Bacula fd
services.bacula-fd.director
This option defines director resources in Bacula File Daemon.
Type: attribute set of (submodule)
Default
{ }
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-fd.director.<name>.monitor
If Monitor is set to no, this director will have
full access to this Storage daemon. If Monitor is set to
yes, this director will only be able to fetch the
current status of this Storage daemon.
Please note that if this director is being used by a Monitor, we highly recommend to set this directive to yes to avoid serious security problems.
Type: one of "no", "yes"
Default
"no"
Example
"yes"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-fd.director.<name>.password
Specifies the password that must be supplied for the default Bacula Console to be authorized. The same password must appear in the Director resource of the Console configuration file. For added security, the password is never passed across the network but instead a challenge response hash code created with the password. This directive is required. If you have either /dev/random or bc on your machine, Bacula will generate a random password during the configuration process, otherwise it will be left blank and you must manually supply it.
The password is plain text. It is not generated through any special process but as noted above, it is better to use random text for security reasons.
Type: string
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-fd.director.<name>.tls
TLS Options for the Director in this Configuration.
Type: submodule
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-fd.director.<name>.tls.allowedCN
Common name attribute of allowed peer certificates.
This directive is valid for a server and in a client context.
If this directive is specified, the peer certificate will be verified against this list.
In the case this directive is configured on a server side, the allowed
CN list will not be checked if services.bacula-fd.director.
Type: list of string
Default
[ ]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-fd.director.<name>.tls.caCertificateFile
The path specifying a PEM encoded TLS CA certificate(s).
Multiple certificates are permitted in the file.
One of TLS CA Certificate File or TLS CA Certificate Dir are required in a server context, unless
services.bacula-fd.director.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-fd.director.<name>.tls.certificate
The full path to the PEM encoded TLS certificate.
It will be used as either a client or server certificate,
depending on the connection direction.
This directive is required in a server context, but it may
not be specified in a client context if services.bacula-fd.director.false in the corresponding server context.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-fd.director.<name>.tls.enable
Specifies if TLS should be enabled.
If this set to false TLS will be completely disabled, even if services.bacula-fd.director.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-fd.director.<name>.tls.key
The path of a PEM encoded TLS private key. It must correspond to the TLS certificate.
Type: path
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-fd.director.<name>.tls.require
Require TLS or TLS-PSK encryption.
This directive is ignored unless one of services.bacula-fd.director.yes.
If TLS is not required while TLS or TLS-PSK are enabled, then the Bacula component
will connect with other components either with or without TLS or TLS-PSK
If services.bacula-fd.director.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-fd.director.<name>.tls.verifyPeer
Verify peer certificate.
Instructs server to request and verify the client's X.509 certificate.
Any client certificate signed by a known-CA will be accepted.
Additionally, the client's X509 certificate Common Name must meet the value of the Address directive.
If services.bacula-fd.director.
Standard from Bacula is true.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-fd.enable
Whether to enable the Bacula File Daemon.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-fd.extraClientConfig
Extra configuration to be passed in Client directive.
Type: strings concatenated with "\n"
Default
""
Example
'' Maximum Concurrent Jobs = 20; Heartbeat Interval = 30;''
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-fd.extraMessagesConfig
Extra configuration to be passed in Messages directive.
Type: strings concatenated with "\n"
Default
""
Example
'' console = all''
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-fd.name
The client name that must be used by the Director when connecting. Generally, it is a good idea to use a name related to the machine so that error messages can be easily identified if you have multiple Clients. This directive is required.
Type: string
Default
"${config.networking.hostName}-fd"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-fd.port
This specifies the port number on which the Client listens for Director connections. It must agree with the FDPort specified in the Client resource of the Director's configuration file.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default
9102
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-fd.tls
TLS Options for the File Daemon. Important notice: The backup won't be encrypted.
Type: submodule
Default
{ }
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-fd.tls.allowedCN
Common name attribute of allowed peer certificates. This directive is valid for a server and in a client context. If this directive is specified, the peer certificate will be verified against this list. In the case this directive is configured on a server side, the allowed CN list will not be checked if services.bacula-fd.tls.verifyPeer is false.
Type: list of string
Default
[ ]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-fd.tls.caCertificateFile
The path specifying a PEM encoded TLS CA certificate(s). Multiple certificates are permitted in the file. One of TLS CA Certificate File or TLS CA Certificate Dir are required in a server context, unless services.bacula-fd.tls.verifyPeer is false, and are always required in a client context.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-fd.tls.certificate
The full path to the PEM encoded TLS certificate.
It will be used as either a client or server certificate,
depending on the connection direction.
This directive is required in a server context, but it may
not be specified in a client context if services.bacula-fd.tls.verifyPeer is
false in the corresponding server context.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-fd.tls.enable
Specifies if TLS should be enabled.
If this set to false TLS will be completely disabled, even if services.bacula-fd.tls.require is true.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-fd.tls.key
The path of a PEM encoded TLS private key. It must correspond to the TLS certificate.
Type: path
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-fd.tls.require
Require TLS or TLS-PSK encryption.
This directive is ignored unless one of services.bacula-fd.tls.enable is true or TLS PSK Enable is set to yes.
If TLS is not required while TLS or TLS-PSK are enabled, then the Bacula component
will connect with other components either with or without TLS or TLS-PSK
If services.bacula-fd.tls.enable or TLS-PSK is enabled and TLS is required, then the Bacula component will refuse any connection request that does not use TLS.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-fd.tls.verifyPeer
Verify peer certificate. Instructs server to request and verify the client's X.509 certificate. Any client certificate signed by a known-CA will be accepted. Additionally, the client's X509 certificate Common Name must meet the value of the Address directive. If services.bacula-fd.tls.allowedCN is used, the client's x509 certificate Common Name must also correspond to one of the CN specified in the services.bacula-fd.tls.allowedCN directive. This directive is valid only for a server and not in client context.
Standard from Bacula is true.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix