settings.fleet-manager.enable
boolean
default:false
This Cluster is the Fleet ManagerDeclared in modules/kubernetes/fleet-manager.nix.

settings.git.repos
attribute set of path
default:{}
Set of local git repositories to be committed locally on each activation.Declared in modules/git/default.nix.

settings.impermanence.enable
boolean
default:false
Whether to enable impermanence.
Example
true
Declared in modules/impermanence.nix.

settings.impermanence.persistentSystemPath
string
default:"/nix/persist/system"
Path to where the persisted part of the system liesDeclared in modules/impermanence.nix.

settings.kubernetes.enable
boolean
default:false
Run a k3s Kubernetes node on the machine.Declared in modules/kubernetes/default.nix.

settings.kubernetes.group
string
default:"k8s-admin"
Group that has access to the k3s config and data.Declared in modules/kubernetes/default.nix.

settings.kubernetes.labels
attribute set of string
default:{}
Labels to add to the clusterDeclared in modules/kubernetes/default.nix.

settings.kubernetes.name
string
default:"nixos"
Name of the k3s cluster.Declared in modules/kubernetes/default.nix.

settings.kubernetes.oauthClientId
string
required
OAuth client ID for the tailscale operator.Declared in modules/kubernetes/default.nix.

settings.kubernetes.values
attribute set of string
default:{}
Template values of the clusterDeclared in modules/kubernetes/default.nix.

settings.local-server.enable
boolean
default:true
Label this machine as a local server.Declared in modules/local-server/default.nix.

settings.localIP
null or string
IP of the machine in the local networkDeclared in modules/networking.nix.

settings.prometheus.enable
boolean
default:false
Label the machine as using the Prometheus monitoring system.By default, the machine is labeled when the Kubernetes cluster is enabled.Declared in modules/prometheus/default.nix.

settings.prometheus.federation.enable
boolean
default:true
Label the machine as using Prometheus in a federation of multiple Prometheus instances.Declared in modules/prometheus/default.nix.

settings.prometheus.federation.upstream.enable
boolean
default:true
Label the machine as being the upstream Prometheus instance in a federation.Declared in modules/prometheus/default.nix.

settings.publicIP
null or string
Public IP of the machineDeclared in modules/networking.nix.

settings.ssh.fail2ban.enable
boolean
default:false
Enable fail2ban to block SSH brute force attacks.By default, Fail2ban is enabled if sshguard is disabled.Declared in modules/ssh.nix.

settings.ssh.sshguard.enable
boolean
default:true
Enable sshguard to block SSH brute force attacks.Declared in modules/ssh.nix.

settings.sshPublicKey
string
required
SSH public key of the machine.This option is required to decode the secrets defined in the main features like users, wireless networks, etc.Declared in modules/ssh.nix.

settings.swap.file.enable
boolean
default:true
Enable a swap file on the root partition.Declared in modules/swap.nix.

settings.swap.file.size
integer between 0 and 10 (both inclusive)
default:1
Size of the swap file in GiB.Declared in modules/swap.nix.

settings.swap.zram.enable
boolean
default:true
Enable a swap file in a zram device.Declared in modules/swap.nix.

settings.users.users
attribute set of (submodule)
default:{}
Set of users to create and configure.Declared in modules/users.nix.

settings.users.users.<name>.enable
boolean
default:false
Whether the user is enabled in the machine.Declared in modules/users.nix.

settings.users.users.<name>.isAdmin
boolean
default:false
Whether the user is an admin of the machine.Declared in modules/users.nix.

settings.users.users.<name>.isSystemUser
boolean
default:false
Whether the user is a system user.Declared in modules/users.nix.

settings.users.users.<name>.publicKeys
list of valid ecdsa-sha2-nistp256 or ssh-ed25519 or ssh-rsa key, meaning a string matching the pattern ^ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTY[[:lower:][:upper:][:digit:]\/+]{108}=$|^ssh-ed25519 AAAAC3NzaC1lZDI1NTE5[[:lower:][:upper:][:digit:]\/+]{48}$|^ssh-rsa AAAAB3NzaC1yc2E[[:lower:][:upper:][:digit:]\/+]{355,}={0,2}$
default:[]
Public keys of the user, without the comment (user@host) part.Declared in modules/users.nix.