Set of files that have to be linked in /etc.
- type:
list or attribute set of submodules - default:
{}
Whether this /etc file should be generated. This option allows specific /etc files to be disabled.
- type:
boolean - default:
true
GID of created file. Only takes affect when the file is copied (that is, the mode is not 'symlink').
- type:
signed integer - default:
0
Group name of created file. Only takes affect when the file is copied (that is, the mode is not 'symlink'). Changing this option takes precedence over gid.
- type:
string - default:
+0
If set to something else than symlink, the file is copied instead of symlinked, with the given file mode.
- type:
string - default:
symlink
Path of the source file.
- type:
path - default:
null
Name of symlink (relative to /etc). Defaults to the attribute name.
- type:
string - default:
null
Text of the file.
- type:
null or strings concatenated with "\n" - default:
null
UID of created file. Only takes affect when the file is copied (that is, the mode is not 'symlink').
- type:
signed integer - default:
0
User name of created file. Only takes affect when the file is copied (that is, the mode is not 'symlink'). Changing this option takes precedence over uid.
- type:
string - default:
+0
The set of packages that appear in /run/current-system/sw. These packages are automatically available to all users, and are automatically updated every time you rebuild the system configuration. (The latter is the main difference with installing them in the default profile, /nix/var/nix/profiles/default.
- type:
list of packages - default:
[]
Entry point command list
- type:
list of strings - default:
[]
Environment variables
- type:
attribute set - default:
{}
The parent image
- type:
null or package - default:
null
Add packages for an interactive use of the container (bashInteractive, coreutils)
- type:
boolean - default:
false
The name of the image
- type:
string - default:
null
Extra commands run at container build time
- type:
strings concatenated with "\n" - default: ``
The tag of the image
- type:
null or string - default:
null
The generated init script.
- type:
null or package - default:
null
Definition of s6 service.
- type:
attribute set of submodules - default:
{}
Configure ordering dependencies between units.
- type:
list of strings - default:
[]
Whether to enable the service
- type:
boolean - default:
true
Environment variables passed to the service's processes.
- type:
attribute set of null or string or path or packages - default:
{}
Command executed as the service's logger: it gets the stdout of the main process.
- type:
null or string or package - default:
null
Command executed as the service's main process.
- type:
string or package - default: ``
Restart the service if it fails. Note this is only used by long-run services.
- type:
boolean - default:
false
Shell commands executed as the service's main process.
- type:
strings concatenated with "\n" - default: ``
Type of the s6 service (oneshot-pre, long-run or oneshot-post).
- type:
one of "long-run", "oneshot-pre", "oneshot-post" - default:
long-run
Set the UNIX user that the processes are executed as.
- type:
string - default:
root
Sets the working directory for executed processes.
- type:
null or string - default:
null
This option defines the default shell assigned to user accounts. This can be either a full system path or a shell package.
This must not be a store path, since the path is used outside the store (in particular in /etc/passwd).
- type:
path or package - default:
null
Whether to require that no two users/groups share the same uid/gid.
- type:
boolean - default:
true
Additional groups to be created automatically by the system.
- type:
list or attribute set of submodules - default:
{}
The group GID. If the GID is null, a free GID is picked on activation.
- type:
null or signed integer - default:
null
The user names of the group members, added to the /etc/group file.
- type:
list of Concatenated strings - default:
[]
The name of the group. If undefined, the name of the attribute set will be used.
- type:
string - default:
null
If set to true, you are free to add new users and groups to the system with the ordinary useradd and groupadd commands. On system activation, the existing contents of the /etc/passwd and /etc/group files will be merged with the contents generated from the users.users and users.groups options. The initial password for a user will be set according to users.users, but existing passwords will not be changed.
If set to false, the contents of the user and group files will simply be replaced on system activation. This also holds for the user passwords; all changed passwords will be reset according to the users.users configuration on activation.
- type:
boolean - default:
true
Additional user accounts to be created automatically by the system. This can also be used to set options for root.
- type:
list or attribute set of submodules - default:
{}
If true, the home directory will be created automatically. If this option is true and the home directory already exists but is not owned by the user, directory owner and group will be changed to match the user.
- type:
boolean - default:
false
A short description of the user account, typically the user's full name. This is actually the “GECOS” or “comment” field in /etc/passwd.
- type:
string - default: ``
The user's auxiliary groups.
- type:
list of strings - default:
[]
The user's primary group.
- type:
string - default:
nogroup
Specifies the hashed password for the user. The options hashedPassword,
password and passwordFile controls what password is set for the user. hashedPassword overrides both password and passwordFile. password overrides passwordFile. If none of these three options are set, no password is assigned to the user, and the user will not be able to do password logins. If the option users.mutableUsers is true, the password defined in one of the three options will only be set when the user is created for the first time. After that, you are free to change the password with the ordinary user management commands. If users.mutableUsers is false, you cannot change user passwords, they will always be set according to the password options.To generate hashed password install mkpasswd package and run mkpasswd -m sha-512.
- type:
null or string - default:
null
The user's home directory.
- type:
path - default:
/var/empty
Specifies the initial hashed password for the user, i.e. the hashed password assigned if the user does not already exist. If users.mutableUsers is true, the password can be changed subsequently using the passwd command. Otherwise, it's equivalent to setting the hashedPassword option.
To generate hashed password install mkpasswd package and run mkpasswd -m sha-512.
- type:
null or string - default:
null
Specifies the initial password for the user, i.e. the password assigned if the user does not already exist. If
users.mutableUsers is true, the password can be changed subsequently using the passwd command. Otherwise, it's equivalent to setting the password option. The same caveat applies: the password specified here is world-readable in the Nix store, so it should only be used for guest accounts or passwords that will be changed promptly.- type:
null or string - default:
null
Indicates whether this is an account for a “real” user. This automatically sets group to users, createHome to true, home to /home/username,
useDefaultShell to true, and isSystemUser to false.- type:
boolean - default:
false
Indicates if the user is a system user or not. This option only has an effect if uid is
null, in which case it determines whether the user's UID is allocated in the range for system users (below 500) or in the range for normal users (starting at 1000).- type:
boolean - default:
false
The name of the user account. If undefined, the name of the attribute set will be used.
- type:
string - default:
null
The set of packages that should be made availabe to the user. This is in contrast to environment.systemPackages, which adds packages to all users.
- type:
list of packages - default:
[]
Specifies the (clear text) password for the user. Warning: do not set confidential information here because it is world-readable in the Nix store. This option should only be used for public accounts. The options hashedPassword,
password and passwordFile controls what password is set for the user. hashedPassword overrides both password and passwordFile. password overrides passwordFile. If none of these three options are set, no password is assigned to the user, and the user will not be able to do password logins. If the option users.mutableUsers is true, the password defined in one of the three options will only be set when the user is created for the first time. After that, you are free to change the password with the ordinary user management commands. If users.mutableUsers is false, you cannot change user passwords, they will always be set according to the password options.- type:
null or string - default:
null
The full path to a file that contains the user's password. The password file is read on each system activation. The file should contain exactly one line, which should be the password in an encrypted form that is suitable for the chpasswd -e command. The options hashedPassword,
password and passwordFile controls what password is set for the user. hashedPassword overrides both password and passwordFile. password overrides passwordFile. If none of these three options are set, no password is assigned to the user, and the user will not be able to do password logins. If the option users.mutableUsers is true, the password defined in one of the three options will only be set when the user is created for the first time. After that, you are free to change the password with the ordinary user management commands. If users.mutableUsers is false, you cannot change user passwords, they will always be set according to the password options.- type:
null or Concatenated string - default:
null
The path to the user's shell. Can use shell derivations,
like pkgs.bashInteractive. Don’t
forget to enable your shell in
programs if necessary,
like programs.zsh.enable = true;.
- type:
package or path - default:
pkgs.shadow
Subordinate group ids that user is allowed to use. They are set into /etc/subgid and are used by newgidmap for user namespaces.
- type:
list of submodules - default:
[]
Count of subordinate group ids
- type:
signed integer - default:
1
Start of the range of subordinate group ids that user is allowed to use.
- type:
signed integer - default:
null
Subordinate user ids that user is allowed to use. They are set into /etc/subuid and are used by newuidmap for user namespaces.
- type:
list of submodules - default:
[]
Count of subordinate user ids
- type:
signed integer - default:
1
Start of the range of subordinate user ids that user is allowed to use.
- type:
signed integer - default:
null
The account UID. If the UID is null, a free UID is picked on activation.
- type:
null or signed integer - default:
null
If true, the user's shell will be set to
users.defaultUserShell.- type:
boolean - default:
false