kampka.profiles.desktop.enable
Whether to enable A minimal profile for desktop systems.
type
boolean
example
{
kampka.profiles.desktop.enable = true;
}
default
{
kampka.profiles.desktop.enable = false;
}
kampka.profiles.headless.enable
Whether to enable A minimal profile for a headless system.
type
boolean
example
{
kampka.profiles.headless.enable = true;
}
default
{
kampka.profiles.headless.enable = false;
}
kampka.programs.firefox.enable
Whether to enable Firefox with strict settings.
type
boolean
example
{
kampka.programs.firefox.enable = true;
}
default
{
kampka.programs.firefox.enable = false;
}
kampka.programs.firefox.userPolicies
Policies allow additional control over Firefox settings in addition or sometimes beyond the scope of userSettings. The set defined here must serialize to a key/value pair where keys are always strings and values are the Nix representations of the JSON value valid for the given key. See https://github.com/mozilla/policy-templates/blob/master/README.md for details.
type
attribute set
example
{
kampka.programs.firefox.userPolicies = {
DisableFirefoxScreenshots = true;
Extensions = {
Install = [
"//path/to/xpi"
];
};
};
}
default
{
kampka.programs.firefox.userPolicies = {};
}
kampka.programs.firefox.userSettings
Setting to be applied to firefox as hard defaults. These settings cannot be changed via UI, about:config or remote sync/API. The set defined here must serialize to a key/value pair where keys are always strings and values are the Nix representations of the JSON value valid for the given key. All valid key/value pairs are listed in about:config. See also https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/A_brief_guide_to_Mozilla_preferences
type
attribute set
example
{
kampka.programs.firefox.userSettings = {
"browser.search.region" = "US";
"browser.startup.page" = 1;
"geo.enabled" = true;
};
}
default
{
kampka.programs.firefox.userSettings = {};
}
kampka.programs.nix-search.enable
Whether to enable nix-search - accelerated nix-env search.
type
boolean
example
{
kampka.programs.nix-search.enable = true;
}
default
{
kampka.programs.nix-search.enable = false;
}
kampka.programs.zsh-history.enable
Whether to enable A CLI to provide enhanced history for your shell.
type
boolean
example
{
kampka.programs.zsh-history.enable = true;
}
default
{
kampka.programs.zsh-history.enable = false;
}
kampka.programs.zsh-history.package
type
package
default
{
kampka.programs.zsh-history.package = {
drvPath = "zsh-history-2019-12-10";
name = "zsh-history-2019-12-10";
outPath = "zsh-history-2019-12-10";
type = "derivation";
};
}
kampka.services.dns-cache.enable
Whether to enable dns cache service with dns-over-tls.
type
boolean
example
{
kampka.services.dns-cache.enable = true;
}
default
{
kampka.services.dns-cache.enable = false;
}
kampka.services.dns-cache.dnsmasq
type
submodule
default
{
kampka.services.dns-cache.dnsmasq = {};
}
kampka.services.dns-cache.dnsmasq.allServers
Enables querying all configured servers, using the first positive result
type
boolean
default
{
kampka.services.dns-cache.dnsmasq.allServers = true;
}
kampka.services.dns-cache.dnsmasq.bogusPriv
Bogus private reverse lookups. All reverse lookups for private IP ranges (ie 192.168.x.x, etc) which are not found in /etc/hosts or the DHCP leases file are answered with "no such domain" rather than being forwarded upstream. The set of prefixes affected is the list given in RFC6303, for IPv4 and IPv6.
type
boolean
default
{
kampka.services.dns-cache.dnsmasq.bogusPriv = false;
}
kampka.services.dns-cache.dnsmasq.cache-size
Amount of DNS resolves to cache
type
signed integer
default
{
kampka.services.dns-cache.dnsmasq.cache-size = 1500;
}
kampka.services.dns-cache.dnsmasq.dhcp
DNSMasq dhcp options
type
list of submodule
default
{
kampka.services.dns-cache.dnsmasq.dhcp = [];
}
kampka.services.dns-cache.dnsmasq.dhcp.*.domain
type
submodule
kampka.services.dns-cache.dnsmasq.dhcp.*.domain.local
type
boolean
default
{
kampka.services.dns-cache.dnsmasq.dhcp.*.domain.local = true;
}
kampka.services.dns-cache.dnsmasq.dhcp.*.domain.name
type
string
kampka.services.dns-cache.dnsmasq.dhcp.*.domain.network
type
null or string
example
{
kampka.services.dns-cache.dnsmasq.dhcp.*.domain.network = "10.0.0.0/8";
}
default
{
kampka.services.dns-cache.dnsmasq.dhcp.*.domain.network = null;
}
kampka.services.dns-cache.dnsmasq.dhcp.*.host
Enable the DHCP server. Addresses will be given out from the range
type
list of submodule
default
{
kampka.services.dns-cache.dnsmasq.dhcp.*.host = [];
}
kampka.services.dns-cache.dnsmasq.dhcp..host..hardwareAddress
The hardware address (MAC) of the machine requesting a lease.
type
string
kampka.services.dns-cache.dnsmasq.dhcp..host..ipAddress
The IP address leased to the given hardware address
type
string
kampka.services.dns-cache.dnsmasq.dhcp..host..leaseTime
The lease time is in seconds, or minutes (eg 45m) or hours (eg 1h) or 'infinite'. The minimum lease time is two minutes.
type
string
default
{
kampka.services.dns-cache.dnsmasq.dhcp.*.host.*.leaseTime = "infinite";
}
kampka.services.dns-cache.dnsmasq.dhcp..host..name
The hostname to assign to the given hardware address
type
string
kampka.services.dns-cache.dnsmasq.dhcp..host..staticRecord
If set, a static A record will be added for the host
type
boolean
default
{
kampka.services.dns-cache.dnsmasq.dhcp.*.host.*.staticRecord = true;
}
kampka.services.dns-cache.dnsmasq.dhcp.*.range
Specify per host parameters for the DHCP server. This allows a machine with a particular hardware address to be always allocated the same hostname, IP address and lease time.
type
list of submodule
default
{
kampka.services.dns-cache.dnsmasq.dhcp.*.range = [];
}
kampka.services.dns-cache.dnsmasq.dhcp..range..endAddr
The end address of the dhcp range
type
string
kampka.services.dns-cache.dnsmasq.dhcp..range..interface
The name of the network interface this lease range is associated with.
type
string
kampka.services.dns-cache.dnsmasq.dhcp..range..leaseTime
The lease time is in seconds, or minutes (eg 45m) or hours (eg 1h) or 'infinite'. If not given, the default lease time is one hour. The minimum lease time is two minutes.
type
string
default
{
kampka.services.dns-cache.dnsmasq.dhcp.*.range.*.leaseTime = "1h";
}
kampka.services.dns-cache.dnsmasq.dhcp..range..startAddr
The start address of the dhcp range
type
string
kampka.services.dns-cache.dnsmasq.extraConfig
type
string
default
{
kampka.services.dns-cache.dnsmasq.extraConfig = "";
}
kampka.services.dns-cache.dnsmasq.interfaces
List of network interfaces to bind to.
type
list of string
default
{
kampka.services.dns-cache.dnsmasq.interfaces = [
"lo"
];
}
kampka.services.dns-cache.dnsmasq.logQueries
If enabled, DNSMasq logs all DNS queries
type
boolean
default
{
kampka.services.dns-cache.dnsmasq.logQueries = false;
}
kampka.services.dns-cache.dnsmasq.noNegCache
Disable negative result caching
type
boolean
default
{
kampka.services.dns-cache.dnsmasq.noNegCache = true;
}
kampka.services.dns-cache.dnsmasq.validateDnsSec
If enabled, causes DNSMasq to validate DNSSEC records
type
boolean
default
{
kampka.services.dns-cache.dnsmasq.validateDnsSec = true;
}
kampka.services.dns-cache.upstreamServers
List of upstream dns servers
type
list of submodule
default
{
kampka.services.dns-cache.upstreamServers = [
{
address = "46.182.19.48";
tlsAuthName = "dns2.digitalcourage.de";
tlsPubkeyPinset = {
digest = "sha256";
value = "v7rm6OtQQD3x/wbsdHDZjiDg+utMZvnoX3jq3Vi8tGU=";
};
}
{
address = "2a02:2970:1002::18";
tlsAuthName = "dns2.digitalcourage.de";
tlsPubkeyPinset = {
digest = "sha256";
value = "v7rm6OtQQD3x/wbsdHDZjiDg+utMZvnoX3jq3Vi8tGU=";
};
}
{
address = "80.241.218.68";
tlsAuthName = "fdns1.dismail.de";
tlsPubkeyPinset = {
digest = "sha256";
value = "MMi3E2HZr5A5GL+badqe3tzEPCB00+OmApZqJakbqUU=";
};
}
{
address = "2a02:c205:3001:4558::1";
tlsAuthName = "fdns1.dismail.de";
tlsPubkeyPinset = {
digest = "sha256";
value = "MMi3E2HZr5A5GL+badqe3tzEPCB00+OmApZqJakbqUU=";
};
}
{
address = "159.69.114.157";
tlsAuthName = "fdns2.dismail.de";
tlsPubkeyPinset = {
digest = "sha256";
value = "yJYDim2Wb6tbxUB3yA5ElU/FsRZZhyMXye8sXhKEd1w=";
};
}
{
address = "2a01:4f8:c17:739a::2";
tlsAuthName = "fdns2.dismail.de";
tlsPubkeyPinset = {
digest = "sha256";
value = "yJYDim2Wb6tbxUB3yA5ElU/FsRZZhyMXye8sXhKEd1w=";
};
}
];
}
kampka.services.dns-cache.upstreamServers.*.address
IP address of the upstream DNS server
type
string
example
{
kampka.services.dns-cache.upstreamServers.*.address = "1.1.1.1";
}
kampka.services.dns-cache.upstreamServers.*.tlsAuthName
DNS name for which the certificate has to be valid
type
string
kampka.services.dns-cache.upstreamServers.*.tlsPubkeyPinset
type
submodule
kampka.services.dns-cache.upstreamServers.*.tlsPubkeyPinset.digest
Hash algorithm of the certificate hash
type
string
example
{
kampka.services.dns-cache.upstreamServers.*.tlsPubkeyPinset.digest = "sha256";
}
default
{
kampka.services.dns-cache.upstreamServers.*.tlsPubkeyPinset.digest = "sha256";
}
kampka.services.dns-cache.upstreamServers.*.tlsPubkeyPinset.value
Base64 encoded hash of servers TLS certificate
type
string
kampka.services.luksopen.devices
The list of luks devices to be opened.
type
list of submodule
example
{
kampka.services.luksopen.devices = [
{
source = "/dev/sda";
target = "root";
}
];
}
default
{
kampka.services.luksopen.devices = [];
}
kampka.services.luksopen.devices.*.keyFile
The key file used for decrytion.
type
path
kampka.services.luksopen.devices.*.source
The source device to be openeds
type
string
kampka.services.luksopen.devices.*.target
The target device name
type
string
kampka.services.matrix.enable
Whether to enable matrix home server.
type
boolean
example
{
kampka.services.matrix.enable = true;
}
default
{
kampka.services.matrix.enable = false;
}
kampka.services.matrix.matrix
type
submodule
kampka.services.matrix.matrix.clientPort
The client port used by the home server for clients to connect
type
signed integer
default
{
kampka.services.matrix.matrix.clientPort = 8008;
}
kampka.services.matrix.matrix.dataDir
The directory used by the matrix server to store additional state, like user uploaded files etc.
type
string
default
{
kampka.services.matrix.matrix.dataDir = "/var/lib/matrix-synapse";
}
kampka.services.matrix.matrix.federationPort
The federation port used by the home server
type
signed integer
default
{
kampka.services.matrix.matrix.federationPort = 8448;
}
kampka.services.matrix.matrix.hostName
The full hostname the matrix server is reached at
type
string
kampka.services.matrix.matrix.registration_shared_secret
The registration shared secret
type
string
kampka.services.matrix.matrix.serverName
The public server name of the matrix server
type
string
kampka.services.matrix.matrix.uploadSizeMB
The maximum upload size for files in MB
type
signed integer
default
{
kampka.services.matrix.matrix.uploadSizeMB = 100;
}
kampka.services.matrix.riot
type
submodule
kampka.services.matrix.riot.enable
Whether to enable riot web interface.
type
boolean
example
{
kampka.services.matrix.riot.enable = true;
}
default
{
kampka.services.matrix.riot.enable = false;
}
kampka.services.matrix.riot.hostName
The hostname of the riot web interface
type
string
kampka.services.matrix.turn
type
submodule
kampka.services.matrix.turn.enable
Whether to enable turn server.
type
boolean
example
{
kampka.services.matrix.turn.enable = true;
}
default
{
kampka.services.matrix.turn.enable = false;
}
kampka.services.matrix.turn.hostName
The hostname of the turn server
type
string
kampka.services.matrix.turn.max-port
The highest available UDP port of the turn port range
type
signed integer
default
{
kampka.services.matrix.turn.max-port = 44999;
}
kampka.services.matrix.turn.min-port
The lowest available UDP port of the turn port range
type
signed integer
default
{
kampka.services.matrix.turn.min-port = 49152;
}
kampka.services.matrix.turn.relay-ips
A list of public IPs the turn server advertises on
type
list of string
kampka.services.matrix.turn.turn_shared_secret
The turn shared secret file
type
string
kampka.services.msmtp-mailqueue.enable
Whether to enable sendmail drop-in replacement with mail queue for msmtp.
type
boolean
example
{
kampka.services.msmtp-mailqueue.enable = true;
}
default
{
kampka.services.msmtp-mailqueue.enable = false;
}
kampka.services.msmtp-mailqueue.accountDefault
Name of the default account. Must match one of the account names in accounts.
type
string
kampka.services.msmtp-mailqueue.accounts
type
list of submodule
kampka.services.msmtp-mailqueue.accounts.*.from
The from: mail address used for sending mails
type
string
default
{
kampka.services.msmtp-mailqueue.accounts.*.from = "root";
}
kampka.services.msmtp-mailqueue.accounts.*.host
hostname of the smtp server to use
type
string
kampka.services.msmtp-mailqueue.accounts.*.name
The name of the account
type
string
kampka.services.msmtp-mailqueue.accounts.*.password-file
The file containing the server password used for authentication (plain-text)
type
string
kampka.services.msmtp-mailqueue.accounts.*.port
SMTP port of the server
type
signed integer
default
{
kampka.services.msmtp-mailqueue.accounts.*.port = 587;
}
kampka.services.msmtp-mailqueue.accounts.*.user
The server user name used for authentication
type
string
kampka.services.msmtp-mailqueue.aliases
type
list of submodule
kampka.services.msmtp-mailqueue.aliases.*.aliases
A list of aliases for the local address
type
list of string
kampka.services.msmtp-mailqueue.aliases.*.name
The local address
type
string
kampka.services.msmtp-mailqueue.gpgKeys
PGP public keys used for encrypting the mail.
type
list of path
default
{
kampka.services.msmtp-mailqueue.gpgKeys = [];
}
kampka.services.msmtp-mailqueue.interval
The interval at which to trigger a queue flush. Valid values must conform to systemd.time(7) format.
type
string
default
{
kampka.services.msmtp-mailqueue.interval = "15min";
}
kampka.services.msmtp-mailqueue.mailDir
Directory where the mail queue is stored.
type
string
default
{
kampka.services.msmtp-mailqueue.mailDir = "/var/spool/msmtpq";
}
kampka.services.msmtp-relay.enable
Whether to enable msmtp-relay.
type
boolean
example
{
kampka.services.msmtp-relay.enable = true;
}
default
{
kampka.services.msmtp-relay.enable = false;
}
kampka.services.msmtp-relay.accountDefault
Name of the default account. Must match one of the account names in accounts.
type
string
kampka.services.msmtp-relay.accounts
type
list of submodule
kampka.services.msmtp-relay.accounts.*.from
The from: mail address used for sending mails
type
string
default
{
kampka.services.msmtp-relay.accounts.*.from = "root";
}
kampka.services.msmtp-relay.accounts.*.host
hostname of the smtp server to use
type
string
kampka.services.msmtp-relay.accounts.*.name
The name of the account
type
string
kampka.services.msmtp-relay.accounts.*.password-file
The file containing the server password used for authentication (plain-text)
type
string
kampka.services.msmtp-relay.accounts.*.port
SMTP port of the server
type
signed integer
default
{
kampka.services.msmtp-relay.accounts.*.port = 465;
}
kampka.services.msmtp-relay.accounts.*.user
The server user name used for authentication
type
string
kampka.services.msmtp-relay.aliases
type
list of submodule
kampka.services.msmtp-relay.aliases.*.aliases
A list of aliases for the local address
type
list of string
kampka.services.msmtp-relay.aliases.*.name
The local address
type
string
kampka.services.nginx.enable
Whether to enable nginx.
type
boolean
example
{
kampka.services.nginx.enable = true;
}
default
{
kampka.services.nginx.enable = false;
}
kampka.services.nginx.openFirewallPorts
Whether or not to open the default ports (80, 443) in the firewall.
type
boolean
default
{
kampka.services.nginx.openFirewallPorts = true;
}
kampka.services.nixops-auto-upgrade.enable
Whether to enable nixops-auto-upgrade.
type
boolean
example
{
kampka.services.nixops-auto-upgrade.enable = true;
}
default
{
kampka.services.nixops-auto-upgrade.enable = false;
}
kampka.services.nixops-auto-upgrade.configurationPath
The path of the nix configuration used for running the auto upgrades. Typically, this is ./. in your configuration.nix Note that this path must include all files required to compile the configuration, eg. imports from ../ are not easily supported.
type
path
example
{
kampka.services.nixops-auto-upgrade.configurationPath = "/nix/store/r6jp4syfmjnj2hz93j57nd0xdn2zyhrc-nixops-auto-upgrade";
}
kampka.services.nixops-auto-upgrade.nixPath
The NIX_PATH used as a basis for the unattended upgrades. These paths must be resolvable on the remote host. Therefore, it makes sense to use paths that are resolvable via network, eg. http
type
string
example
{
kampka.services.nixops-auto-upgrade.nixPath = "nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/nixos-19.03.tar.gz";
}
kampka.services.ntp.enable
Whether to enable NTP service.
type
boolean
example
{
kampka.services.ntp.enable = true;
}
default
{
kampka.services.ntp.enable = false;
}
kampka.services.ntp.allowAddress
IP addresses or ranges that are allowed to synchronize from this service
type
list of string
example
{
kampka.services.ntp.allowAddress = [
"10.10.0.1"
"10.20.0.0/16"
];
}
default
{
kampka.services.ntp.allowAddress = [];
}
kampka.services.ntp.timeServers
The list of time servers used.
type
list of string
default
{
kampka.services.ntp.timeServers = [
"ptbtime1.ptb.de"
"ptbtime2.ptb.de"
"ptbtime3.ptb.de"
];
}
kampka.services.systemd-failure-email.enable
Whether to enable systemd-failure-email.
type
boolean
example
{
kampka.services.systemd-failure-email.enable = true;
}
default
{
kampka.services.systemd-failure-email.enable = false;
}
kampka.services.systemd-failure-email.receipient
The user or address to receive failure emails.
type
string
default
{
kampka.services.systemd-failure-email.receipient = "root";
}
kampka.services.systemd-failure-email.services
A list of services that should generate emails on failure
type
list of string
default
{
kampka.services.systemd-failure-email.services = [];
}