Appendix A. All Options

Port the SSH daemon used to decrypt the root partition listens to.

Type: signed integer or string or absolute path

Default: 2222

Declared by:

If set to false, completely disable network setup by Skarabox.

Make sure you can still ssh to the server.

Type: boolean

Default: false

Declared by:

ZFS pool to store important data.

Type: submodule

Declared by:

Whether to enable the data pool on other hard drives…

Type: boolean

Default: true

Example: true

Declared by:

First disk on which to install the data pool.

Type: string

Example: "/dev/sda"

Declared by:

Second disk on which to install the data pool.

Type: string

Example: "/dev/sdb"

Declared by:

Name of the data pool

Type: string

Default: "zdata"

Declared by:

Disk size to reserve for ZFS internals. Should be between 5% and 10% of available size as recorded by zpool.

To get available size on zpool:

zfs get -Hpo value available <pool name>

Then to set manually, if needed:

sudo zfs set reservation=100G <pool name>

Type: string

Example: "1T"

Declared by:

Create the backup dataset.

Type: boolean

Default: true

Declared by:

ZFS root pool where the OS is stored.

Type: submodule

Declared by:

SSD disk on which to install. Required

Type: string

Example: "/dev/nvme0n1"

Declared by:

Mirror SSD disk on which to install. Optional. Boot partition will be mirrored too.

Type: null or string

Default: null

Example: "/dev/nvme0n2"

Declared by:

Name of the root pool

Type: string

Default: "root"

Declared by:

Disk size to reserve for ZFS internals. Should be between 10% and 15% of available size as recorded by zpool.

To get available size on zpool:

zfs get -Hpo value available <pool name>

Then to set manually, if needed:

sudo zfs set reservation=100G <pool name>

Type: string

Example: "100G"

Declared by:

nixos-facter config file.

Type: absolute path

Declared by:

Contains hashed password for the admin user.

Type: string

Declared by:

8 characters unique identifier for this server. Generate with uuidgen | head -c 8.

Type: string or absolute path

Declared by:

Hostname to give to the server.

Type: string

Default: "skarabox"

Declared by:

IP address of the beacon in the hotspot network.

Type: string

Default: "192.168.12.1"

Declared by:

Public SSH key used to connect on boot to decrypt the root pool.

Type: absolute path

Example: "./ssh.pub"

Declared by:

Port the SSH daemon listens to.

Type: signed integer or string or absolute path

Default: 22

Declared by:

Use static IP configuration. If unset, use DHCP.

Type: null or (submodule)

Default: null

Example:

{
  ip = "192.168.1.30";
  gateway = "192.168.1.1";
}

Declared by:

Whether to enable Skarabox static IP configuration.

Type: boolean

Default: false

Example: true

Declared by:

Device for which to configure the IP address for.

Either pass the device name directly if you know it, like “ens3”. Or configure the deviceName option to get the first device name matching that prefix from the facter.json report.

Type: string or (submodule)

Default:

{
  namePrefix = "en";
}

Declared by:

IP Gateway, often same beginning as ip and finishing by a 1: XXX.YYY.ZZZ.1.

Type: string

Declared by:

Static IP to use.

Type: string

Declared by:

Name given to the admin user on the server.

Type: string

Default: "skarabox"

Declared by:

Hostname to give the beacon. Use the same as for the host to simplify installation.

Type: string

Default: "skarabox"

Declared by:

IP address of the beacon in the hotspot network.

Type: string

Default: "192.168.12.1"

Declared by:

Static IP for beacon.

Type: string

Declared by:

Public key to connect to the beacon. Use the same as for the host to simplify installation.

Type: absolute path

Declared by:

Username with which you can log on the beacon. Use the same as for the host to simplify installation.

Type: string

Default: "skarabox"

Declared by:

Hosts managed by Skarabox.

Type: attribute set of (submodule)

Default: { }

Declared by:

Modules to add to the beacon configuration. Use this to add static network config, for example.

Type: list of anything

Default: [ ]

Example:

''
  extraBeaconModules = [
    {
      environment.systemPackages = [ pkgs.tmux ];
    }
  ];
''

Declared by:

Paths in python dictionary format to other passphrases for extra ZFS pools as they is stored in the SOPS secrets file.

Type: attribute set of string

Default: { }

Example:

{
  backup_passphrase = "['‹name›']['disks']['backupPassphrase']";
}

Declared by:

Path from the top of the repo to the ssh private file used as the host key.

Type: string

Default: "‹name›/host_key"

Declared by:

SSH public file used as the host key.

Type: absolute path

Example: ./‹name›/host_key.pub

Declared by:

IP or hostname used to ssh into the server.

Can be the IP or hostname directly or a file containing the value.

Type: string or absolute path

Default: "127.0.0.1"

Declared by:

Known hosts file.

Type: absolute path

Declared by:

Path from the top of the repo to known hosts file.

Type: string

Default: "‹name›/known_hosts"

Declared by:

Modules to add to the host nixosConfiguration. Add here all your own configuration.

Type: list of anything

Default: [ ]

Declared by:

If given, overrides pkgs in the nixosConfiguration.

By default, use the pkgs from the nixpkgs input.

Type: anything

Default: "inputs.nixpkgs"

Declared by:

Path in python dictionary format to the passphrase of the data ZFS pool as it is stored in the SOPS secrets file.

Type: string

Default: "['‹name›']['disks']['dataPassphrase']"

Declared by:

Path from the top of the repo to the SOPS secrets file.

By default Skarabox assumes one secret file per host to avoid sharing secrets across them but having only one file by specifying “./secrets.yaml” is possible too.

Type: string

Default: "‹name›/secrets.yaml"

Declared by:

Path in python dictionary format to the passphrase of the root ZFS pool as it is stored in the SOPS secrets file.

Type: string

Default: "['‹name›']['disks']['rootPassphrase']"

Declared by:

Path from the top of the repo to the ssh private file used to ssh into the host.

Type: string

Default: "‹name›/ssh"

Declared by:

SSH public file used to ssh into the host.

Type: absolute path

Declared by:

System of the host.

Can be the systm directly or a file containing the value.

Type: string or absolute path

Declared by:

Path from the top of the repo to the main sops key.

Type: string

Default: "sops.key"

Declared by: