Module options

Base options

• option boot.commandLine

  Kernel command line

  type list of non-empty string

  default

  [ ]
  

• option boot.commandLineDtbNode

  Kernel command line’s devicetree node

  type one of “bootargs”, “bootargs-override”

  default

  "bootargs"
  

• option boot.imageFormat

  type one of “fit”, “uimage”

  default

  "uimage"
  

• option boot.imageType

  type one of “primary”, “secondary”

  default

  "primary"
  

• option boot.tftp.ipaddr

  Our IP address to use when creating scripts to boot or flash from U-Boot. Not relevant in normal operation

  type string

• option boot.tftp.loadAddress

  RAM address at which to load data when transferring via TFTP. This is not the address of the flash storage, nor the kernel load address: it should be set to some part of RAM that’s not used for anything else and suitable for temporary storage.

  type unsigned integer, meaning >=0

• option boot.tftp.serverip

  IP address of the TFTP server. Not relevant in normal operation

  type string

• option defaultProfile.packages

  List of packages which are available in a login shell. (This is analogous to systemPackages in NixOS, but we don’t symlink into /run/current-system, we just add the paths in /etc/profile

  type list of package

• option filesystem

  Skeleton filesystem, represented as nested attrset. Consult the source code if you need to add to this

  type anything

• option rootOptions

  type null or string

  default

  null
  

• option rootfsType

  type one of “btrfs”, “ext4”, “jffs2”, “squashfs”, “ubifs”

  default

  "squashfs"
  

• option services

  type attribute set of s6-rc service

• option system.callService

  type function that evaluates to a(n) function that evaluates to a(n) anything

Busybox

Busybox provides stripped-down versions of many usual Linux/Unix tools, and may be configured to include only the commands (termed “applets”) required by the user or by other included modules.

• option programs.busybox.applets

  Applets required

  type list of string

  example

  [
    "sh"
    "getty"
    "login"
  ]
  

  default

  [ ]
  

• option programs.busybox.options

  Other busybox config flags that do not map directly to applet names (often prefixed FEATURE_)

  type attribute set of non-empty string

  example

  {
    FEATURE_DD_IBS_OBS = "y";
  }
  

  default

  { }
  

Hardware-dependent options

These are attributes of the hardware not of the application you want to run on it, and would usually be set in the “device” file: devices/manuf-model/default.nix

• option hardware.alignment

  Alignment passed to mkimage for FIT

  type null or unsigned integer, meaning >=0

  default

  null
  

• option hardware.defaultOutput

  “Default” output: what gets built for this device when outputs.default is requested. Typically this is “mtdimage” or “vmroot”

  type non-empty string

• option hardware.dts.includes

  List of directories to search for DTS includes (.dtsi files)

  type list of path

  default

  [ ]
  

• option hardware.dts.src

  If the device requires an external device tree to be loaded alongside the kernel, this is the path to the device tree source (we usually get these from OpenWrt). This value may be null if the platform creates the device tree - currently this is the case only for QEMU.

  type null or path

• option hardware.entryPoint

  type unsigned integer, meaning >=0

• option hardware.flash.address

  Start address of whichever partition (often called “firmware”) we’re going to overwrite with our kernel uimage and root fs. Usually not the entire flash, as we don’t want to clobber the bootloader, calibration data etc

  type unsigned integer, meaning >=0

• option hardware.flash.eraseBlockSize

  Flash erase block size in bytes

  type unsigned integer, meaning >=0

• option hardware.flash.size

  Size in bytes of the firmware partition

  type unsigned integer, meaning >=0

• option hardware.loadAddress

  type unsigned integer, meaning >=0

  default

  null
  

• option hardware.networkInterfaces

  type attribute set of anything

• option hardware.radios

  Kernel modules (from mac80211 package) required for the wireless devices on this board

  type list of string

  example

  [
    "ath9k"
    "ath10k"
  ]
  

  default

  [ ]
  

• option hardware.ram.startAddress

  type signed integer

• option hardware.rootDevice

  Full path to preferred root device

  type string

  example

  "/dev/mtdblock3"
  

hostname

• option hostname

  System hostname of the device, as returned by gethostname(2). May or may not correspond to any name it’s reachable at on any network.

  type non-empty string

  default

  "liminix"
  

Kernel-related options

• option kernel.conditionalConfig

  Kernel config options that should only be applied when some other option is present.

  type attribute set of attribute set of non-empty string

  example

  {
    USB = {
      USB_XHCI_HCD = "y";
      USB_XHCI_MVEBU = "y";
    };
  }
  

  default

  { }
  

• option kernel.config

  Kernel config options, as listed in Kconfig* files in the kernel source tree. Do not include the leading “CONFIG_” prefix when defining these. Most values are “y”, “n” or “m”, but sometimes other strings are also used.

  type attribute set of non-empty string

  example

  {
    BRIDGE = "y";
    TMPFS = "y";
    FW_LOADER_USER_HELPER = "n";
  };
  

• option kernel.extraPatchPhase

  type strings concatenated with “\n”

  default

  "true"
  

• option kernel.makeTargets

  type list of string

• option kernel.modular

  support loadable kernel modules

  type boolean

  default

  true
  

• option kernel.src

  type path

• option kernel.version

  type string

  default

  "5.15.137"
  

extlinux

• option boot.loader.extlinux.enable

  Whether to enable extlinux.

  type boolean

  example

  true
  

  default

  false
  

initramfs

• option boot.initramfs.enable

  Whether to enable initramfs.

  type boolean

  example

  true
  

  default

  false
  

tftpboot

• option boot.tftp.appendDTB

  type boolean

  default

  false
  

• option boot.tftp.compressRoot

  type boolean

  default

  false
  

• option boot.tftp.freeSpaceBytes

  type signed integer

  default

  0
  

• option boot.tftp.kernelFormat

  type one of “zimage”, “uimage”

  default

  "uimage"
  

ubifs

• option hardware.ubi.logicalEraseBlockSize

  type string

• option hardware.ubi.maxLEBcount

  type string

• option hardware.ubi.minIOSize

  type string

• option hardware.ubi.physicalEraseBlockSize

  type string

ramdisk

• option boot.ramdisk.enable

  Whether to enable reserving part of memory as an MTD-based RAM disk. Needed for TFTP booting or for kexec-based revertable upgrade .

  type boolean

  example

  true
  

  default

  false
  

Users

User- and group-related configuration.

Changes made here are reflected in files such as :file:/etc/shadow, :file:/etc/passwd, :file:/etc/group etc. If you are familiar with user configuration in NixOS, please note that Liminix does not have the concept of “mutable users” - files in /etc/ are symlinks to the immutable store, so you can’t e.g change a password with passwd

• option groups

  type attribute set of (submodule)

• option groups.<name>.gid

  type signed integer

• option groups.<name>.usernames

  type list of string

  default

  [ ]
  

• option users

  type attribute set of (submodule)

• option users.<name>.dir

  type string

  default

  "/run"
  

• option users.<name>.gecos

  type string

  example

  "Jo Q User"
  

  default

  ""
  

• option users.<name>.gid

  type signed integer

• option users.<name>.openssh.authorizedKeys.keys

  type list of string

  default

  [ ]
  

• option users.<name>.passwd

  encrypted password, as generated by mkpasswd -m sha512crypt

  type string

  example

  "$6$RIYL.EgWOrtoJ0/7$Z53a8sc0o6AU/kuFOGiLJKhwVavTG/deoM7JTs6luNczYSUsh4UYmhvT8sVzm.l8F/LZXhhhkC7IHQs5UGAIM/"
  

  default

  "!!"
  

• option users.<name>.shell

  type string

  default

  "/bin/sh"
  

• option users.<name>.uid

  type signed integer

Bridge module

Allows creation of Layer 2 software “bridge” network devices. A common use case is to merge together a hardware Ethernet device with one or more WLANs so that several local devices appear to be on the same network.

path modules/bridge/default.nix

• service system.service.bridge.members

  Service parameters

  • option members

    interfaces to add to the bridge

    type list of s6-rc service

  • option primary

    primary bridge interface

    type s6-rc service

• service system.service.bridge.primary

  Service parameters

  • option ifname

    bridge interface name to create

    type string

DHCP6 client module

This is for use if you have an IPv6-capable upstream that provides address information and/or prefix delegation using DHCP6. It provides a service to request address information in the form of a DHCP lease, and two dependent services that listen for updates to the DHCP address information and can be used to update addresses of network interfaces that you want to assign those prefixes to

path modules/dhcp6c/default.nix

• service system.service.dhcp6c.address

  Service parameters

  • option client

    type anything

  • option interface

    interface to assign the address to

    type s6-rc service

• service system.service.dhcp6c.client

  Service parameters

  • option interface

    interface (usually WAN) to query for DHCP6

    type s6-rc service

• service system.service.dhcp6c.prefix

  Service parameters

  • option client

    type anything

  • option interface

    interface to assign <prefix>::1 to

    type s6-rc service

Dnsmasq

This module includes a service to provide DNS, DHCP, and IPv6 router advertisement for the local network.

path modules/dnsmasq/default.nix

• service system.service.dnsmasq

  Service parameters

  • option domain

    Domain name for DHCP service: causes the DHCP server to return the domain to any hosts which request it, and sets the domain which it is legal for DHCP-configured hosts to claim

    type string

  • option group

    Specifies the unix group which dnsmasq will run as

    type string

    default

    dnsmasq
    

  • option hosts

    type attribute set of (submodule)

  • option interface

    type s6-rc service

  • option ranges

    type list of string

  • option resolvconf

    type null or s6-rc service

  • option upstreams

    type list of string

  • option user

    Specifies the unix user which dnsmasq will run as

    type string

    default

    dnsmasq
    

Firewall

Provides a service to create an nftables ruleset based on configuration supplied to it.

path modules/firewall/default.nix

• service system.service.firewall

  Service parameters

  • option extraRules

    firewall ruleset

    type attribute set of (attribute set)

  • option rules

    firewall ruleset

    type attribute set of (attribute set)

Hostapd

Hostapd (host access point daemon) enables a wireless network interface to act as an access point and authentication server, providing IEEE 802.11 access point management, and IEEE 802.1X/WPA/WPA2/EAP Authenticators. In less technical terms, this service is what you need for your Liminix device to provide a wireless network that clients can connect to.

If you have more than one wireless network interface (e.g. wlan0, wlan1) you can run an instance of hostapd on each of them.

path modules/hostapd/default.nix

• service system.service.hostapd

  Service parameters

  • option interface

    type s6-rc service

  • option params

    type attribute set

ifwait

path modules/ifwait/default.nix

• service system.service.ifwait

  Service parameters

  • option interface

    type s6-rc service

  • option service

    type s6-rc service

  • option state

    type string

Mount

Mount filesystems

path modules/mount/default.nix

• service system.service.mount

  Service parameters

  • option fstype

    type string

    default

    auto
    

  • option mountpoint

    type string

  • option options

    type list of string

  • option partlabel

    type string

Network

Basic network services for creating hardware ethernet devices and adding addresses

path modules/network/default.nix

• service system.service.network.address

  network interface address

  Service parameters

  • option address

    type string

  • option family

    type one of “inet”, “inet6”

  • option interface

    type s6-rc service

  • option prefixLength

    type integer between 0 and 128 (both inclusive)

• service system.service.network.dhcp.client

  DHCP v4 client

  Service parameters

  • option interface

    type s6-rc service

• service system.service.network.forward

  Service parameters

  • option enableIPv4

    type boolean

  • option enableIPv6

    type boolean

• service system.service.network.link

  hardware network interface

  Service parameters

  • option devpath

    Path to the sysfs node of the device. If you provide this and the ifname option, the device will be renamed to the name given by ifname.

    type null or string

  • option ifname

    Device name as used by the kernel (as seen in “ip link” or “ifconfig” output). If devpath is also specified, the device will be renamed to the name provided.

    type string

  • option mtu

    type null or signed integer

• service system.service.network.route

  Service parameters

  • option interface

    Interface to route through. May be omitted if it can be inferred from “via”

    type null or s6-rc service

  • option metric

    route metric

    type signed integer

  • option target

    host or network to add route to

    type string

  • option via

    address of next hop

    type string

NTP

A network time protocol implementation so that your Liminix device may synchronize its clock with an accurate time source, and optionally also provide time service to its peers. The implementation used in Liminix is Chrony

path modules/ntp/default.nix

• service system.service.ntp

  Service parameters

  • option allow

    subnets from which NTP clients are allowed to access the server

    type list of string

  • option bindaddress

    type null or string

  • option binddevice

    type null or string

  • option dumpdir

    type path

    default

    /run/chrony
    

  • option extraConfig

    type strings concatenated with “\n”

    default

  • option makestep

    type null or (submodule)

  • option peers

    type attribute set of list of string

  • option pools

    type attribute set of list of string

  • option servers

    type attribute set of list of string

  • option user

    type string

    default

    ntp
    

PPP

A PPPoE (PPP over Ethernet) configuration to address the case where your Liminix device is connected to an upstream network using PPPoE. This is typical for UK broadband connections where the physical connection is made by OpenReach (“Fibre To The X”) and common in some other localities as well: ask your ISP if this is you.

path modules/ppp/default.nix

• service system.service.pppoe

  Service parameters

  • option interface

    ethernet interface to run PPPoE over

    type s6-rc service

  • option ppp-options

    options supplied on ppp command line

    type list of string

Secure Shell

Provide SSH service using Dropbear

path modules/ssh/default.nix

• service system.service.ssh

  Service parameters

  • option address

    Listen on specified address

    type null or string

  • option allowLocalPortForward

    Enable local port forwarding

    type boolean

  • option allowPasswordLogin

    Allow login using password (disable for public key auth only)

    type boolean

  • option allowPasswordLoginForRoot

    Allow root to login using password (disable for public key auth only)

    type boolean

  • option allowRemoteConnectionToForwardedPorts

    Allow remote hosts to connect to local forwarded ports (by default they are bound to loopback)

    type boolean

  • option allowRemotePortForward

    Enable remote port forwarding

    type boolean

  • option allowRoot

    Allow root to login

    type boolean

  • option extraConfig

    type strings concatenated with “ “

    default

  • option port

    Listen on specified TCP port

    type 16 bit unsigned integer; between 0 and 65535 (both inclusive)

VLAN

Virtual LANs give you the ability to sub-divide a LAN. Linux can accept VLAN tagged traffic and presents each VLAN ID as a different network interface (eg: eth0.100 for VLAN ID 100)

Some Liminix devices with multiple ethernet ports are implemented using a network switch connecting the physical ports to the CPU, and require using VLAN in order to send different traffic to different ports (e.g. LAN vs WAN)

path modules/vlan/default.nix

• service system.service.vlan

  Service parameters

  • option ifname

    interface name to create

    type string

  • option primary

    existing physical interface

    type s6-rc service

  • option vid

    VLAN identifier (VID) in range 1-4094

    type string

Watchdog

Enable hardware watchdog (for devices that support one) and feed it by checking the health of specified critical services. If the watchdog feeder stops, the device will reboot.

path modules/watchdog/default.nix

• service system.service.watchdog

  Service parameters

  • option headStart

    delay in seconds before watchdog starts checking service health

    type signed integer

  • option watched

    services to watch

    type list of s6-rc service