{"appstream.enable": {"declarations": ["nixos/modules/config/appstream.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Whether to install files to support the\n[AppStream metadata specification](https://www.freedesktop.org/software/appstream/docs/index.html).\n"}, "loc": ["appstream", "enable"], "readOnly": false, "type": "boolean"}, "boot.binfmt.emulatedSystems": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "List of systems to emulate. Will also configure Nix to\nsupport your new systems.\nWarning: the builder can execute all emulated systems within the same build, which introduces impurities in the case of cross compilation.\n"}, "example": {"_type": "literalExpression", "text": "[\n \"wasm32-wasi\"\n \"x86_64-windows\"\n \"aarch64-linux\"\n]"}, "loc": ["boot", "binfmt", "emulatedSystems"], "readOnly": false, "type": "list of string"}, "boot.binfmt.registrations": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Extra binary formats to register with the kernel.\nSee https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html for more details.\n"}, "loc": ["boot", "binfmt", "registrations"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.binfmt.registrations..fixBinary": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to open the interpreter file as soon as the\nregistration is loaded, rather than waiting for a\nrelevant file to be invoked.\n\nSee the description of the 'F' flag in the kernel docs\nfor more details.\n"}, "loc": ["boot", "binfmt", "registrations", "", "fixBinary"], "readOnly": false, "type": "boolean"}, "boot.binfmt.registrations..interpreter": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "description": {"_type": "mdDoc", "text": "The interpreter to invoke to run the program.\n\nNote that the actual registration will point to\n/run/binfmt/${name}, so the kernel interpreter length\nlimit doesn't apply.\n"}, "loc": ["boot", "binfmt", "registrations", "", "interpreter"], "readOnly": false, "type": "path"}, "boot.binfmt.registrations..magicOrExtension": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "description": {"_type": "mdDoc", "text": "The magic number or extension to match on."}, "loc": ["boot", "binfmt", "registrations", "", "magicOrExtension"], "readOnly": false, "type": "string"}, "boot.binfmt.registrations..mask": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "A mask to be ANDed with the byte sequence of the file before matching"}, "loc": ["boot", "binfmt", "registrations", "", "mask"], "readOnly": false, "type": "null or string"}, "boot.binfmt.registrations..matchCredentials": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to launch with the credentials and security\ntoken of the binary, not the interpreter (e.g. setuid\nbit).\n\nSee the description of the 'C' flag in the kernel docs\nfor more details.\n\nImplies/requires openBinary = true.\n"}, "loc": ["boot", "binfmt", "registrations", "", "matchCredentials"], "readOnly": false, "type": "boolean"}, "boot.binfmt.registrations..offset": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "The byte offset of the magic number used for recognition."}, "loc": ["boot", "binfmt", "registrations", "", "offset"], "readOnly": false, "type": "null or signed integer"}, "boot.binfmt.registrations..openBinary": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to pass the binary to the interpreter as an open\nfile descriptor, instead of a path.\n"}, "loc": ["boot", "binfmt", "registrations", "", "openBinary"], "readOnly": false, "type": "boolean"}, "boot.binfmt.registrations..preserveArgvZero": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to pass the original argv[0] to the interpreter.\n\nSee the description of the 'P' flag in the kernel docs\nfor more details;\n"}, "loc": ["boot", "binfmt", "registrations", "", "preserveArgvZero"], "readOnly": false, "type": "boolean"}, "boot.binfmt.registrations..recognitionType": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "default": {"_type": "literalExpression", "text": "\"magic\""}, "description": {"_type": "mdDoc", "text": "Whether to recognize executables by magic number or extension."}, "loc": ["boot", "binfmt", "registrations", "", "recognitionType"], "readOnly": false, "type": "one of \"magic\", \"extension\""}, "boot.binfmt.registrations..wrapInterpreterInShell": {"declarations": ["nixos/modules/system/boot/binfmt.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Whether to wrap the interpreter in a shell script.\n\nThis allows a shell command to be set as the interpreter.\n"}, "loc": ["boot", "binfmt", "registrations", "", "wrapInterpreterInShell"], "readOnly": false, "type": "boolean"}, "boot.blacklistedKernelModules": {"declarations": ["nixos/modules/system/boot/modprobe.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "List of names of kernel modules that should not be loaded\nautomatically by the hardware probing code.\n"}, "example": {"_type": "literalExpression", "text": "[\n \"cirrusfb\"\n \"i2c_piix4\"\n]"}, "loc": ["boot", "blacklistedKernelModules"], "readOnly": false, "type": "list of string"}, "boot.bootspec.enableValidation": {"declarations": ["nixos/modules/system/activation/bootspec.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to enable the validation of bootspec documents for each build.\n This will introduce Go in the build-time closure as we are relying on [Cuelang](https://cuelang.org/) for schema validation.\n Enable this option if you want to ascertain that your documents are correct.\n."}, "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "bootspec", "enableValidation"], "readOnly": false, "type": "boolean"}, "boot.bootspec.extensions": {"declarations": ["nixos/modules/system/activation/bootspec.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "User-defined data that extends the bootspec document.\n\nTo reduce incompatibility and prevent names from clashing\nbetween applications, it is **highly recommended** to use a\nunique namespace for your extensions.\n"}, "loc": ["boot", "bootspec", "extensions"], "readOnly": false, "type": "attribute set of anything"}, "boot.consoleLogLevel": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "4"}, "description": {"_type": "mdDoc", "text": "The kernel console `loglevel`. All Kernel Messages with a log level smaller\nthan this setting will be printed to the console.\n"}, "loc": ["boot", "consoleLogLevel"], "readOnly": false, "type": "signed integer"}, "boot.crashDump.enable": {"declarations": ["nixos/modules/misc/crashdump.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "If enabled, NixOS will set up a kernel that will\nboot on crash, and leave the user in systemd rescue\nto be able to save the crashed kernel dump at\n/proc/vmcore.\nIt also activates the NMI watchdog.\n"}, "loc": ["boot", "crashDump", "enable"], "readOnly": false, "type": "boolean"}, "boot.crashDump.kernelParams": {"declarations": ["nixos/modules/misc/crashdump.nix"], "default": {"_type": "literalExpression", "text": "[\n \"1\"\n \"boot.shell_on_fail\"\n]"}, "description": {"_type": "mdDoc", "text": "Parameters that will be passed to the kernel kexec-ed on crash.\n"}, "loc": ["boot", "crashDump", "kernelParams"], "readOnly": false, "type": "list of string"}, "boot.crashDump.reservedMemory": {"declarations": ["nixos/modules/misc/crashdump.nix"], "default": {"_type": "literalExpression", "text": "\"128M\""}, "description": {"_type": "mdDoc", "text": "The amount of memory reserved for the crashdump kernel.\nIf you choose a too high value, dmesg will mention\n\"crashkernel reservation failed\".\n"}, "loc": ["boot", "crashDump", "reservedMemory"], "readOnly": false, "type": "string"}, "boot.devShmSize": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "\"50%\""}, "description": {"_type": "mdDoc", "text": "Size limit for the /dev/shm tmpfs. Look at mount(8), tmpfs size option,\nfor the accepted syntax.\n"}, "example": {"_type": "literalExpression", "text": "\"256m\""}, "loc": ["boot", "devShmSize"], "readOnly": false, "type": "string"}, "boot.devSize": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "\"5%\""}, "description": {"_type": "mdDoc", "text": "Size limit for the /dev tmpfs. Look at mount(8), tmpfs size option,\nfor the accepted syntax.\n"}, "example": {"_type": "literalExpression", "text": "\"32m\""}, "loc": ["boot", "devSize"], "readOnly": false, "type": "string"}, "boot.enableContainers": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Whether to enable support for NixOS containers. Defaults to true\n(at no cost if containers are not actually used).\n"}, "loc": ["boot", "enableContainers"], "readOnly": false, "type": "boolean"}, "boot.extraModprobeConfig": {"declarations": ["nixos/modules/system/boot/modprobe.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Any additional configuration to be appended to the generated\n{file}`modprobe.conf`. This is typically used to\nspecify module options. See\n{manpage}`modprobe.d(5)` for details.\n"}, "example": {"_type": "literalExpression", "text": "''\n options parport_pc io=0x378 irq=7 dma=1\n''"}, "loc": ["boot", "extraModprobeConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.extraModulePackages": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "A list of additional packages supplying kernel modules."}, "example": {"_type": "literalExpression", "text": "[ config.boot.kernelPackages.nvidia_x11 ]"}, "loc": ["boot", "extraModulePackages"], "readOnly": false, "type": "list of package"}, "boot.extraSystemdUnitPaths": {"declarations": ["nixos/modules/system/boot/stage-2.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Additional paths that get appended to the SYSTEMD_UNIT_PATH environment variable\nthat can contain mutable unit files.\n"}, "loc": ["boot", "extraSystemdUnitPaths"], "readOnly": false, "type": "list of string"}, "boot.growPartition": {"declarations": ["nixos/modules/system/boot/grow-partition.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to enable grow the root partition on boot."}, "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "growPartition"], "readOnly": false, "type": "boolean"}, "boot.hardwareScan": {"declarations": ["nixos/modules/services/hardware/udev.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Whether to try to load kernel modules for all detected hardware.\nUsually this does a good job of providing you with the modules\nyou need, but sometimes it can crash the system or cause other\nnasty effects.\n"}, "loc": ["boot", "hardwareScan"], "readOnly": false, "type": "boolean"}, "boot.initrd.availableKernelModules": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "The set of kernel modules in the initial ramdisk used during the\nboot process. This set must include all modules necessary for\nmounting the root device. That is, it should include modules\nfor the physical device (e.g., SCSI drivers) and for the file\nsystem (e.g., ext3). The set specified here is automatically\nclosed under the module dependency relation, i.e., all\ndependencies of the modules list here are included\nautomatically. The modules listed here are available in the\ninitrd, but are only loaded on demand (e.g., the ext3 module is\nloaded automatically when an ext3 filesystem is mounted, and\nmodules for PCI devices are loaded when they match the PCI ID\nof a device in your system). To force a module to be loaded,\ninclude it in {option}`boot.initrd.kernelModules`.\n"}, "example": {"_type": "literalExpression", "text": "[\n \"sata_nv\"\n \"ext3\"\n]"}, "loc": ["boot", "initrd", "availableKernelModules"], "readOnly": false, "type": "list of string"}, "boot.initrd.checkJournalingFS": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Whether to run {command}`fsck` on journaling filesystems such as ext3.\n"}, "loc": ["boot", "initrd", "checkJournalingFS"], "readOnly": false, "type": "boolean"}, "boot.initrd.compressor": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalMD", "text": "`zstd` if the kernel supports it (5.9+), `gzip` if not"}, "description": {"_type": "mdDoc", "text": "The compressor to use on the initrd image. May be any of:\n\n- The name of one of the predefined compressors, see {file}`pkgs/build-support/kernel/initrd-compressor-meta.nix` for the definitions.\n- A function which, given the nixpkgs package set, returns the path to a compressor tool, e.g. `pkgs: \"${pkgs.pigz}/bin/pigz\"`\n- (not recommended, because it does not work when cross-compiling) the full path to a compressor tool, e.g. `\"${pkgs.pigz}/bin/pigz\"`\n\nThe given program should read data from stdin and write it to stdout compressed.\n"}, "example": {"_type": "literalExpression", "text": "\"xz\""}, "loc": ["boot", "initrd", "compressor"], "readOnly": false, "type": "string or function that evaluates to a(n) string"}, "boot.initrd.compressorArgs": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Arguments to pass to the compressor for the initrd image, or null to use the compressor's defaults."}, "loc": ["boot", "initrd", "compressorArgs"], "readOnly": false, "type": "null or (list of string)"}, "boot.initrd.enable": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "!config.boot.isContainer"}, "description": {"_type": "mdDoc", "text": "Whether to enable the NixOS initial RAM disk (initrd). This may be\nneeded to perform some initialisation tasks (like mounting\nnetwork/encrypted file systems) before continuing the boot process.\n"}, "loc": ["boot", "initrd", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.extraFiles": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Extra files to link and copy in to the initrd.\n"}, "loc": ["boot", "initrd", "extraFiles"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.extraFiles..source": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "description": {"_type": "mdDoc", "text": "The object to make available inside the initrd."}, "loc": ["boot", "initrd", "extraFiles", "", "source"], "readOnly": false, "type": "package"}, "boot.initrd.includeDefaultModules": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "This option, if set, adds a collection of default kernel modules\nto {option}`boot.initrd.availableKernelModules` and\n{option}`boot.initrd.kernelModules`.\n"}, "loc": ["boot", "initrd", "includeDefaultModules"], "readOnly": false, "type": "boolean"}, "boot.initrd.kernelModules": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "List of modules that are always loaded by the initrd."}, "loc": ["boot", "initrd", "kernelModules"], "readOnly": false, "type": "list of string"}, "boot.initrd.luks.cryptoModules": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "[\n \"aes\"\n \"aes_generic\"\n \"blowfish\"\n \"twofish\"\n \"serpent\"\n \"cbc\"\n \"xts\"\n \"lrw\"\n \"sha1\"\n \"sha256\"\n \"sha512\"\n \"af_alg\"\n \"algif_skcipher\"\n]"}, "description": {"_type": "mdDoc", "text": "A list of cryptographic kernel modules needed to decrypt the root device(s).\nThe default includes all common modules.\n"}, "loc": ["boot", "initrd", "luks", "cryptoModules"], "readOnly": false, "type": "list of string"}, "boot.initrd.luks.devices": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "The encrypted disk that should be opened before the root\nfilesystem is mounted. Both LVM-over-LUKS and LUKS-over-LVM\nsetups are supported. The unencrypted devices can be accessed as\n{file}`/dev/mapper/\u00abname\u00bb`.\n"}, "example": {"_type": "literalExpression", "text": "{\n luksroot = {\n device = \"/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08\";\n };\n}"}, "loc": ["boot", "initrd", "luks", "devices"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.luks.devices..allowDiscards": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to allow TRIM requests to the underlying device. This option\nhas security implications; please read the LUKS documentation before\nactivating it.\nThis option is incompatible with authenticated encryption (dm-crypt\nstacked over dm-integrity).\n"}, "loc": ["boot", "initrd", "luks", "devices", "", "allowDiscards"], "readOnly": false, "type": "boolean"}, "boot.initrd.luks.devices..bypassWorkqueues": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to bypass dm-crypt's internal read and write workqueues.\nEnabling this should improve performance on SSDs; see\n[here](https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Disable_workqueue_for_increased_solid_state_drive_(SSD)_performance)\nfor more information. Needs Linux 5.9 or later.\n"}, "loc": ["boot", "initrd", "luks", "devices", "", "bypassWorkqueues"], "readOnly": false, "type": "boolean"}, "boot.initrd.luks.devices..device": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "description": {"_type": "mdDoc", "text": "Path of the underlying encrypted block device."}, "example": {"_type": "literalExpression", "text": "\"/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08\""}, "loc": ["boot", "initrd", "luks", "devices", "", "device"], "readOnly": false, "type": "string"}, "boot.initrd.luks.devices..fallbackToPassword": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to fallback to interactive passphrase prompt if the keyfile\ncannot be found. This will prevent unattended boot should the keyfile\ngo missing.\n"}, "loc": ["boot", "initrd", "luks", "devices", "", "fallbackToPassword"], "readOnly": false, "type": "boolean"}, "boot.initrd.luks.devices..fido2.credential": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "The FIDO2 credential ID."}, "example": {"_type": "literalExpression", "text": "\"f1d00200d8dc783f7fb1e10ace8da27f8312d72692abfca2f7e4960a73f48e82e1f7571f6ebfcee9fb434f9886ccc8fcc52a6614d8d2\""}, "loc": ["boot", "initrd", "luks", "devices", "", "fido2", "credential"], "readOnly": false, "type": "null or string"}, "boot.initrd.luks.devices..fido2.credentials": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "List of FIDO2 credential IDs.\n\nUse this if you have multiple FIDO2 keys you want to use for the same luks device.\n"}, "example": {"_type": "literalExpression", "text": "[\n \"f1d00200d8dc783f7fb1e10ace8da27f8312d72692abfca2f7e4960a73f48e82e1f7571f6ebfcee9fb434f9886ccc8fcc52a6614d8d2\"\n]"}, "loc": ["boot", "initrd", "luks", "devices", "", "fido2", "credentials"], "readOnly": false, "type": "list of string"}, "boot.initrd.luks.devices..fido2.gracePeriod": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": {"_type": "mdDoc", "text": "Time in seconds to wait for the FIDO2 key."}, "loc": ["boot", "initrd", "luks", "devices", "", "fido2", "gracePeriod"], "readOnly": false, "type": "signed integer"}, "boot.initrd.luks.devices..fido2.passwordLess": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Defines whatever to use an empty string as a default salt.\n\nEnable only when your device is PIN protected, such as [Trezor](https://trezor.io/).\n"}, "loc": ["boot", "initrd", "luks", "devices", "", "fido2", "passwordLess"], "readOnly": false, "type": "boolean"}, "boot.initrd.luks.devices..gpgCard": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "The option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard.\nIf null (the default), GPG-Smartcard will be disabled for this device.\n"}, "loc": ["boot", "initrd", "luks", "devices", "", "gpgCard"], "readOnly": false, "type": "null or (submodule)"}, "boot.initrd.luks.devices..gpgCard.encryptedPass": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "description": {"_type": "mdDoc", "text": "Path to the GPG encrypted passphrase."}, "loc": ["boot", "initrd", "luks", "devices", "", "gpgCard", "encryptedPass"], "readOnly": false, "type": "path"}, "boot.initrd.luks.devices..gpgCard.gracePeriod": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": {"_type": "mdDoc", "text": "Time in seconds to wait for the GPG Smartcard."}, "loc": ["boot", "initrd", "luks", "devices", "", "gpgCard", "gracePeriod"], "readOnly": false, "type": "signed integer"}, "boot.initrd.luks.devices..gpgCard.publicKey": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "description": {"_type": "mdDoc", "text": "Path to the Public Key."}, "loc": ["boot", "initrd", "luks", "devices", "", "gpgCard", "publicKey"], "readOnly": false, "type": "path"}, "boot.initrd.luks.devices..header": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "The name of the file or block device that\nshould be used as header for the encrypted device.\n"}, "example": {"_type": "literalExpression", "text": "\"/root/header.img\""}, "loc": ["boot", "initrd", "luks", "devices", "", "header"], "readOnly": false, "type": "null or string"}, "boot.initrd.luks.devices..keyFile": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "The name of the file (can be a raw device or a partition) that\nshould be used as the decryption key for the encrypted device. If\nnot specified, you will be prompted for a passphrase instead.\n"}, "example": {"_type": "literalExpression", "text": "\"/dev/sdb1\""}, "loc": ["boot", "initrd", "luks", "devices", "", "keyFile"], "readOnly": false, "type": "null or string"}, "boot.initrd.luks.devices..keyFileOffset": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "The offset of the key file. Use this in combination with\n`keyFileSize` to use part of a file as key file\n(often the case if a raw device or partition is used as a key file).\nIf not specified, the key begins at the first byte of\n`keyFile`.\n"}, "example": {"_type": "literalExpression", "text": "4096"}, "loc": ["boot", "initrd", "luks", "devices", "", "keyFileOffset"], "readOnly": false, "type": "null or signed integer"}, "boot.initrd.luks.devices..keyFileSize": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "The size of the key file. Use this if only the beginning of the\nkey file should be used as a key (often the case if a raw device\nor partition is used as key file). If not specified, the whole\n`keyFile` will be used decryption, instead of just\nthe first `keyFileSize` bytes.\n"}, "example": {"_type": "literalExpression", "text": "4096"}, "loc": ["boot", "initrd", "luks", "devices", "", "keyFileSize"], "readOnly": false, "type": "null or signed integer"}, "boot.initrd.luks.devices..keyFileTimeout": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "The amount of time in seconds for a keyFile to appear before\ntiming out and trying passwords.\n"}, "example": {"_type": "literalExpression", "text": "5"}, "loc": ["boot", "initrd", "luks", "devices", "", "keyFileTimeout"], "readOnly": false, "type": "null or signed integer"}, "boot.initrd.luks.devices..postOpenCommands": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Commands that should be run right after we have mounted our LUKS device.\n"}, "example": {"_type": "literalExpression", "text": "''\n umount /tmp/persistent\n''"}, "loc": ["boot", "initrd", "luks", "devices", "", "postOpenCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.initrd.luks.devices..preLVM": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Whether the luksOpen will be attempted before LVM scan or after it."}, "loc": ["boot", "initrd", "luks", "devices", "", "preLVM"], "readOnly": false, "type": "boolean"}, "boot.initrd.luks.devices..preOpenCommands": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Commands that should be run right before we try to mount our LUKS device.\nThis can be useful, if the keys needed to open the drive is on another partition.\n"}, "example": {"_type": "literalExpression", "text": "''\n mkdir -p /tmp/persistent\n mount -t zfs rpool/safe/persistent /tmp/persistent\n''"}, "loc": ["boot", "initrd", "luks", "devices", "", "preOpenCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.initrd.luks.devices..tryEmptyPassphrase": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "If keyFile fails then try an empty passphrase first before\nprompting for password.\n"}, "loc": ["boot", "initrd", "luks", "devices", "", "tryEmptyPassphrase"], "readOnly": false, "type": "boolean"}, "boot.initrd.luks.devices..yubikey": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "The options to use for this LUKS device in YubiKey-PBA.\nIf null (the default), YubiKey-PBA will be disabled for this device.\n"}, "loc": ["boot", "initrd", "luks", "devices", "", "yubikey"], "readOnly": false, "type": "null or (submodule)"}, "boot.initrd.luks.devices..yubikey.gracePeriod": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "10"}, "description": {"_type": "mdDoc", "text": "Time in seconds to wait for the YubiKey."}, "loc": ["boot", "initrd", "luks", "devices", "", "yubikey", "gracePeriod"], "readOnly": false, "type": "signed integer"}, "boot.initrd.luks.devices..yubikey.iterationStep": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": {"_type": "mdDoc", "text": "How much the iteration count for PBKDF2 is increased at each successful authentication."}, "loc": ["boot", "initrd", "luks", "devices", "", "yubikey", "iterationStep"], "readOnly": false, "type": "signed integer"}, "boot.initrd.luks.devices..yubikey.keyLength": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "64"}, "description": {"_type": "mdDoc", "text": "Length of the LUKS slot key derived with PBKDF2 in byte."}, "loc": ["boot", "initrd", "luks", "devices", "", "yubikey", "keyLength"], "readOnly": false, "type": "signed integer"}, "boot.initrd.luks.devices..yubikey.saltLength": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "16"}, "description": {"_type": "mdDoc", "text": "Length of the new salt in byte (64 is the effective maximum)."}, "loc": ["boot", "initrd", "luks", "devices", "", "yubikey", "saltLength"], "readOnly": false, "type": "signed integer"}, "boot.initrd.luks.devices..yubikey.slot": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "2"}, "description": {"_type": "mdDoc", "text": "Which slot on the YubiKey to challenge."}, "loc": ["boot", "initrd", "luks", "devices", "", "yubikey", "slot"], "readOnly": false, "type": "signed integer"}, "boot.initrd.luks.devices..yubikey.storage.device": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "\"/dev/sda1\""}, "description": {"_type": "mdDoc", "text": "An unencrypted device that will temporarily be mounted in stage-1.\nMust contain the current salt to create the challenge for this LUKS device.\n"}, "loc": ["boot", "initrd", "luks", "devices", "", "yubikey", "storage", "device"], "readOnly": false, "type": "path"}, "boot.initrd.luks.devices..yubikey.storage.fsType": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "\"vfat\""}, "description": {"_type": "mdDoc", "text": "The filesystem of the unencrypted device."}, "loc": ["boot", "initrd", "luks", "devices", "", "yubikey", "storage", "fsType"], "readOnly": false, "type": "string"}, "boot.initrd.luks.devices..yubikey.storage.path": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "\"/crypt-storage/default\""}, "description": {"_type": "mdDoc", "text": "Absolute path of the salt on the unencrypted device with\nthat device's root directory as \"/\".\n"}, "loc": ["boot", "initrd", "luks", "devices", "", "yubikey", "storage", "path"], "readOnly": false, "type": "string"}, "boot.initrd.luks.devices..yubikey.twoFactor": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Whether to use a passphrase and a YubiKey (true), or only a YubiKey (false)."}, "loc": ["boot", "initrd", "luks", "devices", "", "yubikey", "twoFactor"], "readOnly": false, "type": "boolean"}, "boot.initrd.luks.fido2Support": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Enables support for authenticating with FIDO2 devices.\n"}, "loc": ["boot", "initrd", "luks", "fido2Support"], "readOnly": false, "type": "boolean"}, "boot.initrd.luks.gpgSupport": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Enables support for authenticating with a GPG encrypted password.\n"}, "loc": ["boot", "initrd", "luks", "gpgSupport"], "readOnly": false, "type": "boolean"}, "boot.initrd.luks.mitigateDMAAttacks": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Unless enabled, encryption keys can be easily recovered by an attacker with physical\naccess to any machine with PCMCIA, ExpressCard, ThunderBolt or FireWire port.\nMore information is available at .\n\nThis option blacklists FireWire drivers, but doesn't remove them. You can manually\nload the drivers if you need to use a FireWire device, but don't forget to unload them!\n"}, "loc": ["boot", "initrd", "luks", "mitigateDMAAttacks"], "readOnly": false, "type": "boolean"}, "boot.initrd.luks.reusePassphrases": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "When opening a new LUKS device try reusing last successful\npassphrase.\n\nUseful for mounting a number of devices that use the same\npassphrase without retyping it several times.\n\nSuch setup can be useful if you use {command}`cryptsetup luksSuspend`.\nDifferent LUKS devices will still have\ndifferent master keys even when using the same passphrase.\n"}, "loc": ["boot", "initrd", "luks", "reusePassphrases"], "readOnly": false, "type": "boolean"}, "boot.initrd.luks.yubikeySupport": {"declarations": ["nixos/modules/system/boot/luksroot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Enables support for authenticating with a YubiKey on LUKS devices.\nSee the NixOS wiki for information on how to properly setup a LUKS device\nand a YubiKey to work with this feature.\n"}, "loc": ["boot", "initrd", "luks", "yubikeySupport"], "readOnly": false, "type": "boolean"}, "boot.initrd.network.enable": {"declarations": ["nixos/modules/system/boot/initrd-network.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Add network connectivity support to initrd. The network may be\nconfigured using the `ip` kernel parameter,\nas described in [the kernel documentation](https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt).\nOtherwise, if\n{option}`networking.useDHCP` is enabled, an IP address\nis acquired using DHCP.\n\nYou should add the module(s) required for your network card to\nboot.initrd.availableKernelModules.\n`lspci -v | grep -iA8 'network\\|ethernet'`\nwill tell you which.\n"}, "loc": ["boot", "initrd", "network", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.network.flushBeforeStage2": {"declarations": ["nixos/modules/system/boot/initrd-network.nix"], "default": {"_type": "literalExpression", "text": "\"!config.boot.initrd.systemd.enable\""}, "description": {"_type": "mdDoc", "text": "Whether to clear the configuration of the interfaces that were set up in\nthe initrd right before stage 2 takes over. Stage 2 will do the regular network\nconfiguration based on the NixOS networking options.\n\nThe default is false when systemd is enabled in initrd,\nbecause the systemd-networkd documentation suggests it.\n"}, "loc": ["boot", "initrd", "network", "flushBeforeStage2"], "readOnly": false, "type": "boolean"}, "boot.initrd.network.openvpn.configuration": {"declarations": ["nixos/modules/system/boot/initrd-openvpn.nix"], "description": {"_type": "mdDoc", "text": "The configuration file for OpenVPN.\n\n::: {.warning}\nUnless your bootloader supports initrd secrets, this configuration\nis stored insecurely in the global Nix store.\n:::\n"}, "example": {"_type": "literalExpression", "text": "./configuration.ovpn"}, "loc": ["boot", "initrd", "network", "openvpn", "configuration"], "readOnly": false, "type": "path"}, "boot.initrd.network.openvpn.enable": {"declarations": ["nixos/modules/system/boot/initrd-openvpn.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Starts an OpenVPN client during initrd boot. It can be used to e.g.\nremotely accessing the SSH service controlled by\n{option}`boot.initrd.network.ssh` or other network services\nincluded. Service is killed when stage-1 boot is finished.\n"}, "loc": ["boot", "initrd", "network", "openvpn", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.network.postCommands": {"declarations": ["nixos/modules/system/boot/initrd-network.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Shell commands to be executed after stage 1 of the\nboot has initialised the network.\n"}, "loc": ["boot", "initrd", "network", "postCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.initrd.network.ssh.authorizedKeys": {"declarations": ["nixos/modules/system/boot/initrd-ssh.nix"], "default": {"_type": "literalExpression", "text": "config.users.users.root.openssh.authorizedKeys.keys"}, "description": {"_type": "mdDoc", "text": "Authorized keys for the root user on initrd.\n"}, "loc": ["boot", "initrd", "network", "ssh", "authorizedKeys"], "readOnly": false, "type": "list of string"}, "boot.initrd.network.ssh.enable": {"declarations": ["nixos/modules/system/boot/initrd-ssh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Start SSH service during initrd boot. It can be used to debug failing\nboot on a remote server, enter pasphrase for an encrypted partition etc.\nService is killed when stage-1 boot is finished.\n\nThe sshd configuration is largely inherited from\n{option}`services.openssh`.\n"}, "loc": ["boot", "initrd", "network", "ssh", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.network.ssh.extraConfig": {"declarations": ["nixos/modules/system/boot/initrd-ssh.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Verbatim contents of {file}`sshd_config`."}, "loc": ["boot", "initrd", "network", "ssh", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.initrd.network.ssh.hostKeys": {"declarations": ["nixos/modules/system/boot/initrd-ssh.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Specify SSH host keys to import into the initrd.\n\nTo generate keys, use\n{manpage}`ssh-keygen(1)`\nas root:\n\n```\nssh-keygen -t rsa -N \"\" -f /etc/secrets/initrd/ssh_host_rsa_key\nssh-keygen -t ed25519 -N \"\" -f /etc/secrets/initrd/ssh_host_ed25519_key\n```\n\n::: {.warning}\nUnless your bootloader supports initrd secrets, these keys\nare stored insecurely in the global Nix store. Do NOT use\nyour regular SSH host private keys for this purpose or\nyou'll expose them to regular users!\n\nAdditionally, even if your initrd supports secrets, if\nyou're using initrd SSH to unlock an encrypted disk then\nusing your regular host keys exposes the private keys on\nyour unencrypted boot partition.\n:::\n"}, "example": {"_type": "literalExpression", "text": "[\n \"/etc/secrets/initrd/ssh_host_rsa_key\"\n \"/etc/secrets/initrd/ssh_host_ed25519_key\"\n]"}, "loc": ["boot", "initrd", "network", "ssh", "hostKeys"], "readOnly": false, "type": "list of (string or path)"}, "boot.initrd.network.ssh.ignoreEmptyHostKeys": {"declarations": ["nixos/modules/system/boot/initrd-ssh.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Allow leaving {option}`config.boot.initrd.network.ssh` empty,\nto deploy ssh host keys out of band.\n"}, "loc": ["boot", "initrd", "network", "ssh", "ignoreEmptyHostKeys"], "readOnly": false, "type": "boolean"}, "boot.initrd.network.ssh.port": {"declarations": ["nixos/modules/system/boot/initrd-ssh.nix"], "default": {"_type": "literalExpression", "text": "22"}, "description": {"_type": "mdDoc", "text": "Port on which SSH initrd service should listen.\n"}, "loc": ["boot", "initrd", "network", "ssh", "port"], "readOnly": false, "type": "16 bit unsigned integer; between 0 and 65535 (both inclusive)"}, "boot.initrd.network.ssh.shell": {"declarations": ["nixos/modules/system/boot/initrd-ssh.nix"], "default": {"_type": "literalExpression", "text": "\"\\\"/bin/ash\\\"\""}, "description": {"_type": "mdDoc", "text": "Login shell of the remote user. Can be used to limit actions user can do.\n"}, "loc": ["boot", "initrd", "network", "ssh", "shell"], "readOnly": false, "type": "null or string"}, "boot.initrd.network.udhcpc.extraArgs": {"declarations": ["nixos/modules/system/boot/initrd-network.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Additional command-line arguments passed verbatim to udhcpc if\n{option}`boot.initrd.network.enable` and {option}`networking.useDHCP`\nare enabled.\n"}, "loc": ["boot", "initrd", "network", "udhcpc", "extraArgs"], "readOnly": false, "type": "list of string"}, "boot.initrd.postDeviceCommands": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Shell commands to be executed immediately after stage 1 of the\nboot has loaded kernel modules and created device nodes in\n{file}`/dev`.\n"}, "loc": ["boot", "initrd", "postDeviceCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.initrd.postMountCommands": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Shell commands to be executed immediately after the stage 1\nfilesystems have been mounted.\n"}, "loc": ["boot", "initrd", "postMountCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.initrd.preDeviceCommands": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Shell commands to be executed before udev is started to create\ndevice nodes.\n"}, "loc": ["boot", "initrd", "preDeviceCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.initrd.preFailCommands": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Shell commands to be executed before the failure prompt is shown.\n"}, "loc": ["boot", "initrd", "preFailCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.initrd.preLVMCommands": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Shell commands to be executed immediately before LVM discovery.\n"}, "loc": ["boot", "initrd", "preLVMCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.initrd.prepend": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Other initrd files to prepend to the final initrd we are building.\n"}, "loc": ["boot", "initrd", "prepend"], "readOnly": false, "type": "list of string"}, "boot.initrd.secrets": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Secrets to append to the initrd. The attribute name is the\npath the secret should have inside the initrd, the value\nis the path it should be copied from (or null for the same\npath inside and out).\n"}, "example": {"_type": "literalExpression", "text": "{ \"/etc/dropbear/dropbear_rsa_host_key\" =\n ./secret-dropbear-key;\n}\n"}, "loc": ["boot", "initrd", "secrets"], "readOnly": false, "type": "attribute set of (null or path)"}, "boot.initrd.services.swraid.mdadmConf": {"declarations": ["nixos/modules/tasks/swraid.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Contents of {file}`/etc/mdadm.conf` in initrd."}, "loc": ["boot", "initrd", "services", "swraid", "mdadmConf"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.initrd.services.udev.rules": {"declarations": ["nixos/modules/services/hardware/udev.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "{command}`udev` rules to include in the initrd\n*only*. They'll be written into file\n{file}`99-local.rules`. Thus they are read and applied\nafter the essential initrd rules.\n"}, "example": {"_type": "literalExpression", "text": "''\n SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", ATTR{address}==\"00:1D:60:B9:6D:4F\", KERNEL==\"eth*\", NAME=\"my_fast_network_card\"\n''"}, "loc": ["boot", "initrd", "services", "udev", "rules"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.initrd.supportedFilesystems": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Names of supported filesystem types in the initial ramdisk."}, "example": {"_type": "literalExpression", "text": "[\n \"btrfs\"\n]"}, "loc": ["boot", "initrd", "supportedFilesystems"], "readOnly": false, "type": "list of string"}, "boot.initrd.systemd.additionalUpstreamUnits": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Additional units shipped with systemd that shall be enabled.\n"}, "example": {"_type": "literalExpression", "text": "[\n \"debug-shell.service\"\n \"systemd-quotacheck.service\"\n]"}, "loc": ["boot", "initrd", "systemd", "additionalUpstreamUnits"], "readOnly": false, "type": "list of string"}, "boot.initrd.systemd.automounts": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Definition of systemd automount units.\nThis is a list instead of an attrSet, because systemd mandates the names to be derived from\nthe 'where' attribute.\n"}, "loc": ["boot", "initrd", "systemd", "automounts"], "readOnly": false, "type": "list of (submodule)"}, "boot.initrd.systemd.contents": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Set of files that have to be linked into the initrd"}, "example": {"_type": "literalExpression", "text": "{\n \"/etc/hostname\".text = \"mymachine\";\n}\n"}, "loc": ["boot", "initrd", "systemd", "contents"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.systemd.contents..enable": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Whether to enable copying of this file and symlinking it."}, "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "initrd", "systemd", "contents", "", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.systemd.contents..source": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "description": {"_type": "mdDoc", "text": "Path of the source file."}, "loc": ["boot", "initrd", "systemd", "contents", "", "source"], "readOnly": false, "type": "path"}, "boot.initrd.systemd.contents..target": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "\"\u2039name\u203a\""}, "description": {"_type": "mdDoc", "text": "Path of the symlink.\n"}, "loc": ["boot", "initrd", "systemd", "contents", "", "target"], "readOnly": false, "type": "path"}, "boot.initrd.systemd.contents..text": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Text of the file."}, "loc": ["boot", "initrd", "systemd", "contents", "", "text"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "boot.initrd.systemd.emergencyAccess": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Set to true for unauthenticated emergency access, and false for\nno emergency access.\n\nCan also be set to a hashed super user password to allow\nauthenticated access to the emergency mode.\n"}, "loc": ["boot", "initrd", "systemd", "emergencyAccess"], "readOnly": false, "type": "boolean or null or string, not containing newlines or colons"}, "boot.initrd.systemd.enable": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to enable systemd in initrd. The unit options such as\n{option}`boot.initrd.systemd.services` are the same as their\nstage 2 counterparts such as {option}`systemd.services`,\nexcept that `restartTriggers` and `reloadTriggers` are not\nsupported.\n\nNote: This is experimental. Some of the `boot.initrd` options\nare not supported when this is enabled, and the options under\n`boot.initrd.systemd` are subject to change.\n"}, "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "initrd", "systemd", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.systemd.extraBin": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Tools to add to /bin\n"}, "example": {"_type": "literalExpression", "text": "{\n umount = ${pkgs.util-linux}/bin/umount;\n}\n"}, "loc": ["boot", "initrd", "systemd", "extraBin"], "readOnly": false, "type": "attribute set of path"}, "boot.initrd.systemd.extraConfig": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Extra config options for systemd. See systemd-system.conf(5) man page\nfor available options.\n"}, "example": {"_type": "literalExpression", "text": "\"DefaultLimitCORE=infinity\""}, "loc": ["boot", "initrd", "systemd", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.initrd.systemd.initrdBin": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Packages to include in /bin for the stage 1 emergency shell.\n"}, "loc": ["boot", "initrd", "systemd", "initrdBin"], "readOnly": false, "type": "list of package"}, "boot.initrd.systemd.managerEnvironment": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Environment variables of PID 1. These variables are\n*not* passed to started units.\n"}, "example": {"_type": "literalExpression", "text": "{\n SYSTEMD_LOG_LEVEL = \"debug\";\n}"}, "loc": ["boot", "initrd", "systemd", "managerEnvironment"], "readOnly": false, "type": "attribute set of (null or string or path or package)"}, "boot.initrd.systemd.mounts": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Definition of systemd mount units.\nThis is a list instead of an attrSet, because systemd mandates the names to be derived from\nthe 'where' attribute.\n"}, "loc": ["boot", "initrd", "systemd", "mounts"], "readOnly": false, "type": "list of (submodule)"}, "boot.initrd.systemd.network.config": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Definition of global systemd network config."}, "loc": ["boot", "initrd", "systemd", "network", "config"], "readOnly": false, "type": "submodule"}, "boot.initrd.systemd.network.enable": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to enable networkd or not.\n"}, "loc": ["boot", "initrd", "systemd", "network", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.systemd.network.links": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Definition of systemd network links."}, "loc": ["boot", "initrd", "systemd", "network", "links"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.systemd.network.netdevs": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Definition of systemd network devices."}, "loc": ["boot", "initrd", "systemd", "network", "netdevs"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.systemd.network.networks": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Definition of systemd networks."}, "loc": ["boot", "initrd", "systemd", "network", "networks"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.systemd.network.wait-online.anyInterface": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to consider the network online when any interface is online, as opposed to all of them.\nThis is useful on portable machines with a wired and a wireless interface, for example.\n"}, "loc": ["boot", "initrd", "systemd", "network", "wait-online", "anyInterface"], "readOnly": false, "type": "boolean"}, "boot.initrd.systemd.network.wait-online.enable": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Whether to enable the systemd-networkd-wait-online service.\n\nsystemd-networkd-wait-online can timeout and fail if there are no network interfaces\navailable for it to manage. When systemd-networkd is enabled but a different service is\nresponsible for managing the system's internet connection (for example, NetworkManager or\nconnman are used to manage WiFi connections), this service is unnecessary and can be\ndisabled.\n"}, "example": {"_type": "literalExpression", "text": "false"}, "loc": ["boot", "initrd", "systemd", "network", "wait-online", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.systemd.network.wait-online.extraArgs": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Extra command-line arguments to pass to systemd-networkd-wait-online.\nThese also affect per-interface `systemd-network-wait-online@` services.\n\nSee {manpage}`systemd-networkd-wait-online.service(8)` for all available options.\n"}, "loc": ["boot", "initrd", "systemd", "network", "wait-online", "extraArgs"], "readOnly": false, "type": "list of string"}, "boot.initrd.systemd.network.wait-online.ignoredInterfaces": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Network interfaces to be ignored when deciding if the system is online.\n"}, "example": {"_type": "literalExpression", "text": "[\n \"wg0\"\n]"}, "loc": ["boot", "initrd", "systemd", "network", "wait-online", "ignoredInterfaces"], "readOnly": false, "type": "list of string"}, "boot.initrd.systemd.network.wait-online.timeout": {"declarations": ["nixos/modules/system/boot/networkd.nix"], "default": {"_type": "literalExpression", "text": "120"}, "description": {"_type": "mdDoc", "text": "Time to wait for the network to come online, in seconds. Set to 0 to disable.\n"}, "example": {"_type": "literalExpression", "text": "0"}, "loc": ["boot", "initrd", "systemd", "network", "wait-online", "timeout"], "readOnly": false, "type": "unsigned integer, meaning >=0"}, "boot.initrd.systemd.package": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "pkgs.systemdStage1"}, "description": {"_type": "mdDoc", "text": "The systemd package to use."}, "loc": ["boot", "initrd", "systemd", "package"], "readOnly": false, "type": "package"}, "boot.initrd.systemd.packages": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Packages providing systemd units and hooks."}, "example": {"_type": "literalExpression", "text": "[ pkgs.systemd-cryptsetup-generator ]"}, "loc": ["boot", "initrd", "systemd", "packages"], "readOnly": false, "type": "list of package"}, "boot.initrd.systemd.paths": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Definition of systemd path units."}, "loc": ["boot", "initrd", "systemd", "paths"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.systemd.repart.device": {"declarations": ["nixos/modules/system/boot/systemd/repart.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "The device to operate on.\n\nIf `device == null`, systemd-repart will operate on the device\nbacking the root partition. So in order to dynamically *create* the\nroot partition in the initrd you need to set a device.\n"}, "example": {"_type": "literalExpression", "text": "\"/dev/vda\""}, "loc": ["boot", "initrd", "systemd", "repart", "device"], "readOnly": false, "type": "null or string"}, "boot.initrd.systemd.repart.enable": {"declarations": ["nixos/modules/system/boot/systemd/repart.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Grow and add partitions to a partition table at boot time in the initrd.\nsystemd-repart only works with GPT partition tables.\n\nTo run systemd-repart after the initrd, see\n`options.systemd.repart.enable`.\n"}, "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "initrd", "systemd", "repart", "enable"], "readOnly": false, "type": "boolean"}, "boot.initrd.systemd.services": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Definition of systemd service units."}, "loc": ["boot", "initrd", "systemd", "services"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.systemd.slices": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Definition of slice configurations."}, "loc": ["boot", "initrd", "systemd", "slices"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.systemd.sockets": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Definition of systemd socket units."}, "loc": ["boot", "initrd", "systemd", "sockets"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.systemd.storePaths": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Store paths to copy into the initrd as well.\n"}, "loc": ["boot", "initrd", "systemd", "storePaths"], "readOnly": false, "type": "list of ((optionally newline-terminated) single-line string or package)"}, "boot.initrd.systemd.strip": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Whether to completely strip executables and libraries copied to the initramfs.\n\nSetting this to false may save on the order of 30MiB on the\nmachine building the system (by avoiding a binutils\nreference), at the cost of ~1MiB of initramfs size. This puts\nthis option firmly in the territory of micro-optimisation.\n"}, "loc": ["boot", "initrd", "systemd", "strip"], "readOnly": false, "type": "boolean"}, "boot.initrd.systemd.suppressedStorePaths": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Store paths specified in the storePaths option that\nshould not be copied.\n"}, "loc": ["boot", "initrd", "systemd", "suppressedStorePaths"], "readOnly": false, "type": "list of (optionally newline-terminated) single-line string"}, "boot.initrd.systemd.suppressedUnits": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "A list of units to skip when generating system systemd configuration directory. This has\npriority over upstream units, {option}`boot.initrd.systemd.units`, and\n{option}`boot.initrd.systemd.additionalUpstreamUnits`. The main purpose of this is to\nprevent a upstream systemd unit from being added to the initrd with any modifications made to it\nby other NixOS modules.\n"}, "example": {"_type": "literalExpression", "text": "[\n \"systemd-backlight@.service\"\n]"}, "loc": ["boot", "initrd", "systemd", "suppressedUnits"], "readOnly": false, "type": "list of string"}, "boot.initrd.systemd.targets": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Definition of systemd target units."}, "loc": ["boot", "initrd", "systemd", "targets"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.systemd.timers": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Definition of systemd timer units."}, "loc": ["boot", "initrd", "systemd", "timers"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.systemd.units": {"declarations": ["nixos/modules/system/boot/systemd/initrd.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Definition of systemd units."}, "loc": ["boot", "initrd", "systemd", "units"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.initrd.verbose": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Verbosity of the initrd. Please note that disabling verbosity removes\nonly the mandatory messages generated by the NixOS scripts. For a\ncompletely silent boot, you might also want to set the two following\nconfiguration options:\n\n- `boot.consoleLogLevel = 0;`\n- `boot.kernelParams = [ \"quiet\" \"udev.log_level=3\" ];`\n"}, "loc": ["boot", "initrd", "verbose"], "readOnly": false, "type": "boolean"}, "boot.isContainer": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether this NixOS machine is a lightweight container running\nin another NixOS system.\n"}, "loc": ["boot", "isContainer"], "readOnly": false, "type": "boolean"}, "boot.iscsi-initiator.discoverPortal": {"declarations": ["nixos/modules/services/networking/iscsi/root-initiator.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "iSCSI portal to boot from.\n"}, "example": {"_type": "literalExpression", "text": "\"192.168.1.1:3260\""}, "loc": ["boot", "iscsi-initiator", "discoverPortal"], "readOnly": false, "type": "null or string"}, "boot.iscsi-initiator.extraConfig": {"declarations": ["nixos/modules/services/networking/iscsi/root-initiator.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Extra lines to append to /etc/iscsid.conf"}, "loc": ["boot", "iscsi-initiator", "extraConfig"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "boot.iscsi-initiator.extraConfigFile": {"declarations": ["nixos/modules/services/networking/iscsi/root-initiator.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Append an additional file's contents to `/etc/iscsid.conf`. Use a non-store path\nand store passwords in this file. Note: the file specified here must be available\nin the initrd, see: `boot.initrd.secrets`.\n"}, "loc": ["boot", "iscsi-initiator", "extraConfigFile"], "readOnly": false, "type": "null or string"}, "boot.iscsi-initiator.extraIscsiCommands": {"declarations": ["nixos/modules/services/networking/iscsi/root-initiator.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Extra iscsi commands to run in the initrd."}, "loc": ["boot", "iscsi-initiator", "extraIscsiCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.iscsi-initiator.logLevel": {"declarations": ["nixos/modules/services/networking/iscsi/root-initiator.nix"], "default": {"_type": "literalExpression", "text": "1"}, "description": {"_type": "mdDoc", "text": "Higher numbers elicits more logs.\n"}, "example": {"_type": "literalExpression", "text": "8"}, "loc": ["boot", "iscsi-initiator", "logLevel"], "readOnly": false, "type": "signed integer"}, "boot.iscsi-initiator.loginAll": {"declarations": ["nixos/modules/services/networking/iscsi/root-initiator.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Do not log into a specific target on the portal, but to all that we discover.\nThis overrides setting target.\n"}, "loc": ["boot", "iscsi-initiator", "loginAll"], "readOnly": false, "type": "boolean"}, "boot.iscsi-initiator.name": {"declarations": ["nixos/modules/services/networking/iscsi/root-initiator.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Name of the iSCSI initiator to boot from. Note, booting from iscsi\nrequires networkd based networking.\n"}, "example": {"_type": "literalExpression", "text": "\"iqn.2020-08.org.linux-iscsi.initiatorhost:example\""}, "loc": ["boot", "iscsi-initiator", "name"], "readOnly": false, "type": "null or string"}, "boot.iscsi-initiator.target": {"declarations": ["nixos/modules/services/networking/iscsi/root-initiator.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Name of the iSCSI target to boot from.\n"}, "example": {"_type": "literalExpression", "text": "\"iqn.2020-08.org.linux-iscsi.targethost:example\""}, "loc": ["boot", "iscsi-initiator", "target"], "readOnly": false, "type": "null or string"}, "boot.kernel.enable": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Whether to enable the Linux kernel. This is useful for systemd-like containers which do not require a kernel."}, "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "kernel", "enable"], "readOnly": false, "type": "boolean"}, "boot.kernel.randstructSeed": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Provides a custom seed for the {var}`RANDSTRUCT` security\noption of the Linux kernel. Note that {var}`RANDSTRUCT` is\nonly enabled in NixOS hardened kernels. Using a custom seed requires\nbuilding the kernel and dependent packages locally, since this\ncustomization happens at build time.\n"}, "example": {"_type": "literalExpression", "text": "\"my secret seed\""}, "loc": ["boot", "kernel", "randstructSeed"], "readOnly": false, "type": "string"}, "boot.kernel.sysctl": {"declarations": ["nixos/modules/config/sysctl.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Runtime parameters of the Linux kernel, as set by\n{manpage}`sysctl(8)`. Note that sysctl\nparameters names must be enclosed in quotes\n(e.g. `\"vm.swappiness\"` instead of\n`vm.swappiness`). The value of each\nparameter may be a string, integer, boolean, or null\n(signifying the option will not appear at all).\n"}, "example": {"_type": "literalExpression", "text": "{ \"net.ipv4.tcp_syncookies\" = false; \"vm.swappiness\" = 60; }\n"}, "loc": ["boot", "kernel", "sysctl"], "readOnly": false, "type": "attribute set of (sysctl option value)"}, "boot.kernel.sysctl.\"net.core.rmem_max\"": {"declarations": ["nixos/modules/config/sysctl.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "The maximum socket receive buffer size. In case of conflicting values, the highest will be used."}, "loc": ["boot", "kernel", "sysctl", "net.core.rmem_max"], "readOnly": false, "type": "null or unsigned integer, meaning >=0"}, "boot.kernelModules": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "The set of kernel modules to be loaded in the second stage of\nthe boot process. Note that modules that are needed to\nmount the root file system should be added to\n{option}`boot.initrd.availableKernelModules` or\n{option}`boot.initrd.kernelModules`.\n"}, "loc": ["boot", "kernelModules"], "readOnly": false, "type": "list of string"}, "boot.kernelPackages": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "pkgs.linuxPackages"}, "description": {"_type": "mdDoc", "text": "This option allows you to override the Linux kernel used by\nNixOS. Since things like external kernel module packages are\ntied to the kernel you're using, it also overrides those.\nThis option is a function that takes Nixpkgs as an argument\n(as a convenience), and returns an attribute set containing at\nthe very least an attribute {var}`kernel`.\nAdditional attributes may be needed depending on your\nconfiguration. For instance, if you use the NVIDIA X driver,\nthen it also needs to contain an attribute\n{var}`nvidia_x11`.\n\nPlease note that we strictly support kernel versions that are\nmaintained by the Linux developers only. More information on the\navailability of kernel versions is documented\n[in the Linux section of the manual](https://nixos.org/manual/nixos/unstable/index.html#sec-kernel-config).\n"}, "example": {"_type": "literalExpression", "text": "pkgs.linuxKernel.packages.linux_5_10"}, "loc": ["boot", "kernelPackages"], "readOnly": false, "type": "raw value"}, "boot.kernelParams": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Parameters added to the kernel command line."}, "loc": ["boot", "kernelParams"], "readOnly": false, "type": "list of string, with spaces inside double quotes"}, "boot.kernelPatches": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "A list of additional patches to apply to the kernel.\n\nEvery item should be an attribute set with the following attributes:\n\n```nix\n{\n name = \"foo\"; # descriptive name, required\n\n patch = ./foo.patch; # path or derivation that contains the patch source\n # (required, but can be null if only config changes\n # are needed)\n\n extraStructuredConfig = { # attrset of extra configuration parameters\n FOO = lib.kernel.yes; # (without the CONFIG_ prefix, optional)\n }; # values should generally be lib.kernel.yes,\n # lib.kernel.no or lib.kernel.module\n\n features = { # attrset of extra \"features\" the kernel is considered to have\n foo = true; # (may be checked by other NixOS modules, optional)\n };\n\n extraConfig = \"CONFIG_FOO y\"; # extra configuration options in string form\n # (deprecated, use extraStructuredConfig instead, optional)\n}\n```\n\nThere's a small set of existing kernel patches in Nixpkgs, available as `pkgs.kernelPatches`,\nthat follow this format and can be used directly.\n"}, "example": {"_type": "literalExpression", "text": "[\n {\n name = \"foo\";\n patch = ./foo.patch;\n extraStructuredConfig.FOO = lib.kernel.yes;\n features.foo = true;\n }\n]\n"}, "loc": ["boot", "kernelPatches"], "readOnly": false, "type": "list of (attribute set)"}, "boot.loader.efi.canTouchEfiVariables": {"declarations": ["nixos/modules/system/boot/loader/efi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether the installation process is allowed to modify EFI boot variables."}, "loc": ["boot", "loader", "efi", "canTouchEfiVariables"], "readOnly": false, "type": "boolean"}, "boot.loader.efi.efiSysMountPoint": {"declarations": ["nixos/modules/system/boot/loader/efi.nix"], "default": {"_type": "literalExpression", "text": "\"/boot\""}, "description": {"_type": "mdDoc", "text": "Where the EFI System Partition is mounted."}, "loc": ["boot", "loader", "efi", "efiSysMountPoint"], "readOnly": false, "type": "string"}, "boot.loader.external.enable": {"declarations": ["nixos/modules/system/boot/loader/external/external.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to enable use an external tool to install your bootloader."}, "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "loader", "external", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.external.installHook": {"declarations": ["nixos/modules/system/boot/loader/external/external.nix"], "description": {"_type": "mdDoc", "text": "The full path to a program of your choosing which performs the bootloader installation process.\n\nThe program will be called with an argument pointing to the output of the system's toplevel.\n"}, "loc": ["boot", "loader", "external", "installHook"], "readOnly": false, "type": "path"}, "boot.loader.generationsDir.copyKernels": {"declarations": ["nixos/modules/system/boot/loader/generations-dir/generations-dir.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether copy the necessary boot files into /boot, so\n/nix/store is not needed by the boot loader.\n"}, "loc": ["boot", "loader", "generationsDir", "copyKernels"], "readOnly": false, "type": "boolean"}, "boot.loader.generationsDir.enable": {"declarations": ["nixos/modules/system/boot/loader/generations-dir/generations-dir.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to create symlinks to the system generations under\n`/boot`. When enabled,\n`/boot/default/kernel`,\n`/boot/default/initrd`, etc., are updated to\npoint to the current generation's kernel image, initial RAM\ndisk, and other bootstrap files.\n\nThis optional is not necessary with boot loaders such as GNU GRUB\nfor which the menu is updated to point to the latest bootstrap\nfiles. However, it is needed for U-Boot on platforms where the\nboot command line is stored in flash memory rather than in a\nmenu file.\n"}, "loc": ["boot", "loader", "generationsDir", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.generic-extlinux-compatible.configurationLimit": {"declarations": ["nixos/modules/system/boot/loader/generic-extlinux-compatible"], "default": {"_type": "literalExpression", "text": "20"}, "description": {"_type": "mdDoc", "text": "Maximum number of configurations in the boot menu.\n"}, "example": {"_type": "literalExpression", "text": "10"}, "loc": ["boot", "loader", "generic-extlinux-compatible", "configurationLimit"], "readOnly": false, "type": "signed integer"}, "boot.loader.generic-extlinux-compatible.enable": {"declarations": ["nixos/modules/system/boot/loader/generic-extlinux-compatible"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to generate an extlinux-compatible configuration file\nunder `/boot/extlinux.conf`. For instance,\nU-Boot's generic distro boot support uses this file format.\n\nSee [U-boot's documentation](http://git.denx.de/?p=u-boot.git;a=blob;f=doc/README.distro;hb=refs/heads/master)\nfor more information.\n"}, "loc": ["boot", "loader", "generic-extlinux-compatible", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.generic-extlinux-compatible.populateCmd": {"declarations": ["nixos/modules/system/boot/loader/generic-extlinux-compatible"], "description": {"_type": "mdDoc", "text": "Contains the builder command used to populate an image,\nhonoring all options except the `-c `\nargument.\nUseful to have for sdImage.populateRootCommands\n"}, "loc": ["boot", "loader", "generic-extlinux-compatible", "populateCmd"], "readOnly": true, "type": "string"}, "boot.loader.generic-extlinux-compatible.useGenerationDeviceTree": {"declarations": ["nixos/modules/system/boot/loader/generic-extlinux-compatible"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Whether to generate Device Tree-related directives in the\nextlinux configuration.\n\nWhen enabled, the bootloader will attempt to load the device\ntree binaries from the generation's kernel.\n\nNote that this affects all generations, regardless of the\nsetting value used in their configurations.\n"}, "loc": ["boot", "loader", "generic-extlinux-compatible", "useGenerationDeviceTree"], "readOnly": false, "type": "boolean"}, "boot.loader.grub.backgroundColor": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Background color to be used for GRUB to fill the areas the image isn't filling.\n\n::: {.note}\nThis options has no effect for GRUB 1.\n:::\n"}, "example": {"_type": "literalExpression", "text": "\"#7EBAE4\""}, "loc": ["boot", "loader", "grub", "backgroundColor"], "readOnly": false, "type": "null or string"}, "boot.loader.grub.configurationLimit": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "100"}, "description": {"_type": "mdDoc", "text": "Maximum of configurations in boot menu. GRUB has problems when\nthere are too many entries.\n"}, "example": {"_type": "literalExpression", "text": "120"}, "loc": ["boot", "loader", "grub", "configurationLimit"], "readOnly": false, "type": "signed integer"}, "boot.loader.grub.configurationName": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "GRUB entry name instead of default.\n"}, "example": {"_type": "literalExpression", "text": "\"Stable 2.6.21\""}, "loc": ["boot", "loader", "grub", "configurationName"], "readOnly": false, "type": "string"}, "boot.loader.grub.copyKernels": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether the GRUB menu builder should copy kernels and initial\nramdisks to /boot. This is done automatically if /boot is\non a different partition than /.\n"}, "loc": ["boot", "loader", "grub", "copyKernels"], "readOnly": false, "type": "boolean"}, "boot.loader.grub.default": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"0\""}, "description": {"_type": "mdDoc", "text": "Index of the default menu item to be booted.\nCan also be set to \"saved\", which will make GRUB select\nthe menu item that was used at the last boot.\n"}, "loc": ["boot", "loader", "grub", "default"], "readOnly": false, "type": "signed integer or string"}, "boot.loader.grub.device": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "The device on which the GRUB boot loader will be installed.\nThe special value `nodev` means that a GRUB\nboot menu will be generated, but GRUB itself will not\nactually be installed. To install GRUB on multiple devices,\nuse `boot.loader.grub.devices`.\n"}, "example": {"_type": "literalExpression", "text": "\"/dev/disk/by-id/wwn-0x500001234567890a\""}, "loc": ["boot", "loader", "grub", "device"], "readOnly": false, "type": "string"}, "boot.loader.grub.devices": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "The devices on which the boot loader, GRUB, will be\ninstalled. Can be used instead of `device` to\ninstall GRUB onto multiple devices.\n"}, "example": {"_type": "literalExpression", "text": "[\n \"/dev/disk/by-id/wwn-0x500001234567890a\"\n]"}, "loc": ["boot", "loader", "grub", "devices"], "readOnly": false, "type": "list of string"}, "boot.loader.grub.efiInstallAsRemovable": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to invoke `grub-install` with\n`--removable`.\n\nUnless you turn this on, GRUB will install itself somewhere in\n`boot.loader.efi.efiSysMountPoint` (exactly where\ndepends on other config variables). If you've set\n`boot.loader.efi.canTouchEfiVariables` *AND* you\nare currently booted in UEFI mode, then GRUB will use\n`efibootmgr` to modify the boot order in the\nEFI variables of your firmware to include this location. If you are\n*not* booted in UEFI mode at the time GRUB is being installed, the\nNVRAM will not be modified, and your system will not find GRUB at\nboot time. However, GRUB will still return success so you may miss\nthe warning that gets printed (\"`efibootmgr: EFI variables\nare not supported on this system.`\").\n\nIf you turn this feature on, GRUB will install itself in a\nspecial location within `efiSysMountPoint` (namely\n`EFI/boot/boot$arch.efi`) which the firmwares\nare hardcoded to try first, regardless of NVRAM EFI variables.\n\nTo summarize, turn this on if:\n- You are installing NixOS and want it to boot in UEFI mode,\n but you are currently booted in legacy mode\n- You want to make a drive that will boot regardless of\n the NVRAM state of the computer (like a USB \"removable\" drive)\n- You simply dislike the idea of depending on NVRAM\n state to make your drive bootable\n"}, "loc": ["boot", "loader", "grub", "efiInstallAsRemovable"], "readOnly": false, "type": "boolean"}, "boot.loader.grub.efiSupport": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether GRUB should be built with EFI support.\nEFI support is only available for GRUB v2.\nThis option is ignored for GRUB v1.\n"}, "loc": ["boot", "loader", "grub", "efiSupport"], "readOnly": false, "type": "boolean"}, "boot.loader.grub.enable": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "!config.boot.isContainer"}, "description": {"_type": "mdDoc", "text": "Whether to enable the GNU GRUB boot loader.\n"}, "loc": ["boot", "loader", "grub", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.grub.enableCryptodisk": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Enable support for encrypted partitions. GRUB should automatically\nunlock the correct encrypted partition and look for filesystems.\n"}, "loc": ["boot", "loader", "grub", "enableCryptodisk"], "readOnly": false, "type": "boolean"}, "boot.loader.grub.entryOptions": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"--class nixos --unrestricted\""}, "description": {"_type": "mdDoc", "text": "Options applied to the primary NixOS menu entry.\n\n::: {.note}\nThis options has no effect for GRUB 1.\n:::\n"}, "loc": ["boot", "loader", "grub", "entryOptions"], "readOnly": false, "type": "null or string"}, "boot.loader.grub.extraConfig": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Additional GRUB commands inserted in the configuration file\njust before the menu entries.\n"}, "example": {"_type": "literalExpression", "text": "''\n serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1\n terminal_input --append serial\n terminal_output --append serial\n''"}, "loc": ["boot", "loader", "grub", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.loader.grub.extraEntries": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Any additional entries you want added to the GRUB boot menu.\n"}, "example": {"_type": "literalExpression", "text": "''\n # GRUB 1 example (not GRUB 2 compatible)\n title Windows\n chainloader (hd0,1)+1\n \n # GRUB 2 example\n menuentry \"Windows 7\" {\n chainloader (hd0,4)+1\n }\n \n # GRUB 2 with UEFI example, chainloading another distro\n menuentry \"Fedora\" {\n set root=(hd1,1)\n chainloader /efi/fedora/grubx64.efi\n }\n''"}, "loc": ["boot", "loader", "grub", "extraEntries"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.loader.grub.extraEntriesBeforeNixOS": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether extraEntries are included before the default option.\n"}, "loc": ["boot", "loader", "grub", "extraEntriesBeforeNixOS"], "readOnly": false, "type": "boolean"}, "boot.loader.grub.extraFiles": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "A set of files to be copied to {file}`/boot`.\nEach attribute name denotes the destination file name in\n{file}`/boot`, while the corresponding\nattribute value specifies the source file.\n"}, "example": {"_type": "literalExpression", "text": "{ \"memtest.bin\" = \"${pkgs.memtest86plus}/memtest.bin\"; }\n"}, "loc": ["boot", "loader", "grub", "extraFiles"], "readOnly": false, "type": "attribute set of path"}, "boot.loader.grub.extraGrubInstallArgs": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Additional arguments passed to `grub-install`.\n\nA use case for this is to build specific GRUB2 modules\ndirectly into the GRUB2 kernel image, so that they are available\nand activated even in the `grub rescue` shell.\n\nThey are also necessary when the BIOS/UEFI is bugged and cannot\ncorrectly read large disks (e.g. above 2 TB), so GRUB2's own\n`nativedisk` and related modules can be used\nto use its own disk drivers. The example shows one such case.\nThis is also useful for booting from USB.\nSee the\n[\nGRUB source code\n](http://git.savannah.gnu.org/cgit/grub.git/tree/grub-core/commands/nativedisk.c?h=grub-2.04#n326)\nfor which disk modules are available.\n\nThe list elements are passed directly as `argv`\narguments to the `grub-install` program, in order.\n"}, "example": {"_type": "literalExpression", "text": "[\n \"--modules=nativedisk ahci pata part_gpt part_msdos diskfilter mdraid1x lvm ext2\"\n]"}, "loc": ["boot", "loader", "grub", "extraGrubInstallArgs"], "readOnly": false, "type": "list of string"}, "boot.loader.grub.extraInstallCommands": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Additional shell commands inserted in the bootloader installer\nscript after generating menu entries.\n"}, "example": {"_type": "literalExpression", "text": "''\n # the example below generates detached signatures that GRUB can verify\n # https://www.gnu.org/software/grub/manual/grub/grub.html#Using-digital-signatures\n ''${pkgs.findutils}/bin/find /boot -not -path \"/boot/efi/*\" -type f -name '*.sig' -delete\n old_gpg_home=$GNUPGHOME\n export GNUPGHOME=\"$(mktemp -d)\"\n ''${pkgs.gnupg}/bin/gpg --import ''${priv_key} > /dev/null 2>&1\n ''${pkgs.findutils}/bin/find /boot -not -path \"/boot/efi/*\" -type f -exec ''${pkgs.gnupg}/bin/gpg --detach-sign \"{}\" \\; > /dev/null 2>&1\n rm -rf $GNUPGHOME\n export GNUPGHOME=$old_gpg_home\n''"}, "loc": ["boot", "loader", "grub", "extraInstallCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.loader.grub.extraPerEntryConfig": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Additional GRUB commands inserted in the configuration file\nat the start of each NixOS menu entry.\n"}, "example": {"_type": "literalExpression", "text": "\"root (hd0)\""}, "loc": ["boot", "loader", "grub", "extraPerEntryConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.loader.grub.extraPrepareConfig": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Additional bash commands to be run at the script that\nprepares the GRUB menu entries.\n"}, "loc": ["boot", "loader", "grub", "extraPrepareConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.loader.grub.font": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"${pkgs.grub2}/share/grub/unicode.pf2\""}, "description": {"_type": "mdDoc", "text": "Path to a TrueType, OpenType, or pf2 font to be used by Grub.\n"}, "loc": ["boot", "loader", "grub", "font"], "readOnly": false, "type": "null or path"}, "boot.loader.grub.fontSize": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Font size for the grub menu. Ignored unless `font`\nis set to a ttf or otf font.\n"}, "example": {"_type": "literalExpression", "text": "16"}, "loc": ["boot", "loader", "grub", "fontSize"], "readOnly": false, "type": "null or signed integer"}, "boot.loader.grub.forceInstall": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to try and forcibly install GRUB even if problems are\ndetected. It is not recommended to enable this unless you know what\nyou are doing.\n"}, "loc": ["boot", "loader", "grub", "forceInstall"], "readOnly": false, "type": "boolean"}, "boot.loader.grub.forcei686": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to force the use of a ia32 boot loader on x64 systems. Required\nto install and run NixOS on 64bit x86 systems with 32bit (U)EFI.\n"}, "loc": ["boot", "loader", "grub", "forcei686"], "readOnly": false, "type": "boolean"}, "boot.loader.grub.fsIdentifier": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"uuid\""}, "description": {"_type": "mdDoc", "text": "Determines how GRUB will identify devices when generating the\nconfiguration file. A value of uuid / label signifies that grub\nwill always resolve the uuid or label of the device before using\nit in the configuration. A value of provided means that GRUB will\nuse the device name as show in {command}`df` or\n{command}`mount`. Note, zfs zpools / datasets are ignored\nand will always be mounted using their labels.\n"}, "loc": ["boot", "loader", "grub", "fsIdentifier"], "readOnly": false, "type": "one of \"uuid\", \"label\", \"provided\""}, "boot.loader.grub.gfxmodeBios": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"1024x768\""}, "description": {"_type": "mdDoc", "text": "The gfxmode to pass to GRUB when loading a graphical boot interface under BIOS.\n"}, "example": {"_type": "literalExpression", "text": "\"auto\""}, "loc": ["boot", "loader", "grub", "gfxmodeBios"], "readOnly": false, "type": "string"}, "boot.loader.grub.gfxmodeEfi": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": {"_type": "mdDoc", "text": "The gfxmode to pass to GRUB when loading a graphical boot interface under EFI.\n"}, "example": {"_type": "literalExpression", "text": "\"1024x768\""}, "loc": ["boot", "loader", "grub", "gfxmodeEfi"], "readOnly": false, "type": "string"}, "boot.loader.grub.gfxpayloadBios": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"text\""}, "description": {"_type": "mdDoc", "text": "The gfxpayload to pass to GRUB when loading a graphical boot interface under BIOS.\n"}, "example": {"_type": "literalExpression", "text": "\"keep\""}, "loc": ["boot", "loader", "grub", "gfxpayloadBios"], "readOnly": false, "type": "string"}, "boot.loader.grub.gfxpayloadEfi": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"keep\""}, "description": {"_type": "mdDoc", "text": "The gfxpayload to pass to GRUB when loading a graphical boot interface under EFI.\n"}, "example": {"_type": "literalExpression", "text": "\"text\""}, "loc": ["boot", "loader", "grub", "gfxpayloadEfi"], "readOnly": false, "type": "string"}, "boot.loader.grub.ipxe": {"declarations": ["nixos/modules/system/boot/loader/grub/ipxe.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Set of iPXE scripts available for\nbooting from the GRUB boot menu.\n"}, "example": {"_type": "literalExpression", "text": "{ demo = ''\n #!ipxe\n dhcp\n chain http://boot.ipxe.org/demo/boot.php\n '';\n}\n"}, "loc": ["boot", "loader", "grub", "ipxe"], "readOnly": false, "type": "attribute set of (path or string)"}, "boot.loader.grub.memtest86.enable": {"declarations": ["nixos/modules/system/boot/loader/grub/memtest.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Make Memtest86+ (or MemTest86 if EFI support is enabled),\na memory testing program, available from the\nGRUB boot menu. MemTest86 is an unfree program, so\nthis requires `allowUnfree` to be set to\n`true`.\n"}, "loc": ["boot", "loader", "grub", "memtest86", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.grub.memtest86.params": {"declarations": ["nixos/modules/system/boot/loader/grub/memtest.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Parameters added to the Memtest86+ command line. As of memtest86+ 5.01\nthe following list of (apparently undocumented) parameters are\naccepted:\n\n- `console=...`, set up a serial console.\n Examples:\n `console=ttyS0`,\n `console=ttyS0,9600` or\n `console=ttyS0,115200n8`.\n\n- `btrace`, enable boot trace.\n\n- `maxcpus=N`, limit number of CPUs.\n\n- `onepass`, run one pass and exit if there\n are no errors.\n\n- `tstlist=...`, list of tests to run.\n Example: `0,1,2`.\n\n- `cpumask=...`, set a CPU mask, to select CPUs\n to use for testing.\n\nThis list of command line options was obtained by reading the\nMemtest86+ source code.\n"}, "example": {"_type": "literalExpression", "text": "[\n \"console=ttyS0,115200\"\n]"}, "loc": ["boot", "loader", "grub", "memtest86", "params"], "readOnly": false, "type": "list of string"}, "boot.loader.grub.mirroredBoots": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Mirror the boot configuration to multiple partitions and install grub\nto the respective devices corresponding to those partitions.\n"}, "example": {"_type": "literalExpression", "text": "[\n {\n devices = [\n \"/dev/disk/by-id/wwn-0x500001234567890a\"\n ];\n path = \"/boot1\";\n }\n {\n devices = [\n \"/dev/disk/by-id/wwn-0x500009876543210a\"\n ];\n path = \"/boot2\";\n }\n]"}, "loc": ["boot", "loader", "grub", "mirroredBoots"], "readOnly": false, "type": "list of (submodule)"}, "boot.loader.grub.mirroredBoots.*.devices": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "The path to the devices which will have the GRUB MBR written.\nNote these are typically device paths and not paths to partitions.\n"}, "example": {"_type": "literalExpression", "text": "[\n \"/dev/disk/by-id/wwn-0x500001234567890a\"\n \"/dev/disk/by-id/wwn-0x500009876543210a\"\n]"}, "loc": ["boot", "loader", "grub", "mirroredBoots", "*", "devices"], "readOnly": false, "type": "list of string"}, "boot.loader.grub.mirroredBoots.*.efiBootloaderId": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "The id of the bootloader to store in efi nvram.\nThe default is to name it NixOS and append the path or efiSysMountPoint.\nThis is only used if `boot.loader.efi.canTouchEfiVariables` is true.\n"}, "example": {"_type": "literalExpression", "text": "\"NixOS-fsid\""}, "loc": ["boot", "loader", "grub", "mirroredBoots", "*", "efiBootloaderId"], "readOnly": false, "type": "null or string"}, "boot.loader.grub.mirroredBoots.*.efiSysMountPoint": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "The path to the efi system mount point. Usually this is the same\npartition as the above path and can be left as null.\n"}, "example": {"_type": "literalExpression", "text": "\"/boot1/efi\""}, "loc": ["boot", "loader", "grub", "mirroredBoots", "*", "efiSysMountPoint"], "readOnly": false, "type": "null or string"}, "boot.loader.grub.mirroredBoots.*.path": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "description": {"_type": "mdDoc", "text": "The path to the boot directory where GRUB will be written. Generally\nthis boot path should double as an EFI path.\n"}, "example": {"_type": "literalExpression", "text": "\"/boot1\""}, "loc": ["boot", "loader", "grub", "mirroredBoots", "*", "path"], "readOnly": false, "type": "string"}, "boot.loader.grub.splashImage": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "description": {"_type": "mdDoc", "text": "Background image used for GRUB.\nSet to `null` to run GRUB in text mode.\n\n::: {.note}\nFor grub 1:\nIt must be a 640x480,\n14-colour image in XPM format, optionally compressed with\n{command}`gzip` or {command}`bzip2`.\n:::\n\n::: {.note}\nFor grub 2:\nFile must be one of .png, .tga, .jpg, or .jpeg. JPEG images must\nnot be progressive.\nThe image will be scaled if necessary to fit the screen.\n:::\n"}, "example": {"_type": "literalExpression", "text": "./my-background.png"}, "loc": ["boot", "loader", "grub", "splashImage"], "readOnly": false, "type": "null or path"}, "boot.loader.grub.splashMode": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"stretch\""}, "description": {"_type": "mdDoc", "text": "Whether to stretch the image or show the image in the top-left corner unstretched.\n\n::: {.note}\nThis options has no effect for GRUB 1.\n:::\n"}, "loc": ["boot", "loader", "grub", "splashMode"], "readOnly": false, "type": "one of \"normal\", \"stretch\""}, "boot.loader.grub.storePath": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"/nix/store\""}, "description": {"_type": "mdDoc", "text": "Path to the Nix store when looking for kernels at boot.\nOnly makes sense when copyKernels is false.\n"}, "loc": ["boot", "loader", "grub", "storePath"], "readOnly": false, "type": "string"}, "boot.loader.grub.subEntryOptions": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "\"--class nixos\""}, "description": {"_type": "mdDoc", "text": "Options applied to the secondary NixOS submenu entry.\n\n::: {.note}\nThis options has no effect for GRUB 1.\n:::\n"}, "loc": ["boot", "loader", "grub", "subEntryOptions"], "readOnly": false, "type": "null or string"}, "boot.loader.grub.theme": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Grub theme to be used.\n\n::: {.note}\nThis options has no effect for GRUB 1.\n:::\n"}, "example": {"_type": "literalExpression", "text": "pkgs.nixos-grub2-theme"}, "loc": ["boot", "loader", "grub", "theme"], "readOnly": false, "type": "null or path"}, "boot.loader.grub.useOSProber": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "If set to true, append entries for other OSs detected by os-prober.\n"}, "loc": ["boot", "loader", "grub", "useOSProber"], "readOnly": false, "type": "boolean"}, "boot.loader.grub.users": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "User accounts for GRUB. When specified, the GRUB command line and\nall boot options except the default are password-protected.\nAll passwords and hashes provided will be stored in /boot/grub/grub.cfg,\nand will be visible to any local user who can read this file. Additionally,\nany passwords and hashes provided directly in a Nix configuration\n(as opposed to external files) will be copied into the Nix store, and\nwill be visible to all local users.\n"}, "example": {"_type": "literalExpression", "text": "{\n root = {\n hashedPasswordFile = \"/path/to/file\";\n };\n}"}, "loc": ["boot", "loader", "grub", "users"], "readOnly": false, "type": "attribute set of (submodule)"}, "boot.loader.grub.users..hashedPassword": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Specifies the password hash for the account,\ngenerated with grub-mkpasswd-pbkdf2.\nThis hash will be copied to the Nix store, and will be visible to all local users.\n"}, "example": {"_type": "literalExpression", "text": "\"grub.pbkdf2.sha512.10000.674DFFDEF76E13EA...2CC972B102CF4355\""}, "loc": ["boot", "loader", "grub", "users", "", "hashedPassword"], "readOnly": false, "type": "null or string"}, "boot.loader.grub.users..hashedPasswordFile": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Specifies the path to a file containing the password hash\nfor the account, generated with grub-mkpasswd-pbkdf2.\nThis hash will be stored in /boot/grub/grub.cfg, and will\nbe visible to any local user who can read this file.\n"}, "example": {"_type": "literalExpression", "text": "\"/path/to/file\""}, "loc": ["boot", "loader", "grub", "users", "", "hashedPasswordFile"], "readOnly": false, "type": "null or string"}, "boot.loader.grub.users..password": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Specifies the clear text password for the account.\nThis password will be copied to the Nix store, and will be visible to all local users.\n"}, "example": {"_type": "literalExpression", "text": "\"Pa$$w0rd!\""}, "loc": ["boot", "loader", "grub", "users", "", "password"], "readOnly": false, "type": "null or string"}, "boot.loader.grub.users..passwordFile": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Specifies the path to a file containing the\nclear text password for the account.\nThis password will be stored in /boot/grub/grub.cfg, and will\nbe visible to any local user who can read this file.\n"}, "example": {"_type": "literalExpression", "text": "\"/path/to/file\""}, "loc": ["boot", "loader", "grub", "users", "", "passwordFile"], "readOnly": false, "type": "null or string"}, "boot.loader.grub.zfsSupport": {"declarations": ["nixos/modules/system/boot/loader/grub/grub.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether GRUB should be built against libzfs.\nZFS support is only available for GRUB v2.\nThis option is ignored for GRUB v1.\n"}, "loc": ["boot", "loader", "grub", "zfsSupport"], "readOnly": false, "type": "boolean"}, "boot.loader.initScript.enable": {"declarations": ["nixos/modules/system/boot/loader/init-script/init-script.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Some systems require a /sbin/init script which is started.\nOr having it makes starting NixOS easier.\nThis applies to some kind of hosting services and user mode linux.\n\nAdditionally this script will create\n/boot/init-other-configurations-contents.txt containing\ncontents of remaining configurations. You can copy paste them into\n/sbin/init manually running a rescue system or such.\n"}, "loc": ["boot", "loader", "initScript", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.raspberryPi.enable": {"declarations": ["nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to create files with the system generations in\n`/boot`.\n`/boot/old` will hold files from old generations.\n"}, "loc": ["boot", "loader", "raspberryPi", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.raspberryPi.firmwareConfig": {"declarations": ["nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Extra options that will be appended to `/boot/config.txt` file.\nFor possible values, see: https://www.raspberrypi.com/documentation/computers/config_txt.html\n"}, "loc": ["boot", "loader", "raspberryPi", "firmwareConfig"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "boot.loader.raspberryPi.uboot.configurationLimit": {"declarations": ["nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix"], "default": {"_type": "literalExpression", "text": "20"}, "description": {"_type": "mdDoc", "text": "Maximum number of configurations in the boot menu.\n"}, "example": {"_type": "literalExpression", "text": "10"}, "loc": ["boot", "loader", "raspberryPi", "uboot", "configurationLimit"], "readOnly": false, "type": "signed integer"}, "boot.loader.raspberryPi.uboot.enable": {"declarations": ["nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Enable using uboot as bootmanager for the raspberry pi.\n"}, "loc": ["boot", "loader", "raspberryPi", "uboot", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.raspberryPi.version": {"declarations": ["nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix"], "default": {"_type": "literalExpression", "text": "2"}, "description": {"_type": "mdDoc", "text": ""}, "loc": ["boot", "loader", "raspberryPi", "version"], "readOnly": false, "type": "one of 0, 1, 2, 3, 4"}, "boot.loader.systemd-boot.configurationLimit": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Maximum number of latest generations in the boot menu.\nUseful to prevent boot partition running out of disk space.\n\n`null` means no limit i.e. all generations\nthat were not garbage collected yet.\n"}, "example": {"_type": "literalExpression", "text": "120"}, "loc": ["boot", "loader", "systemd-boot", "configurationLimit"], "readOnly": false, "type": "null or signed integer"}, "boot.loader.systemd-boot.consoleMode": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "\"keep\""}, "description": {"_type": "mdDoc", "text": "The resolution of the console. The following values are valid:\n\n- `\"0\"`: Standard UEFI 80x25 mode\n- `\"1\"`: 80x50 mode, not supported by all devices\n- `\"2\"`: The first non-standard mode provided by the device firmware, if any\n- `\"auto\"`: Pick a suitable mode automatically using heuristics\n- `\"max\"`: Pick the highest-numbered available mode\n- `\"keep\"`: Keep the mode selected by firmware (the default)\n"}, "loc": ["boot", "loader", "systemd-boot", "consoleMode"], "readOnly": false, "type": "one of \"0\", \"1\", \"2\", \"auto\", \"max\", \"keep\""}, "boot.loader.systemd-boot.editor": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Whether to allow editing the kernel command-line before\nboot. It is recommended to set this to false, as it allows\ngaining root access by passing init=/bin/sh as a kernel\nparameter. However, it is enabled by default for backwards\ncompatibility.\n"}, "loc": ["boot", "loader", "systemd-boot", "editor"], "readOnly": false, "type": "boolean"}, "boot.loader.systemd-boot.enable": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to enable the systemd-boot (formerly gummiboot) EFI boot manager"}, "loc": ["boot", "loader", "systemd-boot", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.systemd-boot.extraEntries": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Any additional entries you want added to the `systemd-boot` menu.\nThese entries will be copied to {file}`/boot/loader/entries`.\nEach attribute name denotes the destination file name,\nand the corresponding attribute value is the contents of the entry.\n\n`systemd-boot` orders the menu entries by the config file names,\nso if you want something to appear after all the NixOS entries,\nit should start with {file}`o` or onwards.\n"}, "example": {"_type": "literalExpression", "text": "{ \"memtest86.conf\" = ''\n title MemTest86\n efi /efi/memtest86/memtest86.efi\n''; }\n"}, "loc": ["boot", "loader", "systemd-boot", "extraEntries"], "readOnly": false, "type": "attribute set of strings concatenated with \"\\n\""}, "boot.loader.systemd-boot.extraFiles": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "A set of files to be copied to {file}`/boot`.\nEach attribute name denotes the destination file name in\n{file}`/boot`, while the corresponding\nattribute value specifies the source file.\n"}, "example": {"_type": "literalExpression", "text": "{ \"efi/memtest86/memtest86.efi\" = \"${pkgs.memtest86-efi}/BOOTX64.efi\"; }\n"}, "loc": ["boot", "loader", "systemd-boot", "extraFiles"], "readOnly": false, "type": "attribute set of path"}, "boot.loader.systemd-boot.extraInstallCommands": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Additional shell commands inserted in the bootloader installer\nscript after generating menu entries. It can be used to expand\non extra boot entries that cannot incorporate certain pieces of\ninformation (such as the resulting `init=` kernel parameter).\n"}, "example": {"_type": "literalExpression", "text": "''\n default_cfg=$(cat /boot/loader/loader.conf | grep default | awk '{print $2}')\n init_value=$(cat /boot/loader/entries/$default_cfg | grep init= | awk '{print $2}')\n sed -i \"s|@INIT@|$init_value|g\" /boot/custom/config_with_placeholder.conf\n''"}, "loc": ["boot", "loader", "systemd-boot", "extraInstallCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.loader.systemd-boot.graceful": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Invoke `bootctl install` with the `--graceful` option,\nwhich ignores errors when EFI variables cannot be written or when the EFI System Partition\ncannot be found. Currently only applies to random seed operations.\n\nOnly enable this option if `systemd-boot` otherwise fails to install, as the\nscope or implication of the `--graceful` option may change in the future.\n"}, "loc": ["boot", "loader", "systemd-boot", "graceful"], "readOnly": false, "type": "boolean"}, "boot.loader.systemd-boot.memtest86.enable": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Make MemTest86 available from the systemd-boot menu. MemTest86 is a\nprogram for testing memory. MemTest86 is an unfree program, so\nthis requires `allowUnfree` to be set to\n`true`.\n"}, "loc": ["boot", "loader", "systemd-boot", "memtest86", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.systemd-boot.memtest86.entryFilename": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "\"memtest86.conf\""}, "description": {"_type": "mdDoc", "text": "`systemd-boot` orders the menu entries by the config file names,\nso if you want something to appear after all the NixOS entries,\nit should start with {file}`o` or onwards.\n"}, "loc": ["boot", "loader", "systemd-boot", "memtest86", "entryFilename"], "readOnly": false, "type": "string"}, "boot.loader.systemd-boot.netbootxyz.enable": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Make `netboot.xyz` available from the\n`systemd-boot` menu. `netboot.xyz`\nis a menu system that allows you to boot OS installers and\nutilities over the network.\n"}, "loc": ["boot", "loader", "systemd-boot", "netbootxyz", "enable"], "readOnly": false, "type": "boolean"}, "boot.loader.systemd-boot.netbootxyz.entryFilename": {"declarations": ["nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix"], "default": {"_type": "literalExpression", "text": "\"o_netbootxyz.conf\""}, "description": {"_type": "mdDoc", "text": "`systemd-boot` orders the menu entries by the config file names,\nso if you want something to appear after all the NixOS entries,\nit should start with {file}`o` or onwards.\n"}, "loc": ["boot", "loader", "systemd-boot", "netbootxyz", "entryFilename"], "readOnly": false, "type": "string"}, "boot.loader.timeout": {"declarations": ["nixos/modules/system/boot/loader/loader.nix"], "default": {"_type": "literalExpression", "text": "5"}, "description": {"_type": "mdDoc", "text": "Timeout (in seconds) until loader boots the default menu item. Use null if the loader menu should be displayed indefinitely.\n"}, "loc": ["boot", "loader", "timeout"], "readOnly": false, "type": "null or signed integer"}, "boot.modprobeConfig.enable": {"declarations": ["nixos/modules/system/boot/modprobe.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Whether to enable modprobe config. This is useful for systems like containers which do not require a kernel."}, "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "modprobeConfig", "enable"], "readOnly": false, "type": "boolean"}, "boot.plymouth.enable": {"declarations": ["nixos/modules/system/boot/plymouth.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to enable Plymouth boot splash screen."}, "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "plymouth", "enable"], "readOnly": false, "type": "boolean"}, "boot.plymouth.extraConfig": {"declarations": ["nixos/modules/system/boot/plymouth.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Literal string to append to `configFile`\nand the config file generated by the plymouth module.\n"}, "loc": ["boot", "plymouth", "extraConfig"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.plymouth.font": {"declarations": ["nixos/modules/system/boot/plymouth.nix"], "default": {"_type": "literalExpression", "text": "\"${pkgs.dejavu_fonts.minimal}/share/fonts/truetype/DejaVuSans.ttf\""}, "description": {"_type": "mdDoc", "text": "Font file made available for displaying text on the splash screen.\n"}, "loc": ["boot", "plymouth", "font"], "readOnly": false, "type": "path"}, "boot.plymouth.logo": {"declarations": ["nixos/modules/system/boot/plymouth.nix"], "default": {"_type": "literalExpression", "text": "pkgs.fetchurl {\n url = \"https://nixos.org/logo/nixos-hires.png\";\n sha256 = \"1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si\";\n }"}, "description": {"_type": "mdDoc", "text": "Logo which is displayed on the splash screen.\n"}, "loc": ["boot", "plymouth", "logo"], "readOnly": false, "type": "path"}, "boot.plymouth.theme": {"declarations": ["nixos/modules/system/boot/plymouth.nix"], "default": {"_type": "literalExpression", "text": "\"bgrt\""}, "description": {"_type": "mdDoc", "text": "Splash screen theme.\n"}, "loc": ["boot", "plymouth", "theme"], "readOnly": false, "type": "string"}, "boot.plymouth.themePackages": {"declarations": ["nixos/modules/system/boot/plymouth.nix"], "default": {"_type": "literalMD", "text": "A NixOS branded variant of the breeze theme when\n`config.boot.plymouth.theme == \"breeze\"`, otherwise\n`[ ]`.\n"}, "description": {"_type": "mdDoc", "text": "Extra theme packages for plymouth.\n"}, "loc": ["boot", "plymouth", "themePackages"], "readOnly": false, "type": "list of package"}, "boot.postBootCommands": {"declarations": ["nixos/modules/system/boot/stage-2.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Shell commands to be executed just before systemd is started.\n"}, "example": {"_type": "literalExpression", "text": "\"rm -f /var/log/messages\""}, "loc": ["boot", "postBootCommands"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "boot.readOnlyNixStore": {"declarations": ["nixos/modules/system/boot/stage-2.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "If set, NixOS will enforce the immutability of the Nix store\nby making {file}`/nix/store` a read-only bind\nmount. Nix will automatically make the store writable when\nneeded.\n"}, "loc": ["boot", "readOnlyNixStore"], "readOnly": false, "type": "boolean"}, "boot.resumeDevice": {"declarations": ["nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Device for manual resume attempt during boot. This should be used primarily\nif you want to resume from file. If left empty, the swap partitions are used.\nSpecify here the device where the file resides.\nYou should also use {var}`boot.kernelParams` to specify\n`\u00abresume_offset\u00bb`.\n"}, "example": {"_type": "literalExpression", "text": "\"/dev/sda3\""}, "loc": ["boot", "resumeDevice"], "readOnly": false, "type": "string"}, "boot.runSize": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "\"25%\""}, "description": {"_type": "mdDoc", "text": "Size limit for the /run tmpfs. Look at mount(8), tmpfs size option,\nfor the accepted syntax.\n"}, "example": {"_type": "literalExpression", "text": "\"256m\""}, "loc": ["boot", "runSize"], "readOnly": false, "type": "string"}, "boot.specialFileSystems..depends": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "List of paths that should be mounted before this one. This filesystem's\n{option}`device` and {option}`mountPoint` are always\nchecked and do not need to be included explicitly. If a path is added\nto this list, any other filesystem whose mount point is a parent of\nthe path will be mounted before this filesystem. The paths do not need\nto actually be the {option}`mountPoint` of some other filesystem.\n"}, "example": {"_type": "literalExpression", "text": "[\n \"/persist\"\n]"}, "loc": ["boot", "specialFileSystems", "", "depends"], "readOnly": false, "type": "list of string (with check: non-empty without trailing slash)"}, "boot.specialFileSystems..device": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Location of the device."}, "example": {"_type": "literalExpression", "text": "\"/dev/sda\""}, "loc": ["boot", "specialFileSystems", "", "device"], "readOnly": false, "type": "null or string (with check: non-empty)"}, "boot.specialFileSystems..fsType": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "\"auto\""}, "description": {"_type": "mdDoc", "text": "Type of the file system."}, "example": {"_type": "literalExpression", "text": "\"ext3\""}, "loc": ["boot", "specialFileSystems", "", "fsType"], "readOnly": false, "type": "string (with check: non-empty)"}, "boot.specialFileSystems..mountPoint": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "description": {"_type": "mdDoc", "text": "Location of the mounted file system."}, "example": {"_type": "literalExpression", "text": "\"/mnt/usb\""}, "loc": ["boot", "specialFileSystems", "", "mountPoint"], "readOnly": false, "type": "string (with check: non-empty without trailing slash)"}, "boot.specialFileSystems..options": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "[\n \"defaults\"\n]"}, "description": {"_type": "mdDoc", "text": "Options used to mount the file system."}, "example": {"_type": "literalExpression", "text": "[\n \"data=journal\"\n]"}, "loc": ["boot", "specialFileSystems", "", "options"], "readOnly": false, "type": "non-empty (list of string (with check: non-empty))"}, "boot.supportedFilesystems": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Names of supported filesystem types."}, "example": {"_type": "literalExpression", "text": "[\n \"btrfs\"\n]"}, "loc": ["boot", "supportedFilesystems"], "readOnly": false, "type": "list of string"}, "boot.systemdExecutable": {"declarations": ["nixos/modules/system/boot/stage-2.nix"], "default": {"_type": "literalExpression", "text": "\"/run/current-system/systemd/lib/systemd/systemd\""}, "description": {"_type": "mdDoc", "text": "The program to execute to start systemd.\n"}, "loc": ["boot", "systemdExecutable"], "readOnly": false, "type": "string"}, "boot.tmp.cleanOnBoot": {"declarations": ["nixos/modules/system/boot/tmp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to delete all files in {file}`/tmp` during boot.\n"}, "loc": ["boot", "tmp", "cleanOnBoot"], "readOnly": false, "type": "boolean"}, "boot.tmp.tmpfsSize": {"declarations": ["nixos/modules/system/boot/tmp.nix"], "default": {"_type": "literalExpression", "text": "\"50%\""}, "description": {"_type": "mdDoc", "text": "Size of tmpfs in percentage.\nPercentage is defined by systemd.\n"}, "loc": ["boot", "tmp", "tmpfsSize"], "readOnly": false, "type": "string or positive integer, meaning >0"}, "boot.tmp.useTmpfs": {"declarations": ["nixos/modules/system/boot/tmp.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to mount a tmpfs on {file}`/tmp` during boot.\n\n::: {.note}\nLarge Nix builds can fail if the mounted tmpfs is not large enough.\nIn such a case either increase the tmpfsSize or disable this option.\n:::\n"}, "loc": ["boot", "tmp", "useTmpfs"], "readOnly": false, "type": "boolean"}, "boot.uvesafb.enable": {"declarations": ["nixos/modules/system/boot/uvesafb.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to enable uvesafb."}, "example": {"_type": "literalExpression", "text": "true"}, "loc": ["boot", "uvesafb", "enable"], "readOnly": false, "type": "boolean"}, "boot.uvesafb.gfx-mode": {"declarations": ["nixos/modules/system/boot/uvesafb.nix"], "default": {"_type": "literalExpression", "text": "\"1024x768-32\""}, "description": {"_type": "mdDoc", "text": "Screen resolution in modedb format. See [uvesafb](https://docs.kernel.org/fb/uvesafb.html) and [modedb](https://docs.kernel.org/fb/modedb.html) documentation for more details. The default value is a sensible default but may be not ideal for all setups."}, "loc": ["boot", "uvesafb", "gfx-mode"], "readOnly": false, "type": "string"}, "boot.uvesafb.v86d.package": {"declarations": ["nixos/modules/system/boot/uvesafb.nix"], "default": {"_type": "literalExpression", "text": "''\n config.boot.kernelPackages.v86d.overrideAttrs (old: {\n hardeningDisable = [ \"all\" ];\n })''"}, "description": {"_type": "mdDoc", "text": "Which v86d package to use with uvesafb"}, "loc": ["boot", "uvesafb", "v86d", "package"], "readOnly": false, "type": "package"}, "boot.vesa": {"declarations": ["nixos/modules/system/boot/kernel.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "(Deprecated) This option, if set, activates the VESA 800x600 video\nmode on boot and disables kernel modesetting. It is equivalent to\nspecifying `[ \"vga=0x317\" \"nomodeset\" ]` in the\n{option}`boot.kernelParams` option. This option is\ndeprecated as of 2020: Xorg now works better with modesetting, and\nyou might want a different VESA vga setting, anyway.\n"}, "loc": ["boot", "vesa"], "readOnly": false, "type": "boolean"}, "boot.zfs.allowHibernation": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Allow hibernation support, this may be a unsafe option depending on your\nsetup. Make sure to NOT use Swap on ZFS.\n"}, "loc": ["boot", "zfs", "allowHibernation"], "readOnly": false, "type": "boolean"}, "boot.zfs.devNodes": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "\"/dev/disk/by-id\""}, "description": {"_type": "mdDoc", "text": "Name of directory from which to import ZFS devices.\n\nThis should be a path under /dev containing stable names for all devices needed, as\nimport may fail if device nodes are renamed concurrently with a device failing.\n"}, "loc": ["boot", "zfs", "devNodes"], "readOnly": false, "type": "path"}, "boot.zfs.enableUnstable": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Use the unstable zfs package. This might be an option, if the latest\nkernel is not yet supported by a published release of ZFS. Enabling\nthis option will install a development version of ZFS on Linux. The\nversion will have already passed an extensive test suite, but it is\nmore likely to hit an undiscovered bug compared to running a released\nversion of ZFS on Linux.\n"}, "loc": ["boot", "zfs", "enableUnstable"], "readOnly": false, "type": "boolean"}, "boot.zfs.enabled": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalMD", "text": "`true` if ZFS filesystem support is enabled"}, "description": {"_type": "mdDoc", "text": "True if ZFS filesystem support is enabled"}, "loc": ["boot", "zfs", "enabled"], "readOnly": true, "type": "boolean"}, "boot.zfs.extraPools": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Name or GUID of extra ZFS pools that you wish to import during boot.\n\nUsually this is not necessary. Instead, you should set the mountpoint property\nof ZFS filesystems to `legacy` and add the ZFS filesystems to\nNixOS's {option}`fileSystems` option, which makes NixOS automatically\nimport the associated pool.\n\nHowever, in some cases (e.g. if you have many filesystems) it may be preferable\nto exclusively use ZFS commands to manage filesystems. If so, since NixOS/systemd\nwill not be managing those filesystems, you will need to specify the ZFS pool here\nso that NixOS automatically imports it on every boot.\n"}, "example": {"_type": "literalExpression", "text": "[\n \"tank\"\n \"data\"\n]"}, "loc": ["boot", "zfs", "extraPools"], "readOnly": false, "type": "list of string"}, "boot.zfs.forceImportAll": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Forcibly import all ZFS pool(s).\n\nIf you set this option to `false` and NixOS subsequently fails to\nimport your non-root ZFS pool(s), you should manually import each pool with\n\"zpool import -f \\\", and then reboot. You should only need to do\nthis once.\n"}, "loc": ["boot", "zfs", "forceImportAll"], "readOnly": false, "type": "boolean"}, "boot.zfs.forceImportRoot": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Forcibly import the ZFS root pool(s) during early boot.\n\nThis is enabled by default for backwards compatibility purposes, but it is highly\nrecommended to disable this option, as it bypasses some of the safeguards ZFS uses\nto protect your ZFS pools.\n\nIf you set this option to `false` and NixOS subsequently fails to\nboot because it cannot import the root pool, you should boot with the\n`zfs_force=1` option as a kernel parameter (e.g. by manually\nediting the kernel params in grub during boot). You should only need to do this\nonce.\n"}, "loc": ["boot", "zfs", "forceImportRoot"], "readOnly": false, "type": "boolean"}, "boot.zfs.package": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "if config.boot.zfs.enableUnstable then pkgs.zfsUnstable else pkgs.zfs"}, "description": {"_type": "mdDoc", "text": "Configured ZFS userland tools package."}, "loc": ["boot", "zfs", "package"], "readOnly": true, "type": "package"}, "boot.zfs.passwordTimeout": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": {"_type": "mdDoc", "text": "Timeout in seconds to wait for password entry for decrypt at boot.\n\nDefaults to 0, which waits forever.\n"}, "loc": ["boot", "zfs", "passwordTimeout"], "readOnly": false, "type": "signed integer"}, "boot.zfs.removeLinuxDRM": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Linux 6.2 dropped some kernel symbols required on aarch64 required by zfs.\nEnabling this option will bring them back to allow this kernel version.\nNote that in some jurisdictions this may be illegal as it might be considered\nremoving copyright protection from the code.\nSee https://www.ifross.org/?q=en/artikel/ongoing-dispute-over-value-exportsymbolgpl-function for further information.\n"}, "loc": ["boot", "zfs", "removeLinuxDRM"], "readOnly": false, "type": "boolean"}, "boot.zfs.requestEncryptionCredentials": {"declarations": ["nixos/modules/tasks/filesystems/zfs.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "If true on import encryption keys or passwords for all encrypted datasets\nare requested. To only decrypt selected datasets supply a list of dataset\nnames instead. For root pools the encryption key can be supplied via both\nan interactive prompt (keylocation=prompt) and from a file (keylocation=file://).\n"}, "example": {"_type": "literalExpression", "text": "[\n \"tank\"\n \"data\"\n]"}, "loc": ["boot", "zfs", "requestEncryptionCredentials"], "readOnly": false, "type": "boolean or list of string"}, "console.colors": {"declarations": ["nixos/modules/config/console.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "The 16 colors palette used by the virtual consoles.\nLeave empty to use the default colors.\nColors must be in hexadecimal format and listed in\norder from color 0 to color 15.\n"}, "example": {"_type": "literalExpression", "text": "[\n \"002b36\"\n \"dc322f\"\n \"859900\"\n \"b58900\"\n \"268bd2\"\n \"d33682\"\n \"2aa198\"\n \"eee8d5\"\n \"002b36\"\n \"cb4b16\"\n \"586e75\"\n \"657b83\"\n \"839496\"\n \"6c71c4\"\n \"93a1a1\"\n \"fdf6e3\"\n]"}, "loc": ["console", "colors"], "readOnly": false, "type": "list of string matching the pattern [[:xdigit:]]{6}"}, "console.earlySetup": {"declarations": ["nixos/modules/config/console.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Enable setting virtual console options as early as possible (in initrd).\n"}, "loc": ["console", "earlySetup"], "readOnly": false, "type": "boolean"}, "console.enable": {"declarations": ["nixos/modules/config/console.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Whether to enable virtual console."}, "example": {"_type": "literalExpression", "text": "true"}, "loc": ["console", "enable"], "readOnly": false, "type": "boolean"}, "console.font": {"declarations": ["nixos/modules/config/console.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "The font used for the virtual consoles.\nCan be `null`, a font name, or a path to a PSF font file.\n\nUse `null` to let the kernel choose a built-in font.\nThe default is 8x16, and, as of Linux 5.3, Terminus 32 bold for display\nresolutions of 2560x1080 and higher.\nThese fonts cover the [IBM437][] character set.\n\n[IBM437]: https://en.wikipedia.org/wiki/Code_page_437\n"}, "example": {"_type": "literalExpression", "text": "\"LatArCyrHeb-16\""}, "loc": ["console", "font"], "readOnly": false, "type": "null or string or path"}, "console.keyMap": {"declarations": ["nixos/modules/config/console.nix"], "default": {"_type": "literalExpression", "text": "\"us\""}, "description": {"_type": "mdDoc", "text": "The keyboard mapping table for the virtual consoles.\n"}, "example": {"_type": "literalExpression", "text": "\"fr\""}, "loc": ["console", "keyMap"], "readOnly": false, "type": "string or path"}, "console.packages": {"declarations": ["nixos/modules/config/console.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "List of additional packages that provide console fonts, keymaps and\nother resources for virtual consoles use.\n"}, "loc": ["console", "packages"], "readOnly": false, "type": "list of package"}, "console.useXkbConfig": {"declarations": ["nixos/modules/config/console.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "If set, configure the virtual console keymap from the xserver\nkeyboard settings.\n"}, "loc": ["console", "useXkbConfig"], "readOnly": false, "type": "boolean"}, "containers": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "A set of NixOS system configurations to be run as lightweight\ncontainers. Each container appears as a service\n`container-\u00abname\u00bb`\non the host system, allowing it to be started and stopped via\n{command}`systemctl`.\n"}, "example": {"_type": "literalExpression", "text": "{ webserver =\n { path = \"/nix/var/nix/profiles/webserver\";\n };\n database =\n { config =\n { config, pkgs, ... }:\n { services.postgresql.enable = true;\n services.postgresql.package = pkgs.postgresql_14;\n\n system.stateVersion = \"21.05\";\n };\n };\n}\n"}, "loc": ["containers"], "readOnly": false, "type": "attribute set of (submodule)"}, "containers..additionalCapabilities": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Grant additional capabilities to the container. See the\ncapabilities(7) and systemd-nspawn(1) man pages for more\ninformation.\n"}, "example": {"_type": "literalExpression", "text": "[\n \"CAP_NET_ADMIN\"\n \"CAP_MKNOD\"\n]"}, "loc": ["containers", "", "additionalCapabilities"], "readOnly": false, "type": "list of string"}, "containers..allowedDevices": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "A list of device nodes to which the containers has access to.\n"}, "example": {"_type": "literalExpression", "text": "[\n {\n modifier = \"rw\";\n node = \"/dev/net/tun\";\n }\n]"}, "loc": ["containers", "", "allowedDevices"], "readOnly": false, "type": "list of (submodule)"}, "containers..allowedDevices.*.modifier": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "description": {"_type": "mdDoc", "text": "Device node access modifier. Takes a combination\n`r` (read), `w` (write), and\n`m` (mknod). See the\n`systemd.resource-control(5)` man page for more\ninformation."}, "example": {"_type": "literalExpression", "text": "\"rw\""}, "loc": ["containers", "", "allowedDevices", "*", "modifier"], "readOnly": false, "type": "string"}, "containers..allowedDevices.*.node": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "description": {"_type": "mdDoc", "text": "Path to device node"}, "example": {"_type": "literalExpression", "text": "\"/dev/net/tun\""}, "loc": ["containers", "", "allowedDevices", "*", "node"], "readOnly": false, "type": "string"}, "containers..autoStart": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether the container is automatically started at boot-time.\n"}, "loc": ["containers", "", "autoStart"], "readOnly": false, "type": "boolean"}, "containers..bindMounts": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "An extra list of directories that is bound to the container.\n"}, "example": {"_type": "literalExpression", "text": "{ \"/home\" = { hostPath = \"/home/alice\";\n isReadOnly = false; };\n}\n"}, "loc": ["containers", "", "bindMounts"], "readOnly": false, "type": "attribute set of (submodule)"}, "containers..bindMounts..hostPath": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Location of the host path to be mounted."}, "example": {"_type": "literalExpression", "text": "\"/home/alice\""}, "loc": ["containers", "", "bindMounts", "", "hostPath"], "readOnly": false, "type": "null or string"}, "containers..bindMounts..isReadOnly": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Determine whether the mounted path will be accessed in read-only mode."}, "loc": ["containers", "", "bindMounts", "", "isReadOnly"], "readOnly": false, "type": "boolean"}, "containers..bindMounts..mountPoint": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "description": {"_type": "mdDoc", "text": "Mount point on the container file system."}, "example": {"_type": "literalExpression", "text": "\"/mnt/usb\""}, "loc": ["containers", "", "bindMounts", "", "mountPoint"], "readOnly": false, "type": "string"}, "containers..config": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "description": {"_type": "mdDoc", "text": "A specification of the desired configuration of this\ncontainer, as a NixOS module.\n"}, "loc": ["containers", "", "config"], "readOnly": false, "type": "Toplevel NixOS config"}, "containers..enableTun": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Allows the container to create and setup tunnel interfaces\nby granting the `NET_ADMIN` capability and\nenabling access to `/dev/net/tun`.\n"}, "loc": ["containers", "", "enableTun"], "readOnly": false, "type": "boolean"}, "containers..ephemeral": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Runs container in ephemeral mode with the empty root filesystem at boot.\nThis way container will be bootstrapped from scratch on each boot\nand will be cleaned up on shutdown leaving no traces behind.\nUseful for completely stateless, reproducible containers.\n\nNote that this option might require to do some adjustments to the container configuration,\ne.g. you might want to set\n{var}`systemd.network.networks.$interface.dhcpV4Config.ClientIdentifier` to \"mac\"\nif you use {var}`macvlans` option.\nThis way dhcp client identifier will be stable between the container restarts.\n\nNote that the container journal will not be linked to the host if this option is enabled.\n"}, "loc": ["containers", "", "ephemeral"], "readOnly": false, "type": "boolean"}, "containers..extraFlags": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Extra flags passed to the systemd-nspawn command.\nSee systemd-nspawn(1) for details.\n"}, "example": {"_type": "literalExpression", "text": "[\n \"--drop-capability=CAP_SYS_CHROOT\"\n]"}, "loc": ["containers", "", "extraFlags"], "readOnly": false, "type": "list of string"}, "containers..extraVeths": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Extra veth-pairs to be created for the container.\n"}, "loc": ["containers", "", "extraVeths"], "readOnly": false, "type": "attribute set of (submodule)"}, "containers..extraVeths..forwardPorts": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "List of forwarded ports from host to container. Each forwarded port\nis specified by protocol, hostPort and containerPort. By default,\nprotocol is tcp and hostPort and containerPort are assumed to be\nthe same if containerPort is not explicitly given.\n"}, "example": {"_type": "literalExpression", "text": "[\n {\n containerPort = 80;\n hostPort = 8080;\n protocol = \"tcp\";\n }\n]"}, "loc": ["containers", "", "extraVeths", "", "forwardPorts"], "readOnly": false, "type": "list of (submodule)"}, "containers..extraVeths..forwardPorts.*.containerPort": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Target port of container"}, "loc": ["containers", "", "extraVeths", "", "forwardPorts", "*", "containerPort"], "readOnly": false, "type": "null or signed integer"}, "containers..extraVeths..forwardPorts.*.hostPort": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "description": {"_type": "mdDoc", "text": "Source port of the external interface on host"}, "loc": ["containers", "", "extraVeths", "", "forwardPorts", "*", "hostPort"], "readOnly": false, "type": "signed integer"}, "containers..extraVeths..forwardPorts.*.protocol": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "\"tcp\""}, "description": {"_type": "mdDoc", "text": "The protocol specifier for port forwarding between host and container"}, "loc": ["containers", "", "extraVeths", "", "forwardPorts", "*", "protocol"], "readOnly": false, "type": "string"}, "containers..extraVeths..hostAddress": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "The IPv4 address assigned to the host interface.\n(Not used when hostBridge is set.)\n"}, "example": {"_type": "literalExpression", "text": "\"10.231.136.1\""}, "loc": ["containers", "", "extraVeths", "", "hostAddress"], "readOnly": false, "type": "null or string"}, "containers..extraVeths..hostAddress6": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "The IPv6 address assigned to the host interface.\n(Not used when hostBridge is set.)\n"}, "example": {"_type": "literalExpression", "text": "\"fc00::1\""}, "loc": ["containers", "", "extraVeths", "", "hostAddress6"], "readOnly": false, "type": "null or string"}, "containers..extraVeths..hostBridge": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Put the host-side of the veth-pair into the named bridge.\nOnly one of hostAddress* or hostBridge can be given.\n"}, "example": {"_type": "literalExpression", "text": "\"br0\""}, "loc": ["containers", "", "extraVeths", "", "hostBridge"], "readOnly": false, "type": "null or string"}, "containers..extraVeths..localAddress": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "The IPv4 address assigned to the interface in the container.\nIf a hostBridge is used, this should be given with netmask to access\nthe whole network. Otherwise the default netmask is /32 and routing is\nset up from localAddress to hostAddress and back.\n"}, "example": {"_type": "literalExpression", "text": "\"10.231.136.2\""}, "loc": ["containers", "", "extraVeths", "", "localAddress"], "readOnly": false, "type": "null or string"}, "containers..extraVeths..localAddress6": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "The IPv6 address assigned to the interface in the container.\nIf a hostBridge is used, this should be given with netmask to access\nthe whole network. Otherwise the default netmask is /128 and routing is\nset up from localAddress6 to hostAddress6 and back.\n"}, "example": {"_type": "literalExpression", "text": "\"fc00::2\""}, "loc": ["containers", "", "extraVeths", "", "localAddress6"], "readOnly": false, "type": "null or string"}, "containers..forwardPorts": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "List of forwarded ports from host to container. Each forwarded port\nis specified by protocol, hostPort and containerPort. By default,\nprotocol is tcp and hostPort and containerPort are assumed to be\nthe same if containerPort is not explicitly given.\n"}, "example": {"_type": "literalExpression", "text": "[\n {\n containerPort = 80;\n hostPort = 8080;\n protocol = \"tcp\";\n }\n]"}, "loc": ["containers", "", "forwardPorts"], "readOnly": false, "type": "list of (submodule)"}, "containers..forwardPorts.*.containerPort": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Target port of container"}, "loc": ["containers", "", "forwardPorts", "*", "containerPort"], "readOnly": false, "type": "null or signed integer"}, "containers..forwardPorts.*.hostPort": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "description": {"_type": "mdDoc", "text": "Source port of the external interface on host"}, "loc": ["containers", "", "forwardPorts", "*", "hostPort"], "readOnly": false, "type": "signed integer"}, "containers..forwardPorts.*.protocol": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "\"tcp\""}, "description": {"_type": "mdDoc", "text": "The protocol specifier for port forwarding between host and container"}, "loc": ["containers", "", "forwardPorts", "*", "protocol"], "readOnly": false, "type": "string"}, "containers..hostAddress": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "The IPv4 address assigned to the host interface.\n(Not used when hostBridge is set.)\n"}, "example": {"_type": "literalExpression", "text": "\"10.231.136.1\""}, "loc": ["containers", "", "hostAddress"], "readOnly": false, "type": "null or string"}, "containers..hostAddress6": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "The IPv6 address assigned to the host interface.\n(Not used when hostBridge is set.)\n"}, "example": {"_type": "literalExpression", "text": "\"fc00::1\""}, "loc": ["containers", "", "hostAddress6"], "readOnly": false, "type": "null or string"}, "containers..hostBridge": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Put the host-side of the veth-pair into the named bridge.\nOnly one of hostAddress* or hostBridge can be given.\n"}, "example": {"_type": "literalExpression", "text": "\"br0\""}, "loc": ["containers", "", "hostBridge"], "readOnly": false, "type": "null or string"}, "containers..interfaces": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "The list of interfaces to be moved into the container.\n"}, "example": {"_type": "literalExpression", "text": "[\n \"eth1\"\n \"eth2\"\n]"}, "loc": ["containers", "", "interfaces"], "readOnly": false, "type": "list of string"}, "containers..localAddress": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "The IPv4 address assigned to the interface in the container.\nIf a hostBridge is used, this should be given with netmask to access\nthe whole network. Otherwise the default netmask is /32 and routing is\nset up from localAddress to hostAddress and back.\n"}, "example": {"_type": "literalExpression", "text": "\"10.231.136.2\""}, "loc": ["containers", "", "localAddress"], "readOnly": false, "type": "null or string"}, "containers..localAddress6": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "The IPv6 address assigned to the interface in the container.\nIf a hostBridge is used, this should be given with netmask to access\nthe whole network. Otherwise the default netmask is /128 and routing is\nset up from localAddress6 to hostAddress6 and back.\n"}, "example": {"_type": "literalExpression", "text": "\"fc00::2\""}, "loc": ["containers", "", "localAddress6"], "readOnly": false, "type": "null or string"}, "containers..macvlans": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "The list of host interfaces from which macvlans will be\ncreated. For each interface specified, a macvlan interface\nwill be created and moved to the container.\n"}, "example": {"_type": "literalExpression", "text": "[\n \"eth1\"\n \"eth2\"\n]"}, "loc": ["containers", "", "macvlans"], "readOnly": false, "type": "list of string"}, "containers..nixpkgs": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "pkgs.path"}, "description": {"_type": "mdDoc", "text": "A path to the nixpkgs that provide the modules, pkgs and lib for evaluating the container.\n\nTo only change the `pkgs` argument used inside the container modules,\nset the `nixpkgs.*` options in the container {option}`config`.\nSetting `config.nixpkgs.pkgs = pkgs` speeds up the container evaluation\nby reusing the system pkgs, but the `nixpkgs.config` option in the\ncontainer config is ignored in this case.\n"}, "loc": ["containers", "", "nixpkgs"], "readOnly": false, "type": "path"}, "containers..path": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "description": {"_type": "mdDoc", "text": "As an alternative to specifying\n{option}`config`, you can specify the path to\nthe evaluated NixOS system configuration, typically a\nsymlink to a system profile.\n"}, "example": {"_type": "literalExpression", "text": "\"/nix/var/nix/profiles/per-container/webserver\""}, "loc": ["containers", "", "path"], "readOnly": false, "type": "path"}, "containers..privateNetwork": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to give the container its own private virtual\nEthernet interface. The interface is called\n`eth0`, and is hooked up to the interface\n`ve-\u00abcontainer-name\u00bb`\non the host. If this option is not set, then the\ncontainer shares the network interfaces of the host,\nand can bind to any port on any interface.\n"}, "loc": ["containers", "", "privateNetwork"], "readOnly": false, "type": "boolean"}, "containers..specialArgs": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "A set of special arguments to be passed to NixOS modules.\nThis will be merged into the `specialArgs` used to evaluate\nthe NixOS configurations.\n"}, "loc": ["containers", "", "specialArgs"], "readOnly": false, "type": "attribute set of unspecified value"}, "containers..timeoutStartSec": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "\"1min\""}, "description": {"_type": "mdDoc", "text": "Time for the container to start. In case of a timeout,\nthe container processes get killed.\nSee {manpage}`systemd.time(7)`\nfor more information about the format.\n"}, "loc": ["containers", "", "timeoutStartSec"], "readOnly": false, "type": "string"}, "containers..tmpfs": {"declarations": ["nixos/modules/virtualisation/nixos-containers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Mounts a set of tmpfs file systems into the container.\nMultiple paths can be specified.\nValid items must conform to the --tmpfs argument\nof systemd-nspawn. See systemd-nspawn(1) for details.\n"}, "example": {"_type": "literalExpression", "text": "[\n \"/var\"\n]"}, "loc": ["containers", "", "tmpfs"], "readOnly": false, "type": "list of string"}, "documentation.dev.enable": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to install documentation targeted at developers.\n* This includes man pages targeted at developers if {option}`documentation.man.enable` is\n set (this also includes \"devman\" outputs).\n* This includes info pages targeted at developers if {option}`documentation.info.enable`\n is set (this also includes \"devinfo\" outputs).\n* This includes other pages targeted at developers if {option}`documentation.doc.enable`\n is set (this also includes \"devdoc\" outputs).\n"}, "loc": ["documentation", "dev", "enable"], "readOnly": false, "type": "boolean"}, "documentation.doc.enable": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Whether to install documentation distributed in packages' `/share/doc`.\nUsually plain text and/or HTML.\nThis also includes \"doc\" outputs.\n"}, "loc": ["documentation", "doc", "enable"], "readOnly": false, "type": "boolean"}, "documentation.enable": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Whether to install documentation of packages from\n{option}`environment.systemPackages` into the generated system path.\n\nSee \"Multiple-output packages\" chapter in the nixpkgs manual for more info.\n"}, "loc": ["documentation", "enable"], "readOnly": false, "type": "boolean"}, "documentation.info.enable": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Whether to install info pages and the {command}`info` command.\nThis also includes \"info\" outputs.\n"}, "loc": ["documentation", "info", "enable"], "readOnly": false, "type": "boolean"}, "documentation.man.enable": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Whether to install manual pages.\nThis also includes `man` outputs.\n"}, "loc": ["documentation", "man", "enable"], "readOnly": false, "type": "boolean"}, "documentation.man.generateCaches": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to generate the manual page index caches.\nThis allows searching for a page or\nkeyword using utilities like {manpage}`apropos(1)`\nand the `-k` option of\n{manpage}`man(1)`.\n"}, "loc": ["documentation", "man", "generateCaches"], "readOnly": false, "type": "boolean"}, "documentation.man.man-db.enable": {"declarations": ["nixos/modules/misc/man-db.nix"], "default": {"_type": "literalExpression", "text": "config.documentation.man.enable"}, "description": {"_type": "mdDoc", "text": "Whether to enable man-db as the default man page viewer."}, "example": {"_type": "literalExpression", "text": "false"}, "loc": ["documentation", "man", "man-db", "enable"], "readOnly": false, "type": "boolean"}, "documentation.man.man-db.manualPages": {"declarations": ["nixos/modules/misc/man-db.nix"], "default": {"_type": "literalMD", "text": "all man pages in {option}`config.environment.systemPackages`"}, "description": {"_type": "mdDoc", "text": "The manual pages to generate caches for if {option}`documentation.man.generateCaches`\nis enabled. Must be a path to a directory with man pages under\n`/share/man`; see the source for an example.\nAdvanced users can make this a content-addressed derivation to save a few rebuilds.\n"}, "loc": ["documentation", "man", "man-db", "manualPages"], "readOnly": false, "type": "path"}, "documentation.man.man-db.package": {"declarations": ["nixos/modules/misc/man-db.nix"], "default": {"_type": "literalExpression", "text": "pkgs.man-db"}, "description": {"_type": "mdDoc", "text": "The `man-db` derivation to use. Useful to override\nconfiguration options used for the package.\n"}, "loc": ["documentation", "man", "man-db", "package"], "readOnly": false, "type": "package"}, "documentation.man.mandoc.enable": {"declarations": ["nixos/modules/misc/mandoc.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to enable mandoc as the default man page viewer."}, "example": {"_type": "literalExpression", "text": "true"}, "loc": ["documentation", "man", "mandoc", "enable"], "readOnly": false, "type": "boolean"}, "documentation.man.mandoc.manPath": {"declarations": ["nixos/modules/misc/mandoc.nix"], "default": {"_type": "literalExpression", "text": "[\n \"share/man\"\n]"}, "description": {"_type": "mdDoc", "text": "Change the manpath, i. e. the directories where\n{manpage}`man(1)`\nlooks for section-specific directories of man pages.\nYou only need to change this setting if you want extra man pages\n(e. g. in non-english languages). All values must be strings that\nare a valid path from the target prefix (without including it).\nThe first value given takes priority.\n"}, "example": {"_type": "literalExpression", "text": "[ \"share/man\" \"share/man/fr\" ]"}, "loc": ["documentation", "man", "mandoc", "manPath"], "readOnly": false, "type": "list of string"}, "documentation.man.mandoc.package": {"declarations": ["nixos/modules/misc/mandoc.nix"], "default": {"_type": "literalExpression", "text": "pkgs.mandoc"}, "description": {"_type": "mdDoc", "text": "The `mandoc` derivation to use. Useful to override\nconfiguration options used for the package.\n"}, "loc": ["documentation", "man", "mandoc", "package"], "readOnly": false, "type": "package"}, "documentation.nixos.enable": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Whether to install NixOS's own documentation.\n\n- This includes man pages like\n {manpage}`configuration.nix(5)` if {option}`documentation.man.enable` is\n set.\n- This includes the HTML manual and the {command}`nixos-help` command if\n {option}`documentation.doc.enable` is set.\n"}, "loc": ["documentation", "nixos", "enable"], "readOnly": false, "type": "boolean"}, "documentation.nixos.extraModuleSources": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Which extra NixOS module paths the generated NixOS's documentation should strip\nfrom options.\n"}, "example": {"_type": "literalExpression", "text": "# e.g. with options from modules in ${pkgs.customModules}/nix:\n[ pkgs.customModules ]\n"}, "loc": ["documentation", "nixos", "extraModuleSources"], "readOnly": false, "type": "list of (path or string)"}, "documentation.nixos.extraModules": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Modules for which to show options even when not imported.\n"}, "loc": ["documentation", "nixos", "extraModules"], "readOnly": false, "type": "list of raw value"}, "documentation.nixos.includeAllModules": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether the generated NixOS's documentation should include documentation for all\nthe options from all the NixOS modules included in the current\n`configuration.nix`. Disabling this will make the manual\ngenerator to ignore options defined outside of `baseModules`.\n"}, "loc": ["documentation", "nixos", "includeAllModules"], "readOnly": false, "type": "boolean"}, "documentation.nixos.options.allowDocBook": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Whether to allow DocBook option docs. When set to `false` all option using\nDocBook documentation will cause a manual build error; additionally a new\nrenderer may be used.\n\n::: {.note}\nThe `false` setting for this option is not yet fully supported. While it\nshould work fine and produce the same output as the previous toolchain\nusing DocBook it may not work in all circumstances. Whether markdown option\ndocumentation is allowed is independent of this option.\n:::\n"}, "loc": ["documentation", "nixos", "options", "allowDocBook"], "readOnly": false, "type": "boolean"}, "documentation.nixos.options.splitBuild": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Whether to split the option docs build into a cacheable and an uncacheable part.\nSplitting the build can substantially decrease the amount of time needed to build\nthe manual, but some user modules may be incompatible with this splitting.\n"}, "loc": ["documentation", "nixos", "options", "splitBuild"], "readOnly": false, "type": "boolean"}, "documentation.nixos.options.warningsAreErrors": {"declarations": ["nixos/modules/misc/documentation.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Treat warning emitted during the option documentation build (eg for missing option\ndescriptions) as errors.\n"}, "loc": ["documentation", "nixos", "options", "warningsAreErrors"], "readOnly": false, "type": "boolean"}, "dysnomia.components": {"declarations": ["nixos/modules/services/misc/dysnomia.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "An attribute set in which each key represents a container and each value an attribute set in which each key represents a component and each value a derivation constructing its initial state"}, "loc": ["dysnomia", "components"], "readOnly": false, "type": "attribute set of (attribute set)"}, "dysnomia.containers": {"declarations": ["nixos/modules/services/misc/dysnomia.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "An attribute set in which each key represents a container and each value an attribute set providing its configuration properties"}, "loc": ["dysnomia", "containers"], "readOnly": false, "type": "attribute set of (attribute set)"}, "dysnomia.enable": {"declarations": ["nixos/modules/services/misc/dysnomia.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to enable Dysnomia"}, "loc": ["dysnomia", "enable"], "readOnly": false, "type": "boolean"}, "dysnomia.enableAuthentication": {"declarations": ["nixos/modules/services/misc/dysnomia.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to publish privacy-sensitive authentication credentials"}, "loc": ["dysnomia", "enableAuthentication"], "readOnly": false, "type": "boolean"}, "dysnomia.enableLegacyModules": {"declarations": ["nixos/modules/services/misc/dysnomia.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Whether to enable Dysnomia legacy process and wrapper modules"}, "loc": ["dysnomia", "enableLegacyModules"], "readOnly": false, "type": "boolean"}, "dysnomia.extraContainerPaths": {"declarations": ["nixos/modules/services/misc/dysnomia.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "A list of paths containing additional container configurations that are added to the search folders"}, "loc": ["dysnomia", "extraContainerPaths"], "readOnly": false, "type": "list of path"}, "dysnomia.extraContainerProperties": {"declarations": ["nixos/modules/services/misc/dysnomia.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "An attribute set providing additional container settings in addition to the default properties"}, "loc": ["dysnomia", "extraContainerProperties"], "readOnly": false, "type": "attribute set"}, "dysnomia.extraModulePaths": {"declarations": ["nixos/modules/services/misc/dysnomia.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "A list of paths containing additional modules that are added to the search folders"}, "loc": ["dysnomia", "extraModulePaths"], "readOnly": false, "type": "list of path"}, "dysnomia.package": {"declarations": ["nixos/modules/services/misc/dysnomia.nix"], "description": {"_type": "mdDoc", "text": "The Dysnomia package"}, "loc": ["dysnomia", "package"], "readOnly": false, "type": "path"}, "dysnomia.properties": {"declarations": ["nixos/modules/services/misc/dysnomia.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "An attribute set in which each attribute represents a machine property. Optionally, these values can be shell substitutions."}, "loc": ["dysnomia", "properties"], "readOnly": false, "type": "attribute set"}, "ec2.zfs.datasets": {"declarations": ["nixos/modules/virtualisation/amazon-options.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Datasets to create under the `tank` and `boot` zpools.\n\n**NOTE:** This option is used only at image creation time, and\ndoes not attempt to declaratively create or manage datasets\non an existing system.\n"}, "loc": ["ec2", "zfs", "datasets"], "readOnly": false, "type": "attribute set of (submodule)"}, "ec2.zfs.datasets..mount": {"declarations": ["nixos/modules/virtualisation/amazon-options.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Where to mount this dataset."}, "loc": ["ec2", "zfs", "datasets", "", "mount"], "readOnly": false, "type": "null or string"}, "ec2.zfs.datasets..properties": {"declarations": ["nixos/modules/virtualisation/amazon-options.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Properties to set on this dataset."}, "loc": ["ec2", "zfs", "datasets", "", "properties"], "readOnly": false, "type": "attribute set of string"}, "environment.budgie.excludePackages": {"declarations": ["nixos/modules/services/x11/desktop-managers/budgie.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Which packages Budgie should exclude from the default environment."}, "example": {"_type": "literalExpression", "text": "[ pkgs.mate-terminal ]"}, "loc": ["environment", "budgie", "excludePackages"], "readOnly": false, "type": "list of package"}, "environment.cinnamon.excludePackages": {"declarations": ["nixos/modules/services/x11/desktop-managers/cinnamon.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Which packages cinnamon should exclude from the default environment"}, "example": {"_type": "literalExpression", "text": "[ pkgs.cinnamon.blueberry ]"}, "loc": ["environment", "cinnamon", "excludePackages"], "readOnly": false, "type": "list of package"}, "environment.deepin.excludePackages": {"declarations": ["nixos/modules/services/x11/desktop-managers/deepin.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "List of default packages to exclude from the configuration"}, "loc": ["environment", "deepin", "excludePackages"], "readOnly": false, "type": "list of package"}, "environment.defaultPackages": {"declarations": ["nixos/modules/config/system-path.nix"], "default": {"_type": "literalMD", "text": "these packages, with their `meta.priority` numerically increased\n(thus lowering their installation priority):\n\n [ pkgs.nano pkgs.perl pkgs.rsync pkgs.strace ]\n"}, "description": {"_type": "mdDoc", "text": "Set of default packages that aren't strictly necessary\nfor a running system, entries can be removed for a more\nminimal NixOS installation.\n\nNote: If `pkgs.nano` is removed from this list,\nmake sure another editor is installed and the\n`EDITOR` environment variable is set to it.\nEnvironment variables can be set using\n{option}`environment.variables`.\n\nLike with systemPackages, packages are installed to\n{file}`/run/current-system/sw`. They are\nautomatically available to all users, and are\nautomatically updated every time you rebuild the system\nconfiguration.\n"}, "example": {"_type": "literalExpression", "text": "[ ]"}, "loc": ["environment", "defaultPackages"], "readOnly": false, "type": "list of package"}, "environment.enableAllTerminfo": {"declarations": ["nixos/modules/config/terminfo.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to install all terminfo outputs\n"}, "loc": ["environment", "enableAllTerminfo"], "readOnly": false, "type": "boolean"}, "environment.enableDebugInfo": {"declarations": ["nixos/modules/config/debug-info.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Some NixOS packages provide debug symbols. However, these are\nnot included in the system closure by default to save disk\nspace. Enabling this option causes the debug symbols to appear\nin {file}`/run/current-system/sw/lib/debug/.build-id`,\nwhere tools such as {command}`gdb` can find them.\nIf you need debug symbols for a package that doesn't\nprovide them by default, you can enable them as follows:\n\n nixpkgs.config.packageOverrides = pkgs: {\n hello = pkgs.hello.overrideAttrs (oldAttrs: {\n separateDebugInfo = true;\n });\n };\n"}, "loc": ["environment", "enableDebugInfo"], "readOnly": false, "type": "boolean"}, "environment.etc": {"declarations": ["nixos/modules/system/etc/etc.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Set of files that have to be linked in {file}`/etc`.\n"}, "example": {"_type": "literalExpression", "text": "{ example-configuration-file =\n { source = \"/nix/store/.../etc/dir/file.conf.example\";\n mode = \"0440\";\n };\n \"default/useradd\".text = \"GROUP=100 ...\";\n}\n"}, "loc": ["environment", "etc"], "readOnly": false, "type": "attribute set of (submodule)"}, "environment.etc..enable": {"declarations": ["nixos/modules/system/etc/etc.nix"], "default": {"_type": "literalExpression", "text": "true"}, "description": {"_type": "mdDoc", "text": "Whether this /etc file should be generated. This\noption allows specific /etc files to be disabled.\n"}, "loc": ["environment", "etc", "", "enable"], "readOnly": false, "type": "boolean"}, "environment.etc..gid": {"declarations": ["nixos/modules/system/etc/etc.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": {"_type": "mdDoc", "text": "GID of created file. Only takes effect when the file is\ncopied (that is, the mode is not 'symlink').\n"}, "loc": ["environment", "etc", "", "gid"], "readOnly": false, "type": "signed integer"}, "environment.etc..group": {"declarations": ["nixos/modules/system/etc/etc.nix"], "default": {"_type": "literalExpression", "text": "\"+0\""}, "description": {"_type": "mdDoc", "text": "Group name of created file.\nOnly takes effect when the file is copied (that is, the mode is not 'symlink').\nChanging this option takes precedence over `gid`.\n"}, "loc": ["environment", "etc", "", "group"], "readOnly": false, "type": "string"}, "environment.etc..mode": {"declarations": ["nixos/modules/system/etc/etc.nix"], "default": {"_type": "literalExpression", "text": "\"symlink\""}, "description": {"_type": "mdDoc", "text": "If set to something else than `symlink`,\nthe file is copied instead of symlinked, with the given\nfile mode.\n"}, "example": {"_type": "literalExpression", "text": "\"0600\""}, "loc": ["environment", "etc", "", "mode"], "readOnly": false, "type": "string"}, "environment.etc..source": {"declarations": ["nixos/modules/system/etc/etc.nix"], "description": {"_type": "mdDoc", "text": "Path of the source file."}, "loc": ["environment", "etc", "", "source"], "readOnly": false, "type": "path"}, "environment.etc..target": {"declarations": ["nixos/modules/system/etc/etc.nix"], "description": {"_type": "mdDoc", "text": "Name of symlink (relative to\n{file}`/etc`). Defaults to the attribute\nname.\n"}, "loc": ["environment", "etc", "", "target"], "readOnly": false, "type": "string"}, "environment.etc..text": {"declarations": ["nixos/modules/system/etc/etc.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Text of the file."}, "loc": ["environment", "etc", "", "text"], "readOnly": false, "type": "null or strings concatenated with \"\\n\""}, "environment.etc..uid": {"declarations": ["nixos/modules/system/etc/etc.nix"], "default": {"_type": "literalExpression", "text": "0"}, "description": {"_type": "mdDoc", "text": "UID of created file. Only takes effect when the file is\ncopied (that is, the mode is not 'symlink').\n"}, "loc": ["environment", "etc", "", "uid"], "readOnly": false, "type": "signed integer"}, "environment.etc..user": {"declarations": ["nixos/modules/system/etc/etc.nix"], "default": {"_type": "literalExpression", "text": "\"+0\""}, "description": {"_type": "mdDoc", "text": "User name of created file.\nOnly takes effect when the file is copied (that is, the mode is not 'symlink').\nChanging this option takes precedence over `uid`.\n"}, "loc": ["environment", "etc", "", "user"], "readOnly": false, "type": "string"}, "environment.extraInit": {"declarations": ["nixos/modules/config/shells-environment.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Shell script code called during global environment initialisation\nafter all variables and profileVariables have been set.\nThis code is assumed to be shell-independent, which means you should\nstick to pure sh without sh word split.\n"}, "loc": ["environment", "extraInit"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "environment.extraOutputsToInstall": {"declarations": ["nixos/modules/config/system-path.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "List of additional package outputs to be symlinked into {file}`/run/current-system/sw`."}, "example": {"_type": "literalExpression", "text": "[\n \"doc\"\n \"info\"\n \"devdoc\"\n]"}, "loc": ["environment", "extraOutputsToInstall"], "readOnly": false, "type": "list of string"}, "environment.extraSetup": {"declarations": ["nixos/modules/config/system-path.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Shell fragments to be run after the system environment has been created. This should only be used for things that need to modify the internals of the environment, e.g. generating MIME caches. The environment being built can be accessed at $out."}, "loc": ["environment", "extraSetup"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "environment.freetds": {"declarations": ["nixos/modules/programs/freetds.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "Configure freetds database entries. Each attribute denotes\na section within freetds.conf, and the value (a string) is the config\ncontent for that section. When at least one entry is configured\nthe global environment variables FREETDSCONF, FREETDS and SYBASE\nwill be configured to allow the programs that use freetds to find the\nlibrary and config.\n"}, "example": {"_type": "literalExpression", "text": "{ MYDATABASE = ''\n host = 10.0.2.100\n port = 1433\n tds version = 7.2\n '';\n}\n"}, "loc": ["environment", "freetds"], "readOnly": false, "type": "attribute set of string"}, "environment.gnome.excludePackages": {"declarations": ["nixos/modules/services/x11/desktop-managers/gnome.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Which packages gnome should exclude from the default environment"}, "example": {"_type": "literalExpression", "text": "[ pkgs.gnome.totem ]"}, "loc": ["environment", "gnome", "excludePackages"], "readOnly": false, "type": "list of package"}, "environment.homeBinInPath": {"declarations": ["nixos/modules/config/shells-environment.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Include ~/bin/ in $PATH.\n"}, "loc": ["environment", "homeBinInPath"], "readOnly": false, "type": "boolean"}, "environment.interactiveShellInit": {"declarations": ["nixos/modules/config/shells-environment.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Shell script code called during interactive shell initialisation.\nThis code is assumed to be shell-independent, which means you should\nstick to pure sh without sh word split.\n"}, "loc": ["environment", "interactiveShellInit"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "environment.localBinInPath": {"declarations": ["nixos/modules/config/shells-environment.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Add ~/.local/bin/ to $PATH\n"}, "loc": ["environment", "localBinInPath"], "readOnly": false, "type": "boolean"}, "environment.loginShellInit": {"declarations": ["nixos/modules/config/shells-environment.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Shell script code called during login shell initialisation.\nThis code is assumed to be shell-independent, which means you should\nstick to pure sh without sh word split.\n"}, "loc": ["environment", "loginShellInit"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "environment.lxqt.excludePackages": {"declarations": ["nixos/modules/services/x11/desktop-managers/lxqt.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Which LXQt packages to exclude from the default environment"}, "example": {"_type": "literalExpression", "text": "[ pkgs.lxqt.qterminal ]"}, "loc": ["environment", "lxqt", "excludePackages"], "readOnly": false, "type": "list of package"}, "environment.mate.excludePackages": {"declarations": ["nixos/modules/services/x11/desktop-managers/mate.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Which MATE packages to exclude from the default environment"}, "example": {"_type": "literalExpression", "text": "[ pkgs.mate.mate-terminal pkgs.mate.pluma ]"}, "loc": ["environment", "mate", "excludePackages"], "readOnly": false, "type": "list of package"}, "environment.memoryAllocator.provider": {"declarations": ["nixos/modules/config/malloc.nix"], "default": {"_type": "literalExpression", "text": "\"libc\""}, "description": {"_type": "mdDoc", "text": "The system-wide memory allocator.\n\nBriefly, the system-wide memory allocator providers are:\n\n- `libc`: the standard allocator provided by libc\n- `graphene-hardened`: An allocator designed to mitigate memory corruption attacks, such as those caused by use-after-free bugs. \n- `jemalloc`: A general purpose allocator that emphasizes fragmentation avoidance and scalable concurrency support. \n- `mimalloc`: A compact and fast general purpose allocator, which may optionally be built with mitigations against various heap vulnerabilities. \n- `scudo`: A user-mode allocator based on LLVM Sanitizer\u2019s CombinedAllocator, which aims at providing additional mitigations against heap based vulnerabilities, while maintaining good performance. \n\n::: {.warning}\nSelecting an alternative allocator (i.e., anything other than\n`libc`) may result in instability, data loss,\nand/or service failure.\n:::\n"}, "loc": ["environment", "memoryAllocator", "provider"], "readOnly": false, "type": "one of \"libc\", \"graphene-hardened\", \"jemalloc\", \"mimalloc\", \"scudo\""}, "environment.noXlibs": {"declarations": ["nixos/modules/config/no-x-libs.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Switch off the options in the default configuration that\nrequire X11 libraries. This includes client-side font\nconfiguration and SSH forwarding of X11 authentication\nin. Thus, you probably do not want to enable this option if\nyou want to run X11 programs on this machine via SSH.\n"}, "loc": ["environment", "noXlibs"], "readOnly": false, "type": "boolean"}, "environment.pantheon.excludePackages": {"declarations": ["nixos/modules/services/x11/desktop-managers/pantheon.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Which packages pantheon should exclude from the default environment"}, "example": {"_type": "literalExpression", "text": "[ pkgs.pantheon.elementary-camera ]"}, "loc": ["environment", "pantheon", "excludePackages"], "readOnly": false, "type": "list of package"}, "environment.pathsToLink": {"declarations": ["nixos/modules/config/system-path.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "List of directories to be symlinked in {file}`/run/current-system/sw`."}, "example": {"_type": "literalExpression", "text": "[\n \"/\"\n]"}, "loc": ["environment", "pathsToLink"], "readOnly": false, "type": "list of string"}, "environment.plasma5.excludePackages": {"declarations": ["nixos/modules/services/x11/desktop-managers/plasma5.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "List of default packages to exclude from the configuration"}, "example": {"_type": "literalExpression", "text": "[ pkgs.plasma5Packages.oxygen ]"}, "loc": ["environment", "plasma5", "excludePackages"], "readOnly": false, "type": "list of package"}, "environment.profileRelativeEnvVars": {"declarations": ["nixos/modules/config/shells-environment.nix"], "description": {"_type": "mdDoc", "text": "Attribute set of environment variable. Each attribute maps to a list\nof relative paths. Each relative path is appended to the each profile\nof {option}`environment.profiles` to form the content of the\ncorresponding environment variable.\n"}, "example": {"_type": "literalExpression", "text": "{\n MANPATH = [\n \"/man\"\n \"/share/man\"\n ];\n PATH = [\n \"/bin\"\n ];\n}"}, "loc": ["environment", "profileRelativeEnvVars"], "readOnly": false, "type": "attribute set of list of string"}, "environment.profileRelativeSessionVariables": {"declarations": ["nixos/modules/config/system-environment.nix"], "description": {"_type": "mdDoc", "text": "Attribute set of environment variable used in the global\nenvironment. These variables will be set by PAM early in the\nlogin process.\n\nVariable substitution is available as described in\n{manpage}`pam_env.conf(5)`.\n\nEach attribute maps to a list of relative paths. Each relative\npath is appended to the each profile of\n{option}`environment.profiles` to form the content of\nthe corresponding environment variable.\n\nAlso, these variables are merged into\n[](#opt-environment.profileRelativeEnvVars) and it is\ntherefore not possible to use PAM style variables such as\n`@{HOME}`.\n"}, "example": {"_type": "literalExpression", "text": "{\n MANPATH = [\n \"/man\"\n \"/share/man\"\n ];\n PATH = [\n \"/bin\"\n ];\n}"}, "loc": ["environment", "profileRelativeSessionVariables"], "readOnly": false, "type": "attribute set of list of string"}, "environment.profiles": {"declarations": ["nixos/modules/config/shells-environment.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "A list of profiles used to setup the global environment.\n"}, "loc": ["environment", "profiles"], "readOnly": false, "type": "list of string"}, "environment.sessionVariables": {"declarations": ["nixos/modules/config/system-environment.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "A set of environment variables used in the global environment.\nThese variables will be set by PAM early in the login process.\n\nThe value of each session variable can be either a string or a\nlist of strings. The latter is concatenated, interspersed with\ncolon characters.\n\nNote, due to limitations in the PAM format values may not\ncontain the `\"` character.\n\nAlso, these variables are merged into\n[](#opt-environment.variables) and it is\ntherefore not possible to use PAM style variables such as\n`@{HOME}`.\n"}, "loc": ["environment", "sessionVariables"], "readOnly": false, "type": "attribute set of ((list of string) or string or path)"}, "environment.shellAliases": {"declarations": ["nixos/modules/config/shells-environment.nix"], "description": {"_type": "mdDoc", "text": "An attribute set that maps aliases (the top level attribute names in\nthis option) to command strings or directly to build outputs. The\naliases are added to all users' shells.\nAliases mapped to `null` are ignored.\n"}, "example": {"_type": "literalExpression", "text": "{\n l = null;\n ll = \"ls -l\";\n}"}, "loc": ["environment", "shellAliases"], "readOnly": false, "type": "attribute set of (null or string or path)"}, "environment.shellInit": {"declarations": ["nixos/modules/config/shells-environment.nix"], "default": {"_type": "literalExpression", "text": "\"\""}, "description": {"_type": "mdDoc", "text": "Shell script code called during shell initialisation.\nThis code is assumed to be shell-independent, which means you should\nstick to pure sh without sh word split.\n"}, "loc": ["environment", "shellInit"], "readOnly": false, "type": "strings concatenated with \"\\n\""}, "environment.shells": {"declarations": ["nixos/modules/config/shells-environment.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "A list of permissible login shells for user accounts.\nNo need to mention `/bin/sh`\nhere, it is placed into this list implicitly.\n"}, "example": {"_type": "literalExpression", "text": "[ pkgs.bashInteractive pkgs.zsh ]"}, "loc": ["environment", "shells"], "readOnly": false, "type": "list of (package or path)"}, "environment.systemPackages": {"declarations": ["nixos/modules/config/system-path.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "The set of packages that appear in\n/run/current-system/sw. These packages are\nautomatically available to all users, and are\nautomatically updated every time you rebuild the system\nconfiguration. (The latter is the main difference with\ninstalling them in the default profile,\n{file}`/nix/var/nix/profiles/default`.\n"}, "example": {"_type": "literalExpression", "text": "[ pkgs.firefox pkgs.thunderbird ]"}, "loc": ["environment", "systemPackages"], "readOnly": false, "type": "list of package"}, "environment.unixODBCDrivers": {"declarations": ["nixos/modules/config/unix-odbc-drivers.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "Specifies Unix ODBC drivers to be registered in\n{file}`/etc/odbcinst.ini`. You may also want to\nadd `pkgs.unixODBC` to the system path to get\na command line client to connect to ODBC databases.\n"}, "example": {"_type": "literalExpression", "text": "with pkgs.unixODBCDrivers; [ sqlite psql ]"}, "loc": ["environment", "unixODBCDrivers"], "readOnly": false, "type": "list of package"}, "environment.variables": {"declarations": ["nixos/modules/config/shells-environment.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "A set of environment variables used in the global environment.\nThese variables will be set on shell initialisation (e.g. in /etc/profile).\nThe value of each variable can be either a string or a list of\nstrings. The latter is concatenated, interspersed with colon\ncharacters.\n"}, "example": {"_type": "literalExpression", "text": "{\n EDITOR = \"nvim\";\n VISUAL = \"nvim\";\n}"}, "loc": ["environment", "variables"], "readOnly": false, "type": "attribute set of ((list of string) or string or path)"}, "environment.wordlist.enable": {"declarations": ["nixos/modules/misc/wordlist.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "Whether to enable environment variables for lists of words."}, "example": {"_type": "literalExpression", "text": "true"}, "loc": ["environment", "wordlist", "enable"], "readOnly": false, "type": "boolean"}, "environment.wordlist.lists": {"declarations": ["nixos/modules/misc/wordlist.nix"], "default": {"_type": "literalExpression", "text": "{\n WORDLIST = [ \"${pkgs.scowl}/share/dict/words.txt\" ];\n}\n"}, "description": {"_type": "mdDoc", "text": "A set with the key names being the environment variable you'd like to\nset and the values being a list of paths to text documents containing\nlists of words. The various files will be merged, sorted, duplicates\nremoved, and extraneous spacing removed.\n\nIf you have a handful of words that you want to add to an already\nexisting wordlist, you may find `builtins.toFile` useful for this\ntask.\n"}, "example": {"_type": "literalExpression", "text": "{\n WORDLIST = [ \"${pkgs.scowl}/share/dict/words.txt\" ];\n AUGMENTED_WORDLIST = [\n \"${pkgs.scowl}/share/dict/words.txt\"\n \"${pkgs.scowl}/share/dict/words.variants.txt\"\n (builtins.toFile \"extra-words\" ''\n desynchonization\n oobleck'')\n ];\n}\n"}, "loc": ["environment", "wordlist", "lists"], "readOnly": false, "type": "attribute set of non-empty (list of path)"}, "fileSystems": {"declarations": ["nixos/modules/tasks/filesystems.nix", "nixos/modules/tasks/encrypted-devices.nix", "nixos/modules/system/boot/stage-1.nix"], "default": {"_type": "literalExpression", "text": "{ }"}, "description": {"_type": "mdDoc", "text": "The file systems to be mounted. It must include an entry for\nthe root directory (`mountPoint = \"/\"`). Each\nentry in the list is an attribute set with the following fields:\n`mountPoint`, `device`,\n`fsType` (a file system type recognised by\n{command}`mount`; defaults to\n`\"auto\"`), and `options`\n(the mount options passed to {command}`mount` using the\n{option}`-o` flag; defaults to `[ \"defaults\" ]`).\n\nInstead of specifying `device`, you can also\nspecify a volume label (`label`) for file\nsystems that support it, such as ext2/ext3 (see {command}`mke2fs -L`).\n"}, "example": {"_type": "literalExpression", "text": "{\n \"/\".device = \"/dev/hda1\";\n \"/data\" = {\n device = \"/dev/hda2\";\n fsType = \"ext3\";\n options = [ \"data=journal\" ];\n };\n \"/bigdisk\".label = \"bigdisk\";\n}\n"}, "loc": ["fileSystems"], "readOnly": false, "type": "attribute set of (submodule)"}, "fileSystems..autoFormat": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "If the device does not currently contain a filesystem (as\ndetermined by {command}`blkid`, then automatically\nformat it with the filesystem type specified in\n{option}`fsType`. Use with caution.\n"}, "loc": ["fileSystems", "", "autoFormat"], "readOnly": false, "type": "boolean"}, "fileSystems..autoResize": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "If set, the filesystem is grown to its maximum size before\nbeing mounted. (This is typically the size of the containing\npartition.) This is currently only supported for ext2/3/4\nfilesystems that are mounted during early boot.\n"}, "loc": ["fileSystems", "", "autoResize"], "readOnly": false, "type": "boolean"}, "fileSystems..depends": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "[ ]"}, "description": {"_type": "mdDoc", "text": "List of paths that should be mounted before this one. This filesystem's\n{option}`device` and {option}`mountPoint` are always\nchecked and do not need to be included explicitly. If a path is added\nto this list, any other filesystem whose mount point is a parent of\nthe path will be mounted before this filesystem. The paths do not need\nto actually be the {option}`mountPoint` of some other filesystem.\n"}, "example": {"_type": "literalExpression", "text": "[\n \"/persist\"\n]"}, "loc": ["fileSystems", "", "depends"], "readOnly": false, "type": "list of string (with check: non-empty without trailing slash)"}, "fileSystems..device": {"declarations": ["nixos/modules/tasks/filesystems.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Location of the device."}, "example": {"_type": "literalExpression", "text": "\"/dev/sda\""}, "loc": ["fileSystems", "", "device"], "readOnly": false, "type": "null or string (with check: non-empty)"}, "fileSystems..encrypted.blkDev": {"declarations": ["nixos/modules/tasks/encrypted-devices.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Location of the backing encrypted device."}, "example": {"_type": "literalExpression", "text": "\"/dev/sda1\""}, "loc": ["fileSystems", "", "encrypted", "blkDev"], "readOnly": false, "type": "null or string"}, "fileSystems..encrypted.enable": {"declarations": ["nixos/modules/tasks/encrypted-devices.nix"], "default": {"_type": "literalExpression", "text": "false"}, "description": {"_type": "mdDoc", "text": "The block device is backed by an encrypted one, adds this device as a initrd luks entry."}, "loc": ["fileSystems", "", "encrypted", "enable"], "readOnly": false, "type": "boolean"}, "fileSystems..encrypted.keyFile": {"declarations": ["nixos/modules/tasks/encrypted-devices.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Path to a keyfile used to unlock the backing encrypted\ndevice. At the time this keyfile is accessed, the\n`neededForBoot` filesystems (see\n`fileSystems..neededForBoot`)\nwill have been mounted under `/mnt-root`,\nso the keyfile path should usually start with \"/mnt-root/\".\n"}, "example": {"_type": "literalExpression", "text": "\"/mnt-root/root/.swapkey\""}, "loc": ["fileSystems", "", "encrypted", "keyFile"], "readOnly": false, "type": "null or string"}, "fileSystems..encrypted.label": {"declarations": ["nixos/modules/tasks/encrypted-devices.nix"], "default": {"_type": "literalExpression", "text": "null"}, "description": {"_type": "mdDoc", "text": "Label of the unlocked encrypted device. Set `fileSystems..device` to `/dev/mapper/