Appendix A. Configuration Options

boot.enableUnifiedCgroupHierarchy

Whether to enable the unified cgroup hierarchy (cgroupsv2). This feature is experimental.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/system/activation/top-level.nix>
boot.blacklistedKernelModules

Type: list of string

Default: [ ]

Example: [ "cirrusfb" "i2c_piix4" ]

Declared by:

<nixpkgs/nixos/modules/system/boot/modprobe.nix>
boot.consoleLogLevel

Type: signed integer

Default: 4

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.crashDump.enable

If enabled, NixOS will set up a kernel that will boot on crash, and leave the user in systemd rescue to be able to save the crashed kernel dump at /proc/vmcore. It also activates the NMI watchdog.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/misc/crashdump.nix>
boot.crashDump.consoleSerial.enable

Enable the serial console.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/misc/crashdump.nix>
boot.crashDump.consoleSerial.baudRate

Specify the baud rate of the serial port.

Type: signed integer

Default: 115200

Declared by:

<vpsadminos/os/modules/misc/crashdump.nix>
boot.crashDump.consoleSerial.port

Specify the serial port for debug output.

Type: string

Default: "ttyS0"

Declared by:

<vpsadminos/os/modules/misc/crashdump.nix>
boot.crashDump.consoleVGA.enable

Enable the VGA console.

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/misc/crashdump.nix>
boot.crashDump.consoleVGA.reset

Attempt to reset a standard VGA device.

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/misc/crashdump.nix>
boot.crashDump.execAfterDump

shell commands to be executed after makedumpfile outputs /dmesg

Type: string

Default: ""

Declared by:

<vpsadminos/os/modules/misc/crashdump.nix>
boot.crashDump.kernelParams

parameters that will be passed to the kernel kexec-ed on crash.

Type: list of string

Default: [ "1" "boot.shell_on_fail" "loglevel=8" ]

Declared by:

<vpsadminos/os/modules/misc/crashdump.nix>
boot.crashDump.reservedMemory

The amount of memory reserved for the crashdump kernel. If you choose a too high value, dmesg will mention "crashkernel reservation failed".

Type: string

Default: "512M"

Declared by:

<vpsadminos/os/modules/misc/crashdump.nix>
boot.devShmSize

Type: string

Default: "50%"

Example: "256m"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.devSize

Type: string

Default: "5%"

Example: "32m"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.extraModprobeConfig

Type: strings concatenated with "\n"

Default: ""

Example:

''
options parport_pc io=0x378 irq=7 dma=1
''

Declared by:

<nixpkgs/nixos/modules/system/boot/modprobe.nix>
boot.extraModulePackages

Type: list of package

Default: [ ]

Example: [ config.boot.kernelPackages.nvidia_x11 ]

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.initrd.enable

Whether to enable the NixOS initial RAM disk (initrd). This may be needed to perform some initialisation tasks (like mounting network/encrypted file systems) before continuing the boot process.

Type: boolean

Default: "!config.boot.isContainer"

Declared by:

<vpsadminos/os/modules/system/boot/stage-1.nix>
boot.initrd.availableKernelModules

Type: list of string

Default: [ ]

Example: [ "sata_nv" "ext3" ]

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.initrd.includeDefaultModules

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.initrd.kernelModules

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.initrd.network.enable

Add network connectivity support to initrd. The network may be configured using the ip kernel parameter, as described in the kernel documentation. Otherwise, if networking.useDHCP is enabled, an IP address is acquired using DHCP. You should add the module(s) required for your network card to boot.initrd.availableKernelModules. lspci -v | grep -iA8 'network\|ethernet' will tell you which.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/system/boot/initrd-network.nix>
boot.initrd.network.flushBeforeStage2

Whether to clear the configuration of the interfaces that were set up in the initrd right before stage 2 takes over. Stage 2 will do the regular network configuration based on the NixOS networking options.

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/system/boot/initrd-network.nix>
boot.initrd.network.postCommands

Shell commands to be executed after stage 1 of the boot has initialised the network.

Type: strings concatenated with "\n"

Default: ""

Declared by:

<vpsadminos/os/modules/system/boot/initrd-network.nix>
boot.initrd.network.setClock

Set clock in initrd using NTP servers in networking.timeServers

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/system/boot/initrd-network.nix>
boot.initrd.network.ssh.enable

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
boot.initrd.network.ssh.authorizedKeys

Type: list of string

Default: config.users.users.root.openssh.authorizedKeys.keys

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
boot.initrd.network.ssh.extraConfig

Type: strings concatenated with "\n"

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
boot.initrd.network.ssh.hostKeys

Type: list of (string or path)

Default: [ ]

Example: [ "/etc/secrets/initrd/ssh_host_rsa_key" "/etc/secrets/initrd/ssh_host_ed25519_key" ]

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
boot.initrd.network.ssh.port

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: 22

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
boot.initrd.network.ssh.shell

Type: string

Default: "/bin/ash"

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
boot.initrd.network.udhcpc.extraArgs

Additional command-line arguments passed verbatim to udhcpc if boot.initrd.network.enable and networking.useDHCP are enabled.

Type: list of string

Default: [ ]

Declared by:

<vpsadminos/os/modules/system/boot/initrd-network.nix>
boot.initrd.network.useDHCP

Whether to use DHCP in the initrd.

Type: null or boolean

Default: null

Declared by:

<vpsadminos/os/modules/system/boot/initrd-network.nix>
boot.initrd.postDeviceCommands

Shell commands to be executed immediately after stage 1 of the boot has loaded kernel modules and created device nodes in /dev.

Type: strings concatenated with "\n"

Default: ""

Declared by:

<vpsadminos/os/modules/system/boot/stage-1.nix>
boot.initrd.postMountCommands

Shell commands to be executed immediately after the stage 1 filesystems have been mounted.

Type: strings concatenated with "\n"

Default: ""

Declared by:

<vpsadminos/os/modules/system/boot/stage-1.nix>
boot.initrd.preFailCommands

Shell commands to be executed before the failure prompt is shown.

Type: strings concatenated with "\n"

Default: ""

Declared by:

<vpsadminos/os/modules/system/boot/stage-1.nix>
boot.initrd.preLVMCommands

Shell commands to be executed immediately before LVM discovery. vpsAdminOS actually does not support LVM, this is just for compatibility with other modules.

Type: strings concatenated with "\n"

Default: ""

Declared by:

<vpsadminos/os/modules/system/boot/stage-1.nix>
boot.initrd.supportedFilesystems

Names of supported filesystem types in the initial ramdisk.

Type: list of string

Default: [ ]

Example: [ "btrfs" ]

Declared by:

<vpsadminos/os/modules/system/boot/stage-1.nix>
boot.initrd.systemd

Type: unspecified value

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
boot.initrd.withHwSupport

Include hardware support kernel modules in initrd (so e.g. zfs sees disks)

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/config/kernel.nix>
boot.isContainer

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/system/activation/top-level.nix>
boot.kernel.enable

Type: boolean

Default: true

Example: true

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.kernel.randstructSeed

Type: string

Default: ""

Example: "my secret seed"

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.kernel.sysctl

Type: attribute set of (sysctl option value)

Default: { }

Example:

{ "net.ipv4.tcp_syncookies" = false; "vm.swappiness" = 60; }

Declared by:

<nixpkgs/nixos/modules/config/sysctl.nix>
boot.kernel.sysctl."net.core.rmem_max"

Type: null or unsigned integer, meaning >=0

Default: null

Declared by:

<nixpkgs/nixos/modules/config/sysctl.nix>
boot.kernelModules

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.kernelPackage

base linux kernel package

Type: package

Default: (build of linux-5.10.164)

Declared by:

<vpsadminos/os/modules/config/kernel.nix>
boot.kernelPackages

Type: raw value

Default: pkgs.linuxPackages

Example: pkgs.linuxKernel.packages.linux_5_10

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.kernelParams

Type: list of string, with spaces inside double quotes

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.kernelPatches

Type: list of (attribute set)

Default: [ ]

Example: [ pkgs.kernelPatches.ubuntu_fan_4_4 ]

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.kernelVersion

TODO

Type: string

Default: "5.10.164"

Declared by:

<vpsadminos/os/modules/config/kernel.nix>
boot.loader.efi.canTouchEfiVariables

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/efi.nix>
boot.loader.efi.efiSysMountPoint

Type: string

Default: "/boot"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/efi.nix>
boot.loader.generationsDir.enable

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix>
boot.loader.generationsDir.copyKernels

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix>
boot.loader.grub.enable

Whether to enable the GNU GRUB boot loader.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.enableCryptodisk

Enable support for encrypted partitions. GRUB should automatically unlock the correct encrypted partition and look for filesystems.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.backgroundColor

Background color to be used for GRUB to fill the areas the image isn't filling.

Note

This options has no effect for GRUB 1.

Type: null or string

Default: null

Example: "#7EBAE4"

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.configurationLimit

Maximum of configurations in boot menu. GRUB has problems when there are too many entries.

Type: signed integer

Default: 100

Example: 120

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.configurationName

GRUB entry name instead of default.

Type: string

Default: ""

Example: "Stable 2.6.21"

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.copyKernels

Whether the GRUB menu builder should copy kernels and initial ramdisks to /boot. This is done automatically if /boot is on a different partition than /.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.default

Index of the default menu item to be booted. Can also be set to "saved", which will make GRUB select the menu item that was used at the last boot.

Type: signed integer or string

Default: "0"

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.device

The device on which the GRUB boot loader will be installed. The special value nodev means that a GRUB boot menu will be generated, but GRUB itself will not actually be installed. To install GRUB on multiple devices, use boot.loader.grub.devices.

Type: string

Default: ""

Example: "/dev/disk/by-id/wwn-0x500001234567890a"

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.devices

The devices on which the boot loader, GRUB, will be installed. Can be used instead of device to install GRUB onto multiple devices.

Type: list of string

Default: [ ]

Example: [ "/dev/disk/by-id/wwn-0x500001234567890a" ]

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.efiInstallAsRemovable

Whether to invoke grub-install with --removable.

Unless you turn this on, GRUB will install itself somewhere in boot.loader.efi.efiSysMountPoint (exactly where depends on other config variables). If you've set boot.loader.efi.canTouchEfiVariables *AND* you are currently booted in UEFI mode, then GRUB will use efibootmgr to modify the boot order in the EFI variables of your firmware to include this location. If you are *not* booted in UEFI mode at the time GRUB is being installed, the NVRAM will not be modified, and your system will not find GRUB at boot time. However, GRUB will still return success so you may miss the warning that gets printed ("efibootmgr: EFI variables are not supported on this system.").

If you turn this feature on, GRUB will install itself in a special location within efiSysMountPoint (namely EFI/boot/boot$arch.efi) which the firmwares are hardcoded to try first, regardless of NVRAM EFI variables.

To summarize, turn this on if:

  • You are installing vpsAdminOS and want it to boot in UEFI mode, but you are currently booted in legacy mode

  • You want to make a drive that will boot regardless of the NVRAM state of the computer (like a USB "removable" drive)

  • You simply dislike the idea of depending on NVRAM state to make your drive bootable

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.efiSupport

Whether GRUB should be built with EFI support. EFI support is only available for GRUB v2. This option is ignored for GRUB v1.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraConfig

Additional GRUB commands inserted in the configuration file just before the menu entries.

Type: strings concatenated with "\n"

Default: ""

Example:

''
serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1
terminal_input --append serial
terminal_output --append serial
''

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraEntries

Any additional entries you want added to the GRUB boot menu.

Type: strings concatenated with "\n"

Default: ""

Example:

''
# GRUB 1 example (not GRUB 2 compatible)
title Windows
  chainloader (hd0,1)+1

# GRUB 2 example
menuentry "Windows 7" {
  chainloader (hd0,4)+1
}

# GRUB 2 with UEFI example, chainloading another distro
menuentry "Fedora" {
  set root=(hd1,1)
  chainloader /efi/fedora/grubx64.efi
}
''

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraEntriesBeforeVpsAdminOS

Whether extraEntries are included before the default option.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraFiles

A set of files to be copied to /boot. Each attribute name denotes the destination file name in /boot, while the corresponding attribute value specifies the source file.

Type: attribute set of path

Default: { }

Example:

{ "memtest.bin" = "${pkgs.memtest86plus}/memtest.bin"; }

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraGrubInstallArgs

Additional arguments passed to grub-install. A use case for this is to build specific GRUB2 modules directly into the GRUB2 kernel image, so that they are available and activated even in the grub rescue shell. They are also necessary when the BIOS/UEFI is bugged and cannot correctly read large disks (e.g. above 2 TB), so GRUB2's own nativedisk and related modules can be used to use its own disk drivers. The example shows one such case. This is also useful for booting from USB. See the GRUB source code for which disk modules are available. The list elements are passed directly as argv arguments to the grub-install program, in order.

Type: list of string

Default: [ ]

Example: [ "--modules=nativedisk ahci pata part_gpt part_msdos diskfilter mdraid1x lvm ext2" ]

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraInstallCommands

Additional shell commands inserted in the bootloader installer script after generating menu entries.

Type: strings concatenated with "\n"

Default: ""

Example:

''
# the example below generates detached signatures that GRUB can verify
# https://www.gnu.org/software/grub/manual/grub/grub.html#Using-digital-signatures
''${pkgs.findutils}/bin/find /boot -not -path "/boot/efi/*" -type f -name '*.sig' -delete
old_gpg_home=$GNUPGHOME
export GNUPGHOME="$(mktemp -d)"
''${pkgs.gnupg}/bin/gpg --import ''${priv_key} > /dev/null 2>&1
''${pkgs.findutils}/bin/find /boot -not -path "/boot/efi/*" -type f -exec ''${pkgs.gnupg}/bin/gpg --detach-sign "{}" \; > /dev/null 2>&1
rm -rf $GNUPGHOME
export GNUPGHOME=$old_gpg_home
''

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraPerEntryConfig

Additional GRUB commands inserted in the configuration file at the start of each vpsAdminOS menu entry.

Type: strings concatenated with "\n"

Default: ""

Example: "root (hd0)"

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraPrepareConfig

Additional bash commands to be run at the script that prepares the GRUB menu entries.

Type: strings concatenated with "\n"

Default: ""

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.font

Path to a TrueType, OpenType, or pf2 font to be used by Grub.

Type: null or path

Default: "${pkgs.grub2}/share/grub/unicode.pf2"

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.fontSize

Font size for the grub menu. Ignored unless font is set to a ttf or otf font.

Type: null or signed integer

Default: null

Example: 16

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.forceInstall

Whether to try and forcibly install GRUB even if problems are detected. It is not recommended to enable this unless you know what you are doing.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.forcei686

Whether to force the use of a ia32 boot loader on x64 systems. Required to install and run vpsAdminOS on 64bit x86 systems with 32bit (U)EFI.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.fsIdentifier

Determines how GRUB will identify devices when generating the configuration file. A value of uuid / label signifies that grub will always resolve the uuid or label of the device before using it in the configuration. A value of provided means that GRUB will use the device name as show in df or mount. Note, zfs zpools / datasets are ignored and will always be mounted using their labels.

Type: one of "uuid", "label", "provided"

Default: "uuid"

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.gfxmodeBios

The gfxmode to pass to GRUB when loading a graphical boot interface under BIOS.

Type: string

Default: "1024x768"

Example: "auto"

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.gfxmodeEfi

The gfxmode to pass to GRUB when loading a graphical boot interface under EFI.

Type: string

Default: "auto"

Example: "1024x768"

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.gfxpayloadBios

The gfxpayload to pass to GRUB when loading a graphical boot interface under BIOS.

Type: string

Default: "text"

Example: "keep"

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.gfxpayloadEfi

The gfxpayload to pass to GRUB when loading a graphical boot interface under EFI.

Type: string

Default: "keep"

Example: "text"

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.ipxe

Set of iPXE scripts available for booting from the GRUB boot menu.

Type: attribute set of (path or string)

Default: { }

Example:

{ demo = ''
    #!ipxe
    dhcp
    chain http://boot.ipxe.org/demo/boot.php
  '';
}

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/ipxe.nix>
boot.loader.grub.mirroredBoots

Mirror the boot configuration to multiple partitions and install grub to the respective devices corresponding to those partitions.

Type: list of (submodule)

Default: [ ]

Example: [ { devices = [ "/dev/disk/by-id/wwn-0x500001234567890a" ] ; path = "/boot1"; } { devices = [ "/dev/disk/by-id/wwn-0x500009876543210a" ] ; path = "/boot2"; } ]

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.mirroredBoots.*.devices

The path to the devices which will have the GRUB MBR written. Note these are typically device paths and not paths to partitions.

Type: list of string

Default: [ ]

Example: [ "/dev/disk/by-id/wwn-0x500001234567890a" "/dev/disk/by-id/wwn-0x500009876543210a" ]

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.mirroredBoots.*.efiBootloaderId

The id of the bootloader to store in efi nvram. The default is to name it vpsAdminOS and append the path or efiSysMountPoint. This is only used if boot.loader.efi.canTouchEfiVariables is true.

Type: null or string

Default: null

Example: "vpsAdminOS-fsid"

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.mirroredBoots.*.efiSysMountPoint

The path to the efi system mount point. Usually this is the same partition as the above path and can be left as null.

Type: null or string

Default: null

Example: "/boot1/efi"

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.mirroredBoots.*.path

The path to the boot directory where GRUB will be written. Generally this boot path should double as an EFI path.

Type: string

Example: "/boot1"

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.splashImage

Background image used for GRUB. Set to null to run GRUB in text mode.

Note

For grub 1: It must be a 640x480, 14-colour image in XPM format, optionally compressed with gzip or bzip2.

Note

For grub 2: File must be one of .png, .tga, .jpg, or .jpeg. JPEG images must not be progressive. The image will be scaled if necessary to fit the screen.

Type: null or path

Example: ./my-background.png

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.splashMode

Whether to stretch the image or show the image in the top-left corner unstretched.

Note

This options has no effect for GRUB 1.

Type: one of "normal", "stretch"

Default: "stretch"

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.storePath

Path to the Nix store when looking for kernels at boot. Only makes sense when copyKernels is false.

Type: string

Default: "/nix/store"

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.theme

Grub theme to be used.

Note

This options has no effect for GRUB 1.

Type: null or path

Default: null

Example: pkgs.nixos-grub2-theme

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.trustedBoot.enable

Enable trusted boot. GRUB will measure all critical components during the boot process to offer TCG (TPM) support.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.trustedBoot.isHPLaptop

Use a special version of TrustedGRUB that is needed by some HP laptops and works only for the HP laptops.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.trustedBoot.systemHasTPM

Assertion that the target system has an activated TPM. It is a safety check before allowing the activation of 'trustedBoot.enable'. TrustedBoot WILL FAIL TO BOOT YOUR SYSTEM if no TPM is available.

Type: string

Default: ""

Example: "YES_TPM_is_activated"

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.useOSProber

If set to true, append entries for other OSs detected by os-prober.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.users

User accounts for GRUB. When specified, the GRUB command line and all boot options except the default are password-protected. All passwords and hashes provided will be stored in /boot/grub/grub.cfg, and will be visible to any local user who can read this file. Additionally, any passwords and hashes provided directly in a Nix configuration (as opposed to external files) will be copied into the Nix store, and will be visible to all local users.

Type: attribute set of (submodule)

Default: { }

Example: { root = { hashedPasswordFile = "/path/to/file"; } ; }

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.users.<name>.hashedPassword

Specifies the password hash for the account, generated with grub-mkpasswd-pbkdf2. This hash will be copied to the Nix store, and will be visible to all local users.

Type: null or string

Default: null

Example: "grub.pbkdf2.sha512.10000.674DFFDEF76E13EA...2CC972B102CF4355"

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.users.<name>.hashedPasswordFile

Specifies the path to a file containing the password hash for the account, generated with grub-mkpasswd-pbkdf2. This hash will be stored in /boot/grub/grub.cfg, and will be visible to any local user who can read this file.

Type: null or string

Default: null

Example: "/path/to/file"

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.users.<name>.password

Specifies the clear text password for the account. This password will be copied to the Nix store, and will be visible to all local users.

Type: null or string

Default: null

Example: "Pa$$w0rd!"

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.users.<name>.passwordFile

Specifies the path to a file containing the clear text password for the account. This password will be stored in /boot/grub/grub.cfg, and will be visible to any local user who can read this file.

Type: null or string

Default: null

Example: "/path/to/file"

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.version

The version of GRUB to use: 1 for GRUB Legacy (versions 0.9x), or 2 (the default) for GRUB 2.

Type: signed integer

Default: 2

Example: 1

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.zfsSupport

Whether GRUB should be built against libzfs. ZFS support is only available for GRUB v2. This option is ignored for GRUB v1.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/system/boot/loader/grub/grub.nix>
boot.loader.timeout

Type: null or signed integer

Default: 5

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/loader.nix>
boot.modprobeConfig.enable

Type: boolean

Default: true

Example: true

Declared by:

<nixpkgs/nixos/modules/system/boot/modprobe.nix>
boot.postBootCommands

Shell commands to be executed just before runit is started.

Type: strings concatenated with "\n"

Default: ""

Example: "rm -f /var/log/messages"

Declared by:

<vpsadminos/os/modules/system/boot/stage-2.nix>
boot.predefinedFailAction

Action to take automatically if stage-1 fails. n - create new pool (may also erase disks and run partitioning if configured) i - interactive shell r - reboot * - ignore Useful for unattended installations and testing.

Type: one of "", "n", "i", "r", "*"

Default: ""

Declared by:

<vpsadminos/os/modules/system/activation/top-level.nix>
boot.procHidePid

mount proc with hidepid=2

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/system/boot/stage-2.nix>
boot.qemu.enable

QEMU runner

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/system/boot/qemu.nix>
boot.qemu.disks

Disks available within the VM

Type: list of (submodule)

Default: [ { create = true; device = "sda.img"; size = "8G"; type = "file"; } ]

Declared by:

<vpsadminos/os/modules/system/boot/qemu.nix>
boot.qemu.disks.*.create

Create the device if it does not exist. Applicable only for file-backed devices.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/system/boot/qemu.nix>
boot.qemu.disks.*.device

Path to the disk device

Type: string

Declared by:

<vpsadminos/os/modules/system/boot/qemu.nix>
boot.qemu.disks.*.size

Device size

Type: string

Default: ""

Declared by:

<vpsadminos/os/modules/system/boot/qemu.nix>
boot.qemu.disks.*.type

Device type

Type: one of "file", "blockdev"

Declared by:

<vpsadminos/os/modules/system/boot/qemu.nix>
boot.runSize

Type: string

Default: "25%"

Example: "256m"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.specialFileSystems.<name>.depends

Type: list of string (with check: non-empty without trailing slash)

Default: [ ]

Example: [ "/persist" ]

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.specialFileSystems.<name>.device

Type: null or string (with check: non-empty)

Default: null

Example: "/dev/sda"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.specialFileSystems.<name>.fsType

Type: string (with check: non-empty)

Default: "auto"

Example: "ext3"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.specialFileSystems.<name>.mountPoint

Type: string (with check: non-empty without trailing slash)

Example: "/mnt/usb"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.specialFileSystems.<name>.options

Type: list of string (with check: non-empty)

Default: [ "defaults" ]

Example: [ "data=journal" ]

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.supportedFilesystems

Type: list of string

Default: [ ]

Example: [ "btrfs" ]

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.vesa

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.zfs.devNodes

Directories used to search disk devices. This should be a path under /dev containing stable names for all devices needed, as import may fail if device nodes are renamed concurrently with a device failing.

Type: list of string

Default: [ "/dev/disk/by-id" ]

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.forceImportRoot

Forcibly import the ZFS root pool(s) during early boot.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.moduleParams

Type: submodule

Default: { }

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.moduleParams.spl

spl module load time options

Type: attribute set of (module option value)

Default: { }

Example:

{ "spl_taskq_thread_priority" = true; "spl_taskq_thread_sequential" = 2; }

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.moduleParams.zfs

zfs module load time options

Type: attribute set of (module option value)

Default: { }

Example:

{ "zfs_arc_min" = 1073741824; }

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools

Type: attribute set of (submodule)

Default: { }

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.cache

Devices used for secondary read cache (L2ARC).

Type: list of string

Default: [ ]

Example: [ "sde2" "sdf2" ]

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.datasets

Declaratively create ZFS file systems or volumes and configure properties. Dataset names are relative to the pool and optionally may start with a slash. Configured properties are passed directly to ZFS, see man zfs(8) for more information. No dataset is ever destroyed and properties removed from the configuration are not unset once deployed. To reset a property, set its value to `inherit`.

Type: attribute set of (submodule)

Default: { / = { properties = { xattr = { _type = "override"; content = "sa"; priority = 1000; } ; } ; } ; }

Example: { / = { properties = { sharenfs = "on"; } ; } ; data = { properties = { quota = "100G"; } ; } ; volume = { properties = { volsize = "50G"; } ; type = "volume"; } ; }

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.datasets.<name>.properties

ZFS properties, see man zfs(8).

Type: attribute set

Default: { }

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.datasets.<name>.type

Dataset type

Type: one of "filesystem", "volume"

Default: "filesystem"

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.doCreate

Determines whether disks are partitioned and zpool is created when the pool cannot be imported, suggesting it does not exist. Do not enable this in production, existing pools might fail to import for unforeseen reasons and recreating them will result in data loss.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.guid

Pool ID used for importing.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.importAttempts

Number of attempts to cleanly import the pool with all devices present. After the attempts are spent, even a degraded pool will be imported. If the pool still can't be imported, the service will either fail or create the pool if option boot.zfs.pools.<name>.doCreate is enabled.

Type: 3 or more

Default: 60

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.install

Import the pool into osctld to be used for containers.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.layout

Pool layout to pass to zpool create. The pool can be created either manually using script do-create-pool-<pool> or automatically when boot.zfs.pools.<pool>.doCreate is set and the pool cannot be imported.

Type: list of (submodule)

Default: [ ]

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.layout.*.devices

List of device names.

Type: list of string

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.layout.*.type

Virtual device type, see man zpool(8) for more information.

Type: one of "stripe", "mirror", "raidz", "raidz1", "raidz2", "raidz3"

Default: "stripe"

Example: "mirror"

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.log

Devices used for ZFS Intent Log (ZIL).

Type: list of (submodule)

Default: [ ]

Example: { devices = [ "sde1" "sdf1" ] ; mirror = true; }

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.log.*.devices

List of device names.

Type: list of string

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.log.*.mirror

Determines whether the log devices will be mirrored or not.

Type: boolean

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.partition

Partition disks This creates a sfdisk input for simple partitioning, X in 'pX' means partition number. If sizeGB is not specified the rest of the dist will be used for this partition.

Type: attribute set of attribute set of (submodule)

Default: { }

Example: { sde = { p1 = { sizeGB = 20; } ; p2 = { sizeGB = 10; type = "fd"; } ; p3 = { } ; } ; }

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.partition.<name>.<name>.sizeGB

Partition size in gigabytes

Type: null or positive integer, meaning >0

Default: null

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.partition.<name>.<name>.type

Partition type (list with `sfdisk -T`)

Type: value "fd" (singular enum)

Default: "fd"

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.properties

zpool properties, see man zpool(8) for more information.

Type: attribute set

Default: { }

Example: { readonly = "on"; }

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.scrub.enable

Enables periodic scrubbing

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.scrub.pauseCommand

Optionally override the auto-generated command used to pause scrub of the pool. Defaults to scrubctl pause <pool>.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.scrub.pauseIntervals

Date and time expression for when to pause a running scrub in a crontab format, i.e. minute, hour, day of month, month and day of month separated by spaces.

Type: list of string

Default: [ ]

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.scrub.resumeCommand

Optionally override the auto-generated command used to resume scrub of the pool. Defaults to scrubctl resume <pool>.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.scrub.resumeIntervals

Date and time expression for when to resume a paused scrub in a crontab format, i.e. minute, hour, day of month, month and day of month separated by spaces.

Type: list of string

Default: [ ]

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.scrub.startCommand

Optionally override the auto-generated command used to scrub the pool. Defaults to scrubctl start <pool>.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.scrub.startIntervals

Date and time expression for when to scrub the pool in a crontab format, i.e. minute, hour, day of month, month and day of month separated by spaces.

Type: list of string

Default: [ ]

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.share

Determines whether ZFS filesystems with sharenfs set should be exported. When set to always, zfs share is run every time the service is started. When set to once, filesystems are exported only once for this pool, e.g. when the service is restarted on upgrade, filesystems are not reexported. off disables automated exporting completely.

Type: one of "always", "once", "off"

Default: "always"

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.spare

List of devices to be used as hot spares.

Type: list of string

Default: [ ]

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfs.pools.<name>.wipe

Wipe disks prior to disk partitioning and pool creation (dangerous!). Uses dd to erase first and last 1024 sectors of the device.

Type: list of string

Default: [ ]

Example: [ "sda" "sdb" ]

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
boot.zfsUserPackage

TODO

Type: package

Default: (build of zfs-user-2.0-vpsadminos)

Declared by:

<vpsadminos/os/modules/config/kernel.nix>
environment.enableDebugInfo

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/debug-info.nix>
environment.etc

Type: attribute set of (submodule)

Default: { }

Example:

{ example-configuration-file =
    { source = "/nix/store/.../etc/dir/file.conf.example";
      mode = "0440";
    };
  "default/useradd".text = "GROUP=100 ...";
}

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name>.enable

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name>.gid

Type: signed integer

Default: 0

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name>.group

Type: string

Default: "+0"

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name>.mode

Type: string

Default: "symlink"

Example: "0600"

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name>.source

Type: path

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name>.target

Type: string

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name>.text

Type: null or strings concatenated with "\n"

Default: null

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name>.uid

Type: signed integer

Default: 0

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name>.user

Type: string

Default: "+0"

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.extraInit

Type: strings concatenated with "\n"

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.extraOutputsToInstall

List of additional package outputs to be symlinked into /run/current-system/sw.

Type: list of string

Default: [ ]

Example: [ "doc" "info" "docdev" ]

Declared by:

<vpsadminos/os/modules/config/system-path.nix>
environment.homeBinInPath

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.interactiveShellInit

Type: strings concatenated with "\n"

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.localBinInPath

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.loginShellInit

Type: strings concatenated with "\n"

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.pathsToLink

List of directories to be symlinked in /run/current-system/sw.

Type: list of string

Default: [ ]

Example: [ "/" ]

Declared by:

<vpsadminos/os/modules/config/system-path.nix>
environment.profileRelativeEnvVars

Type: attribute set of list of string

Example: { MANPATH = [ "/man" "/share/man" ] ; PATH = [ "/bin" ] ; }

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.profileRelativeSessionVariables

Type: attribute set of list of string

Example: { MANPATH = [ "/man" "/share/man" ] ; PATH = [ "/bin" ] ; }

Declared by:

<nixpkgs/nixos/modules/config/system-environment.nix>
environment.profiles

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.sessionVariables

Type: attribute set of (string or list of string)

Default: { }

Declared by:

<nixpkgs/nixos/modules/config/system-environment.nix>
environment.shellAliases

Type: attribute set of (null or string or path)

Example: { l = null; ll = "ls -l"; }

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.shellInit

Type: strings concatenated with "\n"

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.shells

Type: list of (package or path)

Default: [ ]

Example: [ pkgs.bashInteractive pkgs.zsh ]

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.systemPackages

Type: list of package

Default: [ ]

Example: [ pkgs.firefox pkgs.thunderbird ]

Declared by:

<vpsadminos/os/modules/config/system-path.nix>
environment.variables

Type: attribute set of (string or list of string)

Default: { }

Example: { EDITOR = "nvim"; VISUAL = "nvim"; }

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
fileSystems

Type: attribute set of (submodule)

Default: { }

Example:

{
  "/".device = "/dev/hda1";
  "/data" = {
    device = "/dev/hda2";
    fsType = "ext3";
    options = [ "data=journal" ];
  };
  "/bigdisk".label = "bigdisk";
}

Declared by:

<vpsadminos/os/modules/system/boot/stage-1.nix>
<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name>.autoFormat

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name>.autoResize

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name>.depends

Type: list of string (with check: non-empty without trailing slash)

Default: [ ]

Example: [ "/persist" ]

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name>.device

Type: null or string (with check: non-empty)

Default: null

Example: "/dev/sda"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name>.formatOptions

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name>.fsType

Type: string (with check: non-empty)

Default: "auto"

Example: "ext3"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name>.label

Type: null or string (with check: non-empty)

Default: null

Example: "root-partition"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name>.mountPoint

Type: string (with check: non-empty without trailing slash)

Example: "/mnt/usb"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name>.neededForBoot

If set, this file system will be mounted in the initial ramdisk. By default, this applies to the root file system and to the file system containing /nix/store.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/system/boot/stage-1.nix>
fileSystems.<name>.noCheck

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name>.options

Type: list of string (with check: non-empty)

Default: [ "defaults" ]

Example: [ "data=journal" ]

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
hardware.enableAllFirmware

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/all-firmware.nix>
hardware.enableRedistributableFirmware

Type: boolean

Default: config.hardware.enableAllFirmware

Declared by:

<nixpkgs/nixos/modules/hardware/all-firmware.nix>
hardware.firmware

Type: list of package

Default: [ ]

Declared by:

<vpsadminos/os/modules/services/hardware/eudev.nix>
hardware.wirelessRegulatoryDatabase

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/all-firmware.nix>
i18n.defaultLocale

Type: string

Default: "en_US.UTF-8"

Example: "nl_NL.UTF-8"

Declared by:

<nixpkgs/nixos/modules/config/i18n.nix>
i18n.extraLocaleSettings

Type: attribute set of string

Default: { }

Example: { LC_MESSAGES = "en_US.UTF-8"; LC_TIME = "de_DE.UTF-8"; }

Declared by:

<nixpkgs/nixos/modules/config/i18n.nix>
i18n.glibcLocales

Type: path

Default:

pkgs.glibcLocales.override {
  allLocales = any (x: x == "all") config.i18n.supportedLocales;
  locales = config.i18n.supportedLocales;
}

Example: pkgs.glibcLocales

Declared by:

<nixpkgs/nixos/modules/config/i18n.nix>
i18n.supportedLocales

Type: list of string

Default:

unique
  (builtins.map (l: (replaceStrings [ "utf8" "utf-8" "UTF8" ] [ "UTF-8" "UTF-8" "UTF-8" ] l) + "/UTF-8") (
    [
      "C.UTF-8"
      config.i18n.defaultLocale
    ] ++ (attrValues (filterAttrs (n: v: n != "LANGUAGE") config.i18n.extraLocaleSettings))
  ))

Example: [ "en_US.UTF-8/UTF-8" "nl_NL.UTF-8/UTF-8" "nl_NL/ISO-8859-1" ]

Declared by:

<nixpkgs/nixos/modules/config/i18n.nix>
krb5

Type: unspecified value

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
lib

Type: attribute set of (attribute set)

Default: { }

Declared by:

<nixpkgs/nixos/modules/misc/lib.nix>
location.latitude

Type: floating point number

Declared by:

<nixpkgs/nixos/modules/config/locale.nix>
location.longitude

Type: floating point number

Declared by:

<nixpkgs/nixos/modules/config/locale.nix>
location.provider

Type: one of "manual", "geoclue2"

Default: "manual"

Declared by:

<nixpkgs/nixos/modules/config/locale.nix>
manual.html.enable

Whether to install the HTML manual.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/misc/manual.nix>
manual.json.enable

Whether to install a JSON formatted list of all vpsAdminOS options. This can be located at <profile directory>/share/doc/vpsadminos/options.json, and may be used for navigating definitions, auto-completing, and other miscellaneous tasks.

Type: boolean

Default: false

Example: true

Declared by:

<vpsadminos/os/modules/misc/manual.nix>
manual.manpages.enable

Whether to install the configuration manual page. The manual can be reached by man configuration.nix.

Type: boolean

Default: true

Example: false

Declared by:

<vpsadminos/os/modules/misc/manual.nix>
networking.enableIPv6

Type: unspecified value

Default: true

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
networking.chronyd

use Chrony daemon for network time synchronization

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/services/networking/chronyd.nix>
networking.custom

Custom set of commands used to set-up networking

Type: strings concatenated with "\n"

Default: ""

Example:

''

          ip addr add 10.0.0.1 dev ix0
          ip link set ix0 up
        ''

Declared by:

<vpsadminos/os/modules/tasks/network-interfaces.nix>
networking.dhcp

use DHCP to obtain IP

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/tasks/network-interfaces.nix>
networking.dhcpd

Whether to enable Enable dhcpd for lxc containers.

Type: boolean

Default: false

Example: true

Declared by:

<vpsadminos/os/modules/services/networking/dhcpd.nix>
networking.domain

The domain. It can be left empty if it is auto-detected through DHCP.

Type: null or string

Default: null

Example: "home"

Declared by:

<vpsadminos/os/modules/tasks/network-interfaces.nix>
networking.extraHosts

Additional verbatim entries to be appended to /etc/hosts.

Type: strings concatenated with "\n"

Default: ""

Example: "192.168.0.1 lanlocalhost"

Declared by:

<vpsadminos/os/modules/tasks/network-interfaces.nix>
networking.firewall.enable

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.package

Type: package

Default: pkgs.iptables

Example: pkgs.iptables-legacy

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.allowPing

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.allowedTCPPortRanges

Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ ]

Example: [ { from = 8999; to = 9003; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.allowedTCPPorts

Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ ]

Example: [ 22 80 ]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.allowedUDPPortRanges

Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ ]

Example: [ { from = 60000; to = 61000; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.allowedUDPPorts

Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ ]

Example: [ 53 ]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.autoLoadConntrackHelpers

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.checkReversePath

Type: boolean or one of "strict", "loose"

Default: { _type = "literalMD"; text = "`true` if supported by the chosen kernel"; }

Example: "loose"

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.connectionTrackingModules

Type: list of string

Default: [ ]

Example: [ "ftp" "irc" "sane" "sip" "tftp" "amanda" "h323" "netbios_sn" "pptp" "snmp" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.extraCommands

Type: strings concatenated with "\n"

Default: ""

Example: "iptables -A INPUT -p icmp -j ACCEPT"

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.extraPackages

Type: list of package

Default: [ ]

Example: [ pkgs.ipset ]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.extraStopCommands

Type: strings concatenated with "\n"

Default: ""

Example: "iptables -P INPUT ACCEPT"

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.interfaces

Type: attribute set of (submodule)

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.interfaces.<name>.allowedTCPPortRanges

Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ ]

Example: [ { from = 8999; to = 9003; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.interfaces.<name>.allowedTCPPorts

Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ ]

Example: [ 22 80 ]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.interfaces.<name>.allowedUDPPortRanges

Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ ]

Example: [ { from = 60000; to = 61000; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.interfaces.<name>.allowedUDPPorts

Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ ]

Example: [ 53 ]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.logRefusedConnections

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.logRefusedPackets

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.logRefusedUnicastsOnly

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.logReversePathDrops

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.pingLimit

Type: null or strings concatenated with " "

Default: null

Example: "--limit 1/minute --limit-burst 5"

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.rejectPackets

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.trustedInterfaces

Type: list of string

Default: [ ]

Example: [ "enp0s2" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.hostId

Type: unspecified value

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
networking.hostName

machine hostname

Type: string

Default: "default"

Declared by:

<vpsadminos/os/modules/tasks/network-interfaces.nix>
networking.hosts

Locally defined maps of hostnames to IP addresses.

Type: attribute set of list of string

Default: { }

Example:

{
  "127.0.0.1" = [ "foo.bar.baz" ];
  "192.168.0.2" = [ "fileserver.local" "nameserver.local" ];
};

Declared by:

<vpsadminos/os/modules/tasks/network-interfaces.nix>
networking.lxcbr

create lxc bridge interface

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/tasks/network-interfaces.nix>
networking.nameservers

The list of nameservers. It can be left empty if it is auto-detected through DHCP.

Type: list of string

Default: [ ]

Example: [ "208.67.222.222" "208.67.220.220" ]

Declared by:

<vpsadminos/os/modules/tasks/network-interfaces.nix>
networking.nat

enable NAT for containers

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/tasks/network-interfaces.nix>
networking.preConfig

Set of commands run prior to any other network configuration

Type: strings concatenated with "\n"

Default: ""

Declared by:

<vpsadminos/os/modules/tasks/network-interfaces.nix>
networking.search

The list of search paths used when resolving domain names.

Type: list of string

Default: [ ]

Example: [ "example.com" "local.domain" ]

Declared by:

<vpsadminos/os/modules/tasks/network-interfaces.nix>
networking.static.enable

use static networking configuration

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/tasks/network-interfaces.nix>
networking.static.gw

gateway IP address for static networking configuration

Type: string

Default: "10.0.2.2"

Declared by:

<vpsadminos/os/modules/tasks/network-interfaces.nix>
networking.static.interface

interface for static networking configuration

Type: string

Default: "eth0"

Declared by:

<vpsadminos/os/modules/tasks/network-interfaces.nix>
networking.static.ip

IP address for static networking configuration

Type: string

Default: "10.0.2.15"

Declared by:

<vpsadminos/os/modules/tasks/network-interfaces.nix>
networking.static.route

route

Type: string

Default: "10.0.2.0/24"

Declared by:

<vpsadminos/os/modules/tasks/network-interfaces.nix>
networking.timeServers

The set of NTP servers from which to synchronise.

Type: unspecified value

Default: [ "0.nixos.pool.ntp.org" "1.nixos.pool.ntp.org" "2.nixos.pool.ntp.org" "3.nixos.pool.ntp.org" ]

Declared by:

<vpsadminos/os/modules/services/networking/chronyd.nix>
networking.useDHCP

Alias of networking.dhcp.

Type: boolean

Declared by:

<vpsadminos/os/modules/rename.nix>
networking.waitOnline.http.urls

A list URLs which are queried. We are online when any one of these sends a HTTP response.

Type: list of string

Default: [ "http://1.1.1.1" "http://vpsadminos.org" ]

Declared by:

<vpsadminos/os/modules/tasks/network-interfaces.nix>
networking.waitOnline.method

Which method to use to check network connectivity

Type: one of "ping", "http"

Default: "ping"

Declared by:

<vpsadminos/os/modules/tasks/network-interfaces.nix>
networking.waitOnline.ping.hosts

A list of hosts which are pinged. We are online when any one of these pongs back.

Type: list of string

Default: [ "8.8.8.8" "1.1.1.1" ]

Declared by:

<vpsadminos/os/modules/tasks/network-interfaces.nix>
nix.enable

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.package

Type: package

Default: pkgs.nix

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.buildMachines

Type: list of (submodule)

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.buildMachines.*.hostName

Type: string

Example: "nixbuilder.example.org"

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.buildMachines.*.mandatoryFeatures

Type: list of string

Default: [ ]

Example: [ "big-parallel" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.buildMachines.*.maxJobs

Type: signed integer

Default: 1

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.buildMachines.*.protocol

Type: one of <null>, "ssh", "ssh-ng"

Default: "ssh"

Example: "ssh-ng"

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.buildMachines.*.publicHostKey

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.buildMachines.*.speedFactor

Type: signed integer

Default: 1

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.buildMachines.*.sshKey

Type: null or string

Default: null

Example: "/root/.ssh/id_buildhost_builduser"

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.buildMachines.*.sshUser

Type: null or string

Default: null

Example: "builder"

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.buildMachines.*.supportedFeatures

Type: list of string

Default: [ ]

Example: [ "kvm" "big-parallel" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.buildMachines.*.system

Type: null or string

Default: null

Example: "x86_64-linux"

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.buildMachines.*.systems

Type: list of string

Default: [ ]

Example: [ "x86_64-linux" "aarch64-linux" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.checkAllErrors

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.checkConfig

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.daemon.enable

Whether to enable Enable nix daemon.

Type: boolean

Default: false

Example: true

Declared by:

<vpsadminos/os/modules/services/misc/nix-daemon.nix>
nix.daemonCPUSchedPolicy

Type: one of "other", "batch", "idle"

Default: "other"

Example: "batch"

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.daemonIOSchedClass

Type: one of "best-effort", "idle"

Default: "best-effort"

Example: "idle"

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.daemonIOSchedPriority

Type: signed integer

Default: 4

Example: 1

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.distributedBuilds

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.extraOptions

Type: strings concatenated with "\n"

Default: ""

Example:

''
keep-outputs = true
keep-derivations = true
''

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.nixPath

Type: list of string

Default: [ "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos" "nixos-config=/etc/nixos/configuration.nix" "/nix/var/nix/profiles/per-user/root/channels" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.nrBuildUsers

Type: signed integer

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.readOnlyStore

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.registry

Type: attribute set of (submodule)

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.registry.<name>.exact

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.registry.<name>.flake

Type: null or (attribute set)

Default: null

Example: nixpkgs

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.registry.<name>.from

Type: attribute set of (string or signed integer or boolean or path or package)

Example: { id = "nixpkgs"; type = "indirect"; }

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.registry.<name>.to

Type: attribute set of (string or signed integer or boolean or path or package)

Example: { owner = "my-org"; repo = "my-nixpkgs"; type = "github"; }

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.settings

Type: attribute set of (Nix config atom (null, bool, int, float, str, path or package) or list of (Nix config atom (null, bool, int, float, str, path or package)))

Default: { }

Example:

{
  use-sandbox = true;
  show-trace = true;

  system-features = [ "big-parallel" "kvm" "recursive-nix" ];
  sandbox-paths = { "/bin/sh" = "${pkgs.busybox-sandbox-shell.out}/bin/busybox"; };
}

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.settings.allowed-users

Type: list of string

Default: [ "*" ]

Example: [ "@wheel" "@builders" "alice" "bob" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.settings.auto-optimise-store

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.settings.cores

Type: signed integer

Default: 0

Example: 64

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.settings.extra-sandbox-paths

Type: list of string

Default: [ ]

Example: [ "/dev" "/proc" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.settings.max-jobs

Type: signed integer or value "auto" (singular enum)

Default: "auto"

Example: 64

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.settings.require-sigs

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.settings.sandbox

Type: boolean or value "relaxed" (singular enum)

Default: true

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.settings.substituters

Type: list of string

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.settings.system-features

Type: list of string

Example: [ "kvm" "big-parallel" "gccarch-skylake" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.settings.trusted-public-keys

Type: list of string

Example: [ "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.settings.trusted-substituters

Type: list of string

Default: [ ]

Example: [ "https://hydra.nixos.org/" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.settings.trusted-users

Type: list of string

Default: [ "root" ]

Example: [ "root" "alice" "@wheel" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nixpkgs.buildPlatform

Type: string or (attribute set)

Default: config.nixpkgs.hostPlatform

Example: { config = "x86_64-unknown-linux-gnu"; system = "x86_64-linux"; }

Declared by:

<nixpkgs/nixos/modules/misc/nixpkgs.nix>
nixpkgs.config

Type: nixpkgs config

Default: { }

Example:

{ allowBroken = true; allowUnfree = true; }

Declared by:

<nixpkgs/nixos/modules/misc/nixpkgs.nix>
nixpkgs.crossSystem

Type: null or (attribute set)

Default: null

Example: { config = "aarch64-unknown-linux-gnu"; system = "aarch64-linux"; }

Declared by:

<nixpkgs/nixos/modules/misc/nixpkgs.nix>
nixpkgs.hostPlatform

Type: string or (attribute set)

Default: (import "${nixos}/../lib").lib.systems.examples.aarch64-multiplatform

Example: { config = "aarch64-unknown-linux-gnu"; system = "aarch64-linux"; }

Declared by:

<nixpkgs/nixos/modules/misc/nixpkgs.nix>
nixpkgs.localSystem

Type: attribute set

Default: (import "${nixos}/../lib").lib.systems.examples.aarch64-multiplatform

Example: { config = "aarch64-unknown-linux-gnu"; system = "aarch64-linux"; }

Declared by:

<nixpkgs/nixos/modules/misc/nixpkgs.nix>
nixpkgs.overlays

Type: list of (nixpkgs overlay)

Default: [ ]

Example:

[
  (self: super: {
    openssh = super.openssh.override {
      hpnSupport = true;
      kerberos = self.libkrb5;
    };
  })
]

Declared by:

<nixpkgs/nixos/modules/misc/nixpkgs.nix>
nixpkgs.pkgs

Type: An evaluation of Nixpkgs; the top level attribute set of packages

Default:

import "${nixos}/.." {
  inherit (cfg) config overlays localSystem crossSystem;
}

Example: import <nixpkgs> {}

Declared by:

<nixpkgs/nixos/modules/misc/nixpkgs.nix>
nixpkgs.system

Type: string

Default: { _type = "literalMD"; text = "Traditionally `builtins.currentSystem`, but unset when invoking NixOS through `lib.nixosSystem`.\n"; }

Example: "i686-linux"

Declared by:

<nixpkgs/nixos/modules/misc/nixpkgs.nix>
os.channel-registration.enable

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/installer/cd-dvd/channel.nix>
osctl.exporter.enable

Enable osctl-exporter.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/osctl/osctl-exporter.nix>
osctl.exporter.listenAddress

Address to listen on.

Type: string

Default: "0.0.0.0"

Declared by:

<vpsadminos/os/modules/osctl/osctl-exporter.nix>
osctl.exporter.port

Port to listen on.

Type: signed integer

Default: 9101

Declared by:

<vpsadminos/os/modules/osctl/osctl-exporter.nix>
osctl.exportfs.enable

Enable osctl-exportfs integration.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/osctl/osctl-exportfs.nix>
osctl.pools

osctl pools to configure

Type: attribute set of (submodule)

Default: { }

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers

osctl containers to include

Type: attribute set of (submodule)

Default: { }

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.arch

Architecture of the distribution to install, must be compatible with the host's architecture.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.autostart

Autostart options See also https://vpsadminos.org/containers/auto-starting/

Type: null or (submodule)

Default: null

Example: { delay = 5; enable = true; priority = 1000; }

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.autostart.enable

Whether to enable Enable container autostart.

Type: boolean

Default: false

Example: true

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.autostart.delay

Autostart delay

Type: positive integer, meaning >0

Default: 5

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.autostart.priority

Autostart priority

Type: positive integer, meaning >0

Default: 1000

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.cgparams

CGroup parameters See also https://vpsadminos.org/containers/resources/

Type: list of (submodule)

Default: [ ]

Example: [ { name = "memory.limit_in_bytes"; subsystem = "memory"; value = "10G"; } ]

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.cgparams.*.name

CGroup parameter name

Type: string

Example: "memory.limit_in_bytes"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.cgparams.*.subsystem

CGroup subsystem name. If left empty, it is deduced from cgroup parameter name.

Type: string

Default: ""

Example: "memory"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.cgparams.*.value

CGroup parameter value

Type: string

Example: "10G"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.cgparams.*.version

CGroup parameter version

Type: one of 1, 2

Default: 1

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.config

A specification of the desired configuration of this container, as a NixOS module.

Type: Toplevel NixOS config

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.devices

Devices allowed in this group See also https://vpsadminos.org/containers/devices/

Type: list of (submodule)

Default: [ ]

Example: [ { major = 10; minor = 229; mode = "rw"; name = "/dev/fuse"; } ]

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.devices.*.major

Device major ID

Type: string

Example: "229"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.devices.*.minor

Device minor ID

Type: string

Example: "10"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.devices.*.mode

Device access mode. r for read, w for write and m for mknod.

Type: one of "r", "rw", "w", "m", "wm", "rm", "rwm"

Example: "rwm"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.devices.*.name

Device name

Type: string

Default: ""

Example: "/dev/fuse"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.devices.*.provide

Determines whether the device should be provided to descendant groups, i.e. whether they should inherit it.

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.devices.*.type

Device type

Type: one of "char", "block"

Example: "char"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.distribution

Name of the distribution to install.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.group

Name of an osctl group declared by osctl.groups that the container belongs to.

Type: string

Default: "/default"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.hooks.on-create

on-create hook is run in the host's namespace after the container was created and configured, but before it is started. The script hook's exit status is not evaluated.

Type: null or path

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.hooks.on-start

on-start is run in the host's namespace, after the container has been mounted and right before its init process is executed. If on-start exits with a non-zero status, the container's start is aborted.

Type: null or path

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.hooks.on-stop

on-stop is run in the host's namespace when the container enters state stopping. The hook's exit status is not evaluated.

Type: null or path

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.hooks.post-create

post-create hook is run in the host's namespace after the container was created, configured and started. The script hook's exit status is not evaluated.

Type: null or path

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.hooks.post-mount

post-mount is run in the container's mount namespace, after its rootfs and all LXC mount entries are mounted. The path to the container's runtime rootfs is in environment variable OSCTL_CT_ROOTFS_MOUNT. If post-mount exits with a non-zero status, the container's start is aborted.

Type: null or path

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.hooks.post-start

post-start is run in the host's namespace after the container entered state running. The container's init PID is passed in environment varible OSCTL_CT_INIT_PID. The script hook's exit status is not evaluated.

Type: null or path

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.hooks.post-stop

post-stop is run in the host's namespace when the container enters state stopped. The hook's exit status is not evaluated.

Type: null or path

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.hooks.pre-create

pre-create hook is run in the host's namespace before the container is created. If pre-create exits with status `1`, the creation attempt will be aborted and retried repeatedly, as the container's runit service restarts until the hook script exits with `0`. If pre-create exits with status `2`, the container will not be created and the runit service will not be automatically restarted.

Type: null or path

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.hooks.pre-mount

pre-mount is run in the container's mount namespace, before its rootfs is mounted. The path to the container's runtime rootfs is in environment variable OSCTL_CT_ROOTFS_MOUNT. If pre-mount exits with a non-zero status, the container's start is aborted.

Type: null or path

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.hooks.pre-start

pre-start hook is run in the host's namespace before the container is mounted. The container's cgroups have already been configured and distribution-support code has been run. If pre-start exits with a non-zero status, the container's start is aborted.

Type: null or path

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.hooks.pre-stop

pre-stop hook is run in the host's namespace when the container is being stopped using ct stop. If pre-stop exits with a non-zero exit status, the container will not be stopped. This hook is not called when the container is shutdown from the inside.

Type: null or path

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.hooks.veth-down

veth-down hook is run in the host's namespace when the veth pair is removed. Names of the removed veth interfaces are available in environment variables OSCTL_HOST_VETH and OSCTL_CT_VETH. The hook's exit status is not evaluated.

Type: null or path

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.hooks.veth-up

veth-up hook is run in the host's namespace when the veth pair is created. Names of created veth interfaces are available in environment variables OSCTL_HOST_VETH and OSCTL_CT_VETH. If veth-up exits with a non-zero status, the container's start is aborted.

Type: null or path

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.image.path

Path to container image.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.image.repository

Name of the remote repository the container image is searched in.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.interfaces

Network interface configuration See also https://vpsadminos.org/user-guide/networking/

Type: list of (submodule)

Default: [ ]

Example: [ { ipv4 = { addresses = [ { address = "10.0.0.1"; prefixLength = 16; } ] ; } ; link = "lxcbr0"; name = "eth0"; type = "bridge"; } { ipv4 = { addresses = [ { address = "172.17.66.66"; prefixLength = 32; } ] ; } ; ipv6 = { addresses = [ { address = "2a03:3b40:7:667::1"; prefixLength = 64; } ] ; } ; name = "eth1"; type = "routed"; } ]

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.interfaces.*.dhcp

Determines whether the interface is configured using DHCP client within the container, (type = "bridge" only)

Type: null or boolean

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.interfaces.*.hwaddr

Network interface hardware address

Type: string

Default: ""

Example: "52:54:00:2d:09:26"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.interfaces.*.ipv4.addresses

List of IPv4 addresses that will be statically assigned to the interface.

Type: list of (submodule)

Default: [ ]

Example: [ { address = "10.0.0.1"; prefixLength = 16; } { address = "192.168.1.1"; prefixLength = 24; } ]

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.interfaces.*.ipv4.addresses.*.address

IPv4 address.

Type: string

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.interfaces.*.ipv4.addresses.*.prefixLength

Subnet mask of the address, specified as the number of bits in the prefix (24).

Type: signed integer

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.interfaces.*.ipv4.gateway

IPv4 gateway for statically configured bridged interfaces. Set to auto to use the primary address from the linked interface, none to do not set any gateway or an IPv4 address. (type = "bridge" only)

Type: string

Default: "auto"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.interfaces.*.ipv4.routes

List of IPv4 addresses that will be routed to the interface.

Type: list of (submodule)

Default: [ ]

Example: [ { address = "10.0.0.0"; prefixLength = 16; } { address = "192.168.1.0"; prefixLength = 24; } ]

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.interfaces.*.ipv4.routes.*.address

IPv4 address.

Type: string

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.interfaces.*.ipv4.routes.*.prefixLength

Subnet mask of the address, specified as the number of bits in the prefix (24).

Type: signed integer

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.interfaces.*.ipv6.addresses

List of IPv6 addresses that will be statically assigned to the interface.

Type: list of (submodule)

Default: [ ]

Example: [ { address = "2a03:3b40:7:666::"; prefixLength = 64; } ]

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.interfaces.*.ipv6.addresses.*.address

IPv6 address.

Type: string

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.interfaces.*.ipv6.addresses.*.prefixLength

Subnet mask of the address, specified as the number of bits in the prefix (64).

Type: signed integer

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.interfaces.*.ipv6.gateway

IPv6 gateway for statically configured bridged interfaces. Set to auto to use the primary address from the linked interface, none to do not set any gateway or an IPv6 address. (type = "bridge" only)

Type: string

Default: "auto"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.interfaces.*.ipv6.routes

List of IPv6 addresses that will be routed to the interface.

Type: list of (submodule)

Default: [ ]

Example: [ { address = "2a03:3b40:7:666::"; prefixLength = 64; } ]

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.interfaces.*.ipv6.routes.*.address

IPv4 address.

Type: string

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.interfaces.*.ipv6.routes.*.prefixLength

Subnet mask of the address, specified as the number of bits in the prefix (24).

Type: signed integer

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.interfaces.*.link

Link this network interface to bridge (type = "bridge" only)

Type: string

Default: ""

Example: "lxcbr0"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.interfaces.*.name

Network interface name

Type: string

Example: "eth0"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.interfaces.*.type

Network interface type

Type: one of "bridge", "routed"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.mounts

Container mounts See also https://vpsadminos.org/user-guide/mounts/

Type: list of (submodule)

Default: [ ]

Example: [ { fs = "/var/shared"; mountpoint = "/mnt"; } ]

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.mounts.*.automount

Mount automatically

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.mounts.*.dataset

Relative path to containers dataset

Type: null or string

Default: null

Example: "subdataset"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.mounts.*.fs

Filesystem mountpoint (host side)

Type: string

Default: ""

Example: "/var/shared"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.mounts.*.mountpoint

Filesystem mountpoint (container side)

Type: string

Example: "/mnt"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.mounts.*.opts

Mount options

Type: string

Default: "bind,create=dir,rw"

Example: "bind,create=dir,rw"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.mounts.*.type

Mount type

Type: value "bind" (singular enum)

Default: "bind"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.nesting

Whether to enable Enable container nesting.

Type: boolean

Default: false

Example: true

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.path

As an alternative to specifying config, you can specify the path to the evaluated NixOS system configuration, typically a symlink to a system profile.

Type: path

Example: "/nix/var/nix/profiles/containers/webserver"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.as

Process resource limit, see man prlimit(2) and https://vpsadminos.org/containers/resources/#process-resource-limits

Type: null or (submodule)

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.as.hard

Hard limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.as.soft

Soft limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.core

Process resource limit, see man prlimit(2) and https://vpsadminos.org/containers/resources/#process-resource-limits

Type: null or (submodule)

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.core.hard

Hard limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.core.soft

Soft limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.cpu

Process resource limit, see man prlimit(2) and https://vpsadminos.org/containers/resources/#process-resource-limits

Type: null or (submodule)

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.cpu.hard

Hard limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.cpu.soft

Soft limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.data

Process resource limit, see man prlimit(2) and https://vpsadminos.org/containers/resources/#process-resource-limits

Type: null or (submodule)

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.data.hard

Hard limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.data.soft

Soft limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.fsize

Process resource limit, see man prlimit(2) and https://vpsadminos.org/containers/resources/#process-resource-limits

Type: null or (submodule)

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.fsize.hard

Hard limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.fsize.soft

Soft limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.memlock

Process resource limit, see man prlimit(2) and https://vpsadminos.org/containers/resources/#process-resource-limits

Type: null or (submodule)

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.memlock.hard

Hard limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.memlock.soft

Soft limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.msgqueue

Process resource limit, see man prlimit(2) and https://vpsadminos.org/containers/resources/#process-resource-limits

Type: null or (submodule)

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.msgqueue.hard

Hard limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.msgqueue.soft

Soft limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.nice

Process resource limit, see man prlimit(2) and https://vpsadminos.org/containers/resources/#process-resource-limits

Type: null or (submodule)

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.nice.hard

Hard limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.nice.soft

Soft limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.nofile

Process resource limit, see man prlimit(2) and https://vpsadminos.org/containers/resources/#process-resource-limits

Type: null or (submodule)

Default: { hard = 1048576; soft = 1024; }

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.nofile.hard

Hard limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.nofile.soft

Soft limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.nproc

Process resource limit, see man prlimit(2) and https://vpsadminos.org/containers/resources/#process-resource-limits

Type: null or (submodule)

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.nproc.hard

Hard limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.nproc.soft

Soft limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.rss

Process resource limit, see man prlimit(2) and https://vpsadminos.org/containers/resources/#process-resource-limits

Type: null or (submodule)

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.rss.hard

Hard limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.rss.soft

Soft limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.rtprio

Process resource limit, see man prlimit(2) and https://vpsadminos.org/containers/resources/#process-resource-limits

Type: null or (submodule)

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.rtprio.hard

Hard limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.rtprio.soft

Soft limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.rttime

Process resource limit, see man prlimit(2) and https://vpsadminos.org/containers/resources/#process-resource-limits

Type: null or (submodule)

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.rttime.hard

Hard limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.rttime.soft

Soft limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.sigpending

Process resource limit, see man prlimit(2) and https://vpsadminos.org/containers/resources/#process-resource-limits

Type: null or (submodule)

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.sigpending.hard

Hard limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.sigpending.soft

Soft limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.stack

Process resource limit, see man prlimit(2) and https://vpsadminos.org/containers/resources/#process-resource-limits

Type: null or (submodule)

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.stack.hard

Hard limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.prlimits.stack.soft

Soft limit

Type: positive integer, meaning >0 or value "unlimited" (singular enum)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.resolvers

List of nameservers

Type: list of string

Default: [ ]

Example: [ "1.1.1.1" "10.0.0.1" ]

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.seccomp

Path to seccomp profile

Type: string

Default: ""

Example: "/run/osctl/configs/lxc/common.seccomp"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.startMenu

Start menu options

Type: null or (submodule)

Default: { enable = true; }

Example: { enable = true; timeout = 5; }

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.startMenu.enable

Whether to enable Enable container start menu.

Type: boolean

Default: false

Example: true

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.startMenu.timeout

Number of seconds before the system is automatically started

Type: positive integer, meaning >0

Default: 5

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.user

Name of an osctl user declared by osctl.users that the container belongs to. If not provided, a new user is created with its name matching the container ID. If such user already exists, it is used instead.

Type: null or string

Default: null

Example: "myuser01"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.variant

Template variant for use with osctl remote repositories.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.vendor

Template vendor for use with osctl remote repositories.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.containers.<name>.version

Version of the distribution to install.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.destroyMethod

If set to manual, the garbage collector has to be run manually for every pool by the user by calling script gc-sweep-‹pool. When set to auto, the garbage collector is run in the background by runit service gc-<pool>. Options osctl.pools.<pool>.pure and osctl.pools.<pool>.destroyUndeclared are honored in the automated mode. Destructive operations using the manual invocation have to be enabled using command-line options.

Type: one of "manual", "auto"

Default: "manual"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.destroyUndeclared

Determines whether declarative users, groups and containers removed from Nix configuration should be deleted from the system or not. When turned off, undeclared containers are stopped, but not destroyed. When enabled, undeclared containers, groups and users are destroyed. WARNING: enabling this option is dangerous, as it will irreversibly destroy containers that are not defined by the current system. For example, if you temporarily roll back the system for whatever reason, containers that were not declared in the older version will be destroyed.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.groups

osctl groups to include. In addition to groups defined by this options, there are always two groups present: / and /default.

Type: attribute set of (submodule)

Default: { }

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.groups.<name>.cgparams

CGroup parameters See also https://vpsadminos.org/containers/resources/

Type: list of (submodule)

Default: [ ]

Example: [ { name = "memory.limit_in_bytes"; subsystem = "memory"; value = "10G"; } ]

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.groups.<name>.cgparams.*.name

CGroup parameter name

Type: string

Example: "memory.limit_in_bytes"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.groups.<name>.cgparams.*.subsystem

CGroup subsystem name. If left empty, it is deduced from cgroup parameter name.

Type: string

Default: ""

Example: "memory"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.groups.<name>.cgparams.*.value

CGroup parameter value

Type: string

Example: "10G"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.groups.<name>.cgparams.*.version

CGroup parameter version

Type: one of 1, 2

Default: 1

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.groups.<name>.devices

Devices allowed in this group See also https://vpsadminos.org/containers/devices/

Type: list of (submodule)

Default: [ ]

Example: [ { major = 10; minor = 229; mode = "rw"; name = "/dev/fuse"; } ]

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.groups.<name>.devices.*.major

Device major ID

Type: string

Example: "229"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.groups.<name>.devices.*.minor

Device minor ID

Type: string

Example: "10"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.groups.<name>.devices.*.mode

Device access mode. r for read, w for write and m for mknod.

Type: one of "r", "rw", "w", "m", "wm", "rm", "rwm"

Example: "rwm"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.groups.<name>.devices.*.name

Device name

Type: string

Default: ""

Example: "/dev/fuse"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.groups.<name>.devices.*.provide

Determines whether the device should be provided to descendant groups, i.e. whether they should inherit it.

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.groups.<name>.devices.*.type

Device type

Type: one of "char", "block"

Example: "char"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.idRanges

ID ranges are used to track user/group ID allocations into user namespace maps. There is one default ID range on each pool, with the possibility of creating custom ID ranges. User namespace maps allocated from one ID range are guaranteed to be unique, i.e. no two containers can share the same user/group IDs, making them isolated. Created ID ranges cannot be declaratively modified. Delete them manually or using the garbage collector, then recreate them if changes are needed.

Type: attribute set of (submodule)

Default: { }

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.idRanges.<name>.blockCount

How many blocks from osctl.pools.<pool>.idRanges.<range>.startId should the range include. Defines the maximum number of user namespace maps that can be allocated from this range.

Type: unsigned integer, meaning >=0

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.idRanges.<name>.blockSize

Number of user/group IDs that make up the minimum allocation unit

Type: unsigned integer, meaning >=0

Default: 65536

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.idRanges.<name>.startId

The first user/group ID

Type: unsigned integer, meaning >=0

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.idRanges.<name>.table

Allocate blocks from the range. Allocated blocks removed from configuration will not be automatically freed.

Type: list of (submodule)

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.idRanges.<name>.table.*.count

Number of blocks to allocate

Type: unsigned integer, meaning >=0

Default: 1

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.idRanges.<name>.table.*.index

Index of the starting block

Type: unsigned integer, meaning >=0

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.idRanges.<name>.table.*.owner

Optional allocation owner

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.parallelStart

Number of containers to start in parallel during pool import.

Type: positive integer, meaning >0

Default: 2

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.parallelStop

Number of containers to stop in parallel during pool export.

Type: positive integer, meaning >0

Default: 4

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.pure

Determines whether the pool contains only users, groups and containers declared by Nix configuration. Users, groups and containers that are not declared are deleted when found. WARNING: enabling this option will cause all manually created containers, groups and users to be irreversibly destroyed, with any data they contained.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.repositories

Remote osctl repositories for container images

Type: attribute set of (submodule)

Default: { }

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.repositories.<name>.enabled

Enable/disable the repository. Disabled repositories are included in the system, but they are not search for images until reenabled, which may be done manually using osctl.

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.repositories.<name>.url

HTTP URL to the remote repository

Type: string

Example: "https://images.vpsadminos.org"

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.users

osctl users to include

Type: attribute set of (submodule)

Default: { }

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.users.<name>.gidMap

GID mapping for the user namespace, see man subgid(5).

Type: list of string

Default: [ ]

Example: [ "0:666000:65536" ]

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.users.<name>.idRange.blockIndex

Block index from the ID range that should be used to create UID/GID mapping.

Type: null or unsigned integer, meaning >=0

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.users.<name>.idRange.name

Name of an ID range from the same pool that should be used to allocate UID/GID IDs.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.pools.<name>.users.<name>.uidMap

UID mapping for the user namespace, see man subuid(5).

Type: list of string

Default: [ ]

Example: [ "0:666000:65536" ]

Declared by:

<vpsadminos/os/modules/osctl/pools.nix>
osctl.test-shell.enable

Enable test shell integration.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/osctl/test-shell.nix>
osctld.settings

osctld configuration options

Type: JSON value

Default: { }

Declared by:

<vpsadminos/os/modules/osctl/osctld.nix>
powerManagement.cpuFreqGovernor

CPU frequency scaling governor to use

Type: string

Default: "performance"

Example: "ondemand"

Declared by:

<vpsadminos/os/modules/tasks/cpu-freq.nix>
programs.bash.enableCompletion

Type: boolean

Default: true

Example: true

Declared by:

<nixpkgs/nixos/modules/programs/bash/bash-completion.nix>
programs.bash.interactiveShellInit

Type: strings concatenated with "\n"

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/bash/bash.nix>
programs.bash.loginShellInit

Type: strings concatenated with "\n"

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/bash/bash.nix>
programs.bash.promptInit

Type: strings concatenated with "\n"

Default:

''
# Provide a nice prompt if the terminal supports it.
if [ "$TERM" != "dumb" ] || [ -n "$INSIDE_EMACS" ]; then
  PROMPT_COLOR="1;31m"
  ((UID)) && PROMPT_COLOR="1;32m"
  if [ -n "$INSIDE_EMACS" ] || [ "$TERM" = "eterm" ] || [ "$TERM" = "eterm-color" ]; then
    # Emacs term mode doesn't support xterm title escape sequence (\e]0;)
    PS1="\n\[\033[$PROMPT_COLOR\][\u@\h:\w]\\$\[\033[0m\] "
  else
    PS1="\n\[\033[$PROMPT_COLOR\][\[\e]0;\u@\h: \w\a\]\u@\h:\w]\\$\[\033[0m\] "
  fi
  if test "$TERM" = "xterm"; then
    PS1="\[\033]2;\h:\u:\w\007\]$PS1"
  fi
fi
''

Declared by:

<nixpkgs/nixos/modules/programs/bash/bash.nix>
programs.bash.root.historyControl

Controlling how commands are saved on the history list.

Type: list of (one of "erasedups", "ignoredups", "ignorespace")

Default: [ ]

Declared by:

<vpsadminos/os/modules/programs/bash.nix>
programs.bash.root.historyFile

Location of the bash history file.

Type: string

Default: "$HOME/.bash_history"

Declared by:

<vpsadminos/os/modules/programs/bash.nix>
programs.bash.root.historyFileSize

Number of history lines to keep on file.

Type: signed integer

Default: 100000

Declared by:

<vpsadminos/os/modules/programs/bash.nix>
programs.bash.root.historyIgnore

List of commands that should not be saved to the history list.

Type: list of string

Default: [ ]

Example: [ "ls" "cd" "exit" ]

Declared by:

<vpsadminos/os/modules/programs/bash.nix>
programs.bash.root.historyPools

Names of ZFS pools where programs.bash.root.historyFile is mirrored. If the root file system is not persistent, shell history is lost between reboots. It's not recommented to set programs.bash.root.historyFile to a location on ZFS pools, because in case of its failure interactive shell sessions would hang while trying to load the history file. It is better to mirror the history file while possible, but its inaccessibility will not prevent bash from working. The history file is restored from the persistent storage during boot.

Type: list of string

Default: [ ]

Example: [ "tank" ]

Declared by:

<vpsadminos/os/modules/programs/bash.nix>
programs.bash.root.historySize

Number of history lines to keep in memory.

Type: signed integer

Default: 10000

Declared by:

<vpsadminos/os/modules/programs/bash.nix>
programs.bash.root.shellOptions

Shell options to set.

Type: list of string

Default: [ "histappend" "checkwinsize" "extglob" "globstar" "checkjobs" ]

Declared by:

<vpsadminos/os/modules/programs/bash.nix>
programs.bash.shellAliases

Type: attribute set of (null or string or path)

Default: { }

Declared by:

<nixpkgs/nixos/modules/programs/bash/bash.nix>
programs.bash.shellInit

Type: strings concatenated with "\n"

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/bash/bash.nix>
programs.htop.enable

Enable htop

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/programs/htop.nix>
programs.less.enable

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/programs/less.nix>
programs.less.clearDefaultCommands

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/programs/less.nix>
programs.less.commands

Type: attribute set of string

Default: { }

Example: { h = ''noaction 5\e(''; l = ''noaction 5\e)''; }

Declared by:

<nixpkgs/nixos/modules/programs/less.nix>
programs.less.configFile

Type: null or path

Default: null

Example: "${pkgs.my-configs}/lesskey"

Declared by:

<nixpkgs/nixos/modules/programs/less.nix>
programs.less.envVariables

Type: attribute set of string

Default: { LESS = "-R"; }

Example: { LESS = "--quit-if-one-screen"; }

Declared by:

<nixpkgs/nixos/modules/programs/less.nix>
programs.less.lessclose

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/programs/less.nix>
programs.less.lessopen

Type: null or string

Default: "|${pkgs.lesspipe}/bin/lesspipe.sh %s"

Declared by:

<nixpkgs/nixos/modules/programs/less.nix>
programs.less.lineEditingKeys

Type: attribute set of string

Default: { }

Example: { e = "abort"; }

Declared by:

<nixpkgs/nixos/modules/programs/less.nix>
programs.ssh.enableAskPassword

Type: boolean

Default: config.services.xserver.enable

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.package

Type: package

Default: pkgs.openssh

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.agentPKCS11Whitelist

Type: null or string

Default: null

Example: "${pkgs.opensc}/lib/opensc-pkcs11.so"

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.agentTimeout

Type: null or string

Default: null

Example: "1h"

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.askPassword

Type: string

Default: "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass"

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.ciphers

Type: null or (list of string)

Default: null

Example: [ "chacha20-poly1305@openssh.com" "aes256-gcm@openssh.com" ]

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.extraConfig

Type: strings concatenated with "\n"

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.forwardX11

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.hostKeyAlgorithms

Type: list of string

Default: [ ]

Example: [ "ssh-ed25519" "ssh-rsa" ]

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.kexAlgorithms

Type: null or (list of string)

Default: null

Example: [ "curve25519-sha256@libssh.org" "diffie-hellman-group-exchange-sha256" ]

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.knownHosts

Type: attribute set of (submodule)

Default: { }

Example:

{
  myhost = {
    extraHostNames = [ "myhost.mydomain.com" "10.10.1.4" ];
    publicKeyFile = ./pubkeys/myhost_ssh_host_dsa_key.pub;
  };
  "myhost2.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIRuJ8p1Fi+m6WkHV0KWnRfpM1WxoW8XAS+XvsSKsTK";
  "myhost2.net/dsa" = {
    hostNames = [ "myhost2.net" ];
    publicKeyFile = ./pubkeys/myhost2_ssh_host_dsa_key.pub;
  };
}

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.knownHosts.<name>.certAuthority

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.knownHosts.<name>.extraHostNames

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.knownHosts.<name>.hostNames

Type: list of string

Default: [ ‹name› ] ++ config.programs.ssh.knownHosts.<name>.extraHostNames

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.knownHosts.<name>.publicKey

Type: null or string

Default: null

Example: "ecdsa-sha2-nistp521 AAAAE2VjZHN...UEPg=="

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.knownHosts.<name>.publicKeyFile

Type: null or path

Default: null

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.knownHostsFiles

Type: list of path

Default: [ ]

Example:

[
  ./known_hosts
  (writeText "github.keys" ''
    github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
    github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
    github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
  '')
]

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.macs

Type: null or (list of string)

Default: null

Example: [ "hmac-sha2-512-etm@openssh.com" "hmac-sha1" ]

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.pubkeyAcceptedKeyTypes

Type: list of string

Default: [ ]

Example: [ "ssh-ed25519" "ssh-rsa" ]

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.setXAuthLocation

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.startAgent

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
runit.defaultRunlevel

Name of a runlevel that is entered by default on boot.

Type: string

Default: "default"

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services

System services

Type: attribute set of (submodule)

Default: { }

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.check

Called to check service status.

Type: string

Default: ""

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.control.alarm

Override runsv control for alarm If the script exits with 0, runsv refrains from sending the service the corresponding signal. See man runsv(8) for more information.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.control.continue

Override runsv control for continue If the script exits with 0, runsv refrains from sending the service the corresponding signal. See man runsv(8) for more information.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.control.down

Override runsv control for down If the script exits with 0, runsv refrains from sending the service the corresponding signal. See man runsv(8) for more information.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.control.exit

Override runsv control for exit If the script exits with 0, runsv refrains from sending the service the corresponding signal. See man runsv(8) for more information.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.control.hangup

Override runsv control for hangup If the script exits with 0, runsv refrains from sending the service the corresponding signal. See man runsv(8) for more information.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.control.intr

Override runsv control for intr If the script exits with 0, runsv refrains from sending the service the corresponding signal. See man runsv(8) for more information.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.control.kill

Override runsv control for kill If the script exits with 0, runsv refrains from sending the service the corresponding signal. See man runsv(8) for more information.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.control.pause

Override runsv control for pause If the script exits with 0, runsv refrains from sending the service the corresponding signal. See man runsv(8) for more information.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.control.quit

Override runsv control for quit If the script exits with 0, runsv refrains from sending the service the corresponding signal. See man runsv(8) for more information.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.control.terminate

Override runsv control for terminate If the script exits with 0, runsv refrains from sending the service the corresponding signal. See man runsv(8) for more information.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.control.up

Override runsv control for up If the script exits with 0, runsv refrains from sending the service the corresponding signal. See man runsv(8) for more information.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.control.usr1

Override runsv control for usr1 If the script exits with 0, runsv refrains from sending the service the corresponding signal. See man runsv(8) for more information.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.control.usr2

Override runsv control for usr2 If the script exits with 0, runsv refrains from sending the service the corresponding signal. See man runsv(8) for more information.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.finish

Called after services.runit.<service>.run exits.

Type: string

Default: ""

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.includeHelpers

Include helper functions, see ./helpers.sh.

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.killMode

Specifies how should processes started by this service be killed. If set to control-group, all processes are sent SIGTERM. If set to process, only the main process receives SIGTERM.

Type: one of "control-group", "process"

Default: "control-group"

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.log.enable

Whether to enable Start svlogd for the service..

Type: boolean

Default: false

Example: true

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.log.linePrefix

Tells svlogd to prefix each line to be written to the log directory, to standard error, or through UDP. If not set, it is set to include machine hostname and service name.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.log.logFiles

Sets the number of old log files svlogd should maintain. If svlogd sees more old log files in log after log file rotation, it deletes the oldest one. Default is 10. If set to zero, svlogd doesn’t remove old log files.

Type: unsigned integer, meaning >=0

Default: 10

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.log.logStandardError

Log messages the service writes to stderr.

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.log.maxFileSize

Sets the maximum file size of current when svlogd should rotate the current log file to size bytes. Default is 1000000. If fileSize is zero, svlogd doesn’t rotate log files.

Type: unsigned integer, meaning >=0

Default: 1000000

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.log.minLogFiles

Sets the minimum number of old log files svlogd should maintain. It must be less than logFiles. If it is set, and svlogd cannot write to current because the filesystem is full, and it sees more than minLogFiles old log files, it deletes the oldest one.

Type: unsigned integer, meaning >=0

Default: 0

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.log.run

Called to start log service.

Type: string

Default: ""

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.log.sendOnly

Send messages only via UDP, don't store them in the log directory.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.log.sendTo

Tells svlogd to transmit the first len characters of selected log messages to the IP address a.b.c.d, port number port. If port isn’t set, the default port for syslog is used (514). len can be set through the -l option, see below. If svlogd has trouble sending udp packets, it writes error messages to the log directory. Attention: logging through udp is unreliable, and should be used in private networks only.

Type: string

Default: ""

Example: "a.b.c.d[:port]"

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.log.timeout

Sets the maximum age of the current log file when svlogd should rotate the current log file to timeout seconds. If current is timeout seconds old, and is not empty, svlogd forces log file rotation.

Type: unsigned integer, meaning >=0

Default: 0

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.onChange

The action switch-to-configuration should perform when the service is changed.

Type: one of "restart", "reload", "ignore"

Default: "restart"

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.oneShot

Oneshot services are used to perform one-time tasks, there are no long-running processes monitored by runsv. Oneshot services are not restarted after they successfully exit.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.reloadMethod

Defines how should the service be reloaded. The value is the command given to runit's sv. See man sv(8) for available options.

Type: string

Default: "reload"

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.run

Called to start the service.

Type: string

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.services.<name>.runlevels

Runlevels the service is started in.

Type: list of string

Default: [ "default" ]

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.stage1

runit runs /etc/runit/1 and waits for it to terminate. The system’s one time tasks are done here. /etc/runit/1 has full control of /dev/console to be able to start an emergency shell if the one time initialization tasks fail. If /etc/runit/1 crashes, or exits 100, runit will skip stage 2 and enter stage 3.

Type: string

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.stage2

runit runs /etc/runit/2, which should not return until system shutdown; if it crashes, or exits 111, it will be restarted. Normally /etc/runit/2 starts runsvdir(8). runit is able to handle the ctrl-alt-del keyboard request in stage 2.

Type: string

Declared by:

<vpsadminos/os/modules/system/boot/runit>
runit.stage3

If runit is told to shutdown the system, or stage 2 returns, it terminates stage 2 if it is running, and runs /etc/runit/3. The systems tasks to shutdown and possibly halt or reboot the system are done here. If stage 3 returns, runit checks if the file /etc/runit/reboot exists and has the execute by owner permission set. If so, the system is rebooted, it’s halted otherwise.

Type: string

Declared by:

<vpsadminos/os/modules/system/boot/runit>
security.apparmor.enable

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/security/apparmor.nix>
security.apparmor.enableCache

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/security/apparmor.nix>
security.apparmor.packages

Type: list of package

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/security/apparmor.nix>
security.apparmor.includes

Type: attribute set of strings concatenated with "\n"

Default: { }

Declared by:

<nixpkgs/nixos/modules/security/apparmor.nix>
security.apparmor.killUnconfinedConfinables

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/security/apparmor.nix>
security.apparmor.policies

Type: attribute set of (submodule)

Default: { }

Declared by:

<nixpkgs/nixos/modules/security/apparmor.nix>
security.apparmor.policies.<name>.enable

Type: boolean

Default: true

Example: false

Declared by:

<nixpkgs/nixos/modules/security/apparmor.nix>
security.apparmor.policies.<name>.enforce

Type: boolean

Default: true

Example: false

Declared by:

<nixpkgs/nixos/modules/security/apparmor.nix>
security.apparmor.policies.<name>.profile

Type: strings concatenated with "\n"

Declared by:

<nixpkgs/nixos/modules/security/apparmor.nix>
security.pam.enableEcryptfs

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.enableFscrypt

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.enableOTPW

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.enableSSHAgentAuth

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.krb5.enable

Type: boolean

Default: config.krb5.enable

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.loginLimits

Type: list of (submodule)

Default: [ ]

Example: [ { domain = "ftp"; item = "nproc"; type = "hard"; value = "0"; } { domain = "@student"; item = "maxlogins"; type = "-"; value = "4"; } ]

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.loginLimits.*.domain

Type: string

Example: "@wheel"

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.loginLimits.*.item

Type: one of "core", "data", "fsize", "memlock", "nofile", "rss", "stack", "cpu", "nproc", "as", "maxlogins", "maxsyslogins", "priority", "locks", "sigpending", "msgqueue", "nice", "rtprio"

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.loginLimits.*.type

Type: one of "-", "hard", "soft"

Default: "-"

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.loginLimits.*.value

Type: string or signed integer

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.makeHomeDir.skelDirectory

Type: string

Default: "/var/empty"

Example: "/etc/skel"

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.mount.enable

Type: unspecified value

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
security.pam.oath.enable

Type: unspecified value

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
security.pam.p11.enable

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.p11.control

Type: one of "required", "requisite", "sufficient", "optional"

Default: "sufficient"

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services

Type: attribute set of (submodule)

Default: { }

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.enableAppArmor

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.enableGnomeKeyring

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.enableKwallet

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.allowNullPassword

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.duoSecurity.enable

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.failDelay.enable

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.failDelay.delay

Type: signed integer

Default: 3000000

Example: 1000000

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.forwardXAuth

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.fprintAuth

Type: boolean

Default: config.services.fprintd.enable

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.gnupg.enable

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.gnupg.noAutostart

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.gnupg.storeOnly

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.googleAuthenticator.enable

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.googleOsLoginAccountVerification

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.googleOsLoginAuthentication

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.limits

Type: list of (submodule)

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.limits.*.domain

Type: string

Example: "@wheel"

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.limits.*.item

Type: one of "core", "data", "fsize", "memlock", "nofile", "rss", "stack", "cpu", "nproc", "as", "maxlogins", "maxsyslogins", "priority", "locks", "sigpending", "msgqueue", "nice", "rtprio"

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.limits.*.type

Type: one of "-", "hard", "soft"

Default: "-"

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.limits.*.value

Type: string or signed integer

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.logFailures

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.makeHomeDir

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.mysqlAuth

Type: boolean

Default: config.users.mysql.enable

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.name

Type: string

Example: "sshd"

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.nodelay

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.oathAuth

Type: boolean

Default: config.security.pam.oath.enable

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.otpwAuth

Type: boolean

Default: config.security.pam.enableOTPW

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.p11Auth

Type: boolean

Default: config.security.pam.p11.enable

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.pamMount

Type: boolean

Default: config.security.pam.mount.enable

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.requireWheel

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.rootOK

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.setEnvironment

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.setLoginUid

Type: boolean

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.showMotd

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.sshAgentAuth

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.sssdStrictAccess

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.startSession

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.text

Type: null or strings concatenated with "\n"

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.ttyAudit.enable

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.ttyAudit.enablePattern

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.ttyAudit.disablePattern

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.ttyAudit.openOnly

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.u2fAuth

Type: boolean

Default: config.security.pam.u2f.enable

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.unixAuth

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.updateWtmp

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.usbAuth

Type: boolean

Default: config.security.pam.usb.enable

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.usshAuth

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name>.yubicoAuth

Type: boolean

Default: config.security.pam.yubico.enable

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.u2f.enable

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.u2f.appId

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.u2f.authFile

Type: null or path

Default: null

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.u2f.control

Type: one of "required", "requisite", "sufficient", "optional"

Default: "sufficient"

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.u2f.cue

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.u2f.debug

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.u2f.interactive

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.u2f.origin

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.usb.enable

Type: unspecified value

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
security.pam.ussh.enable

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.ussh.authorizedPrincipals

Type: null or strings concatenated with ","

Default: null

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.ussh.authorizedPrincipalsFile

Type: null or path

Default: null

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.ussh.caFile

Type: null or path

Default: null

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.ussh.control

Type: one of "required", "requisite", "sufficient", "optional"

Default: "sufficient"

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.ussh.group

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.yubico.enable

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.yubico.challengeResponsePath

Type: null or path

Default: null

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.yubico.control

Type: one of "required", "requisite", "sufficient", "optional"

Default: "sufficient"

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.yubico.debug

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.yubico.id

Type: string

Example: "42"

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.yubico.mode

Type: one of "client", "challenge-response"

Default: "client"

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pki.caCertificateBlacklist

Type: list of string

Default: [ ]

Example: [ "WoSign" "WoSign China" "CA WoSign ECC Root" "Certification Authority of WoSign G2" ]

Declared by:

<nixpkgs/nixos/modules/security/ca.nix>
security.pki.certificateFiles

Type: list of path

Default: [ ]

Example: [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]

Declared by:

<nixpkgs/nixos/modules/security/ca.nix>
security.pki.certificates

Type: list of string

Default: [ ]

Example:

[ ''
    NixOS.org
    =========
    -----BEGIN CERTIFICATE-----
    MIIGUDCCBTigAwIBAgIDD8KWMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ
    TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
    ...
    -----END CERTIFICATE-----
  ''
]

Declared by:

<nixpkgs/nixos/modules/security/ca.nix>
security.sudo.enable

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/security/sudo.nix>
security.sudo.package

Type: package

Default: pkgs.sudo

Declared by:

<nixpkgs/nixos/modules/security/sudo.nix>
security.sudo.configFile

Type: strings concatenated with "\n"

Declared by:

<nixpkgs/nixos/modules/security/sudo.nix>
security.sudo.execWheelOnly

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/sudo.nix>
security.sudo.extraConfig

Type: strings concatenated with "\n"

Default: ""

Declared by:

<nixpkgs/nixos/modules/security/sudo.nix>
security.sudo.extraRules

Type: list of (submodule)

Default: [ ]

Example:

[
  # Allow execution of any command by all users in group sudo,
  # requiring a password.
  { groups = [ "sudo" ]; commands = [ "ALL" ]; }

  # Allow execution of "/home/root/secret.sh" by user `backup`, `database`
  # and the group with GID `1006` without a password.
  { users = [ "backup" "database" ]; groups = [ 1006 ];
    commands = [ { command = "/home/root/secret.sh"; options = [ "SETENV" "NOPASSWD" ]; } ]; }

  # Allow all users of group `bar` to run two executables as user `foo`
  # with arguments being pre-set.
  { groups = [ "bar" ]; runAs = "foo";
    commands =
      [ "/home/baz/cmd1.sh hello-sudo"
          { command = ''/home/baz/cmd2.sh ""''; options = [ "SETENV" ]; } ]; }
]

Declared by:

<nixpkgs/nixos/modules/security/sudo.nix>
security.sudo.extraRules.*.commands

Type: list of (string or (submodule))

Declared by:

<nixpkgs/nixos/modules/security/sudo.nix>
security.sudo.extraRules.*.groups

Type: list of (string or signed integer)

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/security/sudo.nix>
security.sudo.extraRules.*.host

Type: string

Default: "ALL"

Declared by:

<nixpkgs/nixos/modules/security/sudo.nix>
security.sudo.extraRules.*.runAs

Type: string

Default: "ALL:ALL"

Declared by:

<nixpkgs/nixos/modules/security/sudo.nix>
security.sudo.extraRules.*.users

Type: list of (string or signed integer)

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/security/sudo.nix>
security.sudo.wheelNeedsPassword

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/security/sudo.nix>
security.virtualisation

Type: unspecified value

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
security.wrapperDirSize

Type: string

Default: "50%"

Example: "10G"

Declared by:

<nixpkgs/nixos/modules/security/wrappers/default.nix>
security.wrappers

Type: attribute set of (submodule)

Default: { }

Example:

{
  # a setuid root program
  doas =
    { setuid = true;
      owner = "root";
      group = "root";
      source = "${pkgs.doas}/bin/doas";
    };

  # a setgid program
  locate =
    { setgid = true;
      owner = "root";
      group = "mlocate";
      source = "${pkgs.locate}/bin/locate";
    };

  # a program with the CAP_NET_RAW capability
  ping =
    { owner = "root";
      group = "root";
      capabilities = "cap_net_raw+ep";
      source = "${pkgs.iputils.out}/bin/ping";
    };
}

Declared by:

<nixpkgs/nixos/modules/security/wrappers/default.nix>
security.wrappers.<name>.capabilities

Type: strings concatenated with ","

Default: ""

Declared by:

<nixpkgs/nixos/modules/security/wrappers/default.nix>
security.wrappers.<name>.group

Type: string

Declared by:

<nixpkgs/nixos/modules/security/wrappers/default.nix>
security.wrappers.<name>.owner

Type: string

Declared by:

<nixpkgs/nixos/modules/security/wrappers/default.nix>
security.wrappers.<name>.permissions

Type: file mode string

Default: "u+rx,g+x,o+x"

Example: "a+rx"

Declared by:

<nixpkgs/nixos/modules/security/wrappers/default.nix>
security.wrappers.<name>.program

Type: null or string

Default: "‹name›"

Declared by:

<nixpkgs/nixos/modules/security/wrappers/default.nix>
security.wrappers.<name>.setgid

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/wrappers/default.nix>
security.wrappers.<name>.setuid

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/wrappers/default.nix>
security.wrappers.<name>.source

Type: path

Declared by:

<nixpkgs/nixos/modules/security/wrappers/default.nix>
services.apcupsd.enable

Whether to enable the APC UPS daemon. apcupsd monitors your UPS and permits orderly shutdown of your computer in the event of a power failure. User manual: http://www.apcupsd.com/manual/manual.html. Note that apcupsd runs as root (to allow shutdown of computer). You can check the status of your UPS with the "apcaccess" command.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/services/monitoring/apcupsd.nix>
services.apcupsd.configText

Contents of the runtime configuration file, apcupsd.conf. The default settings makes apcupsd autodetect USB UPSes, limit network access to localhost and shutdown the system when the battery level is below 50 percent, or when the UPS has calculated that it has 5 minutes or less of remaining power-on time. See man apcupsd.conf for details.

Type: strings concatenated with "\n"

Default:

''
UPSTYPE usb
NISIP 127.0.0.1
BATTERYLEVEL 50
MINUTES 5
''

Declared by:

<vpsadminos/os/modules/services/monitoring/apcupsd.nix>
services.apcupsd.hooks

Each attribute in this option names an apcupsd event and the string value it contains will be executed in a shell, in response to that event (prior to the default action). See "man apccontrol" for the list of events and what they represent. A hook script can stop apccontrol from doing its default action by exiting with value 99. Do not do this unless you know what you're doing.

Type: attribute set of strings concatenated with "\n"

Default: { }

Example: { doshutdown = "# shell commands to notify that the computer is shutting down"; }

Declared by:

<vpsadminos/os/modules/services/monitoring/apcupsd.nix>
services.avahi

Type: unspecified value

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
services.bird2.enable

Whether to enable BIRD Internet Routing Daemon.

Type: boolean

Default: false

Example: true

Declared by:

<vpsadminos/os/modules/services/networking/bird.nix>
services.bird2.checkConfig

Whether the config should be checked at build time. When the config can't be checked during build time, for example when it includes other files, either disable this option or use preCheckConfig to create the included files before checking.

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/services/networking/bird.nix>
services.bird2.config

BIRD Internet Routing Daemon configuration file. http://bird.network.cz/

Type: strings concatenated with "\n"

Declared by:

<vpsadminos/os/modules/services/networking/bird.nix>
services.bird2.group

Group the bird daemon runs as

Type: string (read only)

Default: "bird2"

Declared by:

<vpsadminos/os/modules/services/networking/bird.nix>
services.bird2.preCheckConfig

Commands to execute before the config file check. The file to be checked will be available as bird2.conf in the current directory. Files created with this option will not be available at service runtime, only during build time checking.

Type: strings concatenated with "\n"

Default: ""

Example:

''
echo "cost 100;" > include.conf
''

Declared by:

<vpsadminos/os/modules/services/networking/bird.nix>
services.bird2.preStartCommands

Commands executed before the bird daemon is started

Type: strings concatenated with "\n"

Default: ""

Declared by:

<vpsadminos/os/modules/services/networking/bird.nix>
services.bird2.user

User the bird daemon runs as

Type: string (read only)

Default: "bird2"

Declared by:

<vpsadminos/os/modules/services/networking/bird.nix>
services.build-vpsadminos-container-image-repository

This module provides interface for building vpsAdminOS container image repositories in a virtual machine running vpsAdminOS.

Type: attribute set of (submodule)

Declared by:

<vpsadminos/os/modules/services/misc/build-vpsadminos-container-image-repository/options.nix>
services.build-vpsadminos-container-image-repository.<name>.enable

Whether to enable Enable the systemd service for this repository .

Type: boolean

Default: false

Example: true

Declared by:

<vpsadminos/os/modules/services/misc/build-vpsadminos-container-image-repository/options.nix>
services.build-vpsadminos-container-image-repository.<name>.buildScripts

Build scripts for use with osctl-image

Type: package

Default: (build of source)

Declared by:

<vpsadminos/os/modules/services/misc/build-vpsadminos-container-image-repository/options.nix>
services.build-vpsadminos-container-image-repository.<name>.cacheDirectory

Directory where built images are stored

Type: path

Default: "/var/lib/vpsadminos-container-image-repository/‹name›/cache"

Declared by:

<vpsadminos/os/modules/services/misc/build-vpsadminos-container-image-repository/options.nix>
services.build-vpsadminos-container-image-repository.<name>.logDirectory

Directory where build log files are stored

Type: path

Default: "/var/lib/vpsadminos-container-image-repository/‹name›/log"

Declared by:

<vpsadminos/os/modules/services/misc/build-vpsadminos-container-image-repository/options.nix>
services.build-vpsadminos-container-image-repository.<name>.osModules

Modules included in the vpsAdminOS virtual machine This list should include at least a module which configures option services.osctl.image-repository.<name> from vpsAdminOS for the repository of the same name.

Type: list of anything

Default: [ ]

Declared by:

<vpsadminos/os/modules/services/misc/build-vpsadminos-container-image-repository/options.nix>
services.build-vpsadminos-container-image-repository.<name>.osVm.disks

Disks available within the VM

Type: list of (submodule)

Example: [ { create = true; device = "sda.img"; size = "8G"; type = "file"; } ]

Declared by:

<vpsadminos/os/modules/services/misc/build-vpsadminos-container-image-repository/options.nix>
services.build-vpsadminos-container-image-repository.<name>.osVm.disks.*.create

Create the device if it does not exist. Applicable only for file-backed devices.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/services/misc/build-vpsadminos-container-image-repository/options.nix>
services.build-vpsadminos-container-image-repository.<name>.osVm.disks.*.device

Path to the disk device

Type: string

Declared by:

<vpsadminos/os/modules/services/misc/build-vpsadminos-container-image-repository/options.nix>
services.build-vpsadminos-container-image-repository.<name>.osVm.disks.*.size

Device size

Type: string

Default: ""

Declared by:

<vpsadminos/os/modules/services/misc/build-vpsadminos-container-image-repository/options.nix>
services.build-vpsadminos-container-image-repository.<name>.osVm.disks.*.type

Device type

Type: one of "file", "blockdev"

Declared by:

<vpsadminos/os/modules/services/misc/build-vpsadminos-container-image-repository/options.nix>
services.build-vpsadminos-container-image-repository.<name>.postRunCommands

Bash commands run after the build VM has exited. It is also run when the built has failed.

Type: strings concatenated with "\n"

Default: ""

Declared by:

<vpsadminos/os/modules/services/misc/build-vpsadminos-container-image-repository/options.nix>
services.build-vpsadminos-container-image-repository.<name>.repositoryDirectory

Directory where the resulting container image repository is stored

Type: path

Default: "/var/lib/vpsadminos-container-image-repository/‹name›/repository"

Declared by:

<vpsadminos/os/modules/services/misc/build-vpsadminos-container-image-repository/options.nix>
services.cgmanager

Type: unspecified value

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
services.cron.enable

Whether to enable the Vixie cron daemon.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/services/scheduling/cron.nix>
services.cron.cronFiles

A list of extra crontab files that will be read and appended to the main crontab file when the cron service starts.

Type: list of path

Default: [ ]

Declared by:

<vpsadminos/os/modules/services/scheduling/cron.nix>
services.cron.mailto

Email address to which job output will be mailed.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/services/scheduling/cron.nix>
services.cron.systemCronJobs

A list of Cron jobs to be appended to the system-wide crontab. See the manual page for crontab for the expected format. If you want to get the results mailed you must setuid sendmail. See security.wrappers If neither /var/cron/cron.deny nor /var/cron/cron.allow exist only root will is allowed to have its own crontab file. The /var/cron/cron.deny file is created automatically for you. So every user can use a crontab. Many nixos modules set systemCronJobs, so if you decide to disable vixie cron and enable another cron daemon, you may want it to get its system crontab based on systemCronJobs.

Type: list of string

Default: [ ]

Example:

[ "* * * * *  test   ls -l / > /tmp/cronout 2>&1"
  "* * * * *  eelco  echo Hello World > /home/eelco/cronout"
]

Declared by:

<vpsadminos/os/modules/services/scheduling/cron.nix>
services.dhcpd4.enable

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.dhcpd4.authoritative

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.dhcpd4.configFile

Type: null or path

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.dhcpd4.extraConfig

Type: strings concatenated with "\n"

Default: ""

Example:

''
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.5;
option domain-name-servers 130.161.158.4, 130.161.33.17, 130.161.180.1;
option domain-name "example.org";
subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.100 192.168.1.200;
}
''

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.dhcpd4.extraFlags

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.dhcpd4.interfaces

Type: list of string

Default: [ "eth0" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.dhcpd4.machines

Type: list of (submodule)

Default: [ ]

Example: [ { ethernetAddress = "00:16:76:9a:32:1d"; hostName = "foo"; ipAddress = "192.168.1.10"; } { ethernetAddress = "00:19:d1:1d:c4:9a"; hostName = "bar"; ipAddress = "192.168.1.11"; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.dhcpd4.machines.*.ethernetAddress

Type: string

Example: "00:16:76:9a:32:1d"

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.dhcpd4.machines.*.hostName

Type: string

Example: "foo"

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.dhcpd4.machines.*.ipAddress

Type: string

Example: "192.168.1.10"

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.dhcpd6.enable

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.dhcpd6.authoritative

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.dhcpd6.configFile

Type: null or path

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.dhcpd6.extraConfig

Type: strings concatenated with "\n"

Default: ""

Example:

''
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.5;
option domain-name-servers 130.161.158.4, 130.161.33.17, 130.161.180.1;
option domain-name "example.org";
subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.100 192.168.1.200;
}
''

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.dhcpd6.extraFlags

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.dhcpd6.interfaces

Type: list of string

Default: [ "eth0" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.dhcpd6.machines

Type: list of (submodule)

Default: [ ]

Example: [ { ethernetAddress = "00:16:76:9a:32:1d"; hostName = "foo"; ipAddress = "192.168.1.10"; } { ethernetAddress = "00:19:d1:1d:c4:9a"; hostName = "bar"; ipAddress = "192.168.1.11"; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.dhcpd6.machines.*.ethernetAddress

Type: string

Example: "00:16:76:9a:32:1d"

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.dhcpd6.machines.*.hostName

Type: string

Example: "foo"

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.dhcpd6.machines.*.ipAddress

Type: string

Example: "192.168.1.10"

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
services.fprintd

Type: unspecified value

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
services.geoclue2

Type: unspecified value

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
services.haveged.enable

Whether to enable to haveged entropy daemon, which refills /dev/random when low.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/services/security/haveged.nix>
services.haveged.refill_threshold

The number of bits of available entropy beneath which haveged should refill the entropy pool.

Type: signed integer

Default: 1024

Declared by:

<vpsadminos/os/modules/services/security/haveged.nix>
services.live-patches.enable

When enabled, live-patches utility is added to system path along with compiled live patch kernel modules. Note, patches are automatically loaded only upon machine boot, live-patches util has to be called manually to load them when deploying onto a running machine.

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/services/livepatches/default.nix>
services.logrotate.enable

Whether to enable Enable log rotation.

Type: boolean

Default: false

Example: true

Declared by:

<vpsadminos/os/modules/services/logging/logrotate.nix>
services.logrotate.extraConfig

Additional text to append to logrotate.conf

Type: string

Default: ""

Example:

''
/var/log/wtmp {
  monthly
  minsize 1M
  create 0664 root utmp
  rotate 1
}
''

Declared by:

<vpsadminos/os/modules/services/logging/logrotate.nix>
services.logrotate.logFiles

Type: list of (submodule)

Default: [ ]

Declared by:

<vpsadminos/os/modules/services/logging/logrotate.nix>
services.logrotate.logFiles.*.config

logrotate configuration

Type: string

Example:

''
daily
rotate 7
dateext
copytruncate
notifempty
nocompress
''

Declared by:

<vpsadminos/os/modules/services/logging/logrotate.nix>
services.logrotate.logFiles.*.files

Files to rotate

Type: list of string

Example: [ "/var/log/messages" "/var/log/*.log" ]

Declared by:

<vpsadminos/os/modules/services/logging/logrotate.nix>
services.lxcfs.enable

Enable system-wide LXCFS instance

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/virtualisation/lxcfs.nix>
services.munin-node.enable

Enable Munin Node agent. Munin node listens on 0.0.0.0 and by default accepts connections only from 127.0.0.1 for security reasons. See http://guide.munin-monitoring.org/en/latest/architecture/index.html.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/services/monitoring/munin.nix>
services.munin-node.disabledPlugins

Munin plugins to disable, even if munin-node-configure --suggest tries to enable them. To disable a wildcard plugin, use an actual wildcard, as in the example. munin_stats is disabled by default as it tries to read /var/log/munin/munin-update.log for timing information, and the NixOS build of Munin does not write this file.

Type: list of string

Default: [ "munin_stats" ]

Example: [ "diskstats" "zfs_usage_*" ]

Declared by:

<vpsadminos/os/modules/services/monitoring/munin.nix>
services.munin-node.extraAutoPlugins

Additional Munin plugins to autoconfigure, using munin-node-configure --suggest. These should be the actual paths to the plugin files (or directories containing them), not just their names. If you want to manually enable individual plugins instead, use services.munin-node.extraPlugins. Note that only plugins that have the 'autoconfig' capability will do anything if listed here, since plugins that cannot autoconfigure won't be automatically enabled by munin-node-configure. Plugins will be copied into the Nix store, and it will attempt to modify them to run properly by fixing hardcoded references to /bin, /usr/bin, /sbin, and /usr/sbin.

Type: list of path

Default: [ ]

Example:

[
  /src/munin-contrib/plugins/zfs
  /src/munin-contrib/plugins/ssh
];

Declared by:

<vpsadminos/os/modules/services/monitoring/munin.nix>
services.munin-node.extraConfig

munin-node.conf extra configuration. See http://guide.munin-monitoring.org/en/latest/reference/munin-node.conf.html

Type: strings concatenated with "\n"

Default: ""

Declared by:

<vpsadminos/os/modules/services/monitoring/munin.nix>
services.munin-node.extraPluginConfig

plugin-conf.d extra plugin configuration. See http://guide.munin-monitoring.org/en/latest/plugin/use.html

Type: strings concatenated with "\n"

Default: ""

Example:

''
[fail2ban_*]
user root
''

Declared by:

<vpsadminos/os/modules/services/monitoring/munin.nix>
services.munin-node.extraPlugins

Additional Munin plugins to activate. Keys are the name of the plugin symlink, values are the path to the underlying plugin script. You can use the same plugin script multiple times (e.g. for wildcard plugins). Note that these plugins do not participate in autoconfiguration. If you want to autoconfigure additional plugins, use services.munin-node.extraAutoPlugins. Plugins enabled in this manner take precedence over autoconfigured plugins. Plugins will be copied into the Nix store, and it will attempt to modify them to run properly by fixing hardcoded references to /bin, /usr/bin, /sbin, and /usr/sbin.

Type: attribute set of path

Default: { }

Example:

{
  zfs_usage_bigpool = /src/munin-contrib/plugins/zfs/zfs_usage_;
  zfs_usage_smallpool = /src/munin-contrib/plugins/zfs/zfs_usage_;
  zfs_list = /src/munin-contrib/plugins/zfs/zfs_list;
};

Declared by:

<vpsadminos/os/modules/services/monitoring/munin.nix>
services.nfs.server.enable

Whether to enable Enable NFS server.

Type: boolean

Default: false

Example: true

Declared by:

<vpsadminos/os/modules/services/network-filesystems/nfs.nix>
services.nfs.server.exports

Contents of the /etc/exports file. See exports(5) for the format.

Type: strings concatenated with "\n"

Default: ""

Declared by:

<vpsadminos/os/modules/services/network-filesystems/nfs.nix>
services.nfs.server.lockdPort

Use a fixed port for the NFS lock manager kernel module (lockd/nlockmgr). This is useful if the NFS server is behind a firewall.

Type: null or signed integer

Default: null

Example: 4001

Declared by:

<vpsadminos/os/modules/services/network-filesystems/nfs.nix>
services.nfs.server.mountdPort

Use fixed port for rpc.mountd, useful if server is behind firewall.

Type: null or signed integer

Default: null

Example: 4002

Declared by:

<vpsadminos/os/modules/services/network-filesystems/nfs.nix>
services.nfs.server.nfsd.allowedVersions

This option can be used to request that rpc.nfsd offer certain versions of NFS. The current version of rpc.nfsd can support major NFS versions 2,3,4 and the minor versions 4.0, 4.1 and 4.2.

Type: list of (one of "2", "3", "4", "4.0", "4.1", "4.2")

Default: [ ]

Declared by:

<vpsadminos/os/modules/services/network-filesystems/nfs.nix>
services.nfs.server.nfsd.disallowedVersions

This option can be used to request that rpc.nfsd does not offer certain versions of NFS. The current version of rpc.nfsd can support major NFS versions 2,3,4 and the minor versions 4.0, 4.1 and 4.2.

Type: list of (one of "2", "3", "4", "4.0", "4.1", "4.2")

Default: [ ]

Declared by:

<vpsadminos/os/modules/services/network-filesystems/nfs.nix>
services.nfs.server.nfsd.nproc

Specify the number of NFS server threads. By default, eight threads are started. However, for optimum performance several threads should be used.

Type: positive integer, meaning >0

Default: 8

Declared by:

<vpsadminos/os/modules/services/network-filesystems/nfs.nix>
services.nfs.server.nfsd.port

Configure port for rpc.nfsd, useful if server is behind firewall.

Type: signed integer

Default: 2049

Declared by:

<vpsadminos/os/modules/services/network-filesystems/nfs.nix>
services.nfs.server.nfsd.syslog

By default, rpc.nfsd logs error messages (and debug messages, if enabled) to stderr. This option makes rpc.nfsd log these messages to syslog instead. Note that errors encountered during option processing will still be logged to stderr regardless of this option.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/services/network-filesystems/nfs.nix>
services.nfs.server.nfsd.tcp

Instruct the kernel nfs server to open and listen on a TCP socket.

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/services/network-filesystems/nfs.nix>
services.nfs.server.nfsd.udp

Instruct the kernel nfs server to open and listen on a UDP socket.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/services/network-filesystems/nfs.nix>
services.nfs.server.statdPort

Use a fixed port for rpc.statd. This is useful if the NFS server is behind a firewall.

Type: null or signed integer

Default: null

Example: 4000

Declared by:

<vpsadminos/os/modules/services/network-filesystems/nfs.nix>
services.nscd

Type: unspecified value

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
services.opensmtpd.enable

Whether to enable the OpenSMTPD server.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/services/mail/opensmtpd.nix>
services.opensmtpd.package

The OpenSMTPD package to use.

Type: package

Default: "pkgs.opensmtpd"

Declared by:

<vpsadminos/os/modules/services/mail/opensmtpd.nix>
services.opensmtpd.addSendmailToSystemPath

Whether to add OpenSMTPD's sendmail binary to the system path or not.

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/services/mail/opensmtpd.nix>
services.opensmtpd.extraServerArgs

Extra command line arguments provided when the smtpd process is started.

Type: list of string

Default: [ ]

Example: [ "-v" "-P mta" ]

Declared by:

<vpsadminos/os/modules/services/mail/opensmtpd.nix>
services.opensmtpd.procPackages

Packages to search for filters, tables, queues, and schedulers. Add OpenSMTPD-extras here if you want to use the filters, etc. from that package.

Type: list of package

Default: [ ]

Declared by:

<vpsadminos/os/modules/services/mail/opensmtpd.nix>
services.opensmtpd.serverConfiguration

The contents of the smtpd.conf configuration file. See the OpenSMTPD documentation for syntax information.

Type: null or strings concatenated with "\n"

Default: null

Example:

''
listen on lo
accept for any deliver to lmtp localhost:24
''

Declared by:

<vpsadminos/os/modules/services/mail/opensmtpd.nix>
services.openssh.enable

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.allowSFTP

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.authorizedKeysCommand

Type: string

Default: "none"

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.authorizedKeysCommandUser

Type: string

Default: "nobody"

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.authorizedKeysFiles

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.banner

Type: null or strings concatenated with "\n"

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.ciphers

Type: list of string

Default: [ "chacha20-poly1305@openssh.com" "aes256-gcm@openssh.com" "aes128-gcm@openssh.com" "aes256-ctr" "aes192-ctr" "aes128-ctr" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.extraConfig

Type: strings concatenated with "\n"

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.forwardX11

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.gatewayPorts

Type: string

Default: "no"

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.hostKeys

Type: list of (attribute set)

Default: [ { bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; type = "rsa"; } { path = "/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; } ]

Example: [ { bits = 4096; openSSHFormat = true; path = "/etc/ssh/ssh_host_rsa_key"; rounds = 100; type = "rsa"; } { comment = "key comment"; path = "/etc/ssh/ssh_host_ed25519_key"; rounds = 100; type = "ed25519"; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.kbdInteractiveAuthentication

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.kexAlgorithms

Type: list of string

Default: [ "sntrup761x25519-sha512@openssh.com" "curve25519-sha256" "curve25519-sha256@libssh.org" "diffie-hellman-group-exchange-sha256" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.knownHosts

Type: attribute set of (submodule)

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.knownHosts.<name>.certAuthority

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
services.openssh.knownHosts.<name>.extraHostNames

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
services.openssh.knownHosts.<name>.hostNames

Type: list of string

Default: [ ‹name› ] ++ config.services.openssh.knownHosts.<name>.extraHostNames

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
services.openssh.knownHosts.<name>.publicKey

Type: null or string

Default: null

Example: "ecdsa-sha2-nistp521 AAAAE2VjZHN...UEPg=="

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
services.openssh.knownHosts.<name>.publicKeyFile

Type: null or path

Default: null

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
services.openssh.listenAddresses

Type: list of (submodule)

Default: [ ]

Example: [ { addr = "192.168.3.1"; port = 22; } { addr = "0.0.0.0"; port = 64022; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.listenAddresses.*.addr

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.listenAddresses.*.port

Type: null or signed integer

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.logLevel

Type: one of "QUIET", "FATAL", "ERROR", "INFO", "VERBOSE", "DEBUG", "DEBUG1", "DEBUG2", "DEBUG3"

Default: "INFO"

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.macs

Type: list of string

Default: [ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-256-etm@openssh.com" "umac-128-etm@openssh.com" "hmac-sha2-512" "hmac-sha2-256" "umac-128@openssh.com" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.moduliFile

Type: path

Example: "/etc/my-local-ssh-moduli;"

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.openFirewall

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.passwordAuthentication

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.permitRootLogin

Type: one of "yes", "without-password", "prohibit-password", "forced-commands-only", "no"

Default: "prohibit-password"

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.ports

Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ 22 ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.sftpFlags

Type: list of string

Default: [ ]

Example: [ "-f AUTHPRIV" "-l INFO" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.sftpServerExecutable

Type: string

Example: "internal-sftp"

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.startWhenNeeded

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.openssh.useDns

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.osctl.image-repository

Configure container image repositories

Type: attribute set of (submodule)

Default: { }

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.enableCronJob

Enable cron job run at osctl.image-repository.<name>.buildInterval

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.buildDataset

Name of a dataset used to build images

Type: string

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.buildInterval

Date and time expression for when to build images in a crontab format, i.e. minute, hour, day of month, month and day of month separated by spaces.

Type: null or string

Default: "0 4 * * *"

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.buildScriptDir

Path to directory with image build scripts for use with osctl-image

Type: string

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.cacheDir

Path to directory where built images are cached before added to the repository.

Type: string

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.defaultVendor

Name of the default image vendor

Type: string

Example: "vpsadminos"

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.garbageCollection

Garbage collection of old images

Type: list of (submodule)

Default: [ ]

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.garbageCollection.*.arch

Regular expression to match image arch

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.garbageCollection.*.distribution

Regular expression to match image distribution

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.garbageCollection.*.keep

Number of matched images to keep

Type: signed integer

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.garbageCollection.*.variant

Regular expression to match image variant

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.garbageCollection.*.vendor

Regular expression to match image vendor

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.garbageCollection.*.version

Regular expression to match image version

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.images

Configure container images

Type: attribute set of attribute set of (submodule)

Default: { }

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.images.<name>.<name>.keepFailedTests

Keep containers of failed tests for further analysis

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.images.<name>.<name>.name

Optional image name

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.images.<name>.<name>.rebuild

Rebuild the image even if it is found in cacheDir

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.images.<name>.<name>.tags

Image tags

Type: list of string

Default: [ ]

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.keepAllFailedTests

Keep containers of all failed tests for further analysis

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.logDir

Directory where build logs will be stored.

Type: string

Default: "/tmp"

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.path

Path to the generated image repository.

Type: string

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.postBuild

Shell commands run after all images were built, or attempted to be built

Type: strings concatenated with "\n"

Default: ""

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.rebuildAll

Rebuild all images, even when they're found in cacheDir

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.vendors

Vendors

Type: attribute set of (submodule)

Default: { }

Example: { vpsadminos = { defaultVariant = "minimal"; } ; }

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.osctl.image-repository.<name>.vendors.<name>.defaultVariant

Name of the default image variant

Type: string

Example: "minimal"

Declared by:

<vpsadminos/os/modules/services/osctl/image-repository>
services.prometheus.exporters.node.enable

Whether to enable Enable node_exporter service.

Type: boolean

Default: false

Example: true

Declared by:

<vpsadminos/os/modules/services/monitoring/prometheus/node_exporter.nix>
services.prometheus.exporters.node.enabledCollectors

Collectors to enable. The collectors listed here are enabled in addition to the default ones.

Type: list of string

Default: [ "runit" "nfs" "textfile" ]

Example: ''[ "nfs" ]''

Declared by:

<vpsadminos/os/modules/services/monitoring/prometheus/node_exporter.nix>
services.prometheus.exporters.node.disabledCollectors

Collectors to disable which are enabled by default.

Type: list of string

Default: [ "systemd" ]

Example: ''[ "timex" ]''

Declared by:

<vpsadminos/os/modules/services/monitoring/prometheus/node_exporter.nix>
services.prometheus.exporters.node.extraFlags

Extra commandline options to pass to node_exporter.

Type: list of string

Default: [ ]

Declared by:

<vpsadminos/os/modules/services/monitoring/prometheus/node_exporter.nix>
services.prometheus.exporters.node.listenAddress

Address to listen on.

Type: string

Default: "0.0.0.0"

Declared by:

<vpsadminos/os/modules/services/monitoring/prometheus/node_exporter.nix>
services.prometheus.exporters.node.port

Port to listen on.

Type: signed integer

Default: 9100

Declared by:

<vpsadminos/os/modules/services/monitoring/prometheus/node_exporter.nix>
services.prometheus.exporters.osbench.enable

Whether to enable Enable osbench exporter.

Type: boolean

Default: false

Example: true

Declared by:

<vpsadminos/os/modules/services/monitoring/prometheus/osbench>
services.prometheus.exporters.osbench.tests.create_files.enable

Enable osbench test create_files

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/services/monitoring/prometheus/osbench>
services.prometheus.exporters.osbench.tests.create_files.cronInterval

Date and time expression in a crontab format for when to run the test

Type: string

Default: "*/1 * * * *"

Declared by:

<vpsadminos/os/modules/services/monitoring/prometheus/osbench>
services.prometheus.exporters.osbench.tests.create_files.testDirectory

Directory in which test files are created

Type: path

Default: "/tmp"

Declared by:

<vpsadminos/os/modules/services/monitoring/prometheus/osbench>
services.prometheus.exporters.osbench.tests.create_processes.enable

Enable osbench test create_processes

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/services/monitoring/prometheus/osbench>
services.prometheus.exporters.osbench.tests.create_processes.cronInterval

Date and time expression in a crontab format for when to run the test

Type: string

Default: "*/1 * * * *"

Declared by:

<vpsadminos/os/modules/services/monitoring/prometheus/osbench>
services.prometheus.exporters.osbench.tests.create_threads.enable

Enable osbench test create_threads

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/services/monitoring/prometheus/osbench>
services.prometheus.exporters.osbench.tests.create_threads.cronInterval

Date and time expression in a crontab format for when to run the test

Type: string

Default: "*/1 * * * *"

Declared by:

<vpsadminos/os/modules/services/monitoring/prometheus/osbench>
services.prometheus.exporters.osbench.tests.launch_programs.enable

Enable osbench test launch_programs

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/services/monitoring/prometheus/osbench>
services.prometheus.exporters.osbench.tests.launch_programs.cronInterval

Date and time expression in a crontab format for when to run the test

Type: string

Default: "*/1 * * * *"

Declared by:

<vpsadminos/os/modules/services/monitoring/prometheus/osbench>
services.prometheus.exporters.osbench.tests.mem_alloc.enable

Enable osbench test mem_alloc

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/services/monitoring/prometheus/osbench>
services.prometheus.exporters.osbench.tests.mem_alloc.cronInterval

Date and time expression in a crontab format for when to run the test

Type: string

Default: "*/1 * * * *"

Declared by:

<vpsadminos/os/modules/services/monitoring/prometheus/osbench>
services.rpcbind.enable

Whether to enable Enable rpcbind service.

Type: boolean

Default: false

Example: true

Declared by:

<vpsadminos/os/modules/services/networking/rpcbind.nix>
services.rsyslogd.extraConfig

Additional text to append to syslog.conf

Type: string

Default: ""

Example: "news.* -/var/log/news"

Declared by:

<vpsadminos/os/modules/services/logging/rsyslog.nix>
services.rsyslogd.forward

Forward logs over TCP to a set of hosts

Type: list of string

Default: [ ]

Example: [ "10.0.0.1:11514" ]

Declared by:

<vpsadminos/os/modules/services/logging/rsyslog.nix>
services.rsyslogd.hostName

Optional hostname

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/services/logging/rsyslog.nix>
services.samba

Type: unspecified value

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
services.sshd.enable

Type: boolean

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
services.sssd

Type: unspecified value

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
services.udev.packages

List of packages containing udev rules.

Type: list of path

Default: [ ]

Declared by:

<vpsadminos/os/modules/services/hardware/eudev.nix>
services.udev.extraRules

Additional udev rules

Type: strings concatenated with "\n"

Default: ""

Example:

''
KERNEL=="eth*", ATTR{address}=="00:1D:60:B9:6D:4F", NAME="my_fast_network_card"
''

Declared by:

<vpsadminos/os/modules/services/hardware/eudev.nix>
services.udev.path

Packages added to the PATH environment variable when executing programs from Udev rules.

Type: list of path

Default: [ ]

Declared by:

<vpsadminos/os/modules/services/hardware/eudev.nix>
services.xserver

Type: unspecified value

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
services.zfs.autoScrub.enable

Enables periodic scrubbing of ZFS pools.

Type: boolean

Default: false

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
services.zfs.autoScrub.pauseIntervals

Date and time expression for when to pause a running scrub in a crontab format, i.e. minute, hour, day of month, month and day of month separated by spaces.

Type: list of string

Default: [ ]

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
services.zfs.autoScrub.pools

List of ZFS pools to periodically scrub. If empty, all pools will be scrubbed.

Type: list of string

Default: [ ]

Example: [ "tank" ]

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
services.zfs.autoScrub.resumeIntervals

Date and time expression for when to resume a paused scrub in a crontab format, i.e. minute, hour, day of month, month and day of month separated by spaces.

Type: list of string

Default: [ ]

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
services.zfs.autoScrub.startIntervals

Date and time expression for when to scrub the pool in a crontab format, i.e. minute, hour, day of month, month and day of month separated by spaces.

Type: list of string

Default: [ ]

Declared by:

<vpsadminos/os/modules/tasks/filesystems/zfs>
services.znapzend.enable

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.autoCreation

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.features.compressed

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.features.lowmemRecurse

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.features.oracleMode

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.features.recvu

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.features.sendRaw

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.features.skipIntermediates

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.features.zfsGetType

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.logLevel

Type: one of "debug", "info", "warning", "err", "alert"

Default: "debug"

Example: "warning"

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.logTo

Type: string

Default: "syslog::daemon"

Example: "/var/log/znapzend.log"

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.noDestroy

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.pure

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.zetup

Type: attribute set of (submodule)

Default: { }

Example:

{
  "tank/home" = {
    # Make snapshots of tank/home every hour, keep those for 1 day,
    # keep every days snapshot for 1 month, etc.
    plan = "1d=>1h,1m=>1d,1y=>1m";
    recursive = true;
    # Send all those snapshots to john@example.com:rtank/john as well
    destinations.remote = {
      host = "john@example.com";
      dataset = "rtank/john";
    };
  };
};

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.zetup.<name>.enable

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.zetup.<name>.dataset

Type: string

Example: "tank/home"

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.zetup.<name>.destinations

Type: attribute set of (submodule)

Default: { }

Example:

{
  local = {
    dataset = "btank/backup";
    presend = "zpool import -N btank";
    postsend = "zpool export btank";
  };
  remote = {
    host = "john@example.com";
    dataset = "tank/john";
  };
};

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.zetup.<name>.destinations.<name>.dataset

Type: string

Example: "tank/main"

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.zetup.<name>.destinations.<name>.host

Type: null or string

Default: null

Example: "john@example.com"

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.zetup.<name>.destinations.<name>.label

Type: string

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.zetup.<name>.destinations.<name>.plan

Type: string

Example: "1h=>10min,1d=>1h,1w=>1d,1m=>1w,1y=>1m"

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.zetup.<name>.destinations.<name>.postsend

Type: null or string

Default: null

Example: "ssh root@bserv zpool export tank"

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.zetup.<name>.destinations.<name>.presend

Type: null or string

Default: null

Example: "ssh root@bserv zpool import -Nf tank"

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.zetup.<name>.mbuffer.enable

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.zetup.<name>.mbuffer.port

Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: null

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.zetup.<name>.mbuffer.size

Type: string of the form number{b|k|M|G}

Default: "1G"

Example: "128M"

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.zetup.<name>.plan

Type: string

Example: "1h=>10min,1d=>1h,1w=>1d,1m=>1w,1y=>1m"

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.zetup.<name>.postsnap

Type: null or string

Default: null

Example:

"${pkgs.coreutils}/bin/kill `${pkgs.coreutils}/bin/cat /tmp/mariadblock.pid`;${pkgs.coreutils}/bin/rm /tmp/mariadblock.pid"

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.zetup.<name>.presnap

Type: null or string

Default: null

Example:

''${pkgs.mariadb}/bin/mysql -e "set autocommit=0;flush tables with read lock;\\! ${pkgs.coreutils}/bin/sleep 600" &  ${pkgs.coreutils}/bin/echo $! > /tmp/mariadblock.pid ; sleep 10''

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.zetup.<name>.recursive

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.zetup.<name>.sendDelay

Type: signed integer

Default: 0

Example: 60

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
services.znapzend.zetup.<name>.timestampFormat

Type: string containing all of the characters %Y, %m, %d, %H, %M, %S

Default: "%Y-%m-%d-%H%M%S"

Example: "znapzend-%m.%d.%Y-%H%M%SZ"

Declared by:

<nixpkgs/nixos/modules/services/backup/znapzend.nix>
swapDevices

Type: list of (submodule)

Default: [ ]

Example: [ { device = "/dev/hda7"; } { device = "/var/swapfile"; } { label = "bigswap"; } ]

Declared by:

<nixpkgs/nixos/modules/config/swap.nix>
swapDevices.*.device

Type: string

Example: "/dev/sda3"

Declared by:

<nixpkgs/nixos/modules/config/swap.nix>
swapDevices.*.discardPolicy

Type: null or one of "once", "pages", "both"

Default: null

Example: "once"

Declared by:

<nixpkgs/nixos/modules/config/swap.nix>
swapDevices.*.label

Type: string

Example: "swap"

Declared by:

<nixpkgs/nixos/modules/config/swap.nix>
swapDevices.*.options

Type: list of non-empty string

Default: [ "defaults" ]

Example: [ "nofail" ]

Declared by:

<nixpkgs/nixos/modules/config/swap.nix>
swapDevices.*.priority

Type: null or signed integer

Default: null

Example: 2048

Declared by:

<nixpkgs/nixos/modules/config/swap.nix>
swapDevices.*.randomEncryption

Type: (submodule) or boolean convertible to it

Default: false

Example: { cipher = "serpent-xts-plain64"; enable = true; source = "/dev/random"; }

Declared by:

<nixpkgs/nixos/modules/config/swap.nix>
swapDevices.*.randomEncryption.enable

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/swap.nix>
swapDevices.*.randomEncryption.allowDiscards

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/swap.nix>
swapDevices.*.randomEncryption.cipher

Type: string

Default: "aes-xts-plain64"

Example: "serpent-xts-plain64"

Declared by:

<nixpkgs/nixos/modules/config/swap.nix>
swapDevices.*.randomEncryption.source

Type: string

Default: "/dev/urandom"

Example: "/dev/random"

Declared by:

<nixpkgs/nixos/modules/config/swap.nix>
swapDevices.*.size

Type: null or signed integer

Default: null

Example: 2048

Declared by:

<nixpkgs/nixos/modules/config/swap.nix>
system.activationScripts

Type: attribute set of (string or (submodule))

Default: { }

Example:

{ stdio.text =
  ''
    # Needed by some programs.
    ln -sfn /proc/self/fd /dev/fd
    ln -sfn /proc/self/fd/0 /dev/stdin
    ln -sfn /proc/self/fd/1 /dev/stdout
    ln -sfn /proc/self/fd/2 /dev/stderr
  '';
}

Declared by:

<nixpkgs/nixos/modules/system/activation/activation-script.nix>
system.boot.restrict-proc-sysfs.enable

Restrict access to proc, sysfs and any other filesystem contents

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/system/boot/restrict-proc-sysfs>
system.boot.restrict-proc-sysfs.config

Config passed to ./restrict-dirs.rb Each line represents a rule for a path. The first word is a command, the second word is the path. The command can be one of: restrict, skip and grant. Empty lines and lines beginning with a hash are ignored. restrict is used to deny access from containers to the path, skip does not change the access mode and grant will give read-write access to containers and all their users, even unprivileged ones. The path can contain patterns, which are expanded. Rules are evaluated from the top. There can be more than one rule for one path, the last rule will be used. This makes it possible to e.g. use wildcards with exceptions: restrict /sys/class/* skip /sys/class/net The rules above will restrict access to the contents of /sys/class, except for directory /sys/class/net.

Type: strings concatenated with "\n"

Default:

''
restrict   /proc/bus
restrict   /proc/interrupts
restrict   /proc/sched_debug
restrict   /proc/spl
restrict   /sys/block
restrict   /sys/bus/*
skip       /sys/bus/pci
restrict   /sys/class/*
skip       /sys/class/dmi
skip       /sys/class/mem
skip       /sys/class/misc
skip       /sys/class/net
skip       /sys/class/pci_bus
skip       /sys/class/tty
skip       /sys/dev/block
restrict   /sys/devices/*
skip       /sys/devices/pci*
skip       /sys/devices/system
restrict   /sys/devices/system/*
skip       /sys/devices/system/cpu
skip       /sys/devices/system/node
skip       /sys/devices/virtual
restrict   /sys/devices/virtual/*
skip       /sys/devices/virtual/dmi
skip       /sys/devices/virtual/mem
skip       /sys/devices/virtual/misc
skip       /sys/devices/virtual/net
skip       /sys/devices/virtual/tty
restrict   /sys/firmware
restrict   /sys/module/*/sections
grant      /sys/module/nf_conntrack/parameters/*
restrict   /sys/power
''

Declared by:

<vpsadminos/os/modules/system/boot/restrict-proc-sysfs>
system.build

Type: lazy attribute set of unspecified value

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/build.nix>
system.extraDependencies

A list of packages that should be included in the system closure but not otherwise made available to users. This is primarily used by the installation tests.

Type: list of package

Default: [ ]

Declared by:

<vpsadminos/os/modules/system/activation/top-level.nix>
system.nssDatabases.group

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/config/nsswitch.nix>
system.nssDatabases.hosts

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/config/nsswitch.nix>
system.nssDatabases.passwd

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/config/nsswitch.nix>
system.nssDatabases.services

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/config/nsswitch.nix>
system.nssDatabases.shadow

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/config/nsswitch.nix>
system.osCodeName

The vpsAdminOS release code name (e.g. Emu).

Type: string (read only)

Declared by:

<vpsadminos/os/modules/misc/version.nix>
system.osLabel

Label to be used in the names of generated outputs and boot labels.

Type: string

Declared by:

<vpsadminos/os/modules/misc/version.nix>
system.osRelease

The vpsAdminOS release (e.g. 16.03).

Type: string (read only)

Default: "22.11.0"

Declared by:

<vpsadminos/os/modules/misc/version.nix>
system.secretsDir

Path to a directory containing secret keys and other files that should not be stored in the Nix store. The directory's base name has to be secrets. If the sandbox is enabled (nix.useSandbox = true;) on the build machine, you need to add your directory with secrets to nix.sandboxPaths and then set this option to the path within the sandbox. For example, if your secrets on the build machine are stored in /home/vpsadminos/secrets, you could set nix.sandboxPaths = [ "/secrets=/home/vpsadminos/secrets" ]; on the build machine and system.secretsDir = "/secrets"; in vpsAdminOS config.

Type: null or string

Default: null

Declared by:

<vpsadminos/os/modules/system/activation/secrets.nix>
system.stateVersion

Every once in a while, a new vpsAdminOS release may change configuration defaults in a way incompatible with stateful data. For instance, if the default version of PostgreSQL changes, the new version will probably be unable to read your existing databases. To prevent such breakage, you can set the value of this option to the vpsAdminOS release with which you want to be compatible. The effect is that vpsAdminOS will option defaults corresponding to the specified release (such as using an older version of PostgreSQL).

Type: string

Default: "22.11.0"

Declared by:

<vpsadminos/os/modules/misc/version.nix>
system.storeOverlaySize

Size of the tmpfs filesystems used as an overlay for /nix/store. See option size in man tmpfs(5) for possible values.

Type: string

Default: "2G"

Declared by:

<vpsadminos/os/modules/system/activation/top-level.nix>
system.userActivationScripts

Type: attribute set of (string or (submodule))

Default: { }

Example:

{ plasmaSetup = {
    text = ''
      ${pkgs.libsForQt5.kservice}/bin/kbuildsycoca5"
    '';
    deps = [];
  };
}

Declared by:

<nixpkgs/nixos/modules/system/activation/activation-script.nix>
systemd.package

Type: unspecified value

Default: "/not-on-vpsadminos"

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
systemd.packages

Type: unspecified value

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
systemd.globalEnvironment

Type: unspecified value

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
systemd.services

Type: attribute set of unspecified value

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
systemd.sockets

Type: unspecified value

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
systemd.targets

Type: unspecified value

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
systemd.tmpfiles

Type: unspecified value

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
systemd.user

Type: unspecified value

Declared by:

<vpsadminos/os/modules/nixos-compat.nix>
time.hardwareClockInLocalTime

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/locale.nix>
time.timeZone

Type: null or string without spaces

Default: null

Example: "America/New_York"

Declared by:

<nixpkgs/nixos/modules/config/locale.nix>
tty.autologin.enable

Whether to enable Enable autologin on ttys.

Type: boolean

Default: false

Example: true

Declared by:

<vpsadminos/os/modules/services/ttys/agetty.nix>
tty.autologin.user

Autologin user

Type: string

Default: "root"

Declared by:

<vpsadminos/os/modules/services/ttys/agetty.nix>
tty.spawnSerial

Number of serial TTYs (STTYs) spawned (for /dev/ttyS0)

Type: integer between 0 and 10 (both inclusive)

Default: 1

Declared by:

<vpsadminos/os/modules/services/ttys/agetty.nix>
tty.spawnStandard

Number of TTYs spawned, set to 0 to disable

Type: integer between 0 and 10 (both inclusive)

Default: 4

Declared by:

<vpsadminos/os/modules/services/ttys/agetty.nix>
users.allowNoPasswordLogin

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.defaultUserShell

Type: path or package

Example: pkgs.zsh

Declared by:

<nixpkgs/nixos/modules/programs/shadow.nix>
users.enforceIdUniqueness

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraGroups

Type: attribute set of (submodule)

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraGroups.<name>.gid

Type: null or signed integer

Default: null

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraGroups.<name>.members

Type: list of string, not containing newlines or colons

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraGroups.<name>.name

Type: string, not containing newlines or colons

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers

Type: attribute set of (submodule)

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.packages

Type: list of package

Default: [ ]

Example: [ pkgs.firefox pkgs.thunderbird ]

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.autoSubUidGidRange

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.createHome

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.cryptHomeLuks

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.description

Type: string, not containing newlines or colons

Default: ""

Example: "Alice Q. User"

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.extraGroups

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.group

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.hashedPassword

Type: null or string, not containing newlines or colons

Default: null

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.home

Type: path, not containing newlines or colons

Default: "/var/empty"

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.homeMode

Type: string matching the pattern [0-7]{1,5}

Default: "700"

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.initialHashedPassword

Type: null or string, not containing newlines or colons

Default: null

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.initialPassword

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.isNormalUser

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.isSystemUser

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.name

Type: string, not containing newlines or colons

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.openssh.authorizedKeys.keyFiles

Type: list of path

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
users.extraUsers.<name>.openssh.authorizedKeys.keys

Type: list of (optionally newline-terminated) single-line string

Default: [ ]

Example: [ "ssh-rsa AAAAB3NzaC1yc2etc/etc/etcjwrsh8e596z6J0l7 example@host" "ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ foo@bar" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
users.extraUsers.<name>.pamMount

Type: attribute set of string

Default: { }

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.password

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.passwordFile

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.shell

Type: null or package or path, not containing newlines or colons

Default: pkgs.shadow

Example: pkgs.bashInteractive

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.subGidRanges

Type: list of (submodule)

Default: [ ]

Example: [ { count = 1; startGid = 100; } { count = 999; startGid = 1001; } ]

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.subGidRanges.*.count

Type: signed integer

Default: 1

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.subGidRanges.*.startGid

Type: signed integer

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.subUidRanges

Type: list of (submodule)

Default: [ ]

Example: [ { count = 1; startUid = 1000; } { count = 65534; startUid = 100001; } ]

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.subUidRanges.*.count

Type: signed integer

Default: 1

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.subUidRanges.*.startUid

Type: signed integer

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.uid

Type: null or signed integer

Default: null

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.extraUsers.<name>.useDefaultShell

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.groups

Type: attribute set of (submodule)

Default: { }

Example: { hackers = { } ; students = { gid = 1001; } ; }

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.groups.<name>.gid

Type: null or signed integer

Default: null

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.groups.<name>.members

Type: list of string, not containing newlines or colons

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.groups.<name>.name

Type: string, not containing newlines or colons

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.ldap.enable

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.base

Type: string

Example: "dc=example,dc=org"

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.bind.distinguishedName

Type: string

Default: ""

Example: "cn=admin,dc=example,dc=com"

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.bind.passwordFile

Type: string

Default: "/etc/ldap/bind.password"

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.bind.policy

Type: one of "hard_open", "hard_init", "soft"

Default: "hard_open"

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.bind.timeLimit

Type: signed integer

Default: 30

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.daemon.enable

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.daemon.extraConfig

Type: strings concatenated with "\n"

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.daemon.rootpwmoddn

Type: string

Default: ""

Example: "cn=admin,dc=example,dc=com"

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.daemon.rootpwmodpwFile

Type: string

Default: ""

Example: "/run/keys/nslcd.rootpwmodpw"

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.extraConfig

Type: strings concatenated with "\n"

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.loginPam

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.nsswitch

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.server

Type: string

Example: "ldap://ldap.example.org/"

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.timeLimit

Type: signed integer

Default: 0

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.ldap.useTLS

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/ldap.nix>
users.motd

Type: null or strings concatenated with "\n"

Default: null

Example: "Today is Sweetmorn, the 4th day of The Aftermath in the YOLD 3178."

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
users.mutableUsers

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.mysql.enable

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.database

Type: string

Example: "auth"

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.host

Type: string

Example: "localhost"

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.nss

Type: submodule

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.nss.getgrent

Type: null or string

Default: null

Example:

SELECT name,password,gid FROM groups

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.nss.getgrgid

Type: null or string

Default: null

Example:

SELECT name,password,gid FROM groups WHERE gid='%1$u' LIMIT 1

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.nss.getgrnam

Type: null or string

Default: null

Example:

SELECT name,password,gid FROM groups WHERE name='%1$s' LIMIT 1

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.nss.getpwent

Type: null or string

Default: null

Example:

SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' FROM users

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.nss.getpwnam

Type: null or string

Default: null

Example:

SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' \
FROM users \
WHERE username='%1$s' \
LIMIT 1

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.nss.getpwuid

Type: null or string

Default: null

Example:

SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' \
FROM users \
WHERE uid='%1$u' \
LIMIT 1

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.nss.getspent

Type: null or string

Default: null

Example:

SELECT username,password,'1','0','99999','0','0','-1','0' FROM users

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.nss.getspnam

Type: null or string

Default: null

Example:

SELECT username,password,'1','0','99999','0','0','-1','0' \
FROM users \
WHERE username='%1$s' \
LIMIT 1

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.nss.gidsbymem

Type: null or string

Default: null

Example:

SELECT gid FROM grouplist WHERE username='%1$s'

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.nss.memsbygid

Type: null or string

Default: null

Example:

SELECT username FROM grouplist WHERE gid='%1$u'

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.pam

Type: submodule

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.pam.cryptDefault

Type: null or one of "md5", "sha256", "sha512", "blowfish"

Default: null

Example: "blowfish"

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.pam.disconnectEveryOperation

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.pam.logging.enable

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.pam.logging.hostColumn

Type: string

Example: "host"

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.pam.logging.msgColumn

Type: string

Example: "msg"

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.pam.logging.pidColumn

Type: string

Example: "pid"

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.pam.logging.rHostColumn

Type: string

Example: "rhost"

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.pam.logging.table

Type: string

Example: "logs"

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.pam.logging.timeColumn

Type: string

Example: "timestamp"

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.pam.logging.userColumn

Type: string

Example: "user"

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.pam.passwordColumn

Type: string

Example: "password"

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.pam.passwordCrypt

Type: one of "0", "plain", "1", "Y", "2", "mysql", "3", "md5", "4", "sha1", "5", "drupal7", "6", "joomla15", "7", "ssha", "8", "sha512", "9", "sha256"

Example: "2"

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.pam.statusColumn

Type: null or string

Default: null

Example: "status"

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.pam.table

Type: string

Example: "users"

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.pam.updateTable

Type: null or string

Default: null

Example: "users_updates"

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.pam.userColumn

Type: string

Example: "username"

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.pam.verbose

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.pam.where

Type: null or string

Default: null

Example: "host.name='web' AND user.active=1"

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.passwordFile

Type: path

Example: "/run/secrets/mysql-auth-db-passwd"

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.mysql.user

Type: string

Example: "nss-user"

Declared by:

<nixpkgs/nixos/modules/config/mysql.nix>
users.users

Type: attribute set of (submodule)

Default: { }

Example: { alice = { createHome = true; description = "Alice Q. User"; extraGroups = [ "wheel" ] ; group = "users"; home = "/home/alice"; shell = "/bin/sh"; uid = 1234; } ; }

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
users.users.<name>.packages

Type: list of package

Default: [ ]

Example: [ pkgs.firefox pkgs.thunderbird ]

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.autoSubUidGidRange

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.createHome

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.cryptHomeLuks

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.description

Type: string, not containing newlines or colons

Default: ""

Example: "Alice Q. User"

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.extraGroups

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.group

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.hashedPassword

Type: null or string, not containing newlines or colons

Default: null

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.home

Type: path, not containing newlines or colons

Default: "/var/empty"

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.homeMode

Type: string matching the pattern [0-7]{1,5}

Default: "700"

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.initialHashedPassword

Type: null or string, not containing newlines or colons

Default: null

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.initialPassword

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.isNormalUser

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.isSystemUser

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.name

Type: string, not containing newlines or colons

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.openssh.authorizedKeys.keyFiles

Type: list of path

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
users.users.<name>.openssh.authorizedKeys.keys

Type: list of (optionally newline-terminated) single-line string

Default: [ ]

Example: [ "ssh-rsa AAAAB3NzaC1yc2etc/etc/etcjwrsh8e596z6J0l7 example@host" "ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ foo@bar" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
users.users.<name>.pamMount

Type: attribute set of string

Default: { }

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.password

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.passwordFile

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.shell

Type: null or package or path, not containing newlines or colons

Default: pkgs.shadow

Example: pkgs.bashInteractive

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.subGidRanges

Type: list of (submodule)

Default: [ ]

Example: [ { count = 1; startGid = 100; } { count = 999; startGid = 1001; } ]

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.subGidRanges.*.count

Type: signed integer

Default: 1

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.subGidRanges.*.startGid

Type: signed integer

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.subUidRanges

Type: list of (submodule)

Default: [ ]

Example: [ { count = 1; startUid = 1000; } { count = 65534; startUid = 100001; } ]

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.subUidRanges.*.count

Type: signed integer

Default: 1

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.subUidRanges.*.startUid

Type: signed integer

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.uid

Type: null or signed integer

Default: null

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
users.users.<name>.useDefaultShell

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
virtualisation.lxc.enable

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/virtualisation/lxc.nix>
virtualisation.lxc.defaultConfig

Type: strings concatenated with "\n"

Default: ""

Declared by:

<nixpkgs/nixos/modules/virtualisation/lxc.nix>
virtualisation.lxc.lxcfs.enable

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/virtualisation/lxcfs.nix>
virtualisation.lxc.systemConfig

Type: strings concatenated with "\n"

Default: ""

Declared by:

<nixpkgs/nixos/modules/virtualisation/lxc.nix>
virtualisation.lxc.usernetConfig

Type: strings concatenated with "\n"

Default: ""

Declared by:

<nixpkgs/nixos/modules/virtualisation/lxc.nix>
vpsadminos.nix

enable nix-daemon and a writeable store

Type: boolean

Default: true

Declared by:

<vpsadminos/os/modules/system/activation/top-level.nix>