| options/nixos/services.tarsnap.archives.<name>.explicitSymlinks | Whether to follow symlinks specified as archives.
|
| options/nixos/services.prometheus.scrapeConfigs.*.tls_config.cert_file | Certificate file for client cert authentication to the server.
|
| options/nixos/services.riemann.extraJavaOpts | Extra Java options used when launching Riemann.
|
| options/nixos/services.prometheus.exporters.nginx.telemetryPath | Path under which to expose metrics.
|
| options/nixos/services.misskey.redis.createLocally | Create and use a local Redis instance
|
| options/nixos/services.mediawiki.extensions | Attribute set of paths whose content is copied to the extensions
subdirectory of the MediaWiki installation and enabled in configuration
|
| options/nixos/services.ollama.port | Which port the ollama server listens to.
|
| options/nixos/services.omnom.settings.smtp.host | SMTP server hostname.
|
| options/nixos/services.mediawiki.webserver | Webserver to use.
|
| options/nixos/services.movim.nginx.listen.*.addr | Listen address.
|
| options/nixos/services.nginx.enable | Whether to enable Nginx Web Server.
|
| options/nixos/services.tor.settings.ConnDirectionStatistics | See torrc manual.
|
| options/nixos/services.prometheus.exporters.node-cert.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.node-cert.openFirewall
is true
|
| options/nixos/services.system76-scheduler.settings.processScheduler.foregroundBoost.foreground.ioClass | IO scheduler class.
|
| options/nixos/services.nginx.serverTokens | Show nginx version in headers and error pages.
|
| options/nixos/services.nitter.preferences.squareAvatars | Square profile pictures.
|
| options/nixos/services.strongswan-swanctl.swanctl.secrets.ike.<name>.secret | Value of the IKE preshared secret
|
| options/nixos/services.prometheus.exporters.opnsense.openFirewall | Open port in firewall for incoming connections.
|
| options/nixos/services.thanos.query.web.route-prefix | Prefix for API and UI endpoints
|
| options/nixos/services.nitter.server.hostname | Hostname of the instance.
|
| options/nixos/services.prometheus.exporters.dnssec.resolvers | DNSSEC capable resolver to be used for the check.
|
| options/nixos/services.owncast.rtmp-port | TCP port where owncast rtmp service listens.
|
| options/nixos/services.prometheus.exporters.smokeping.hosts | List of endpoints to probe.
|
| options/nixos/services.prometheus.exporters.modemmanager.group | Group under which the modemmanager exporter shall be run.
|
| options/nixos/services.prosody.muc.*.tombstones | When a room is destroyed, it leaves behind a tombstone which
prevents the room being entered or recreated
|
| options/nixos/services.overseerr.openFirewall | Open a port in the firewall for the Overseerr web interface.
|
| options/nixos/services.scollector.enable | Whether to run scollector.
|
| options/nixos/services.pgbackrest.stanzas.<name>.settings | An attribute set of options as described in:
https://pgbackrest.org/configuration.html
All options can be used
|
| options/nixos/services.traefik.group | Set the group that traefik runs under
|
| options/nixos/services.prometheus.exporters.idrac.enable | Whether to enable the prometheus idrac exporter.
|
| options/nixos/services.tcsd.stateDir | The location of the system persistent storage file
|
| options/nixos/services.openssh.settings.StrictModes | Whether sshd should check file modes and ownership of directories
|
| options/nixos/services.pixelfed.nginx.default | Makes this vhost the default.
|
| options/nixos/services.pixelfed.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| options/nixos/services.samba.nmbd.extraArgs | Extra arguments to pass to the nmbd service.
|
| options/nixos/services.protonmail-bridge.logLevel | Log level of the Proton Mail Bridge service
|
| options/nixos/services.teeworlds.server.skillLevel | The skill level shown in the server browser.
|
| options/nixos/services.prometheus.exporters.nats.group | Group under which the nats exporter shall be run.
|
| options/nixos/services.prometheus.exporters.ping.user | User name under which the ping exporter shall be run.
|
| options/nixos/services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.secret_key_file | Sets the secret key with the credentials read from the configured file
|
| options/nixos/services.prometheus.exporters.postfix.package | The prometheus-postfix-exporter package to use.
|
| options/nixos/services.thanos.query.web.prefix-header | Name of HTTP request header used for dynamic prefixing of UI links and
redirects
|
| options/nixos/services.limesurvey.httpd.virtualHost.acmeRoot | Directory for the acme challenge which is PUBLIC, don't put certs or keys in here
|
| options/nixos/services.postgresql.finalPackage | The postgresql package that will effectively be used in the system
|
| options/nixos/services.samba-wsdd.enable | Whether to enable Web Services Dynamic Discovery host daemon
|
| options/nixos/services.movim.nginx.locations.<name>.root | Root directory for requests.
|
| options/nixos/services.rabbitmq.port | Port on which RabbitMQ will listen for AMQP connections.
|
| options/nixos/services.prometheus.scrapeConfigs.*.metric_relabel_configs.*.separator | Separator placed between concatenated source label values
|
| options/nixos/services.strongswan-swanctl.swanctl.authorities.<name>.cert_uri_base | Defines the base URI for the Hash and URL feature supported by
IKEv2
|
| options/nixos/services.stalwart.settings | Configuration options for the Stalwart server
|
| options/nixos/services.ostinato.rpcServer.address | By default, the Drone RPC server will listen on all interfaces and
local IPv4 addresses for incoming connections from clients
|
| options/nixos/services.mtr-exporter.address | Listen address for MTR exporter.
|
| options/nixos/services.slskd.nginx.locations | Declarative location config
|
| options/nixos/services.lighthouse.beacon.http.enable | Whether to enable Beacon node http api.
|
| options/nixos/services.mastodon.vapidPublicKeyFile | Path to file containing the public key used for Web Push
Voluntary Application Server Identification
|
| options/nixos/services.mediatomb.interface | A specific interface to bind to.
|
| options/nixos/services.lighttpd.cgit.enable | If true, enable cgit (fast web interface for git repositories) as a
sub-service in lighttpd.
|
| options/nixos/services.tuned.enable | Whether to enable TuneD.
|
| options/nixos/services.loki.enable | Whether to enable Grafana Loki.
|
| options/nixos/services.nextjs-ollama-llm-ui.ollamaUrl | The address (including host and port) under which we can access the Ollama backend server.
!Note that if the the UI service is running under a domain "https://ui.example.org",
the Ollama backend service must allow "CORS" requests from this domain, e.g. by adding
"services.ollama.environment
|
| options/nixos/services.nominatim.database.extraConnectionParams | Extra Nominatim database connection parameters
|
| options/nixos/services.mqtt2influxdb.mqtt.certfile | Certificate file for MQTT
|
| options/nixos/services.openafsClient.packages.module | OpenAFS kernel module package
|
| options/nixos/services.prometheus.exporters.rspamd.user | User name under which the rspamd exporter shall be run.
|
| options/nixos/services.paperless.domain | Domain under which paperless will be available.
|
| options/nixos/services.rmfakecloud.enable | Whether to enable rmfakecloud remarkable self-hosted cloud.
|
| options/nixos/services.teeworlds.server.enableSpamProtection | Whether to enable chat spam protection.
|
| options/nixos/services.newt.environmentFile | Path to a file containing sensitive environment variables for Newt
|
| options/nixos/services.thinkfan.fans.*.query | The query string used to match one or more fans: can be
a fullpath to the temperature file (single fan) or a fullpath
to a driver directory (multiple fans).
When multiple fans match, the query can be restricted using the
name or indices options.
|
| options/nixos/services.system76-scheduler.settings.cfsProfiles.default.bandwidth-size | sched_cfs_bandwidth_slice_us.
|
| options/nixos/services.phylactery.library | Path to CBZ library
|
| options/nixos/services.misskey.reverseProxy.webserver.nginx.basicAuth | Basic Auth protection for a vhost
|
| options/nixos/services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.all_tenants | Whether the service discovery should list all instances for all projects
|
| options/nixos/services.rss-bridge.webserver | Type of virtualhost to use and setup
|
| options/nixos/services.prometheus.scrapeConfigs.*.triton_sd_configs.*.dns_suffix | The DNS suffix which should be applied to target.
|
| options/nixos/services.tt-rss.forceArticlePurge | When this option is not 0, users ability to control feed purging
intervals is disabled and all articles (which are not starred)
older than this amount of days are purged.
|
| options/nixos/services.rqbit.httpPort | The listen port for the HTTP API.
|
| options/nixos/services.pdfding.backup.enable | Automatic backup of important data to a AWS S3 (or compatible) instance
|
| options/nixos/services.prometheus.alertmanager.configuration | Alertmanager configuration as nix attribute set
|
| options/nixos/services.thanos.receive.log.format | Log format to use.
|
| options/nixos/services.moodle.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| options/nixos/services.udp-over-tcp.tcp2udp.<name>.recvTimeout | An application timeout on receiving data from the TCP socket.
|
| options/nixos/services.prometheus.exporters.fastly.listenAddress | Address to listen on.
|
| options/nixos/services.misskey.settings.db.pass | The password used for database authentication.
|
| options/nixos/services.prometheus.exporters.junos-czerwonk.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.junos-czerwonk.openFirewall is true.
|
| options/nixos/services.misskey.reverseProxy.webserver.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| options/nixos/services.moosefs.runAsUser | Run daemons as moosefs user instead of root for better security.
|
| options/nixos/services.snipe-it.nginx.root | The path of the web root directory.
|
| options/nixos/services.openafsServer.dottedPrincipals | If enabled, allow principal names containing (.) dots
|
| options/nixos/services.snapserver.settings.tcp-streaming.enabled | Whether to enable streaming via TCP.
|
| options/nixos/services.outline.discordAuthentication.clientSecretFile | File path containing the authentication secret.
|
| options/nixos/services.suricata.settings.dpdk.interfaces.*.interface | See upstream docs: docs/capture-hardware/dpdk and docs/configuration/suricata-yaml.html#data-plane-development-kit-dpdk.
|
| options/nixos/services.rsyslogd.defaultConfig | The default syslog.conf file configures a
fairly standard setup of log files, which can be extended by
means of extraConfig.
|
| options/nixos/services.maddy.tls.certificates | A list of attribute sets containing paths to TLS certificates and
keys
|
| options/nixos/services.syslogd.extraParams | Additional parameters passed to syslogd.
|
| options/nixos/services.octoprint.port | Port to bind OctoPrint to.
|
| options/nixos/services.lifecycled.cloudwatchGroup | Write logs to a specific Cloudwatch Logs group.
|
| options/nixos/services.tahoe.nodes.<name>.helper.enable | Whether to enable helper service.
|
| options/nixos/services.teleport.enable | Whether to enable the Teleport service.
|
| options/nixos/services.pgadmin.minimumPasswordLength | Minimum length of the password
|