diff --git a/doc/manual/configuration.xml b/doc/manual/configuration.xml new file mode 100644 index 00000000000..f73018279a5 --- /dev/null +++ b/doc/manual/configuration.xml @@ -0,0 +1,169 @@ + + +Configuration + +This chapter describes how to configure various aspects of a +NixOS machine through the configuration file +/etc/nixos/configuration.nix. As described in +, changes to that file only take +effect after you run nixos-rebuild. + + + + +
Networking + +
Secure shell access + +Secure shell (SSH) access to your machine can be enabled by +setting: + + +services.openssh.enable = true; + + +By default, root logins using a password are disallowed. They can be +disabled entirely by setting +services.openssh.permitRootLogin to +"no". + +You can declaratively specify authorised RSA/DSA public keys for +a user as follows: + + + +users.extraUsers.alice.openssh.authorizedKeys.keys = + [ "ssh-dss AAAAB3NzaC1kc3MAAACBAPIkGWVEt4..." ]; + + + + +
+ + +
IPv4 configuration + +By default, NixOS uses DHCP (specifically, +(dhcpcd)) to automatically configure network +interfaces. However, you can configure an interface manually as +follows: + + +networking.interfaces.eth0 = { ipAddress = "192.168.1.2"; prefixLength = 24; }; + + +(The network prefix can also be specified using the option +subnetMask, +e.g. "255.255.255.0", but this is deprecated.) +Typically you’ll also want to set a default gateway and set of name +servers: + + +networking.defaultGateway = "192.168.1.1"; +networking.nameservers = [ "8.8.8.8" ]; + + + + +Statically configured interfaces are set up by the systemd +service +interface-name-cfg.service. +The default gateway and name server configuration is performed by +network-setup.service. + +The host name is set using : + + +networking.hostName = "cartman"; + + +The default host name is nixos. Set it to the +empty string ("") to allow the DHCP server to +provide the host name. + +
+ + +
IPv6 configuration + +IPv6 is enabled by default. Stateless address autoconfiguration +is used to automatically assign IPv6 addresses to all interfaces. You +can disable IPv6 support globally by setting: + + +networking.enableIPv6 = false; + + + + +
+ + +
Firewall + +NixOS has a simple stateful firewall that blocks incoming +connections and other unexpected packets. The firewall applies to +both IPv4 and IPv6 traffic. It can be enabled as follows: + + +networking.firewall.enable = true; + + +You can open specific TCP ports to the outside world: + + +networking.firewall.allowedTCPPorts = [ 80 443 ]; + + +Note that TCP port 22 (ssh) is opened automatically if the SSH daemon +is enabled (). UDP +ports can be opened through +. Also of +interest is + + +networking.firewall.allowPing = true; + + +to allow the machine to respond to ping requests. (ICMPv6 pings are +always allowed.) + +
+ + +
Wireless networks + +TODO + +
+ + +
Ad-hoc configuration + +You can use to specify +shell commands to be run at the end of +network-setup.service. This is useful for doing +network configuration not covered by the existing NixOS modules. For +instance, to statically configure an IPv6 address: + + +networking.localCommands = + '' + ip -6 addr add 2001:610:685:1::1/64 dev eth0 + ''; + + + + +
+ + + + + +
+ + + diff --git a/doc/manual/installation.xml b/doc/manual/installation.xml index 8bde2f6e053..55e23691ccb 100644 --- a/doc/manual/installation.xml +++ b/doc/manual/installation.xml @@ -58,7 +58,7 @@ Wiki. For partitioning: fdisk. - + For initialising Ext4 partitions: mkfs.ext4. It is recommended that you assign a unique symbolic label to the file system using the option @@ -70,13 +70,13 @@ Wiki. mkswap. Again it’s recommended to assign a label to the swap partition: . - + For creating LVM volumes, the LVM commands, e.g., $ pvcreate /dev/sda1 /dev/sdb1 $ vgcreate MyVolGroup /dev/sda1 /dev/sdb1 -$ lvcreate --size 2G --name bigdisk MyVolGroup +$ lvcreate --size 2G --name bigdisk MyVolGroup $ lvcreate --size 1G --name smalldisk MyVolGroup @@ -87,7 +87,7 @@ $ lvcreate --size 1G --name smalldisk MyVolGroup - + Mount the target file system on which NixOS should be installed on /mnt. @@ -138,7 +138,7 @@ $ nixos-option --install xlink:href="https://nixos.org/repos/nix/configurations/trunk/"/>. - + If your machine has a limited amount of memory, you may want to activate swap devices now (swapon device). The installer (or @@ -234,7 +234,7 @@ $ reboot swapDevices = [ { device = "/dev/disk/by-label/swap"; } ]; - + services.sshd.enable = true; } @@ -260,7 +260,7 @@ to build the new configuration, make it the default configuration for booting, and try to realise the configuration in the running system (e.g., by restarting system services). -You can also do +You can also do $ nixos-rebuild test @@ -270,7 +270,7 @@ without making it the boot default. So if (say) the configuration locks up your machine, you can just reboot to get back to a working configuration. -There is also +There is also $ nixos-rebuild boot @@ -279,7 +279,7 @@ to build the configuration and make it the boot default, but not switch to it now (so it will only take effect after the next reboot). -Finally, you can do +Finally, you can do $ nixos-rebuild build @@ -329,7 +329,7 @@ You can then upgrade NixOS to the latest version in the channel by running -$ nix-channel --update +$ nix-channel --update nixos and running the nixos-rebuild command as described diff --git a/doc/manual/manual.xml b/doc/manual/manual.xml index b7e4c6315f9..9179911f248 100644 --- a/doc/manual/manual.xml +++ b/doc/manual/manual.xml @@ -24,16 +24,16 @@ 2007-2012 Eelco Dolstra - + - + Preface This manual describes NixOS, a Linux distribution based on the purely functional package management system Nix. - + NixOS is rather bleeding edge, and this manual is correspondingly sketchy and quite possibly out of date. It gives basic information on how to get NixOS up and running, but since @@ -45,11 +45,12 @@ mailing list or on the #nixos channel on Freenode.. - + - + +