ZFS: Difference between revisions

(21 intermediate revisions by 11 users not shown)

Line 62:

Disable the mount service with <code>systemd.services.zfs-mount.enable = false;</code> or remove the <code>fileSystems</code> entries in hardware-configuration.nix. Otherwise, use legacy mountpoints (created with e.g. <code>zfs create -o mountpoint=legacy</code>). Mountpoints must be specified with <code>fileSystems."/mount/point" = {};</code> or with <code>nixos-generate-config</code>.

==== Nix builds and ZFS properties like normalization or utf8only ====

These options are often suggested in guides to setting up ZFS. <code>normalization</code> makes filenames compare the same in cases where there exists more than one UTF8 bytestring that represents the same characters. <code>utf8only</code> prevents the creation of files with non-UTF8 filenames, e.g. filenames using a Latin1 character set. These are non-POSIX and will make the tests for certain packages fail, which may interfere with builds. After nix 2.30, builds no longer happen in /tmp by default, instead they happen in <code>/nix/var/nix/builds</code>. On any system where you plan to run nix builds, you should ensure that this filesystem is POSIX-compliant. Either mounting a tmpfs in that directory (if you have lots of RAM + swap) or creating a zfs dataset there which does not have these or other non-POSIX settings like <code>noatime</code>, <code>snapdir=visible</code>, <code>acltype=nfsv4</code>, or <code>caseinsensitivity=insensitive</code>. Many of these cannot be changed after dataset creation so if this is your root filesystem, you will need to restore from a backup in order to recreate them.

== Guides ==

===~~= '''OpenZFS Documentation for installing''' =~~===

=== Root on ZFS with disko ===

~~{{warning|This guide is not endorsed by NixOS and some features like immutable root do not have upstream support~~ and ~~could break on updates. If an issue arises while following this guide, please consult the guides support channels~~.}}

disko[https://github.com/nix-community/disko/blob/master/example/zfs.nix] can partition disks declaratively and handle mount points at install time.

~~One~~ guide ~~for a NixOS installation with ZFS is maintained at [https://openzfs~~.~~github~~.~~io/~~openzfs-docs~~/Getting%20Started/NixOS/ OpenZFS Documentation (''Getting Started''~~ for ~~''NixOS'')]~~

Don't follow the Root on ZFS guide found in OpenZFS documentation. It was abandoned and has not been updated in years. See commit log for the openzfs-docs repo for details.

~~It is about:~~

* [https://openzfs.github.~~io/openzfs-docs/Getting%20Started/NixOS/index.html#installation Enabling ZFS on an existing NixOS installation]~~

* [https://openzfs.github.io/openzfs-docs/Getting%20Started/NixOS/#root-on-zfs (Installing NixOS with) Root on ZFS].

~~It is not about:~~

* Giving understandable, easy to follow instructions which are close to the standard installation guide

* Integrating ZFS into your existing config

~~==== '''Simple NixOS ZFS on root installation''' ====~~

=== Simple NixOS ZFS on root installation ===

Start from here in the NixOS manual: [https://nixos.org/manual/nixos/stable/#sec-installation-manual].

Under manual partitioning [https://nixos.org/manual/nixos/stable/#sec-installation-manual-partitioning] do this instead:

~~'''~~Partition ~~your~~ disk ~~with your favorite partition tool'''~~

==== Partition the disk ====

We need the following partitions:

Line 145:

Line 139:

</syntaxhighlight>

'''Let's use variables from now on for simplicity.

'''Let's use variables from now on for simplicity.''' Get the device ID in <code>/dev/disk/by-id/</code> (using {{ic|blkid}}), in our case here it is <code>nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O</code>

Get the device ID in <code>/dev/disk/by-id/</code> (using {{ic|blkid}}), in our case here it is <code>nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O</code>

~~'''~~

BOOT=/dev/disk/by-id/nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O-part1

Line 156:

Line 149:

{{note|It is often recommended to specify the drive using the device ID/UUID to prevent incorrect configuration, but it is also possible to use the device name (e.g. /dev/sda). See also: [[#Zpool created with bus-based disk names]], [https://wiki.archlinux.org/title/Persistent_block_device_naming Persistent block device naming - ArchWiki]}}

~~'''~~Make a ZFS pool with encryption and mount points~~'''~~

==== Make a ZFS pool with encryption and mount points ====

~~'''~~Note~~:'''~~ zpool config can significantly affect performance (especially the ashift option) so you may want to do some research. The ~~[https://jrs-s.net/2018/08/17/zfs-tuning-cheat-sheet/~~ ZFS tuning cheatsheet] or ~~[https://wiki.archlinux.org/title/ZFS#Storage_pools~~ ArchWiki] is a good place to start.

{{Note|zpool config can significantly affect performance (especially the ashift option) so you may want to do some research. The ZFS tuning cheatsheet or ArchWiki is a good place to start.}}

Line 197:

Line 190:

</syntaxhighlight>

~~'''~~Format boot partition ~~with FAT as filesystem'''~~

==== Format boot partition and enable swap ====

mkfs.fat -F 32 -n boot $BOOT

</syntaxhighlight>

~~'''Enable swap'''~~

mkswap -L swap $SWAP

Line 208:

Line 200:

</syntaxhighlight>

~~'''~~Installation~~'''~~

==== Installation ====

# Mount boot

Line 335:

Line 326:

</syntaxhighlight>

You can confirm whether any specified configuration/tuning got applied via commands like <code>~~arc_summary~~</code> and <code>~~arcstat~~ -a -s " "</code>.

You can confirm whether any specified configuration/tuning got applied via commands like <code>zarcsummary</code> and <code>zarcstat -a -s " "</code>.

== Automatic scrubbing ==

Line 348:

Line 339:

=== Unlock encrypted ZFS via SSH on boot ===

{{~~note~~|As of 22.05, rebuilding your config with the below directions may result in a situation where, if you want to revert the changes, you may need to do some pretty hairy nix-store manipulation to be able to successfully rebuild, see https://github.com/NixOS/nixpkgs/issues/101462#issuecomment-1172926129}}

{{merge|Remote_disk_unlocking}}In case you want unlock a machine remotely (after an update), having an ssh service in initrd for the password prompt is handy:

In case you want unlock a machine remotely (after an update), having an ssh service in initrd for the password prompt is handy:

Line 380:

Line 369:

* If your network card isn't started, you'll need to add the according Kernel module to the Kernel and initrd as well, e.g. <syntaxhighlight lang="nix">

boot.kernelModules = [ "r8169" ];

boot.initrd.kernelModules = [ "r8169" ];</syntaxhighlight>

boot.initrd.kernelModules = [ "r8169" ];</syntaxhighlight>To know what kernel modules are needed, run <code>nix shell nixpkgs#pciutils --command lspci -v | grep -iA8 'network\|ethernet'</code> .

After that you can unlock your datasets using the following ssh command:

Line 431:

Line 420:

== Take snapshots automatically ==

See {{nixos:option|services.sanoid}} section in <code>man configuration.nix</code>.

See {{nixos:option|services.zfs.autoSnapshot}} or {{nixos:option|services.sanoid}} section in <code>man configuration.nix</code>.

== NFS share ==

Line 446:

Line 435:

</syntaxhighlight>

Only this line is needed. Configure firewall if necessary, as described in [[NFS]] article.

{{warning|<code>zfs share</code> or <code>sharenfs</code> does not work if the <code>mountpoint</code> is set to <code>legacy</code> (or <code>none</code>, of course). I was unable to find a source for this behaviour, but I was stuck on the problem for days, until I realized the problem. ::Reply: sharenfs controlls what

is written into <code>/etc/exports</code>. If ZFS does not know the mountpoint, as is the case in

mountpoint legacy or none, the contents of <code>/etc/exports</code> would be wrong}}

Then, set <code>sharenfs</code> property:

Line 458:

Line 451:

ZFS Event Daemon (zed) monitors events generated by the ZFS Kernel module and runs configured tasks. It can be configured to send an email when a pool scrub is finished or a disk has failed. [https://search.nixos.org/options?query=services.zfs.zed zed options]

~~=== Option A: enable mail notifications without re-compliation ===~~

First, we need to configure a mail transfer agent, the program that sends email:

{

age.secrets.msmtp = {

file = "${inputs.self.outPath}/secrets/msmtp.age";

};

# for zed enableMail, enable sendmailSetuidWrapper

services.mail.sendmailSetuidWrapper.enable = true;

programs.msmtp = {

enable = true;

Line 469:

Line 467:

defaults = {

aliases = "/etc/aliases";

port = ~~465~~;

port = 587;

~~tls_trust_file~~ = "~~/etc/ssl/certs/ca-certificates.crt~~";

auth = "plain";

tls = "on";

~~auth = "login";~~

tls_starttls = "on";

tls_starttls = "~~off~~";

};

accounts = {

default = {

host = "mail.example.com";

host = "smtp.mail.example.com";

passwordeval = "cat ~~/etc/emailpass~~.~~txt~~";

passwordeval = "cat ${config.age.secrets.msmtp.path}";

user = "~~user~~@example.com";

user = "myname@example.com";

from = "~~user~~@example.com";

from = "myname@example.com";

};

Line 489:

Line 486:

Then, configure an alias for root account. With this alias configured, all mails sent to root, such as cron job results and failed sudo login events, will be redirected to the configured email account.

~~tee -a /~~etc/aliases ~~<<EOF~~

{

root: ~~user~~@example.com

environment.etc.aliases.text = ''

~~EOF~~

root: admin@example.com

'';

}

</syntaxhighlight>

Finally, ~~override default~~ zed ~~settings with a custom one~~:

Finally, enable zed mail notification:

{

services.zfs.zed~~.settings~~ = {

services.zfs.zed = {

~~ZED_DEBUG_LOG~~ = ~~"/tmp/zed.debug.log"~~;

enableMail = true;

ZED_EMAIL_ADDR = [ "root" ];

settings = {

~~ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp";~~

ZED_EMAIL_ADDR = [ "root" ];

~~ZED_EMAIL_OPTS = "@ADDRESS@";~~

# send notification if scrub succeeds

ZED_NOTIFY_VERBOSE = true;

~~ZED_NOTIFY_INTERVAL_SECS = 3600;~~

};

ZED_NOTIFY_VERBOSE = true;

~~ZED_USE_ENCLOSURE_LEDS = true;~~

~~ZED_SCRUB_AFTER_RESILVER = true~~;

};

~~# this option does not work; will return error~~

~~services.zfs.zed.enableMail = false;~~

}

</syntaxhighlight>

Line 520:

Line 513:

</syntaxhighlight>

~~=== Option B: Rebuild ZFS with mail support ===~~

The <code>zfs</code> package can be rebuilt with mail features. However, please note that this will cause Nix to recompile the entire ZFS package on the computer, and on every Kernel update, which could be very time-consuming on lower-end NAS systems.

~~An alternative solution that does not involve recompliation can be found above.~~

~~The following override is needed as <code>zfs</code>is implicitly used in partition mounting:~~

~~<syntaxhighlight lang="nix">~~

~~nixpkgs.config.packageOverrides = pkgs: {~~

~~zfsStable = pkgs.zfsStable.override { enableMail = true; };~~

};

~~</syntaxhighlight>~~

~~A mail sender like [[msmtp]] or [[postfix]] is required.~~

~~A minimal, testable ZED configuration example:~~

~~<syntaxhighlight lang="nix">~~

~~services.zfs.zed.enableMail = true;~~

~~services.zfs.zed.settings = {~~

~~ZED_EMAIL_ADDR = [ "root" ];~~

~~ZED_NOTIFY_VERBOSE = true;~~

};

~~</syntaxhighlight>~~

Above, <code>ZED_EMAIL_ADDR</code> is set to <code>root</code>, which most people will have an alias for in their mailer. You can change it to directly mail you: <code>ZED_EMAIL_ADDR = [ "you@example.com" ];</code>

ZED pulls in <code>mailutils</code> and runs <code>mail</code> by default, but you can override it with <code>ZED_EMAIL_PROG</code>. If using msmtp, you may need <code>ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp";</code>.

You can customize the mail command with <code>ZED_EMAIL_OPTS</code>. For example, if your upstream mail server requires a certain FROM address: <code>ZED_EMAIL_OPTS = "-r 'noreply@example.com' -s '@SUBJECT@' @ADDRESS@";</code>

[[Category:Guide]]

@@ Line 62: / Line 62: @@
 Disable the mount service with <code>systemd.services.zfs-mount.enable = false;</code> or remove the <code>fileSystems</code> entries in hardware-configuration.nix. Otherwise, use legacy mountpoints (created with e.g. <code>zfs create -o mountpoint=legacy</code>). Mountpoints must be specified with <code>fileSystems."/mount/point" = {};</code> or with <code>nixos-generate-config</code>.
+==== Nix builds and ZFS properties like normalization or utf8only ====
+These options are often suggested in guides to setting up ZFS. <code>normalization</code> makes filenames compare the same in cases where there exists more than one UTF8 bytestring that represents the same characters. <code>utf8only</code> prevents the creation of files with non-UTF8 filenames, e.g. filenames using a Latin1 character set. These are non-POSIX and will make the tests for certain packages fail, which may interfere with builds. After nix 2.30, builds no longer happen in /tmp by default, instead they happen in <code>/nix/var/nix/builds</code>. On any system where you plan to run nix builds, you should ensure that this filesystem is POSIX-compliant. Either mounting a tmpfs in that directory (if you have lots of RAM + swap) or creating a zfs dataset there which does not have these or other non-POSIX settings like <code>noatime</code>, <code>snapdir=visible</code>, <code>acltype=nfsv4</code>, or <code>caseinsensitivity=insensitive</code>. Many of these cannot be changed after dataset creation so if this is your root filesystem, you will need to restore from a backup in order to recreate them.
 == Guides ==
-==== '''OpenZFS Documentation for installing''' ====
+=== Root on ZFS with disko ===
-{{warning|This guide is not endorsed by NixOS and some features like immutable root do not have upstream support and could break on updates. If an issue arises while following this guide, please consult the guides support channels.}}
+disko[https://github.com/nix-community/disko/blob/master/example/zfs.nix] can partition disks declaratively and handle mount points at install time.
-One guide for a NixOS installation with ZFS is maintained at [https://openzfs.github.io/openzfs-docs/Getting%20Started/NixOS/ OpenZFS Documentation (''Getting Started'' for ''NixOS'')]
+Don't follow the Root on ZFS guide found in OpenZFS documentation. It was abandoned and has not been updated in years. See commit log for the openzfs-docs repo for details.
-It is about:
-* [https://openzfs.github.io/openzfs-docs/Getting%20Started/NixOS/index.html#installation Enabling ZFS on an existing NixOS installation]
-* [https://openzfs.github.io/openzfs-docs/Getting%20Started/NixOS/#root-on-zfs (Installing NixOS with) Root on ZFS].
-It is not about:
-* Giving understandable, easy to follow instructions which are close to the standard installation guide
-* Integrating ZFS into your existing config
-==== '''Simple NixOS ZFS on root installation''' ====
+=== Simple NixOS ZFS on root installation ===
 Start from here in the NixOS manual: [https://nixos.org/manual/nixos/stable/#sec-installation-manual].
 Under manual partitioning [https://nixos.org/manual/nixos/stable/#sec-installation-manual-partitioning] do this instead:
-'''Partition your disk with your favorite partition tool'''
+==== Partition the disk ====
 We need the following partitions:
@@ Line 145: / Line 139: @@
 </syntaxhighlight>
-'''Let's use variables from now on for simplicity.
+'''Let's use variables from now on for simplicity.''' Get the device ID in <code>/dev/disk/by-id/</code> (using {{ic|blkid}}), in our case here it is <code>nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O</code>
-Get the device ID in <code>/dev/disk/by-id/</code> (using {{ic|blkid}}), in our case here it is <code>nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O</code>
-'''
 <syntaxhighlight lang=bash>
 BOOT=/dev/disk/by-id/nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O-part1
@@ Line 156: / Line 149: @@
 {{note|It is often recommended to specify the drive using the device ID/UUID to prevent incorrect configuration, but it is also possible to use the device name (e.g. /dev/sda). See also: [[#Zpool created with bus-based disk names]], [https://wiki.archlinux.org/title/Persistent_block_device_naming Persistent block device naming - ArchWiki]}}
-'''Make a ZFS pool with encryption and mount points'''
+==== Make a ZFS pool with encryption and mount points ====
-'''Note:''' zpool config can significantly affect performance (especially the ashift option) so you may want to do some research. The [https://jrs-s.net/2018/08/17/zfs-tuning-cheat-sheet/ ZFS tuning cheatsheet] or [https://wiki.archlinux.org/title/ZFS#Storage_pools ArchWiki] is a good place to start.
+{{Note|zpool config can significantly affect performance (especially the ashift option) so you may want to do some research. The ZFS tuning cheatsheet or ArchWiki is a good place to start.}}
 <syntaxhighlight lang="bash">
@@ Line 197: / Line 190: @@
 </syntaxhighlight>
-'''Format boot partition with FAT as filesystem'''
+==== Format boot partition and enable swap ====
 <syntaxhighlight lang="bash">
 mkfs.fat -F 32 -n boot $BOOT
 </syntaxhighlight>
-'''Enable swap'''
 <syntaxhighlight lang="bash">
 mkswap -L swap $SWAP
@@ Line 208: / Line 200: @@
 </syntaxhighlight>
-'''Installation'''
+==== Installation ====
 <syntaxhighlight lang="bash">
 # Mount boot
@@ Line 335: / Line 326: @@
 </syntaxhighlight>
-You can confirm whether any specified configuration/tuning got applied via commands like <code>arc_summary</code> and <code>arcstat -a -s " "</code>.
+You can confirm whether any specified configuration/tuning got applied via commands like <code>zarcsummary</code> and <code>zarcstat -a -s " "</code>.
 == Automatic scrubbing ==
@@ Line 348: / Line 339: @@
 === Unlock encrypted ZFS via SSH on boot ===
-{{note|As of 22.05, rebuilding your config with the below directions may result in a situation where, if you want to revert the changes, you may need to do some pretty hairy nix-store manipulation to be able to successfully rebuild, see https://github.com/NixOS/nixpkgs/issues/101462#issuecomment-1172926129}}
+{{merge|Remote_disk_unlocking}}In case you want unlock a machine remotely (after an update), having an ssh service in initrd for the password prompt is handy:
-In case you want unlock a machine remotely (after an update), having an ssh service in initrd for the password prompt is handy:
 <syntaxhighlight lang="nix">
@@ Line 380: / Line 369: @@
 * If your network card isn't started, you'll need to add the according Kernel module to the Kernel and initrd as well, e.g. <syntaxhighlight lang="nix">
 boot.kernelModules = [ "r8169" ];
-boot.initrd.kernelModules = [ "r8169" ];</syntaxhighlight>
+boot.initrd.kernelModules = [ "r8169" ];</syntaxhighlight>To know what kernel modules are needed, run <code>nix shell nixpkgs#pciutils --command lspci -v | grep -iA8 'network\|ethernet'</code> .
 After that you can unlock your datasets using the following ssh command:
@@ Line 431: / Line 420: @@
 == Take snapshots automatically ==
-See {{nixos:option|services.sanoid}} section in <code>man configuration.nix</code>.
+See {{nixos:option|services.zfs.autoSnapshot}} or {{nixos:option|services.sanoid}} section in <code>man configuration.nix</code>.
 == NFS share ==
@@ Line 446: / Line 435: @@
 </syntaxhighlight>
 Only this line is needed. Configure firewall if necessary, as described in [[NFS]] article.
+{{warning|<code>zfs share</code> or <code>sharenfs</code> does not work if the <code>mountpoint</code> is set to <code>legacy</code> (or <code>none</code>, of course). I was unable to find a source for this behaviour, but I was stuck on the problem for days, until I realized the problem.  ::Reply: sharenfs controlls what
+is written into <code>/etc/exports</code>.  If ZFS does not know the mountpoint, as is the case in
+mountpoint legacy or none, the contents of <code>/etc/exports</code> would be wrong}}
 Then, set <code>sharenfs</code> property:
@@ Line 458: / Line 451: @@
 ZFS Event Daemon (zed) monitors events generated by the ZFS Kernel module and runs configured tasks. It can be configured to send an email when a pool scrub is finished or a disk has failed. [https://search.nixos.org/options?query=services.zfs.zed zed options]
-=== Option A: enable mail notifications without re-compliation ===
 First, we need to configure a mail transfer agent, the program that sends email:
 <syntaxhighlight lang="nix">
 {
+  age.secrets.msmtp = {
+    file = "${inputs.self.outPath}/secrets/msmtp.age";
+  };
+  # for zed enableMail, enable sendmailSetuidWrapper
+  services.mail.sendmailSetuidWrapper.enable = true;
    programs.msmtp = {
      enable = true;
@@ Line 469: / Line 467: @@
      defaults = {
        aliases = "/etc/aliases";
-       port = 465;
+       port = 587;
-       tls_trust_file = "/etc/ssl/certs/ca-certificates.crt";
+       auth = "plain";
        tls = "on";
-      auth = "login";
+       tls_starttls = "on";
-       tls_starttls = "off";
      };
      accounts = {
        default = {
-         host = "mail.example.com";
+         host = "smtp.mail.example.com";
-         passwordeval = "cat /etc/emailpass.txt";
+         passwordeval = "cat ${config.age.secrets.msmtp.path}";
-         user = "user@example.com";
+         user = "myname@example.com";
-         from = "user@example.com";
+         from = "myname@example.com";
        };
      };
@@ Line 489: / Line 486: @@
 Then, configure an alias for root account. With this alias configured, all mails sent to root, such as cron job results and failed sudo login events, will be redirected to the configured email account.
-<syntaxhighlight lang="bash">
+<syntaxhighlight lang="nix">
-tee -a /etc/aliases <<EOF
+{
-root: user@example.com
+  environment.etc.aliases.text = ''
-EOF
+    root: admin@example.com
+  '';
+}
 </syntaxhighlight>
-Finally, override default zed settings with a custom one:
+Finally, enable zed mail notification:
 <syntaxhighlight lang="nix">
 {
-   services.zfs.zed.settings = {
+   services.zfs.zed = {
-     ZED_DEBUG_LOG = "/tmp/zed.debug.log";
+     enableMail = true;
-     ZED_EMAIL_ADDR = [ "root" ];
+     settings = {
-    ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp";
+      ZED_EMAIL_ADDR = [ "root" ];
-    ZED_EMAIL_OPTS = "@ADDRESS@";
+      # send notification if scrub succeeds
+      ZED_NOTIFY_VERBOSE = true;
-    ZED_NOTIFY_INTERVAL_SECS = 3600;
+     };
-    ZED_NOTIFY_VERBOSE = true;
-     ZED_USE_ENCLOSURE_LEDS = true;
-    ZED_SCRUB_AFTER_RESILVER = true;
    };
-  # this option does not work; will return error
-  services.zfs.zed.enableMail = false;
 }
 </syntaxhighlight>
@@ Line 520: / Line 513: @@
 </syntaxhighlight>
-=== Option B: Rebuild ZFS with mail support ===
-The <code>zfs</code> package can be rebuilt with mail features. However, please note that this will cause Nix to recompile the entire ZFS package on the computer, and on every Kernel update, which could be very time-consuming on lower-end NAS systems.
-An alternative solution that does not involve recompliation can be found above.
-The following override is needed as <code>zfs</code>is implicitly used in partition mounting:
-<syntaxhighlight lang="nix">
-nixpkgs.config.packageOverrides = pkgs: {
-  zfsStable = pkgs.zfsStable.override { enableMail = true; };
-};
-</syntaxhighlight>
-A mail sender like [[msmtp]] or [[postfix]] is required.
-A minimal, testable ZED configuration example:
-<syntaxhighlight lang="nix">
-services.zfs.zed.enableMail = true;
-services.zfs.zed.settings = {
-  ZED_EMAIL_ADDR = [ "root" ];
-  ZED_NOTIFY_VERBOSE = true;
-};
-</syntaxhighlight>
-Above, <code>ZED_EMAIL_ADDR</code> is set to <code>root</code>, which most people will have an alias for in their mailer. You can change it to directly mail you: <code>ZED_EMAIL_ADDR = [ "you@example.com" ];</code>
-ZED pulls in <code>mailutils</code> and runs <code>mail</code> by default, but you can override it with <code>ZED_EMAIL_PROG</code>. If using msmtp, you may need <code>ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp";</code>.
-You can customize the mail command with <code>ZED_EMAIL_OPTS</code>. For example, if your upstream mail server requires a certain FROM address: <code>ZED_EMAIL_OPTS = "-r 'noreply@example.com' -s '@SUBJECT@' @ADDRESS@";</code>
 [[Category:Guide]]