Radicle
services.radicle.checkConfig
Whether to enable checking the {file}config.json
file resulting from {option}services.radicle.settings
.
Type: boolean
Default
true
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.enable
Whether to enable Radicle Seed Node.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.enable
Whether to enable Radicle HTTP gateway to radicle-node.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.extraArgs
Extra arguments for radicle-httpd
Type: list of string
Default
[ ]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.listenAddress
The IP address on which radicle-httpd
listens.
Type: string
Default
"127.0.0.1"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.listenPort
The port on which radicle-httpd
listens.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default
8080
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx
With this option, you can customize an nginx virtual host which already has sensible defaults for radicle-httpd
.
Set to {}
if you do not need any customization to the virtual host.
If enabled, then by default, the {option}serverName
is
radicle-${config.networking.hostName}.${config.networking.domain}
,
TLS is active, and certificates are acquired via ACME.
If this is set to null (the default), no nginx virtual host will be configured.
Type: null or (submodule)
Default
null
Example
{serverAliases = ["seed.${config.networking.domain}"];enableACME = false;useACMEHost = config.networking.domain;}
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.acmeFallbackHost
Host which to proxy requests to if ACME challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.
With this option, you could request certificates for the present domain with an ACME client that is running on another host, which you would specify here.
Type: null or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.acmeRoot
Directory for the ACME challenge, which is public. Don't put certs or keys in here. Set to null to inherit from config.security.acme.
Type: null or string
Default
"/var/lib/acme/acme-challenge"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.addSSL
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen
to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default
{ }
Example
{user = "password";};
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.basicAuthFile
Basic Auth password file for a vhost.
Can be created via: {command}htpasswd -c <filename> <username>
.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.default
Makes this vhost the default.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.enableACME
Whether to ask Let's Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through {option}useACMEHost
.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.extraConfig
These lines go to the end of the vhost verbatim.
Type: strings concatenated with "\n"
Default
""
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.forceSSL
Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode
) all plain HTTP traffic to
HTTPS. This will set defaults for listen
to listen on all interfaces
on the respective default ports (80, 443), where the non-SSL listens
are used for the redirect vhosts.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.globalRedirect
If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode
) to the given hostname.
Type: null or string
Default
null
Example
"newserver.example.org"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.http2
Whether to enable the HTTP/2 protocol. Note that (as of writing) due to nginx's implementation, to disable HTTP/2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2, then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.
Type: boolean
Default
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.http3
Whether to enable the HTTP/3 protocol.
This requires using pkgs.nginxQuic
package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
and activate the QUIC transport protocol
services.nginx.virtualHosts.<name>.quic = true;
.
Note that HTTP/3 support is experimental and not yet recommended for production.
Read more at https://quic.nginx.org/
HTTP/3 availability must be manually advertised, preferably in each location block.
Type: boolean
Default
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.http3_hq
Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.
This requires using pkgs.nginxQuic
package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
and activate the QUIC transport protocol
services.nginx.virtualHosts.<name>.quic = true;
.
Note that special application protocol support is experimental and not yet recommended for production.
Read more at https://quic.nginx.org/
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.kTLS
Whether to enable kTLS support. Implementing TLS in the kernel (kTLS) improves performance by significantly reducing the need for copying operations between user space and the kernel. Required Nginx version 1.21.4 or later.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.listen
Listen addresses and ports for this virtual host.
IPv6 addresses must be enclosed in square brackets.
Note: this option overrides addSSL
and onlySSL
.
If you only want to set the addresses manually and not
the ports, take a look at listenAddresses
.
Type: list of (submodule)
Default
[ ]
Example
[{addr = "195.154.1.1";port = 443;ssl = true;}{addr = "192.154.1.1";port = 80;}{addr = "unix:/var/run/nginx.sock";}]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.listen.*.addr
Listen address.
Type: string
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.listen.*.extraParameters
Extra parameters of this listen directive.
Type: list of string
Default
[ ]
Example
["backlog=1024""deferred"]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.listen.*.port
Port number to listen on. If unset and the listen address is not a socket then nginx defaults to 80.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.listen.*.proxyProtocol
Enable PROXY protocol.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.listen.*.ssl
Enable SSL.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.listenAddresses
Listen addresses for this virtual host.
Compared to listen
this only sets the addresses
and the ports are chosen automatically.
Note: This option overrides enableIPv6
Type: list of string
Default
[ ]
Example
["127.0.0.1""[::1]"]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.locations
Declarative location config
Type: attribute set of (submodule)
Default
{ }
Example
{"/" = {proxyPass = "http://localhost:3000";};};
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.locations.<name>.alias
Alias directory for requests.
Type: null or path
Default
null
Example
"/your/alias/directory"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.locations.<name>.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default
{ }
Example
{user = "password";};
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.locations.<name>.basicAuthFile
Basic Auth password file for a vhost.
Can be created via: {command}htpasswd -c <filename> <username>
.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.locations.<name>.extraConfig
These lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default
""
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.locations.<name>.fastcgiParams
FastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won't unset the default values for other parameters.
Type: attribute set of (string or path)
Default
{ }
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.locations.<name>.index
Adds index directive.
Type: null or string
Default
null
Example
"index.php index.html"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.locations.<name>.priority
Order of this location block in relation to the others in the vhost.
The semantics are the same as with lib.mkOrder
. Smaller values have
a greater priority.
Type: signed integer
Default
1000
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.locations.<name>.proxyPass
Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.
Type: null or string
Default
null
Example
"http://www.example.org/"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.locations.<name>.proxyWebsockets
Whether to support proxying websocket connections with HTTP/1.1.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.locations.<name>.recommendedProxySettings
Enable recommended proxy settings.
Type: boolean
Default
config.services.nginx.recommendedProxySettings
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.locations.<name>.return
Adds a return directive, for e.g. redirections.
Type: null or string or signed integer
Default
null
Example
"301 http://example.com$request_uri"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.locations.<name>.root
Root directory for requests.
Type: null or path
Default
null
Example
"/your/root/directory"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.locations.<name>.tryFiles
Adds try_files directive.
Type: null or string
Default
null
Example
"$uri =404"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.onlySSL
Whether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen
to listen on all interfaces on port 443.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.quic
Whether to enable the QUIC transport protocol.
This requires using pkgs.nginxQuic
package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
.
Note that QUIC support is experimental and
not yet recommended for production.
Read more at https://quic.nginx.org/
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.redirectCode
HTTP status used by globalRedirect
and forceSSL
. Possible usecases
include temporary (302, 307) redirects, keeping the request method and
body (307, 308), or explicitly resetting the method to GET (303).
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections.
Type: integer between 300 and 399 (both inclusive)
Default
301
Example
308
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.rejectSSL
Whether to listen for and reject all HTTPS connections to this vhost. Useful in
default
server blocks to avoid serving the certificate for another vhost. Uses the
ssl_reject_handshake
directive available in nginx versions
1.19.4 and above.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.reuseport
Create an individual listening socket . It is required to specify only once on one of the hosts.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.root
The path of the web root directory.
Type: null or path
Default
null
Example
"/data/webserver/docs"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default
[ ]
Example
["www.example.org""example.org"]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.serverName
Name of this virtual host. Defaults to attribute name in virtualHosts.
Type: null or string
Default
"radicle-\${config.networking.hostName}.\${config.networking.domain}"
Example
"example.org"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.sslCertificate
Path to server SSL certificate.
Type: path
Example
"/var/host.cert"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.sslCertificateKey
Path to server SSL certificate key.
Type: path
Example
"/var/host.key"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.sslTrustedCertificate
Path to root SSL certificate for stapling and client certificates.
Type: null or path
Default
null
Example
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.nginx.useACMEHost
A host of an existing Let's Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through {option}enableACME
.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using .
Type: null or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.httpd.package
The radicle-httpd package to use.
Type: package
Default
pkgs.radicle-httpd
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.node.extraArgs
Extra arguments for radicle-node
Type: list of string
Default
[ ]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.node.listenAddress
The IP address on which radicle-node
listens.
Type: string
Default
"0.0.0.0"
Example
"127.0.0.1"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.node.listenPort
The port on which radicle-node
listens.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default
8776
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.node.openFirewall
Whether to enable opening the firewall for radicle-node
.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.package
The radicle-node package to use.
Type: package
Default
pkgs.radicle-node
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.privateKeyFile
SSH private key generated by rad auth
.
If it contains a colon (:
) the string before the colon
is taken as the credential name
and the string after as a path encrypted with systemd-creds
.
Type: path or string
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.publicKeyFile
SSH public key generated by rad auth
.
Type: path or string
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix
services.radicle.settings
See https://app.radicle.xyz/nodes/seed.radicle.garden/rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5/tree/radicle/src/node/config.rs#L275
Type: JSON value
Default
{ }
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/radicle.nix