Module options¶

Base options¶

option boot.commandLine
Kernel command line

type list of non-empty string

default
[ ]
option boot.commandLineDtbNode
Kernel command line’s devicetree node

type one of “bootargs”, “bootargs-override”

default
"bootargs"
option boot.imageFormat
type one of “fit”, “uimage”

default
"uimage"
option boot.imageType
type one of “primary”, “secondary”

default
"primary"
option boot.tftp.ipaddr
Our IP address to use when creating scripts to boot or flash from U-Boot. Not relevant in normal operation

type string

option boot.tftp.loadAddress
RAM address at which to load data when transferring via TFTP. This is not the address of the flash storage, nor the kernel load address: it should be set to some part of RAM that’s not used for anything else and suitable for temporary storage.

type unsigned integer, meaning >=0

option boot.tftp.serverip
IP address of the TFTP server. Not relevant in normal operation

type string

option defaultProfile.packages
List of packages which are available in a login shell. (This is analogous to systemPackages in NixOS, but we don’t symlink into /run/current-system, we just add the paths in /etc/profile

type list of package

option filesystem
Skeleton filesystem, represented as nested attrset. Consult the source code if you need to add to this

type anything
option rootOptions
type null or string

default
null
option rootfsType
type one of “btrfs”, “ext4”, “jffs2”, “squashfs”, “ubifs”

default
"squashfs"
option services

type attribute set of s6-rc service

option system.callService

type function that evaluates to a(n) function that evaluates to a(n) anything

Busybox¶

Busybox provides stripped-down versions of many usual Linux/Unix tools, and may be configured to include only the commands (termed “applets”) required by the user or by other included modules.

option programs.busybox.applets
Applets required

type list of string

example
[
  "sh"
  "getty"
  "login"
]
default
[ ]
option programs.busybox.options
Other busybox config flags that do not map directly to applet names (often prefixed FEATURE_)

type attribute set of non-empty string

example
{
  FEATURE_DD_IBS_OBS = "y";
}
default
{ }

Hardware-dependent options¶

These are attributes of the hardware not of the application you want to run on it, and would usually be set in the “device” file: devices/manuf-model/default.nix

option hardware.alignment
Alignment passed to mkimage for FIT

type null or (unsigned integer, meaning >=0)

default
null
option hardware.defaultOutput
“Default” output: what gets built for this device when outputs.default is requested. Typically this is “mtdimage” or “vmroot”

type non-empty string
option hardware.dts.includePaths
List of directories to search for DTS includes (.dtsi files)

type list of path

default
[ ]
option hardware.dts.includes
“dtsi” fragments to include in the generated device tree

type list of path

default
[ ]
option hardware.dts.src
If the device requires an external device tree to be loaded alongside the kernel, this is the path to the device tree source (we usually get these from OpenWrt). This value may be null if the platform creates the device tree - currently this is the case only for QEMU.

type null or path

option hardware.entryPoint

type unsigned integer, meaning >=0

option hardware.flash.address
Start address of whichever partition (often called “firmware”) we’re going to overwrite with our kernel uimage and root fs. Usually not the entire flash, as we don’t want to clobber the bootloader, calibration data etc

type unsigned integer, meaning >=0

option hardware.flash.eraseBlockSize
Flash erase block size in bytes

type unsigned integer, meaning >=0

option hardware.flash.size
Size in bytes of the firmware partition

type unsigned integer, meaning >=0
option hardware.loadAddress
type unsigned integer, meaning >=0

default
null
option hardware.networkInterfaces

type attribute set of anything
option hardware.radios
Kernel modules (from mac80211 package) required for the wireless devices on this board

type list of string

example
[
  "ath9k"
  "ath10k"
]
default
[ ]
option hardware.ram.startAddress

type signed integer
option hardware.rootDevice
Full path to preferred root device

type string

example
"/dev/mtdblock3"
option hardware.ubi.logicalEraseBlockSize

type string

option hardware.ubi.maxLEBcount

type string

option hardware.ubi.minIOSize

type string

option hardware.ubi.physicalEraseBlockSize

type string

hostname¶

option hostname
System hostname of the device, as returned by gethostname(2). May or may not correspond to any name it’s reachable at on any network.

type non-empty string

default
"liminix"

logging¶

option logging.persistent.enable
Whether to enable store logs across reboots.

type boolean

example
true
default
false

boot-extlinux¶

option boot.loader.extlinux.enable
Whether to enable extlinux.

type boolean

example
true
default
false

boot-fit¶

option boot.loader.fit.enable
Whether to enable FIT in /boot.

type boolean

example
true
default
false

initramfs¶

option boot.initramfs.enable
Whether to enable initramfs.

type boolean

example
true
default
false

tftpboot¶

option boot.tftp.appendDTB
type boolean

default
false
option boot.tftp.compressRoot
type boolean

default
false
option boot.tftp.freeSpaceBytes
type signed integer

default
0
option boot.tftp.kernelFormat
type one of “zimage”, “uimage”

default
"uimage"

ramdisk¶

option boot.ramdisk.enable
Whether to enable reserving part of memory as an MTD-based RAM disk. Needed for TFTP booting .

type boolean

example
true
default
false

s6¶

option logging.directory
default log directory

type path

default
"/run/log"
option logging.script
“log script” used by fallback s6-log process

type string

default
"pliminix t"
option logging.shipping.enable
Whether to enable unix socket for log shipping.

type boolean

example
true
default
false
option logging.shipping.service
log shipper service

type s6-rc service
option logging.shipping.socket
socket pathname

type path

default
"/run/.log-shipping.sock"

Users¶

User- and group-related configuration.

Changes made here are reflected in files such as :file:/etc/shadow, :file:/etc/passwd, :file:/etc/group etc. If you are familiar with user configuration in NixOS, please note that Liminix does not have the concept of “mutable users” - files in /etc/ are symlinks to the immutable store, so you can’t e.g change a password with passwd

option groups

type attribute set of (submodule)

option groups.<name>.gid

type signed integer
option groups.<name>.usernames
type list of string

default
[ ]
option users

type attribute set of (submodule)
option users.<name>.dir
type string

default
"/run"
option users.<name>.gecos
type string

example
"Jo Q User"
default
""
option users.<name>.gid

type signed integer
option users.<name>.openssh.authorizedKeys.keys
type list of string

default
[ ]
option users.<name>.passwd
encrypted password, as generated by mkpasswd -m sha512crypt

type string

example
"$6$RIYL.EgWOrtoJ0/7$Z53a8sc0o6AU/kuFOGiLJKhwVavTG/deoM7JTs6luNczYSUsh4UYmhvT8sVzm.l8F/LZXhhhkC7IHQs5UGAIM/"
default
"!!"
option users.<name>.shell
type string

default
"/bin/sh"
option users.<name>.uid

type signed integer

Bridge module¶

Allows creation of Layer 2 software “bridge” network devices. A common use case is to merge together a hardware Ethernet device with one or more WLANs so that several local devices appear to be on the same network.

path modules/bridge/default.nix

service system.service.bridge.members

Service parameters

option members
interfaces to add to the bridge

type list of s6-rc service

option primary
primary bridge interface

type s6-rc service

service system.service.bridge.primary

Service parameters

option ifname
bridge interface name to create

type string

DHCP6 client module¶

This is for use if you have an IPv6-capable upstream that provides address information and/or prefix delegation using DHCP6. It provides a service to request address information in the form of a DHCP lease, and two dependent services that listen for updates to the DHCP address information and can be used to update addresses of network interfaces that you want to assign those prefixes to

path modules/dhcp6c/default.nix

service system.service.dhcp6c.address

Service parameters

option client

type anything

option interface
interface to assign the address to

type s6-rc service

service system.service.dhcp6c.client

Service parameters

option interface
interface (usually WAN) to query for DHCP6

type s6-rc service

service system.service.dhcp6c.prefix

Service parameters

option client

type anything

option interface
interface to assign <prefix>::1 to

type s6-rc service

Dnsmasq¶

This module includes a service to provide DNS, DHCP, and IPv6 router advertisement for the local network.

path modules/dnsmasq/default.nix

service system.service.dnsmasq
Service parameters
option domain
Domain name for DHCP service: causes the DHCP server to return the domain to any hosts which request it, and sets the domain which it is legal for DHCP-configured hosts to claim

type string
option group
Specifies the unix group which dnsmasq will run as

type string

default
dnsmasq
option hosts

type attribute set of (submodule)

option interface

type s6-rc service

option ranges

type list of string

option resolvconf

type null or s6-rc service

option upstreams

type list of string
option user
Specifies the unix user which dnsmasq will run as

type string

default
dnsmasq

Firewall¶

Provides a service to create an nftables ruleset based on configuration supplied to it.

path modules/firewall/default.nix

service system.service.firewall

Service parameters

option extraRules
firewall ruleset

type attribute set of (attribute set)

option rules
firewall ruleset

type attribute set of (attribute set)

option zones

type attribute set of list of s6-rc service

Hostapd¶

Hostapd (host access point daemon) enables a wireless network interface to act as an access point and authentication server, providing IEEE 802.11 access point management, and IEEE 802.1X/WPA/WPA2/EAP Authenticators. In less technical terms, this service is what you need for your Liminix device to provide a wireless network that clients can connect to.

If you have more than one wireless network interface (e.g. wlan0, wlan1) you can run an instance of hostapd on each of them.

path modules/hostapd/default.nix

service system.service.hostapd

Service parameters

option interface

type s6-rc service

option params

type attribute set

ifwait¶

path modules/ifwait/default.nix

service system.service.ifwait

Service parameters

option interface

type s6-rc service

option service

type s6-rc service

option state

type string

Mount

Mount filesystems

path modules/mount/default.nix

service system.service.mount
Service parameters
option fstype
type string

default
auto
option mountpoint

type string

option options

type list of string

option partlabel

type string

Network¶

Basic network services for creating hardware ethernet devices and adding addresses

path modules/network/default.nix

service system.service.network.address
network interface address

Service parameters

option address

type string

option family

type one of “inet”, “inet6”

option interface

type s6-rc service

option prefixLength

type integer between 0 and 128 (both inclusive)

service system.service.network.dhcp.client
DHCP v4 client

Service parameters

option interface

type s6-rc service

service system.service.network.forward

Service parameters

option enableIPv4

type boolean

option enableIPv6

type boolean

service system.service.network.link
hardware network interface

Service parameters

option devpath
Path to the sysfs node of the device. If you provide this and the ifname option, the device will be renamed to the name given by ifname.

type null or string

option ifname
Device name as used by the kernel (as seen in “ip link” or “ifconfig” output). If devpath is also specified, the device will be renamed to the name provided.

type string

option mtu

type null or signed integer

service system.service.network.route

Service parameters

option interface
Interface to route through. May be omitted if it can be inferred from “via”

type null or s6-rc service

option metric
route metric

type signed integer

option target
host or network to add route to

type string

option via
address of next hop

type string

NTP¶

A network time protocol implementation so that your Liminix device may synchronize its clock with an accurate time source, and optionally also provide time service to its peers. The implementation used in Liminix is Chrony

path modules/ntp/default.nix

service system.service.ntp
Service parameters
option allow
subnets from which NTP clients are allowed to access the server

type list of string

option bindaddress

type null or string

option binddevice

type null or string
option dumpdir
type path

default
/run/chrony
option extraConfig
type strings concatenated with “\n”

default
option makestep

type null or (submodule)

option peers

type attribute set of list of string

option pools

type attribute set of list of string

option servers

type attribute set of list of string
option user
type string

default
ntp

PPP¶

ppoe (PPP over Ethernet) provides a service to address the case where your Liminix device is connected to an upstream network using PPPoE. This is typical for UK broadband connections where the physical connection is made by OpenReach (“Fibre To The X”) and common in some other localities as well: check with your ISP if this is you.

l2tp (Layer 2 Tunelling Protocol) provides a service that tunnels PPP over the Internet. This may be used by some ISPs in conjunction with a DHCP uplink, or other more creative forms of network connection

path modules/ppp/default.nix

service system.service.l2tp

Service parameters

option debug
log the contents of all control packets sent or received

type boolean

option lcpEcho

type unspecified

option lns
hostname or address of the L2TP network server

type string

option password
password

type null or string or function that evaluates to a(n) anything

option ppp-options
options supplied on ppp command line

type list of string

option username
username

type null or string or function that evaluates to a(n) anything

service system.service.pppoe

Service parameters

option debug
log the contents of all control packets sent or received

type boolean

option interface
ethernet interface to run PPPoE over

type s6-rc service

option lcpEcho

type unspecified

option password
password

type null or string or function that evaluates to a(n) anything

option ppp-options
options supplied on ppp command line

type list of string

option username
username

type null or string or function that evaluates to a(n) anything

Secrets

path modules/secrets/default.nix

service system.service.secrets.outboard
fetch secrets from external vault with https

Service parameters

option interval
how often to check the source, in minutes

type signed integer

option name
service name

type string

option password
password for HTTP basic auth

type null or string

option url
source url

type string matching the pattern https?://.*

option username
username for HTTP basic auth

type null or string
service system.service.secrets.subscriber
wrapper around a service that needs notifying (e.g. restarting) when secrets change

Service parameters
option action
how do we notify the service to regenerate its config

type one of “restart”, “restart-all”, “hup”, “int”, “quit”, “kill”, “term”, “winch”, “usr1”, “usr2”

default
restart-all
option service
subscribing service that will receive notification

type s6-rc service

option watch
secrets paths to subscribe to

type list of function that evaluates to a(n) anything
service system.service.secrets.tang
fetch secrets from encrypted local pathname, using tang

Service parameters

option interval
how often to check the source, in minutes

type signed integer

option name
service name

type string

option path
encrypted source pathname

type path

Secure Shell¶

Provide SSH service using Dropbear

path modules/ssh/default.nix

service system.service.ssh
Service parameters
option address
Listen on specified address

type null or string

option allowLocalPortForward
Enable local port forwarding

type boolean

option allowPasswordLogin
Allow login using password (disable for public key auth only)

type boolean

option allowPasswordLoginForRoot
Allow root to login using password (disable for public key auth only)

type boolean

option allowRemoteConnectionToForwardedPorts
Allow remote hosts to connect to local forwarded ports (by default they are bound to loopback)

type boolean

option allowRemotePortForward
Enable remote port forwarding

type boolean

option allowRoot
Allow root to login

type boolean

option authorizedKeys
Authorized SSH public keys for each username. If this optin is provided it overrides any keys found in /home/{username}/.ssh

type null or (attribute set of list of non-empty string) or function that evaluates to a(n) anything
option extraConfig
type strings concatenated with “ “

default
option port
Listen on specified TCP port

type 16 bit unsigned integer; between 0 and 65535 (both inclusive)

uevent-rule¶

path modules/uevent-rule/default.nix

service system.service.uevent-rule
a service which starts other services based on device state (sysfs)

Service parameters

option serviceName
name of the service to run when the rule matches

type string

option symlink
create symlink targeted on devpath

type null or string

option terms

type attribute set

VLAN¶

Virtual LANs give you the ability to sub-divide a LAN. Linux can accept VLAN tagged traffic and presents each VLAN ID as a different network interface (eg: eth0.100 for VLAN ID 100)

Some Liminix devices with multiple ethernet ports are implemented using a network switch connecting the physical ports to the CPU, and require using VLAN in order to send different traffic to different ports (e.g. LAN vs WAN)

path modules/vlan/default.nix

service system.service.vlan

Service parameters

option ifname
interface name to create

type string

option primary
existing physical interface

type s6-rc service

option vid
VLAN identifier (VID) in range 1-4094

type string

Watchdog

Enable hardware watchdog (for devices that support one) and feed it by checking the health of specified critical services. If the watchdog feeder stops, the device will reboot.

path modules/watchdog/default.nix

service system.service.watchdog

Service parameters

option headStart
delay in seconds before watchdog starts checking service health

type signed integer

option watched
services to watch

type list of s6-rc service

Module options¶

Base options¶

Busybox¶

Hardware-dependent options¶

hostname¶

logging¶

boot-extlinux¶

boot-fit¶

initramfs¶

tftpboot¶

ramdisk¶

s6¶

Users¶

Bridge module¶

DHCP6 client module¶

Dnsmasq¶

Firewall¶

Hostapd¶

ifwait¶

Network¶

NTP¶

PPP¶

Secure Shell¶

uevent-rule¶

VLAN¶

Navigation

Related Topics

Module options¶

Base options¶

Busybox¶

Hardware-dependent options¶

hostname¶

Kernel-related options¶

logging¶

boot-extlinux¶

boot-fit¶

initramfs¶

tftpboot¶

ramdisk¶

s6¶

Users¶

Bridge module¶

DHCP6 client module¶

Dnsmasq¶

Firewall¶

Hostapd¶

ifwait¶

Network¶

NTP¶

PPP¶

Secure Shell¶

uevent-rule¶

VLAN¶