packages

List of packages to link to /bin

Type: list of package

Default: [ ]

Declared by:

_module.args

Additional arguments passed to each module in addition to ones like lib, config, and pkgs, modulesPath.

This option is also available to all submodules. Submodules do not inherit args from their parent module, nor do they provide args to their parent module or sibling submodules. The sole exception to this is the argument name which is provided by parent modules to a submodule and contains the attribute name the submodule is bound to, or a unique generated name if it is not bound to an attribute.

Some arguments are already passed by default, of which the following cannot be changed with this option:

  • lib: The nixpkgs library.

  • config: The results of all options after merging the values from all modules together.

  • options: The options declared in all modules.

  • specialArgs: The specialArgs argument passed to evalModules.

  • All attributes of specialArgs

    Whereas option values can generally depend on other option values thanks to laziness, this does not apply to imports, which must be computed statically before anything else.

    For this reason, callers of the module system can provide specialArgs which are available during import resolution.

    For NixOS, specialArgs includes modulesPath, which allows you to import extra modules from the nixpkgs package tree without having to somehow make the module aware of the location of the nixpkgs or NixOS directories.

    { modulesPath, ... }: {
  imports = [
    (modulesPath + "/profiles/minimal.nix")
  ];
}

For NixOS, the default value for this option includes at least this argument:

  • pkgs: The nixpkgs package set according to the nixpkgs.pkgs option.

Type: lazy attribute set of raw value

Declared by:

actions

Actions which could be performed on derivation

Type: attribute set of string

Default: { }

Declared by:

cmd

The default arguments to the entrypoint of the container.

Type: list of (string or package)

Default: [ ]

Declared by:

copyToRoot

A derivation (or list of derivations) copied in the image root directory (store path prefixes /nix/store/hash-path are removed, in order to relocate them at the image /).

Type: null or package or list of package

Default: null

Declared by:

directories

This option has no description.

Type: attribute set of (submodule)

Default: { }

Example:

{
  "/tmp".mode = "1777";
}

Declared by:

directories.<name>.enable

Whether this file should be generated. This option allows specific files to be disabled.

Type: boolean

Default: true

Declared by:

directories.<name>.gid

GID of created file. Only takes effect when the file is copied (that is, the mode is not ‘symlink’).

Type: signed integer

Default: 0

Declared by:

directories.<name>.mode

If set to something else than symlink, the file is copied instead of symlinked, with the given file mode.

Type: string

Default: "symlink"

Example: "0600"

Declared by:

directories.<name>.target

Directory name. Defaults to the attribute name.

Type: string

Declared by:

directories.<name>.uid

UID of created file. Only takes effect when the file is copied (that is, the mode is not ‘symlink’).

Type: signed integer

Default: 0

Declared by:

entrypoint

A list of arguments to use as the command to execute when the container starts.

Type: string or package or list of (string or package)

Default: [ ]

Declared by:

env

Environment variables to be used in a container.

Type: attribute set

Default: { }

Declared by:

exposedPorts

A set of ports to expose from a container running this image.

Type: attribute set

Default: { }

Example:

{ "8080/tcp" = {}; };

Declared by:

files

This option has no description.

Type: attribute set of (submodule)

Default: { }

Example:

{
  "etc/example-configuration-file" = {
    source = "/nix/store/.../dir/file.conf.example";
    mode = "0440";
  };
  "etc/default/useradd".text = "GROUP=100 ...";
}

Declared by:

files.<name>.enable

Whether this file should be generated. This option allows specific files to be disabled.

Type: boolean

Default: true

Declared by:

files.<name>.gid

GID of created file. Only takes effect when the file is copied (that is, the mode is not ‘symlink’).

Type: signed integer

Default: 0

Declared by:

files.<name>.mode

If set to something else than symlink, the file is copied instead of symlinked, with the given file mode.

Type: string

Default: "symlink"

Example: "0600"

Declared by:

files.<name>.source

Path of the source file.

Type: path

Declared by:

files.<name>.target

Name of symlink. Defaults to the attribute name.

Type: string

Declared by:

files.<name>.text

Text of the file.

Type: null or strings concatenated with “\n”

Default: null

Declared by:

files.<name>.uid

UID of created file. Only takes effect when the file is copied (that is, the mode is not ‘symlink’).

Type: signed integer

Default: 0

Declared by:

fromImage

An image that is used as base image of this image.

Type: string or package

Default: ""

Declared by:

labels

Arbitrary metadata for the container.

Type: attribute set of string

Default: { }

Declared by:

layers

A list of layers built with the buildLayer function: If a store path in deps or contents belongs to one of these layers, this store path is skipped. This is pretty useful to isolate store paths that are often updated from more stable store paths, to speed up build and push time.

Type: list of package

Default: [ ]

Declared by:

maxLayers

The maximum number of layers to create. Note this is applied on the image layers and not on layers added with the ‘layers’ attribute.

Type: signed integer

Default: 1

Declared by:

meta

Metadata of image

Type: attribute set

Default: { }

Declared by:

name

The name of the image.

Type: string

Declared by:

nix.gid

If nix.initializeDatabase is set to true, the gid of /nix can be controlled using nix.gid

Type: signed integer

Default: 0

Declared by:

nix.initializeDatabase

To initialize the Nix database with all store paths added into the image. Note this is only useful to run nix commands from the image, for instance to build an image used by a CI to run Nix builds.

Type: boolean

Default: false

Declared by:

nix.uid

If nix.initializeDatabase is set to true, the uid of /nix can be controlled using nix.uid

Type: signed integer

Default: 0

Declared by:

passthru

Extra attributes of image

Type: attribute set

Default: { }

Declared by:

perms

A list of file permisssions which are set when the tar layer is created: these permissions are not written to the Nix store.

Type: list of (attribute set)

Default: [ ]

Example:

{
  path = "a store path";
  regex = ".*";
  mode = "0664";
}

Declared by:

reproducible

Store the layer tar in the derivation. This is useful when the layer dependencies are not bit reproducible.

Type: boolean

Default: true

Declared by:

setup

OCI image setup scripts to generate more complex layers

Type: attribute set of (submodule)

Default: { }

Declared by:

setup.<name>.drv

Derivation used instead of setup script. Takes preferece over local and script arguments.

Type: null or package

Default: null

Declared by:

setup.<name>.local

Should this script be executed locally. More often then not these scripts are faster to run localy than to pull the result from the cache

Type: boolean

Default: true

Declared by:

setup.<name>.perms

Permissions for the generated output

Type: null or (submodule)

Default: null

Declared by:

setup.<name>.perms.mode

File mode for paths matching the regex

Type: null or string

Example: "0777"

Declared by:

setup.<name>.perms.regex

Path regex for which permisions should be set

Type: string

Example: ".*"

Declared by:

setup.<name>.script

Script to be executed to build a layer

Type: null or string

Default: null

Declared by:

stopSignal

The system call signal that will be sent to the container to exit.

Type: null or string

Default: null

Declared by:

tag

Unique image tag

Type: string (read only)

Declared by:

tags

Additional tags of the image

Type: list of string

Default: [ ]

Declared by:

user

Username or UID which the process in the container should run as.

Type: null or string

Default: null

Declared by:

users

User accounts to be created on the image

Type: attribute set of (submodule)

Default: { }

Declared by:

users.<name>.gid

Account GID

Type: signed integer

Declared by:

users.<name>.group

The user’s primary group.

Type: string

Declared by:

users.<name>.shell

Path to users shell

Type: string

Default: ""

Declared by:

users.<name>.uid

Account UID

Type: signed integer

Declared by:

users.<name>.withHome

Should home directory be created

Type: boolean

Default: false

Declared by:

volumes

Set of directories describing where the process is likely write data specific to a container instance.

Type: attribute set

Default: { }

Declared by:

workingDir

Sets the current working directory of the entrypoint process in the container.

Type: string

Default: "/"

Declared by: