Appendix A. Configuration Options

Whether to enable the unified cgroup hierarchy (cgroupsv2). This feature is experimental.

Type: boolean

Default: false

Declared by:

Type: list of string

Default: [ ]

Example: [ "cirrusfb" "i2c_piix4" ]

Declared by:

Type: signed integer

Default: 4

Declared by:

If enabled, NixOS will set up a kernel that will boot on crash, and leave the user in systemd rescue to be able to save the crashed kernel dump at /proc/vmcore. It also activates the NMI watchdog.

Type: boolean

Default: false

Declared by:

Enable the serial console.

Type: boolean

Default: false

Declared by:

Specify the baud rate of the serial port.

Type: signed integer

Default: 115200

Declared by:

Specify the serial port for debug output.

Type: string

Default: "ttyS0"

Declared by:

Enable the VGA console.

Type: boolean

Default: true

Declared by:

Attempt to reset a standard VGA device.

Type: boolean

Default: true

Declared by:

shell commands to be executed after makedumpfile outputs /dmesg

Type: string

Default: ""

Declared by:

parameters that will be passed to the kernel kexec-ed on crash.

Type: list of string

Default: [ "1" "boot.shell_on_fail" "loglevel=8" ]

Declared by:

The amount of memory reserved for the crashdump kernel. If you choose a too high value, dmesg will mention "crashkernel reservation failed".

Type: string

Default: "512M"

Declared by:

Type: string

Default: "50%"

Example: "256m"

Declared by:

Type: string

Default: "5%"

Example: "32m"

Declared by:

Type: strings concatenated with "\n"

Default: ""

Example:

''
options parport_pc io=0x378 irq=7 dma=1
''

Declared by:

Type: list of package

Default: [ ]

Example: [ config.boot.kernelPackages.nvidia_x11 ]

Declared by:

Whether to enable the NixOS initial RAM disk (initrd). This may be needed to perform some initialisation tasks (like mounting network/encrypted file systems) before continuing the boot process.

Type: boolean

Default: "!config.boot.isContainer"

Declared by:

Type: list of string

Default: [ ]

Example: [ "sata_nv" "ext3" ]

Declared by:

Type: boolean

Default: true

Declared by:

Type: list of string

Default: [ ]

Declared by:

Add network connectivity support to initrd. The network may be configured using the ip kernel parameter, as described in the kernel documentation. Otherwise, if networking.useDHCP is enabled, an IP address is acquired using DHCP. You should add the module(s) required for your network card to boot.initrd.availableKernelModules. lspci -v | grep -iA8 'network\|ethernet' will tell you which.

Type: boolean

Default: false

Declared by:

Whether to clear the configuration of the interfaces that were set up in the initrd right before stage 2 takes over. Stage 2 will do the regular network configuration based on the NixOS networking options.

Type: boolean

Default: true

Declared by:

Shell commands to be executed after stage 1 of the boot has initialised the network.

Type: strings concatenated with "\n"

Default: ""

Declared by:

Set clock in initrd using NTP servers in networking.timeServers

Type: boolean

Default: true

Declared by:

Type: boolean

Default: false

Declared by:

Type: list of string

Default: config.users.users.root.openssh.authorizedKeys.keys

Declared by:

Type: strings concatenated with "\n"

Default: ""

Declared by:

Type: list of (string or path)

Default: [ ]

Example: [ "/etc/secrets/initrd/ssh_host_rsa_key" "/etc/secrets/initrd/ssh_host_ed25519_key" ]

Declared by:

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: 22

Declared by:

Type: string

Default: "/bin/ash"

Declared by:

Additional command-line arguments passed verbatim to udhcpc if boot.initrd.network.enable and networking.useDHCP are enabled.

Type: list of string

Default: [ ]

Declared by:

Whether to use DHCP in the initrd.

Type: null or boolean

Default: null

Declared by:

Shell commands to be executed immediately after stage 1 of the boot has loaded kernel modules and created device nodes in /dev.

Type: strings concatenated with "\n"

Default: ""

Declared by:

Shell commands to be executed immediately after the stage 1 filesystems have been mounted.

Type: strings concatenated with "\n"

Default: ""

Declared by:

Shell commands to be executed before the failure prompt is shown.

Type: strings concatenated with "\n"

Default: ""

Declared by:

Shell commands to be executed immediately before LVM discovery. vpsAdminOS actually does not support LVM, this is just for compatibility with other modules.

Type: strings concatenated with "\n"

Default: ""

Declared by:

Names of supported filesystem types in the initial ramdisk.

Type: list of string

Default: [ ]

Example: [ "btrfs" ]

Declared by:

Type: unspecified value

Declared by:

Include hardware support kernel modules in initrd (so e.g. zfs sees disks)

Type: boolean

Default: true

Declared by:

Type: boolean

Default: false

Declared by:

Type: boolean

Default: true

Example: true

Declared by:

Type: string

Default: ""

Example: "my secret seed"

Declared by:

Type: attribute set of (sysctl option value)

Default: { }

Example:

{ "net.ipv4.tcp_syncookies" = false; "vm.swappiness" = 60; }

Declared by:

Type: null or unsigned integer, meaning >=0

Default: null

Declared by:

Type: list of string

Default: [ ]

Declared by:

base linux kernel package

Type: package

Default: (build of linux-5.10.164)

Declared by:

Type: raw value

Default: pkgs.linuxPackages

Example: pkgs.linuxKernel.packages.linux_5_10

Declared by:

Type: list of string, with spaces inside double quotes

Default: [ ]

Declared by:

Type: list of (attribute set)

Default: [ ]

Example: [ pkgs.kernelPatches.ubuntu_fan_4_4 ]

Declared by:

TODO

Type: string

Default: "5.10.164"

Declared by:

Type: boolean

Default: false

Declared by:

Type: string

Default: "/boot"

Declared by:

Type: boolean

Default: false

Declared by:

Type: boolean

Default: false

Declared by:

Whether to enable the GNU GRUB boot loader.

Type: boolean

Default: false

Declared by:

Enable support for encrypted partitions. GRUB should automatically unlock the correct encrypted partition and look for filesystems.

Type: boolean

Default: false

Declared by:

Background color to be used for GRUB to fill the areas the image isn't filling.

Type: null or string

Default: null

Example: "#7EBAE4"

Declared by:

Maximum of configurations in boot menu. GRUB has problems when there are too many entries.

Type: signed integer

Default: 100

Example: 120

Declared by:

GRUB entry name instead of default.

Type: string

Default: ""

Example: "Stable 2.6.21"

Declared by:

Whether the GRUB menu builder should copy kernels and initial ramdisks to /boot. This is done automatically if /boot is on a different partition than /.

Type: boolean

Default: false

Declared by:

Index of the default menu item to be booted. Can also be set to "saved", which will make GRUB select the menu item that was used at the last boot.

Type: signed integer or string

Default: "0"

Declared by:

The device on which the GRUB boot loader will be installed. The special value nodev means that a GRUB boot menu will be generated, but GRUB itself will not actually be installed. To install GRUB on multiple devices, use boot.loader.grub.devices.

Type: string

Default: ""

Example: "/dev/disk/by-id/wwn-0x500001234567890a"

Declared by:

The devices on which the boot loader, GRUB, will be installed. Can be used instead of device to install GRUB onto multiple devices.

Type: list of string

Default: [ ]

Example: [ "/dev/disk/by-id/wwn-0x500001234567890a" ]

Declared by:

Whether to invoke grub-install with --removable.

Unless you turn this on, GRUB will install itself somewhere in boot.loader.efi.efiSysMountPoint (exactly where depends on other config variables). If you've set boot.loader.efi.canTouchEfiVariables *AND* you are currently booted in UEFI mode, then GRUB will use efibootmgr to modify the boot order in the EFI variables of your firmware to include this location. If you are *not* booted in UEFI mode at the time GRUB is being installed, the NVRAM will not be modified, and your system will not find GRUB at boot time. However, GRUB will still return success so you may miss the warning that gets printed ("efibootmgr: EFI variables are not supported on this system.").

If you turn this feature on, GRUB will install itself in a special location within efiSysMountPoint (namely EFI/boot/boot$arch.efi) which the firmwares are hardcoded to try first, regardless of NVRAM EFI variables.

To summarize, turn this on if:

Type: boolean

Default: false

Declared by:

Whether GRUB should be built with EFI support. EFI support is only available for GRUB v2. This option is ignored for GRUB v1.

Type: boolean

Default: false

Declared by:

Additional GRUB commands inserted in the configuration file just before the menu entries.

Type: strings concatenated with "\n"

Default: ""

Example:

''
serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1
terminal_input --append serial
terminal_output --append serial
''

Declared by:

Any additional entries you want added to the GRUB boot menu.

Type: strings concatenated with "\n"

Default: ""

Example:

''
# GRUB 1 example (not GRUB 2 compatible)
title Windows
  chainloader (hd0,1)+1

# GRUB 2 example
menuentry "Windows 7" {
  chainloader (hd0,4)+1
}

# GRUB 2 with UEFI example, chainloading another distro
menuentry "Fedora" {
  set root=(hd1,1)
  chainloader /efi/fedora/grubx64.efi
}
''

Declared by:

Whether extraEntries are included before the default option.

Type: boolean

Default: false

Declared by:

A set of files to be copied to /boot. Each attribute name denotes the destination file name in /boot, while the corresponding attribute value specifies the source file.

Type: attribute set of path

Default: { }

Example:

{ "memtest.bin" = "${pkgs.memtest86plus}/memtest.bin"; }

Declared by:

Additional arguments passed to grub-install. A use case for this is to build specific GRUB2 modules directly into the GRUB2 kernel image, so that they are available and activated even in the grub rescue shell. They are also necessary when the BIOS/UEFI is bugged and cannot correctly read large disks (e.g. above 2 TB), so GRUB2's own nativedisk and related modules can be used to use its own disk drivers. The example shows one such case. This is also useful for booting from USB. See the GRUB source code for which disk modules are available. The list elements are passed directly as argv arguments to the grub-install program, in order.

Type: list of string

Default: [ ]

Example: [ "--modules=nativedisk ahci pata part_gpt part_msdos diskfilter mdraid1x lvm ext2" ]

Declared by:

Additional shell commands inserted in the bootloader installer script after generating menu entries.

Type: strings concatenated with "\n"

Default: ""

Example:

''
# the example below generates detached signatures that GRUB can verify
# https://www.gnu.org/software/grub/manual/grub/grub.html#Using-digital-signatures
''${pkgs.findutils}/bin/find /boot -not -path "/boot/efi/*" -type f -name '*.sig' -delete
old_gpg_home=$GNUPGHOME
export GNUPGHOME="$(mktemp -d)"
''${pkgs.gnupg}/bin/gpg --import ''${priv_key} > /dev/null 2>&1
''${pkgs.findutils}/bin/find /boot -not -path "/boot/efi/*" -type f -exec ''${pkgs.gnupg}/bin/gpg --detach-sign "{}" \; > /dev/null 2>&1
rm -rf $GNUPGHOME
export GNUPGHOME=$old_gpg_home
''

Declared by:

Additional GRUB commands inserted in the configuration file at the start of each vpsAdminOS menu entry.

Type: strings concatenated with "\n"

Default: ""

Example: "root (hd0)"

Declared by:

Additional bash commands to be run at the script that prepares the GRUB menu entries.

Type: strings concatenated with "\n"

Default: ""

Declared by:

Path to a TrueType, OpenType, or pf2 font to be used by Grub.

Type: null or path

Default: "${pkgs.grub2}/share/grub/unicode.pf2"

Declared by:

Font size for the grub menu. Ignored unless font is set to a ttf or otf font.

Type: null or signed integer

Default: null

Example: 16

Declared by:

Whether to try and forcibly install GRUB even if problems are detected. It is not recommended to enable this unless you know what you are doing.

Type: boolean

Default: false

Declared by:

Whether to force the use of a ia32 boot loader on x64 systems. Required to install and run vpsAdminOS on 64bit x86 systems with 32bit (U)EFI.

Type: boolean

Default: false

Declared by:

Determines how GRUB will identify devices when generating the configuration file. A value of uuid / label signifies that grub will always resolve the uuid or label of the device before using it in the configuration. A value of provided means that GRUB will use the device name as show in df or mount. Note, zfs zpools / datasets are ignored and will always be mounted using their labels.

Type: one of "uuid", "label", "provided"

Default: "uuid"

Declared by:

The gfxmode to pass to GRUB when loading a graphical boot interface under BIOS.

Type: string

Default: "1024x768"

Example: "auto"

Declared by:

The gfxmode to pass to GRUB when loading a graphical boot interface under EFI.

Type: string

Default: "auto"

Example: "1024x768"

Declared by:

The gfxpayload to pass to GRUB when loading a graphical boot interface under BIOS.

Type: string

Default: "text"

Example: "keep"

Declared by:

The gfxpayload to pass to GRUB when loading a graphical boot interface under EFI.

Type: string

Default: "keep"

Example: "text"

Declared by:

Set of iPXE scripts available for booting from the GRUB boot menu.

Type: attribute set of (path or string)

Default: { }

Example:

{ demo = ''
    #!ipxe
    dhcp
    chain http://boot.ipxe.org/demo/boot.php
  '';
}

Declared by:

Mirror the boot configuration to multiple partitions and install grub to the respective devices corresponding to those partitions.

Type: list of (submodule)

Default: [ ]

Example: [ { devices = [ "/dev/disk/by-id/wwn-0x500001234567890a" ] ; path = "/boot1"; } { devices = [ "/dev/disk/by-id/wwn-0x500009876543210a" ] ; path = "/boot2"; } ]

Declared by:

The path to the devices which will have the GRUB MBR written. Note these are typically device paths and not paths to partitions.

Type: list of string

Default: [ ]

Example: [ "/dev/disk/by-id/wwn-0x500001234567890a" "/dev/disk/by-id/wwn-0x500009876543210a" ]

Declared by:

The id of the bootloader to store in efi nvram. The default is to name it vpsAdminOS and append the path or efiSysMountPoint. This is only used if boot.loader.efi.canTouchEfiVariables is true.

Type: null or string

Default: null

Example: "vpsAdminOS-fsid"

Declared by:

The path to the efi system mount point. Usually this is the same partition as the above path and can be left as null.

Type: null or string

Default: null

Example: "/boot1/efi"

Declared by:

The path to the boot directory where GRUB will be written. Generally this boot path should double as an EFI path.

Type: string

Example: "/boot1"

Declared by:

Background image used for GRUB. Set to null to run GRUB in text mode.

Type: null or path

Example: ./my-background.png

Declared by:

Whether to stretch the image or show the image in the top-left corner unstretched.

Type: one of "normal", "stretch"

Default: "stretch"

Declared by:

Path to the Nix store when looking for kernels at boot. Only makes sense when copyKernels is false.

Type: string

Default: "/nix/store"

Declared by:

Grub theme to be used.

Type: null or path

Default: null

Example: pkgs.nixos-grub2-theme

Declared by:

Enable trusted boot. GRUB will measure all critical components during the boot process to offer TCG (TPM) support.

Type: boolean

Default: false

Declared by:

Use a special version of TrustedGRUB that is needed by some HP laptops and works only for the HP laptops.

Type: boolean

Default: false

Declared by:

Assertion that the target system has an activated TPM. It is a safety check before allowing the activation of 'trustedBoot.enable'. TrustedBoot WILL FAIL TO BOOT YOUR SYSTEM if no TPM is available.

Type: string

Default: ""

Example: "YES_TPM_is_activated"

Declared by:

If set to true, append entries for other OSs detected by os-prober.

Type: boolean

Default: false

Declared by:

User accounts for GRUB. When specified, the GRUB command line and all boot options except the default are password-protected. All passwords and hashes provided will be stored in /boot/grub/grub.cfg, and will be visible to any local user who can read this file. Additionally, any passwords and hashes provided directly in a Nix configuration (as opposed to external files) will be copied into the Nix store, and will be visible to all local users.

Type: attribute set of (submodule)

Default: { }

Example: { root = { hashedPasswordFile = "/path/to/file"; } ; }

Declared by:

Specifies the password hash for the account, generated with grub-mkpasswd-pbkdf2. This hash will be copied to the Nix store, and will be visible to all local users.

Type: null or string

Default: null

Example: "grub.pbkdf2.sha512.10000.674DFFDEF76E13EA...2CC972B102CF4355"

Declared by:

Specifies the path to a file containing the password hash for the account, generated with grub-mkpasswd-pbkdf2. This hash will be stored in /boot/grub/grub.cfg, and will be visible to any local user who can read this file.

Type: null or string

Default: null

Example: "/path/to/file"

Declared by:

Specifies the clear text password for the account. This password will be copied to the Nix store, and will be visible to all local users.

Type: null or string

Default: null

Example: "Pa$$w0rd!"

Declared by:

Specifies the path to a file containing the clear text password for the account. This password will be stored in /boot/grub/grub.cfg, and will be visible to any local user who can read this file.

Type: null or string

Default: null

Example: "/path/to/file"

Declared by:

The version of GRUB to use: 1 for GRUB Legacy (versions 0.9x), or 2 (the default) for GRUB 2.

Type: signed integer

Default: 2

Example: 1

Declared by:

Whether GRUB should be built against libzfs. ZFS support is only available for GRUB v2. This option is ignored for GRUB v1.

Type: boolean

Default: false

Declared by:

Type: null or signed integer

Default: 5

Declared by:

Type: boolean

Default: true

Example: true

Declared by:

Shell commands to be executed just before runit is started.

Type: strings concatenated with "\n"

Default: ""

Example: "rm -f /var/log/messages"

Declared by:

Action to take automatically if stage-1 fails. n - create new pool (may also erase disks and run partitioning if configured) i - interactive shell r - reboot * - ignore Useful for unattended installations and testing.

Type: one of "", "n", "i", "r", "*"

Default: ""

Declared by:

mount proc with hidepid=2

Type: boolean

Default: false

Declared by:

QEMU runner

Type: boolean

Default: false

Declared by:

Disks available within the VM

Type: list of (submodule)

Default: [ { create = true; device = "sda.img"; size = "8G"; type = "file"; } ]

Declared by:

Create the device if it does not exist. Applicable only for file-backed devices.

Type: boolean

Default: false

Declared by:

Path to the disk device

Type: string

Declared by:

Device size

Type: string

Default: ""

Declared by:

Device type

Type: one of "file", "blockdev"

Declared by:

Type: string

Default: "25%"

Example: "256m"

Declared by:

Type: list of string (with check: non-empty without trailing slash)

Default: [ ]

Example: [ "/persist" ]

Declared by:

Type: null or string (with check: non-empty)

Default: null

Example: "/dev/sda"

Declared by:

Type: string (with check: non-empty)

Default: "auto"

Example: "ext3"

Declared by:

Type: string (with check: non-empty without trailing slash)

Example: "/mnt/usb"

Declared by:

Type: list of string (with check: non-empty)

Default: [ "defaults" ]

Example: [ "data=journal" ]

Declared by:

Type: list of string

Default: [ ]

Example: [ "btrfs" ]

Declared by:

Type: boolean

Default: false

Declared by:

Directories used to search disk devices. This should be a path under /dev containing stable names for all devices needed, as import may fail if device nodes are renamed concurrently with a device failing.

Type: list of string

Default: [ "/dev/disk/by-id" ]

Declared by:

Forcibly import the ZFS root pool(s) during early boot.

Type: boolean

Default: false

Declared by:

Type: submodule

Default: { }

Declared by:

spl module load time options

Type: attribute set of (module option value)

Default: { }

Example:

{ "spl_taskq_thread_priority" = true; "spl_taskq_thread_sequential" = 2; }

Declared by:

zfs module load time options

Type: attribute set of (module option value)

Default: { }

Example:

{ "zfs_arc_min" = 1073741824; }

Declared by:

Type: attribute set of (submodule)

Default: { }

Declared by:

Devices used for secondary read cache (L2ARC).

Type: list of string

Default: [ ]

Example: [ "sde2" "sdf2" ]

Declared by:

Declaratively create ZFS file systems or volumes and configure properties. Dataset names are relative to the pool and optionally may start with a slash. Configured properties are passed directly to ZFS, see man zfs(8) for more information. No dataset is ever destroyed and properties removed from the configuration are not unset once deployed. To reset a property, set its value to `inherit`.

Type: attribute set of (submodule)

Default: { / = { properties = { xattr = { _type = "override"; content = "sa"; priority = 1000; } ; } ; } ; }

Example: { / = { properties = { sharenfs = "on"; } ; } ; data = { properties = { quota = "100G"; } ; } ; volume = { properties = { volsize = "50G"; } ; type = "volume"; } ; }

Declared by:

ZFS properties, see man zfs(8).

Type: attribute set

Default: { }

Declared by:

Dataset type

Type: one of "filesystem", "volume"

Default: "filesystem"

Declared by:

Determines whether disks are partitioned and zpool is created when the pool cannot be imported, suggesting it does not exist. Do not enable this in production, existing pools might fail to import for unforeseen reasons and recreating them will result in data loss.

Type: boolean

Default: false

Declared by:

Pool ID used for importing.

Type: null or string

Default: null

Declared by:

Number of attempts to cleanly import the pool with all devices present. After the attempts are spent, even a degraded pool will be imported. If the pool still can't be imported, the service will either fail or create the pool if option boot.zfs.pools.<name>.doCreate is enabled.

Type: 3 or more

Default: 60

Declared by:

Import the pool into osctld to be used for containers.

Type: boolean

Default: false

Declared by:

Pool layout to pass to zpool create. The pool can be created either manually using script do-create-pool-<pool> or automatically when boot.zfs.pools.<pool>.doCreate is set and the pool cannot be imported.

Type: list of (submodule)

Default: [ ]

Declared by:

List of device names.

Type: list of string

Declared by:

Virtual device type, see man zpool(8) for more information.

Type: one of "stripe", "mirror", "raidz", "raidz1", "raidz2", "raidz3"

Default: "stripe"

Example: "mirror"

Declared by:

Devices used for ZFS Intent Log (ZIL).

Type: list of (submodule)

Default: [ ]

Example: { devices = [ "sde1" "sdf1" ] ; mirror = true; }

Declared by:

List of device names.

Type: list of string

Declared by:

Determines whether the log devices will be mirrored or not.

Type: boolean

Declared by:

Partition disks This creates a sfdisk input for simple partitioning, X in 'pX' means partition number. If sizeGB is not specified the rest of the dist will be used for this partition.

Type: attribute set of attribute set of (submodule)

Default: { }

Example: { sde = { p1 = { sizeGB = 20; } ; p2 = { sizeGB = 10; type = "fd"; } ; p3 = { } ; } ; }

Declared by:

Partition size in gigabytes

Type: null or positive integer, meaning >0

Default: null

Declared by:

Partition type (list with `sfdisk -T`)

Type: value "fd" (singular enum)

Default: "fd"

Declared by:

zpool properties, see man zpool(8) for more information.

Type: attribute set

Default: { }

Example: { readonly = "on"; }

Declared by:

Enables periodic scrubbing

Type: boolean

Default: false

Declared by:

Optionally override the auto-generated command used to pause scrub of the pool. Defaults to scrubctl pause <pool>.

Type: null or string

Default: null

Declared by:

Date and time expression for when to pause a running scrub in a crontab format, i.e. minute, hour, day of month, month and day of month separated by spaces.

Type: list of string

Default: [ ]

Declared by:

Optionally override the auto-generated command used to resume scrub of the pool. Defaults to scrubctl resume <pool>.

Type: null or string

Default: null

Declared by:

Date and time expression for when to resume a paused scrub in a crontab format, i.e. minute, hour, day of month, month and day of month separated by spaces.

Type: list of string

Default: [ ]

Declared by:

Optionally override the auto-generated command used to scrub the pool. Defaults to scrubctl start <pool>.

Type: null or string

Default: null

Declared by:

Date and time expression for when to scrub the pool in a crontab format, i.e. minute, hour, day of month, month and day of month separated by spaces.

Type: list of string

Default: [ ]

Declared by:

Determines whether ZFS filesystems with sharenfs set should be exported. When set to always, zfs share is run every time the service is started. When set to once, filesystems are exported only once for this pool, e.g. when the service is restarted on upgrade, filesystems are not reexported. off disables automated exporting completely.

Type: one of "always", "once", "off"

Default: "always"

Declared by:

List of devices to be used as hot spares.

Type: list of string

Default: [ ]

Declared by:

Wipe disks prior to disk partitioning and pool creation (dangerous!). Uses dd to erase first and last 1024 sectors of the device.

Type: list of string

Default: [ ]

Example: [ "sda" "sdb" ]

Declared by:

TODO

Type: package

Default: (build of zfs-user-2.0-vpsadminos)

Declared by:

Type: boolean

Default: false

Declared by:

Type: attribute set of (submodule)

Default: { }

Example:

{ example-configuration-file =
    { source = "/nix/store/.../etc/dir/file.conf.example";
      mode = "0440";
    };
  "default/useradd".text = "GROUP=100 ...";
}

Declared by:

Type: boolean

Default: true

Declared by:

Type: signed integer

Default: 0

Declared by:

Type: string

Default: "+0"

Declared by:

Type: string

Default: "symlink"

Example: "0600"

Declared by:

Type: path

Declared by:

Type: string

Declared by:

Type: null or strings concatenated with "\n"

Default: null

Declared by:

Type: signed integer

Default: 0

Declared by:

Type: string

Default: "+0"

Declared by:

Type: strings concatenated with "\n"

Default: ""

Declared by:

List of additional package outputs to be symlinked into /run/current-system/sw.

Type: list of string

Default: [ ]

Example: [ "doc" "info" "docdev" ]

Declared by:

Type: boolean

Default: false

Declared by:

Type: strings concatenated with "\n"

Default: ""

Declared by:

Type: boolean

Default: false

Declared by:

Type: strings concatenated with "\n"

Default: ""

Declared by:

List of directories to be symlinked in /run/current-system/sw.

Type: list of string

Default: [ ]

Example: [ "/" ]

Declared by:

Type: attribute set of list of string

Example: { MANPATH = [ "/man" "/share/man" ] ; PATH = [ "/bin" ] ; }

Declared by:

Type: attribute set of list of string

Example: { MANPATH = [ "/man" "/share/man" ] ; PATH = [ "/bin" ] ; }

Declared by:

Type: list of string

Default: [ ]

Declared by:

Type: attribute set of (string or list of string)

Default: { }

Declared by:

Type: attribute set of (null or string or path)

Example: { l = null; ll = "ls -l"; }

Declared by:

Type: strings concatenated with "\n"

Default: ""

Declared by:

Type: list of (package or path)

Default: [ ]

Example: [ pkgs.bashInteractive pkgs.zsh ]

Declared by:

Type: list of package

Default: [ ]

Example: [ pkgs.firefox pkgs.thunderbird ]

Declared by:

Type: attribute set of (string or list of string)

Default: { }

Example: { EDITOR = "nvim"; VISUAL = "nvim"; }

Declared by:

Type: attribute set of (submodule)

Default: { }

Example:

{
  "/".device = "/dev/hda1";
  "/data" = {
    device = "/dev/hda2";
    fsType = "ext3";
    options = [ "data=journal" ];
  };
  "/bigdisk".label = "bigdisk";
}

Declared by:

Type: boolean

Default: false

Declared by:

Type: boolean

Default: false

Declared by:

Type: list of string (with check: non-empty without trailing slash)

Default: [ ]

Example: [ "/persist" ]

Declared by:

Type: null or string (with check: non-empty)

Default: null

Example: "/dev/sda"

Declared by:

Type: string

Default: ""

Declared by:

Type: string (with check: non-empty)

Default: "auto"

Example: "ext3"

Declared by:

Type: null or string (with check: non-empty)

Default: null

Example: "root-partition"

Declared by:

Type: string (with check: non-empty without trailing slash)

Example: "/mnt/usb"

Declared by:

If set, this file system will be mounted in the initial ramdisk. By default, this applies to the root file system and to the file system containing /nix/store.

Type: boolean

Default: false

Declared by:

Type: boolean

Default: false

Declared by:

Type: list of string (with check: non-empty)

Default: [ "defaults" ]

Example: [ "data=journal" ]

Declared by:

Type: boolean

Default: false

Declared by:

Type: boolean

Default: config.hardware.enableAllFirmware

Declared by:

Type: list of package

Default: [ ]

Declared by:

Type: boolean

Default: false

Declared by:

Type: string

Default: "en_US.UTF-8"

Example: "nl_NL.UTF-8"

Declared by:

Type: attribute set of string

Default: { }

Example: { LC_MESSAGES = "en_US.UTF-8"; LC_TIME = "de_DE.UTF-8"; }

Declared by:

Type: path

Default:

pkgs.glibcLocales.override {
  allLocales = any (x: x == "all") config.i18n.supportedLocales;
  locales = config.i18n.supportedLocales;
}

Example: pkgs.glibcLocales

Declared by:

Type: list of string

Default:

unique
  (builtins.map (l: (replaceStrings [ "utf8" "utf-8" "UTF8" ] [ "UTF-8" "UTF-8" "UTF-8" ] l) + "/UTF-8") (
    [
      "C.UTF-8"
      config.i18n.defaultLocale
    ] ++ (attrValues (filterAttrs (n: v: n != "LANGUAGE") config.i18n.extraLocaleSettings))
  ))

Example: [ "en_US.UTF-8/UTF-8" "nl_NL.UTF-8/UTF-8" "nl_NL/ISO-8859-1" ]

Declared by:

Type: unspecified value

Declared by:

Type: attribute set of (attribute set)

Default: { }

Declared by:

Type: floating point number

Declared by:

Type: floating point number

Declared by:

Type: one of "manual", "geoclue2"

Default: "manual"

Declared by:

Whether to install the HTML manual.

Type: boolean

Default: false

Declared by:

Whether to install a JSON formatted list of all vpsAdminOS options. This can be located at <profile directory>/share/doc/vpsadminos/options.json, and may be used for navigating definitions, auto-completing, and other miscellaneous tasks.

Type: boolean

Default: false

Example: true

Declared by:

Whether to install the configuration manual page. The manual can be reached by man configuration.nix.

Type: boolean

Default: true

Example: false

Declared by:

Type: unspecified value

Default: true

Declared by:

use Chrony daemon for network time synchronization

Type: boolean

Default: true

Declared by:

Custom set of commands used to set-up networking

Type: strings concatenated with "\n"

Default: ""

Example:

''

          ip addr add 10.0.0.1 dev ix0
          ip link set ix0 up
        ''

Declared by:

use DHCP to obtain IP

Type: boolean

Default: false

Declared by:

Whether to enable Enable dhcpd for lxc containers.

Type: boolean

Default: false

Example: true

Declared by:

The domain. It can be left empty if it is auto-detected through DHCP.

Type: null or string

Default: null

Example: "home"

Declared by:

Additional verbatim entries to be appended to /etc/hosts.

Type: strings concatenated with "\n"

Default: ""

Example: "192.168.0.1 lanlocalhost"

Declared by:

Type: boolean

Default: true

Declared by:

Type: package

Default: pkgs.iptables

Example: pkgs.iptables-legacy

Declared by:

Type: boolean

Default: true

Declared by:

Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ ]

Example: [ { from = 8999; to = 9003; } ]

Declared by:

Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ ]

Example: [ 22 80 ]

Declared by:

Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ ]

Example: [ { from = 60000; to = 61000; } ]

Declared by:

Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ ]

Example: [ 53 ]

Declared by:

Type: boolean

Default: false

Declared by:

Type: boolean or one of "strict", "loose"

Default: { _type = "literalMD"; text = "`true` if supported by the chosen kernel"; }

Example: "loose"

Declared by:

Type: list of string

Default: [ ]

Example: [ "ftp" "irc" "sane" "sip" "tftp" "amanda" "h323" "netbios_sn" "pptp" "snmp" ]

Declared by:

Type: strings concatenated with "\n"

Default: ""

Example: "iptables -A INPUT -p icmp -j ACCEPT"

Declared by:

Type: list of package

Default: [ ]

Example: [ pkgs.ipset ]

Declared by:

Type: strings concatenated with "\n"

Default: ""

Example: "iptables -P INPUT ACCEPT"

Declared by:

Type: attribute set of (submodule)

Default: { }

Declared by:

Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ ]

Example: [ { from = 8999; to = 9003; } ]

Declared by:

Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ ]

Example: [ 22 80 ]

Declared by:

Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ ]

Example: [ { from = 60000; to = 61000; } ]

Declared by:

Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ ]

Example: [ 53 ]

Declared by:

Type: boolean

Default: true

Declared by:

Type: boolean

Default: false

Declared by:

Type: boolean

Default: true

Declared by:

Type: boolean

Default: false

Declared by:

Type: null or strings concatenated with " "

Default: null

Example: "--limit 1/minute --limit-burst 5"

Declared by:

Type: boolean

Default: false

Declared by:

Type: list of string

Default: [ ]

Example: [ "enp0s2" ]

Declared by:

Type: unspecified value

Declared by:

machine hostname

Type: string

Default: "default"

Declared by:

Locally defined maps of hostnames to IP addresses.

Type: attribute set of list of string

Default: { }

Example:

{
  "127.0.0.1" = [ "foo.bar.baz" ];
  "192.168.0.2" = [ "fileserver.local" "nameserver.local" ];
};

Declared by:

create lxc bridge interface

Type: boolean

Default: false

Declared by:

The list of nameservers. It can be left empty if it is auto-detected through DHCP.

Type: list of string

Default: [ ]

Example: [ "208.67.222.222" "208.67.220.220" ]

Declared by:

enable NAT for containers

Type: boolean

Default: true

Declared by:

Set of commands run prior to any other network configuration

Type: strings concatenated with "\n"

Default: ""

Declared by:

The list of search paths used when resolving domain names.

Type: list of string

Default: [ ]

Example: [ "example.com" "local.domain" ]

Declared by:

use static networking configuration

Type: boolean

Default: false

Declared by:

gateway IP address for static networking configuration

Type: string

Default: "10.0.2.2"

Declared by:

interface for static networking configuration

Type: string

Default: "eth0"

Declared by:

IP address for static networking configuration

Type: string

Default: "10.0.2.15"

Declared by:

route

Type: string

Default: "10.0.2.0/24"

Declared by:

The set of NTP servers from which to synchronise.

Type: unspecified value

Default: [ "0.nixos.pool.ntp.org" "1.nixos.pool.ntp.org" "2.nixos.pool.ntp.org" "3.nixos.pool.ntp.org" ]

Declared by:

Alias of networking.dhcp.

Type: boolean

Declared by:

A list URLs which are queried. We are online when any one of these sends a HTTP response.

Type: list of string

Default: [ "http://1.1.1.1" "http://vpsadminos.org" ]

Declared by:

Which method to use to check network connectivity

Type: one of "ping", "http"

Default: "ping"

Declared by:

A list of hosts which are pinged. We are online when any one of these pongs back.

Type: list of string

Default: [ "8.8.8.8" "1.1.1.1" ]

Declared by:

Type: boolean

Default: true

Declared by:

Type: package

Default: pkgs.nix

Declared by:

Type: list of (submodule)

Default: [ ]

Declared by:

Type: string

Example: "nixbuilder.example.org"

Declared by:

Type: list of string

Default: [ ]

Example: [ "big-parallel" ]

Declared by:

Type: signed integer

Default: 1

Declared by:

Type: one of <null>, "ssh", "ssh-ng"

Default: "ssh"

Example: "ssh-ng"

Declared by:

Type: null or string

Default: null

Declared by:

Type: signed integer

Default: 1

Declared by:

Type: null or string

Default: null

Example: "/root/.ssh/id_buildhost_builduser"

Declared by:

Type: null or string

Default: null

Example: "builder"

Declared by:

Type: list of string

Default: [ ]

Example: [ "kvm" "big-parallel" ]

Declared by:

Type: null or string

Default: null

Example: "x86_64-linux"

Declared by:

Type: list of string

Default: [ ]

Example: [ "x86_64-linux" "aarch64-linux" ]

Declared by:

Type: boolean

Default: true

Declared by:

Type: boolean

Default: true

Declared by:

Whether to enable Enable nix daemon.

Type: boolean

Default: false

Example: true

Declared by:

Type: one of "other", "batch", "idle"

Default: "other"

Example: "batch"

Declared by:

Type: one of "best-effort", "idle"

Default: "best-effort"

Example: "idle"

Declared by:

Type: signed integer

Default: 4

Example: 1

Declared by:

Type: boolean

Default: false

Declared by:

Type: strings concatenated with "\n"

Default: ""

Example:

''
keep-outputs = true
keep-derivations = true
''

Declared by:

Type: list of string

Default: [ "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos" "nixos-config=/etc/nixos/configuration.nix" "/nix/var/nix/profiles/per-user/root/channels" ]

Declared by:

Type: signed integer

Declared by:

Type: boolean

Default: true

Declared by:

Type: attribute set of (submodule)

Default: { }

Declared by:

Type: boolean

Default: true

Declared by:

Type: null or (attribute set)

Default: null

Example: nixpkgs

Declared by:

Type: attribute set of (string or signed integer or boolean or path or package)

Example: { id = "nixpkgs"; type = "indirect"; }

Declared by:

Type: attribute set of (string or signed integer or boolean or path or package)

Example: { owner = "my-org"; repo = "my-nixpkgs"; type = "github"; }

Declared by:

Type: attribute set of (Nix config atom (null, bool, int, float, str, path or package) or list of (Nix config atom (null, bool, int, float, str, path or package)))

Default: { }

Example:

{
  use-sandbox = true;
  show-trace = true;

  system-features = [ "big-parallel" "kvm" "recursive-nix" ];
  sandbox-paths = { "/bin/sh" = "${pkgs.busybox-sandbox-shell.out}/bin/busybox"; };
}

Declared by:

Type: list of string

Default: [ "*" ]

Example: [ "@wheel" "@builders" "alice" "bob" ]

Declared by:

Type: boolean

Default: false

Example: true

Declared by:

Type: signed integer

Default: 0

Example: 64

Declared by:

Type: list of string

Default: [ ]

Example: [ "/dev" "/proc" ]

Declared by:

Type: signed integer or value "auto" (singular enum)

Default: "auto"

Example: 64

Declared by:

Type: boolean

Default: true

Declared by:

Type: boolean or value "relaxed" (singular enum)

Default: true

Declared by:

Type: list of string

Declared by:

Type: list of string

Example: [ "kvm" "big-parallel" "gccarch-skylake" ]

Declared by:

Type: list of string

Example: [ "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ]

Declared by:

Type: list of string

Default: [ ]

Example: [ "https://hydra.nixos.org/" ]

Declared by:

Type: list of string

Default: [ "root" ]

Example: [ "root" "alice" "@wheel" ]

Declared by:

Type: string or (attribute set)

Default: config.nixpkgs.hostPlatform

Example: { config = "x86_64-unknown-linux-gnu"; system = "x86_64-linux"; }

Declared by:

Type: nixpkgs config

Default: { }

Example:

{ allowBroken = true; allowUnfree = true; }

Declared by:

Type: null or (attribute set)

Default: null

Example: { config = "aarch64-unknown-linux-gnu"; system = "aarch64-linux"; }

Declared by:

Type: string or (attribute set)

Default: (import "${nixos}/../lib").lib.systems.examples.aarch64-multiplatform

Example: { config = "aarch64-unknown-linux-gnu"; system = "aarch64-linux"; }

Declared by:

Type: attribute set

Default: (import "${nixos}/../lib").lib.systems.examples.aarch64-multiplatform

Example: { config = "aarch64-unknown-linux-gnu"; system = "aarch64-linux"; }

Declared by:

Type: list of (nixpkgs overlay)

Default: [ ]

Example:

[
  (self: super: {
    openssh = super.openssh.override {
      hpnSupport = true;
      kerberos = self.libkrb5;
    };
  })
]

Declared by:

Type: An evaluation of Nixpkgs; the top level attribute set of packages

Default:

import "${nixos}/.." {
  inherit (cfg) config overlays localSystem crossSystem;
}

Example: import <nixpkgs> {}

Declared by:

Type: string

Default: { _type = "literalMD"; text = "Traditionally `builtins.currentSystem`, but unset when invoking NixOS through `lib.nixosSystem`.\n"; }

Example: "i686-linux"

Declared by:

Type: boolean

Default: true

Declared by:

Enable osctl-exporter.

Type: boolean

Default: false

Declared by:

Address to listen on.

Type: string

Default: "0.0.0.0"

Declared by:

Port to listen on.

Type: signed integer

Default: 9101

Declared by:

Enable osctl-exportfs integration.

Type: boolean

Default: false

Declared by:

osctl pools to configure

Type: attribute set of (submodule)

Default: { }

Declared by:

osctl containers to include

Type: attribute set of (submodule)

Default: { }

Declared by:

Architecture of the distribution to install, must be compatible with the host's architecture.

Type: null or string

Default: null

Declared by:

Autostart options See also https://vpsadminos.org/containers/auto-starting/

Type: null or (submodule)

Default: null

Example: { delay = 5; enable = true; priority = 1000; }

Declared by:

Whether to enable Enable container autostart.

Type: boolean

Default: false