Modules Options
ghaf.common.appHosts
Section titled “ghaf.common.appHosts”List of app hosts currently enabled.
Type: list of string
Default:
[ ]
Declared by:
ghaf.common.hardware.audio
Section titled “ghaf.common.hardware.audio”List of Audio PCI devices currently enabled for passthrough.
Type: list of (attribute set)
Default:
[ { }]Declared by:
ghaf.common.hardware.gpus
Section titled “ghaf.common.hardware.gpus”List of GPUs currently enabled for passthrough.
Type: list of (attribute set)
Default:
[ { }]Declared by:
ghaf.common.hardware.nics
Section titled “ghaf.common.hardware.nics”List of network interfaces currently enabled for passthrough.
Type: list of (attribute set)
Default:
[ { }]Declared by:
ghaf.common.systemHosts
Section titled “ghaf.common.systemHosts”List of system hosts currently enabled.
Type: list of string
Default:
[ ]
Declared by:
ghaf.common.vms
Section titled “ghaf.common.vms”List of VMs currently enabled.
Type: list of string
Default:
[ ]
Declared by:
ghaf.development.cuda.enable
Section titled “ghaf.development.cuda.enable”Whether to enable CUDA Support.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.development.debug.tools.enable
Section titled “ghaf.development.debug.tools.enable”Whether to enable Debug Tools.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.development.debug.tools.gui.enable
Section titled “ghaf.development.debug.tools.gui.enable”Whether to enable Enable GUI Debugging Tools.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.development.nix-setup.enable
Section titled “ghaf.development.nix-setup.enable”Whether to enable Target Nix config options.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.development.nix-setup.automatic-gc.enable
Section titled “ghaf.development.nix-setup.automatic-gc.enable”Whether to enable Enable automatic garbage collection.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.development.nix-setup.nixpkgs
Section titled “ghaf.development.nix-setup.nixpkgs”Path to the nixpkgs repository
Type: null or absolute path
Default:
null
Declared by:
ghaf.development.ssh.daemon.enable
Section titled “ghaf.development.ssh.daemon.enable”Whether to enable ssh daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.development.usb-serial.enable
Section titled “ghaf.development.usb-serial.enable”Whether to enable Usb-Serial.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.firewall.kernel-modules.enable
Section titled “ghaf.firewall.kernel-modules.enable”Whether to enable kernel modules required for firewall.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.givc.enable
Section titled “ghaf.givc.enable”Whether to enable Enable gRPC inter-vm communication.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.givc.enableTls
Section titled “ghaf.givc.enableTls”Enable TLS for gRPC communication globally, or disable for debugging.
Type: boolean
Default:
true
Declared by:
ghaf.givc.adminConfig
Section titled “ghaf.givc.adminConfig”Admin server configuration.
Type: submodule
Declared by:
ghaf.givc.adminConfig.addresses
Section titled “ghaf.givc.adminConfig.addresses”Addresses of admin server
Type: list of (submodule)
Declared by:
ghaf.givc.adminConfig.addresses.*.addr
Section titled “ghaf.givc.adminConfig.addresses.*.addr”IP address of admin server
Type: string
Declared by:
ghaf.givc.adminConfig.addresses.*.name
Section titled “ghaf.givc.adminConfig.addresses.*.name”Name of the IP range for parsing
Type: string
Declared by:
ghaf.givc.adminConfig.addresses.*.port
Section titled “ghaf.givc.adminConfig.addresses.*.port”Port of admin server
Type: string
Declared by:
ghaf.givc.adminConfig.addresses.*.protocol
Section titled “ghaf.givc.adminConfig.addresses.*.protocol”Protocol of admin server
Type: one of “tcp”, “unix”, “vsock”
Declared by:
ghaf.givc.adminConfig.name
Section titled “ghaf.givc.adminConfig.name”Host name of admin server
Type: string
Declared by:
ghaf.givc.adminvm.enable
Section titled “ghaf.givc.adminvm.enable”Whether to enable Enable adminvm givc module…
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.givc.appPrefix
Section titled “ghaf.givc.appPrefix”Common application path prefix.
Type: string
Declared by:
ghaf.givc.appvm.enable
Section titled “ghaf.givc.appvm.enable”Whether to enable Enable appvm givc module…
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.givc.appvm.applications
Section titled “ghaf.givc.appvm.applications”Applications to run in the appvm.
Type: list of (attribute set)
Default:
[ { }]Declared by:
ghaf.givc.audiovm.enable
Section titled “ghaf.givc.audiovm.enable”Whether to enable Enable audiovm givc module…
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.givc.cliArgs
Section titled “ghaf.givc.cliArgs”Arguments for the givc-cli to contact the admin service.
Type: string
Declared by:
ghaf.givc.debug
Section titled “ghaf.givc.debug”Whether to enable Enable givc debug mode.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.givc.guivm.enable
Section titled “ghaf.givc.guivm.enable”Whether to enable Enable guivm givc module…
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.givc.host.enable
Section titled “ghaf.givc.host.enable”Whether to enable Enable host givc module…
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.givc.idsExtraArgs
Section titled “ghaf.givc.idsExtraArgs”Extra arguments for applications when IDS/MITM is enabled.
Type: string
Declared by:
ghaf.givc.netvm.enable
Section titled “ghaf.givc.netvm.enable”Whether to enable Enable netvm givc module…
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.graphics.boot.enable
Section titled “ghaf.graphics.boot.enable”Enables graphical boot with plymouth.
Type: boolean
Default:
false
Declared by:
ghaf.graphics.cosmic.enable
Section titled “ghaf.graphics.cosmic.enable”Whether to enable cosmic.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.graphics.cosmic.securityContext
Section titled “ghaf.graphics.cosmic.securityContext”Security context settings
Type: submodule
Default:
{ borderWidth = 4; rules = [ ];}Declared by:
ghaf.graphics.cosmic.securityContext.borderWidth
Section titled “ghaf.graphics.cosmic.securityContext.borderWidth”Default border width in pixels
Type: positive integer, meaning >0
Default:
6
Example:
6
Declared by:
ghaf.graphics.cosmic.securityContext.rules
Section titled “ghaf.graphics.cosmic.securityContext.rules”List of security contexts rules
Type: list of (submodule)
Declared by:
ghaf.graphics.cosmic.securityContext.rules.*.color
Section titled “ghaf.graphics.cosmic.securityContext.rules.*.color”Window border color
Type: string
Example:
"#006305"
Declared by:
ghaf.graphics.cosmic.securityContext.rules.*.identifier
Section titled “ghaf.graphics.cosmic.securityContext.rules.*.identifier”The identifier attached to the security context
Type: string
Example:
"chrome-vm"
Declared by:
ghaf.graphics.intel-setup.enable
Section titled “ghaf.graphics.intel-setup.enable”Whether to enable Enable Intel GPU setup.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.graphics.labwc.enable
Section titled “ghaf.graphics.labwc.enable”Whether to enable labwc.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.graphics.labwc.autolock.enable
Section titled “ghaf.graphics.labwc.autolock.enable”Whether to enable screen autolocking.
Type: boolean
Default:
true
Declared by:
ghaf.graphics.labwc.autolock.duration
Section titled “ghaf.graphics.labwc.autolock.duration”Timeout for screen autolock in seconds.
Type: signed integer
Default:
300
Declared by:
ghaf.graphics.labwc.autologinUser
Section titled “ghaf.graphics.labwc.autologinUser”Username of the account that will be automatically logged in to the desktop. If unspecified, the login manager is shown as usual.
Type: null or string
Default:
"ghaf"
Declared by:
ghaf.graphics.labwc.extraAutostart
Section titled “ghaf.graphics.labwc.extraAutostart”These lines go to the end of labwc autoconfig
Type: string
Default:
""
Declared by:
ghaf.graphics.labwc.extraVariables
Section titled “ghaf.graphics.labwc.extraVariables”Extra environment variables applied to ghaf application launcher.
Type: attribute set
Default:
{ }
Declared by:
ghaf.graphics.labwc.frameColouring
Section titled “ghaf.graphics.labwc.frameColouring”List of applications and their frame colours
Type: list of (submodule)
Default:
[ { colour = "#006305"; identifier = "foot"; }]Declared by:
ghaf.graphics.labwc.frameColouring.*.colour
Section titled “ghaf.graphics.labwc.frameColouring.*.colour”Colour of the window frame
Type: string
Example:
"#006305"
Declared by:
ghaf.graphics.labwc.frameColouring.*.identifier
Section titled “ghaf.graphics.labwc.frameColouring.*.identifier”Identifier of the application
Type: string
Example:
"foot"
Declared by:
ghaf.graphics.labwc.gtk
Section titled “ghaf.graphics.labwc.gtk”Global gtk+ configuration
Type: submodule
Default:
{ colorScheme = "prefer-dark"; fontName = "Inter"; fontSize = "11"; iconTheme = "Papirus-Dark"; theme = "Adwaita";}Declared by:
ghaf.graphics.labwc.gtk.colorScheme
Section titled “ghaf.graphics.labwc.gtk.colorScheme”The preferred color scheme for gtk+. Valid values are ‘default’, ‘prefer-dark’, ‘prefer-light’.
Type: one of “default”, “prefer-dark”, “prefer-light”
Example:
"prefer-dark"
Declared by:
ghaf.graphics.labwc.gtk.fontName
Section titled “ghaf.graphics.labwc.gtk.fontName”The preferred font family.
Type: string
Example:
"Cantarell"
Declared by:
ghaf.graphics.labwc.gtk.fontSize
Section titled “ghaf.graphics.labwc.gtk.fontSize”The preferred default font size.
Type: null or string
Example:
"11"
Declared by:
ghaf.graphics.labwc.gtk.iconTheme
Section titled “ghaf.graphics.labwc.gtk.iconTheme”Name of the default icon theme used by gtk+.
Type: string
Example:
"Papirus"
Declared by:
ghaf.graphics.labwc.gtk.theme
Section titled “ghaf.graphics.labwc.gtk.theme”Basename of the default theme used by gtk+.
Type: string
Example:
"Adwaita"
Declared by:
ghaf.graphics.labwc.maxDesktops
Section titled “ghaf.graphics.labwc.maxDesktops”Max number of virtual desktops. Valid values are 1 - 8.
Type: signed integer
Default:
4
Declared by:
ghaf.graphics.labwc.securityContext
Section titled “ghaf.graphics.labwc.securityContext”Wayland security context settings
Type: list of (submodule)
Default:
[ ]
Declared by:
ghaf.graphics.labwc.securityContext.*.color
Section titled “ghaf.graphics.labwc.securityContext.*.color”Window frame color
Type: string
Example:
"#006305"
Declared by:
ghaf.graphics.labwc.securityContext.*.identifier
Section titled “ghaf.graphics.labwc.securityContext.*.identifier”The identifier attached to the security context
Type: string
Declared by:
ghaf.graphics.labwc.wallpaper
Section titled “ghaf.graphics.labwc.wallpaper”Path to the wallpaper image
Type: absolute path
Default:
"/nix/store/h9igrklf8yb3jjvdwcxgpdb6kpgsmzdx-ghaf-artwork-0.1.0/ghaf-desert-sunset.jpg"
Declared by:
ghaf.graphics.launchers
Section titled “ghaf.graphics.launchers”Application launchers to show in the system drawer or launcher.
Type: list of (submodule)
Default:
[ ]
Declared by:
ghaf.graphics.launchers.*.description
Section titled “ghaf.graphics.launchers.*.description”Description of the application
Type: string
Default:
"Secured Ghaf Application"
Declared by:
ghaf.graphics.launchers.*.icon
Section titled “ghaf.graphics.launchers.*.icon”Optional icon for the launcher. If unspecified, active icon theme will be searched to find an icon matching the launcher name. Can be set to an icon name from the current theme (Papirus) or a full path to an icon file.
Type: null or string
Default:
null
Declared by:
ghaf.graphics.launchers.*.name
Section titled “ghaf.graphics.launchers.*.name”Name of the application
Type: string
Declared by:
ghaf.graphics.launchers.*.path
Section titled “ghaf.graphics.launchers.*.path”Path to the executable to be launched
Type: absolute path
Declared by:
ghaf.graphics.launchers.*.vm
Section titled “ghaf.graphics.launchers.*.vm”VM name in case this launches an isolated application.
Type: null or string
Default:
null
Declared by:
ghaf.graphics.login-manager.enable
Section titled “ghaf.graphics.login-manager.enable”Whether to enable login manager using greetd.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.graphics.nvidia-setup.enable
Section titled “ghaf.graphics.nvidia-setup.enable”Whether to enable Enable Nvidia setup.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.graphics.nvidia-setup.openDrivers
Section titled “ghaf.graphics.nvidia-setup.openDrivers”Whether to use the open source drivers instead of the nvidia proprietary drivers, e.g., for Blackwell architectures.
Type: boolean
Default:
false
Declared by:
ghaf.graphics.nvidia-setup.prime.enable
Section titled “ghaf.graphics.nvidia-setup.prime.enable”Whether to configure prime offload.
This will allow on-demand offloading of rendering tasks to the NVIDIA GPU, all other rendering will happen on the GPU integrated in the CPU.
The GPU should be turned off whenever it is not in use, so this shouldn’t cause increased battery drain, but there are some reports floating around that this isn’t always the case - likely especially for older devices. Feel free to turn it off if you find this doesn’t work properly for you.
Type: boolean
Default:
false
Declared by:
ghaf.graphics.nvidia-setup.vaapi.enable
Section titled “ghaf.graphics.nvidia-setup.vaapi.enable”Whether to enable the NVIDIA vaapi driver.
This allows using the NVIDIA GPU for decoding video streams instead of using software decoding on the CPU.
This particularly makes sense for desktop computers without an iGPU, as on those software en/decoding will take a lot of processing power while the NVIDIA GPU’s encoding capacity isn’t doing anything, so this option is enabled by default there.
However, on machines with an iGPU, the dGPU’s en/decoding capabilities are often more limited than those of the iGPU, and require more power, so this is disabled there by default - it may still make sense from time to time, so feel free to experiment.
Type: boolean
Default:
false
Declared by:
ghaf.graphics.nvidia-setup.vaapi.maxInstances
Section titled “ghaf.graphics.nvidia-setup.vaapi.maxInstances”The maximum number of concurrent instances of the driver.
Sometimes useful for graphics cards with little VRAM.
Type: null or signed integer
Default:
null
Declared by:
ghaf.graphics.nvidia-setup.withIntegratedGPU
Section titled “ghaf.graphics.nvidia-setup.withIntegratedGPU”Whether the computer has a separate integrated GPU.
This also configures the machine to use the integrated GPU for other things like software decoding, so keep this enabled even if you separately disable offload rendering.
Type: boolean
Default:
false
Declared by:
ghaf.graphics.power-manager.enable
Section titled “ghaf.graphics.power-manager.enable”Override logind power management using ghaf-powercontrol
Type: boolean
Default:
false
Declared by:
ghaf.graphics.power-manager.enableShutdownListener
Section titled “ghaf.graphics.power-manager.enableShutdownListener”Enable the shutdown/reboot signal listener service
Type: boolean
Default:
true
Declared by:
ghaf.graphics.power-manager.enableSuspendListener
Section titled “ghaf.graphics.power-manager.enableSuspendListener”Enable the suspend signal listener service
Type: boolean
Default:
true
Declared by:
ghaf.guest.kernel.hardening.enable
Section titled “ghaf.guest.kernel.hardening.enable”Enable Ghaf Guest hardening feature
Type: boolean
Default:
false
Declared by:
ghaf.guest.kernel.hardening.graphics.enable
Section titled “ghaf.guest.kernel.hardening.graphics.enable”Enable support for Graphics in the Ghaf Guest
Type: boolean
Default:
false
Declared by:
ghaf.hardware.definition.audio.acpiPath
Section titled “ghaf.hardware.definition.audio.acpiPath”Path to ACPI file to add to a VM
Type: null or absolute path
Default:
"/sys/firmware/acpi/tables/NHLT"
Declared by:
ghaf.hardware.definition.audio.kernelConfig
Section titled “ghaf.hardware.definition.audio.kernelConfig”Hardware specific kernel configuration for audio devices
Type: submodule
Default:
{ }
Declared by:
ghaf.hardware.definition.audio.kernelConfig.kernelParams
Section titled “ghaf.hardware.definition.audio.kernelConfig.kernelParams”Hardware specific kernel parameters
Type: list of string
Default:
[ ]
Example:
[ "intel_iommu=on,sm_on" "iommu=pt" "module_blacklist=i915" "acpi_backlight=vendor" "acpi_osi=linux"]Declared by:
ghaf.hardware.definition.audio.kernelConfig.stage1.kernelModules
Section titled “ghaf.hardware.definition.audio.kernelConfig.stage1.kernelModules”Hardware specific kernel modules
Type: list of string
Default:
[ ]
Example:
[ "i915"]Declared by:
ghaf.hardware.definition.audio.kernelConfig.stage2.kernelModules
Section titled “ghaf.hardware.definition.audio.kernelConfig.stage2.kernelModules”Hardware specific kernel modules
Type: list of string
Default:
[ ]
Example:
[ "i915"]Declared by:
ghaf.hardware.definition.audio.pciDevices
Section titled “ghaf.hardware.definition.audio.pciDevices”PCI Devices to passthrough to AudioVM
Type: list of (submodule)
Default:
[ ]
Example:
[ { path = "0000:00:1f.0"; vendorId = "8086"; productId = "519d"; } { path = "0000:00:1f.3"; vendorId = "8086"; productId = "51ca"; } { path = "0000:00:1f.4"; vendorId = "8086"; productId = "51a3"; } { path = "0000:00:1f.5"; vendorId = "8086"; productId = "51a4"; }]Declared by:
ghaf.hardware.definition.audio.pciDevices.*.name
Section titled “ghaf.hardware.definition.audio.pciDevices.*.name”PCI device name (optional)
Type: null or string
Default:
null
Declared by:
ghaf.hardware.definition.audio.pciDevices.*.path
Section titled “ghaf.hardware.definition.audio.pciDevices.*.path”PCI device path
Type: string
Declared by:
ghaf.hardware.definition.audio.pciDevices.*.productId
Section titled “ghaf.hardware.definition.audio.pciDevices.*.productId”PCI Product ID (optional)
Type: null or string
Default:
null
Declared by:
ghaf.hardware.definition.audio.pciDevices.*.qemu.deviceExtraArgs
Section titled “ghaf.hardware.definition.audio.pciDevices.*.qemu.deviceExtraArgs”Device additional arguments (optional)
Type: null or string
Default:
null
Declared by:
ghaf.hardware.definition.audio.pciDevices.*.vendorId
Section titled “ghaf.hardware.definition.audio.pciDevices.*.vendorId”PCI Vendor ID (optional)
Type: null or string
Default:
null
Declared by:
ghaf.hardware.definition.audio.removePciDevice
Section titled “ghaf.hardware.definition.audio.removePciDevice”PCI Device path to remove at VM reboot
Type: null or string
Default:
null
Declared by:
ghaf.hardware.definition.audio.rescanPciDevice
Section titled “ghaf.hardware.definition.audio.rescanPciDevice”PCI Device path to rescan at VM reboot
Type: null or string
Default:
null
Declared by:
ghaf.hardware.definition.gpu.kernelConfig
Section titled “ghaf.hardware.definition.gpu.kernelConfig”Hardware specific kernel configuration for gpu devices
Type: submodule
Default:
{ }
Declared by:
ghaf.hardware.definition.gpu.kernelConfig.kernelParams
Section titled “ghaf.hardware.definition.gpu.kernelConfig.kernelParams”Hardware specific kernel parameters
Type: list of string
Default:
[ ]
Example:
[ "intel_iommu=on,sm_on" "iommu=pt" "module_blacklist=i915" "acpi_backlight=vendor" "acpi_osi=linux"]Declared by:
ghaf.hardware.definition.gpu.kernelConfig.stage1.kernelModules
Section titled “ghaf.hardware.definition.gpu.kernelConfig.stage1.kernelModules”Hardware specific kernel modules
Type: list of string
Default:
[ ]
Example:
[ "i915"]Declared by:
ghaf.hardware.definition.gpu.kernelConfig.stage2.kernelModules
Section titled “ghaf.hardware.definition.gpu.kernelConfig.stage2.kernelModules”Hardware specific kernel modules
Type: list of string
Default:
[ ]
Example:
[ "i915"]Declared by:
ghaf.hardware.definition.gpu.pciDevices
Section titled “ghaf.hardware.definition.gpu.pciDevices”PCI Devices to passthrough to GuiVM
Type: list of (submodule)
Default:
[ ]
Example:
[{ path = "0000:00:02.0"; vendorId = "8086"; productId = "a7a1"; qemu.deviceExtraArgs = "x-igd-opregion=on"}]Declared by:
ghaf.hardware.definition.gpu.pciDevices.*.name
Section titled “ghaf.hardware.definition.gpu.pciDevices.*.name”PCI device name (optional)
Type: null or string
Default:
null
Declared by:
ghaf.hardware.definition.gpu.pciDevices.*.path
Section titled “ghaf.hardware.definition.gpu.pciDevices.*.path”PCI device path
Type: string
Declared by:
ghaf.hardware.definition.gpu.pciDevices.*.productId
Section titled “ghaf.hardware.definition.gpu.pciDevices.*.productId”PCI Product ID (optional)
Type: null or string
Default:
null
Declared by:
ghaf.hardware.definition.gpu.pciDevices.*.qemu.deviceExtraArgs
Section titled “ghaf.hardware.definition.gpu.pciDevices.*.qemu.deviceExtraArgs”Device additional arguments (optional)
Type: null or string
Default:
null
Declared by:
ghaf.hardware.definition.gpu.pciDevices.*.vendorId
Section titled “ghaf.hardware.definition.gpu.pciDevices.*.vendorId”PCI Vendor ID (optional)
Type: null or string
Default:
null
Declared by:
ghaf.hardware.definition.host.kernelConfig
Section titled “ghaf.hardware.definition.host.kernelConfig”Host kernel configuration
Type: submodule
Default:
{ }
Declared by:
ghaf.hardware.definition.host.kernelConfig.kernelParams
Section titled “ghaf.hardware.definition.host.kernelConfig.kernelParams”Hardware specific kernel parameters
Type: list of string
Default:
[ ]
Example:
[ "intel_iommu=on,sm_on" "iommu=pt" "module_blacklist=i915" "acpi_backlight=vendor" "acpi_osi=linux"]Declared by:
ghaf.hardware.definition.host.kernelConfig.stage1.kernelModules
Section titled “ghaf.hardware.definition.host.kernelConfig.stage1.kernelModules”Hardware specific kernel modules
Type: list of string
Default:
[ ]
Example:
[ "i915"]Declared by:
ghaf.hardware.definition.host.kernelConfig.stage2.kernelModules
Section titled “ghaf.hardware.definition.host.kernelConfig.stage2.kernelModules”Hardware specific kernel modules
Type: list of string
Default:
[ ]
Example:
[ "i915"]Declared by:
ghaf.hardware.definition.input.keyboard
Section titled “ghaf.hardware.definition.input.keyboard”Name of the keyboard device(s)
Type: submodule
Default:
{ }
Declared by:
ghaf.hardware.definition.input.keyboard.evdev
Section titled “ghaf.hardware.definition.input.keyboard.evdev”List of event devices.
Type: list of string
Default:
[ ]
Declared by:
ghaf.hardware.definition.input.keyboard.name
Section titled “ghaf.hardware.definition.input.keyboard.name”List of input device names. Can either be a string, or a list of strings. The list option allows to bind several input device names to the same evdev. This allows to create one generic hardware definition for multiple SKUs.
Type: list of raw value
Default:
[ ]
Declared by:
ghaf.hardware.definition.input.misc
Section titled “ghaf.hardware.definition.input.misc”Name of the misc device(s)
Type: submodule
Default:
{ }
Declared by:
ghaf.hardware.definition.input.misc.evdev
Section titled “ghaf.hardware.definition.input.misc.evdev”List of event devices.
Type: list of string
Default:
[ ]
Declared by:
ghaf.hardware.definition.input.misc.name
Section titled “ghaf.hardware.definition.input.misc.name”List of input device names. Can either be a string, or a list of strings. The list option allows to bind several input device names to the same evdev. This allows to create one generic hardware definition for multiple SKUs.
Type: list of raw value
Default:
[ ]
Declared by:
ghaf.hardware.definition.input.mouse
Section titled “ghaf.hardware.definition.input.mouse”Name of the mouse device(s)
Type: submodule
Default:
{ }
Declared by:
ghaf.hardware.definition.input.mouse.evdev
Section titled “ghaf.hardware.definition.input.mouse.evdev”List of event devices.
Type: list of string
Default:
[ ]
Declared by:
ghaf.hardware.definition.input.mouse.name
Section titled “ghaf.hardware.definition.input.mouse.name”List of input device names. Can either be a string, or a list of strings. The list option allows to bind several input device names to the same evdev. This allows to create one generic hardware definition for multiple SKUs.
Type: list of raw value
Default:
[ ]
Declared by:
ghaf.hardware.definition.input.touchpad
Section titled “ghaf.hardware.definition.input.touchpad”Name of the touchpad device(s)
Type: submodule
Default:
{ }
Declared by:
ghaf.hardware.definition.input.touchpad.evdev
Section titled “ghaf.hardware.definition.input.touchpad.evdev”List of event devices.
Type: list of string
Default:
[ ]
Declared by:
ghaf.hardware.definition.input.touchpad.name
Section titled “ghaf.hardware.definition.input.touchpad.name”List of input device names. Can either be a string, or a list of strings. The list option allows to bind several input device names to the same evdev. This allows to create one generic hardware definition for multiple SKUs.
Type: list of raw value
Default:
[ ]
Declared by:
ghaf.hardware.definition.name
Section titled “ghaf.hardware.definition.name”Name of the hardware
Type: string
Default:
""
Declared by:
ghaf.hardware.definition.network.kernelConfig
Section titled “ghaf.hardware.definition.network.kernelConfig”Hardware specific kernel configuration for network devices
Type: submodule
Default:
{ }
Declared by:
ghaf.hardware.definition.network.kernelConfig.kernelParams
Section titled “ghaf.hardware.definition.network.kernelConfig.kernelParams”Hardware specific kernel parameters
Type: list of string
Default:
[ ]
Example:
[ "intel_iommu=on,sm_on" "iommu=pt" "module_blacklist=i915" "acpi_backlight=vendor" "acpi_osi=linux"]Declared by:
ghaf.hardware.definition.network.kernelConfig.stage1.kernelModules
Section titled “ghaf.hardware.definition.network.kernelConfig.stage1.kernelModules”Hardware specific kernel modules
Type: list of string
Default:
[ ]
Example:
[ "i915"]Declared by:
ghaf.hardware.definition.network.kernelConfig.stage2.kernelModules
Section titled “ghaf.hardware.definition.network.kernelConfig.stage2.kernelModules”Hardware specific kernel modules
Type: list of string
Default:
[ ]
Example:
[ "i915"]Declared by:
ghaf.hardware.definition.network.pciDevices
Section titled “ghaf.hardware.definition.network.pciDevices”PCI Devices to passthrough to NetVM
Type: list of (submodule)
Default:
[ ]
Example:
[{ path = "0000:00:14.3"; vendorId = "8086"; productId = "51f1";}]Declared by:
ghaf.hardware.definition.network.pciDevices.*.name
Section titled “ghaf.hardware.definition.network.pciDevices.*.name”PCI device name (optional)
Type: null or string
Default:
null
Declared by:
ghaf.hardware.definition.network.pciDevices.*.path
Section titled “ghaf.hardware.definition.network.pciDevices.*.path”PCI device path
Type: string
Declared by:
ghaf.hardware.definition.network.pciDevices.*.productId
Section titled “ghaf.hardware.definition.network.pciDevices.*.productId”PCI Product ID (optional)
Type: null or string
Default:
null
Declared by:
ghaf.hardware.definition.network.pciDevices.*.qemu.deviceExtraArgs
Section titled “ghaf.hardware.definition.network.pciDevices.*.qemu.deviceExtraArgs”Device additional arguments (optional)
Type: null or string
Default:
null
Declared by:
ghaf.hardware.definition.network.pciDevices.*.vendorId
Section titled “ghaf.hardware.definition.network.pciDevices.*.vendorId”PCI Vendor ID (optional)
Type: null or string
Default:
null
Declared by:
ghaf.hardware.definition.skus
Section titled “ghaf.hardware.definition.skus”List of hardware SKUs (Stock Keeping Unit) covered with this definition
Type: list of string
Default:
[ ]
Declared by:
ghaf.hardware.definition.type
Section titled “ghaf.hardware.definition.type”Type of hardware (laptop, desktop, server)
Type: string
Default:
"laptop"
Declared by:
ghaf.hardware.definition.usb.external
Section titled “ghaf.hardware.definition.usb.external”External USB device(s) to passthrough. Requires name, vendorId, and productId.
Type: list of (submodule)
Default:
[ ]
Example:
[ { name = "external-device-1"; vendorId = "0123"; productId = "0123"; } { name = "external-device-2"; vendorId = "0123"; productId = "0123"; }]Declared by:
ghaf.hardware.definition.usb.external.*.hostbus
Section titled “ghaf.hardware.definition.usb.external.*.hostbus”USB device bus number (optional). If this is set, the hostport must also be set.
Type: null or string
Default:
null
Declared by:
ghaf.hardware.definition.usb.external.*.hostport
Section titled “ghaf.hardware.definition.usb.external.*.hostport”USB device device number (optional). If this is set, the hostbus must also be set.
Type: null or string
Default:
null
Declared by:
ghaf.hardware.definition.usb.external.*.name
Section titled “ghaf.hardware.definition.usb.external.*.name”USB device name. NOT optional for external devices, in which case it must not contain spaces or extravagant characters.
Type: null or string
Default:
null
Declared by:
ghaf.hardware.definition.usb.external.*.productId
Section titled “ghaf.hardware.definition.usb.external.*.productId”USB Product ID (optional). If this is set, the vendorId must also be set.
Type: null or string
Default:
null
Declared by:
ghaf.hardware.definition.usb.external.*.vendorId
Section titled “ghaf.hardware.definition.usb.external.*.vendorId”USB Vendor ID (optional). If this is set, the productId must also be set.
Type: null or string
Default:
null
Declared by:
ghaf.hardware.definition.usb.internal
Section titled “ghaf.hardware.definition.usb.internal”Internal USB device(s) to passthrough.
Each device definition requires a name, and either vendorId and productId, or hostbus and hostport. The latter is useful for addressing devices that may have different vendor and product IDs in the same hardware generation.
Note that internal devices must follow the naming convention to be correctly identified and subsequently used. Current special names are:
- ‘cam0’ for the internal cam0 device
- ‘fpr0’ for the internal fingerprint reader device
Type: list of (submodule)
Default:
[ ]
Example:
[ { name = "cam0"; vendorId = "0123"; productId = "0123"; } { name = "fpr0"; hostbus = "3"; hostport = "3"; }]Declared by:
ghaf.hardware.definition.usb.internal.*.hostbus
Section titled “ghaf.hardware.definition.usb.internal.*.hostbus”USB device bus number (optional). If this is set, the hostport must also be set.
Type: null or string
Default:
null
Declared by:
ghaf.hardware.definition.usb.internal.*.hostport
Section titled “ghaf.hardware.definition.usb.internal.*.hostport”USB device device number (optional). If this is set, the hostbus must also be set.
Type: null or string
Default:
null
Declared by:
ghaf.hardware.definition.usb.internal.*.name
Section titled “ghaf.hardware.definition.usb.internal.*.name”USB device name. NOT optional for external devices, in which case it must not contain spaces or extravagant characters.
Type: null or string
Default:
null
Declared by:
ghaf.hardware.definition.usb.internal.*.productId
Section titled “ghaf.hardware.definition.usb.internal.*.productId”USB Product ID (optional). If this is set, the vendorId must also be set.
Type: null or string
Default:
null
Declared by:
ghaf.hardware.definition.usb.internal.*.vendorId
Section titled “ghaf.hardware.definition.usb.internal.*.vendorId”USB Vendor ID (optional). If this is set, the productId must also be set.
Type: null or string
Default:
null
Declared by:
ghaf.hardware.devices.audiovmPCIPassthroughModule
Section titled “ghaf.hardware.devices.audiovmPCIPassthroughModule”PCI devices to passthrough to the audiovm.
Type: attribute set of anything
Default:
{ }
Declared by:
ghaf.hardware.devices.guivmPCIPassthroughModule
Section titled “ghaf.hardware.devices.guivmPCIPassthroughModule”PCI devices to passthrough to the guivm.
Type: attribute set of anything
Default:
{ }
Declared by:
ghaf.hardware.devices.guivmVirtioInputHostEvdevModule
Section titled “ghaf.hardware.devices.guivmVirtioInputHostEvdevModule”Virtio evdev paths’ to passthrough to the guivm.
Type: attribute set of anything
Default:
{ }
Declared by:
ghaf.hardware.devices.netvmPCIPassthroughModule
Section titled “ghaf.hardware.devices.netvmPCIPassthroughModule”PCI devices to passthrough to the netvm.
Type: attribute set of anything
Default:
{ }
Declared by:
ghaf.hardware.tpm2.enable
Section titled “ghaf.hardware.tpm2.enable”Whether to enable TPM2 PKCS#11 interface.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.hardware.usb.external.enable
Section titled “ghaf.hardware.usb.external.enable”Whether to enable Enable external USB device(s) passthrough support.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.hardware.usb.external.qemuExtraArgs
Section titled “ghaf.hardware.usb.external.qemuExtraArgs”Extra arguments to pass to qemu when enabling the external USB device(s). Since there can be several devices that may need to be passed to different machines, the device names are used as keys to access the qemu arguments.
Type: attribute set of anything
Default:
{ }
Example:
{ "device1" = ["-device" "qemu-xhci" "-device" "usb-host,vendorid=0x1234,productid=0x1234"]; "device2" = ["-device" "qemu-xhci" "-device" "usb-host,vendorid=0x0001,productid=0x0001"];}Declared by:
ghaf.hardware.usb.internal.enable
Section titled “ghaf.hardware.usb.internal.enable”Whether to enable Enable internal USB device(s) passthrough support.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.hardware.usb.internal.qemuExtraArgs
Section titled “ghaf.hardware.usb.internal.qemuExtraArgs”Extra arguments to pass to qemu when enabling the internal USB device(s). Since there could be several devices that may need to be passed to different machines, the device names are used as keys to access the qemu arguments. Note that some devices require special names to be used correctly.
Type: attribute set of anything
Default:
{ }
Example:
{ "device1" = ["-device" "qemu-xhci" "-device" "usb-host,vendorid=0x1234,productid=0x1234"]; "device2" = ["-device" "qemu-xhci" "-device" "usb-host,vendorid=0x0001,productid=0x0001"];}Declared by:
ghaf.hardware.usb.vhotplug.enable
Section titled “ghaf.hardware.usb.vhotplug.enable”Whether to enable Enable hot plugging of USB devices.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.hardware.usb.vhotplug.enableEvdevPassthrough
Section titled “ghaf.hardware.usb.vhotplug.enableEvdevPassthrough”Enable passthrough of non-USB input devices on startup using QEMU virtio-input-host-pci device.
Type: boolean
Default:
true
Declared by:
ghaf.hardware.usb.vhotplug.extraRules
Section titled “ghaf.hardware.usb.vhotplug.extraRules”List of extra udev rules to be added to the system. Uses the same format as vhotplug.rules, and is appended to the default rules. This is useful for adding rules for additional VMs while keeping the ghaf defaults.
Type: list of (attribute set)
Default:
[ ]
Declared by:
ghaf.hardware.usb.vhotplug.pcieBusPrefix
Section titled “ghaf.hardware.usb.vhotplug.pcieBusPrefix”PCIe bus prefix used for the pcie-root-port QEMU device when evdev passthrough is enabled.
Type: null or string
Default:
"rp"
Declared by:
ghaf.hardware.usb.vhotplug.pciePortCount
Section titled “ghaf.hardware.usb.vhotplug.pciePortCount”The number of PCIe ports used for hot-plugging virtio-input-host-pci devices.
Type: signed integer
Default:
5
Declared by:
ghaf.hardware.usb.vhotplug.rules
Section titled “ghaf.hardware.usb.vhotplug.rules”List of virtual machines with USB hot plugging rules.
Type: list of (attribute set)
Default:
[ { evdevPassthrough = { enable = true; pcieBusPrefix = "rp"; }; name = "GUIVM"; qmpSocket = "/var/lib/microvms/gui-vm/gui-vm.sock"; usbPassthrough = [ { class = 3; description = "HID Keyboard"; protocol = 1; } { class = 3; description = "HID Mouse"; protocol = 2; } { class = 11; description = "Chip/SmartCard (e.g. YubiKey)"; } { class = 224; description = "Bluetooth"; disable = true; protocol = 1; subclass = 1; } { class = 8; description = "Mass Storage - SCSI (USB drives)"; subclass = 6; } { class = 17; description = "USB-C alternate modes supported by device"; } ]; } { name = "NetVM"; qmpSocket = "/var/lib/microvms/net-vm/net-vm.sock"; usbPassthrough = [ { class = 2; description = "Communications - Ethernet Networking"; subclass = 6; } { description = "ASIX Elec. Corp. AX88179 UE306 Ethernet Adapter"; productId = "1790"; vendorId = "0b95"; } ]; }]Example:
[ { name = "GUIVM"; qmpSocket = "/var/lib/microvms/gui-vm/gui-vm.sock"; usbPassthrough = [ { class = 3; protocol = 1; description = "HID Keyboard"; ignore = [ { vendorId = "046d"; productId = "c52b"; description = "Logitech, Inc. Unifying Receiver"; } ]; } { vendorId = "067b"; productId = "23a3"; description = "Prolific Technology, Inc. USB-Serial Controller"; disable = true; } ]; } { name = "NetVM"; qmpSocket = "/var/lib/microvms/net-vm/net-vm.sock"; usbPassthrough = [ { productName = ".*ethernet.*"; description = "Ethernet devices"; } ]; }];Declared by:
ghaf.hardware.x86_64.common.enable
Section titled “ghaf.hardware.x86_64.common.enable”Whether to enable Common x86 configs.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.host.kernel.hardening.enable
Section titled “ghaf.host.kernel.hardening.enable”Enable Ghaf Host hardening feature
Type: boolean
Default:
false
Declared by:
ghaf.host.kernel.hardening.debug.enable
Section titled “ghaf.host.kernel.hardening.debug.enable”Enable support for debug features in the Ghaf Host
Type: boolean
Default:
false
Declared by:
ghaf.host.kernel.hardening.hypervisor.enable
Section titled “ghaf.host.kernel.hardening.hypervisor.enable”Enable Hypervisor hardening feature
Type: boolean
Default:
false
Declared by:
ghaf.host.kernel.hardening.inputdevices.enable
Section titled “ghaf.host.kernel.hardening.inputdevices.enable”Enable support for input devices in the Ghaf Host
Type: boolean
Default:
false
Declared by:
ghaf.host.kernel.hardening.networking.enable
Section titled “ghaf.host.kernel.hardening.networking.enable”Enable support for networking in the Ghaf Host
Type: boolean
Default:
false
Declared by:
ghaf.host.kernel.hardening.usb.enable
Section titled “ghaf.host.kernel.hardening.usb.enable”Enable support for USB in the Ghaf Host
Type: boolean
Default:
false
Declared by:
ghaf.host.kernel.hardening.virtualization.enable
Section titled “ghaf.host.kernel.hardening.virtualization.enable”Enable support for virtualization in the Ghaf Host
Type: boolean
Default:
false
Declared by:
ghaf.host.networking.enable
Section titled “ghaf.host.networking.enable”Whether to enable Host networking.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.kernel.audiovm
Section titled “ghaf.kernel.audiovm”AudioVM kernel configuration
Type: attribute set
Default:
{ }
Declared by:
ghaf.kernel.guivm
Section titled “ghaf.kernel.guivm”GuiVM kernel configuration
Type: attribute set
Default:
{ }
Declared by:
ghaf.kernel.host
Section titled “ghaf.kernel.host”Host kernel configuration
Type: attribute set
Default:
{ }
Declared by:
ghaf.kernel.netvm
Section titled “ghaf.kernel.netvm”NetVM kernel configuration
Type: attribute set
Default:
{ }
Declared by:
ghaf.logging.enable
Section titled “ghaf.logging.enable”Enable logging service. Currently we have grafana alloy running as client which will upload system journal logs to grafana alloy running in admin-vm.
Type: boolean
Default:
false
Declared by:
ghaf.logging.client.enable
Section titled “ghaf.logging.client.enable”Whether to enable Enable the alloy client service.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.logging.client.endpoint
Section titled “ghaf.logging.client.endpoint”Assign endpoint url value to the alloy.service running in different log producers. This endpoint URL will include protocol, upstream, address along with port value.
Type: string
Default:
"http://:9999/loki/api/v1/push"
Declared by:
ghaf.logging.listener.address
Section titled “ghaf.logging.listener.address”Listener address will be used where log producers will push logs and where admin-vm alloy.service will be keep on listening or receiving logs.
Type: string
Default:
""
Declared by:
ghaf.logging.listener.port
Section titled “ghaf.logging.listener.port”Listener port for the logproto endpoint which will be used to receive logs from different log producers. Also this port value will be used to open the port in the admin-vm firewall.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
9999
Declared by:
ghaf.logging.server.enable
Section titled “ghaf.logging.server.enable”Whether to enable Enable logs aggregator server.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.logging.server.endpoint
Section titled “ghaf.logging.server.endpoint”Assign endpoint url value to the alloy.service running in admin-vm. This endpoint URL will include protocol, upstream address along with port value.
Type: null or string
Default:
null
Declared by:
ghaf.logging.server.identifierFilePath
Section titled “ghaf.logging.server.identifierFilePath”This configuration option used to specify the identifier file path. The identifier file will be text file which have unique identification value per machine so that when logs will be uploaded to cloud we can identify its origin.
Type: null or absolute path
Default:
"/etc/common/device-id"
Example:
"/etc/common/device-id"
Declared by:
ghaf.networking.hosts
Section titled “ghaf.networking.hosts”List of hosts entries.
Type: attribute set of (submodule)
Default:
null
Declared by:
ghaf.networking.hosts.<name>.cid
Section titled “ghaf.networking.hosts.<name>.cid”Vsock CID (Context IDentifier) as integer:
- VMADDR_CID_HYPERVISOR (0) is reserved for services built into the hypervisor
- VMADDR_CID_LOCAL (1) is the well-known address for local communication (loopback)
- VMADDR_CID_HOST (2) is the well-known address of the host
Type: signed integer
Declared by:
ghaf.networking.hosts.<name>.ipv4
Section titled “ghaf.networking.hosts.<name>.ipv4”IPv4 address as string.
Type: string
Declared by:
ghaf.networking.hosts.<name>.ipv6
Section titled “ghaf.networking.hosts.<name>.ipv6”IPv6 address as string.
Type: string
Declared by:
ghaf.networking.hosts.<name>.mac
Section titled “ghaf.networking.hosts.<name>.mac”MAC address as string.
Type: string
Declared by:
ghaf.networking.hosts.<name>.name
Section titled “ghaf.networking.hosts.<name>.name”Host name as string.
Type: string
Declared by:
ghaf.partitioning.disko.enable
Section titled “ghaf.partitioning.disko.enable”Whether to enable the disko partitioning scheme.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.partitioning.disko.imageBuilder.compression
Section titled “ghaf.partitioning.disko.imageBuilder.compression”Compression algorithm used for the install image
Type: one of “none”, “zstd”
Default:
"zstd"
Declared by:
ghaf.profiles.debug.enable
Section titled “ghaf.profiles.debug.enable”Whether to enable debug profile.
Type: boolean
Default:
true
Example:
true
Declared by:
ghaf.profiles.graphics.enable
Section titled “ghaf.profiles.graphics.enable”Whether to enable Graphics profile.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.profiles.graphics.allowSuspend
Section titled “ghaf.profiles.graphics.allowSuspend”Allow the system to suspend. When enabled, the system will suspend via either the suspend icon, lid close, or button press.
Type: boolean
Default:
true
Declared by:
ghaf.profiles.graphics.compositor
Section titled “ghaf.profiles.graphics.compositor”Which Wayland compositor to use.
Choose one of: labwc,cosmic
Type: one of “labwc”, “cosmic”
Default:
"cosmic"
Declared by:
ghaf.profiles.graphics.idleManagement.enable
Section titled “ghaf.profiles.graphics.idleManagement.enable”Enable or disable system idle management using swayidle.
When enabled, this will handle automatic screen dimming, locking, and suspending.
Type: boolean
Default:
true
Declared by:
ghaf.profiles.graphics.renderer
Section titled “ghaf.profiles.graphics.renderer”Which wlroots renderer to use.
Choose one of: vulkan,pixman,gles2
Type: one of “vulkan”, “pixman”, “gles2”
Default:
"gles2"
Declared by:
ghaf.profiles.host-hardening.enable
Section titled “ghaf.profiles.host-hardening.enable”Whether to enable Host hardening profile.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.profiles.laptop-x86.enable
Section titled “ghaf.profiles.laptop-x86.enable”Whether to enable Enable the basic x86 laptop config.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.profiles.laptop-x86.guivmExtraModules
Section titled “ghaf.profiles.laptop-x86.guivmExtraModules”List of additional modules to be passed to the guivm.
Type: unspecified value
Default:
[ ]
Declared by:
ghaf.profiles.laptop-x86.netvmExtraModules
Section titled “ghaf.profiles.laptop-x86.netvmExtraModules”List of additional modules to be passed to the netvm.
Type: unspecified value
Default:
[ ]
Declared by:
ghaf.profiles.release.enable
Section titled “ghaf.profiles.release.enable”Whether to enable release profile.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.qemu.audiovm
Section titled “ghaf.qemu.audiovm”Extra qemu arguments for AudioVM
Type: attribute set
Default:
{ }
Declared by:
ghaf.qemu.guivm
Section titled “ghaf.qemu.guivm”Extra qemu arguments for GuiVM
Type: attribute set
Default:
{ }
Declared by:
ghaf.reference.appvms.enable
Section titled “ghaf.reference.appvms.enable”Whether to enable Enable the Ghaf reference appvms module.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.reference.desktop.applications.enable
Section titled “ghaf.reference.desktop.applications.enable”Whether to enable desktop applications.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.reference.personalize.keys.enable
Section titled “ghaf.reference.personalize.keys.enable”Whether to enable Enable personalization of keys for dev team.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.reference.personalize.keys.authorizedSshKeys
Section titled “ghaf.reference.personalize.keys.authorizedSshKeys”List of authorized ssh keys for the development team.
Type: list of string
Default:
[ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIA/pwHnzGNM+ZU4lANGROTRe2ZHbes7cnZn72Oeun/MCAAAABHNzaDo= brian@arcadia" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEJ9ewKwo5FLj6zE30KnTn8+nw7aKdei9SeTwaAeRdJDAAAABHNzaDo= brian@minerva" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILu6O3swRVWAjP7J8iYGT6st7NAa+o/XaemokmtKdpGa brian@builder" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICKm9NtS/ZmrxQhY/pbRlX+9O1VaBEd8D9vojDtvS0Ru juliuskoskela@vega" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM3w7NzqMuF+OAiIcYWyP9+J3kwvYMKQ+QeY9J8QjAXm shamma-alblooshi@tii.ae" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/iv9RWMN6D9zmEU85XkaU8fAWJreWkv3znan87uqTW humaid@tahr" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGOifxDCESZZouWLpoCWGXEYOVbMz53vrXTi9RQe4Bu5 hazaa@nixos" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICwsW+YJw6ukhoWPEBLN93EFiGhN7H2VJn5yZcKId56W mb@mmm" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIstCgKDX1vVWI8MgdVwsEMhju6DQJubi3V0ziLcU/2h vunny.sodhi@unikie.com" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINfyjcPGIRHEtXZgoF7wImA5gEY6ytIfkBeipz4lwnj6 Ganga.Ram@tii.ae" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEA7p7hHPvPT6uTU44Nb/p9/DT9mOi8mpqNllnpfawDE tanel@nixos" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIwGPH/oOrD1g15uiPV4gBKGk7f8ZBSyMEaptKOVs3NG jaroslawkurowski@TII-JaroslawKurowski" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHu4r7nCQ6A26HsE4+wIupvXAfVQHgBGXv0+epCho2/m rodrigo.pino@tii.ae" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGll9sWYdGc2xi9oQ25TEcI1D3T4n8MMXoMT+lJdE/KC milla@nixos" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAolaKCuIUBQSBFGFZI1taNX+JTAr8edqUts7A6k2Kv7"]Declared by:
ghaf.reference.profiles.mvp-user-trial.enable
Section titled “ghaf.reference.profiles.mvp-user-trial.enable”Whether to enable Enable the mvp configuration for apps and services.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.reference.profiles.mvp-user-trial-extras.enable
Section titled “ghaf.reference.profiles.mvp-user-trial-extras.enable”Whether to enable Enable the mvp configuration for apps and services.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.reference.programs.chromium.enable
Section titled “ghaf.reference.programs.chromium.enable”Whether to enable Enable Chromium program settings.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.reference.programs.chromium.openInNormalExtension
Section titled “ghaf.reference.programs.chromium.openInNormalExtension”Whether to enable browser extension to open links in the normal browser.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.reference.programs.element-desktop.enable
Section titled “ghaf.reference.programs.element-desktop.enable”Whether to enable element-desktop program settings.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.reference.programs.firefox.enable
Section titled “ghaf.reference.programs.firefox.enable”Configure Firefox to used the vaapi driver for video decoding.
Note that this requires disabling the RDD sandbox.
Type: boolean
Default:
false
Declared by:
ghaf.reference.programs.google-chrome.enable
Section titled “ghaf.reference.programs.google-chrome.enable”Whether to enable Enable Google chrome program settings.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.reference.programs.google-chrome.defaultPolicy
Section titled “ghaf.reference.programs.google-chrome.defaultPolicy”Google chrome policy options. A list of available policies can be found in the Chrome Enterprise documentation: https://cloud.google.com/docs/chrome-enterprise/policies/ Make sure the selected policy is supported on Linux and your browser version.
Type: attribute set
Default:
{ AlwaysOpenPdfExternally = true; DefaultBrowserSettingEnabled = true; MetricsReportingEnabled = false; PromptForDownloadLocation = true;}Example:
{ PromptForDownloadLocation=true;}Declared by:
ghaf.reference.programs.google-chrome.extraOpts
Section titled “ghaf.reference.programs.google-chrome.extraOpts”Extra google chrome policy options. A list of available policies can be found in the Chrome Enterprise documentation: https://cloud.google.com/docs/chrome-enterprise/policies/ Make sure the selected policy is supported on Linux and your browser version.
Type: attribute set
Default:
{ }
Example:
{ "BrowserSignin" = 0; "SyncDisabled" = true; "PasswordManagerEnabled" = false; "SpellcheckEnabled" = true; "SpellcheckLanguage" = [ "de" "en-US" ];}Declared by:
ghaf.reference.programs.google-chrome.openInNormalExtension
Section titled “ghaf.reference.programs.google-chrome.openInNormalExtension”Whether to enable browser extension to open links in the normal browser.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.reference.programs.google-chrome.policyOwner
Section titled “ghaf.reference.programs.google-chrome.policyOwner”Policy files owner
Type: string
Default:
"root"
Declared by:
ghaf.reference.programs.google-chrome.policyOwnerGroup
Section titled “ghaf.reference.programs.google-chrome.policyOwnerGroup”Policy files group
Type: string
Default:
"root"
Declared by:
ghaf.reference.programs.windows-launcher.enable
Section titled “ghaf.reference.programs.windows-launcher.enable”Whether to enable Windows launcher.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.reference.programs.windows-launcher.spice
Section titled “ghaf.reference.programs.windows-launcher.spice”Whether to enable remote access to the virtual machine using spice.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.reference.programs.windows-launcher.spice-host
Section titled “ghaf.reference.programs.windows-launcher.spice-host”Spice host
Type: string
Default:
"192.168.100.2"
Declared by:
ghaf.reference.programs.windows-launcher.spice-port
Section titled “ghaf.reference.programs.windows-launcher.spice-port”Spice port
Type: signed integer
Default:
5900
Declared by:
ghaf.reference.programs.zathura.enable
Section titled “ghaf.reference.programs.zathura.enable”Whether to enable Enable Zathura program settings.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.reference.services.enable
Section titled “ghaf.reference.services.enable”Whether to enable Ghaf reference services.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.reference.services.alpaca-ollama
Section titled “ghaf.reference.services.alpaca-ollama”Whether to enable Alpaca/ollama service.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.reference.services.chromecast.enable
Section titled “ghaf.reference.services.chromecast.enable”Whether to enable Enable chromecast service.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.reference.services.chromecast.externalNic
Section titled “ghaf.reference.services.chromecast.externalNic”External network interface
Type: string
Default:
""
Declared by:
ghaf.reference.services.chromecast.internalNic
Section titled “ghaf.reference.services.chromecast.internalNic”Internal network interface
Type: string
Default:
""
Declared by:
ghaf.reference.services.chromecast.tcpPorts
Section titled “ghaf.reference.services.chromecast.tcpPorts”Chromecast tcp ports
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive) (read only)
Default:
[ 8008 8009]Declared by:
ghaf.reference.services.chromecast.udpPorts
Section titled “ghaf.reference.services.chromecast.udpPorts”Chromecast udp ports
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive) (read only)
Default:
[ 1900 5353]Declared by:
ghaf.reference.services.dendrite
Section titled “ghaf.reference.services.dendrite”Whether to enable dendrite-pinecone service.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.reference.services.dendrite-pinecone.enable
Section titled “ghaf.reference.services.dendrite-pinecone.enable”Whether to enable Enable dendrite pinecone module.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.reference.services.dendrite-pinecone.McastUdpIp
Section titled “ghaf.reference.services.dendrite-pinecone.McastUdpIp”Multicast UDP IP for dendrite pinecone
Type: string
Default:
"239.0.0.114"
Declared by:
ghaf.reference.services.dendrite-pinecone.McastUdpPort
Section titled “ghaf.reference.services.dendrite-pinecone.McastUdpPort”Multicast UDP port for dendrite pinecone
Type: string
Default:
"60606"
Declared by:
ghaf.reference.services.dendrite-pinecone.McastUdpPortInt
Section titled “ghaf.reference.services.dendrite-pinecone.McastUdpPortInt”Multicast UDP port for dendrite pinecone
Type: signed integer
Default:
60606
Declared by:
ghaf.reference.services.dendrite-pinecone.TcpPort
Section titled “ghaf.reference.services.dendrite-pinecone.TcpPort”TCP port for dendrite pinecone
Type: string
Default:
"49000"
Declared by:
ghaf.reference.services.dendrite-pinecone.TcpPortInt
Section titled “ghaf.reference.services.dendrite-pinecone.TcpPortInt”TCP port for dendrite pinecone
Type: signed integer
Default:
49000
Declared by:
ghaf.reference.services.dendrite-pinecone.externalNic
Section titled “ghaf.reference.services.dendrite-pinecone.externalNic”External network interface
Type: string
Default:
""
Declared by:
ghaf.reference.services.dendrite-pinecone.internalNic
Section titled “ghaf.reference.services.dendrite-pinecone.internalNic”Internal network interface
Type: string
Default:
""
Declared by:
ghaf.reference.services.dendrite-pinecone.serverIpAddr
Section titled “ghaf.reference.services.dendrite-pinecone.serverIpAddr”Dendrite Server Ip address
Type: string
Default:
""
Declared by:
ghaf.reference.services.google-chromecast
Section titled “ghaf.reference.services.google-chromecast”Whether to enable Chromecast service.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.reference.services.ollama.enable
Section titled “ghaf.reference.services.ollama.enable”Whether to enable Enable the ollama service.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.reference.services.proxy-business
Section titled “ghaf.reference.services.proxy-business”Whether to enable Enable the proxy server service.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.reference.services.proxy-server.enable
Section titled “ghaf.reference.services.proxy-server.enable”Whether to enable Enable proxy server module.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.reference.services.proxy-server.bindPort
Section titled “ghaf.reference.services.proxy-server.bindPort”Bind port for proxy server
Type: signed integer
Default:
3128
Declared by:
ghaf.reference.services.proxy-server.internalAddress
Section titled “ghaf.reference.services.proxy-server.internalAddress”Internal address for proxy server
Type: string
Default:
"192.168.100.1"
Declared by:
ghaf.reference.services.wireguard-gui
Section titled “ghaf.reference.services.wireguard-gui”Whether to enable Wireguard GUI service.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.reference.services.wireguard-gui-config.enable
Section titled “ghaf.reference.services.wireguard-gui-config.enable”Whether to enable Wireguard guivm configuration.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.reference.services.wireguard-gui-config.vms
Section titled “ghaf.reference.services.wireguard-gui-config.vms”List of VM names where Wireguard GUI should be enabled.
Type: list of string
Default:
[ ]
Example:
[ "business-vm" "chrome-vm"]Declared by:
ghaf.security.apparmor.enable
Section titled “ghaf.security.apparmor.enable”Enable Apparmor security.
Type: boolean
Default:
false
Declared by:
ghaf.security.sshKeys.getAuthKeysFileName
Section titled “ghaf.security.sshKeys.getAuthKeysFileName”The name of the get-auth-keys file
Type: string
Default:
"get-auth-keys"
Declared by:
ghaf.security.sshKeys.getAuthKeysFilePathInEtc
Section titled “ghaf.security.sshKeys.getAuthKeysFilePathInEtc”The path to the SSH host key relative to /etc
Type: string
Default:
"ssh/get-auth-keys"
Declared by:
ghaf.security.sshKeys.sshAuthorizedKeysCommand
Section titled “ghaf.security.sshKeys.sshAuthorizedKeysCommand”The authorized_keys command
Type: attribute set
Default:
{ authorizedKeysCommand = "/etc/ssh/get-auth-keys"; authorizedKeysCommandUser = "nobody";}Declared by:
ghaf.security.sshKeys.sshKeyPath
Section titled “ghaf.security.sshKeys.sshKeyPath”The ssh privatekey
Type: string
Default:
"/run/waypipe-ssh/id_ed25519"
Declared by:
ghaf.security.sshKeys.waypipeSshPublicKeyDir
Section titled “ghaf.security.sshKeys.waypipeSshPublicKeyDir”The path to the Waypipe public key
Type: string
Default:
"/run/waypipe-ssh-public-key"
Declared by:
ghaf.security.sshKeys.waypipeSshPublicKeyFile
Section titled “ghaf.security.sshKeys.waypipeSshPublicKeyFile”The Waypipe public key
Type: string
Default:
"/run/waypipe-ssh-public-key/id_ed25519.pub"
Declared by:
ghaf.security.sshKeys.waypipeSshPublicKeyName
Section titled “ghaf.security.sshKeys.waypipeSshPublicKeyName”The name of the Waypipe public key
Type: string
Default:
"waypipe-ssh-public-key"
Declared by:
ghaf.services.audio.enable
Section titled “ghaf.services.audio.enable”Whether to enable Enable audio service for audio VM.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.services.audio.pulseaudioTcpControlPort
Section titled “ghaf.services.audio.pulseaudioTcpControlPort”TCP port used by Pipewire-pulseaudio control
Type: signed integer
Default:
4714
Declared by:
ghaf.services.audio.pulseaudioTcpPort
Section titled “ghaf.services.audio.pulseaudioTcpPort”TCP port used by Pipewire-pulseaudio service
Type: signed integer
Default:
4713
Declared by:
ghaf.services.bluetooth.enable
Section titled “ghaf.services.bluetooth.enable”Whether to enable Bluetooth configurations.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.services.disks.enable
Section titled “ghaf.services.disks.enable”Whether to enable Enable disk mount daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.services.disks.fileManager
Section titled “ghaf.services.disks.fileManager”The program to open mounted directories
Type: string
Default:
"xdg-open"
Declared by:
ghaf.services.firmware.enable
Section titled “ghaf.services.firmware.enable”Whether to enable PLaceholder for firmware handling.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.services.fprint.enable
Section titled “ghaf.services.fprint.enable”Whether to enable Enable fingerprint reader support.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.services.github.enable
Section titled “ghaf.services.github.enable”Whether to enable Github configurations.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.services.github.owner
Section titled “ghaf.services.github.owner”Github owner account of the bug reporter issue
Type: string
Declared by:
ghaf.services.github.repo
Section titled “ghaf.services.github.repo”Github repo of the bug reporter issue
Type: string
Declared by:
ghaf.services.github.token
Section titled “ghaf.services.github.token”Personal token of the bug reporter Github account
Type: string
Declared by:
ghaf.services.wifi.enable
Section titled “ghaf.services.wifi.enable”Whether to enable Wifi configuration for the net-vm.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.services.yubikey.enable
Section titled “ghaf.services.yubikey.enable”Whether to enable Enable yubikey support which provide 2FA.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.services.yubikey.u2fKeys
Section titled “ghaf.services.yubikey.u2fKeys”It will contain U2F Keys / public keys reterived from Yubikey hardware
Type: string
Default:
[ ]
Example:
"ghaf:SZ2CwN7EAE4Ujfxhm+CediUaT9ngoaMOqsKRDrOC+wUkTriKlc1cVtsxkOSav2r9ztaNKn/OwoHiN3BmsBYdZA==,oIdGgoGmkVrVis1kdzpvX3kXrOmBe2noFrpHqh4VKlq/WxrFk+Du670BL7DzLas+GxIPNjgdDCHo9daVzthIwQ==,es256,+presence:9CEdjOg0YGpvNeisK5OW1hjjg0nRvJDBpr7X8Q4QPtxJP4iC5C6dShTxEpxmLAkqAi8x/jKCDwpt146AYAXfFg==,q8ddSEI2tIyRwB2MhRlrGZRv6ZDkEC2RYn/n33fdmK1KjBkcMy6ELUMQQDVGtsvsiQFbRS3v4qxjsgXF5BVD0A==,es256,+presence+pin"
Declared by:
ghaf.shm.enable
Section titled “ghaf.shm.enable”Enables shared memory communication between virtual machines (VMs)
Type: boolean
Default:
false
Declared by:
ghaf.shm.enable_host
Section titled “ghaf.shm.enable_host”Enables the memsocket functionality on the host system
Type: boolean
Default:
false
Declared by:
ghaf.shm.clientSocketPath
Section titled “ghaf.shm.clientSocketPath”Specifies the location of the output socket, which will connected to in order to receive data from AppVMs. This socket must be created by another application, such as Waypipe, when operating in client mode
Type: absolute path
Default:
"/run/user/1000/memsocket-client.sock"
Declared by:
ghaf.shm.display
Section titled “ghaf.shm.display”Enables the use of shared memory with Waypipe for Wayland-enabled applications running on virtual machines (VMs), facilitating efficient inter-VM communication
Type: boolean
Default:
false
Declared by:
ghaf.shm.flataddr
Section titled “ghaf.shm.flataddr”Maps the shared memory to a physical address if set to a non-zero value. The address must be platform-specific and arbitrarily chosen to avoid conflicts with other memory areas, such as PCI regions.
Type: string
Default:
"0x920000000"
Declared by:
ghaf.shm.hostSocketPath
Section titled “ghaf.shm.hostSocketPath”Specifies the path to the shared memory socket, used by QEMU instances for inter-VM memory sharing and interrupt signaling
Type: absolute path
Default:
"/tmp/ivshmem_socket"
Declared by:
ghaf.shm.hugePageSz
Section titled “ghaf.shm.hugePageSz”Specifies the size of the large memory page area. Supported kernel values are 2 MB and 1 GB
Type: string
Default:
"2M"
Declared by:
ghaf.shm.instancesCount
Section titled “ghaf.shm.instancesCount”Number of memory slots allocated in the shared memory region
Type: signed integer
Default:
0
Declared by:
ghaf.shm.memSize
Section titled “ghaf.shm.memSize”Specifies the size of the shared memory region, measured in megabytes (MB)
Type: signed integer
Default:
16
Declared by:
ghaf.shm.serverSocketPath
Section titled “ghaf.shm.serverSocketPath”Specifies the path of the listening socket, which is used by Waypipe or other server applications as the output socket in server mode for data transmission
Type: absolute path
Default:
"/run/user/1000/memsocket-server.sock"
Declared by:
ghaf.shm.vms_enabled
Section titled “ghaf.shm.vms_enabled”List of vms having access to shared memory
Type: list of string
Default:
[ ]
Declared by:
ghaf.systemd.enable
Section titled “ghaf.systemd.enable”Whether to enable Enable minimal systemd configuration…
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.systemd.boot.enable
Section titled “ghaf.systemd.boot.enable”Enable systemd in stage 1 of the boot (initrd).
Type: unspecified value
Default:
false
Declared by:
ghaf.systemd.logLevel
Section titled “ghaf.systemd.logLevel”Systemd log verbosity. Must be one of ‘debug’, ‘info’, ‘notice’, ‘warning’, ‘err’, ‘crit’, ‘alert’, ‘emerg’. Defaults to ‘info’.
Type: one of “debug”, “info”, “notice”, “warning”, “err”, “crit”, “alert”, “emerg”
Default:
"info"
Declared by:
ghaf.systemd.withApparmor
Section titled “ghaf.systemd.withApparmor”Enable systemd apparmor functionality.
Type: boolean
Default:
false
Declared by:
ghaf.systemd.withAudio
Section titled “ghaf.systemd.withAudio”Enable audio functionality.
Type: boolean
Default:
false
Declared by:
ghaf.systemd.withAudit
Section titled “ghaf.systemd.withAudit”Enable systemd audit functionality.
Type: boolean
Default:
false
Declared by:
ghaf.systemd.withBluetooth
Section titled “ghaf.systemd.withBluetooth”Enable bluetooth functionality.
Type: boolean
Default:
false
Declared by:
ghaf.systemd.withBootloader
Section titled “ghaf.systemd.withBootloader”Enable systemd bootloader functionality.
Type: boolean
Default:
true
Declared by:
ghaf.systemd.withCryptsetup
Section titled “ghaf.systemd.withCryptsetup”Enable systemd LUKS2 functionality.
Type: boolean
Default:
false
Declared by:
ghaf.systemd.withDebug
Section titled “ghaf.systemd.withDebug”Enable systemd debug functionality.
Type: boolean
Default:
false
Declared by:
ghaf.systemd.withEfi
Section titled “ghaf.systemd.withEfi”Enable systemd EFI functionality.
Type: boolean
Default:
true
Declared by:
ghaf.systemd.withFido2
Section titled “ghaf.systemd.withFido2”Enable systemd Fido2 token functionality.
Type: boolean
Default:
false
Declared by:
ghaf.systemd.withHardenedConfigs
Section titled “ghaf.systemd.withHardenedConfigs”Enable common hardened configs.
Type: boolean
Default:
false
Declared by:
ghaf.systemd.withHomed
Section titled “ghaf.systemd.withHomed”Enable systemd homed for users home functionality.
Type: boolean
Default:
false
Declared by:
ghaf.systemd.withHostnamed
Section titled “ghaf.systemd.withHostnamed”Enable systemd hostname daemon.
Type: boolean
Default:
false
Declared by:
ghaf.systemd.withJournal
Section titled “ghaf.systemd.withJournal”Enable systemd journal daemon.
Type: boolean
Default:
true
Declared by:
ghaf.systemd.withLocaled
Section titled “ghaf.systemd.withLocaled”Enable systemd locale daemon.
Type: boolean
Default:
false
Declared by:
ghaf.systemd.withLogind
Section titled “ghaf.systemd.withLogind”Enable systemd login daemon.
Type: boolean
Default:
true
Declared by:
ghaf.systemd.withMachines
Section titled “ghaf.systemd.withMachines”Enable systemd container and VM functionality.
Type: boolean
Default:
false
Declared by:
ghaf.systemd.withName
Section titled “ghaf.systemd.withName”Set systemd name.
Type: string
Default:
"base-systemd"
Declared by:
ghaf.systemd.withNetworkd
Section titled “ghaf.systemd.withNetworkd”Enable systemd networking daemon.
Type: boolean
Default:
true
Declared by:
ghaf.systemd.withNss
Section titled “ghaf.systemd.withNss”Enable systemd Name Service Switch (NSS) functionality.
Type: boolean
Default:
false
Declared by:
ghaf.systemd.withPolkit
Section titled “ghaf.systemd.withPolkit”Enable systemd polkit functionality.
Type: boolean
Default:
false
Declared by:
ghaf.systemd.withRepart
Section titled “ghaf.systemd.withRepart”Enable systemd repart functionality.
Type: boolean
Default:
false
Declared by:
ghaf.systemd.withResolved
Section titled “ghaf.systemd.withResolved”Enable systemd resolve daemon.
Type: boolean
Default:
false
Declared by:
ghaf.systemd.withSerial
Section titled “ghaf.systemd.withSerial”Enable systemd serial console.
Type: boolean
Default:
false
Declared by:
ghaf.systemd.withSysupdate
Section titled “ghaf.systemd.withSysupdate”Enable systemd system update functionality.
Type: boolean
Default:
false
Declared by:
ghaf.systemd.withTimesyncd
Section titled “ghaf.systemd.withTimesyncd”Enable systemd timesync daemon.
Type: boolean
Default:
false
Declared by:
ghaf.systemd.withTpm2Tss
Section titled “ghaf.systemd.withTpm2Tss”Enable systemd TPM functionality.
Type: boolean
Default:
false
Declared by:
ghaf.systemd.withUkify
Section titled “ghaf.systemd.withUkify”Enable systemd UKI functionality.
Type: boolean
Default:
true
Declared by:
ghaf.type
Section titled “ghaf.type”Type of the ghaf component. One of ‘host’, ‘system-vm’, or ‘app-vm’.
Type: one of “host”, “system-vm”, “app-vm”
Declared by:
ghaf.users.admin.enable
Section titled “ghaf.users.admin.enable”Enable the admin user account. Enabled by default.
Type: boolean
Default:
true
Declared by:
ghaf.users.admin.createHome
Section titled “ghaf.users.admin.createHome”Boolean value whether to create admin home folder. Defaults to false, which sets it to ‘/var/empty’. A value of true will create the home directory as /home/<name>.
Type: boolean
Default:
false
Declared by:
ghaf.users.admin.extraGroups
Section titled “ghaf.users.admin.extraGroups”Extra groups for the admin user.
Type: list of string
Default:
[ ]
Declared by:
ghaf.users.admin.hashedPassword
Section titled “ghaf.users.admin.hashedPassword”Hashed password for live updates.
Type: null or string
Default:
null
Declared by:
ghaf.users.admin.initialHashedPassword
Section titled “ghaf.users.admin.initialHashedPassword”Initial hashed password for the admin user account.
Type: null or string
Default:
null
Declared by:
ghaf.users.admin.initialPassword
Section titled “ghaf.users.admin.initialPassword”Default password for the admin user account.
Type: null or string
Default:
"ghaf"
Declared by:
ghaf.users.admin.name
Section titled “ghaf.users.admin.name”Admin account name. Defaults to ‘ghaf’.
Type: string
Default:
"ghaf"
Declared by:
ghaf.users.admin.uid
Section titled “ghaf.users.admin.uid”User identifier (uid) for the admin account.
Type: signed integer
Default:
1001
Declared by:
ghaf.users.appUser
Section titled “ghaf.users.appUser”User account to run applications.
Type: submodule
Declared by:
ghaf.users.appUser.enable
Section titled “ghaf.users.appUser.enable”Whether to enable Enable auxiliary user account…
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.users.appUser.extraGroups
Section titled “ghaf.users.appUser.extraGroups”Extra groups for the auxiliary user.
Type: list of string
Default:
[ ]
Declared by:
ghaf.users.appUser.name
Section titled “ghaf.users.appUser.name”Auxiliary user’s name.
Type: string
Declared by:
ghaf.users.loginUser
Section titled “ghaf.users.loginUser”User account for desktop login.
Type: submodule
Default:
{ }
Declared by:
ghaf.users.loginUser.enable
Section titled “ghaf.users.loginUser.enable”Whether to enable Enable desktop login user account…
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.users.loginUser.extraGroups
Section titled “ghaf.users.loginUser.extraGroups”Extra groups for the login user.
Type: list of string
Default:
[ "audio" "video"]Declared by:
ghaf.users.loginUser.fidoAuth
Section titled “ghaf.users.loginUser.fidoAuth”Whether to enable FIDO authentication for the login user…
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.users.loginUser.homeSize
Section titled “ghaf.users.loginUser.homeSize”Size of the home directory for the login user in MB (integer). The integer size is inherited from the microvm volume size parameter. Defaults to 800 GB (800000 MB).
Type: signed integer
Default:
800000
Declared by:
ghaf.users.loginUser.uid
Section titled “ghaf.users.loginUser.uid”Login user identifier (uid). Defaults to 1000 for compatibility.
Type: signed integer
Default:
1000
Declared by:
ghaf.users.managed
Section titled “ghaf.users.managed”List of declarativively managed user accounts.
The ghaf user interface for declarative users has the following options:
- No enable flag, a specified account is enabled by default [mandatory]
- name: User name
- vms: List of VMs (or host) the user is enabled in [optional]
- initialPassword: Default password for the user account
- initialHashedPassword: Initial hashed password for the user account
- hashedPassword: Hashed password for live updates
- uid: Optional user identifier (uid). Defaults to null
- gid: Optional primary group identifier (gid). Defaults to null
- createHome: Create home directory for the user
- linger: Enable lingering for the user
- extraGroups: Extra groups for the user
These, as any additional user option, may be set through the usual NixOS user options.
Type: list of (submodule)
Default:
[ ]
Declared by:
ghaf.users.managed.*.createHome
Section titled “ghaf.users.managed.*.createHome”Create home directory for the user.
Type: boolean
Default:
true
Declared by:
ghaf.users.managed.*.extraGroups
Section titled “ghaf.users.managed.*.extraGroups”Extra groups for the user.
Type: list of string
Default:
[ ]
Declared by:
ghaf.users.managed.*.gid
Section titled “ghaf.users.managed.*.gid”Optional primary group identifier (gid). Defaults to null.
Type: null or signed integer
Default:
null
Declared by:
ghaf.users.managed.*.hashedPassword
Section titled “ghaf.users.managed.*.hashedPassword”Hashed password for live updates.
Type: null or string
Default:
null
Declared by:
ghaf.users.managed.*.initialHashedPassword
Section titled “ghaf.users.managed.*.initialHashedPassword”Initial hashed password for the admin user account.
Type: null or string
Default:
null
Declared by:
ghaf.users.managed.*.initialPassword
Section titled “ghaf.users.managed.*.initialPassword”Initial password for the admin user account.
Type: null or string
Default:
null
Declared by:
ghaf.users.managed.*.linger
Section titled “ghaf.users.managed.*.linger”Enable lingering for the user.
Type: boolean
Default:
false
Declared by:
ghaf.users.managed.*.name
Section titled “ghaf.users.managed.*.name”User name
Type: null or string
Default:
null
Declared by:
ghaf.users.managed.*.uid
Section titled “ghaf.users.managed.*.uid”Optional user identifier (uid). Defaults to null.
Type: null or signed integer
Default:
null
Declared by:
ghaf.users.managed.*.vms
Section titled “ghaf.users.managed.*.vms”List of VMs (or host) the user is enabled in.
Type: list of string
Default:
[ ]
Declared by:
ghaf.users.proxyUser
Section titled “ghaf.users.proxyUser”User account for dbus proxy functionality.
Type: submodule
Declared by:
ghaf.users.proxyUser.enable
Section titled “ghaf.users.proxyUser.enable”Whether to enable Enable auxiliary user account…
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.users.proxyUser.extraGroups
Section titled “ghaf.users.proxyUser.extraGroups”Extra groups for the auxiliary user.
Type: list of string
Default:
[ ]
Declared by:
ghaf.users.proxyUser.name
Section titled “ghaf.users.proxyUser.name”Auxiliary user’s name.
Type: string
Declared by:
ghaf.version
Section titled “ghaf.version”The version of Ghaf
Type: string (read only)
Default:
"25.06"
Declared by:
ghaf.virtualization.microvm.adminvm.enable
Section titled “ghaf.virtualization.microvm.adminvm.enable”Whether to enable AdminVM.
Type: boolean
Default:
false
Example:
true
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.adminvm.extraModules
Section titled “ghaf.virtualization.microvm.adminvm.extraModules”List of additional modules to be imported and evaluated as part of AdminVM’s NixOS configuration.
Type: unspecified value
Default:
[ ]
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.appvm.enable
Section titled “ghaf.virtualization.microvm.appvm.enable”Whether to enable appvm.
Type: boolean
Default:
false
Example:
true
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.appvm.extraModules
Section titled “ghaf.virtualization.microvm.appvm.extraModules”List of additional modules to be imported and evaluated as part of appvm’s NixOS configuration.
Type: unspecified value
Default:
[ ]
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.appvm.vms
Section titled “ghaf.virtualization.microvm.appvm.vms”List of AppVMs to be created
Type: attribute set of (submodule)
Default:
{ }
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.appvm.vms.<name>.enable
Section titled “ghaf.virtualization.microvm.appvm.vms.<name>.enable”Whether to enable this virtual machine.
Type: boolean
Default:
false
Example:
true
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.appvm.vms.<name>.packages
Section titled “ghaf.virtualization.microvm.appvm.vms.<name>.packages”Packages that are included into the AppVM
Type: list of package
Default:
[ ]
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.appvm.vms.<name>.applications
Section titled “ghaf.virtualization.microvm.appvm.vms.<name>.applications”Applications to include in the AppVM
Type: list of (submodule)
Default:
[ ]
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.appvm.vms.<name>.applications.*.packages
Section titled “ghaf.virtualization.microvm.appvm.vms.<name>.applications.*.packages”A list of packages required for the application
Type: list of package
Default:
[ ]
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.appvm.vms.<name>.applications.*.command
Section titled “ghaf.virtualization.microvm.appvm.vms.<name>.applications.*.command”The command to run the application
Type: string
Default:
null
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.appvm.vms.<name>.applications.*.description
Section titled “ghaf.virtualization.microvm.appvm.vms.<name>.applications.*.description”A brief description of the application
Type: string
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.appvm.vms.<name>.applications.*.extraModules
Section titled “ghaf.virtualization.microvm.appvm.vms.<name>.applications.*.extraModules”Additional modules required for the application
Type: list of (attribute set)
Default:
[ ]
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.appvm.vms.<name>.applications.*.givcArgs
Section titled “ghaf.virtualization.microvm.appvm.vms.<name>.applications.*.givcArgs”A list of GIVC arguments for the application
Type: list of string
Default:
[ ]
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.appvm.vms.<name>.applications.*.givcName
Section titled “ghaf.virtualization.microvm.appvm.vms.<name>.applications.*.givcName”GIVC name for the application
Type: string
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.appvm.vms.<name>.applications.*.icon
Section titled “ghaf.virtualization.microvm.appvm.vms.<name>.applications.*.icon”Application icon
Type: string
Default:
null
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.appvm.vms.<name>.applications.*.name
Section titled “ghaf.virtualization.microvm.appvm.vms.<name>.applications.*.name”The name of the application
Type: string
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.appvm.vms.<name>.balloonRatio
Section titled “ghaf.virtualization.microvm.appvm.vms.<name>.balloonRatio”Amount of dynamic RAM for this AppVM as a multiple of ramMb
Type: signed integer or floating point number
Default:
2
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.appvm.vms.<name>.borderColor
Section titled “ghaf.virtualization.microvm.appvm.vms.<name>.borderColor”Border color of the AppVM window
Type: null or string
Default:
null
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.appvm.vms.<name>.cores
Section titled “ghaf.virtualization.microvm.appvm.vms.<name>.cores”Amount of processor cores for this AppVM
Type: signed integer
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.appvm.vms.<name>.extraModules
Section titled “ghaf.virtualization.microvm.appvm.vms.<name>.extraModules”List of additional modules to be imported and evaluated as part of appvm’s NixOS configuration.
Type: unspecified value
Default:
[ ]
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.appvm.vms.<name>.ghafAudio.enable
Section titled “ghaf.virtualization.microvm.appvm.vms.<name>.ghafAudio.enable”Whether to enable Ghaf application audio support.
Type: boolean
Default:
false
Example:
true
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.appvm.vms.<name>.ghafAudio.useTunneling
Section titled “ghaf.virtualization.microvm.appvm.vms.<name>.ghafAudio.useTunneling”Whether to enable Use Pulseaudio tunneling.
Type: boolean
Default:
false
Example:
true
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.appvm.vms.<name>.macAddress
Section titled “ghaf.virtualization.microvm.appvm.vms.<name>.macAddress”AppVM’s network interface MAC address
Type: string
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.appvm.vms.<name>.ramMb
Section titled “ghaf.virtualization.microvm.appvm.vms.<name>.ramMb”Minimum amount of RAM for this AppVM
Type: signed integer
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.appvm.vms.<name>.vtpm.enable
Section titled “ghaf.virtualization.microvm.appvm.vms.<name>.vtpm.enable”Whether to enable vTPM support in the virtual machine.
Type: boolean
Default:
false
Example:
true
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.audiovm.enable
Section titled “ghaf.virtualization.microvm.audiovm.enable”Whether to enable AudioVM.
Type: boolean
Default:
false
Example:
true
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.audiovm.audio
Section titled “ghaf.virtualization.microvm.audiovm.audio”Enable Audio module configuration.
Type: boolean
Default:
false
Declared by:
ghaf.virtualization.microvm.audiovm.extraModules
Section titled “ghaf.virtualization.microvm.audiovm.extraModules”List of additional modules to be imported and evaluated as part of AudioVM’s NixOS configuration.
Type: unspecified value
Default:
[ ]
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.guivm.enable
Section titled “ghaf.virtualization.microvm.guivm.enable”Whether to enable GUIVM.
Type: boolean
Default:
false
Example:
true
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.guivm.applications
Section titled “ghaf.virtualization.microvm.guivm.applications”Applications to include in the GUIVM
Type: list of (submodule)
Default:
[ ]
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.guivm.applications.*.command
Section titled “ghaf.virtualization.microvm.guivm.applications.*.command”The command to run the application
Type: string
Default:
null
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.guivm.applications.*.description
Section titled “ghaf.virtualization.microvm.guivm.applications.*.description”A brief description of the application
Type: string
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.guivm.applications.*.icon
Section titled “ghaf.virtualization.microvm.guivm.applications.*.icon”Application icon
Type: string
Default:
null
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.guivm.applications.*.name
Section titled “ghaf.virtualization.microvm.guivm.applications.*.name”The name of the application
Type: string
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.guivm.extraModules
Section titled “ghaf.virtualization.microvm.guivm.extraModules”List of additional modules to be imported and evaluated as part of GUIVM’s NixOS configuration.
Type: unspecified value
Default:
[ ]
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.guivm.fprint
Section titled “ghaf.virtualization.microvm.guivm.fprint”Enable Fingerprint module configuration.
Type: boolean
Default:
false
Declared by:
ghaf.virtualization.microvm.guivm.yubikey
Section titled “ghaf.virtualization.microvm.guivm.yubikey”Enable Yubikey module configuration.
Type: boolean
Default:
false
Declared by:
ghaf.virtualization.microvm.idsvm.enable
Section titled “ghaf.virtualization.microvm.idsvm.enable”Whether to enable Whether to enable IDS-VM on the system.
Type: boolean
Default:
false
Example:
true
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.idsvm.extraModules
Section titled “ghaf.virtualization.microvm.idsvm.extraModules”List of additional modules to be imported and evaluated as part of IDSVM’s NixOS configuration.
Type: unspecified value
Default:
[ ]
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.idsvm.mitmproxy.enable
Section titled “ghaf.virtualization.microvm.idsvm.mitmproxy.enable”Whether to enable Whether to enable mitmproxy on ids-vm.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.virtualization.microvm.idsvm.mitmproxy.webUIEnabled
Section titled “ghaf.virtualization.microvm.idsvm.mitmproxy.webUIEnabled”Whether to enable mitmproxyWebUI on ids-vm
Type: boolean
Default:
false
Declared by:
ghaf.virtualization.microvm.idsvm.mitmproxy.webUIPort
Section titled “ghaf.virtualization.microvm.idsvm.mitmproxy.webUIPort”MitmwebUI port
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive) (read only)
Default:
[ 8081]Declared by:
ghaf.virtualization.microvm.idsvm.mitmproxy.webUIPswd
Section titled “ghaf.virtualization.microvm.idsvm.mitmproxy.webUIPswd”MitmwebUI password
Type: string (read only)
Default:
"ghaf"
Declared by:
ghaf.virtualization.microvm.netvm.enable
Section titled “ghaf.virtualization.microvm.netvm.enable”Whether to enable NetVM.
Type: boolean
Default:
false
Example:
true
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.netvm.extraModules
Section titled “ghaf.virtualization.microvm.netvm.extraModules”List of additional modules to be imported and evaluated as part of NetVM’s NixOS configuration.
Type: unspecified value
Default:
[ ]
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm.netvm.wifi
Section titled “ghaf.virtualization.microvm.netvm.wifi”Enable Wifi module configuration.
Type: boolean
Default:
false
Declared by:
ghaf.virtualization.microvm-host.enable
Section titled “ghaf.virtualization.microvm-host.enable”Whether to enable MicroVM Host.
Type: boolean
Default:
false
Example:
true
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm-host.networkSupport
Section titled “ghaf.virtualization.microvm-host.networkSupport”Whether to enable Network support services to run host applications…
Type: boolean
Default:
false
Example:
true
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm-host.sharedVmDirectory.enable
Section titled “ghaf.virtualization.microvm-host.sharedVmDirectory.enable”Whether to enable shared directory.
Type: boolean
Default:
true
Example:
true
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm-host.sharedVmDirectory.inotifyPassthrough
Section titled “ghaf.virtualization.microvm-host.sharedVmDirectory.inotifyPassthrough”Whether to enable inotify passthrough.
Type: boolean
Default:
true
Example:
true
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.microvm-host.sharedVmDirectory.vms
Section titled “ghaf.virtualization.microvm-host.sharedVmDirectory.vms”List of names of virtual machines for which unsafe shared folder will be enabled.
Type: list of string
Default:
[ ]
Declared by:
- [https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm](https://github.com/tiiuae/ghaf/blob/main/modules/microvm/flake-module.nix, via option flake.nixosModules.microvm)
ghaf.virtualization.nvidia-docker.daemon.enable
Section titled “ghaf.virtualization.nvidia-docker.daemon.enable”Whether to enable Nvidia Docker Daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
ghaf.virtualization.nvidia-podman.daemon.enable
Section titled “ghaf.virtualization.nvidia-podman.daemon.enable”Whether to enable Nvidia Podman Daemon.
Type: boolean
Default:
false
Example:
true
Declared by: