Nix

`nix.buildMachines`

This option lists the machines to be used if distributed builds are enabled (see {option}nix.distributedBuilds). Nix will perform derivations on those machines via SSH by copying the inputs to the Nix store on the remote machine, starting the build, then copying the output back to the local Nix store.

Type: list of (submodule)

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix-remote-build.nix

`nix.buildMachines.*.hostName`

The hostname of the build machine.

Type: string

Example

"nixbuilder.example.org"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix-remote-build.nix

`nix.buildMachines.*.mandatoryFeatures`

A list of features mandatory for this builder. The builder will be ignored for derivations that don't require all features in this list. All mandatory features are automatically included in {var}supportedFeatures.

Type: list of string

Default

[ ]

Example

["big-parallel"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix-remote-build.nix

`nix.buildMachines.*.maxJobs`

The number of concurrent jobs the build machine supports. The build machine will enforce its own limits, but this allows hydra to schedule better since there is no work-stealing between build machines.

Type: signed integer

Default

1

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix-remote-build.nix

`nix.buildMachines.*.protocol`

The protocol used for communicating with the build machine. Use ssh-ng if your remote builder and your local Nix version support that improved protocol.

Use null when trying to change the special localhost builder without a protocol which is for example used by hydra.

Type: one of <null>, "ssh", "ssh-ng"

Default

"ssh"

Example

"ssh-ng"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix-remote-build.nix

`nix.buildMachines.*.publicHostKey`

The (base64-encoded) public host key of this builder. The field is calculated via {command}base64 -w0 /etc/ssh/ssh_host_type_key.pub. If null, SSH will use its regular known-hosts file when connecting.

Type: null or string

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix-remote-build.nix

`nix.buildMachines.*.speedFactor`

The relative speed of this builder. This is an arbitrary integer that indicates the speed of this builder, relative to other builders. Higher is faster.

Type: signed integer

Default

1

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix-remote-build.nix

`nix.buildMachines.*.sshKey`

The path to the SSH private key with which to authenticate on the build machine. The private key must not have a passphrase. If null, the building user (root on NixOS machines) must have an appropriate ssh configuration to log in non-interactively.

Note that for security reasons, this path must point to a file in the local filesystem, not to the nix store.

Type: null or string

Default

null

Example

"/root/.ssh/id_buildhost_builduser"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix-remote-build.nix

`nix.buildMachines.*.sshUser`

The username to log in as on the remote host. This user must be able to log in and run nix commands non-interactively. It must also be privileged to build derivations, so must be included in {option}nix.settings.trusted-users.

Type: null or string

Default

null

Example

"builder"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix-remote-build.nix

`nix.buildMachines.*.supportedFeatures`

A list of features supported by this builder. The builder will be ignored for derivations that require features not in this list.

Type: list of string

Default

[ ]

Example

["kvm""big-parallel"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix-remote-build.nix

`nix.buildMachines.*.system`

The system type the build machine can execute derivations on. Either this attribute or {var}systems must be present, where {var}system takes precedence if both are set.

Type: null or string

Default

null

Example

"x86_64-linux"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix-remote-build.nix

`nix.buildMachines.*.systems`

The system types the build machine can execute derivations on. Either this attribute or {var}system must be present, where {var}system takes precedence if both are set.

Type: list of string

Default

[ ]

Example

["x86_64-linux""aarch64-linux"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix-remote-build.nix

`nix.channel.enable`

Whether the nix-channel command and state files are made available on the machine.

The following files are initialized when enabled: - /nix/var/nix/profiles/per-user/root/channels - /root/.nix-channels - $HOME/.nix-defexpr/channels (on login)

Disabling this option will not remove the state files from the system.

Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix-channel.nix

`nix.checkAllErrors`

If enabled, checks the nix.conf parsing for any kind of error. When disabled, checks only for unknown settings.

Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix.nix

`nix.checkConfig`

If enabled, checks that Nix can parse the generated nix.conf.

Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix.nix

`nix.daemonCPUSchedPolicy`

Nix daemon process CPU scheduling policy. This policy propagates to build processes. other is the default scheduling policy for regular tasks. The batch policy is similar to other, but optimised for non-interactive tasks. idle is for extremely low-priority tasks that should only be run when no other task requires CPU time.

Please note that while using the idle policy may greatly improve responsiveness of a system performing expensive builds, it may also slow down and potentially starve crucial configuration updates during load.

idle may therefore be a sensible policy for systems that experience only intermittent phases of high CPU load, such as desktop or portable computers used interactively. Other systems should use the other or batch policy instead.

For more fine-grained resource control, please refer to {manpage}systemd.resource-control(5) and adjust {option}systemd.services.nix-daemon directly.

Type: one of "other", "batch", "idle"

Default

"other"

Example

"batch"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/system/nix-daemon.nix

`nix.daemonIOSchedClass`

Nix daemon process I/O scheduling class. This class propagates to build processes. best-effort is the default class for regular tasks. The idle class is for extremely low-priority tasks that should only perform I/O when no other task does.

Please note that while using the idle scheduling class can improve responsiveness of a system performing expensive builds, it might also slow down or starve crucial configuration updates during load.

idle may therefore be a sensible class for systems that experience only intermittent phases of high I/O load, such as desktop or portable computers used interactively. Other systems should use the best-effort class.

Type: one of "best-effort", "idle"

Default

"best-effort"

Example

"idle"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/system/nix-daemon.nix

`nix.daemonIOSchedPriority`

Nix daemon process I/O scheduling priority. This priority propagates to build processes. The supported priorities depend on the scheduling policy: With idle, priorities are not used in scheduling decisions. best-effort supports values in the range 0 (high) to 7 (low).

Type: signed integer

Default

4

Example

1

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/system/nix-daemon.nix

`nix.distributedBuilds`

Whether to distribute builds to the machines listed in {option}nix.buildMachines.

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix-remote-build.nix

`nix.enable`

Whether to enable Nix. Disabling Nix makes the system hard to modify and the Nix programs and configuration will not be made available by NixOS itself.

Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/system/nix-daemon.nix

`nix.extraOptions`

Additional text appended to {file}nix.conf. Type: strings concatenated with "\n"

Default

""

Example

'' keep-outputs = true keep-derivations = true''

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix.nix

`nix.gc.automatic`

Automatically run the garbage collector at a specific time. Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/nix-gc.nix

`nix.gc.dates`

How often or when garbage collection is performed. For most desktop and server systems a sufficient garbage collection is once a week.

The format is described in {manpage}systemd.time(7).

Type: (optionally newline-terminated) single-line string

Default

"03:15"

Example

"weekly"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/nix-gc.nix

`nix.gc.options`

Options given to nix-collect-garbage when the garbage collector is run automatically.

Type: (optionally newline-terminated) single-line string

Default

""

Example

"--max-freed $((64 * 1024**3))"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/nix-gc.nix

`nix.gc.persistent`

Takes a boolean argument. If true, the time when the service unit was last triggered is stored on disk. When the timer is activated, the service unit is triggered immediately if it would have been triggered at least once during the time when the timer was inactive. Such triggering is nonetheless subject to the delay imposed by RandomizedDelaySec=. This is useful to catch up on missed runs of the service when the system was powered down.

Type: boolean

Default

true

Example

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/nix-gc.nix

`nix.gc.randomizedDelaySec`

Add a randomized delay before each garbage collection. The delay will be chosen between zero and this value. This value must be a time span in the format specified bysystemd.time(7)

Type: (optionally newline-terminated) single-line string

Default

"0"

Example

"45min"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/nix-gc.nix

`nix.nixPath`

The default Nix expression search path, used by the Nix evaluator to look up paths enclosed in angle brackets (e.g. <nixpkgs>).

Type: list of string

Default

'' if nix.channel.enable then [ "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos" "nixos-config=/etc/nixos/configuration.nix" "/nix/var/nix/profiles/per-user/root/channels" ] else [];''

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix-channel.nix

`nix.nrBuildUsers`

Number of nixbld user accounts created to perform secure concurrent builds. If you receive an error message saying that “all build users are currently in use”, you should increase this value.

Type: signed integer

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/system/nix-daemon.nix

`nix.optimise.automatic`

Automatically run the nix store optimiser at a specific time. Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/nix-optimise.nix

`nix.optimise.dates`

Specification (in the format described by {manpage}systemd.time(7)) of the time at which the optimiser will run.

Type: list of string

Default

["03:45"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/nix-optimise.nix

`nix.package`

This option specifies the Nix package instance to use throughout the system.

Type: package

Default

pkgs.nix

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/system/nix-daemon.nix

`nix.registry`

A system-wide flake registry.

Type: attribute set of (submodule)

Default

{ }

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix-flakes.nix

`nix.registry.<name>.exact`

Whether the {option}from reference needs to match exactly. If set, a {option}from reference like nixpkgs does not match with a reference like nixpkgs/nixos-20.03.

Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix-flakes.nix

`nix.registry.<name>.flake`

The flake input {option}from is rewritten to.

Type: null or (attribute set)

Default

null

Example

nixpkgs

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix-flakes.nix

`nix.registry.<name>.from`

The flake reference to be rewritten. Type: attribute set of (string or signed integer or boolean or path or package)

Example

{id = "nixpkgs";type = "indirect";}

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix-flakes.nix

`nix.registry.<name>.to`

The flake reference {option}from is rewritten to. Type: attribute set of (string or signed integer or boolean or path or package)

Example

{owner = "my-org";repo = "my-nixpkgs";type = "github";}

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix-flakes.nix

`nix.settings`

Configuration for Nix, see https://nixos.org/manual/nix/stable/command-ref/conf-file.html or {manpage}nix.conf(5) for available options. The value declared here will be translated directly to the key-value pairs Nix expects.

You can use {command}nix-instantiate --eval --strict '<nixpkgs/nixos>' -A config.nix.settings to view the current value. By default it is empty.

Nix configurations defined under {option}nix.* will be translated and applied to this option. In addition, configuration specified in {option}nix.extraOptions will be appended verbatim to the resulting config file.

Type: attribute set of (Nix config atom (null, bool, int, float, str, path or package) or list of (Nix config atom (null, bool, int, float, str, path or package)))

Default

{ }

Example

`#!nix { use-sandbox = true; show-trace = true;

system-features = [ "big-parallel" "kvm" "recursive-nix" ]; sandbox-paths = [ "/bin/sh=${pkgs.busybox-sandbox-shell.out}/bin/busybox" ]; } `

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix.nix

`nix.settings.allowed-users`

A list of names of users (separated by whitespace) that are allowed to connect to the Nix daemon. As with {option}nix.settings.trusted-users, you can specify groups by prefixing them with @. Also, you can allow all users by specifying *. The default is *. Note that trusted users are always allowed to connect.

Type: list of string

Default

["*"]

Example

["@wheel""@builders""alice""bob"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix.nix

`nix.settings.auto-optimise-store`

If set to true, Nix automatically detects files in the store that have identical contents, and replaces them with hard links to a single copy. This saves disk space. If set to false (the default), you can still run nix-store --optimise to get rid of duplicate files.

Type: boolean

Default

false

Example

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix.nix

`nix.settings.cores`

This option defines the maximum number of concurrent tasks during one build. It affects, e.g., -j option for make. The special value 0 means that the builder should use all available CPU cores in the system. Some builds may become non-deterministic with this option; use with care! Packages will only be affected if enableParallelBuilding is set for them.

Type: signed integer

Default

0

Example

64

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix.nix

`nix.settings.extra-sandbox-paths`

Directories from the host filesystem to be included in the sandbox.

Type: list of string

Default

[ ]

Example

["/dev""/proc"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix.nix

`nix.settings.max-jobs`

This option defines the maximum number of jobs that Nix will try to build in parallel. The default is auto, which means it will use all available logical cores. It is recommend to set it to the total number of logical cores in your system (e.g., 16 for two CPUs with 4 cores each and hyper-threading).

Type: signed integer or value "auto" (singular enum)

Default

"auto"

Example

64

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix.nix

`nix.settings.require-sigs`

If enabled (the default), Nix will only download binaries from binary caches if they are cryptographically signed with any of the keys listed in {option}nix.settings.trusted-public-keys. If disabled, signatures are neither required nor checked, so it's strongly recommended that you use only trustworthy caches and https to prevent man-in-the-middle attacks.

Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix.nix

`nix.settings.sandbox`

If set, Nix will perform builds in a sandboxed environment that it will set up automatically for each build. This prevents impurities in builds by disallowing access to dependencies outside of the Nix store by using network and mount namespaces in a chroot environment.

This is enabled by default even though it has a possible performance impact due to the initial setup time of a sandbox for each build. It doesn't affect derivation hashes, so changing this option will not trigger a rebuild of packages.

When set to "relaxed", this option permits derivations that set __noChroot = true; to run outside of the sandboxed environment. Exercise caution when using this mode of operation! It is intended to be a quick hack when building with packages that are not easily setup to be built reproducibly.

Type: boolean or value "relaxed" (singular enum)

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix.nix

`nix.settings.substituters`

List of binary cache URLs used to obtain pre-built binaries of Nix packages.

By default https://cache.nixos.org/ is added.

Type: list of string

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix.nix

`nix.settings.system-features`

The set of features supported by the machine. Derivations can express dependencies on system features through the requiredSystemFeatures attribute.

By default, pseudo-features nixos-test, benchmark, and big-parallel used in Nixpkgs are set, kvm is also included if it is available.

Type: list of string

Example

["kvm""big-parallel""gccarch-skylake"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix.nix

`nix.settings.trusted-public-keys`

List of public keys used to sign binary caches. If {option}nix.settings.trusted-public-keys is enabled, then Nix will use a binary from a binary cache if and only if it is signed by any of the keys listed here. By default, only the key for cache.nixos.org is included.

Type: list of string

Example

["hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix.nix

`nix.settings.trusted-substituters`

List of binary cache URLs that non-root users can use (in addition to those specified using {option}nix.settings.substituters) by passing --option binary-caches to Nix commands.

Type: list of string

Default

[ ]

Example

["https://hydra.nixos.org/"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix.nix

`nix.settings.trusted-users`

A list of names of users that have additional rights when connecting to the Nix daemon, such as the ability to specify additional binary caches, or to import unsigned NARs. You can also specify groups by prefixing them with @; for instance, @wheel means all users in the wheel group.

Type: list of string

Default

["root"]

Example

["root""alice""@wheel"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/nix.nix

`nix.sshServe.enable`

Whether to enable serving the Nix store as a remote store via SSH. Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/nix-ssh-serve.nix

`nix.sshServe.keys`

A list of SSH public keys allowed to access the binary cache via SSH. Type: list of string

Default

[ ]

Example

["ssh-dss AAAAB3NzaC1k... alice@example.org"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/nix-ssh-serve.nix

`nix.sshServe.protocol`

The specific Nix-over-SSH protocol to use. Type: one of "ssh", "ssh-ng"

Default

"ssh"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/nix-ssh-serve.nix

`nix.sshServe.write`

Whether to enable writing to the Nix store as a remote store via SSH. Note: the sshServe user is named nix-ssh and is not a trusted-user. nix-ssh should be added to the {option}nix.settings.trusted-users option in most use cases, such as allowing remote building of derivations. Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/nix-ssh-serve.nix