.. _appendix-configuration-options: Configuration Options ===================== .. _opt-appstream.enable: appstream.enable ________________ Whether to install files to support the `AppStream metadata specification `_. *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-boot.enableContainers: boot.enableContainers _____________________ Whether to enable support for NixOS containers. *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-boot.binfmt.emulatedSystems: boot.binfmt.emulatedSystems ___________________________ List of systems to emulate. Will also configure Nix to support your new systems. *Type:* list of strings *Default:* ``[ ]`` *Example:* ``[ "wasm32-wasi" "x86_64-windows" "aarch64-linux" ]`` *Declared by:* + ` `_ .. _opt-boot.binfmt.registrations: boot.binfmt.registrations _________________________ Extra binary formats to register with the kernel. See https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html for more details. *Type:* attribute set of submodules *Default:* ``{ }`` *Declared by:* + ` `_ .. _opt-boot.binfmt.registrations._name_.fixBinary: boot.binfmt.registrations..fixBinary __________________________________________ Whether to open the interpreter file as soon as the registration is loaded, rather than waiting for a relevant file to be invoked. See the description of the 'F' flag in the kernel docs for more details. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.binfmt.registrations._name_.interpreter: boot.binfmt.registrations..interpreter ____________________________________________ The interpreter to invoke to run the program. Note that the actual registration will point to /run/binfmt/${name}, so the kernel interpreter length limit doesn't apply. *Type:* path *Declared by:* + ` `_ .. _opt-boot.binfmt.registrations._name_.magicOrExtension: boot.binfmt.registrations..magicOrExtension _________________________________________________ The magic number or extension to match on. *Type:* string *Declared by:* + ` `_ .. _opt-boot.binfmt.registrations._name_.mask: boot.binfmt.registrations..mask _____________________________________ A mask to be ANDed with the byte sequence of the file before matching *Type:* null or string *Default:* ``null`` *Declared by:* + ` `_ .. _opt-boot.binfmt.registrations._name_.matchCredentials: boot.binfmt.registrations..matchCredentials _________________________________________________ Whether to launch with the credentials and security token of the binary, not the interpreter (e.g. setuid bit). See the description of the 'C' flag in the kernel docs for more details. Implies/requires openBinary = true. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.binfmt.registrations._name_.offset: boot.binfmt.registrations..offset _______________________________________ The byte offset of the magic number used for recognition. *Type:* null or signed integer *Default:* ``null`` *Declared by:* + ` `_ .. _opt-boot.binfmt.registrations._name_.openBinary: boot.binfmt.registrations..openBinary ___________________________________________ Whether to pass the binary to the interpreter as an open file descriptor, instead of a path. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.binfmt.registrations._name_.preserveArgvZero: boot.binfmt.registrations..preserveArgvZero _________________________________________________ Whether to pass the original argv[0] to the interpreter. See the description of the 'P' flag in the kernel docs for more details; *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.binfmt.registrations._name_.recognitionType: boot.binfmt.registrations..recognitionType ________________________________________________ Whether to recognize executables by magic number or extension. *Type:* one of "magic", "extension" *Default:* ``"magic"`` *Declared by:* + ` `_ .. _opt-boot.binfmtMiscRegistrations._name_.fixBinary: boot.binfmtMiscRegistrations..fixBinary _____________________________________________ Whether to open the interpreter file as soon as the registration is loaded, rather than waiting for a relevant file to be invoked. See the description of the 'F' flag in the kernel docs for more details. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.binfmtMiscRegistrations._name_.interpreter: boot.binfmtMiscRegistrations..interpreter _______________________________________________ The interpreter to invoke to run the program. Note that the actual registration will point to /run/binfmt/${name}, so the kernel interpreter length limit doesn't apply. *Type:* path *Declared by:* + ` `_ .. _opt-boot.binfmtMiscRegistrations._name_.magicOrExtension: boot.binfmtMiscRegistrations..magicOrExtension ____________________________________________________ The magic number or extension to match on. *Type:* string *Declared by:* + ` `_ .. _opt-boot.binfmtMiscRegistrations._name_.mask: boot.binfmtMiscRegistrations..mask ________________________________________ A mask to be ANDed with the byte sequence of the file before matching *Type:* null or string *Default:* ``null`` *Declared by:* + ` `_ .. _opt-boot.binfmtMiscRegistrations._name_.matchCredentials: boot.binfmtMiscRegistrations..matchCredentials ____________________________________________________ Whether to launch with the credentials and security token of the binary, not the interpreter (e.g. setuid bit). See the description of the 'C' flag in the kernel docs for more details. Implies/requires openBinary = true. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.binfmtMiscRegistrations._name_.offset: boot.binfmtMiscRegistrations..offset __________________________________________ The byte offset of the magic number used for recognition. *Type:* null or signed integer *Default:* ``null`` *Declared by:* + ` `_ .. _opt-boot.binfmtMiscRegistrations._name_.openBinary: boot.binfmtMiscRegistrations..openBinary ______________________________________________ Whether to pass the binary to the interpreter as an open file descriptor, instead of a path. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.binfmtMiscRegistrations._name_.preserveArgvZero: boot.binfmtMiscRegistrations..preserveArgvZero ____________________________________________________ Whether to pass the original argv[0] to the interpreter. See the description of the 'P' flag in the kernel docs for more details; *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.binfmtMiscRegistrations._name_.recognitionType: boot.binfmtMiscRegistrations..recognitionType ___________________________________________________ Whether to recognize executables by magic number or extension. *Type:* one of "magic", "extension" *Default:* ``"magic"`` *Declared by:* + ` `_ .. _opt-boot.blacklistedKernelModules: boot.blacklistedKernelModules _____________________________ List of names of kernel modules that should not be loaded automatically by the hardware probing code. *Type:* list of strings *Default:* ``[ ]`` *Example:* ``[ "cirrusfb" "i2c_piix4" ]`` *Declared by:* + ` `_ .. _opt-boot.cleanTmpDir: boot.cleanTmpDir ________________ Whether to delete all files in :file:`/tmp` during boot. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.consoleLogLevel: boot.consoleLogLevel ____________________ The kernel console ``loglevel``. All Kernel Messages with a log level smaller than this setting will be printed to the console. *Type:* signed integer *Default:* ``4`` *Declared by:* + ` `_ .. _opt-boot.crashDump.enable: boot.crashDump.enable _____________________ If enabled, NixOS will set up a kernel that will boot on crash, and leave the user in systemd rescue to be able to save the crashed kernel dump at /proc/vmcore. It also activates the NMI watchdog. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.crashDump.kernelParams: boot.crashDump.kernelParams ___________________________ Parameters that will be passed to the kernel kexec-ed on crash. *Type:* list of strings *Default:* ``[ "1" "boot.shell_on_fail" ]`` *Declared by:* + ` `_ .. _opt-boot.crashDump.reservedMemory: boot.crashDump.reservedMemory _____________________________ The amount of memory reserved for the crashdump kernel. If you choose a too high value, dmesg will mention "crashkernel reservation failed". *Type:* unspecified *Default:* ``"128M"`` *Declared by:* + ` `_ .. _opt-boot.devShmSize: boot.devShmSize _______________ Size limit for the /dev/shm tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax. *Type:* string *Default:* ``"50%"`` *Example:* ``"256m"`` *Declared by:* + ` `_ .. _opt-boot.devSize: boot.devSize ____________ Size limit for the /dev tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax. *Type:* string *Default:* ``"5%"`` *Example:* ``"32m"`` *Declared by:* + ` `_ .. _opt-boot.extraModprobeConfig: boot.extraModprobeConfig ________________________ Any additional configuration to be appended to the generated:file:`modprobe.conf`. This is typically used to specify module options. Seemodprobe.conf5 for details. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Example:* :: '' options parport_pc io=0x378 irq=7 dma=1 '' *Declared by:* + ` `_ .. _opt-boot.extraModulePackages: boot.extraModulePackages ________________________ A list of additional packages supplying kernel modules. *Type:* list of packages *Default:* ``[ ]`` *Example:* :: [ config.boot.kernelPackages.nvidia_x11 ] *Declared by:* + ` `_ .. _opt-boot.growPartition: boot.growPartition __________________ Whether to enable grow the root partition on boot. *Type:* boolean *Default:* ``false`` *Example:* ``true`` *Declared by:* + ` `_ .. _opt-boot.hardwareScan: boot.hardwareScan _________________ Whether to try to load kernel modules for all detected hardware. Usually this does a good job of providing you with the modules you need, but sometimes it can crash the system or cause other nasty effects. *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-boot.initrd.availableKernelModules: boot.initrd.availableKernelModules __________________________________ The set of kernel modules in the initial ramdisk used during the boot process. This set must include all modules necessary for mounting the root device. That is, it should include modules for the physical device (e.g., SCSI drivers) and for the file system (e.g., ext3). The set specified here is automatically closed under the module dependency relation, i.e., all dependencies of the modules list here are included automatically. The modules listed here are available in the initrd, but are only loaded on demand (e.g., the ext3 module is loaded automatically when an ext3 filesystem is mounted, and modules for PCI devices are loaded when they match the PCI ID of a device in your system). To force a module to be loaded, include it in . *Type:* list of strings *Default:* ``[ ]`` *Example:* ``[ "sata_nv" "ext3" ]`` *Declared by:* + ` `_ .. _opt-boot.initrd.checkJournalingFS: boot.initrd.checkJournalingFS _____________________________ Whether to run :command:`fsck` on journaling filesystems such as ext3. *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-boot.initrd.kernelModules: boot.initrd.kernelModules _________________________ List of modules that are always loaded by the initrd. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.cryptoModules: boot.initrd.luks.cryptoModules ______________________________ A list of cryptographic kernel modules needed to decrypt the root device(s). The default includes all common modules. *Type:* list of strings *Default:* ``[ "aes" "aes_generic" "blowfish" "twofish" "serpent" "cbc" "xts" "lrw" "sha1" "sha256" "sha512" "af_alg" "algif_skcipher" "aes_x86_64" ]`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices: boot.initrd.luks.devices ________________________ The encrypted disk that should be opened before the root filesystem is mounted. Both LVM-over-LUKS and LUKS-over-LVM setups are supported. The unencrypted devices can be accessed as:file:`/dev/mapper/`. *Type:* list or attribute set of submodules *Default:* ``{ }`` *Example:* ``{ luksroot = { device = "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08"; } ; }`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.allowDiscards: boot.initrd.luks.devices..allowDiscards ______________________________________________ Whether to allow TRIM requests to the underlying device. This option has security implications; please read the LUKS documentation before activating it. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.device: boot.initrd.luks.devices..device _______________________________________ Path of the underlying encrypted block device. *Type:* string *Example:* ``"/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08"`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.fallbackToPassword: boot.initrd.luks.devices..fallbackToPassword ___________________________________________________ Whether to fallback to interactive passphrase prompt if the keyfile cannot be found. This will prevent unattended boot should the keyfile go missing. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.fido2.credential: boot.initrd.luks.devices..fido2.credential _________________________________________________ The FIDO2 credential ID. *Type:* string *Default:* ``null`` *Example:* ``"f1d00200d8dc783f7fb1e10ace8da27f8312d72692abfca2f7e4960a73f48e82e1f7571f6ebfcee9fb434f9886ccc8fcc52a6614d8d2"`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.fido2.gracePeriod: boot.initrd.luks.devices..fido2.gracePeriod __________________________________________________ Time in seconds to wait for the FIDO2 key. *Type:* signed integer *Default:* ``10`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.fido2.passwordLess: boot.initrd.luks.devices..fido2.passwordLess ___________________________________________________ Defines whatever to use an empty string as a default salt. Enable only when your device is PIN protected, such as `Trezor `_. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.gpgCard: boot.initrd.luks.devices..gpgCard ________________________________________ The option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard. If null (the default), GPG-Smartcard will be disabled for this device. *Type:* null or submodule *Default:* ``null`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.gpgCard.encryptedPass: boot.initrd.luks.devices..gpgCard.encryptedPass ______________________________________________________ Path to the GPG encrypted passphrase. *Type:* path *Default:* ``""`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.gpgCard.gracePeriod: boot.initrd.luks.devices..gpgCard.gracePeriod ____________________________________________________ Time in seconds to wait for the GPG Smartcard. *Type:* signed integer *Default:* ``10`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.gpgCard.publicKey: boot.initrd.luks.devices..gpgCard.publicKey __________________________________________________ Path to the Public Key. *Type:* path *Default:* ``""`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.header: boot.initrd.luks.devices..header _______________________________________ The name of the file or block device that should be used as header for the encrypted device. *Type:* null or string *Default:* ``null`` *Example:* ``"/root/header.img"`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.keyFile: boot.initrd.luks.devices..keyFile ________________________________________ The name of the file (can be a raw device or a partition) that should be used as the decryption key for the encrypted device. If not specified, you will be prompted for a passphrase instead. *Type:* null or string *Default:* ``null`` *Example:* ``"/dev/sdb1"`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.keyFileOffset: boot.initrd.luks.devices..keyFileOffset ______________________________________________ The offset of the key file. Use this in combination with``keyFileSize`` to use part of a file as key file (often the case if a raw device or partition is used as a key file). If not specified, the key begins at the first byte of``keyFile``. *Type:* null or signed integer *Default:* ``null`` *Example:* ``4096`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.keyFileSize: boot.initrd.luks.devices..keyFileSize ____________________________________________ The size of the key file. Use this if only the beginning of the key file should be used as a key (often the case if a raw device or partition is used as key file). If not specified, the whole``keyFile`` will be used decryption, instead of just the first ``keyFileSize`` bytes. *Type:* null or signed integer *Default:* ``null`` *Example:* ``4096`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.preLVM: boot.initrd.luks.devices..preLVM _______________________________________ Whether the luksOpen will be attempted before LVM scan or after it. *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.yubikey: boot.initrd.luks.devices..yubikey ________________________________________ The options to use for this LUKS device in Yubikey-PBA. If null (the default), Yubikey-PBA will be disabled for this device. *Type:* null or submodule *Default:* ``null`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.yubikey.gracePeriod: boot.initrd.luks.devices..yubikey.gracePeriod ____________________________________________________ Time in seconds to wait for the Yubikey. *Type:* signed integer *Default:* ``10`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.yubikey.iterationStep: boot.initrd.luks.devices..yubikey.iterationStep ______________________________________________________ How much the iteration count for PBKDF2 is increased at each successful authentication. *Type:* signed integer *Default:* ``0`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.yubikey.keyLength: boot.initrd.luks.devices..yubikey.keyLength __________________________________________________ Length of the LUKS slot key derived with PBKDF2 in byte. *Type:* signed integer *Default:* ``64`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.yubikey.saltLength: boot.initrd.luks.devices..yubikey.saltLength ___________________________________________________ Length of the new salt in byte (64 is the effective maximum). *Type:* signed integer *Default:* ``16`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.yubikey.slot: boot.initrd.luks.devices..yubikey.slot _____________________________________________ Which slot on the Yubikey to challenge. *Type:* signed integer *Default:* ``2`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.yubikey.storage.device: boot.initrd.luks.devices..yubikey.storage.device _______________________________________________________ An unencrypted device that will temporarily be mounted in stage-1. Must contain the current salt to create the challenge for this LUKS device. *Type:* path *Default:* ``"/dev/sda1"`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.yubikey.storage.fsType: boot.initrd.luks.devices..yubikey.storage.fsType _______________________________________________________ The filesystem of the unencrypted device. *Type:* string *Default:* ``"vfat"`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.yubikey.storage.path: boot.initrd.luks.devices..yubikey.storage.path _____________________________________________________ Absolute path of the salt on the unencrypted device with that device's root directory as "/". *Type:* string *Default:* ``"/crypt-storage/default"`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.devices._name__.yubikey.twoFactor: boot.initrd.luks.devices..yubikey.twoFactor __________________________________________________ Whether to use a passphrase and a Yubikey (true), or only a Yubikey (false). *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.fido2Support: boot.initrd.luks.fido2Support _____________________________ Enables support for authenticating with FIDO2 devices. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.gpgSupport: boot.initrd.luks.gpgSupport ___________________________ Enables support for authenticating with a GPG encrypted password. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.mitigateDMAAttacks: boot.initrd.luks.mitigateDMAAttacks ___________________________________ Unless enabled, encryption keys can be easily recovered by an attacker with physical access to any machine with PCMCIA, ExpressCard, ThunderBolt or FireWire port. More information is available at ` `_. This option blacklists FireWire drivers, but doesn't remove them. You can manually load the drivers if you need to use a FireWire device, but don't forget to unload them! *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.reusePassphrases: boot.initrd.luks.reusePassphrases _________________________________ When opening a new LUKS device try reusing last successful passphrase. Useful for mounting a number of devices that use the same passphrase without retyping it several times. Such setup can be useful if you use :command:`cryptsetup luksSuspend`. Different LUKS devices will still have different master keys even when using the same passphrase. *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-boot.initrd.luks.yubikeySupport: boot.initrd.luks.yubikeySupport _______________________________ Enables support for authenticating with a Yubikey on LUKS devices. See the NixOS wiki for information on how to properly setup a LUKS device and a Yubikey to work with this feature. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.initrd.mdadmConf: boot.initrd.mdadmConf _____________________ Contents of :file:`/etc/mdadm.conf` in stage 1. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Declared by:* + ` `_ .. _opt-boot.initrd.network.enable: boot.initrd.network.enable __________________________ Add network connectivity support to initrd. The network may be configured using the ``ip`` kernel parameter, as described in `the kernel documentation `_. Otherwise, if is enabled, an IP address is acquired using DHCP. You should add the module(s) required for your network card to boot.initrd.availableKernelModules.``lspci -v | grep -iA8 'network\\|ethernet'`` will tell you which. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.initrd.network.postCommands: boot.initrd.network.postCommands ________________________________ Shell commands to be executed after stage 1 of the boot has initialised the network. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Declared by:* + ` `_ .. _opt-boot.initrd.network.ssh.enable: boot.initrd.network.ssh.enable ______________________________ Start SSH service during initrd boot. It can be used to debug failing boot on a remote server, enter pasphrase for an encrypted partition etc. Service is killed when stage-1 boot is finished. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.initrd.network.ssh.authorizedKeys: boot.initrd.network.ssh.authorizedKeys ______________________________________ Authorized keys for the root user on initrd. Note that Dropbear doesn't support OpenSSH's Ed25519 key type. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.initrd.network.ssh.hostDSSKey: boot.initrd.network.ssh.hostDSSKey __________________________________ DSS SSH private key file in the Dropbear format. WARNING: Unless your bootloader supports initrd secrets, this key is contained insecurely in the global Nix store. Do NOT use your regular SSH host private keys for this purpose or you'll expose them to regular users! *Type:* null or path *Default:* ``null`` *Declared by:* + ` `_ .. _opt-boot.initrd.network.ssh.hostECDSAKey: boot.initrd.network.ssh.hostECDSAKey ____________________________________ ECDSA SSH private key file in the Dropbear format. WARNING: Unless your bootloader supports initrd secrets, this key is contained insecurely in the global Nix store. Do NOT use your regular SSH host private keys for this purpose or you'll expose them to regular users! *Type:* null or path *Default:* ``null`` *Declared by:* + ` `_ .. _opt-boot.initrd.network.ssh.hostRSAKey: boot.initrd.network.ssh.hostRSAKey __________________________________ RSA SSH private key file in the Dropbear format. WARNING: Unless your bootloader supports initrd secrets, this key is contained insecurely in the global Nix store. Do NOT use your regular SSH host private keys for this purpose or you'll expose them to regular users! *Type:* null or path *Default:* ``null`` *Declared by:* + ` `_ .. _opt-boot.initrd.network.ssh.port: boot.initrd.network.ssh.port ____________________________ Port on which SSH initrd service should listen. *Type:* signed integer *Default:* ``22`` *Declared by:* + ` `_ .. _opt-boot.initrd.network.ssh.shell: boot.initrd.network.ssh.shell _____________________________ Login shell of the remote user. Can be used to limit actions user can do. *Type:* string *Default:* ``"/bin/ash"`` *Declared by:* + ` `_ .. _opt-boot.initrd.network.udhcpc.extraArgs: boot.initrd.network.udhcpc.extraArgs ____________________________________ Additional command-line arguments passed verbatim to udhcpc if and are enabled. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.initrd.postDeviceCommands: boot.initrd.postDeviceCommands ______________________________ Shell commands to be executed immediately after stage 1 of the boot has loaded kernel modules and created device nodes in:file:`/dev`. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Declared by:* + ` `_ .. _opt-boot.initrd.postMountCommands: boot.initrd.postMountCommands _____________________________ Shell commands to be executed immediately after the stage 1 filesystems have been mounted. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Declared by:* + ` `_ .. _opt-boot.initrd.preDeviceCommands: boot.initrd.preDeviceCommands _____________________________ Shell commands to be executed before udev is started to create device nodes. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Declared by:* + ` `_ .. _opt-boot.initrd.preFailCommands: boot.initrd.preFailCommands ___________________________ Shell commands to be executed before the failure prompt is shown. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Declared by:* + ` `_ .. _opt-boot.initrd.preLVMCommands: boot.initrd.preLVMCommands __________________________ Shell commands to be executed immediately before LVM discovery. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Declared by:* + ` `_ .. _opt-boot.initrd.prepend: boot.initrd.prepend ___________________ Other initrd files to prepend to the final initrd we are building. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.initrd.supportedFilesystems: boot.initrd.supportedFilesystems ________________________________ Names of supported filesystem types in the initial ramdisk. *Type:* list of strings *Default:* ``[ ]`` *Example:* ``[ "btrfs" ]`` *Declared by:* + ` `_ .. _opt-boot.isContainer: boot.isContainer ________________ Whether this NixOS machine is a lightweight container running in another NixOS system. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.kernel.randstructSeed: boot.kernel.randstructSeed __________________________ Provides a custom seed for the ``RANDSTRUCT`` security option of the Linux kernel. Note that ``RANDSTRUCT`` is only enabled in NixOS hardened kernels. Using a custom seed requires building the kernel and dependent packages locally, since this customization happens at build time. *Type:* string *Default:* ``""`` *Example:* ``"my secret seed"`` *Declared by:* + ` `_ .. _opt-boot.kernel.sysctl: boot.kernel.sysctl __________________ Runtime parameters of the Linux kernel, as set bysysctl8. Note that sysctl parameters names must be enclosed in quotes (e.g. ``"vm.swappiness"`` instead of``vm.swappiness``). The value of each parameter may be a string, integer, boolean, or null (signifying the option will not appear at all). *Type:* attribute set of sysctl option values *Default:* ``{ }`` *Example:* :: { "net.ipv4.tcp_syncookies" = false; "vm.swappiness" = 60; } *Declared by:* + ` `_ .. _opt-boot.kernelModules: boot.kernelModules __________________ The set of kernel modules to be loaded in the second stage of the boot process. Note that modules that are needed to mount the root file system should be added to or. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.kernelPackages: boot.kernelPackages ___________________ This option allows you to override the Linux kernel used by NixOS. Since things like external kernel module packages are tied to the kernel you're using, it also overrides those. This option is a function that takes Nixpkgs as an argument (as a convenience), and returns an attribute set containing at the very least an attribute ``kernel``. Additional attributes may be needed depending on your configuration. For instance, if you use the NVIDIA X driver, then it also needs to contain an attribute``nvidia_x11``. *Type:* unspecified *Default:* ``"pkgs.linuxPackages"`` *Example:* :: pkgs.linuxPackages_2_6_25 *Declared by:* + ` `_ .. _opt-boot.kernelParams: boot.kernelParams _________________ Parameters added to the kernel command line. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.kernelPatches: boot.kernelPatches __________________ A list of additional patches to apply to the kernel. *Type:* list of attribute sets *Default:* ``[ ]`` *Example:* :: [ pkgs.kernelPatches.ubuntu_fan_4_4 ] *Declared by:* + ` `_ .. _opt-boot.loader.efi.canTouchEfiVariables: boot.loader.efi.canTouchEfiVariables ____________________________________ Whether the installation process is allowed to modify EFI boot variables. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.loader.efi.efiSysMountPoint: boot.loader.efi.efiSysMountPoint ________________________________ Where the EFI System Partition is mounted. *Type:* string *Default:* ``"/boot"`` *Declared by:* + ` `_ .. _opt-boot.loader.generationsDir.enable: boot.loader.generationsDir.enable _________________________________ Whether to create symlinks to the system generations under``/boot``. When enabled,``/boot/default/kernel``,``/boot/default/initrd``, etc., are updated to point to the current generation's kernel image, initial RAM disk, and other bootstrap files. This optional is not necessary with boot loaders such as GNU GRUB for which the menu is updated to point to the latest bootstrap files. However, it is needed for U-Boot on platforms where the boot command line is stored in flash memory rather than in a menu file. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.loader.generationsDir.copyKernels: boot.loader.generationsDir.copyKernels ______________________________________ Whether copy the necessary boot files into /boot, so /nix/store is not needed by the boot loader. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.loader.generic-extlinux-compatible.enable: boot.loader.generic-extlinux-compatible.enable ______________________________________________ Whether to generate an extlinux-compatible configuration file under ``/boot/extlinux.conf``. For instance, U-Boot's generic distro boot support uses this file format. See `U-boot's documentation `_ for more information. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.loader.generic-extlinux-compatible.configurationLimit: boot.loader.generic-extlinux-compatible.configurationLimit __________________________________________________________ Maximum number of configurations in the boot menu. *Type:* signed integer *Default:* ``20`` *Example:* ``10`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.enable: boot.loader.grub.enable _______________________ Whether to enable the GNU GRUB boot loader. *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.enableCryptodisk: boot.loader.grub.enableCryptodisk _________________________________ Enable support for encrypted partitions. GRUB should automatically unlock the correct encrypted partition and look for filesystems. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.backgroundColor: boot.loader.grub.backgroundColor ________________________________ Background color to be used for GRUB to fill the areas the image isn't filling. .. note:: This options has no effect for GRUB 1. *Type:* null or string *Default:* ``null`` *Example:* ``"#7EBAE4"`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.configurationLimit: boot.loader.grub.configurationLimit ___________________________________ Maximum of configurations in boot menu. GRUB has problems when there are too many entries. *Type:* signed integer *Default:* ``100`` *Example:* ``120`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.configurationName: boot.loader.grub.configurationName __________________________________ GRUB entry name instead of default. *Type:* string *Default:* ``""`` *Example:* ``"Stable 2.6.21"`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.copyKernels: boot.loader.grub.copyKernels ____________________________ Whether the GRUB menu builder should copy kernels and initial ramdisks to /boot. This is done automatically if /boot is on a different partition than /. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.default: boot.loader.grub.default ________________________ Index of the default menu item to be booted. *Type:* signed integer or string *Default:* ``"0"`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.device: boot.loader.grub.device _______________________ The device on which the GRUB boot loader will be installed. The special value ``nodev`` means that a GRUB boot menu will be generated, but GRUB itself will not actually be installed. To install GRUB on multiple devices, use ``boot.loader.grub.devices``. *Type:* string *Default:* ``""`` *Example:* ``"/dev/disk/by-id/wwn-0x500001234567890a"`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.devices: boot.loader.grub.devices ________________________ The devices on which the boot loader, GRUB, will be installed. Can be used instead of ``device`` to install GRUB onto multiple devices. *Type:* list of strings *Default:* ``[ ]`` *Example:* ``[ "/dev/disk/by-id/wwn-0x500001234567890a" ]`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.efiInstallAsRemovable: boot.loader.grub.efiInstallAsRemovable ______________________________________ Whether to invoke ``grub-install`` with``--removable``. Unless you turn this on, GRUB will install itself somewhere in``boot.loader.efi.efiSysMountPoint`` (exactly where depends on other config variables). If you've set``boot.loader.efi.canTouchEfiVariables`` *AND* you are currently booted in UEFI mode, then GRUB will use``efibootmgr`` to modify the boot order in the EFI variables of your firmware to include this location. If you are \*not* booted in UEFI mode at the time GRUB is being installed, the NVRAM will not be modified, and your system will not find GRUB at boot time. However, GRUB will still return success so you may miss the warning that gets printed ("``efibootmgr: EFI variables are not supported on this system.``"). If you turn this feature on, GRUB will install itself in a special location within ``efiSysMountPoint`` (namely``EFI/boot/boot$arch.efi``) which the firmwares are hardcoded to try first, regardless of NVRAM EFI variables. To summarize, turn this on if: - You are installing NixOS and want it to boot in UEFI mode, but you are currently booted in legacy mode - You want to make a drive that will boot regardless of the NVRAM state of the computer (like a USB "removable" drive) - You simply dislike the idea of depending on NVRAM state to make your drive bootable *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.efiSupport: boot.loader.grub.efiSupport ___________________________ Whether GRUB should be built with EFI support. EFI support is only available for GRUB v2. This option is ignored for GRUB v1. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.extraConfig: boot.loader.grub.extraConfig ____________________________ Additional GRUB commands inserted in the configuration file just before the menu entries. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Example:* :: '' serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1 terminal_input --append serial terminal_output --append serial '' *Declared by:* + ` `_ .. _opt-boot.loader.grub.extraEntries: boot.loader.grub.extraEntries _____________________________ Any additional entries you want added to the GRUB boot menu. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Example:* :: '' # GRUB 1 example (not GRUB 2 compatible) title Windows chainloader (hd0,1)+1 # GRUB 2 example menuentry "Windows 7" { chainloader (hd0,4)+1 } # GRUB 2 with UEFI example, chainloading another distro menuentry "Fedora" { set root=(hd1,1) chainloader /efi/fedora/grubx64.efi } '' *Declared by:* + ` `_ .. _opt-boot.loader.grub.extraEntriesBeforeNixOS: boot.loader.grub.extraEntriesBeforeNixOS ________________________________________ Whether extraEntries are included before the default option. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.extraFiles: boot.loader.grub.extraFiles ___________________________ A set of files to be copied to :file:`/boot`. Each attribute name denotes the destination file name in:file:`/boot`, while the corresponding attribute value specifies the source file. *Type:* attribute set of paths *Default:* ``{ }`` *Example:* :: { "memtest.bin" = "${pkgs.memtest86plus}/memtest.bin"; } *Declared by:* + ` `_ .. _opt-boot.loader.grub.extraInitrd: boot.loader.grub.extraInitrd ____________________________ The path to a second initramfs to be supplied to the kernel. This ramfs will not be copied to the store, so that it can contain secrets such as LUKS keyfiles or ssh keys. This implies that rolling back to a previous configuration won't rollback the state of this file. *Type:* null or path *Default:* ``null`` *Example:* ``"/boot/extra_initramfs.gz"`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.extraPerEntryConfig: boot.loader.grub.extraPerEntryConfig ____________________________________ Additional GRUB commands inserted in the configuration file at the start of each NixOS menu entry. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Example:* ``"root (hd0)"`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.extraPrepareConfig: boot.loader.grub.extraPrepareConfig ___________________________________ Additional bash commands to be run at the script that prepares the GRUB menu entries. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.font: boot.loader.grub.font _____________________ Path to a TrueType, OpenType, or pf2 font to be used by Grub. *Type:* null or path *Default:* ``''"''${pkgs.grub2}/share/grub/unicode.pf2"''`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.fontSize: boot.loader.grub.fontSize _________________________ Font size for the grub menu. Ignored unless ``font`` is set to a ttf or otf font. *Type:* null or signed integer *Default:* ``null`` *Example:* :: *Declared by:* + ` `_ .. _opt-boot.loader.grub.forceInstall: boot.loader.grub.forceInstall _____________________________ Whether to try and forcibly install GRUB even if problems are detected. It is not recommended to enable this unless you know what you are doing. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.forcei686: boot.loader.grub.forcei686 __________________________ Whether to force the use of a ia32 boot loader on x64 systems. Required to install and run NixOS on 64bit x86 systems with 32bit (U)EFI. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.fsIdentifier: boot.loader.grub.fsIdentifier _____________________________ Determines how GRUB will identify devices when generating the configuration file. A value of uuid / label signifies that grub will always resolve the uuid or label of the device before using it in the configuration. A value of provided means that GRUB will use the device name as show in :command:`df` or:command:`mount`. Note, zfs zpools / datasets are ignored and will always be mounted using their labels. *Type:* one of "uuid", "label", "provided" *Default:* ``"uuid"`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.gfxmodeBios: boot.loader.grub.gfxmodeBios ____________________________ The gfxmode to pass to GRUB when loading a graphical boot interface under BIOS. *Type:* string *Default:* ``"1024x768"`` *Example:* ``"auto"`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.gfxmodeEfi: boot.loader.grub.gfxmodeEfi ___________________________ The gfxmode to pass to GRUB when loading a graphical boot interface under EFI. *Type:* string *Default:* ``"auto"`` *Example:* ``"1024x768"`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.gfxpayloadBios: boot.loader.grub.gfxpayloadBios _______________________________ The gfxpayload to pass to GRUB when loading a graphical boot interface under BIOS. *Type:* string *Default:* ``"text"`` *Example:* ``"keep"`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.gfxpayloadEfi: boot.loader.grub.gfxpayloadEfi ______________________________ The gfxpayload to pass to GRUB when loading a graphical boot interface under EFI. *Type:* string *Default:* ``"keep"`` *Example:* ``"text"`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.ipxe: boot.loader.grub.ipxe _____________________ Set of iPXE scripts available for booting from the GRUB boot menu. *Type:* attribute set of path or strings *Default:* ``{ }`` *Example:* :: { demo = '' #!ipxe dhcp chain http://boot.ipxe.org/demo/boot.php ''; } *Declared by:* + ` `_ .. _opt-boot.loader.grub.memtest86.enable: boot.loader.grub.memtest86.enable _________________________________ Make Memtest86+ (or MemTest86 if EFI support is enabled), a memory testing program, available from the GRUB boot menu. MemTest86 is an unfree program, so this requires ``allowUnfree`` to be set to``true``. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.memtest86.params: boot.loader.grub.memtest86.params _________________________________ Parameters added to the Memtest86+ command line. As of memtest86+ 5.01 the following list of (apparently undocumented) parameters are accepted: - ``console=...``, set up a serial console. Examples: ``console=ttyS0``, ``console=ttyS0,9600`` or ``console=ttyS0,115200n8``. - ``btrace``, enable boot trace. - ``maxcpus=N``, limit number of CPUs. - ``onepass``, run one pass and exit if there are no errors. - ``tstlist=...``, list of tests to run. Example: ``0,1,2``. - ``cpumask=...``, set a CPU mask, to select CPUs to use for testing. This list of command line options was obtained by reading the Memtest86+ source code. *Type:* list of strings *Default:* ``[ ]`` *Example:* ``[ "console=ttyS0,115200" ]`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.mirroredBoots: boot.loader.grub.mirroredBoots ______________________________ Mirror the boot configuration to multiple partitions and install grub to the respective devices corresponding to those partitions. *Type:* list of submodules *Default:* ``[ ]`` *Example:* ``[ { devices = [ "/dev/disk/by-id/wwn-0x500001234567890a" ] ; path = "/boot1"; } { devices = [ "/dev/disk/by-id/wwn-0x500009876543210a" ] ; path = "/boot2"; } ]`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.mirroredBoots._.devices: boot.loader.grub.mirroredBoots.*.devices ________________________________________ The path to the devices which will have the GRUB MBR written. Note these are typically device paths and not paths to partitions. *Type:* list of strings *Default:* ``[ ]`` *Example:* ``[ "/dev/disk/by-id/wwn-0x500001234567890a" "/dev/disk/by-id/wwn-0x500009876543210a" ]`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.mirroredBoots._.efiBootloaderId: boot.loader.grub.mirroredBoots.*.efiBootloaderId ________________________________________________ The id of the bootloader to store in efi nvram. The default is to name it NixOS and append the path or efiSysMountPoint. This is only used if ``boot.loader.efi.canTouchEfiVariables`` is true. *Type:* null or string *Default:* ``null`` *Example:* ``"NixOS-fsid"`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.mirroredBoots._.efiSysMountPoint: boot.loader.grub.mirroredBoots.*.efiSysMountPoint _________________________________________________ The path to the efi system mount point. Usually this is the same partition as the above path and can be left as null. *Type:* null or string *Default:* ``null`` *Example:* ``"/boot1/efi"`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.mirroredBoots._.path: boot.loader.grub.mirroredBoots.*.path _____________________________________ The path to the boot directory where GRUB will be written. Generally this boot path should double as an EFI path. *Type:* string *Example:* ``"/boot1"`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.splashImage: boot.loader.grub.splashImage ____________________________ Background image used for GRUB. Set to ``null`` to run GRUB in text mode. .. note:: For grub 1: It must be a 640x480, 14-colour image in XPM format, optionally compressed with:command:`gzip` or :command:`bzip2`. .. note:: For grub 2: File must be one of .png, .tga, .jpg, or .jpeg. JPEG images must not be progressive. The image will be scaled if necessary to fit the screen. *Type:* null or path *Example:* :: ./my-background.png *Declared by:* + ` `_ .. _opt-boot.loader.grub.splashMode: boot.loader.grub.splashMode ___________________________ Whether to stretch the image or show the image in the top-left corner unstretched. .. note:: This options has no effect for GRUB 1. *Type:* one of "normal", "stretch" *Default:* ``"stretch"`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.storePath: boot.loader.grub.storePath __________________________ Path to the Nix store when looking for kernels at boot. Only makes sense when copyKernels is false. *Type:* string *Default:* ``"/nix/store"`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.trustedBoot.enable: boot.loader.grub.trustedBoot.enable ___________________________________ Enable trusted boot. GRUB will measure all critical components during the boot process to offer TCG (TPM) support. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.trustedBoot.isHPLaptop: boot.loader.grub.trustedBoot.isHPLaptop _______________________________________ Use a special version of TrustedGRUB that is needed by some HP laptops and works only for the HP laptops. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.trustedBoot.systemHasTPM: boot.loader.grub.trustedBoot.systemHasTPM _________________________________________ Assertion that the target system has an activated TPM. It is a safety check before allowing the activation of 'trustedBoot.enable'. TrustedBoot WILL FAIL TO BOOT YOUR SYSTEM if no TPM is available. *Type:* string *Default:* ``""`` *Example:* ``"YES_TPM_is_activated"`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.useOSProber: boot.loader.grub.useOSProber ____________________________ If set to true, append entries for other OSs detected by os-prober. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.version: boot.loader.grub.version ________________________ The version of GRUB to use: ``1`` for GRUB Legacy (versions 0.9x), or ``2`` (the default) for GRUB 2. *Type:* signed integer *Default:* ``2`` *Example:* ``1`` *Declared by:* + ` `_ .. _opt-boot.loader.grub.zfsSupport: boot.loader.grub.zfsSupport ___________________________ Whether GRUB should be built against libzfs. ZFS support is only available for GRUB v2. This option is ignored for GRUB v1. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.loader.initScript.enable: boot.loader.initScript.enable _____________________________ Some systems require a /sbin/init script which is started. Or having it makes starting NixOS easier. This applies to some kind of hosting services and user mode linux. Additionally this script will create /boot/init-other-configurations-contents.txt containing contents of remaining configurations. You can copy paste them into /sbin/init manually running a rescue system or such. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.loader.raspberryPi.enable: boot.loader.raspberryPi.enable ______________________________ Whether to create files with the system generations in``/boot``.``/boot/old`` will hold files from old generations. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.loader.raspberryPi.firmwareConfig: boot.loader.raspberryPi.firmwareConfig ______________________________________ Extra options that will be appended to ``/boot/config.txt`` file. For possible values, see: https://www.raspberrypi.org/documentation/configuration/config-txt/ *Type:* null or strings concatenated with "\\n" *Default:* ``null`` *Declared by:* + ` `_ .. _opt-boot.loader.raspberryPi.uboot.enable: boot.loader.raspberryPi.uboot.enable ____________________________________ Enable using uboot as bootmanager for the raspberry pi. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.loader.raspberryPi.uboot.configurationLimit: boot.loader.raspberryPi.uboot.configurationLimit ________________________________________________ Maximum number of configurations in the boot menu. *Type:* signed integer *Default:* ``20`` *Example:* ``10`` *Declared by:* + ` `_ .. _opt-boot.loader.raspberryPi.version: boot.loader.raspberryPi.version _______________________________ *Type:* one of 0, 1, 2, 3, 4 *Default:* ``2`` *Declared by:* + ` `_ .. _opt-boot.loader.systemd-boot.enable: boot.loader.systemd-boot.enable _______________________________ Whether to enable the systemd-boot (formerly gummiboot) EFI boot manager *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.loader.systemd-boot.configurationLimit: boot.loader.systemd-boot.configurationLimit ___________________________________________ Maximum number of latest generations in the boot menu. Useful to prevent boot partition running out of disk space. ``null`` means no limit i.e. all generations that were not garbage collected yet. *Type:* null or signed integer *Default:* ``null`` *Example:* ``120`` *Declared by:* + ` `_ .. _opt-boot.loader.systemd-boot.consoleMode: boot.loader.systemd-boot.consoleMode ____________________________________ The resolution of the console. The following values are valid: - ``"0"``: Standard UEFI 80x25 mode - ``"1"``: 80x50 mode, not supported by all devices - ``"2"``: The first non-standard mode provided by the device firmware, if any - ``"auto"``: Pick a suitable mode automatically using heuristics - ``"max"``: Pick the highest-numbered available mode - ``"keep"``: Keep the mode selected by firmware (the default) *Type:* one of "0", "1", "2", "auto", "max", "keep" *Default:* ``"keep"`` *Declared by:* + ` `_ .. _opt-boot.loader.systemd-boot.editor: boot.loader.systemd-boot.editor _______________________________ Whether to allow editing the kernel command-line before boot. It is recommended to set this to false, as it allows gaining root access by passing init=/bin/sh as a kernel parameter. However, it is enabled by default for backwards compatibility. *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-boot.loader.systemd-boot.memtest86.enable: boot.loader.systemd-boot.memtest86.enable _________________________________________ Make MemTest86 available from the systemd-boot menu. MemTest86 is a program for testing memory. MemTest86 is an unfree program, so this requires ``allowUnfree`` to be set to``true``. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.loader.timeout: boot.loader.timeout ___________________ Timeout (in seconds) until loader boots the default menu item. Use null if the loader menu should be displayed indefinitely. *Type:* null or signed integer *Default:* ``5`` *Declared by:* + ` `_ .. _opt-boot.plymouth.enable: boot.plymouth.enable ____________________ Whether to enable Plymouth boot splash screen. *Type:* boolean *Default:* ``false`` *Example:* ``true`` *Declared by:* + ` `_ .. _opt-boot.plymouth.extraConfig: boot.plymouth.extraConfig _________________________ Literal string to append to ``configFile`` and the config file generated by the plymouth module. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Declared by:* + ` `_ .. _opt-boot.plymouth.logo: boot.plymouth.logo __________________ Logo which is displayed on the splash screen. *Type:* path *Default:* :: '' pkgs.fetchurl { url = "https://nixos.org/logo/nixos-hires.png"; sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si"; }'' *Declared by:* + ` `_ .. _opt-boot.plymouth.theme: boot.plymouth.theme ___________________ Splash screen theme. *Type:* string *Default:* ``"breeze"`` *Declared by:* + ` `_ .. _opt-boot.plymouth.themePackages: boot.plymouth.themePackages ___________________________ Extra theme packages for plymouth. *Type:* list of packages *Default:* ``[ *(build of breeze-plymouth-5.17.5)* ]`` *Declared by:* + ` `_ .. _opt-boot.postBootCommands: boot.postBootCommands _____________________ Shell commands to be executed just before systemd is started. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Example:* ``"rm -f /var/log/messages"`` *Declared by:* + ` `_ .. _opt-boot.resumeDevice: boot.resumeDevice _________________ Device for manual resume attempt during boot. This should be used primarily if you want to resume from file. If left empty, the swap partitions are used. Specify here the device where the file resides. You should also use ``boot.kernelParams`` to specify``*resume_offset*``. *Type:* string *Default:* ``""`` *Example:* ``"/dev/sda3"`` *Declared by:* + ` `_ .. _opt-boot.runSize: boot.runSize ____________ Size limit for the /run tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax. *Type:* string *Default:* ``"25%"`` *Example:* ``"256m"`` *Declared by:* + ` `_ .. _opt-boot.specialFileSystems._name__.device: boot.specialFileSystems..device ______________________________________ Location of the device. *Type:* null or string (with check: non-empty) *Default:* ``null`` *Example:* ``"/dev/sda"`` *Declared by:* + ` `_ .. _opt-boot.specialFileSystems._name__.fsType: boot.specialFileSystems..fsType ______________________________________ Type of the file system. *Type:* string (with check: non-empty) *Default:* ``"auto"`` *Example:* ``"ext3"`` *Declared by:* + ` `_ .. _opt-boot.specialFileSystems._name__.mountPoint: boot.specialFileSystems..mountPoint __________________________________________ Location of the mounted the file system. *Type:* string (with check: non-empty) *Example:* ``"/mnt/usb"`` *Declared by:* + ` `_ .. _opt-boot.specialFileSystems._name__.options: boot.specialFileSystems..options _______________________________________ Options used to mount the file system. *Type:* list of string (with check: non-empty)s *Default:* ``[ "defaults" ]`` *Example:* ``[ "data=journal" ]`` *Declared by:* + ` `_ .. _opt-boot.supportedFilesystems: boot.supportedFilesystems _________________________ Names of supported filesystem types. *Type:* list of strings *Default:* ``[ ]`` *Example:* ``[ "btrfs" ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.enable: boot.systemd.services..enable ___________________________________ If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. ``serial-getty@ttyS0``) from being started. Note that ``enable=true`` does not make a unit start by default at boot; if you want that, see``wantedBy``. *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.after: boot.systemd.services..after __________________________________ If the specified units are started at the same time as this unit, delay this unit until they have started. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.aliases: boot.systemd.services..aliases ____________________________________ Aliases of that unit. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.before: boot.systemd.services..before ___________________________________ If the specified units are started at the same time as this unit, delay them until this unit has started. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.bindsTo: boot.systemd.services..bindsTo ____________________________________ Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.confinement.enable: boot.systemd.services..confinement.enable _______________________________________________ If set, all the required runtime store paths for this service are bind-mounted into a ``tmpfs``-based chroot2. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.confinement.packages: boot.systemd.services..confinement.packages _________________________________________________ Additional packages or strings with context to add to the closure of the chroot. By default, this includes all the packages from the, , , , and options. If you want to have all the dependencies of this systemd unit, you can use. .. note:: The store paths listed in are*not* included in the closure as well as paths from other options except those listed above. *Type:* list of string or packages *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.confinement.binSh: boot.systemd.services..confinement.binSh ______________________________________________ The program to make available as :file:`/bin/sh` inside the chroot. If this is set to ``null``, no:file:`/bin/sh` is provided at all. This is useful for some applications, which for example use thesystem3 library function to execute commands. *Type:* null or path *Default:* ``"config.environment.binsh"`` *Example:* :: ${pkgs.dash}/bin/dash *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.confinement.fullUnit: boot.systemd.services..confinement.fullUnit _________________________________________________ Whether to include the full closure of the systemd unit file into the chroot, instead of just the dependencies for the executables. .. warning:: While it may be tempting to just enable this option to make things work quickly, please be aware that this might add paths to the closure of the chroot that you didn't anticipate. It's better to use to *explicitly* add additional store paths to the chroot. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.confinement.mode: boot.systemd.services..confinement.mode _____________________________________________ The value ``full-apivfs`` (the default) sets up private :file:`/dev`, :file:`/proc`, :file:`/sys` and :file:`/tmp` file systems in a separate user name space. If this is set to ``chroot-only``, only the file system name space is set up along with the call to chroot2. .. note:: This doesn't cover network namespaces and is solely for file system level isolation. *Type:* one of "full-apivfs", "chroot-only" *Default:* ``"full-apivfs"`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.conflicts: boot.systemd.services..conflicts ______________________________________ If the specified units are started, then this unit is stopped and vice versa. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.description: boot.systemd.services..description ________________________________________ Description of this unit used in systemd messages and progress indicators. *Type:* string *Default:* ``""`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.documentation: boot.systemd.services..documentation __________________________________________ A list of URIs referencing documentation for this unit or its configuration. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.environment: boot.systemd.services..environment ________________________________________ Environment variables passed to the service's processes. *Type:* attribute set of null or string or path or packages *Default:* ``{ }`` *Example:* ``{ LANG = "nl_NL.UTF-8"; PATH = "/foo/bar/bin"; }`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.onFailure: boot.systemd.services..onFailure ______________________________________ A list of one or more units that are activated when this unit enters the "failed" state. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.partOf: boot.systemd.services..partOf ___________________________________ If the specified units are stopped or restarted, then this unit is stopped or restarted as well. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.path: boot.systemd.services..path _________________________________ Packages added to the service's PATH environment variable. Both the :file:`bin` and :file:`sbin` subdirectories of each package are added. *Type:* unspecified *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.postStart: boot.systemd.services..postStart ______________________________________ Shell commands executed after the service's main process is started. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.postStop: boot.systemd.services..postStop _____________________________________ Shell commands executed after the service's main process has exited. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.preStart: boot.systemd.services..preStart _____________________________________ Shell commands executed before the service's main process is started. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.preStop: boot.systemd.services..preStop ____________________________________ Shell commands executed to stop the service. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.reload: boot.systemd.services..reload ___________________________________ Shell commands executed when the service's main process is reloaded. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.reloadIfChanged: boot.systemd.services..reloadIfChanged ____________________________________________ Whether the service should be reloaded during a NixOS configuration switch if its definition has changed. If enabled, the value of is ignored. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.requiredBy: boot.systemd.services..requiredBy _______________________________________ Units that require (i.e. depend on and need to go down with) this unit. The discussion under ``wantedBy`` applies here as well: inverse ``.requires`` symlinks are established. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.requires: boot.systemd.services..requires _____________________________________ Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.requisite: boot.systemd.services..requisite ______________________________________ Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.restartIfChanged: boot.systemd.services..restartIfChanged _____________________________________________ Whether the service should be restarted during a NixOS configuration switch if its definition has changed. *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.restartTriggers: boot.systemd.services..restartTriggers ____________________________________________ An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted. *Type:* list of unspecifieds *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.script: boot.systemd.services..script ___________________________________ Shell commands executed as the service's main process. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.scriptArgs: boot.systemd.services..scriptArgs _______________________________________ Arguments passed to the main process script. *Type:* string *Default:* ``""`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.serviceConfig: boot.systemd.services..serviceConfig __________________________________________ Each attribute in this set specifies an option in the``[Service]`` section of the unit. Seesystemd.service5 for details. *Type:* attribute set of systemd options *Default:* ``{ }`` *Example:* ``{ RestartSec = 5; StartLimitInterval = 10; }`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.startAt: boot.systemd.services..startAt ____________________________________ Automatically start this unit at the given date/time, which must be in the format described insystemd.time7. This is equivalent to adding a corresponding timer unit with set to the value given here. *Type:* string or list of strings *Default:* ``[ ]`` *Example:* ``"Sun 14:00:00"`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.startLimitIntervalSec: boot.systemd.services..startLimitIntervalSec __________________________________________________ Configure unit start rate limiting. Units which are started more than burst times within an interval time interval are not permitted to start any more. *Type:* signed integer *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.stopIfChanged: boot.systemd.services..stopIfChanged __________________________________________ If set, a changed unit is restarted by calling:command:`systemctl stop` in the old configuration, then :command:`systemctl start` in the new one. Otherwise, it is restarted in a single step using:command:`systemctl restart` in the new configuration. The latter is less correct because it runs the``ExecStop`` commands from the new configuration. *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.unitConfig: boot.systemd.services..unitConfig _______________________________________ Each attribute in this set specifies an option in the``[Unit]`` section of the unit. Seesystemd.unit5 for details. *Type:* attribute set of systemd options *Default:* ``{ }`` *Example:* ``{ RequiresMountsFor = "/data"; }`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.wantedBy: boot.systemd.services..wantedBy _____________________________________ Units that want (i.e. depend on) this unit. The standard way to make a unit start by default at boot is to set this option to ``[ "multi-user.target" ]``. That's despite the fact that the systemd.unit(5) manpage says this option goes in the ``[Install]`` section that controls the behaviour of ``systemctl enable``. Since such a process is stateful and thus contrary to the design of NixOS, setting this option instead causes the equivalent inverse ``.wants`` symlink to be present, establishing the same desired relationship in a stateless way. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.services._name_.wants: boot.systemd.services..wants __________________________________ Start the specified units when this unit is started. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.sockets._name_.enable: boot.systemd.sockets..enable __________________________________ If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. ``serial-getty@ttyS0``) from being started. Note that ``enable=true`` does not make a unit start by default at boot; if you want that, see``wantedBy``. *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-boot.systemd.sockets._name_.after: boot.systemd.sockets..after _________________________________ If the specified units are started at the same time as this unit, delay this unit until they have started. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.sockets._name_.aliases: boot.systemd.sockets..aliases ___________________________________ Aliases of that unit. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.sockets._name_.before: boot.systemd.sockets..before __________________________________ If the specified units are started at the same time as this unit, delay them until this unit has started. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.sockets._name_.bindsTo: boot.systemd.sockets..bindsTo ___________________________________ Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.sockets._name_.conflicts: boot.systemd.sockets..conflicts _____________________________________ If the specified units are started, then this unit is stopped and vice versa. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.sockets._name_.description: boot.systemd.sockets..description _______________________________________ Description of this unit used in systemd messages and progress indicators. *Type:* string *Default:* ``""`` *Declared by:* + ` `_ .. _opt-boot.systemd.sockets._name_.documentation: boot.systemd.sockets..documentation _________________________________________ A list of URIs referencing documentation for this unit or its configuration. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.sockets._name_.listenStreams: boot.systemd.sockets..listenStreams _________________________________________ For each item in this list, a ``ListenStream`` option in the ``[Socket]`` section will be created. *Type:* list of strings *Default:* ``[ ]`` *Example:* ``[ "0.0.0.0:993" "/run/my-socket" ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.sockets._name_.onFailure: boot.systemd.sockets..onFailure _____________________________________ A list of one or more units that are activated when this unit enters the "failed" state. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.sockets._name_.partOf: boot.systemd.sockets..partOf __________________________________ If the specified units are stopped or restarted, then this unit is stopped or restarted as well. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.sockets._name_.requiredBy: boot.systemd.sockets..requiredBy ______________________________________ Units that require (i.e. depend on and need to go down with) this unit. The discussion under ``wantedBy`` applies here as well: inverse ``.requires`` symlinks are established. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.sockets._name_.requires: boot.systemd.sockets..requires ____________________________________ Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.sockets._name_.requisite: boot.systemd.sockets..requisite _____________________________________ Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.sockets._name_.restartTriggers: boot.systemd.sockets..restartTriggers ___________________________________________ An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted. *Type:* list of unspecifieds *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.sockets._name_.socketConfig: boot.systemd.sockets..socketConfig ________________________________________ Each attribute in this set specifies an option in the``[Socket]`` section of the unit. Seesystemd.socket5 for details. *Type:* attribute set of systemd options *Default:* ``{ }`` *Example:* ``{ ListenStream = "/run/my-socket"; }`` *Declared by:* + ` `_ .. _opt-boot.systemd.sockets._name_.startLimitIntervalSec: boot.systemd.sockets..startLimitIntervalSec _________________________________________________ Configure unit start rate limiting. Units which are started more than burst times within an interval time interval are not permitted to start any more. *Type:* signed integer *Declared by:* + ` `_ .. _opt-boot.systemd.sockets._name_.unitConfig: boot.systemd.sockets..unitConfig ______________________________________ Each attribute in this set specifies an option in the``[Unit]`` section of the unit. Seesystemd.unit5 for details. *Type:* attribute set of systemd options *Default:* ``{ }`` *Example:* ``{ RequiresMountsFor = "/data"; }`` *Declared by:* + ` `_ .. _opt-boot.systemd.sockets._name_.wantedBy: boot.systemd.sockets..wantedBy ____________________________________ Units that want (i.e. depend on) this unit. The standard way to make a unit start by default at boot is to set this option to ``[ "multi-user.target" ]``. That's despite the fact that the systemd.unit(5) manpage says this option goes in the ``[Install]`` section that controls the behaviour of ``systemctl enable``. Since such a process is stateful and thus contrary to the design of NixOS, setting this option instead causes the equivalent inverse ``.wants`` symlink to be present, establishing the same desired relationship in a stateless way. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.sockets._name_.wants: boot.systemd.sockets..wants _________________________________ Start the specified units when this unit is started. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.targets._name_.enable: boot.systemd.targets..enable __________________________________ If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. ``serial-getty@ttyS0``) from being started. Note that ``enable=true`` does not make a unit start by default at boot; if you want that, see``wantedBy``. *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-boot.systemd.targets._name_.after: boot.systemd.targets..after _________________________________ If the specified units are started at the same time as this unit, delay this unit until they have started. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.targets._name_.aliases: boot.systemd.targets..aliases ___________________________________ Aliases of that unit. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.targets._name_.before: boot.systemd.targets..before __________________________________ If the specified units are started at the same time as this unit, delay them until this unit has started. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.targets._name_.bindsTo: boot.systemd.targets..bindsTo ___________________________________ Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.targets._name_.conflicts: boot.systemd.targets..conflicts _____________________________________ If the specified units are started, then this unit is stopped and vice versa. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.targets._name_.description: boot.systemd.targets..description _______________________________________ Description of this unit used in systemd messages and progress indicators. *Type:* string *Default:* ``""`` *Declared by:* + ` `_ .. _opt-boot.systemd.targets._name_.documentation: boot.systemd.targets..documentation _________________________________________ A list of URIs referencing documentation for this unit or its configuration. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.targets._name_.onFailure: boot.systemd.targets..onFailure _____________________________________ A list of one or more units that are activated when this unit enters the "failed" state. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.targets._name_.partOf: boot.systemd.targets..partOf __________________________________ If the specified units are stopped or restarted, then this unit is stopped or restarted as well. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.targets._name_.requiredBy: boot.systemd.targets..requiredBy ______________________________________ Units that require (i.e. depend on and need to go down with) this unit. The discussion under ``wantedBy`` applies here as well: inverse ``.requires`` symlinks are established. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.targets._name_.requires: boot.systemd.targets..requires ____________________________________ Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.targets._name_.requisite: boot.systemd.targets..requisite _____________________________________ Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.targets._name_.restartTriggers: boot.systemd.targets..restartTriggers ___________________________________________ An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted. *Type:* list of unspecifieds *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.targets._name_.startLimitIntervalSec: boot.systemd.targets..startLimitIntervalSec _________________________________________________ Configure unit start rate limiting. Units which are started more than burst times within an interval time interval are not permitted to start any more. *Type:* signed integer *Declared by:* + ` `_ .. _opt-boot.systemd.targets._name_.unitConfig: boot.systemd.targets..unitConfig ______________________________________ Each attribute in this set specifies an option in the``[Unit]`` section of the unit. Seesystemd.unit5 for details. *Type:* attribute set of systemd options *Default:* ``{ }`` *Example:* ``{ RequiresMountsFor = "/data"; }`` *Declared by:* + ` `_ .. _opt-boot.systemd.targets._name_.wantedBy: boot.systemd.targets..wantedBy ____________________________________ Units that want (i.e. depend on) this unit. The standard way to make a unit start by default at boot is to set this option to ``[ "multi-user.target" ]``. That's despite the fact that the systemd.unit(5) manpage says this option goes in the ``[Install]`` section that controls the behaviour of ``systemctl enable``. Since such a process is stateful and thus contrary to the design of NixOS, setting this option instead causes the equivalent inverse ``.wants`` symlink to be present, establishing the same desired relationship in a stateless way. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.systemd.targets._name_.wants: boot.systemd.targets..wants _________________________________ Start the specified units when this unit is started. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-boot.tmpOnTmpfs: boot.tmpOnTmpfs _______________ Whether to mount a tmpfs on :file:`/tmp` during boot. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.vesa: boot.vesa _________ (Deprecated) This option, if set, activates the VESA 800x600 video mode on boot and disables kernel modesetting. It is equivalent to specifying ``[ "vga=0x317" "nomodeset" ]`` in the option. This option is deprecated as of 2020: Xorg now works better with modesetting, and you might want a different VESA vga setting, anyway. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.zfs.enableUnstable: boot.zfs.enableUnstable _______________________ Use the unstable zfs package. This might be an option, if the latest kernel is not yet supported by a published release of ZFS. Enabling this option will install a development version of ZFS on Linux. The version will have already passed an extensive test suite, but it is more likely to hit an undiscovered bug compared to running a released version of ZFS on Linux. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-boot.zfs.devNodes: boot.zfs.devNodes _________________ Name of directory from which to import ZFS devices. This should be a path under /dev containing stable names for all devices needed, as import may fail if device nodes are renamed concurrently with a device failing. *Type:* path *Default:* ``"/dev/disk/by-id"`` *Example:* ``"/dev/disk/by-id"`` *Declared by:* + ` `_ .. _opt-boot.zfs.extraPools: boot.zfs.extraPools ___________________ Name or GUID of extra ZFS pools that you wish to import during boot. Usually this is not necessary. Instead, you should set the mountpoint property of ZFS filesystems to ``legacy`` and add the ZFS filesystems to NixOS's option, which makes NixOS automatically import the associated pool. However, in some cases (e.g. if you have many filesystems) it may be preferable to exclusively use ZFS commands to manage filesystems. If so, since NixOS/systemd will not be managing those filesystems, you will need to specify the ZFS pool here so that NixOS automatically imports it on every boot. *Type:* list of strings *Default:* ``[ ]`` *Example:* ``[ "tank" "data" ]`` *Declared by:* + ` `_ .. _opt-boot.zfs.forceImportAll: boot.zfs.forceImportAll _______________________ Forcibly import all ZFS pool(s). This is enabled by default for backwards compatibility purposes, but it is highly recommended to disable this option, as it bypasses some of the safeguards ZFS uses to protect your ZFS pools. If you set this option to ``false`` and NixOS subsequently fails to import your non-root ZFS pool(s), you should manually import each pool with "zpool import -f ", and then reboot. You should only need to do this once. *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-boot.zfs.forceImportRoot: boot.zfs.forceImportRoot ________________________ Forcibly import the ZFS root pool(s) during early boot. This is enabled by default for backwards compatibility purposes, but it is highly recommended to disable this option, as it bypasses some of the safeguards ZFS uses to protect your ZFS pools. If you set this option to ``false`` and NixOS subsequently fails to boot because it cannot import the root pool, you should boot with the``zfs_force=1`` option as a kernel parameter (e.g. by manually editing the kernel params in grub during boot). You should only need to do this once. *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-boot.zfs.requestEncryptionCredentials: boot.zfs.requestEncryptionCredentials _____________________________________ Request encryption keys or passwords for all encrypted datasets on import. For root pools the encryption key can be supplied via both an interactive prompt (keylocation=prompt) and from a file (keylocation=file://). Note that for data pools the encryption key can be only loaded from a file and not via interactive prompt since the import is processed in a background systemd service. *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-console.packages: console.packages ________________ List of additional packages that provide console fonts, keymaps and other resources for virtual consoles use. *Type:* list of packages *Default:* ``"with pkgs.kbdKeymaps; [ dvp neo ]"`` *Declared by:* + ` `_ .. _opt-console.colors: console.colors ______________ The 16 colors palette used by the virtual consoles. Leave empty to use the default colors. Colors must be in hexadecimal format and listed in order from color 0 to color 15. *Type:* list of strings *Default:* ``[ ]`` *Example:* ``[ "002b36" "dc322f" "859900" "b58900" "268bd2" "d33682" "2aa198" "eee8d5" "002b36" "cb4b16" "586e75" "657b83" "839496" "6c71c4" "93a1a1" "fdf6e3" ]`` *Declared by:* + ` `_ .. _opt-console.earlySetup: console.earlySetup __________________ Enable setting virtual console options as early as possible (in initrd). *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-console.extraTTYs: console.extraTTYs _________________ TTY (virtual console) devices, in addition to the consoles on which mingetty and syslogd run, that must be initialised. Only useful if you have some program that you want to run on some fixed console. For example, the NixOS installation CD opens the manual in a web browser on console 7, so it sets to ``["tty7"]``. *Type:* list of strings *Default:* ``[ ]`` *Example:* ``[ "tty8" "tty9" ]`` *Declared by:* + ` `_ .. _opt-console.font: console.font ____________ The font used for the virtual consoles. Leave empty to use whatever the :command:`setfont` program considers the default font. *Type:* string *Default:* ``"Lat2-Terminus16"`` *Example:* ``"LatArCyrHeb-16"`` *Declared by:* + ` `_ .. _opt-console.keyMap: console.keyMap ______________ The keyboard mapping table for the virtual consoles. *Type:* string or path *Default:* ``"us"`` *Example:* ``"fr"`` *Declared by:* + ` `_ .. _opt-console.useXkbConfig: console.useXkbConfig ____________________ If set, configure the virtual console keymap from the xserver keyboard settings. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-containers: containers __________ A set of NixOS system configurations to be run as lightweight containers. Each container appears as a service``container-*name*`` on the host system, allowing it to be started and stopped via:command:`systemctl`. *Type:* attribute set of submodules *Default:* ``{ }`` *Example:* :: { webserver = { path = "/nix/var/nix/profiles/webserver"; }; database = { config = { config, pkgs, ... }: { services.postgresql.enable = true; services.postgresql.package = pkgs.postgresql_9_6; system.stateVersion = "17.03"; }; }; } *Declared by:* + ` `_ .. _opt-containers._name_.enableTun: containers..enableTun ___________________________ Allows the container to create and setup tunnel interfaces by granting the ``NET_ADMIN`` capability and enabling access to ``/dev/net/tun``. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-containers._name_.additionalCapabilities: containers..additionalCapabilities ________________________________________ Grant additional capabilities to the container. See the capabilities(7) and systemd-nspawn(1) man pages for more information. *Type:* list of strings *Default:* ``[ ]`` *Example:* ``[ "CAP_NET_ADMIN" "CAP_MKNOD" ]`` *Declared by:* + ` `_ .. _opt-containers._name_.allowedDevices: containers..allowedDevices ________________________________ A list of device nodes to which the containers has access to. *Type:* list of submodules *Default:* ``[ ]`` *Example:* ``[ { modifier = "rw"; node = "/dev/net/tun"; } ]`` *Declared by:* + ` `_ .. _opt-containers._name_.allowedDevices._.modifier: containers..allowedDevices.*.modifier ___________________________________________ Device node access modifier. Takes a combination``r`` (read), ``w`` (write), and``m`` (mknod). See the``systemd.resource-control(5)`` man page for more information. *Type:* string *Example:* ``"rw"`` *Declared by:* + ` `_ .. _opt-containers._name_.allowedDevices._.node: containers..allowedDevices.*.node _______________________________________ Path to device node *Type:* string *Example:* ``"/dev/net/tun"`` *Declared by:* + ` `_ .. _opt-containers._name_.autoStart: containers..autoStart ___________________________ Whether the container is automatically started at boot-time. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-containers._name_.bindMounts: containers..bindMounts ____________________________ An extra list of directories that is bound to the container. *Type:* list or attribute set of submodules *Default:* ``{ }`` *Example:* ``{ /home = { hostPath = "/home/alice"; isReadOnly = false; } ; }`` *Declared by:* + ` `_ .. _opt-containers._name_.bindMounts._name__.hostPath: containers..bindMounts..hostPath _____________________________________________ Location of the host path to be mounted. *Type:* null or string *Default:* ``null`` *Example:* ``"/home/alice"`` *Declared by:* + ` `_ .. _opt-containers._name_.bindMounts._name__.isReadOnly: containers..bindMounts..isReadOnly _______________________________________________ Determine whether the mounted path will be accessed in read-only mode. *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-containers._name_.bindMounts._name__.mountPoint: containers..bindMounts..mountPoint _______________________________________________ Mount point on the container file system. *Type:* string *Example:* ``"/mnt/usb"`` *Declared by:* + ` `_ .. _opt-containers._name_.config: containers..config ________________________ A specification of the desired configuration of this container, as a NixOS module. *Type:* Toplevel NixOS config *Declared by:* + ` `_ .. _opt-containers._name_.ephemeral: containers..ephemeral ___________________________ Runs container in ephemeral mode with the empty root filesystem at boot. This way container will be bootstrapped from scratch on each boot and will be cleaned up on shutdown leaving no traces behind. Useful for completely stateless, reproducible containers. Note that this option might require to do some adjustments to the container configuration, e.g. you might want to set``systemd.network.networks.$interface.dhcpConfig.ClientIdentifier`` to "mac" if you use ``macvlans`` option. This way dhcp client identifier will be stable between the container restarts. Note that the container journal will not be linked to the host if this option is enabled. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-containers._name_.extraFlags: containers..extraFlags ____________________________ Extra flags passed to the systemd-nspawn command. See systemd-nspawn(1) for details. *Type:* list of strings *Default:* ``[ ]`` *Example:* ``[ "--drop-capability=CAP_SYS_CHROOT" ]`` *Declared by:* + ` `_ .. _opt-containers._name_.extraVeths: containers..extraVeths ____________________________ Extra veth-pairs to be created for the container *Type:* attribute set of submodules *Default:* ``{ }`` *Declared by:* + ` `_ .. _opt-containers._name_.extraVeths._name_.forwardPorts: containers..extraVeths..forwardPorts ________________________________________________ List of forwarded ports from host to container. Each forwarded port is specified by protocol, hostPort and containerPort. By default, protocol is tcp and hostPort and containerPort are assumed to be the same if containerPort is not explicitly given. *Type:* list of submodules *Default:* ``[ ]`` *Example:* ``[ { containerPort = 80; hostPort = 8080; protocol = "tcp"; } ]`` *Declared by:* + ` `_ .. _opt-containers._name_.extraVeths._name_.forwardPorts._.containerPort: containers..extraVeths..forwardPorts.*.containerPort ________________________________________________________________ Target port of container *Type:* null or signed integer *Default:* ``null`` *Declared by:* + ` `_ .. _opt-containers._name_.extraVeths._name_.forwardPorts._.hostPort: containers..extraVeths..forwardPorts.*.hostPort ___________________________________________________________ Source port of the external interface on host *Type:* signed integer *Declared by:* + ` `_ .. _opt-containers._name_.extraVeths._name_.forwardPorts._.protocol: containers..extraVeths..forwardPorts.*.protocol ___________________________________________________________ The protocol specifier for port forwarding between host and container *Type:* string *Default:* ``"tcp"`` *Declared by:* + ` `_ .. _opt-containers._name_.extraVeths._name_.hostAddress: containers..extraVeths..hostAddress _______________________________________________ The IPv4 address assigned to the host interface. (Not used when hostBridge is set.) *Type:* null or string *Default:* ``null`` *Example:* ``"10.231.136.1"`` *Declared by:* + ` `_ .. _opt-containers._name_.extraVeths._name_.hostAddress6: containers..extraVeths..hostAddress6 ________________________________________________ The IPv6 address assigned to the host interface. (Not used when hostBridge is set.) *Type:* null or string *Default:* ``null`` *Example:* ``"fc00::1"`` *Declared by:* + ` `_ .. _opt-containers._name_.extraVeths._name_.hostBridge: containers..extraVeths..hostBridge ______________________________________________ Put the host-side of the veth-pair into the named bridge. Only one of hostAddress* or hostBridge can be given. *Type:* null or string *Default:* ``null`` *Example:* ``"br0"`` *Declared by:* + ` `_ .. _opt-containers._name_.extraVeths._name_.localAddress: containers..extraVeths..localAddress ________________________________________________ The IPv4 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /32 and routing is set up from localAddress to hostAddress and back. *Type:* null or string *Default:* ``null`` *Example:* ``"10.231.136.2"`` *Declared by:* + ` `_ .. _opt-containers._name_.extraVeths._name_.localAddress6: containers..extraVeths..localAddress6 _________________________________________________ The IPv6 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /128 and routing is set up from localAddress6 to hostAddress6 and back. *Type:* null or string *Default:* ``null`` *Example:* ``"fc00::2"`` *Declared by:* + ` `_ .. _opt-containers._name_.forwardPorts: containers..forwardPorts ______________________________ List of forwarded ports from host to container. Each forwarded port is specified by protocol, hostPort and containerPort. By default, protocol is tcp and hostPort and containerPort are assumed to be the same if containerPort is not explicitly given. *Type:* list of submodules *Default:* ``[ ]`` *Example:* ``[ { containerPort = 80; hostPort = 8080; protocol = "tcp"; } ]`` *Declared by:* + ` `_ .. _opt-containers._name_.forwardPorts._.containerPort: containers..forwardPorts.*.containerPort ______________________________________________ Target port of container *Type:* null or signed integer *Default:* ``null`` *Declared by:* + ` `_ .. _opt-containers._name_.forwardPorts._.hostPort: containers..forwardPorts.*.hostPort _________________________________________ Source port of the external interface on host *Type:* signed integer *Declared by:* + ` `_ .. _opt-containers._name_.forwardPorts._.protocol: containers..forwardPorts.*.protocol _________________________________________ The protocol specifier for port forwarding between host and container *Type:* string *Default:* ``"tcp"`` *Declared by:* + ` `_ .. _opt-containers._name_.hostAddress: containers..hostAddress _____________________________ The IPv4 address assigned to the host interface. (Not used when hostBridge is set.) *Type:* null or string *Default:* ``null`` *Example:* ``"10.231.136.1"`` *Declared by:* + ` `_ .. _opt-containers._name_.hostAddress6: containers..hostAddress6 ______________________________ The IPv6 address assigned to the host interface. (Not used when hostBridge is set.) *Type:* null or string *Default:* ``null`` *Example:* ``"fc00::1"`` *Declared by:* + ` `_ .. _opt-containers._name_.hostBridge: containers..hostBridge ____________________________ Put the host-side of the veth-pair into the named bridge. Only one of hostAddress* or hostBridge can be given. *Type:* null or string *Default:* ``null`` *Example:* ``"br0"`` *Declared by:* + ` `_ .. _opt-containers._name_.interfaces: containers..interfaces ____________________________ The list of interfaces to be moved into the container. *Type:* list of strings *Default:* ``[ ]`` *Example:* ``[ "eth1" "eth2" ]`` *Declared by:* + ` `_ .. _opt-containers._name_.localAddress: containers..localAddress ______________________________ The IPv4 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /32 and routing is set up from localAddress to hostAddress and back. *Type:* null or string *Default:* ``null`` *Example:* ``"10.231.136.2"`` *Declared by:* + ` `_ .. _opt-containers._name_.localAddress6: containers..localAddress6 _______________________________ The IPv6 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /128 and routing is set up from localAddress6 to hostAddress6 and back. *Type:* null or string *Default:* ``null`` *Example:* ``"fc00::2"`` *Declared by:* + ` `_ .. _opt-containers._name_.macvlans: containers..macvlans __________________________ The list of host interfaces from which macvlans will be created. For each interface specified, a macvlan interface will be created and moved to the container. *Type:* list of strings *Default:* ``[ ]`` *Example:* ``[ "eth1" "eth2" ]`` *Declared by:* + ` `_ .. _opt-containers._name_.path: containers..path ______________________ As an alternative to specifying, you can specify the path to the evaluated NixOS system configuration, typically a symlink to a system profile. *Type:* path *Example:* ``"/nix/var/nix/profiles/containers/webserver"`` *Declared by:* + ` `_ .. _opt-containers._name_.privateNetwork: containers..privateNetwork ________________________________ Whether to give the container its own private virtual Ethernet interface. The interface is called``eth0``, and is hooked up to the interface``ve-*container-name*`` on the host. If this option is not set, then the container shares the network interfaces of the host, and can bind to any port on any interface. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-containers._name_.timeoutStartSec: containers..timeoutStartSec _________________________________ Time for the container to start. In case of a timeout, the container processes get killed. See systemd.time7 for more information about the format. *Type:* string *Default:* ``"1min"`` *Declared by:* + ` `_ .. _opt-containers._name_.tmpfs: containers..tmpfs _______________________ Mounts a set of tmpfs file systems into the container. Multiple paths can be specified. Valid items must conform to the --tmpfs argument of systemd-nspawn. See systemd-nspawn(1) for details. *Type:* list of strings *Default:* ``[ ]`` *Example:* ``[ "/var" ]`` *Declared by:* + ` `_ .. _opt-docker-containers: docker-containers _________________ Docker containers to run as systemd services. *Type:* attribute set of submodules *Default:* ``{ }`` *Declared by:* + ` `_ .. _opt-docker-containers._name_.autoStart: docker-containers..autoStart __________________________________ When enabled, the container is automatically started on boot. If this option is set to false, the container has to be started on-demand via its service. *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-docker-containers._name_.cmd: docker-containers..cmd ____________________________ Commandline arguments to pass to the image's entrypoint. *Type:* list of strings *Default:* ``[ ]`` *Example:* :: ["--port=9000"] *Declared by:* + ` `_ .. _opt-docker-containers._name_.dependsOn: docker-containers..dependsOn __________________________________ Define which other containers this one depends on. They will be added to both After and Requires for the unit. Use the same name as the attribute under ``services.docker-containers``. *Type:* list of strings *Default:* ``[ ]`` *Example:* :: services.docker-containers = { node1 = {}; node2 = { dependsOn = [ "node1" ]; } } *Declared by:* + ` `_ .. _opt-docker-containers._name_.entrypoint: docker-containers..entrypoint ___________________________________ Override the default entrypoint of the image. *Type:* null or string *Default:* ``null`` *Example:* ``"/bin/my-app"`` *Declared by:* + ` `_ .. _opt-docker-containers._name_.environment: docker-containers..environment ____________________________________ Environment variables to set for this container. *Type:* attribute set of strings *Default:* ``{ }`` *Example:* :: { DATABASE_HOST = "db.example.com"; DATABASE_PORT = "3306"; } *Declared by:* + ` `_ .. _opt-docker-containers._name_.extraDockerOptions: docker-containers..extraDockerOptions ___________________________________________ Extra options for :command:`docker run`. *Type:* list of strings *Default:* ``[ ]`` *Example:* :: ["--network=host"] *Declared by:* + ` `_ .. _opt-docker-containers._name_.image: docker-containers..image ______________________________ Docker image to run. *Type:* string *Example:* ``"library/hello-world"`` *Declared by:* + ` `_ .. _opt-docker-containers._name_.imageFile: docker-containers..imageFile __________________________________ Path to an image file to load instead of pulling from a registry. If defined, do not pull from registry. You still need to set the ``image`` attribute, as it will be used as the image name for docker to start a container. *Type:* null or package *Default:* ``null`` *Example:* :: pkgs.dockerTools.buildDockerImage {...}; *Declared by:* + ` `_ .. _opt-docker-containers._name_.log-driver: docker-containers..log-driver ___________________________________ Logging driver for the container. The default of``"none"`` means that the container's logs will be handled as part of the systemd unit. Setting this to``"journald"`` will result in duplicate logging, but the container's logs will be visible to the :command:`docker logs` command. For more details and a full list of logging drivers, refer to the`Docker engine documentation `_ *Type:* string *Default:* ``"none"`` *Declared by:* + ` `_ .. _opt-docker-containers._name_.ports: docker-containers..ports ______________________________ Network ports to publish from the container to the outer host. Valid formats: - ``::`` - ``::`` - ``:`` - ```` Both ``hostPort`` and``containerPort`` can be specified as a range of ports. When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. Example: ``1234-1236:1234-1236/tcp`` When specifying a range for ``hostPort`` only, the``containerPort`` must *not* be a range. In this case, the container port is published somewhere within the specified ``hostPort`` range. Example:``1234-1236:1234/tcp`` Refer to the`Docker engine documentation `_ for full details. *Type:* list of strings *Default:* ``[ ]`` *Example:* :: [ "8080:9000" ] *Declared by:* + ` `_ .. _opt-docker-containers._name_.user: docker-containers..user _____________________________ Override the username or UID (and optionally groupname or GID) used in the container. *Type:* null or string *Default:* ``null`` *Example:* ``"nobody:nogroup"`` *Declared by:* + ` `_ .. _opt-docker-containers._name_.volumes: docker-containers..volumes ________________________________ List of volumes to attach to this container. Note that this is a list of ``"src:dst"`` strings to allow for ``src`` to refer to``/nix/store`` paths, which would be difficult with an attribute set. There are also a variety of mount options available as a third field; please refer to the`docker engine documentation `_ for details. *Type:* list of strings *Default:* ``[ ]`` *Example:* :: [ "volume_name:/path/inside/container" "/path/on/host:/path/inside/container" ] *Declared by:* + ` `_ .. _opt-docker-containers._name_.workdir: docker-containers..workdir ________________________________ Override the default working directory for the container. *Type:* null or string *Default:* ``null`` *Example:* ``"/var/lib/hello_world"`` *Declared by:* + ` `_ .. _opt-documentation.enable: documentation.enable ____________________ Whether to install documentation of packages from into the generated system path. See "Multiple-output packages" chapter in the nixpkgs manual for more info. *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-documentation.dev.enable: documentation.dev.enable ________________________ Whether to install documentation targeted at developers. - This includes man pages targeted at developers if is set (this also includes "devman" outputs). - This includes info pages targeted at developers if is set (this also includes "devinfo" outputs). - This includes other pages targeted at developers if is set (this also includes "devdoc" outputs). *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-documentation.doc.enable: documentation.doc.enable ________________________ Whether to install documentation distributed in packages' ``/share/doc``. Usually plain text and/or HTML. This also includes "doc" outputs. *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-documentation.info.enable: documentation.info.enable _________________________ Whether to install info pages and the :command:`info` command. This also includes "info" outputs. *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-documentation.man.enable: documentation.man.enable ________________________ Whether to install manual pages and the :command:`man` command. This also includes "man" outputs. *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-documentation.nixos.enable: documentation.nixos.enable __________________________ Whether to install NixOS's own documentation. - This includes man pages like configuration.nix5 if is set. - This includes the HTML manual and the :command:`nixos-help` command if is set. *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-documentation.nixos.includeAllModules: documentation.nixos.includeAllModules _____________________________________ Whether the generated NixOS's documentation should include documentation for all the options from all the NixOS modules included in the current``configuration.nix``. Disabling this will make the manual generator to ignore options defined outside of ``baseModules``. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-dysnomia.enable: dysnomia.enable _______________ Whether to enable Dysnomia *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-dysnomia.enableAuthentication: dysnomia.enableAuthentication _____________________________ Whether to publish privacy-sensitive authentication credentials *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-dysnomia.package: dysnomia.package ________________ The Dysnomia package *Type:* path *Declared by:* + ` `_ .. _opt-dysnomia.components: dysnomia.components ___________________ An atttribute set in which each key represents a container and each value an attribute set in which each key represents a component and each value a derivation constructing its initial state *Type:* unspecified *Default:* ``{ }`` *Declared by:* + ` `_ .. _opt-dysnomia.containers: dysnomia.containers ___________________ An attribute set in which each key represents a container and each value an attribute set providing its configuration properties *Type:* unspecified *Default:* ``{ }`` *Declared by:* + ` `_ .. _opt-dysnomia.extraContainerPaths: dysnomia.extraContainerPaths ____________________________ A list of paths containing additional container configurations that are added to the search folders *Type:* unspecified *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-dysnomia.extraContainerProperties: dysnomia.extraContainerProperties _________________________________ An attribute set providing additional container settings in addition to the default properties *Type:* unspecified *Default:* ``{ }`` *Declared by:* + ` `_ .. _opt-dysnomia.extraModulePaths: dysnomia.extraModulePaths _________________________ A list of paths containing additional modules that are added to the search folders *Type:* unspecified *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-dysnomia.properties: dysnomia.properties ___________________ An attribute set in which each attribute represents a machine property. Optionally, these values can be shell substitutions. *Type:* unspecified *Default:* ``{ }`` *Declared by:* + ` `_ .. _opt-environment.enableDebugInfo: environment.enableDebugInfo ___________________________ Some NixOS packages provide debug symbols. However, these are not included in the system closure by default to save disk space. Enabling this option causes the debug symbols to appear in :file:`/run/current-system/sw/lib/debug/.build-id`, where tools such as :command:`gdb` can find them. If you need debug symbols for a package that doesn't provide them by default, you can enable them as follows: :: nixpkgs.config.packageOverrides = pkgs: { hello = pkgs.hello.overrideAttrs (oldAttrs: { separateDebugInfo = true; }); }; *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-environment.checkConfigurationOptions: environment.checkConfigurationOptions _____________________________________ Alias of . *Type:* boolean *Declared by:* + ` `_ .. _opt-environment.etc: environment.etc _______________ Set of files that have to be linked in :file:`/etc`. *Type:* list or attribute set of submodules *Default:* ``{ }`` *Example:* :: { example-configuration-file = { source = "/nix/store/.../etc/dir/file.conf.example"; mode = "0440"; }; "default/useradd".text = "GROUP=100 ..."; } *Declared by:* + ` `_ .. _opt-environment.etc._name__.enable: environment.etc..enable ______________________________ Whether this /etc file should be generated. This option allows specific /etc files to be disabled. *Type:* boolean *Default:* ``true`` *Declared by:* + ` `_ .. _opt-environment.etc._name__.gid: environment.etc..gid ___________________________ GID of created file. Only takes affect when the file is copied (that is, the mode is not 'symlink'). *Type:* signed integer *Default:* ``0`` *Declared by:* + ` `_ .. _opt-environment.etc._name__.group: environment.etc..group _____________________________ Group name of created file. Only takes affect when the file is copied (that is, the mode is not 'symlink'). Changing this option takes precedence over ``gid``. *Type:* string *Default:* ``"+0"`` *Declared by:* + ` `_ .. _opt-environment.etc._name__.mode: environment.etc..mode ____________________________ If set to something else than ``symlink``, the file is copied instead of symlinked, with the given file mode. *Type:* string *Default:* ``"symlink"`` *Example:* ``"0600"`` *Declared by:* + ` `_ .. _opt-environment.etc._name__.source: environment.etc..source ______________________________ Path of the source file. *Type:* path *Declared by:* + ` `_ .. _opt-environment.etc._name__.target: environment.etc..target ______________________________ Name of symlink (relative to:file:`/etc`). Defaults to the attribute name. *Type:* string *Declared by:* + ` `_ .. _opt-environment.etc._name__.text: environment.etc..text ____________________________ Text of the file. *Type:* null or strings concatenated with "\\n" *Default:* ``null`` *Declared by:* + ` `_ .. _opt-environment.etc._name__.uid: environment.etc..uid ___________________________ UID of created file. Only takes affect when the file is copied (that is, the mode is not 'symlink'). *Type:* signed integer *Default:* ``0`` *Declared by:* + ` `_ .. _opt-environment.etc._name__.user: environment.etc..user ____________________________ User name of created file. Only takes affect when the file is copied (that is, the mode is not 'symlink'). Changing this option takes precedence over ``uid``. *Type:* string *Default:* ``"+0"`` *Declared by:* + ` `_ .. _opt-environment.extraInit: environment.extraInit _____________________ Shell script code called during global environment initialisation after all variables and profileVariables have been set. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Declared by:* + ` `_ .. _opt-environment.extraOutputsToInstall: environment.extraOutputsToInstall _________________________________ List of additional package outputs to be symlinked into :file:`/run/current-system/sw`. *Type:* list of strings *Default:* ``[ ]`` *Example:* ``[ "doc" "info" "devdoc" ]`` *Declared by:* + ` `_ .. _opt-environment.extraSetup: environment.extraSetup ______________________ Shell fragments to be run after the system environment has been created. This should only be used for things that need to modify the internals of the environment, e.g. generating MIME caches. The environment being built can be accessed at $out. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Declared by:* + ` `_ .. _opt-environment.freetds: environment.freetds ___________________ Configure freetds database entries. Each attribute denotes a section within freetds.conf, and the value (a string) is the config content for that section. When at least one entry is configured the global environment variables FREETDSCONF, FREETDS and SYBASE will be configured to allow the programs that use freetds to find the library and config. *Type:* attribute set of strings *Default:* ``{ }`` *Example:* :: { MYDATABASE = '' host = 10.0.2.100 port = 1433 tds version = 7.2 ''; } *Declared by:* + ` `_ .. _opt-environment.gnome3.excludePackages: environment.gnome3.excludePackages __________________________________ Which packages gnome should exclude from the default environment *Type:* list of packages *Default:* ``[ ]`` *Example:* :: [ pkgs.gnome3.totem ] *Declared by:* + ` `_ .. _opt-environment.homeBinInPath: environment.homeBinInPath _________________________ Include ~/bin/ in $PATH. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-environment.interactiveShellInit: environment.interactiveShellInit ________________________________ Shell script code called during interactive shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Declared by:* + ` `_ .. _opt-environment.loginShellInit: environment.loginShellInit __________________________ Shell script code called during login shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Declared by:* + ` `_ .. _opt-environment.lxqt.excludePackages: environment.lxqt.excludePackages ________________________________ Which LXQt packages to exclude from the default environment *Type:* list of packages *Default:* ``[ ]`` *Example:* :: [ pkgs.lxqt.qterminal ] *Declared by:* + ` `_ .. _opt-environment.mate.excludePackages: environment.mate.excludePackages ________________________________ Which MATE packages to exclude from the default environment *Type:* list of packages *Default:* ``[ ]`` *Example:* :: [ pkgs.mate.mate-terminal pkgs.mate.pluma ] *Declared by:* + ` `_ .. _opt-environment.memoryAllocator.provider: environment.memoryAllocator.provider ____________________________________ The system-wide memory allocator. Briefly, the system-wide memory allocator providers are: - ``libc``: the standard allocator provided by libc - ``graphene-hardened``: An allocator designed to mitigate memory corruption attacks, such as those caused by use-after-free bugs. - ``jemalloc``: A general purpose allocator that emphasizes fragmentation avoidance and scalable concurrency support. - ``scudo``: A user-mode allocator based on LLVM Sanitizer’s CombinedAllocator, which aims at providing additional mitigations against heap based vulnerabilities, while maintaining good performance. .. warning:: Selecting an alternative allocator (i.e., anything other than``libc``) may result in instability, data loss, and/or service failure. *Type:* one of "libc", "graphene-hardened", "jemalloc", "scudo" *Default:* ``"libc"`` *Declared by:* + ` `_ .. _opt-environment.noXlibs: environment.noXlibs ___________________ Switch off the options in the default configuration that require X11 libraries. This includes client-side font configuration and SSH forwarding of X11 authentication in. Thus, you probably do not want to enable this option if you want to run X11 programs on this machine via SSH. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-environment.pantheon.excludePackages: environment.pantheon.excludePackages ____________________________________ Which packages pantheon should exclude from the default environment *Type:* list of packages *Default:* ``[ ]`` *Example:* :: [ pkgs.pantheon.elementary-camera ] *Declared by:* + ` `_ .. _opt-environment.pathsToLink: environment.pathsToLink _______________________ List of directories to be symlinked in :file:`/run/current-system/sw`. *Type:* list of strings *Default:* ``[ ]`` *Example:* ``[ "/" ]`` *Declared by:* + ` `_ .. _opt-environment.profileRelativeEnvVars: environment.profileRelativeEnvVars __________________________________ Attribute set of environment variable. Each attribute maps to a list of relative paths. Each relative path is appended to the each profile of to form the content of the corresponding environment variable. *Type:* attribute set of list of stringss *Example:* ``{ MANPATH = [ "/man" "/share/man" ] ; PATH = [ "/bin" ] ; }`` *Declared by:* + ` `_ .. _opt-environment.profileRelativeSessionVariables: environment.profileRelativeSessionVariables ___________________________________________ Attribute set of environment variable used in the global environment. These variables will be set by PAM early in the login process. Variable substitution is available as described inpam_env.conf5. Each attribute maps to a list of relative paths. Each relative path is appended to the each profile of to form the content of the corresponding environment variable. Also, these variables are merged into:ref:`opt-environment.profileRelativeEnvVars` and it is therefore not possible to use PAM style variables such as@{HOME}. *Type:* attribute set of list of stringss *Example:* ``{ MANPATH = [ "/man" "/share/man" ] ; PATH = [ "/bin" ] ; }`` *Declared by:* + ` `_ .. _opt-environment.profiles: environment.profiles ____________________ A list of profiles used to setup the global environment. *Type:* list of strings *Default:* ``[ ]`` *Declared by:* + ` `_ .. _opt-environment.sessionVariables: environment.sessionVariables ____________________________ A set of environment variables used in the global environment. These variables will be set by PAM early in the login process. The value of each session variable can be either a string or a list of strings. The latter is concatenated, interspersed with colon characters. Note, due to limitations in the PAM format values may not contain the ``"`` character. Also, these variables are merged into:ref:`opt-environment.variables` and it is therefore not possible to use PAM style variables such as@{HOME}. *Type:* attribute set of string or list of stringss *Default:* ``{ }`` *Declared by:* + ` `_ .. _opt-environment.shellAliases: environment.shellAliases ________________________ An attribute set that maps aliases (the top level attribute names in this option) to command strings or directly to build outputs. The aliases are added to all users' shells. Aliases mapped to null are ignored. *Type:* attribute set of null or string or paths *Example:* ``{ l = null; ll = "ls -l"; }`` *Declared by:* + ` `_ .. _opt-environment.shellInit: environment.shellInit _____________________ Shell script code called during shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split. *Type:* strings concatenated with "\\n" *Default:* ``""`` *Declared by:* + ` `_ .. _opt-environment.shells: environment.shells __________________ A list of permissible login shells for user accounts. No need to mention ``/bin/sh`` here, it is placed into this list implicitly. *Type:* list of package or paths *Default:* ``[ ]`` *Example:* :: [ pkgs.bashInteractive pkgs.zsh ] *Declared by:* + ` `_ .. _opt-environment.systemPackages: environment.systemPackages __________________________ The set of packages that appear in /run/current-system/sw. These packages are automatically available to all users, and are automatically updated every time you rebuild the system configuration. (The latter is the main difference with installing them in the default profile,:file:`/nix/var/nix/profiles/default`. *Type:* list of packages *Default:* ``[ ]`` *Example:* :: [ pkgs.firefox pkgs.thunderbird ] *Declared by:* + ` `_ .. _opt-environment.unixODBCDrivers: environment.unixODBCDrivers ___________________________ Specifies Unix ODBC drivers to be registered in:file:`/etc/odbcinst.ini`. You may also want to add ``pkgs.unixODBC`` to the system path to get a command line client to connect to ODBC databases. *Type:* list of packages *Default:* ``[ ]`` *Example:* :: with pkgs.unixODBCDrivers; [ sqlite psql ] *Declared by:* + ` `_ .. _opt-environment.variables: environment.variables _____________________ A set of environment variables used in the global environment. These variables will be set on shell initialisation (e.g. in /etc/profile). The value of each variable can be either a string or a list of strings. The latter is concatenated, interspersed with colon characters. *Type:* attribute set of string or list of stringss *Default:* ``{ }`` *Example:* ``{ EDITOR = "nvim"; VISUAL = "nvim"; }`` *Declared by:* + ` `_ .. _opt-fileSystems: fileSystems ___________ The file systems to be mounted. It must include an entry for the root directory (``mountPoint = "/"``). Each entry in the list is an attribute set with the following fields:``mountPoint``, ``device``,``fsType`` (a file system type recognised by:command:`mount`; defaults to``"auto"``), and ``options`` (the mount options passed to :command:`mount` using the flag; defaults to ``[ "defaults" ]``). Instead of specifying ``device``, you can also specify a volume label (``label``) for file systems that support it, such as ext2/ext3 (see :command:`mke2fs -L`). *Type:* list or attribute set of submodules *Default:* ``{ }`` *Example:* :: { "/".device = "/dev/hda1"; "/data" = { device = "/dev/hda2"; fsType = "ext3"; options = [ "data=journal" ]; }; "/bigdisk".label = "bigdisk"; } *Declared by:* + ` `_ + ` `_ + ` `_ .. _opt-fileSystems._name__.autoFormat: fileSystems..autoFormat ______________________________ If the device does not currently contain a filesystem (as determined by :command:`blkid`, then automatically format it with the filesystem type specified in. Use with caution. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-fileSystems._name__.autoResize: fileSystems..autoResize ______________________________ If set, the filesystem is grown to its maximum size before being mounted. (This is typically the size of the containing partition.) This is currently only supported for ext2/3/4 filesystems that are mounted during early boot. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-fileSystems._name__.device: fileSystems..device __________________________ Location of the device. *Type:* null or string (with check: non-empty) *Default:* ``null`` *Example:* ``"/dev/sda"`` *Declared by:* + ` `_ .. _opt-fileSystems._name__.encrypted.enable: fileSystems..encrypted.enable ____________________________________ The block device is backed by an encrypted one, adds this device as a initrd luks entry. *Type:* boolean *Default:* ``false`` *Declared by:* + ` `_ .. _opt-fileSystems._name__.encrypted.blkDev: fileSystems..encrypted.blkDev ____________________________________ Location of the backing encrypted device. *Type:* null or string *Default:* ``null`` *Example:* ``"/dev/sda1"`` *Declared by:* + ` `_ .. _opt-fileSystems._name__.encrypted.keyFile: fileSystems..encrypted.keyFile _____________________________________ File system location of keyfile. This unlocks the drive after the root has been mounted to ``/mnt-root``. *Type:* null or string *Default:* ``null`` *Example:* ``"/mnt-root/root/.swapkey"`` *Declared by:* + ` `_ .. _opt-fileSystems._name__.encrypted.label: fileSystems..encrypted.label ___________________________________ Label of the unlocked encrypted device. Set ``fileSystems..device`` to ``/dev/mapper/