Nixos Module Options Reference

These are the NixOS Module options for self-hosting NixCI.

Please reach out to get set up with a self-hosted NixCI installation.

Options

services.nix-ci.production.workers

This option has no description.

Type: attribute set of (submodule)


services.nix-ci.production.workers.<name>.enable

Enable the worker: ‹name›

Type: boolean

Default: true


services.nix-ci.production.workers.<name>.worker-host

This option has no description.

Type: submodule

Default: { }


services.nix-ci.production.workers.<name>.worker-host.admin-notification-command

Admin notification command

Type: null or string

Default: null


services.nix-ci.production.workers.<name>.worker-host.auto-wipe

Remove the VM state on every boot, for truly ephemeral workers.

Type: boolean

Default: true


services.nix-ci.production.workers.<name>.worker-host.debug

This option has no description.

Type: null or (submodule)

Default: null


services.nix-ci.production.workers.<name>.worker-host.debug.authorizedKeysFiles

SSH public key files with which the host can ssh into the VM

Type: list of string

Default: [ ]


services.nix-ci.production.workers.<name>.worker-host.debug.enable

Whether to enable NixCI Worker debug options.

Type: boolean

Default: false

Example: true


services.nix-ci.production.workers.<name>.worker-host.debug.port

Port to ssh into the VM

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: 2222


services.nix-ci.production.workers.<name>.worker-host.debug.rootPassword

Root password for debugging

Type: string

Default: "root"


services.nix-ci.production.workers.<name>.worker-host.enable

enable the foreign-key-checker looper

Type: null or boolean

Default: null


services.nix-ci.production.workers.<name>.worker-host.gateway

The gateway to allow access to.

Type: null or string

Default: null

Example: "10.0.0.0"


services.nix-ci.production.workers.<name>.worker-host.guest-imports

This option has no description.

Type: unspecified value

Default: [ ]


services.nix-ci.production.workers.<name>.worker-host.hostName

Hostname for the guest vm

Type: null or string

Default: null


services.nix-ci.production.workers.<name>.worker-host.local-network

The local network to deny access to.

Type: null or string

Default: null

Example: "10.0.0.0/8"


services.nix-ci.production.workers.<name>.worker-host.virtualisation

This option has no description.

Type: unspecified value


services.nix-ci.production.workers.<name>.worker-host.working-dir

Working directory of the worker

Type: null or string

Default: "/var/lib/nix-ci-production-worker/‹name›"


services.nix-ci.production.workers.<name>.workers

This option has no description.

Type: attribute set of (submodule)

Default: { }


services.nix-ci.production.workers.<name>.workers.<name>.config

This option has no description.

Type: submodule

Default: { }


services.nix-ci.production.workers.<name>.workers.<name>.config.admin-notification-command

Command to notify the administrator

Type: null or string

Default: null


services.nix-ci.production.workers.<name>.workers.<name>.config.allowed

Allowed work

Type: null or (submodule) or list of (submodule)

Default: null


services.nix-ci.production.workers.<name>.workers.<name>.config.cachix-executable

Path to the cachix executable

Type: null or string

Default: null


services.nix-ci.production.workers.<name>.workers.<name>.config.leader

Leader API

Type: null or string

Default: null


services.nix-ci.production.workers.<name>.workers.<name>.config.log-level

Minimal severity of log messages

Type: null or one of "Debug", "Info", "Warn", "Error"

Default: null


services.nix-ci.production.workers.<name>.workers.<name>.config.name

Worker name for registering with the leader

Type: null or string

Default: null


services.nix-ci.production.workers.<name>.workers.<name>.config.nix-executable

Path to the nix executable

Type: null or string

Default: null


services.nix-ci.production.workers.<name>.workers.<name>.config.private-key

Worker private key for authenticating with the leader

Type: null or string

Default: null


services.nix-ci.production.workers.<name>.workers.<name>.config.private-key-file

Worker private key for authenticating with the leader

Type: null or string

Default: null


services.nix-ci.production.workers.<name>.workers.<name>.config.prompt-timeout

How long to wait for the leader to send a prompt before restarting

Type: null or signed integer or floating point number

Default: null


services.nix-ci.production.workers.<name>.workers.<name>.config.timeout

Maximum timeout for jobs

Type: null or signed integer or floating point number

Default: null


services.nix-ci.production.workers.<name>.workers.<name>.enable

Enable the worker: ‹name›

Type: boolean

Default: true


services.nix-ci.production.workers.<name>.workers.<name>.enableSettingsCheck

Enable a static settings check. Turn this off if your system has secrets that are provisioned at runtime.

Type: boolean

Default: true


services.nix-ci.production.workers.<name>.workers.<name>.extraConfig

The contents of the config file, as an attribute set. This will be translated to Yaml and put in the right place along with the rest of the options defined in this submodule.

Type: unspecified value

Default: { }


services.nix-ci.production.workers.<name>.workers.<name>.gateway

The gateway to allow access to.

Type: null or string

Default: null

Example: "10.0.0.0"


services.nix-ci.production.workers.<name>.workers.<name>.local-network

The local network to deny access to.

Type: null or string

Default: null

Example: "10.0.0.0/8"


services.nix-ci.production.workers.<name>.workers.<name>.working-dir

Working directory of the worker

Type: string

Default: "/var/lib/nix-ci-production-worker/‹name›"


services.nix-ci.production.workers-unsafe

This option has no description.

Type: attribute set of (submodule)

Default: { }


services.nix-ci.production.workers-unsafe.<name>.config

This option has no description.

Type: submodule

Default: { }


services.nix-ci.production.workers-unsafe.<name>.config.admin-notification-command

Command to notify the administrator

Type: null or string

Default: null


services.nix-ci.production.workers-unsafe.<name>.config.allowed

Allowed work

Type: null or (submodule) or list of (submodule)

Default: null


services.nix-ci.production.workers-unsafe.<name>.config.cachix-executable

Path to the cachix executable

Type: null or string

Default: null


services.nix-ci.production.workers-unsafe.<name>.config.leader

Leader API

Type: null or string

Default: null


services.nix-ci.production.workers-unsafe.<name>.config.log-level

Minimal severity of log messages

Type: null or one of "Debug", "Info", "Warn", "Error"

Default: null


services.nix-ci.production.workers-unsafe.<name>.config.name

Worker name for registering with the leader

Type: null or string

Default: null


services.nix-ci.production.workers-unsafe.<name>.config.nix-executable

Path to the nix executable

Type: null or string

Default: null


services.nix-ci.production.workers-unsafe.<name>.config.private-key

Worker private key for authenticating with the leader

Type: null or string

Default: null


services.nix-ci.production.workers-unsafe.<name>.config.private-key-file

Worker private key for authenticating with the leader

Type: null or string

Default: null


services.nix-ci.production.workers-unsafe.<name>.config.prompt-timeout

How long to wait for the leader to send a prompt before restarting

Type: null or signed integer or floating point number

Default: null


services.nix-ci.production.workers-unsafe.<name>.config.timeout

Maximum timeout for jobs

Type: null or signed integer or floating point number

Default: null


services.nix-ci.production.workers-unsafe.<name>.enable

Enable the worker: ‹name›

Type: boolean

Default: true


services.nix-ci.production.workers-unsafe.<name>.enableSettingsCheck

Enable a static settings check. Turn this off if your system has secrets that are provisioned at runtime.

Type: boolean

Default: true


services.nix-ci.production.workers-unsafe.<name>.extraConfig

The contents of the config file, as an attribute set. This will be translated to Yaml and put in the right place along with the rest of the options defined in this submodule.

Type: unspecified value

Default: { }


services.nix-ci.production.workers-unsafe.<name>.gateway

The gateway to allow access to.

Type: null or string

Default: null

Example: "10.0.0.0"


services.nix-ci.production.workers-unsafe.<name>.local-network

The local network to deny access to.

Type: null or string

Default: null

Example: "10.0.0.0/8"


services.nix-ci.production.workers-unsafe.<name>.working-dir

Working directory of the worker

Type: string

Default: "/var/lib/nix-ci-production-worker/‹name›"