { keyfile = "/var/lib/spiped/pipe2.key";
      decrypt = true;
      source  = "0.0.0.0:7000";
      target  = "localhost:3000";
    };
}

Declared by:

<nixpkgs/nixos/modules/services/networking/spiped.nix>
services.spiped.config.<name>.decrypt

Take encrypted connections from the source socket and send unencrypted connections to the target socket.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/spiped.nix>
services.spiped.config.<name>.disableKeepalives

Disable transport layer keep-alives.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/spiped.nix>
services.spiped.config.<name>.disableReresolution

Disable target address re-resolution.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/spiped.nix>
services.spiped.config.<name>.encrypt

Take unencrypted connections from the source socket and send encrypted connections to the target socket.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/spiped.nix>
services.spiped.config.<name>.keyfile

Name of a file containing the spiped key. As the daemon runs as the spiped user, the key file must be somewhere owned by that user. By default, we recommend putting the keys for any spipe services in /var/lib/spiped.

Type: "path"

Declared by:

<nixpkgs/nixos/modules/services/networking/spiped.nix>
services.spiped.config.<name>.maxConns

Limit on the number of simultaneous connections allowed.

Type: "integer"

Default: 100

Declared by:

<nixpkgs/nixos/modules/services/networking/spiped.nix>
services.spiped.config.<name>.resolveRefresh

Resolution refresh time for the target socket, in seconds.

Type: "integer"

Default: 60

Declared by:

<nixpkgs/nixos/modules/services/networking/spiped.nix>
services.spiped.config.<name>.source

Address on which spiped should listen for incoming connections. Must be in one of the following formats: /absolute/path/to/unix/socket, host.name:port, [ip.v4.ad.dr]:port or [ipv6::addr]:port - note that hostnames are resolved when spiped is launched and are not re-resolved later; thus if DNS entries change spiped will continue to connect to the expired address.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/networking/spiped.nix>
services.spiped.config.<name>.target

Address to which spiped should connect.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/networking/spiped.nix>
services.spiped.config.<name>.timeout

Timeout, in seconds, after which an attempt to connect to the target or a protocol handshake will be aborted (and the connection dropped) if not completed

Type: "integer"

Default: 5

Declared by:

<nixpkgs/nixos/modules/services/networking/spiped.nix>
services.spiped.config.<name>.waitForDNS

Wait for DNS. Normally when spiped is launched it resolves addresses and binds to its source socket before the parent process returns; with this option it will daemonize first and retry failed DNS lookups until they succeed. This allows spiped to launch even if DNS isn't set up yet, but at the expense of losing the guarantee that once spiped has finished launching it will be ready to create pipes.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/spiped.nix>
services.spiped.config.<name>.weakHandshake

Use fast/weak handshaking: This reduces the CPU time spent in the initial connection setup, at the expense of losing perfect forward secrecy.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/spiped.nix>
services.spiped.enable

Enable the spiped service module.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/spiped.nix>
services.sshd.enable

Alias of services.openssh.enable.

Type: "unspecified"

Declared by:

<nixpkgs/nixos/modules/rename.nix>
services.sslh.appendConfig

Verbatim configuration file.

Type: "string"

Default:

''
protocols:
(
  { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; },
  { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; },
  { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; },
  { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; },
  { name: "ssl"; host: "localhost"; port: "443"; probe: "builtin"; },
  { name: "anyprot"; host: "localhost"; port: "443"; probe: "builtin"; }
);
''

Declared by:

<nixpkgs/nixos/modules/services/networking/sslh.nix>
services.sslh.enable

Whether to enable sslh.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/sslh.nix>
services.sslh.host

Listening hostname.

Type: "string"

Default: "nixos"

Declared by:

<nixpkgs/nixos/modules/services/networking/sslh.nix>
services.sslh.pidfile

PID file path for sslh daemon.

Type: "path"

Default: "/run/sslh.pid"

Declared by:

<nixpkgs/nixos/modules/services/networking/sslh.nix>
services.sslh.port

Listening port.

Type: "integer"

Default: 443

Declared by:

<nixpkgs/nixos/modules/services/networking/sslh.nix>
services.sslh.timeout

Timeout in seconds.

Type: "integer"

Default: 2

Declared by:

<nixpkgs/nixos/modules/services/networking/sslh.nix>
services.sslh.verbose

Verbose logs.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/sslh.nix>
services.statsd.backends

List of backends statsd will use for data persistence

Type: "list of string or derivations"

Default: [ "graphite" ]

Example: [ "graphite" (build of nodejs-statsd-influxdb-backend-0.4.0) ]

Declared by:

<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
services.statsd.enable

Whether to enable statsd stats aggregation service

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
services.statsd.extraConfig

Extra configuration options for statsd

Type: "null or string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
services.statsd.graphiteHost

Hostname or IP of Graphite server

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
services.statsd.graphitePort

Port of Graphite server (i.e. carbon-cache).

Type: "null or integer"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
services.statsd.host

Address that statsd listens on over UDP

Type: "string"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
services.statsd.mgmt_address

Address to run management TCP interface on

Type: "string"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
services.statsd.mgmt_port

Port to run the management TCP interface on

Type: "integer"

Default: 8126

Declared by:

<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
services.statsd.port

Port that stats listens for messages on over UDP

Type: "integer"

Default: 8125

Declared by:

<nixpkgs/nixos/modules/services/monitoring/statsd.nix>
services.strongswan.ca

A set of CAs (certification authorities) and their options for the ‘ca xxx’ sections of the ipsec.conf file.

Type: "attribute set of attribute set of stringss"

Default: { }

Example: { strongswan = { auto = "add"; cacert = "/run/keys/strongswanCert.pem"; crluri = "http://crl2.strongswan.org/strongswan.crl"; } ; }

Declared by:

<nixpkgs/nixos/modules/services/networking/strongswan.nix>
services.strongswan.connections

A set of connections and their options for the ‘conn xxx’ sections of the ipsec.conf file.

Type: "attribute set of attribute set of stringss"

Default: { }

Example: { %default = { keyexchange = "ikev2"; keyingtries = "1"; } ; roadwarrior = { auto = "add"; leftcert = "/run/keys/moonCert.pem"; leftid = "@moon.strongswan.org"; leftsubnet = "10.1.0.0/16"; right = "%any"; } ; }

Declared by:

<nixpkgs/nixos/modules/services/networking/strongswan.nix>
services.strongswan.enable

Whether to enable strongSwan.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/strongswan.nix>
services.strongswan.secrets

A list of paths to IPSec secret files. These files will be included into the main ipsec.secrets file with the include directive. It is safer if these paths are absolute.

Type: "list of paths"

Default: [ ]

Example: [ "/run/keys/ipsec-foo.secret" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/strongswan.nix>
services.strongswan.setup

A set of options for the ‘config setup’ section of the ipsec.conf file. Defines general configuration parameters.

Type: "attribute set of strings"

Default: { }

Example: { cachecrls = "yes"; strictcrlpolicy = "yes"; }

Declared by:

<nixpkgs/nixos/modules/services/networking/strongswan.nix>
services.supybot.configFile

Path to a supybot config file. This can be generated by running supybot-wizard. Note: all paths should include the full path to the stateDir directory (backup conf data logs logs/plugins plugins tmp web).

Type: "path"

Declared by:

<nixpkgs/nixos/modules/services/networking/supybot.nix>
services.supybot.enable

Enable Supybot, an IRC bot

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/supybot.nix>
services.supybot.stateDir

The root directory, logs and plugins are stored here

Type: "unspecified"

Default: "/home/supybot"

Declared by:

<nixpkgs/nixos/modules/services/networking/supybot.nix>
services.svnserve.enable

Whether to enable svnserve to serve Subversion repositories through the SVN protocol.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/svnserve.nix>
services.svnserve.svnBaseDir

Base directory from which Subversion repositories are accessed.

Type: "unspecified"

Default: "/repos"

Declared by:

<nixpkgs/nixos/modules/services/misc/svnserve.nix>
services.syncthing.dataDir

Path where the `.syncthing` (settings and keys) and `Sync` (your synced files) directories will exist. This can be your home directory.

Type: "unspecified"

Default: "/var/lib/syncthing"

Declared by:

<nixpkgs/nixos/modules/services/networking/syncthing.nix>
services.syncthing.enable

Whether to enable the Syncthing, self-hosted open-source alternative to Dropbox and BittorrentSync. Initial interface will be available on http://127.0.0.1:8080/.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/syncthing.nix>
services.syncthing.user

Syncthing will be run under this user (user must exist, this can be your user name).

Type: "unspecified"

Default: "syncthing"

Declared by:

<nixpkgs/nixos/modules/services/networking/syncthing.nix>
services.synergy.client.autoStart

Whether the Synergy client should be started automatically.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/misc/synergy.nix>
services.synergy.client.enable

Whether to enable the Synergy client (receive keyboard and mouse events from a Synergy server).

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/synergy.nix>
services.synergy.client.screenName

Use the given name instead of the hostname to identify ourselves to the server.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/misc/synergy.nix>
services.synergy.client.serverAddress

The server address is of the form: [hostname][:port]. The hostname must be the address or hostname of the server. The port overrides the default port, 24800.

Type: "unspecified"

Declared by:

<nixpkgs/nixos/modules/services/misc/synergy.nix>
services.synergy.server.address

Address on which to listen for clients.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/misc/synergy.nix>
services.synergy.server.autoStart

Whether the Synergy server should be started automatically.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/misc/synergy.nix>
services.synergy.server.configFile

The Synergy server configuration file.

Type: "unspecified"

Default: "/etc/synergy-server.conf"

Declared by:

<nixpkgs/nixos/modules/services/misc/synergy.nix>
services.synergy.server.enable

Whether to enable the Synergy server (send keyboard and mouse events).

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/synergy.nix>
services.synergy.server.screenName

Use the given name instead of the hostname to identify this screen in the configuration.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/misc/synergy.nix>
services.syslog-ng.configHeader

The very first lines of the configuration file. Should usually contain the syslog-ng version header.

Type: "string"

Default:

''
@version: 3.6
@include "scl.conf"
''

Declared by:

<nixpkgs/nixos/modules/services/logging/syslog-ng.nix>
services.syslog-ng.enable

Whether to enable the syslog-ng daemon.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/logging/syslog-ng.nix>
services.syslog-ng.extraConfig

Configuration added to the end of syslog-ng.conf.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/logging/syslog-ng.nix>
services.syslog-ng.extraModulePaths

A list of paths that should be included in syslog-ng's --module-path option. They should usually end in /lib/syslog-ng

Type: "list of strings"

Default: [ ]

Example:

[ "${pkgs.syslogng_incubator}/lib/syslog-ng" ]

Declared by:

<nixpkgs/nixos/modules/services/logging/syslog-ng.nix>
services.syslogd.defaultConfig

The default syslog.conf file configures a fairly standard setup of log files, which can be extended by means of extraConfig.

Type: "string"

Default:

''
# Send emergency messages to all users.
*.emerg                       *

# "local1" is used for dhcpd messages.
local1.*                     -/var/log/dhcpd

mail.*                       -/var/log/mail

*.=warning;*.=err            -/var/log/warn
*.crit                        /var/log/warn

*.*;mail.none;local1.none    -/var/log/messages
''

Declared by:

<nixpkgs/nixos/modules/services/logging/syslogd.nix>
services.syslogd.enable

Whether to enable syslogd. Note that systemd also logs syslog messages, so you normally don't need to run syslogd.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/logging/syslogd.nix>
services.syslogd.enableNetworkInput

Accept logging through UDP. Option -r of syslogd(8).

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/logging/syslogd.nix>
services.syslogd.extraConfig

Additional text appended to syslog.conf, i.e. the contents of defaultConfig.

Type: "string"

Default: ""

Example: "news.* -/var/log/news"

Declared by:

<nixpkgs/nixos/modules/services/logging/syslogd.nix>
services.syslogd.extraParams

Additional parameters passed to syslogd.

Type: "list of strings"

Default: [ ]

Example: [ "-m 0" ]

Declared by:

<nixpkgs/nixos/modules/services/logging/syslogd.nix>
services.syslogd.tty

The tty device on which syslogd will print important log messages. Leave this option blank to disable tty logging.

Type: "string"

Default: "tty10"

Declared by:

<nixpkgs/nixos/modules/services/logging/syslogd.nix>
services.systemhealth.drives

Drives to monitor.

Type: "unspecified"

Default: [ ]

Example: [ { name = "root"; path = "/"; } ]

Declared by:

<nixpkgs/nixos/modules/services/monitoring/systemhealth.nix>
services.systemhealth.enable

Enable the system health monitor and its generation of graphs.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/systemhealth.nix>
services.systemhealth.interfaces

Interfaces to monitor (minimum one).

Type: "unspecified"

Default: [ "lo" ]

Example: [ "lo" "eth0" "eth1" ]

Declared by:

<nixpkgs/nixos/modules/services/monitoring/systemhealth.nix>
services.systemhealth.urlPrefix

The URL prefix under which the System Health web pages appear in httpd.

Type: "unspecified"

Default: "/health"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/systemhealth.nix>
services.tarsnap.archives

Tarsnap archive configurations. Each attribute names an archive to be created at a given time interval, according to the options associated with it. When uploading to the tarsnap server, archive names are suffixed by a 1 second resolution timestamp. For each member of the set is created a timer which triggers the instanced tarsnap@ service unit. You may use systemctl start tarsnap@archive-name to manually trigger creation of archive-name at any time.

Type: "attribute set of submodules"

Default: { }

Example:

{
  nixos =
    { directories = [ "/home" "/root/ssl" ];
    };

  gamedata =
    { directories = [ "/var/lib/minecraft "];
      period      = "*:30";
    };
}

Declared by:

<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
services.tarsnap.archives.<name>.aggressiveNetworking

Upload data over multiple TCP connections, potentially increasing tarsnap's bandwidth utilisation at the cost of slowing down all other network traffic. Not recommended unless TCP congestion is the dominant limiting factor.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
services.tarsnap.archives.<name>.checkpointBytes

Create a checkpoint every checkpointBytes of uploaded data (optionally specified using an SI prefix). 1GB is the minimum value. A higher value is recommended, as checkpointing is expensive. Set to null to disable checkpointing.

Type: "null or string"

Default: "1GB"

Declared by:

<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
services.tarsnap.archives.<name>.directories

List of filesystem paths to archive.

Type: "list of paths"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
services.tarsnap.archives.<name>.excludes

Exclude files and directories matching these patterns.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
services.tarsnap.archives.<name>.includes

Include only files and directories matching these patterns (the empty list includes everything). Exclusions have precedence over inclusions.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
services.tarsnap.archives.<name>.lowmem

Reduce memory consumption by not caching small files. Possibly beneficial if the average file size is smaller than 1 MB and the number of files is lower than the total amount of RAM in KB.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
services.tarsnap.archives.<name>.maxbw

Abort archival if upstream bandwidth usage in bytes exceeds this threshold.

Type: "null or integer"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
services.tarsnap.archives.<name>.maxbwRateDown

Download bandwidth rate limit in bytes.

Type: "null or integer"

Default: null

Example:

50 * 1000

Declared by:

<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
services.tarsnap.archives.<name>.maxbwRateUp

Upload bandwidth rate limit in bytes.

Type: "null or integer"

Default: null

Example:

25 * 1000

Declared by:

<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
services.tarsnap.archives.<name>.nodump

Exclude files with the nodump flag.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
services.tarsnap.archives.<name>.period

Create archive at this interval. The format is described in systemd.time(7).

Type: "string"

Default: "01:15"

Example: "hourly"

Declared by:

<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
services.tarsnap.archives.<name>.printStats

Print global archive statistics upon completion. The output is available via systemctl status tarsnap@archive-name.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
services.tarsnap.archives.<name>.verylowmem

Reduce memory consumption by a factor of 2 beyond what lowmem does, at the cost of significantly slowing down the archiving process.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
services.tarsnap.cachedir

The cache allows tarsnap to identify previously stored data blocks, reducing archival time and bandwidth usage. Should the cache become desynchronized or corrupted, tarsnap will refuse to run until you manually rebuild the cache with tarsnap --fsck. Set to null to disable caching.

Type: "null or path"

Default: "/var/cache/tarsnap"

Declared by:

<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
services.tarsnap.enable

Enable periodic tarsnap backups.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
services.tarsnap.keyfile

The keyfile which associates this machine with your tarsnap account. Create the keyfile with tarsnap-keygen. The keyfile name should be given as a string and not a path, to avoid the key being copied into the Nix store.

Type: "string"

Default: "/root/tarsnap.key"

Declared by:

<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
services.tcsd.conformanceCred

Path to the conformance credential for your TPM. See also the platformCred option

Type: "path"

Default: "/var/lib/tpm/conformance.cert"

Declared by:

<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
services.tcsd.enable

Whether to enable tcsd, a Trusted Computing management service that provides TCG Software Stack (TSS). The tcsd daemon is the only portal to the Trusted Platform Module (TPM), a hardware chip on the motherboard.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
services.tcsd.endorsementCred

Path to the endorsement credential for your TPM. See also the platformCred option

Type: "path"

Default: "/var/lib/tpm/endorsement.cert"

Declared by:

<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
services.tcsd.group

Group account under which tcsd runs.

Type: "string"

Default: "tss"

Declared by:

<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
services.tcsd.platformCred

Path to the platform credential for your TPM. Your TPM manufacturer may have provided you with a set of credentials (certificates) that should be used when creating identities using your TPM. When a user of your TPM makes an identity, this credential will be encrypted as part of that process. See the 1.1b TPM Main specification section 9.3 for information on this process.

Type: "path"

Default: "/var/lib/tpm/platform.cert"

Declared by:

<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
services.tcsd.stateDir

The location of the system persistent storage file. The system persistent storage file holds keys and data across restarts of the TCSD and system reboots.

Type: "path"

Default: "/var/lib/tpm"

Declared by:

<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
services.tcsd.user

User account under which tcsd runs.

Type: "string"

Default: "tss"

Declared by:

<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
services.teamspeak3.dataDir

Directory to store TS3 database and other state/data files.

Type: "path"

Default: "/var/lib/teamspeak3-server"

Declared by:

<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
services.teamspeak3.defaultVoicePort

Default UDP port for clients to connect to virtual servers - used for first virtual server, subsequent ones will open on incrementing port numbers by default.

Type: "integer"

Default: 9987

Declared by:

<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
services.teamspeak3.enable

Whether to run the Teamspeak3 voice communication server daemon.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
services.teamspeak3.fileTransferIP

IP on which the server instance will listen for incoming file transfer connections. Defaults to any IP.

Type: "string"

Default: "0.0.0.0"

Declared by:

<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
services.teamspeak3.fileTransferPort

TCP port opened for file transfers.

Type: "integer"

Default: 30033

Declared by:

<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
services.teamspeak3.logPath

Directory to store log files in.

Type: "path"

Default: "/var/log/teamspeak3-server/"

Declared by:

<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
services.teamspeak3.queryIP

IP on which the server instance will listen for incoming ServerQuery connections. Defaults to any IP.

Type: "string"

Default: "0.0.0.0"

Declared by:

<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
services.teamspeak3.queryPort

TCP port opened for ServerQuery connections.

Type: "integer"

Default: 10011

Declared by:

<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
services.teamspeak3.voiceIP

IP on which the server instance will listen for incoming voice connections. Defaults to any IP.

Type: "string"

Default: "0.0.0.0"

Declared by:

<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
services.teamviewer.enable

Whether to enable teamviewer daemon.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/monitoring/teamviewer.nix>
services.telepathy.enable

Whether to enable Telepathy service, a communications framework that enables real-time communication via pluggable protocol backends.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/desktops/telepathy.nix>
services.tftpd.enable

Whether to enable tftpd, a Trivial File Transfer Protocol server.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/tftpd.nix>
services.tftpd.path

Where the tftp server files are stored.

Type: "path"

Default: "/home/tftp"

Declared by:

<nixpkgs/nixos/modules/services/networking/tftpd.nix>
services.thermald.enable

Whether to enable thermald, the temperature management daemon.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/thermald.nix>
services.thinkfan.enable

Whether to enable thinkfan, fan controller for ibm/lenovo thinkpads.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
services.thinkfan.sensor

Sensor used by thinkfan

Type: "unspecified"

Default: "/proc/acpi/ibm/thermal"

Declared by:

<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
services.timesyncd.enable

Enables the systemd ntp client daemon.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
services.tinc.networks

Defines the tinc networks which will be started. Each network invokes a different daemon.

Type: "list or attribute set of submodules"

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/networking/tinc.nix>
services.tinc.networks.<name?>.debugLevel

The amount of debugging information to add to the log. 0 means little logging while 5 is the most logging. man tincd for more details.

Type: "integer"

Default: 0

Declared by:

<nixpkgs/nixos/modules/services/networking/tinc.nix>
services.tinc.networks.<name?>.extraConfig

Extra lines to add to the tinc service configuration file.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/tinc.nix>
services.tinc.networks.<name?>.hosts

The name of the host in the network as well as the configuration for that host. This name should only contain alphanumerics and underscores.

Type: "list or attribute set of strings"

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/networking/tinc.nix>
services.tinc.networks.<name?>.interfaceType

The type of virtual interface used for the network connection

Type: "string"

Default: "tun"

Declared by:

<nixpkgs/nixos/modules/services/networking/tinc.nix>
services.tinc.networks.<name?>.name

The name of the node which is used as an identifier when communicating with the remote nodes in the mesh. If null then the hostname of the system is used.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/tinc.nix>
services.tinc.networks.<name?>.package

The package to use for the tinc daemon's binary.

Type: "unspecified"

Default: (build of tinc-1.1pre-2015-03-14)

Declared by:

<nixpkgs/nixos/modules/services/networking/tinc.nix>
services.tlp.enable

Whether to enable the TLP daemon.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/tlp.nix>
services.tlp.extraConfig

Additional configuration variables for TLP

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/hardware/tlp.nix>
services.tlsdated.enable

Enable tlsdated daemon.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/tlsdated.nix>
services.tlsdated.extraOptions

Additional command line arguments to pass to tlsdated.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/networking/tlsdated.nix>
services.tlsdated.sources

You can list one or more sources to fetch time from.

Type: "list of submodules"

Default: [ { host = "www.ptb.de"; port = 443; proxy = null; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/tlsdated.nix>
services.tlsdated.sources.*.host

Remote hostname.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/networking/tlsdated.nix>
services.tlsdated.sources.*.port

Remote port.

Type: "integer"

Declared by:

<nixpkgs/nixos/modules/services/networking/tlsdated.nix>
services.tlsdated.sources.*.proxy

The proxy argument expects HTTP, SOCKS4A or SOCKS5 formatted as followed: http://127.0.0.1:8118 socks4a://127.0.0.1:9050 socks5://127.0.0.1:9050 The proxy support should not leak DNS requests and is suitable for use with Tor.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/tlsdated.nix>
services.tomcat.axis2.enable

Whether to enable an Apache Axis2 container

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
services.tomcat.axis2.services

List containing AAR files or directories with AAR files which are web services to be deployed on Axis2

Type: "unspecified"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
services.tomcat.baseDir

Location where Tomcat stores configuration files, webapplications and logfiles

Type: "unspecified"

Default: "/var/tomcat"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
services.tomcat.catalinaOpts

Parameters to pass to the Java Virtual Machine which spawns the Catalina servlet container

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
services.tomcat.commonLibs

List containing JAR files or directories with JAR files which are libraries shared by the web applications and the servlet container

Type: "unspecified"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
services.tomcat.enable

Whether to enable Apache Tomcat

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
services.tomcat.extraGroups

Defines extra groups to which the tomcat user belongs.

Type: "unspecified"

Default: [ ]

Example: [ "users" ]

Declared by:

<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
services.tomcat.group

Group account under which Apache Tomcat runs.

Type: "unspecified"

Default: "tomcat"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
services.tomcat.javaOpts

Parameters to pass to the Java Virtual Machine which spawns Apache Tomcat

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
services.tomcat.jdk

Which JDK to use.

Type: "unspecified"

Default: (build of )

Declared by:

<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
services.tomcat.logPerVirtualHost

Whether to enable logging per virtual host.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
services.tomcat.sharedLibs

List containing JAR files or directories with JAR files which are libraries shared by the web applications

Type: "unspecified"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
services.tomcat.user

User account under which Apache Tomcat runs.

Type: "unspecified"

Default: "tomcat"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
services.tomcat.virtualHosts

List consisting of a virtual host name and a list of web applications to deploy on each virtual host

Type: "unspecified"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
services.tomcat.webapps

List containing WAR files or directories with WAR files which are web applications to be deployed on Tomcat

Type: "unspecified"

Default: [ (build of apache-tomcat-7.0.55) ]

Declared by:

<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
services.tor.client.enable

Whether to enable Tor daemon to route application connections. You might want to disable this if you plan running a dedicated Tor relay.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/security/tor.nix>
services.tor.client.privoxy.enable

Whether to enable and configure the system Privoxy to use Tor's faster port, suitable for HTTP. To have anonymity, protocols need to be scrubbed of identifying information, and this can be accomplished for HTTP by Privoxy. Privoxy can also be useful for KDE torification. A good setup would be: setting SOCKS proxy to the default Tor port, providing maximum circuit isolation where possible; and setting HTTP proxy to Privoxy to route HTTP traffic over faster, but less isolated port.

Type: "unspecified"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/security/tor.nix>
services.tor.client.socksListenAddress

Bind to this address to listen for connections from Socks-speaking applications. Provides strong circuit isolation, separate circuit per IP address.

Type: "string"

Default: "127.0.0.1:9050"

Example: "192.168.0.1:9100"

Declared by:

<nixpkgs/nixos/modules/services/security/tor.nix>
services.tor.client.socksListenAddressFaster

Bind to this address to listen for connections from Socks-speaking applications. Same as socksListenAddress but uses weaker circuit isolation to provide performance suitable for a web browser.

Type: "string"

Default: "127.0.0.1:9063"

Example: "192.168.0.1:9101"

Declared by:

<nixpkgs/nixos/modules/services/security/tor.nix>
services.tor.client.socksPolicy

Entry policies to allow/deny SOCKS requests based on IP address. First entry that matches wins. If no SocksPolicy is set, we accept all (and only) requests from SocksListenAddress.

Type: "null or string"

Default: null

Example: "accept 192.168.0.0/16, reject *"

Declared by:

<nixpkgs/nixos/modules/services/security/tor.nix>
services.tor.controlPort

If set, Tor will accept connections on the specified port and allow them to control the tor process.

Type: "integer"

Default: 0

Example: 9051

Declared by:

<nixpkgs/nixos/modules/services/security/tor.nix>
services.tor.enable

Enable the Tor daemon. By default, the daemon is run without relay, exit, bridge or client connectivity.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/security/tor.nix>
services.tor.extraConfig

Extra configuration. Contents will be added verbatim to the configuration file at the end.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/security/tor.nix>
services.tor.relay.accountingMax

Specify maximum bandwidth allowed during an accounting period. This allows you to limit overall tor bandwidth over some time period. See the AccountingMax option by looking at the tor manual (man tor) for more. Note this limit applies individually to upload and download; if you specify "500 GBytes" here, then you may transfer up to 1 TBytes of overall bandwidth (500 GB upload, 500 GB download).

Type: "null or string"

Default: null

Example: "450 GBytes"

Declared by:

<nixpkgs/nixos/modules/services/security/tor.nix>
services.tor.relay.accountingStart

Specify length of an accounting period. This allows you to limit overall tor bandwidth over some time period. See the AccountingStart option by looking at the tor manual (man tor) for more.

Type: "null or string"

Default: null

Example: "month 1 1:00"

Declared by:

<nixpkgs/nixos/modules/services/security/tor.nix>
services.tor.relay.bandwidthBurst

Specify this to allow bursts of the bandwidth usage of relayed (server) traffic. The average usage will still be as specified in relayBandwidthRate. Your own traffic is still unthrottled. Units: bytes/second.

Type: "integer"

Default: 0

Example: 200

Declared by:

<nixpkgs/nixos/modules/services/security/tor.nix>
services.tor.relay.bandwidthRate

Specify this to limit the bandwidth usage of relayed (server) traffic. Your own traffic is still unthrottled. Units: bytes/second.

Type: "integer"

Default: 0

Example: 100

Declared by:

<nixpkgs/nixos/modules/services/security/tor.nix>
services.tor.relay.contactInfo

Contact information for the relay owner (e.g. a mail address and GPG key ID).

Type: "null or string"

Default: null

Example: "admin@relay.com"

Declared by:

<nixpkgs/nixos/modules/services/security/tor.nix>
services.tor.relay.enable

Whether to enable relaying TOR traffic for others. See https://www.torproject.org/docs/tor-doc-relay for details.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/security/tor.nix>
services.tor.relay.exitPolicy

A comma-separated list of exit policies. They're considered first to last, and the first match wins. If you want to _replace_ the default exit policy, end this with either a reject *:* or an accept *:*. Otherwise, you're _augmenting_ (prepending to) the default exit policy. Leave commented to just use the default, which is available in the man page or at https://www.torproject.org/documentation.html Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses for issues you might encounter if you use the default exit policy. If certain IPs and ports are blocked externally, e.g. by your firewall, you should update your exit policy to reflect this -- otherwise Tor users will be told that those destinations are down.

Type: "null or string"

Default: null

Example: "accept *:6660-6667,reject *:*"

Declared by:

<nixpkgs/nixos/modules/services/security/tor.nix>
services.tor.relay.isBridge

Bridge relays (or "bridges") are Tor relays that aren't listed in the main directory. Since there is no complete public list of them, even if an ISP is filtering connections to all the known Tor relays, they probably won't be able to block all the bridges. A bridge relay can't be an exit relay. You need to set relay.enable to true for this option to take effect. The bridge is set up with an obfuscated transport proxy. See https://www.torproject.org/bridges.html.en for more info.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/security/tor.nix>
services.tor.relay.isExit

An exit relay allows Tor users to access regular Internet services. Unlike running a non-exit relay, running an exit relay may expose you to abuse complaints. See https://www.torproject.org/faq.html.en#ExitPolicies for more info. You can specify which services Tor users may access via your exit relay using exitPolicy option.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/security/tor.nix>
services.tor.relay.nickname

A unique handle for your TOR relay.

Type: "string"

Default: "anonymous"

Declared by:

<nixpkgs/nixos/modules/services/security/tor.nix>
services.tor.relay.portSpec

What port to advertise for Tor connections. This corresponds to the ORPort section in the Tor manual; see man tor for more details. At a minimum, you should just specify the port for the relay to listen on; a common one like 143, 22, 80, or 443 to help Tor users who may have very restrictive port-based firewalls.

Type: "string"

Example: "143"

Declared by:

<nixpkgs/nixos/modules/services/security/tor.nix>
services.tor.torsocks.allowInbound

Set Torsocks to accept inbound connections. If set to true, listen() and accept() will be allowed to be used with non localhost address.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/security/torsocks.nix>
services.tor.torsocks.enable

Whether to build /etc/tor/torsocks.conf containing the specified global torsocks configuration.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/security/torsocks.nix>
services.tor.torsocks.fasterServer

IP/Port of the Tor SOCKS server for torsocks-faster wrapper suitable for HTTP. Currently, hostnames are NOT supported by torsocks.

Type: "string"

Default: "127.0.0.1:9063"

Example: "192.168.0.20:1234"

Declared by:

<nixpkgs/nixos/modules/services/security/torsocks.nix>
services.tor.torsocks.onionAddrRange

Tor hidden sites do not have real IP addresses. This specifies what range of IP addresses will be handed to the application as "cookies" for .onion names. Of course, you should pick a block of addresses which you aren't going to ever need to actually connect to. This is similar to the MapAddress feature of the main tor daemon.

Type: "string"

Default: "127.42.42.0/24"

Declared by:

<nixpkgs/nixos/modules/services/security/torsocks.nix>
services.tor.torsocks.server

IP/Port of the Tor SOCKS server. Currently, hostnames are NOT supported by torsocks.

Type: "string"

Default: "127.0.0.1:9050"

Example: "192.168.0.20:1234"

Declared by:

<nixpkgs/nixos/modules/services/security/torsocks.nix>
services.tor.torsocks.socks5Password

SOCKS5 password. The TORSOCKS_PASSWORD environment variable overrides this option if it is set.

Type: "null or string"

Default: null

Example: "sekret"

Declared by:

<nixpkgs/nixos/modules/services/security/torsocks.nix>
services.tor.torsocks.socks5Username

SOCKS5 username. The TORSOCKS_USERNAME environment variable overrides this option if it is set.

Type: "null or string"

Default: null

Example: "bob"

Declared by:

<nixpkgs/nixos/modules/services/security/torsocks.nix>
services.tor.tsocks.config

Extra configuration. Contents will be added verbatim to TSocks configuration file.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/security/torify.nix>
services.tor.tsocks.enable

Whether to build tsocks wrapper script to relay application traffic via TOR.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/security/torify.nix>
services.tor.tsocks.server

IP address of TOR client to use.

Type: "unspecified"

Default: "localhost:9050"

Example: "192.168.0.20"

Declared by:

<nixpkgs/nixos/modules/services/security/torify.nix>
services.torque.mom.enable

Whether to enable torque computing node.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/computing/torque/mom.nix>
services.torque.mom.serverNode

Hostname running pbs server.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/computing/torque/mom.nix>
services.torque.server.enable

Whether to enable torque server.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/computing/torque/server.nix>
services.toxBootstrapd.enable

Whether to enable the Tox DHT bootstrap daemon.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/tox-bootstrapd.nix>
services.toxBootstrapd.extraConfig

Configuration for bootstrap daemon. See https://github.com/irungentoo/toxcore/blob/master/other/bootstrap_daemon/tox-bootstrapd.conf and http://wiki.tox.im/Nodes.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/tox-bootstrapd.nix>
services.toxBootstrapd.keysFile

Node key file.

Type: "string"

Default: "/var/lib/tox-bootstrapd/keys"

Declared by:

<nixpkgs/nixos/modules/services/networking/tox-bootstrapd.nix>
services.toxBootstrapd.port

Listening port (UDP).

Type: "integer"

Default: 33445

Declared by:

<nixpkgs/nixos/modules/services/networking/tox-bootstrapd.nix>
services.transmission.enable

Whether or not to enable the headless Transmission BitTorrent daemon. Transmission daemon can be controlled via the RPC interface using transmission-remote or the WebUI (http://localhost:9091/ by default). Torrents are downloaded to /var/lib/transmission/Downloads/ by default and are accessible to users in the "transmission" group.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/torrent/transmission.nix>
services.transmission.port

TCP port number to run the RPC/web interface.

Type: "integer"

Default: 9091

Declared by:

<nixpkgs/nixos/modules/services/torrent/transmission.nix>
services.transmission.settings

Attribute set whos fields overwrites fields in settings.json (each time the service starts). String values must be quoted, integer and boolean values must not. See https://trac.transmissionbt.com/wiki/EditConfigFiles for documentation.

Type: "attribute set"

Default: { download-dir = "/var/lib/transmission/Downloads"; incomplete-dir = "/var/lib/transmission/.incomplete"; incomplete-dir-enabled = true; }

Example: { download-dir = "/srv/torrents/"; incomplete-dir = "/srv/torrents/.incomplete/"; incomplete-dir-enabled = true; rpc-whitelist = "127.0.0.1,192.168.*.*"; }

Declared by:

<nixpkgs/nixos/modules/services/torrent/transmission.nix>
services.u9fs.enable

Whether to run the u9fs 9P server for Unix.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/u9fs.nix>
services.u9fs.extraArgs

Extra arguments to pass on invocation, see man 4 u9fs

Type: "string"

Default: ""

Example: "-a none -u nobody"

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/u9fs.nix>
services.u9fs.fsroot

File system root to serve to clients.

Type: "path"

Default: "/"

Example: "/srv"

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/u9fs.nix>
services.u9fs.listenStreams

Sockets to listen for clients on. See man 5 systemd.socket for socket syntax.

Type: "list of strings"

Default: [ "564" ]

Example: [ "192.168.16.1:564" ]

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/u9fs.nix>
services.udev.extraRules

Additional udev rules. They'll be written into file 10-local.rules. Thus they are read before all other rules.

Type: "string"

Default: ""

Example:

''
KERNEL=="eth*", ATTR{address}=="00:1D:60:B9:6D:4F", NAME="my_fast_network_card"
''

Declared by:

<nixpkgs/nixos/modules/services/hardware/udev.nix>
services.udev.packages

List of packages containing udev rules. All files found in pkg/etc/udev/rules.d and pkg/lib/udev/rules.d will be included.

Type: "list of paths"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/hardware/udev.nix>
services.udev.path

Packages added to the PATH environment variable when executing programs from Udev rules.

Type: "list of paths"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/hardware/udev.nix>
services.udisks2.enable

Whether to enable Udisks, a DBus service that allows applications to query and manipulate storage devices.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/udisks2.nix>
services.uhub.aclConfig

Contents of user ACL configuration file.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/misc/uhub.nix>
services.uhub.address

Address to bind the hub to.

Type: "string"

Default: "any"

Declared by:

<nixpkgs/nixos/modules/services/misc/uhub.nix>
services.uhub.enable

Whether to enable the uhub ADC hub.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/uhub.nix>
services.uhub.enableTLS

Whether to enable TLS support.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/uhub.nix>
services.uhub.hubConfig

Contents of uhub configuration file.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/misc/uhub.nix>
services.uhub.plugins.authSqlite.enable

Whether to enable the Sqlite authentication database plugin

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/uhub.nix>
services.uhub.plugins.authSqlite.file

Path to user database. Use the uhub-passwd utility to create the database and add/remove users.

Type: "string"

Example: "/var/db/uhub-users"

Declared by:

<nixpkgs/nixos/modules/services/misc/uhub.nix>
services.uhub.plugins.history.connect

The number of chat history messages to send when users connect (0 = do not send any history).

Type: "integer"

Default: 5

Declared by:

<nixpkgs/nixos/modules/services/misc/uhub.nix>
services.uhub.plugins.history.default

When !history is provided without arguments, then this default number of messages are returned.

Type: "integer"

Default: 10

Declared by:

<nixpkgs/nixos/modules/services/misc/uhub.nix>
services.uhub.plugins.history.enable

Whether to enable the history plugin.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/uhub.nix>
services.uhub.plugins.history.max

The maximum number of messages to keep in history

Type: "integer"

Default: 200

Declared by:

<nixpkgs/nixos/modules/services/misc/uhub.nix>
services.uhub.plugins.logging.enable

Whether to enable the logging plugin.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/uhub.nix>
services.uhub.plugins.logging.file

Path of log file.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/misc/uhub.nix>
services.uhub.plugins.logging.syslog

If true then the system log is used instead of writing to file.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/uhub.nix>
services.uhub.plugins.welcome.enable

Whether to enable the welcome plugin.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/uhub.nix>
services.uhub.plugins.welcome.motd

Welcome message displayed to clients after connecting and with the !motd command.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/misc/uhub.nix>
services.uhub.plugins.welcome.rules

Rules message, displayed to clients with the !rules command.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/misc/uhub.nix>
services.uhub.port

TCP port to bind the hub to.

Type: "integer"

Default: 1511

Declared by:

<nixpkgs/nixos/modules/services/misc/uhub.nix>
services.unbound.allowedAccess

What networks are allowed to use unbound as a resolver.

Type: "unspecified"

Default: [ "127.0.0.0/24" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/unbound.nix>
services.unbound.enable

Whether to enable the Unbound domain name server.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/unbound.nix>
services.unbound.extraConfig

Extra lines of unbound config.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/unbound.nix>
services.unbound.forwardAddresses

What servers to forward queries to.

Type: "unspecified"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/unbound.nix>
services.unbound.interfaces

What addresses the server should listen on.

Type: "unspecified"

Default: [ "127.0.0.1" "::1" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/unbound.nix>
services.unclutter.arguments

Arguments to pass to unclutter command

Type: "string"

Default: "-idle 1"

Declared by:

<nixpkgs/nixos/modules/services/x11/unclutter.nix>
services.unclutter.enable

Enable unclutter to hide your mouse cursor when inactive

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/unclutter.nix>
services.unifi.enable

Whether or not to enable the unifi controller service.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/unifi.nix>
services.upower.enable

Whether to enable Upower, a DBus service that provides power management support to applications.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/upower.nix>
services.uptime.configFile

The uptime configuration file If mongodb: server != localhost, please set usesRemoteMongo = true If you only want to run the monitor, please set enableWebService = false and enableSeparateMonitoringService = true If autoStartMonitor: false (recommended) and you want to run both services, please set enableSeparateMonitoringService = true

Type: "null or path"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
services.uptime.enableSeparateMonitoringService

Whether to enable the uptime monitoring service.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
services.uptime.enableWebService

Whether to enable the uptime monitoring program web service.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
services.uptime.nodeEnv

The node environment to run in (development, production, etc.)

Type: "string"

Default: "production"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
services.uptime.usesRemoteMongo

Whether the configuration file specifies a remote mongo instance

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
services.uptimed.enable

Uptimed allows you to track your highest uptimes.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/system/uptimed.nix>
services.uwsgi.enable

Enable uWSGI

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/web-servers/uwsgi.nix>
services.uwsgi.instance

uWSGI configuration. This awaits either a path to file or a set which will be made into one. If given a set, it awaits an attribute type which can be either normal or emperor. For normal mode you can specify python2Packages and python3Packages as functions from libraries set into lists of libraries. For emperor mode, you should use vassals attribute which should be either a set of names and configurations or a path to a directory.

Type: "attribute set"

Default: { type = "normal"; }

Example:

{
  type = "emperor";
  vassals = {
    moin = {
      type = "normal";
      python2Packages = self: with self; [ moinmoin ];
      socket = "/run/uwsgi.sock";
    };
  };
}

Declared by:

<nixpkgs/nixos/modules/services/web-servers/uwsgi.nix>
services.uwsgi.plugins

Plugins used with uWSGI

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/web-servers/uwsgi.nix>
services.varnish.config

Verbatim default.vcl configuration.

Type: "unspecified"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
services.varnish.enable

Enable the Varnish Server.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
services.varnish.http_address

HTTP listen address and port.

Type: "unspecified"

Default: "*:6081"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
services.varnish.stateDir

Directory holding all state for Varnish to run.

Type: "unspecified"

Default: "/var/spool/varnish"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
services.venus.cacheDirectory

Where cached feeds are stored.

Type: "path"

Default: "/var/cache/venus"

Declared by:

<nixpkgs/nixos/modules/programs/venus.nix>
services.venus.dates

Specification (in the format described by systemd.time(5)) of the time at which the Venus will collect feeds.

Type: "string"

Default: "*:0/15"

Declared by:

<nixpkgs/nixos/modules/programs/venus.nix>
services.venus.enable

Planet Venus is an awesome ‘river of news’ feed reader. It downloads news feeds published by web sites and aggregates their content together into a single combined feed, latest news first.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/programs/venus.nix>
services.venus.feeds

List of feeds.

Type: "unspecified"

Default: [ ]

Example: [ { feedUrl = "http://url/to/rss/feed.xml"; homepageUrl = "http://garbas.si"; name = "Rok Garbas"; } ]

Declared by:

<nixpkgs/nixos/modules/programs/venus.nix>
services.venus.group

Group for running venus script.

Type: "string"

Default: "root"

Declared by:

<nixpkgs/nixos/modules/programs/venus.nix>
services.venus.itemsPerPage

How many items to put on each page.

Type: "integer"

Default: 15

Declared by:

<nixpkgs/nixos/modules/programs/venus.nix>
services.venus.link

Link to the main page.

Type: "string"

Default: "http://planet.nixos.org"

Declared by:

<nixpkgs/nixos/modules/programs/venus.nix>
services.venus.name

Your planet's name.

Type: "string"

Default: "NixOS Planet"

Declared by:

<nixpkgs/nixos/modules/programs/venus.nix>
services.venus.outputDirectory

Directory to place output files.

Type: "path"

Declared by:

<nixpkgs/nixos/modules/programs/venus.nix>
services.venus.outputTheme

Directory containing a config.ini file which is merged with this one. This is typically used to specify templating and bill of material information.

Type: "path"

Default: "/nix/store/xsy9kfhfdf6c1z4fc90ggqqxs6wrscj6-venus-9de21094a8cf565bdfcf75688e121a5ad1f5397b/themes/classic_fancy"

Declared by:

<nixpkgs/nixos/modules/programs/venus.nix>
services.venus.ownerEmail

Your e-mail address.

Type: "string"

Default: "some@example.com"

Declared by:

<nixpkgs/nixos/modules/programs/venus.nix>
services.venus.ownerName

Your name.

Type: "string"

Default: "Rok Garbas"

Declared by:

<nixpkgs/nixos/modules/programs/venus.nix>
services.venus.user

User for running venus script.

Type: "string"

Default: "root"

Declared by:

<nixpkgs/nixos/modules/programs/venus.nix>
services.virtualboxGuest.enable

Whether to enable the VirtualBox service and other guest additions.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>
services.virtualboxHost.addNetworkInterface

Automatically set up a vboxnet0 host-only network interface.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/programs/virtualbox-host.nix>
services.virtualboxHost.enable

Whether to enable host-side support for VirtualBox.

Note

In order to pass USB devices from the host to the guests, the user needs to be in the vboxusers group.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/programs/virtualbox-host.nix>
services.virtualboxHost.enableHardening

Enable hardened VirtualBox, which ensures that only the binaries in the system path get access to the devices exposed by the kernel modules instead of all users in the vboxusers group.

Important

Disabling this can put your system's security at risk, as local users in the vboxusers group can tamper with the VirtualBox device files.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/programs/virtualbox-host.nix>
services.virtuoso.config

Extra options to put into Virtuoso configuration file.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/databases/virtuoso.nix>
services.virtuoso.dirsAllowed

A list of directories Virtuoso is allowed to access

Type: "unspecified"

Default: null

Example: "/www, /home/"

Declared by:

<nixpkgs/nixos/modules/services/databases/virtuoso.nix>
services.virtuoso.enable

Whether to enable Virtuoso Opensource database server.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/databases/virtuoso.nix>
services.virtuoso.httpListenAddress

ip:port or port for Virtuoso HTTP server to listen on.

Type: "unspecified"

Default: null

Example: "myserver:8080"

Declared by:

<nixpkgs/nixos/modules/services/databases/virtuoso.nix>
services.virtuoso.listenAddress

ip:port or port to listen on.

Type: "unspecified"

Default: "1111"

Example: "myserver:1323"

Declared by:

<nixpkgs/nixos/modules/services/databases/virtuoso.nix>
services.virtuoso.parameters

Extra options to put into [Parameters] section of Virtuoso configuration file.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/databases/virtuoso.nix>
services.vsftpd.anonymousMkdirEnable

Whether any uploads are permitted to anonymous users.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
services.vsftpd.anonymousUmask

Anonymous write umask.

Type: "string"

Default: "077"

Example: "002"

Declared by:

<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
services.vsftpd.anonymousUploadEnable

Whether any uploads are permitted to anonymous users.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
services.vsftpd.anonymousUser

Whether to enable the anonymous FTP user.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
services.vsftpd.anonymousUserHome

Directory to consider the HOME of the anonymous user.

Type: "path"

Default: "/home/ftp/"

Declared by:

<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
services.vsftpd.chrootlocalUser

Whether local users are confined to their home directory.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
services.vsftpd.enable

Whether to enable the vsftpd FTP server.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
services.vsftpd.forceLocalDataSSL

Only applies if sslEnable is true. Non anonymous (local) users must use a secure SSL connection for sending/receiving data on data connection.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
services.vsftpd.forceLocalLoginsSSL

Only applies if sslEnable is true. Non anonymous (local) users must use a secure SSL connection to send a password.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
services.vsftpd.localUsers

Whether to enable FTP for local users.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
services.vsftpd.portPromiscuous

Set to YES if you want to disable the PORT security check that ensures that outgoing data connections can only connect to the client. Only enable if you know what you are doing!

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
services.vsftpd.rsaCertFile

RSA certificate file.

Type: "null or path"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
services.vsftpd.ssl_sslv2

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
services.vsftpd.ssl_sslv3

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
services.vsftpd.ssl_tlsv1

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
services.vsftpd.userlist

See userlistFile.

Type: "unspecified"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
services.vsftpd.userlistDeny

Specifies whether userlistFile is a list of user names to allow or deny access. The default false means whitelist/allow.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
services.vsftpd.userlistEnable

Whether users are included.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
services.vsftpd.userlistFile

Newline separated list of names to be allowed/denied if userlistEnable is true. Meaning see userlistDeny. The default is a file containing the users from userlist. If explicitely set to null userlist_file will not be set in vsftpd's config file.

Type: "unspecified"

Default: (build of userlist)

Declared by:

<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
services.vsftpd.writeEnable

Whether any write activity is permitted to users.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
services.wakeonlan.interfaces

Interfaces where to enable Wake-On-LAN, and how. Two methods available: "magickey" and "password". The password has the shape of six bytes in hexadecimal separated by a colon each. For more information, check the ethtool manual.

Type: "unspecified"

Default: [ ]

Example: [ { interface = "eth0"; method = "password"; password = "00:11:22:33:44:55"; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/wakeonlan.nix>
services.winstone

Defines independent Winstone services, each serving one WAR-file.

Type: "attribute set of submodules"

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/web-servers/winstone.nix>
services.winstone.<name>.extraJavaOptions

Extra command line options given to the java process running Winstone.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/web-servers/winstone.nix>
services.winstone.<name>.extraOptions

Extra command line options given to the Winstone process.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/web-servers/winstone.nix>
services.winstone.<name>.group

The group that will own the working directory.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/winstone.nix>
services.winstone.<name>.serviceName

The name of the systemd service. By default, it is derived from the winstone instance name.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/winstone.nix>
services.winstone.<name>.user

The user that should run this Winstone process and own the working directory.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/winstone.nix>
services.winstone.<name>.warFile

The WAR file that Winstone should serve.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/winstone.nix>
services.winstone.<name>.workDir

The working directory for this Winstone instance. Will contain extracted webapps etc. The directory will be created if it doesn't exist.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/winstone.nix>
services.xfs.enable

Whether to enable the X Font Server.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/xfs.nix>
services.xinetd.enable

Whether to enable the xinetd super-server daemon.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/xinetd.nix>
services.xinetd.extraDefaults

Additional configuration lines added to the default section of xinetd's configuration.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/xinetd.nix>
services.xinetd.services

A list of services provided by xinetd.

Type: "list of submodules"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/xinetd.nix>
services.xinetd.services.*.extraConfig

Extra configuration-lines added to the section of the service.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/xinetd.nix>
services.xinetd.services.*.flags

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/xinetd.nix>
services.xinetd.services.*.name

Name of the service.

Type: "string"

Example: "login"

Declared by:

<nixpkgs/nixos/modules/services/networking/xinetd.nix>
services.xinetd.services.*.port

Port number of the service.

Type: "integer"

Default: 0

Example: 123

Declared by:

<nixpkgs/nixos/modules/services/networking/xinetd.nix>
services.xinetd.services.*.protocol

Protocol of the service. Usually tcp or udp.

Type: "string"

Default: "tcp"

Declared by:

<nixpkgs/nixos/modules/services/networking/xinetd.nix>
services.xinetd.services.*.server

Path of the program that implements the service.

Type: "string"

Example: "/foo/bin/ftpd"

Declared by:

<nixpkgs/nixos/modules/services/networking/xinetd.nix>
services.xinetd.services.*.serverArgs

Command-line arguments for the server program.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/xinetd.nix>
services.xinetd.services.*.unlisted

Whether this server is listed in /etc/services. If so, the port number can be omitted.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/xinetd.nix>
services.xinetd.services.*.user

User account for the service

Type: "string"

Default: "nobody"

Declared by:

<nixpkgs/nixos/modules/services/networking/xinetd.nix>
services.xserver.autorun

Whether to start the X server automatically.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.config

The contents of the configuration file of the X server (xorg.conf).

Type: "string"

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.defaultDepth

Default colour depth.

Type: "integer"

Default: 0

Example: 8

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.desktopManager.default

Default desktop manager loaded if none have been chosen.

Type: "string"

Default: ""

Example: "none"

Declared by:

<nixpkgs/nixos/modules/services/x11/desktop-managers/default.nix>
services.xserver.desktopManager.e19.enable

Enable the E19 desktop environment.

Type: "unspecified"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/desktop-managers/e19.nix>
services.xserver.desktopManager.gnome3.enable

Enable Gnome 3 desktop manager.

Type: "unspecified"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix>
services.xserver.desktopManager.gnome3.sessionPath

Additional list of packages to be added to the session search path. Useful for gnome shell extensions or gsettings-conditionated autostart.

Type: "unspecified"

Default: [ ]

Example:

[ pkgs.gnome3.gpaste ]

Declared by:

<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix>
services.xserver.desktopManager.kde4.enable

Enable the KDE 4 desktop environment.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/desktop-managers/kde4.nix>
services.xserver.desktopManager.kde4.phononBackends

Which phonon multimedia backend kde should use

Type: "list of strings"

Default: [ "gstreamer" ]

Example: [ "gstreamer" "vlc" ]

Declared by:

<nixpkgs/nixos/modules/services/x11/desktop-managers/kde4.nix>
services.xserver.desktopManager.kde5.enable

Enable the Plasma 5 (KDE 5) desktop environment.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/desktop-managers/kde5.nix>
services.xserver.desktopManager.kde5.phononBackends

Phonon backends to use in KDE. Only the VLC and GStreamer backends are available. The GStreamer backend is preferred by upstream.

Type: "list of strings"

Default: [ "gstreamer" ]

Example: [ "gstreamer" "vlc" ]

Declared by:

<nixpkgs/nixos/modules/services/x11/desktop-managers/kde5.nix>
services.xserver.desktopManager.kodi.enable

Enable the kodi multimedia center.

Type: "unspecified"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/desktop-managers/kodi.nix>
services.xserver.desktopManager.xfce.enable

Enable the Xfce desktop environment.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix>
services.xserver.desktopManager.xterm.enable

Enable a xterm terminal as a desktop manager.

Type: "unspecified"

Default: true

Example: false

Declared by:

<nixpkgs/nixos/modules/services/x11/desktop-managers/xterm.nix>
services.xserver.deviceSection

Contents of the first Device section of the X server configuration file.

Type: "string"

Default: ""

Example: "VideoRAM 131072"

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.display

Display number for the X server.

Type: "integer"

Default: 0

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.displayManager.auto.enable

Whether to enable the fake "auto" display manager, which automatically logs in the user specified in the user option. This is mostly useful for automated tests.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/auto.nix>
services.xserver.displayManager.auto.user

The user account to login automatically.

Type: "unspecified"

Default: "root"

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/auto.nix>
services.xserver.displayManager.desktopManagerHandlesLidAndPower

Whether the display manager should prevent systemd from handling lid and power events. This is normally handled by the desktop environment's power manager. Turn this off when using a minimal X11 setup without a full power manager.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
services.xserver.displayManager.gdm.enable

Whether to enable GDM as the display manager. GDM is very experimental and may render system unusable.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix>
services.xserver.displayManager.hiddenUsers

A list of users which will not be shown in the display manager.

Type: "list of strings"

Default: [ "nobody" ]

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
services.xserver.displayManager.job.environment

Additional environment variables needed by the display manager.

Type: "attribute set of unspecifieds"

Default: { }

Example: { SLIM_CFGFILE = "/etc/slim.conf"; }

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
services.xserver.displayManager.job.execCmd

Command to start the display manager.

Type: "string"

Example:

"${pkgs.slim}/bin/slim"

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
services.xserver.displayManager.job.logsXsession

Whether the display manager redirects the output of the session script to ~/.xsession-errors.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
services.xserver.displayManager.job.preStart

Script executed before the display manager is started.

Type: "string"

Default: ""

Example: "rm -f /var/log/my-display-manager.log"

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
services.xserver.displayManager.kdm.enable

Whether to enable the KDE display manager.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/kdm.nix>
services.xserver.displayManager.kdm.enableXDMCP

Whether to enable XDMCP, which allows remote logins.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/kdm.nix>
services.xserver.displayManager.kdm.extraConfig

Options appended to kdmrc, the configuration file of KDM.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/kdm.nix>
services.xserver.displayManager.kdm.setupScript

The path to a KDM setup script. This script is run as root just before KDM starts. Can be used for setting up monitors with xrandr, for example.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/kdm.nix>
services.xserver.displayManager.kdm.themeDirectory

The path to a KDM theme directory. This theme will be used by the KDM greeter.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/kdm.nix>
services.xserver.displayManager.lightdm.background

The background image or color to use.

Type: "unspecified"

Default: "/nix/store/ccskk7d9kh1j93ydiwq70s9gjdb3bbgv-nixos-artwork-e71b684/gnome/Gnome_Dark.png"

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
services.xserver.displayManager.lightdm.enable

Whether to enable lightdm as the display manager.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
services.xserver.displayManager.lightdm.greeter

The LightDM greeter to login via. The package should be a directory containing a .desktop file matching the name in the 'name' option.

Type: "unspecified"

Default: { name = "lightdm-gtk-greeter"; package = (build of lightdm-gtk-greeter); }

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
services.xserver.displayManager.sddm.enable

Whether to enable sddm as the display manager.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
services.xserver.displayManager.sddm.theme

Greeter theme to use.

Type: "string"

Default: "maui"

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
services.xserver.displayManager.session

List of sessions supported with the command used to start each session. Each session script can set the waitPID shell variable to make this script wait until the end of the user session. Each script is used to define either a windows manager or a desktop manager. These can be differentiated by setting the attribute manage either to "window" or "desktop". The list of desktop manager and window manager should appear inside the display manager with the desktop manager name followed by the window manager name.

Type: "unspecified"

Default: [ ]

Example:

[ { manage = "desktop";
    name = "xterm";
    start = ''
      ${pkgs.xterm}/bin/xterm -ls &
      waitPID=$!
    '';
  }
]

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
services.xserver.displayManager.sessionCommands

Shell commands executed just before the window or desktop manager is started.

Type: "string"

Default: ""

Example:

''
xmessage "Hello World!" &
''

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
services.xserver.displayManager.slim.autoLogin

Automatically log in as the default user.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/slim.nix>
services.xserver.displayManager.slim.defaultUser

The default user to load. If you put a username here you get it automatically loaded into the username field, and the focus is placed on the password.

Type: "null or string"

Default: null

Example: "login"

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/slim.nix>
services.xserver.displayManager.slim.enable

Whether to enable SLiM as the display manager.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/slim.nix>
services.xserver.displayManager.slim.extraConfig

Extra configuration options for SLiM login manager. Do not add options that can be configured directly.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/slim.nix>
services.xserver.displayManager.slim.theme

The theme for the SLiM login manager. If not specified, SLiM's default theme is used. See http://slim.berlios.de/themes01.php for a collection of themes. TODO: berlios shut down.

Type: "null or path"

Default: null

Example:

pkgs.fetchurl {
  url = "mirror://sourceforge/slim.berlios/slim-wave.tar.gz";
  sha256 = "0ndr419i5myzcylvxb89m9grl2xyq6fbnyc3lkd711mzlmnnfxdy";
}

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/slim.nix>
services.xserver.displayManager.xserverArgs

List of arguments for the X server.

Type: "list of strings"

Default: [ ]

Example: [ "-ac" "-logverbose" "-verbose" "-nolisten tcp" ]

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
services.xserver.displayManager.xserverBin

Path to the X server used by display managers.

Type: "path"

Declared by:

<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
services.xserver.enable

Whether to enable the X server.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.enableTCP

Whether to allow the X server to accept TCP connections.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.exportConfiguration

Whether to symlink the X server configuration under /etc/X11/xorg.conf.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.extraDisplaySettings

Lines to be added to every Display subsection of the Screen section.

Type: "string"

Default: ""

Example: "Virtual 2048 2048"

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.layout

Keyboard layout.

Type: "string"

Default: "us"

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.moduleSection

Contents of the Module section of the X server configuration file.

Type: "string"

Default: ""

Example:

''
SubSection "extmod"
EndSubsection
''

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.modules

Packages to be added to the module search path of the X server.

Type: "list of paths"

Default: [ ]

Example:

[ pkgs.xf86_input_wacom ]

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.monitorSection

Contents of the first Monitor section of the X server configuration file.

Type: "string"

Default: ""

Example: "HorizSync 28-49"

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.multitouch.additionalOptions

Additional options for mtrack touchpad driver.

Type: "string"

Default: ""

Example:

''
Option "ScaleDistance" "50"
Option "RotateDistance" "60"
''

Declared by:

<nixpkgs/nixos/modules/services/x11/hardware/multitouch.nix>
services.xserver.multitouch.buttonsMap

Remap touchpad buttons.

Type: "list of integers"

Default: [ 3 2 0 ]

Example: [ 1 3 2 ]

Declared by:

<nixpkgs/nixos/modules/services/x11/hardware/multitouch.nix>
services.xserver.multitouch.enable

Whether to enable multitouch touchpad support.

Type: "unspecified"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/hardware/multitouch.nix>
services.xserver.multitouch.ignorePalm

Whether to ignore touches detected as being the palm (i.e when typing)

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/hardware/multitouch.nix>
services.xserver.multitouch.invertScroll

Whether to invert scrolling direction à la OSX Lion

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/hardware/multitouch.nix>
services.xserver.multitouch.tapButtons

Whether to enable tap buttons.

Type: "boolean"

Default: true

Example: false

Declared by:

<nixpkgs/nixos/modules/services/x11/hardware/multitouch.nix>
services.xserver.resolutions

The screen resolutions for the X server. The first element is the default resolution. If this list is empty, the X server will automatically configure the resolution.

Type: "list of attribute sets"

Default: [ ]

Example: [ { x = 1600; y = 1200; } { x = 1024; y = 786; } ]

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.screenSection

Contents of the first Screen section of the X server configuration file.

Type: "string"

Default: ""

Example:

''
Option "RandRRotation" "on"
''

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.serverFlagsSection

Contents of the ServerFlags section of the X server configuration file.

Type: "unspecified"

Default: ""

Example:

''
Option "BlankTime" "0"
Option "StandbyTime" "0"
Option "SuspendTime" "0"
Option "OffTime" "0"
''

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.serverLayoutSection

Contents of the ServerLayout section of the X server configuration file.

Type: "string"

Default: ""

Example:

''
Option "AIGLX" "true"
''

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.startGnuPGAgent

Whether to start the GnuPG agent when you log in. The GnuPG agent remembers private keys for you so that you don't have to type in passphrases every time you make an SSH connection or sign/encrypt data. Use ssh-add to add a key to the agent.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.synaptics.accelFactor

Cursor acceleration (how fast speed increases from minSpeed to maxSpeed).

Type: "null or string"

Default: "0.001"

Declared by:

<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
services.xserver.synaptics.additionalOptions

Additional options for synaptics touchpad driver.

Type: "string"

Default: ""

Example:

''
Option "RTCornerButton" "2"
Option "RBCornerButton" "3"
''

Declared by:

<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
services.xserver.synaptics.buttonsMap

Remap touchpad buttons.

Type: "list of integers"

Default: [ 1 2 3 ]

Example: [ 1 3 2 ]

Declared by:

<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
services.xserver.synaptics.dev

Path for touchpad device. Set to null to apply to any auto-detected touchpad.

Type: "null or string"

Default: null

Example: "/dev/input/event0"

Declared by:

<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
services.xserver.synaptics.enable

Whether to enable touchpad support.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
services.xserver.synaptics.fingersMap

Remap several-fingers taps.

Type: "list of integers"

Default: [ 1 2 3 ]

Example: [ 1 3 2 ]

Declared by:

<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
services.xserver.synaptics.horizontalScroll

Whether to enable horizontal scrolling (on touchpad)

Type: "boolean"

Default: true

Example: false

Declared by:

<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
services.xserver.synaptics.maxSpeed

Cursor speed factor for highest-speed finger motion.

Type: "null or string"

Default: "1.0"

Declared by:

<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
services.xserver.synaptics.minSpeed

Cursor speed factor for precision finger motion.

Type: "null or string"

Default: "0.6"

Declared by:

<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
services.xserver.synaptics.palmDetect

Whether to enable palm detection (hardware support required)

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
services.xserver.synaptics.tapButtons

Whether to enable tap buttons.

Type: "boolean"

Default: true

Example: false

Declared by:

<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
services.xserver.synaptics.twoFingerScroll

Whether to enable two-finger drag-scrolling.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
services.xserver.synaptics.vertEdgeScroll

Whether to enable vertical edge drag-scrolling.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
services.xserver.tty

Virtual console for the X server.

Type: "integer"

Default: 7

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.useGlamor

Whether to use the Glamor module for 2D acceleration, if possible.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.useXFS

Determines how to connect to the X Font Server.

Type: "unspecified"

Default: false

Example: "unix/:7100"

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.vaapiDrivers

Packages providing libva acceleration drivers.

Type: "list of paths"

Default: [ ]

Example:

[ pkgs.vaapiIntel pkgs.vaapiVdpau ]

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.videoDriver

The name of the video driver for your graphics card. This option is obsolete; please set the services.xserver.videoDrivers instead.

Type: "null or string"

Default: null

Example: "i810"

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.videoDrivers

The names of the video drivers the configuration supports. They will be tried in order until one that supports your card is found.

Type: "list of strings"

Default: [ "ati" "cirrus" "intel" "vesa" "vmware" "modesetting" ]

Example: [ "vesa" ]

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.virtualScreen

Virtual screen size for Xrandr.

Type: "null or attribute set"

Default: null

Example: { x = 2048; y = 2048; }

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.wacom.enable

Whether to enable the Wacom touchscreen/digitizer/tablet. If you ever have any issues such as, try switching to terminal (ctrl-alt-F1) and back which will make Xorg reconfigure the device ? If you're not satisfied by the default behaviour you can override environment.etc."X11/xorg.conf.d/50-wacom.conf" in configuration.nix easily.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/hardware/wacom.nix>
services.xserver.windowManager.afterstep.enable

Enable the Afterstep window manager.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/afterstep.nix>
services.xserver.windowManager.awesome.enable

Whether to enable Awesome window manager.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/awesome.nix>
services.xserver.windowManager.awesome.luaModules

List of lua packages available for being used in the Awesome configuration.

Type: "list of derivations"

Default: [ ]

Example:

[ luaPackages.oocairo ]

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/awesome.nix>
services.xserver.windowManager.awesome.package

Package to use for running the Awesome WM.

Type: "null or derivation"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/awesome.nix>
services.xserver.windowManager.bspwm.enable

Enable the bspwm window manager.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/bspwm.nix>
services.xserver.windowManager.compiz.enable

Enable the Compiz window manager.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/compiz.nix>
services.xserver.windowManager.compiz.renderingFlag

Pass the --indirect-rendering flag to Compiz.

Type: "unspecified"

Default: ""

Example: "--indirect-rendering"

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/compiz.nix>
services.xserver.windowManager.default

Default window manager loaded if none have been chosen.

Type: "string"

Default: "none"

Example: "wmii"

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/default.nix>
services.xserver.windowManager.fluxbox.enable

Enable the Fluxbox window manager.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/fluxbox.nix>
services.xserver.windowManager.herbstluftwm.enable

Enable the herbstluftwm window manager.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/herbstluftwm.nix>
services.xserver.windowManager.i3.configFile

Path to the i3 configuration file. If left at the default value, $HOME/.i3/config will be used.

Type: "null or path"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/i3.nix>
services.xserver.windowManager.i3.enable

Enable the i3 tiling window manager.

Type: "unspecified"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/i3.nix>
services.xserver.windowManager.icewm.enable

Enable the IceWM window manager.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/icewm.nix>
services.xserver.windowManager.metacity.enable

Enable the metacity window manager.

Type: "unspecified"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/metacity.nix>
services.xserver.windowManager.openbox.enable

Enable the Openbox window manager.

Type: "unspecified"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/openbox.nix>
services.xserver.windowManager.ratpoison.enable

Enable the Ratpoison window manager.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/ratpoison.nix>
services.xserver.windowManager.sawfish.enable

Enable the Sawfish window manager.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/sawfish.nix>
services.xserver.windowManager.spectrwm.enable

Enable the spectrwm window manager.

Type: "unspecified"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/spectrwm.nix>
services.xserver.windowManager.stumpwm.enable

Enable the stumpwm tiling window manager.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/stumpwm.nix>
services.xserver.windowManager.twm.enable

Enable the twm window manager.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/twm.nix>
services.xserver.windowManager.windowmaker.enable

Enable the Windowmaker window manager.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/windowmaker.nix>
services.xserver.windowManager.wmii.enable

Enable the wmii window manager.

Type: "unspecified"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/wmii.nix>
services.xserver.windowManager.xmonad.enable

Enable the xmonad window manager.

Type: "unspecified"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
services.xserver.windowManager.xmonad.enableContribAndExtras

Enable xmonad-{contrib,extras} in Xmonad.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
services.xserver.windowManager.xmonad.extraPackages

Extra packages available to ghc when rebuilding Xmonad. The value must be a function which receives the attrset defined in haskellPackages as the sole argument.

Type: "unspecified"

Default: "<function>"

Example:

haskellPackages: [
  haskellPackages.xmonad-contrib
  haskellPackages.monad-logger
]

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
services.xserver.windowManager.xmonad.haskellPackages

haskellPackages used to build Xmonad and other packages. This can be used to change the GHC version used to build Xmonad and the packages listed in extraPackages.

Type: "unspecified"

Default: "pkgs.haskellngPackages"

Example:

pkgs.haskell-ng.packages.ghc784

Declared by:

<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
services.xserver.xkbModel

Keyboard model.

Type: "string"

Default: "pc104"

Example: "presario"

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.xkbOptions

X keyboard options; layout switching goes here.

Type: "string"

Default: "terminate:ctrl_alt_bksp"

Example: "grp:caps_toggle, grp_led:scroll"

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.xkbVariant

X keyboard variant.

Type: "string"

Default: ""

Example: "colemak"

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.xserver.xrandrHeads

Simple multiple monitor configuration, just specify a list of XRandR outputs which will be mapped from left to right in the order of the list. Be careful using this option with multiple graphic adapters or with drivers that have poor support for XRandR, unexpected things might happen with those.

Type: "list of strings"

Default: [ ]

Example: [ "HDMI-0" "DVI-0" ]

Declared by:

<nixpkgs/nixos/modules/services/x11/xserver.nix>
services.yandex-disk.directory

The directory to use for Yandex.Disk storage

Type: "unspecified"

Default: "/home/Yandex.Disk"

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix>
services.yandex-disk.enable

Whether to enable Yandex-disk client. See https://disk.yandex.ru/

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix>
services.yandex-disk.password

Your yandex.com password. Warning: it will be world-readable in /nix/store.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix>
services.yandex-disk.user

The user the yandex-disk daemon should run as.

Type: "unspecified"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix>
services.yandex-disk.username

Your yandex.com login name.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix>
services.zabbixAgent.enable

Whether to run the Zabbix monitoring agent on this machine. It will send monitoring data to a Zabbix server.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
services.zabbixAgent.extraConfig

Configuration that is injected verbatim into the configuration file.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
services.zabbixAgent.server

The IP address or hostname of the Zabbix server to connect to.

Type: "unspecified"

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
services.zabbixServer.dbPassword

Password used to connect to the database server.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
services.zabbixServer.dbServer

Hostname or IP address of the database server. Use an empty string ("") to use peer authentication.

Type: "string"

Default: "localhost"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
services.zabbixServer.enable

Whether to run the Zabbix server on this machine.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
services.zabbixServer.extraConfig

Configuration that is injected verbatim into the configuration file.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
services.zfs.autoSnapshot.daily

Number of daily auto-snapshots that you wish to keep.

Type: "integer"

Default: 7

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
services.zfs.autoSnapshot.enable

Enable the (OpenSolaris-compatible) ZFS auto-snapshotting service. Note that you must set the com.sun:auto-snapshot property to true on all datasets which you wish to auto-snapshot. You can override a child dataset to use, or not use auto-snapshotting by setting its flag with the given interval: zfs set com.sun:auto-snapshot:weekly=false DATASET

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
services.zfs.autoSnapshot.frequent

Number of frequent (15-minute) auto-snapshots that you wish to keep.

Type: "integer"

Default: 4

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
services.zfs.autoSnapshot.hourly

Number of hourly auto-snapshots that you wish to keep.

Type: "integer"

Default: 24

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
services.zfs.autoSnapshot.monthly

Number of monthly auto-snapshots that you wish to keep.

Type: "integer"

Default: 12

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
services.zfs.autoSnapshot.weekly

Number of weekly auto-snapshots that you wish to keep.

Type: "integer"

Default: 4

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
services.znc.confOptions.extraZncConf

Extra config to `znc.conf` file

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/znc.nix>
services.znc.confOptions.modules

A list of modules to include in the `znc.conf` file.

Type: "list of strings"

Default: [ "partyline" "webadmin" "adminlog" "log" ]

Example: [ "partyline" "webadmin" "adminlog" "log" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/znc.nix>
services.znc.confOptions.nick

The IRC nick to use when generating the `znc.conf` file.

Type: "string"

Default: "znc-user"

Example: "john"

Declared by:

<nixpkgs/nixos/modules/services/networking/znc.nix>
services.znc.confOptions.passBlock

The pass block to use when generating the `znc.conf` file. This is the password used by the user logging into the ZNC web admin. This is the block generated by the `znc --makepass` command. !!! If not specified, please change this after starting the service. !!!

Type: "string"

Default:

''

        <Pass password>
                Method = sha256
                Hash = e2ce303c7ea75c571d80d8540a8699b46535be6a085be3414947d638e48d9e93
                Salt = l5Xryew4g*!oa(ECfX2o
        </Pass>
  ''

Example: "Must be the block generated by the `znc --makepass` command."

Declared by:

<nixpkgs/nixos/modules/services/networking/znc.nix>
services.znc.confOptions.port

Specifies the port on which to listen.

Type: "integer"

Default: 5000

Example: 5000

Declared by:

<nixpkgs/nixos/modules/services/networking/znc.nix>
services.znc.confOptions.useSSL

Indicates whether the ZNC server should use SSL when listening on the specified port.

Type: "boolean"

Default: true

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/znc.nix>
services.znc.confOptions.userModules

A list of user modules to include in the `znc.conf` file.

Type: "list of strings"

Default: [ ]

Example: [ "fish" "push" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/znc.nix>
services.znc.confOptions.userName

The user name to use when generating the `znc.conf` file. This is the user name used by the user logging into the ZNC web admin.

Type: "string"

Default: "znc"

Example: "johntron"

Declared by:

<nixpkgs/nixos/modules/services/networking/znc.nix>
services.znc.dataDir

The data directory. Used for configuration files and modules.

Type: "path"

Default: "/var/lib/znc/"

Example: "/home/john/.znc/"

Declared by:

<nixpkgs/nixos/modules/services/networking/znc.nix>
services.znc.enable

Enable a ZNC service for a user.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/znc.nix>
services.znc.extraFlags

Extra flags to use when executing znc command.

Type: "list of strings"

Default: [ ]

Example: [ "--debug" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/znc.nix>
services.znc.modulePackages

A list of global znc module packages to add to znc.

Type: "list of derivations"

Default: [ ]

Example:

[ pkgs.zncModules.fish pkgs.zncModules.push ]

Declared by:

<nixpkgs/nixos/modules/services/networking/znc.nix>
services.znc.mutable

Indicates whether to allow the contents of the `dataDir` directory to be changed by the user at run-time. If true, modifications to the ZNC configuration after its initial creation are not overwritten by a NixOS system rebuild. If false, the ZNC configuration is rebuilt by every system rebuild. If the user wants to manage the ZNC service using the web admin interface, this value should be set to true.

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/znc.nix>
services.znc.user

The name of an existing user account to use to own the ZNC server process. If not specified, a default user will be created to own the process.

Type: "string"

Default: "znc"

Example: "john"

Declared by:

<nixpkgs/nixos/modules/services/networking/znc.nix>
services.znc.zncConf

The contents of the `znc.conf` file to use when creating it. If specified, `confOptions` will be ignored, and this value, as-is, will be used. If left empty, a conf file with default values will be used. Recommended to generate with `znc --makeconf` command.

Type: "string"

Default: ""

Example: "See: http://wiki.znc.in/Configuration"

Declared by:

<nixpkgs/nixos/modules/services/networking/znc.nix>
services.zookeeper.dataDir

Data directory for Zookeeper

Type: "path"

Default: "/var/lib/zookeeper"

Declared by:

<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
services.zookeeper.enable

Whether to enable Zookeeper.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
services.zookeeper.extraCmdLineOptions

Extra command line options for the Zookeeper launcher.

Type: "list of strings"

Default: [ "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.local.only=true" ]

Example: [ "-Djava.net.preferIPv4Stack=true" "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.local.only=true" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
services.zookeeper.extraConf

Extra configuration for Zookeeper.

Type: "string"

Default:

''
initLimit=5
syncLimit=2
tickTime=2000
''

Declared by:

<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
services.zookeeper.id

Zookeeper ID.

Type: "integer"

Default: 0

Declared by:

<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
services.zookeeper.logging

Zookeeper logging configuration.

Type: "string"

Default:

''
zookeeper.root.logger=INFO, CONSOLE
log4j.rootLogger=INFO, CONSOLE
log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
log4j.appender.CONSOLE.layout.ConversionPattern=[myid:%X{myid}] - %-5p [%t:%C{1}@%L] - %m%n
''

Declared by:

<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
services.zookeeper.port

Zookeeper Client port.

Type: "integer"

Default: 2181

Declared by:

<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
services.zookeeper.preferIPv4

Add the -Djava.net.preferIPv4Stack=true flag to the Zookeeper server.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
services.zookeeper.purgeInterval

The time interval in hours for which the purge task has to be triggered. Set to a positive integer (1 and above) to enable the auto purging.

Type: "integer"

Default: 1

Declared by:

<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
services.zookeeper.servers

All Zookeeper Servers.

Type: "string"

Default: ""

Example:

''
server.0=host0:2888:3888
server.1=host1:2888:3888
server.2=host2:2888:3888
''

Declared by:

<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
services.zope2.instances

zope2 instances to be created automaticaly by the system.

Type: "list or attribute set of submodules"

Default: { }

Example: { plone01 = { extra = "<zodb_db main>\n mount-point /\n cache-size 30000\n <blobstorage>\n blob-dir /var/lib/zope2/plone01/blobstorage\n <filestorage>\n path /var/lib/zope2/plone01/filestorage/Data.fs\n </filestorage>\n </blobstorage>\n</zodb_db>\n"; http_address = "127.0.0.1:8080"; } ; }

Declared by:

<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
services.zope2.instances.<name?>.clientHome

Home directory of zope2 instance.

Type: "string"

Default: "/var/lib/zope2/"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
services.zope2.instances.<name?>.extra

Extra zope.conf

Type: "string"

Default:

''
<zodb_db main>
  mount-point /
  cache-size 30000
  <blobstorage>
      blob-dir /var/lib/zope2//blobstorage
      <filestorage>
      path /var/lib/zope2//filestorage/Data.fs
      </filestorage>
  </blobstorage>
</zodb_db>
''

Declared by:

<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
services.zope2.instances.<name?>.http_address

Give a port and address for the HTTP server.

Type: "string"

Default: "localhost:8080"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
services.zope2.instances.<name?>.name

The name of the zope2 instance. If undefined, the name of the attribute set will be used.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
services.zope2.instances.<name?>.packages

The list of packages you want to make available to the zope2 instance.

Type: "list of derivations"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
services.zope2.instances.<name?>.threads

Specify the number of threads that Zope's ZServer web server will use to service requests.

Type: "integer"

Default: 2

Declared by:

<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
services.zope2.instances.<name?>.user

The name of the effective user for the Zope process.

Type: "string"

Default: "zope2"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
sound.enable

Whether to enable ALSA sound.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/audio/alsa.nix>
sound.enableOSSEmulation

Whether to enable ALSA OSS emulation (with certain cards sound mixing may not work!).

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/services/audio/alsa.nix>
sound.extraConfig

Set addition configuration for system-wide alsa.

Type: "string"

Default: ""

Example:

''
defaults.pcm.!card 3
''

Declared by:

<nixpkgs/nixos/modules/services/audio/alsa.nix>
swapDevices

The swap devices and swap files. These must have been initialised using mkswap. Each element should be an attribute set specifying either the path of the swap device or file (device) or the label of the swap device (label, see mkswap -L). Using a label is recommended.

Type: "list of submodules"

Default: [ ]

Example: [ { device = "/dev/hda7"; } { device = "/var/swapfile"; } { label = "bigswap"; } ]

Declared by:

<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
<nixpkgs/nixos/modules/config/swap.nix>
swapDevices.*.device

Path of the device.

Type: "string"

Example: "/dev/sda3"

Declared by:

<nixpkgs/nixos/modules/config/swap.nix>
swapDevices.*.encrypted.blkDev

Location of the backing encrypted device.

Type: "null or string"

Default: null

Example: "/dev/sda1"

Declared by:

<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
swapDevices.*.encrypted.enable

The block device is backed by an encrypted one, adds this device as a initrd luks entry.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
swapDevices.*.encrypted.keyFile

File system location of keyfile.

Type: "null or string"

Default: null

Example: "/root/.swapkey"

Declared by:

<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
swapDevices.*.encrypted.label

Label of the backing encrypted device.

Type: "null or string"

Default: null

Example: "rootfs"

Declared by:

<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
swapDevices.*.label

Label of the device. Can be used instead of device.

Type: "string"

Example: "swap"

Declared by:

<nixpkgs/nixos/modules/config/swap.nix>
swapDevices.*.priority

Specify the priority of the swap device. Priority is a value between 0 and 32767. Higher numbers indicate higher priority. null lets the kernel choose a priority, which will show up as a negative value.

Type: "null or integer"

Default: null

Example: 2048

Declared by:

<nixpkgs/nixos/modules/config/swap.nix>
swapDevices.*.size

If this option is set, ‘device’ is interpreted as the path of a swapfile that will be created automatically with the indicated size (in megabytes) if it doesn't exist.

Type: "null or integer"

Default: null

Example: 2048

Declared by:

<nixpkgs/nixos/modules/config/swap.nix>
system.activationScripts

A set of shell script fragments that are executed when a NixOS system configuration is activated. Examples are updating /etc, creating accounts, and so on. Since these are executed every time you boot the system or run nixos-rebuild, it's important that they are idempotent and fast.

Type: "attribute set of unspecifieds"

Default: { }

Example: { stdio = { deps = [ ] ; text = "# Needed by some programs.\nln -sfn /proc/self/fd /dev/fd\nln -sfn /proc/self/fd/0 /dev/stdin\nln -sfn /proc/self/fd/1 /dev/stdout\nln -sfn /proc/self/fd/2 /dev/stderr\n"; } ; }

Declared by:

<nixpkgs/nixos/modules/system/activation/activation-script.nix>
system.copySystemConfiguration

If enabled, copies the NixOS configuration file $NIXOS_CONFIG (usually /etc/nixos/configuration.nix) to the system store path.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/activation/top-level.nix>
system.replaceRuntimeDependencies

List of packages to override without doing a full rebuild. The original derivation and replacement derivation must have the same name length, and ideally should have close-to-identical directory layout.

Type: "list of submodules"

Default: [ ]

Example:

[ ({ original = pkgs.openssl; replacement = pkgs.callPackage /path/to/openssl { ... }; }) ]

Declared by:

<nixpkgs/nixos/modules/system/activation/top-level.nix>
systemd.additionalUpstreamSystemUnits

Additional units shipped with systemd that shall be enabled.

Type: "list of strings"

Default: [ ]

Example: [ "debug-shell.service" "systemd-quotacheck.service" ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.automounts

Definition of systemd automount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from the 'where' attribute.

Type: "list of submodules"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.automounts.*.after

If the specified units are started at the same time as this unit, delay this unit until they have started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.automounts.*.automountConfig

Each attribute in this set specifies an option in the [Automount] section of the unit. See systemd.automount(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { DirectoryMode = "0775"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.automounts.*.before

If the specified units are started at the same time as this unit, delay them until this unit has started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.automounts.*.bindsTo

Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.automounts.*.conflicts

If the specified units are started, then this unit is stopped and vice versa.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.automounts.*.description

Description of this unit used in systemd messages and progress indicators.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.automounts.*.enable

If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.automounts.*.partOf

If the specified units are stopped or restarted, then this unit is stopped or restarted as well.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.automounts.*.requiredBy

Units that require (i.e. depend on and need to go down with) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.automounts.*.requires

Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.automounts.*.requisite

Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.automounts.*.restartTriggers

An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.

Type: "list of unspecifieds"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.automounts.*.unitConfig

Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { RequiresMountsFor = "/data"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.automounts.*.wantedBy

Units that want (i.e. depend on) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.automounts.*.wants

Start the specified units when this unit is started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.automounts.*.where

Absolute path of a directory of the mount point. Will be created if it doesn't exist. (Mandatory)

Type: "string"

Example: "/mnt"

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.defaultUnit

Default unit started when the system boots.

Type: "string"

Default: "multi-user.target"

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.enableEmergencyMode

Whether to enable emergency mode, which is an sulogin shell started on the console if mounting a filesystem fails. Since some machines (like EC2 instances) have no console of any kind, emergency mode doesn't make sense, and it's better to continue with the boot insofar as possible.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/emergency-mode.nix>
systemd.extraConfig

Extra config options for systemd. See man systemd-system.conf for available options.

Type: "string"

Default: ""

Example: "DefaultLimitCORE=infinity"

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.globalEnvironment

Environment variables passed to all systemd units.

Type: "attribute set"

Default: { }

Example: { TZ = "CET"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.mounts

Definition of systemd mount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from the 'where' attribute.

Type: "list of submodules"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.mounts.*.after

If the specified units are started at the same time as this unit, delay this unit until they have started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.mounts.*.before

If the specified units are started at the same time as this unit, delay them until this unit has started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.mounts.*.bindsTo

Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.mounts.*.conflicts

If the specified units are started, then this unit is stopped and vice versa.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.mounts.*.description

Description of this unit used in systemd messages and progress indicators.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.mounts.*.enable

If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.mounts.*.mountConfig

Each attribute in this set specifies an option in the [Mount] section of the unit. See systemd.mount(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { DirectoryMode = "0775"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.mounts.*.options

Options used to mount the file system.

Type: "string"

Default: ""

Example: "noatime"

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.mounts.*.partOf

If the specified units are stopped or restarted, then this unit is stopped or restarted as well.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.mounts.*.requiredBy

Units that require (i.e. depend on and need to go down with) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.mounts.*.requires

Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.mounts.*.requisite

Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.mounts.*.restartTriggers

An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.

Type: "list of unspecifieds"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.mounts.*.type

File system type.

Type: "string"

Default: ""

Example: "ext4"

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.mounts.*.unitConfig

Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { RequiresMountsFor = "/data"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.mounts.*.wantedBy

Units that want (i.e. depend on) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.mounts.*.wants

Start the specified units when this unit is started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.mounts.*.what

Absolute path of device node, file or other resource. (Mandatory)

Type: "string"

Example: "/dev/sda1"

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.mounts.*.where

Absolute path of a directory of the mount point. Will be created if it doesn't exist. (Mandatory)

Type: "string"

Example: "/mnt"

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.enable

Whether to enable networkd or not.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.links

Definition of systemd network links.

Type: "attribute set of submodules"

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.links.<name>.enable

If set to false, this unit will be a symlink to /dev/null.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.links.<name>.linkConfig

Each attribute in this set specifies an option in the [Link] section of the unit. See systemd.link(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { MACAddress = "00:ff:ee:aa:cc:dd"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.links.<name>.matchConfig

Each attribute in this set specifies an option in the [Match] section of the unit. See systemd.link(5) systemd.netdev(5) systemd.network(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { Name = "eth0"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.netdevs

Definition of systemd network devices.

Type: "attribute set of submodules"

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.netdevs.<name>.bondConfig

Each attribute in this set specifies an option in the [Bond] section of the unit. See systemd.netdev(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { Mode = "802.3ad"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.netdevs.<name>.enable

If set to false, this unit will be a symlink to /dev/null.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.netdevs.<name>.macvlanConfig

Each attribute in this set specifies an option in the [MACVLAN] section of the unit. See systemd.netdev(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { Mode = "private"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.netdevs.<name>.matchConfig

Each attribute in this set specifies an option in the [Match] section of the unit. See systemd.link(5) systemd.netdev(5) systemd.network(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { Name = "eth0"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.netdevs.<name>.netdevConfig

Each attribute in this set specifies an option in the [Netdev] section of the unit. See systemd.netdev(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { Kind = "bridge"; Name = "mybridge"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.netdevs.<name>.peerConfig

Each attribute in this set specifies an option in the [Peer] section of the unit. See systemd.netdev(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { Name = "veth2"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.netdevs.<name>.tapConfig

Each attribute in this set specifies an option in the [Tap] section of the unit. See systemd.netdev(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { User = "openvpn"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.netdevs.<name>.tunConfig

Each attribute in this set specifies an option in the [Tun] section of the unit. See systemd.netdev(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { User = "openvpn"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.netdevs.<name>.tunnelConfig

Each attribute in this set specifies an option in the [Tunnel] section of the unit. See systemd.netdev(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { Remote = "192.168.1.1"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.netdevs.<name>.vlanConfig

Each attribute in this set specifies an option in the [VLAN] section of the unit. See systemd.netdev(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { Id = "4"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.netdevs.<name>.vxlanConfig

Each attribute in this set specifies an option in the [VXLAN] section of the unit. See systemd.netdev(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { Id = "4"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.networks

Definition of systemd networks.

Type: "attribute set of submodules"

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.networks.<name>.DHCP

Whether to enable DHCP on the interfaces matched.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.networks.<name>.address

A list of addresses to be added to the network section of the unit. See systemd.network(5) for details.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.networks.<name>.addresses

A list of address sections to be added to the unit. See systemd.network(5) for details.

Type: "list of submodules"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.networks.<name>.addresses.*.addressConfig

Each attribute in this set specifies an option in the [Address] section of the unit. See systemd.network(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { Address = "192.168.0.100/24"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.networks.<name>.dhcpConfig

Each attribute in this set specifies an option in the [DHCP] section of the unit. See systemd.network(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { UseDNS = true; UseRoutes = true; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.networks.<name>.dns

A list of dns servers to be added to the network section of the unit. See systemd.network(5) for details.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.networks.<name>.domains

A list of domains to pass to the network config.

Type: "null or list of strings"

Default: null

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.networks.<name>.enable

If set to false, this unit will be a symlink to /dev/null.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.networks.<name>.gateway

A list of gateways to be added to the network section of the unit. See systemd.network(5) for details.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.networks.<name>.macvlan

A list of macvlan interfaces to be added to the network section of the unit. See systemd.network(5) for details.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.networks.<name>.matchConfig

Each attribute in this set specifies an option in the [Match] section of the unit. See systemd.link(5) systemd.netdev(5) systemd.network(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { Name = "eth0"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.networks.<name>.name

The name of the network interface to match against.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.networks.<name>.networkConfig

Each attribute in this set specifies an option in the [Network] section of the unit. See systemd.network(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { Description = "My Network"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.networks.<name>.ntp

A list of ntp servers to be added to the network section of the unit. See systemd.network(5) for details.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.networks.<name>.routes

A list of route sections to be added to the unit. See systemd.network(5) for details.

Type: "list of submodules"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.networks.<name>.routes.*.routeConfig

Each attribute in this set specifies an option in the [Route] section of the unit. See systemd.network(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { Gateway = "192.168.0.1"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.networks.<name>.tunnel

A list of tunnel interfaces to be added to the network section of the unit. See systemd.network(5) for details.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.networks.<name>.vlan

A list of vlan interfaces to be added to the network section of the unit. See systemd.network(5) for details.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.networks.<name>.vxlan

A list of vxlan interfaces to be added to the network section of the unit. See systemd.network(5) for details.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.units

Definition of networkd units.

Type: "attribute set of submodules"

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.units.<name>.enable

If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.units.<name>.requiredBy

Units that require (i.e. depend on and need to go down with) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.units.<name>.text

Text of this systemd unit.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.network.units.<name>.wantedBy

Units that want (i.e. depend on) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.packages

Packages providing systemd units.

Type: "list of derivations"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.paths

Definition of systemd path units.

Type: "attribute set of submodules"

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.paths.<name>.after

If the specified units are started at the same time as this unit, delay this unit until they have started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.paths.<name>.before

If the specified units are started at the same time as this unit, delay them until this unit has started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.paths.<name>.bindsTo

Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.paths.<name>.conflicts

If the specified units are started, then this unit is stopped and vice versa.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.paths.<name>.description

Description of this unit used in systemd messages and progress indicators.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.paths.<name>.enable

If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.paths.<name>.partOf

If the specified units are stopped or restarted, then this unit is stopped or restarted as well.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.paths.<name>.pathConfig

Each attribute in this set specifies an option in the [Path] section of the unit. See systemd.path(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { PathChanged = "/some/path"; Unit = "changedpath.service"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.paths.<name>.requiredBy

Units that require (i.e. depend on and need to go down with) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.paths.<name>.requires

Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.paths.<name>.requisite

Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.paths.<name>.restartTriggers

An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.

Type: "list of unspecifieds"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.paths.<name>.unitConfig

Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { RequiresMountsFor = "/data"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.paths.<name>.wantedBy

Units that want (i.e. depend on) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.paths.<name>.wants

Start the specified units when this unit is started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services

Definition of systemd service units.

Type: "attribute set of submodules"

Default: { }

Declared by:

<nixpkgs/nixos/modules/testing/service-runner.nix>
<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.after

If the specified units are started at the same time as this unit, delay this unit until they have started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.before

If the specified units are started at the same time as this unit, delay them until this unit has started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.bindsTo

Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.conflicts

If the specified units are started, then this unit is stopped and vice versa.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.description

Description of this unit used in systemd messages and progress indicators.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.enable

If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.environment

Environment variables passed to the service's processes.

Type: "attribute set"

Default: { }

Example: { LANG = "nl_NL.UTF-8"; PATH = "/foo/bar/bin"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.partOf

If the specified units are stopped or restarted, then this unit is stopped or restarted as well.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.path

Packages added to the service's PATH environment variable. Both the bin and sbin subdirectories of each package are added.

Type: "unspecified"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.postStart

Shell commands executed after the service's main process is started.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.postStop

Shell commands executed after the service's main process has exited.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.preStart

Shell commands executed before the service's main process is started.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.preStop

Shell commands executed to stop the service.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.reload

Shell commands executed when the service's main process is reloaded.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.reloadIfChanged

Whether the service should be reloaded during a NixOS configuration switch if its definition has changed. If enabled, the value of restartIfChanged is ignored.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.requiredBy

Units that require (i.e. depend on and need to go down with) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.requires

Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.requisite

Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.restartIfChanged

Whether the service should be restarted during a NixOS configuration switch if its definition has changed.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.restartTriggers

An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.

Type: "list of unspecifieds"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.script

Shell commands executed as the service's main process.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.scriptArgs

Arguments passed to the main process script.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.serviceConfig

Each attribute in this set specifies an option in the [Service] section of the unit. See systemd.service(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { RestartSec = 5; StartLimitInterval = 10; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.startAt

Automatically start this unit at the given date/time, which must be in the format described in systemd.time(5). This is equivalent to adding a corresponding timer unit with OnCalendar set to the value given here.

Type: "string"

Default: ""

Example: "Sun 14:00:00"

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.stopIfChanged

If set, a changed unit is restarted by calling systemctl stop in the old configuration, then systemctl start in the new one. Otherwise, it is restarted in a single step using systemctl restart in the new configuration. The latter is less correct because it runs the ExecStop commands from the new configuration.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.unitConfig

Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { RequiresMountsFor = "/data"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.wantedBy

Units that want (i.e. depend on) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.services.<name>.wants

Start the specified units when this unit is started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.sockets

Definition of systemd socket units.

Type: "attribute set of submodules"

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.sockets.<name>.after

If the specified units are started at the same time as this unit, delay this unit until they have started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.sockets.<name>.before

If the specified units are started at the same time as this unit, delay them until this unit has started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.sockets.<name>.bindsTo

Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.sockets.<name>.conflicts

If the specified units are started, then this unit is stopped and vice versa.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.sockets.<name>.description

Description of this unit used in systemd messages and progress indicators.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.sockets.<name>.enable

If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.sockets.<name>.listenStreams

For each item in this list, a ListenStream option in the [Socket] section will be created.

Type: "list of strings"

Default: [ ]

Example: [ "0.0.0.0:993" "/run/my-socket" ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.sockets.<name>.partOf

If the specified units are stopped or restarted, then this unit is stopped or restarted as well.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.sockets.<name>.requiredBy

Units that require (i.e. depend on and need to go down with) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.sockets.<name>.requires

Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.sockets.<name>.requisite

Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.sockets.<name>.restartTriggers

An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.

Type: "list of unspecifieds"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.sockets.<name>.socketConfig

Each attribute in this set specifies an option in the [Socket] section of the unit. See systemd.socket(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { ListenStream = "/run/my-socket"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.sockets.<name>.unitConfig

Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { RequiresMountsFor = "/data"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.sockets.<name>.wantedBy

Units that want (i.e. depend on) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.sockets.<name>.wants

Start the specified units when this unit is started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.targets

Definition of systemd target units.

Type: "attribute set of submodules"

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.targets.<name>.after

If the specified units are started at the same time as this unit, delay this unit until they have started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.targets.<name>.before

If the specified units are started at the same time as this unit, delay them until this unit has started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.targets.<name>.bindsTo

Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.targets.<name>.conflicts

If the specified units are started, then this unit is stopped and vice versa.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.targets.<name>.description

Description of this unit used in systemd messages and progress indicators.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.targets.<name>.enable

If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.targets.<name>.partOf

If the specified units are stopped or restarted, then this unit is stopped or restarted as well.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.targets.<name>.requiredBy

Units that require (i.e. depend on and need to go down with) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.targets.<name>.requires

Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.targets.<name>.requisite

Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.targets.<name>.restartTriggers

An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.

Type: "list of unspecifieds"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.targets.<name>.unitConfig

Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { RequiresMountsFor = "/data"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.targets.<name>.wantedBy

Units that want (i.e. depend on) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.targets.<name>.wants

Start the specified units when this unit is started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.timers

Definition of systemd timer units.

Type: "attribute set of submodules"

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.timers.<name>.after

If the specified units are started at the same time as this unit, delay this unit until they have started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.timers.<name>.before

If the specified units are started at the same time as this unit, delay them until this unit has started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.timers.<name>.bindsTo

Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.timers.<name>.conflicts

If the specified units are started, then this unit is stopped and vice versa.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.timers.<name>.description

Description of this unit used in systemd messages and progress indicators.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.timers.<name>.enable

If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.timers.<name>.partOf

If the specified units are stopped or restarted, then this unit is stopped or restarted as well.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.timers.<name>.requiredBy

Units that require (i.e. depend on and need to go down with) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.timers.<name>.requires

Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.timers.<name>.requisite

Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.timers.<name>.restartTriggers

An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.

Type: "list of unspecifieds"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.timers.<name>.timerConfig

Each attribute in this set specifies an option in the [Timer] section of the unit. See systemd.timer(5) and systemd.time(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { OnCalendar = "Sun 14:00:00"; Unit = "foo.service"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.timers.<name>.unitConfig

Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { RequiresMountsFor = "/data"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.timers.<name>.wantedBy

Units that want (i.e. depend on) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.timers.<name>.wants

Start the specified units when this unit is started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.tmpfiles.rules

Rules for creating and cleaning up temporary files automatically. See tmpfiles.d(5) for the exact format. You should not use this option to create files required by systemd services, since there is no guarantee that systemd-tmpfiles runs when the system is reconfigured using nixos-rebuild.

Type: "list of strings"

Default: [ ]

Example: [ "d /tmp 1777 root root 10d" ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.units

Definition of systemd units.

Type: "attribute set of submodules"

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.units.<name>.enable

If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.units.<name>.requiredBy

Units that require (i.e. depend on and need to go down with) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.units.<name>.text

Text of this systemd unit.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.units.<name>.wantedBy

Units that want (i.e. depend on) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services

Definition of systemd per-user service units.

Type: "attribute set of submodules"

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.after

If the specified units are started at the same time as this unit, delay this unit until they have started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.before

If the specified units are started at the same time as this unit, delay them until this unit has started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.bindsTo

Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.conflicts

If the specified units are started, then this unit is stopped and vice versa.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.description

Description of this unit used in systemd messages and progress indicators.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.enable

If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.environment

Environment variables passed to the service's processes.

Type: "attribute set"

Default: { }

Example: { LANG = "nl_NL.UTF-8"; PATH = "/foo/bar/bin"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.partOf

If the specified units are stopped or restarted, then this unit is stopped or restarted as well.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.path

Packages added to the service's PATH environment variable. Both the bin and sbin subdirectories of each package are added.

Type: "unspecified"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.postStart

Shell commands executed after the service's main process is started.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.postStop

Shell commands executed after the service's main process has exited.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.preStart

Shell commands executed before the service's main process is started.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.preStop

Shell commands executed to stop the service.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.reload

Shell commands executed when the service's main process is reloaded.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.reloadIfChanged

Whether the service should be reloaded during a NixOS configuration switch if its definition has changed. If enabled, the value of restartIfChanged is ignored.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.requiredBy

Units that require (i.e. depend on and need to go down with) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.requires

Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.requisite

Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.restartIfChanged

Whether the service should be restarted during a NixOS configuration switch if its definition has changed.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.restartTriggers

An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.

Type: "list of unspecifieds"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.script

Shell commands executed as the service's main process.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.scriptArgs

Arguments passed to the main process script.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.serviceConfig

Each attribute in this set specifies an option in the [Service] section of the unit. See systemd.service(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { RestartSec = 5; StartLimitInterval = 10; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.startAt

Automatically start this unit at the given date/time, which must be in the format described in systemd.time(5). This is equivalent to adding a corresponding timer unit with OnCalendar set to the value given here.

Type: "string"

Default: ""

Example: "Sun 14:00:00"

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.stopIfChanged

If set, a changed unit is restarted by calling systemctl stop in the old configuration, then systemctl start in the new one. Otherwise, it is restarted in a single step using systemctl restart in the new configuration. The latter is less correct because it runs the ExecStop commands from the new configuration.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.unitConfig

Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { RequiresMountsFor = "/data"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.wantedBy

Units that want (i.e. depend on) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.services.<name>.wants

Start the specified units when this unit is started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.sockets

Definition of systemd per-user socket units.

Type: "attribute set of submodules"

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.sockets.<name>.after

If the specified units are started at the same time as this unit, delay this unit until they have started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.sockets.<name>.before

If the specified units are started at the same time as this unit, delay them until this unit has started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.sockets.<name>.bindsTo

Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.sockets.<name>.conflicts

If the specified units are started, then this unit is stopped and vice versa.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.sockets.<name>.description

Description of this unit used in systemd messages and progress indicators.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.sockets.<name>.enable

If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.sockets.<name>.listenStreams

For each item in this list, a ListenStream option in the [Socket] section will be created.

Type: "list of strings"

Default: [ ]

Example: [ "0.0.0.0:993" "/run/my-socket" ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.sockets.<name>.partOf

If the specified units are stopped or restarted, then this unit is stopped or restarted as well.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.sockets.<name>.requiredBy

Units that require (i.e. depend on and need to go down with) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.sockets.<name>.requires

Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.sockets.<name>.requisite

Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.sockets.<name>.restartTriggers

An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.

Type: "list of unspecifieds"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.sockets.<name>.socketConfig

Each attribute in this set specifies an option in the [Socket] section of the unit. See systemd.socket(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { ListenStream = "/run/my-socket"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.sockets.<name>.unitConfig

Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { RequiresMountsFor = "/data"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.sockets.<name>.wantedBy

Units that want (i.e. depend on) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.sockets.<name>.wants

Start the specified units when this unit is started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.timers

Definition of systemd per-user timer units.

Type: "attribute set of submodules"

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.timers.<name>.after

If the specified units are started at the same time as this unit, delay this unit until they have started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.timers.<name>.before

If the specified units are started at the same time as this unit, delay them until this unit has started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.timers.<name>.bindsTo

Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.timers.<name>.conflicts

If the specified units are started, then this unit is stopped and vice versa.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.timers.<name>.description

Description of this unit used in systemd messages and progress indicators.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.timers.<name>.enable

If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.timers.<name>.partOf

If the specified units are stopped or restarted, then this unit is stopped or restarted as well.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.timers.<name>.requiredBy

Units that require (i.e. depend on and need to go down with) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.timers.<name>.requires

Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.timers.<name>.requisite

Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.timers.<name>.restartTriggers

An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.

Type: "list of unspecifieds"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.timers.<name>.timerConfig

Each attribute in this set specifies an option in the [Timer] section of the unit. See systemd.timer(5) and systemd.time(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { OnCalendar = "Sun 14:00:00"; Unit = "foo.service"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.timers.<name>.unitConfig

Each attribute in this set specifies an option in the [Unit] section of the unit. See systemd.unit(5) for details.

Type: "attribute set of systemd options"

Default: { }

Example: { RequiresMountsFor = "/data"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.timers.<name>.wantedBy

Units that want (i.e. depend on) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.timers.<name>.wants

Start the specified units when this unit is started.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.units

Definition of systemd per-user units.

Type: "attribute set of submodules"

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.units.<name>.enable

If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.units.<name>.requiredBy

Units that require (i.e. depend on and need to go down with) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.units.<name>.text

Text of this systemd unit.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
systemd.user.units.<name>.wantedBy

Units that want (i.e. depend on) this unit.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
time.hardwareClockInLocalTime

If set, keep the hardware clock in local time instead of UTC.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/config/timezone.nix>
time.timeZone

The time zone used when displaying times and dates. See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones for a comprehensive list of possible values for this setting.

Type: "string"

Default: "UTC"

Example: "America/New_York"

Declared by:

<nixpkgs/nixos/modules/config/timezone.nix>
uim.enable

Enable UIM input method

Type: "boolean"

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/programs/uim.nix>
users.defaultUserShell

This option defines the default shell assigned to user accounts. This must not be a store path, since the path is used outside the store (in particular in /etc/passwd). Rather, it should be the path of a symlink that points to the actual shell in the Nix store.

Type: "path"

Example: "/run/current-system/sw/bin/zsh"

Declared by:

<nixpkgs/nixos/modules/programs/shadow.nix>
users.enforceIdUniqueness

Whether to require that no two users/groups share the same uid/gid.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraGroups

Additional groups to be created automatically by the system.

Type: "list or attribute set of submodules"

Default: { }

Example: { hackers = { } ; students = { gid = 1001; } ; }

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraGroups.<name?>.gid

The group GID. If the GID is null, a free GID is picked on activation.

Type: "null or integer"

Default: null

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraGroups.<name?>.members

The user names of the group members, added to the /etc/group file.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraGroups.<name?>.name

The name of the group. If undefined, the name of the attribute set will be used.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers

Additional user accounts to be created automatically by the system. This can also be used to set options for root.

Type: "list or attribute set of submodules"

Default: { }

Example: { alice = { createHome = true; description = "Alice Q. User"; extraGroups = [ "wheel" ] ; group = "users"; home = "/home/alice"; shell = "/bin/sh"; uid = 1234; } ; }

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name?>.createHome

If true, the home directory will be created automatically. If this option is true and the home directory already exists but is not owned by the user, directory owner and group will be changed to match the user.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name?>.description

A short description of the user account, typically the user's full name. This is actually the “GECOS” or “comment” field in /etc/passwd.

Type: "string"

Default: ""

Example: "Alice Q. User"

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name?>.extraGroups

The user's auxiliary groups.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name?>.group

The user's primary group.

Type: "string"

Default: "nogroup"

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name?>.hashedPassword

Specifies the hashed password for the user. The options hashedPassword, password and passwordFile controls what password is set for the user. hashedPassword overrides both password and passwordFile. password overrides passwordFile. If none of these three options are set, no password is assigned to the user, and the user will not be able to do password logins. If the option users.mutableUsers is true, the password defined in one of the three options will only be set when the user is created for the first time. After that, you are free to change the password with the ordinary user management commands. If users.mutableUsers is false, you cannot change user passwords, they will always be set according to the password options. To generate hashed password install mkpassword package and run mkpasswd -m sha-512.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name?>.home

The user's home directory.

Type: "string"

Default: "/var/empty"

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name?>.initialHashedPassword

Specifies the initial hashed password for the user, i.e. the hashed password assigned if the user does not already exist. If users.mutableUsers is true, the password can be changed subsequently using the passwd command. Otherwise, it's equivalent to setting the password option. To generate hashed password install mkpassword package and run mkpasswd -m sha-512.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name?>.initialPassword

Specifies the initial password for the user, i.e. the password assigned if the user does not already exist. If users.mutableUsers is true, the password can be changed subsequently using the passwd command. Otherwise, it's equivalent to setting the password option. The same caveat applies: the password specified here is world-readable in the Nix store, so it should only be used for guest accounts or passwords that will be changed promptly.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name?>.isNormalUser

Indicates whether this is an account for a “real” user. This automatically sets group to users, createHome to true, home to /home/username, useDefaultShell to true, and isSystemUser to false.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name?>.isSystemUser

Indicates if the user is a system user or not. This option only has an effect if uid is null, in which case it determines whether the user's UID is allocated in the range for system users (below 500) or in the range for normal users (starting at 1000).

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name?>.name

The name of the user account. If undefined, the name of the attribute set will be used.

Type: "string"

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name?>.openssh.authorizedKeys.keyFiles

A list of files each containing one OpenSSH public key that should be added to the user's authorized keys. The contents of the files are read at build time and added to a file that the SSH daemon reads in addition to the the user's authorized_keys file. You can combine the keyFiles and keys options.

Type: "list of paths"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
users.extraUsers.<name?>.openssh.authorizedKeys.keys

A list of verbatim OpenSSH public keys that should be added to the user's authorized keys. The keys are added to a file that the SSH daemon reads in addition to the the user's authorized_keys file. You can combine the keys and keyFiles options.

Type: "list of strings"

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
users.extraUsers.<name?>.password

Specifies the (clear text) password for the user. Warning: do not set confidential information here because it is world-readable in the Nix store. This option should only be used for public accounts. The options hashedPassword, password and passwordFile controls what password is set for the user. hashedPassword overrides both password and passwordFile. password overrides passwordFile. If none of these three options are set, no password is assigned to the user, and the user will not be able to do password logins. If the option users.mutableUsers is true, the password defined in one of the three options will only be set when the user is created for the first time. After that, you are free to change the password with the ordinary user management commands. If users.mutableUsers is false, you cannot change user passwords, they will always be set according to the password options.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name?>.passwordFile

The full path to a file that contains the user's password. The password file is read on each system activation. The file should contain exactly one line, which should be the password in an encrypted form that is suitable for the chpasswd -e command. The options hashedPassword, password and passwordFile controls what password is set for the user. hashedPassword overrides both password and passwordFile. password overrides passwordFile. If none of these three options are set, no password is assigned to the user, and the user will not be able to do password logins. If the option users.mutableUsers is true, the password defined in one of the three options will only be set when the user is created for the first time. After that, you are free to change the password with the ordinary user management commands. If users.mutableUsers is false, you cannot change user passwords, they will always be set according to the password options.

Type: "null or string"

Default: null

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name?>.shell

The path to the user's shell.

Type: "string"

Default: "/run/current-system/sw/bin/nologin"

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name?>.subGidRanges

Subordinate group ids that user is allowed to use. They are set into /etc/subgid and are used by newgidmap for user namespaces.

Type: "list of submodules"

Default: [ ]

Example: [ { count = 1; startGid = 100; } { count = 999; startGid = 1001; } ]

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name?>.subGidRanges.*.count

Count of subordinate group ids

Type: "integer"

Default: 1

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name?>.subGidRanges.*.startGid

Start of the range of subordinate group ids that user is allowed to use.

Type: "integer"

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name?>.subUidRanges

Subordinate user ids that user is allowed to use. They are set into /etc/subuid and are used by newuidmap for user namespaces.

Type: "list of submodules"

Default: [ ]

Example: [ { count = 1; startUid = 1000; } { count = 65534; startUid = 100001; } ]

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name?>.subUidRanges.*.count

Count of subordinate user ids

Type: "integer"

Default: 1

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name?>.subUidRanges.*.startUid

Start of the range of subordinate user ids that user is allowed to use.

Type: "integer"

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name?>.uid

The account UID. If the UID is null, a free UID is picked on activation.

Type: "null or integer"

Default: null

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name?>.useDefaultShell

If true, the user's shell will be set to users.defaultUserShell.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.ldap.base

The distinguished name of the search base.

Type: "unspecified"

Example: "dc=example,dc=org"

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.bind.distinguishedName

The distinguished name to bind to the LDAP server with. If this is not specified, an anonymous bind will be done.

Type: "string"

Default: ""

Example: "cn=admin,dc=example,dc=com"

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.bind.password

The path to a file containing the credentials to use when binding to the LDAP server (if not binding anonymously).

Type: "string"

Default: "/etc/ldap/bind.password"

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.bind.policy

Specifies the policy to use for reconnecting to an unavailable LDAP server. The default is hard_open, which reconnects if opening the connection to the directory server failed. By contrast, hard_init reconnects if initializing the connection failed. Initializing may not actually contact the directory server, and it is possible that a malformed configuration file will trigger reconnection. If soft is specified, then nss_ldap will return immediately on server failure. All hard reconnect policies block with exponential backoff before retrying.

Type: "string"

Default: "hard_open"

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.bind.timeLimit

Specifies the time limit (in seconds) to use when connecting to the directory server. This is distinct from the time limit specified in users.ldap.timeLimit and affects the initial server connection only.

Type: "integer"

Default: 30

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.daemon.enable

Whether to let the nslcd daemon (nss-pam-ldapd) handle the LDAP lookups for NSS and PAM. This can improve performance, and if you need to bind to the LDAP server with a password, it increases security, since only the nslcd user needs to have access to the bindpw file, not everyone that uses NSS and/or PAM. If this option is enabled, a local nscd user is created automatically, and the nslcd service is started automatically when the network get up.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.daemon.extraConfig

Extra configuration options that will be added verbatim at the end of the nslcd configuration file (nslcd.conf).

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.enable

Whether to enable authentication against an LDAP server.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.extraConfig

Extra configuration options that will be added verbatim at the end of the ldap configuration file (ldap.conf). If users.ldap.daemon is enabled, this configuration will not be used. In that case, use users.ldap.daemon.extraConfig instead.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.server

The URL of the LDAP server.

Type: "unspecified"

Example: "ldap://ldap.example.org/"

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.timeLimit

Specifies the time limit (in seconds) to use when performing searches. A value of zero (0), which is the default, is to wait indefinitely for searches to be completed.

Type: "integer"

Default: 0

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.useTLS

If enabled, use TLS (encryption) over an LDAP (port 389) connection. The alternative is to specify an LDAPS server (port 636) in users.ldap.server or to forego security.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.motd

Message of the day shown to users when they log in.

Type: "null or string"

Default: null

Example: "Today is Sweetmorn, the 4th day of The Aftermath in the YOLD 3178."

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
users.mutableUsers

If set to true, you are free to add new users and groups to the system with the ordinary useradd and groupadd commands. On system activation, the existing contents of the /etc/passwd and /etc/group files will be merged with the contents generated from the users.extraUsers and users.extraGroups options. The initial password for a user will be set according to users.extraUsers, but existing passwords will not be changed.

Warning

If set to false, the contents of the user and group files will simply be replaced on system activation. This also holds for the user passwords; all changed passwords will be reset according to the users.extraUsers configuration on activation.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
virtualisation.docker.enable

This option enables docker, a daemon that manages linux containers. Users in the "docker" group can interact with the daemon (e.g. to start or stop containers) using the docker command line tool.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/virtualisation/docker.nix>
virtualisation.docker.extraOptions

The extra command-line options to pass to docker daemon.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/virtualisation/docker.nix>
virtualisation.docker.socketActivation

This option enables docker with socket activation. I.e. docker will start when first called by client. Note: This is false by default because systemd lower than 214 that nixos uses so far, doesn't support SocketGroup option, so socket created by docker has root group now. This will likely be changed in future. So set this option explicitly to false if you wish.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/virtualisation/docker.nix>
virtualisation.libvirtd.enable

This option enables libvirtd, a daemon that manages virtual machines. Users in the "libvirtd" group can interact with the daemon (e.g. to start or stop VMs) using the virsh command line tool, among others.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
virtualisation.libvirtd.enableKVM

This option enables support for QEMU/KVM in libvirtd.

Type: "boolean"

Default: true

Declared by:

<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
virtualisation.libvirtd.extraConfig

Extra contents appended to the libvirtd configuration file, libvirtd.conf.

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
virtualisation.libvirtd.onShutdown

When shutting down / restarting the host what method should be used to gracefully halt the guests. Setting to "shutdown" will cause an ACPI shutdown of each guest. "suspend" will attempt to save the state of the guests ready to restore on boot.

Type: "one of shutdown, suspend"

Default: "suspend"

Declared by:

<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
virtualisation.lxc.defaultConfig

Default config (default.conf) for new containers, i.e. for network config. See lxc.container.conf (5).

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/virtualisation/lxc.nix>
virtualisation.lxc.enable

This enables Linux Containers (LXC), which provides tools for creating and managing system or application containers on Linux.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/virtualisation/lxc.nix>
virtualisation.lxc.systemConfig

This is the system-wide LXC config. See lxc.system.conf(5).

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/virtualisation/lxc.nix>
virtualisation.lxc.usernetConfig

This is the config file for managing unprivileged user network administration access in LXC. See lxc-user-net(5).

Type: "string"

Default: ""

Declared by:

<nixpkgs/nixos/modules/virtualisation/lxc.nix>
virtualisation.vswitch.enable

Enable Open vSwitch. A configuration daemon (ovs-server) will be started.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/virtualisation/openvswitch.nix>
virtualisation.xen.bootParams

Parameters passed to the Xen hypervisor at boot time.

Type: "unspecified"

Default: ""

Declared by:

<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
virtualisation.xen.bridge

Create a bridge for the Xen domUs to connect to.

Type: "unspecified"

Default: "xenbr0"

Declared by:

<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
virtualisation.xen.domain0MemorySize

Amount of memory (in MiB) allocated to Domain 0 on boot. If set to 0, all memory is assigned to Domain 0.

Type: "unspecified"

Default: 0

Example: 512

Declared by:

<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
virtualisation.xen.enable

Setting this option enables the Xen hypervisor, a virtualisation technology that allows multiple virtual machines, known as domains, to run concurrently on the physical machine. NixOS runs as the privileged Domain 0. This option requires a reboot to take effect.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
virtualisation.xen.stored

Xen Store daemon to use. Defaults to oxenstored of the xen package.

Type: "path"

Declared by:

<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
virtualisation.xen.trace

Enable Xen tracing.

Type: "unspecified"

Default: false

Declared by:

<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
zramSwap.enable

Enable in-memory compressed swap space provided by the zram kernel module. It is recommended to enable only for kernel 3.14 or higher.

Type: "boolean"

Default: false

Declared by:

<nixpkgs/nixos/modules/config/zram.nix>
zramSwap.memoryPercent

Maximum amount of memory that can be used by the zram swap devices (as a percentage of your total memory). Defaults to 1/2 of your total RAM.

Type: "integer"

Default: 50

Declared by:

<nixpkgs/nixos/modules/config/zram.nix>
zramSwap.numDevices

Number of zram swap devices to create. It should be equal to the number of CPU cores your system has.

Type: "integer"

Default: 4

Declared by:

<nixpkgs/nixos/modules/config/zram.nix>
zramSwap.priority

Priority of the zram swap devices. It should be a number higher than the priority of your disk-based swap devices (so that the system will fill the zram swap devices before falling back to disk swap).

Type: "integer"

Default: 5

Declared by:

<nixpkgs/nixos/modules/config/zram.nix>