NixOps Options ============== deployment.alwaysActivate ------------------------- Always run the activation script, no matter whether the configuration has changed (the default). This behaviour can be enforced even if it's set to ``false`` using the command line option ``--always-activate`` on deployment. If this is set to ``false``, activation is done only if the new system profile doesn't match the previous one. Read Only :Type: boolean :Default: true deployment.hasFastConnection ---------------------------- If set to ``true``, whole closure will be copied using just `nix-copy-closure`. If set to ``false``, closure will be copied first using binary substitution. Additionally, any missing derivations copied with `nix-copy-closure` will be done using ``--gzip`` flag. Some backends set this value to ``true``. Read Only :Type: boolean :Default: false deployment.keys --------------- The set of keys to be deployed to the machine. Each attribute maps a key name to a file that can be accessed as ``destDir``/``name``, where ``destDir`` defaults to ``/run/keys``. Thus, ``{ password.text = "foobar"; }`` causes a file ``destDir``/password`` to be created with contents ``foobar``. The directory ``destDir`` is only accessible to root and the ``keys`` group, so keep in mind to add any users that need to have access to a particular key to this group. Each key also gets a systemd service ``-key.service`` which is active while the key is present and inactive while the key is absent. Thus, ``{ password.text = "foobar"; }`` gets a ``password-key.service``. Read Only :Type: attribute set of string or key optionss :Default: {} :Example: {"password":{"text":"foobar"}} deployment.keys..destDir ------------------------------ When specified, this allows changing the destDir directory of the key file from its default value of ``/run/keys``. This directory will be created, its permissions changed to ``0750`` and ownership to ``root:keys``. Read Only :Type: path :Default: "/run/keys" deployment.keys..group ---------------------------- The group that will be set for the key file. Read Only :Type: string :Default: "root" deployment.keys..keyCommand --------------------------------- When non-null, output of this command run on local machine will be deployed to the specified key on the target machine. If the key name is ``password`` and ``echo secrettoken`` is set here, the contents of the file ``destDir``/``password`` deployed will equal the output of the command ``echo secrettoken``. This option is especially useful when you don't want to store the secrets inside of your NixOps deployment but rather in a well-guarded place such as an encrypted file. Consider using nixpkgs.password-store as storage for such sensitive secrets. NOTE: Either ``text``, ``keyCommand`` or ``keyFile`` have to be set. Read Only :Type: null or list of strings :Default: null :Example: ["pass","show","secrettoken"] deployment.keys..keyFile ------------------------------ When non-null, contents of the specified file will be deployed to the specified key on the target machine. If the key name is ``password`` and ``/foo/bar`` is set here, the contents of the file ``destDir``/``password`` deployed will be the same as local file ``/foo/bar``. Since no serialization/deserialization of key contents is involved, there are no limits on that content: null bytes, invalid Unicode, ``/dev/random`` output -- anything goes. NOTE: Either ``text``, ``keyCommand`` or ``keyFile`` have to be set. Read Only :Type: null or path :Default: null deployment.keys..name --------------------------- The name of the key file. Read Only :Type: string :Default: "‹name›" :Example: "secret.txt" deployment.keys..permissions ---------------------------------- The default permissions to set for the key file, needs to be in the format accepted by ``chmod(1)``. Read Only :Type: string :Default: "0600" :Example: "0640" deployment.keys..text --------------------------- When non-null, this designates the text that the key should contain. So if the key name is ``password`` and ``foobar`` is set here, the contents of the file ``destDir``/``password`` will be ``foobar``. NOTE: Either ``text``, ``keyCommand`` or ``keyFile`` have to be set. Read Only :Type: null or string :Default: null :Example: "super secret stuff" deployment.keys..user --------------------------- The user which will be the owner of the key file. Read Only :Type: string :Default: "root" deployment.owners ----------------- List of email addresses of the owners of the machines. Used to send email on performing certain actions. Read Only :Type: list of strings :Default: [] deployment.privilegeEscalationCommand ------------------------------------- A command to escalate to root privileges when using SSH as a non-root user. This option is ignored if the ``targetUser`` option is set to ``root``. The program and its options are executed verbatim without shell. It's good practice to end with "--" to indicate that the privilege escalation command should stop processing command line arguments. Read Only :Type: list of strings :Default: ["sudo","-H","--"] deployment.provisionSSHKey -------------------------- This option specifies whether to let NixOps provision SSH deployment keys. NixOps will by default generate an SSH key, store the private key in its state file, and add the public key to the remote host. Setting this option to ``false`` will disable this behaviour and rely on you to manage your own SSH keys by yourself and to ensure that ``ssh`` has access to any keys it requires. Read Only :Type: boolean :Default: true deployment.sshOptions --------------------- Extra options passed to the OpenSSH client verbatim, and are not executed by a shell. Read Only :Type: list of strings :Default: [] deployment.targetEnv -------------------- This option specifies the type of the environment in which the machine is to be deployed by NixOps. Read Only :Type: string :Default: "none" :Example: "ec2" deployment.targetHost --------------------- This option specifies the hostname or IP address to be used by NixOps to execute remote deployment operations. Read Only :Type: string deployment.targetPort --------------------- This option specifies the SSH port to be used by NixOps to execute remote deployment operations. Read Only :Type: signed integer deployment.targetUser --------------------- The username to be used by NixOps by SSH when connecting to the remote system. Read Only :Type: string :Default: "root" networking.privateIPv4 ---------------------- IPv4 address of this machine within in the logical network. This address can be used by other machines in the logical network to reach this machine. However, it need not be visible to the outside (i.e., publicly routable). Read Only :Type: string :Example: "10.1.2.3" networking.publicIPv4 --------------------- Publicly routable IPv4 address of this machine. Read Only :Type: null or string :Default: null :Example: "198.51.100.123" networking.vpnPublicKey ----------------------- Public key of the machine's VPN key (set by nixops) Read Only :Type: null or string :Default: null