Skip to content

Services

systemd.services.<name>.after

If the specified units are started at the same time as this unit, delay this unit until they have started.

Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.aliases

Aliases of that unit. Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.before

If the specified units are started at the same time as this unit, delay them until this unit has started.

Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.bindsTo

Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.

Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.confinement.binSh

The program to make available as {file}/bin/sh inside the chroot. If this is set to null, no {file}/bin/sh is provided at all.

This is useful for some applications, which for example use the {manpage}system(3) library function to execute commands.

Type: null or path

Default

config.environment.binsh

Example

"${pkgs.dash}/bin/dash"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/systemd-confinement.nix

systemd.services.<name>.confinement.enable

If set, all the required runtime store paths for this service are bind-mounted into a tmpfs-based {manpage}chroot(2).

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/systemd-confinement.nix

systemd.services.<name>.confinement.fullUnit

Whether to include the full closure of the systemd unit file into the chroot, instead of just the dependencies for the executables.

::: {.warning} While it may be tempting to just enable this option to make things work quickly, please be aware that this might add paths to the closure of the chroot that you didn't anticipate. It's better to use {option}confinement.packages to explicitly add additional store paths to the chroot. :::

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/systemd-confinement.nix

systemd.services.<name>.confinement.mode

The value full-apivfs (the default) sets up private {file}/dev, {file}/proc, {file}/sys, {file}/tmp and {file}/var/tmp file systems in a separate user name space.

If this is set to chroot-only, only the file system name space is set up along with the call to {manpage}chroot(2).

In all cases, unless serviceConfig.PrivateTmp=true is set, both {file}/tmp and {file}/var/tmp paths are added to InaccessiblePaths=. This is to overcome options like DynamicUser=true implying PrivateTmp=true without letting it being turned off. Beware however that giving processes the CAP_SYS_ADMIN and @mount privileges can let them undo the effects of InaccessiblePaths=.

::: {.note} This doesn't cover network namespaces and is solely for file system level isolation. :::

Type: one of "full-apivfs", "chroot-only"

Default

"full-apivfs"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/systemd-confinement.nix

systemd.services.<name>.confinement.packages

Additional packages or strings with context to add to the closure of the chroot. By default, this includes all the packages from the {option}serviceConfig.ExecReload, {option}serviceConfig.ExecStartPost, {option}serviceConfig.ExecStartPre, {option}serviceConfig.ExecStop, {option}serviceConfig.ExecStopPost and {option}serviceConfig.ExecStart options. If you want to have all the dependencies of this systemd unit, you can use {option}confinement.fullUnit.

::: {.note} The store paths listed in {option}path are not included in the closure as well as paths from other options except those listed above. :::

Type: list of (string or package)

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/security/systemd-confinement.nix

systemd.services.<name>.conflicts

If the specified units are started, then this unit is stopped and vice versa.

Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.description

Description of this unit used in systemd messages and progress indicators. Type: (optionally newline-terminated) single-line string

Default

""

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.documentation

A list of URIs referencing documentation for this unit or its configuration. Type: list of string

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.enable

If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances (e.g. serial-getty@ttyS0) from being started. Note that enable=true does not make a unit start by default at boot; if you want that, see wantedBy.

Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.environment

Environment variables passed to the service's processes. Type: attribute set of (null or string or path or package)

Default

{ }

Example

{LANG = "nl_NL.UTF-8";PATH = "/foo/bar/bin";}

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.name

The name of this systemd unit, including its extension. This can be used to refer to this unit from other systemd units.

Type: string

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.onFailure

A list of one or more units that are activated when this unit enters the "failed" state.

Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.onSuccess

A list of one or more units that are activated when this unit enters the "inactive" state.

Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.overrideStrategy

Defines how unit configuration is provided for systemd:

asDropinIfExists creates a unit file when no unit file is provided by the package otherwise a drop-in file name overrides.conf.

asDropin creates a drop-in file named overrides.conf. Mainly needed to define instances for systemd template units (e.g. systemd-nspawn@mycontainer.service).

See also {manpage}systemd.unit(5).

Type: one of "asDropinIfExists", "asDropin"

Default

"asDropinIfExists"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.partOf

If the specified units are stopped or restarted, then this unit is stopped or restarted as well.

Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.path

Packages added to the service's {env}PATH environment variable. Both the {file}bin and {file}sbin subdirectories of each package are added.

Type: list of (package or string)

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.postStart

Shell commands executed after the service's main process is started.

Type: strings concatenated with "\n"

Default

""

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.postStop

Shell commands executed after the service's main process has exited.

Type: strings concatenated with "\n"

Default

""

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.preStart

Shell commands executed before the service's main process is started.

Type: strings concatenated with "\n"

Default

""

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.preStop

Shell commands executed to stop the service.

Type: strings concatenated with "\n"

Default

""

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.reload

Shell commands executed when the service's main process is reloaded.

Type: strings concatenated with "\n"

Default

""

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.reloadIfChanged

Whether the service should be reloaded during a NixOS configuration switch if its definition has changed. If enabled, the value of {option}restartIfChanged is ignored.

This option should not be used anymore in favor of {option}reloadTriggers which allows more granular control of when a service is reloaded and when a service is restarted.

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.reloadTriggers

An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be reloaded. If anything but a reload trigger changes in the unit file, the unit will be restarted instead.

Type: list of (systemd option)

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.requiredBy

Units that require (i.e. depend on and need to go down with) this unit. As discussed in the wantedBy option description this also creates .requires symlinks automatically.

Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.requires

Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.

Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.requisite

Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail.

Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.restartIfChanged

Whether the service should be restarted during a NixOS configuration switch if its definition has changed.

Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.restartTriggers

An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.

Type: list of unspecified value

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.script

Shell commands executed as the service's main process. Type: strings concatenated with "\n"

Default

""

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.scriptArgs

Arguments passed to the main process script. Can contain specifiers (% placeholders expanded by systemd, see {manpage}systemd.unit(5)).

Type: string

Default

""

Example

"%i"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.serviceConfig

Each attribute in this set specifies an option in the [Service] section of the unit. See {manpage}systemd.service(5) for details.

Type: attribute set of (systemd option)

Default

{ }

Example

{RestartSec = 5;}

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.startAt

Automatically start this unit at the given date/time, which must be in the format described in {manpage}systemd.time(7). This is equivalent to adding a corresponding timer unit with {option}OnCalendar set to the value given here.

Type: string or list of string

Default

[ ]

Example

"Sun 14:00:00"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.startLimitBurst

Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.

Type: signed integer

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.startLimitIntervalSec

Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.

Type: signed integer

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.stopIfChanged

If set, a changed unit is restarted by calling {command}systemctl stop in the old configuration, then {command}systemctl start in the new one. Otherwise, it is restarted in a single step using {command}systemctl restart in the new configuration. The latter is less correct because it runs the ExecStop commands from the new configuration.

Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.unitConfig

Each attribute in this set specifies an option in the [Unit] section of the unit. See {manpage}systemd.unit(5) for details.

Type: attribute set of (systemd option)

Default

{ }

Example

{RequiresMountsFor = "/data";}

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.upheldBy

Keep this unit running as long as the listed units are running. This is a continuously enforced version of wantedBy.

Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.upholds

Keeps the specified running while this unit is running. A continuous version of wants.

Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.wantedBy

Units that want (i.e. depend on) this unit. The default method for starting a unit by default at boot time is to set this option to ["multi-user.target"] for system services. Likewise for user units (systemd.user.<name>.*) set it to ["default.target"] to make a unit start by default when the user <name> logs on.

This option creates a .wants symlink in the given target that exists statelessly without the need for running systemctl enable. The [Install] section described in {manpage}systemd.unit(5) however is not supported because it is a stateful process that does not fit well into the NixOS design.

Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix

systemd.services.<name>.wants

Start the specified units when this unit is started.

Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd.nix