security.dhparams.params
Diffie-Hellman parameters to generate.
The value is the size (in bits) of the DH params to generate. The
generated DH params path can be found in
config.security.dhparams.params.«name».path.
The name of the DH params is taken as being the name of the service it serves and the params will be generated before the said service is started.
If you are removing all dhparams from this list, you
have to leave security.dhparams.enable for at
least one activation in order to have them be cleaned up. This also
means if you rollback to a version without any dhparams the
existing ones won't be cleaned up. Of course this only applies if
security.dhparams.stateful is
true.
For module implementers: It's recommended
to not set a specific bit size here, so that users can easily
override this by setting
security.dhparams.defaultBitSize.
- Type
attribute set of ((submodule) or signed integer convertible to it)- Default
{ }- Example
{ nginx.bits = 3072; }- Declared
- <nixpkgs/nixos/modules/security/dhparams.nix>