Robotnix Configuration Options

Some robotnix flavors or modules may change the option defaults shown below. Refer to the flavor or module source for details

androidVersion

Used to select which Android version to use

Default: 12

Type: signed integer

Declared by: modules/base.nix

apps.auditor.domain

Domain running the AttestationServer (over HTTPS) for remote verification

Example: "attestation.example.com"

Type: string

Declared by: modules/apps/auditor.nix

apps.auditor.enable

Whether to enable Auditor.

Default: false

Example: true

Type: boolean

Declared by: modules/apps/auditor.nix

apps.bromite.enable

Whether to enable bromite browser.

Default: false

Example: true

Type: boolean

Declared by: modules/apps/chromium.nix

apps.chromium.enable

Whether to enable chromium browser.

Default: false

Example: true

Type: boolean

Declared by: modules/apps/chromium.nix

apps.fdroid.additionalRepos

Additional F-Droid repositories to include in the default build. Note that changes to this setting will only take effect on a freshly installed device--or if the F-Droid storage is cleared.

Default: { }

Type: attribute set of submodules

Declared by: modules/apps/fdroid.nix

apps.fdroid.additionalRepos.<name>.description

Longer textual description of this repository

Default: "Empty description"

Type: string

Declared by: modules/apps/fdroid.nix

apps.fdroid.additionalRepos.<name>.enable

Whether to enable this repository by default in F-Droid.

Default: false

Type: boolean

Declared by: modules/apps/fdroid.nix

apps.fdroid.additionalRepos.<name>.name

Display name to use for this repository

Default: "‹name›"

Type: string

Declared by: modules/apps/fdroid.nix

apps.fdroid.additionalRepos.<name>.pubkey

Public key associated with this repository. Can be found in /index.xml under the repo URL.

Type: string

Declared by: modules/apps/fdroid.nix

apps.fdroid.additionalRepos.<name>.pushRequests

Allow this repository to specify apps which should be automatically installed/uninstalled

Default: "ignore"

Type: one of "ignore", "prompt", "always"

Declared by: modules/apps/fdroid.nix

apps.fdroid.additionalRepos.<name>.url

URL for F-Droid repository

Type: string

Declared by: modules/apps/fdroid.nix

apps.fdroid.enable

Whether to enable F-Droid.

Default: false

Example: true

Type: boolean

Declared by: modules/apps/fdroid.nix

apps.prebuilt

Prebuilt APKs to include in the robotnix build

Default: { }

Type: attribute set of submodules

Declared by: modules/apps/prebuilt.nix

apps.prebuilt.<name>.allowInPowerSave

Whether to allow this application to operate in "power save" mode. Disables battery optimization for this app.

Default: false

Type: boolean

Declared by: modules/apps/prebuilt.nix

apps.prebuilt.<name>.apk

APK file to include in build

Type: path

Declared by: modules/apps/prebuilt.nix

apps.prebuilt.<name>.certificate

Name of certificate to sign APK with. Defaults to the name of the prebuilt app. If it is a device-specific certificate, the cert/key should be under ${keyStorePath}/${device}/${certificate}.{x509.pem,pk8}. Otherwise, it should be ${keyStorePath}/${certificate}.{x509.pem,pk8}. Finally, the special string "PRESIGNED" will just use the APK as-is.

Default: "‹name›"

Type: string

Declared by: modules/apps/prebuilt.nix

apps.prebuilt.<name>.defaultPermissions

Permissions to be enabled by default without user prompting.

Default: [ ]

Example: ["INSTALL_PACKAGES"]

Type: list of strings

Declared by: modules/apps/prebuilt.nix

apps.prebuilt.<name>.name

Name of application. (No spaces)

Default: "‹name›"

Type: string

Declared by: modules/apps/prebuilt.nix

apps.prebuilt.<name>.packageName

APK's Java-style package name (applicationId). This setting only necessary to be set if also using privappPermissions.

Example: "com.android.test"

Type: string matching the pattern [a-zA-Z0-9_.]*

Declared by: modules/apps/prebuilt.nix

apps.prebuilt.<name>.partition

Partition on which to place this app

Type: one of "vendor", "system", "product"

Declared by: modules/apps/prebuilt.nix

apps.prebuilt.<name>.privappPermissions

Privileged permissions to apply to this application. Refer to this link and note permissions which say "not for use by third-party applications".

Default: [ ]

Example: ["INSTALL_PACKAGES"]

Type: list of strings

Declared by: modules/apps/prebuilt.nix

apps.prebuilt.<name>.privileged

Whether this APK should be included as a privileged application.

Default: false

Type: boolean

Declared by: modules/apps/prebuilt.nix

apps.seedvault.enable

Whether to enable Seedvault (backup).

Default: false

Example: true

Type: boolean

Declared by: modules/apps/seedvault.nix

apps.updater.enable

Whether to enable OTA Updater.

Default: false

Example: true

Type: boolean

Declared by: modules/apps/updater.nix

apps.updater.flavor

Which updater package to use, and which kind of metadata to generate for it.

Default: "grapheneos"

Type: one of "grapheneos", "lineageos"

Declared by: modules/apps/updater.nix

apps.updater.url

URL for OTA updates

Type: string

Declared by: modules/apps/updater.nix

apps.vanadium.enable

Whether to enable vanadium browser.

Default: false

Example: true

Type: boolean

Declared by: modules/apps/chromium.nix

apv.buildID

Build ID associated with the upstream img/ota (used to select images)

Type: string

Declared by: modules/apv

apv.enable

Whether to enable android-prepare-vendor.

Default: false

Example: true

Type: boolean

Declared by: modules/apv

apv.img

A factory image .zip from upstream whose vendor contents should be extracted and included in the build

Default: null

Type: path

Declared by: modules/apv

apv.ota

An OTA from upstream whose vendor contents should be extracted and included in the build. (Android >=10 builds require this in addition to apv.img)

Default: null

Type: path

Declared by: modules/apv

arch

Architecture of phone, usually set automatically by device

Default: "arm64"

Type: one of "arm64", "arm", "x86_64", "x86"

Declared by: modules/base.nix

buildDateTime

Unix time (seconds since the epoch) that this build is taking place. Needs to be monotonically increasing for each build if you use the over-the-air (OTA) update mechanism. e.g. output of date +%s

Default: "*maximum of source.dirs.<name>.dateTime*"

Example: 1565645583

Type: signed integer

Declared by: modules/base.nix

buildNumber

Set this to something meaningful to identify the build. Defaults to YYYYMMDDHH based on buildDateTime. Should be unique for each build for disambiguation.

Example: "201908121"

Type: string

Declared by: modules/base.nix

buildType

one of "release", "debug"

Default: "release"

Type: one of "release", "debug"

Declared by: modules/base.nix

ccache.enable

Whether to enable ccache.

Default: false

Example: true

Type: boolean

Declared by: modules/base.nix

channel

Default channel to use for updates (can be modified in app)

Default: "stable"

Type: one of "stable", "beta"

Declared by: modules/release.nix

device

Code name of device build target

Default: null

Example: "marlin"

Type: null or string

Declared by: modules/base.nix

deviceDisplayName

Display name of device build target

Default: null

Example: "Pixel XL"

Type: null or string

Declared by: modules/base.nix

etc

Set of files to be included under /etc

Default: { }

Type: attribute set of submodules

Declared by: modules/etc.nix

etc.<name>.partition

Partition on which to place this etc file

Type: one of "vendor", "system", "product"

Declared by: modules/etc.nix

etc.<name>.source

Path of the source file

Type: path

Declared by: modules/etc.nix

etc.<name>.target

Name of symlink (relative to /etc). Defaults to the attribute name.

Type: string

Declared by: modules/etc.nix

etc.<name>.text

Text of the file

Default: null

Type: null or string

Declared by: modules/etc.nix

flavor

Set to one of robotnix's supported flavors. Current options are vanilla, grapheneos, and lineageos.

Default: null

Example: "vanilla"

Type: null or string

Declared by: modules/base.nix

hosts

Custom hosts file

Default: null

Type: null or path

Declared by: modules/hosts.nix

incremental

Whether to include an incremental build in otaDir output

Default: false

Type: boolean

Declared by: modules/release.nix

kernel.buildDateTime

Unix time to use for kernel build timestamp

Default: "config.buildDateTime"

Type: signed integer

Declared by: modules/kernel.nix

kernel.clangVersion

Version of prebuilt clang to use for kernel. See https://android.googlesource.com/platform/prebuilts/clang/host/linux-x86/+/master/README.md"

Type: string

Declared by: modules/kernel.nix

kernel.enable

Whether to enable building custom kernel.

Default: false

Example: true

Type: boolean

Declared by: modules/kernel.nix

kernel.patches

List of patches to apply to kernel source

Default: [ ]

Type: list of paths

Declared by: modules/kernel.nix

kernel.postPatch

Commands to run after patching kernel source

Default: ""

Type: strings concatenated with "\n"

Declared by: modules/kernel.nix

kernel.relpath

Relative path in source tree to place kernel build artifacts

Type: string

Declared by: modules/kernel.nix

kernel.src

Path to kernel source

Type: path

Declared by: modules/kernel.nix

microg.enable

Whether to enable MicroG.

Default: false

Example: true

Type: boolean

Declared by: modules/microg.nix

nixpkgs.overlays

Nixpkgs overlays to override the default packages used while building robotnix.

Default: [ ]

Type: list of unspecifieds

Declared by:

pixel.activeEdge.enable

Whether to enable Active Edge gestures using the open-source implementation from LineageOS.

Default: false

Example: true

Type: boolean

Declared by: modules/pixel/active-edge.nix

pixel.useUpstreamDriverBinaries

Use device vendor binaries from https://developers.google.com/android/drivers

Default: false

Type: boolean

Declared by: modules/pixel/driver-binaries.nix

product.additionalProductPackages

PRODUCT_PACKAGES to add under product partition.

Default: [ ]

Type: list of strings

Declared by: modules/base.nix

productName

Product name for choosecombo/lunch

Default: "${productNamePrefix}${device}"

Example: "aosp_crosshatch"

Type: string

Declared by: modules/base.nix

productNamePrefix

Prefix for product name used with choosecombo/lunch

Default: "aosp_"

Type: string

Declared by: modules/base.nix

removedProductPackages

PRODUCT_PACKAGES to remove from build

Default: [ ]

Type: list of strings

Declared by: modules/base.nix

resources

Additional package resources to include. The first key refers to the relative path for the package, and the second key refers to the resource name

Default: { }

Example: { "frameworks/base/core/res".config_enableAutoPowerModes = true; }

Type: attribute set of attribute set of boolean or signed integer or string or list of string or signed integers or submoduless

Declared by: modules/resources.nix

retrofit

Generate a retrofit OTA for upgrading a device without dynamic partitions. See also https://source.android.com/devices/tech/ota/dynamic_partitions/ab_legacy#generating-update-packages

Default: false

Type: boolean

Declared by: modules/release.nix

signing.apex.enable

Whether to enable signing APEX packages.

Default: false

Example: true

Type: boolean

Declared by: modules/signing.nix

signing.apex.packageNames

APEX packages which need to be signed

Default: [ ]

Type: list of strings

Declared by: modules/signing.nix

signing.avb.enable

Whether to enable AVB signing.

Default: false

Example: true

Type: boolean

Declared by: modules/signing.nix

signing.avb.fingerprint

SHA256 hash of avb_pkmd.bin. Should be set automatically based on file under keyStorePath if signing.enable = true

Type: string matching the pattern [0-9A-F]{64}

Declared by: modules/signing.nix

signing.avb.mode

Mode of AVB signing to use.

Default: "vbmeta_chained"

Type: one of "verity_only", "vbmeta_simple", "vbmeta_chained", "vbmeta_chained_v2"

Declared by: modules/signing.nix

signing.avb.verityCert

Verity certificate for AVB. e.g. in x509 DER format.x509.pem. Only needed if signing.avb.mode = "verity_only"

Type: path

Declared by: modules/signing.nix

signing.buildTimeKeyStorePath

Path to generated keys for signing to use at build-time, as opposed to keyStorePath, which is used at evaluation-time.

Type: string or path

Declared by: modules/signing.nix

signing.enable

Whether to sign build using user-provided keys. Otherwise, build will be signed using insecure test-keys.

Default: false

Type: boolean

Declared by: modules/signing.nix

signing.keyStorePath

String containing absolute path to generated keys for signing. This must be a string and not a "nix path" to ensure that your secret keys are not imported into the public /nix/store.

Example: "/var/secrets/android-keys"

Type: string

Declared by: modules/signing.nix

source.dirs

Directories to include in Android build process. Normally set by the output of mk_repo_file.py. However, additional source directories can be added to the build here using this option as well.

Default: { }

Type: attribute set of submodules

Declared by: modules/source.nix

source.dirs.<name>.enable

Whether to include this directory in the android build source tree.

Default: true

Type: boolean

Declared by: modules/source.nix

source.dirs.<name>.patches

Patches to apply to source directory.

Default: [ ]

Type: list of paths

Declared by: modules/source.nix

source.dirs.<name>.postPatch

Additional commands to run after patching source directory.

Default: ""

Type: strings concatenated with "\n"

Declared by: modules/source.nix

source.dirs.<name>.relpath

Relative path under android source tree to place this directory. Defaults to attribute name.

Default: "‹name›"

Type: string

Declared by: modules/source.nix

source.dirs.<name>.src

Source to use for this android source directory.

Default: <derivation empty>

Type: path

Declared by: modules/source.nix

source.evalTimeFetching

Set config.source.dirs automatically using IFD with information from source.manifest. Also enables use of builtins.fetchGit instead of pkgs.fetchgit if not all sha256 hashes are available. (Can be useful for development, but not recommended normally)

Default: false

Type: unspecified

Declared by: modules/source.nix

source.excludeGroups

Project groups to exclude from source tree

Default: [ "darwin" "mips" ]

Type: list of strings

Declared by: modules/source.nix

source.includeGroups

Project groups to include in source tree (overrides excludeGroups)

Default: [ ]

Type: list of strings

Declared by: modules/source.nix

source.manifest.rev

Revision/tag to use from repo manifest repository.

Type: string

Declared by: modules/source.nix

source.manifest.sha256

Nix sha256 hash of repo manifest repository.

Type: string

Declared by: modules/source.nix

source.manifest.url

URL to repo manifest repository. Not necessary to set if using source.dirs directly.

Type: string

Declared by: modules/source.nix

system.additionalProductPackages

PRODUCT_PACKAGES to add under system partition.

Default: [ ]

Type: list of strings

Declared by: modules/base.nix

useReproducibilityFixes

Apply additional fixes for reproducibility

Default: true

Type: boolean

Declared by: modules/base.nix

variant

user has limited access and is suited for production. userdebug is like user but with root access and debug capability. eng is the development configuration with additional debugging tools.

Default: "user"

Type: one of "user", "userdebug", "eng"

Declared by: modules/base.nix

webview

Webview providers to include in Android build. Pre-specified options are chromium, bromite, and vanadium.

Example: { bromite.enable = true; }

Type: attribute set of submodules

Declared by: modules/webview.nix

webview.<name>.apk

APK file containing webview package.

Type: path

Declared by: modules/webview.nix

webview.<name>.availableByDefault

If true, this provider can be automatically selected by the framework, if it's the first valid choice. If false, this provider will only be used if the user selects it themselves from the developer settings menu.

Default: false

Type: boolean

Declared by: modules/webview.nix

webview.<name>.description

The name shown to the user in the developer settings menu.

Default: "Android System WebView"

Type: string

Declared by: modules/webview.nix

webview.<name>.enable

Whether to enable ‹name› webview.

Default: false

Example: true

Type: boolean

Declared by: modules/webview.nix

webview.<name>.isFallback

If true, this provider will be automatically disabled by the framework, preventing it from being used or updated by app stores, unless there is no other valid provider available. Only one provider can be a fallback.

Default: false

Type: boolean

Declared by: modules/webview.nix

webview.<name>.packageName

The Android package name of the APK.

Default: "com.android.webview"

Type: string

Declared by: modules/webview.nix