| options/nixos/programs.zsh.loginShellInit | Shell script code called during zsh login shell initialisation.
|
| options/nixos/services.cryptpad.settings.httpUnsafeOrigin | This is the URL that users will enter to load your instance
|
| options/nixos/services.i2pd.proto.socksProxy.address | Bind address for socksproxy endpoint.
|
| options/nixos/services.invidious.http3-ytproxy.enable | Whether to enable http3-ytproxy for faster loading of images and video playback
|
| options/nixos/services.drupal.sites.<name>.enable | Whether to enable Drupal web application.
|
| options/nixos/services.buffyboard.settings | Settings to include in /etc/buffyboard.conf
|
| options/nixos/services.homer.package | The homer package to use.
|
| options/nixos/services.influxdb2.provision.organizations.<name>.auths | API tokens to provision for the user in this organization.
|
| options/nixos/services.cloudflared.certificateFile | Account certificate file, necessary to create, delete and manage tunnels
|
| options/nixos/services.akkoma.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| options/nixos/services.eintopf.secrets | A list of files containing the various secrets
|
| options/nixos/services.kanboard.nginx.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| options/nixos/services.cloudflared.tunnels | Cloudflare tunnels.
|
| options/nixos/boot.initrd.luks.devices.<name>.fallbackToPassword | Whether to fallback to interactive passphrase prompt if the keyfile
cannot be found
|
| options/nixos/boot.initrd.luks.devices.<name>.gpgCard.gracePeriod | Time in seconds to wait for the GPG Smartcard.
|
| options/nixos/services.doh-server.useACMEHost | A host of an existing Let's Encrypt certificate to use.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
|
| options/nixos/hardware.cpu.x86.msr.owner | Owner to set for devices of the msr kernel subsystem.
|
| options/nixos/fonts.fontconfig.allowType1 | Allow Type-1 fonts
|
| options/nixos/services.duckdns.domains | The domain(s) to update in DuckDNS
(without the .duckdns.org suffix)
|
| options/nixos/services.cloudlog.enable | Whether to enable Cloudlog.
|
| options/nixos/services.librespeed.frontend.servers.*.server | URL to the server
|
| options/nixos/services.caddy.email | Your email address
|
| options/nixos/services.dolibarr.h2o.tls.identity.*.certificate-file | Path to certificate file
|
| options/nixos/security.acme.defaults.webroot | Where the webroot of the HTTP vhost is located.
.well-known/acme-challenge/ directory
will be created below the webroot if it doesn't exist.
http://example.org/.well-known/acme-challenge/ must also
be available (notice unencrypted HTTP).
|
| options/nixos/services.calibre-server.package | The calibre package to use.
|
| options/nixos/services.gancio.settings.db.storage | Location for the SQLite database.
|
| options/nixos/image.repart.compression.level | Compression level
|
| options/nixos/services.aria2.downloadDirPermission | The permission for settings.dir
|
| options/nixos/services.gitlab.sidekiq.memoryKiller.shutdownWait | The time allowed for all jobs to finish before Sidekiq is
killed forcefully.
|
| options/nixos/programs.miriway.enable | Whether to enable Miriway, a Mir based Wayland compositor
|
| options/nixos/services.dolibarr.h2o.tls.port | Override the default TLS port for this virtual host.
|
| options/nixos/services.bitlbee.extraDefaults | Will be inserted in the Default section of the config file.
|
| options/nixos/programs.proxychains.proxies | Proxies to be used by proxychains.
|
| options/nixos/services.gitlab.packages.pages | The gitlab-pages package to use.
|
| options/nixos/services.earlyoom.extraArgs | Extra command-line arguments to be passed to earlyoom
|
| options/nixos/networking.bonds.<name>.xmit_hash_policy | DEPRECATED, use driverOptions
|
| options/nixos/services.code-server.disableFileDownloads | Disable file downloads from Code.
|
| options/nixos/services.cassandra.fullRepairInterval | Set the interval how often full repairs are run, i.e.
nodetool repair --full is executed
|
| options/nixos/services.anki-sync-server.port | Port number anki-sync-server listens to.
|
| options/nixos/networking.interfaces.<name>.ipv4.addresses.*.address | IPv4 address of the interface
|
| options/nixos/services.crowdsec.hub.parsers | List of hub parsers to install
|
| options/nixos/networking.networkmanager.ensureProfiles.secrets.entries.*.matchIface | interface name of the NetworkManager connection
|
| options/nixos/services.davis.database.createLocally | Create the database and database user locally.
|
| options/nixos/services.cassandra.listenAddress | Address or interface to bind to and tell other Cassandra nodes
to connect to
|
| options/nixos/services.hadoop.hdfs.journalnode.restartIfChanged | Automatically restart the service on config change
|
| options/nixos/services.dysnomia.enableAuthentication | Whether to publish privacy-sensitive authentication credentials
|
| options/nixos/services.librespeed.secrets | Attribute set of filesystem paths
|
| options/nixos/services.gitolite.dataDir | The gitolite home directory used to store all repositories
|
| options/nixos/programs.steam.gamescopeSession.enable | Whether to enable GameScope Session.
|
| options/nixos/services.bepasty.enable | Whether to enable bepasty, a binary pastebin server.
|
| options/nixos/services.bluemap.enableRender | Enable rendering
|
| options/nixos/services.anubis.instances.<name>.policy.settings | Additional policy settings merged into the policy file
|
| options/nixos/services.dae.openFirewall.enable | Whether to enable opening port in the firewall.
|
| options/nixos/services.bird-lg.frontend.domain | Server name domain suffixes.
|
| options/nixos/services.foundationdb.tls.key | Private key file for the certificate.
|
| options/nixos/services.asterisk.extraConfig | Extra configuration options appended to the default
asterisk.conf file.
|
| options/nixos/services.cloudlog.poolConfig | Options for Cloudlog's PHP-FPM pool.
|
| options/nixos/services.cloudflare-ddns.domains | List of domain names (FQDNs) to manage
|
| options/nixos/services.doh-server.enable | Whether to enable DNS-over-HTTPS server.
|
| options/nixos/services.jitsi-meet.hostName | FQDN of the Jitsi Meet instance.
|
| options/nixos/services.agorakit.nginx.locations.<name>.root | Root directory for requests.
|
| options/nixos/services.gollum.user-icons | Enable specific user icons for history view
|
| options/nixos/services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.protocol | The protocol to allow
|
| options/nixos/services.ceph.enable | Whether to enable Ceph global configuration.
|
| options/nixos/services.kanboard.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| options/nixos/programs.rust-motd.enable | Whether to enable rust-motd, a Message Of The Day (MOTD) generator.
|
| options/nixos/networking.networkmanager.wifi.powersave | Whether to enable Wi-Fi power saving.
|
| options/nixos/services.klipper.enable | Whether to enable Klipper, the 3D printer firmware.
|
| options/nixos/services.dendrite.settings.global.private_key | The path to the signing private key file, used to sign
requests and events.
nix-shell -p dendrite --command "generate-keys --private-key matrix_key.pem"
|
| options/nixos/security.protectKernelImage | Whether to prevent replacing the running kernel image.
|
| options/nixos/services.fluidd.nginx.extraConfig | These lines go to the end of the vhost verbatim.
|
| options/nixos/services.libinput.mouse.leftHanded | Enables left-handed button orientation, i.e. swapping left and right buttons.
|
| options/nixos/boot.tmp.useTmpfs | Whether to mount a tmpfs on /tmp during boot.
Large Nix builds can fail if the mounted tmpfs is not large enough
|
| options/nixos/services.agate.certificatesDir | Root of the certificate directory.
|
| options/nixos/services.crowdsec-firewall-bouncer.package | The crowdsec-firewall-bouncer package to use.
|
| options/nixos/services.duckdns.domainsFile | The path to a file containing a
newline-separated list of DuckDNS
domain(s) to be updated
(without the .duckdns.org suffix)
|
| options/nixos/services.elasticsearch.listenAddress | Elasticsearch listen address.
|
| options/nixos/services.dnsdist.dnscrypt.providerName | The name that will be given to this DNSCrypt resolver.
The provider name must start with 2.dnscrypt-cert..
|
| options/nixos/services.bacula-dir.port | Specify the port (a positive integer) on which the Director daemon
will listen for Bacula Console connections
|
| options/nixos/services.fedimintd.<name>.nginx.config.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| options/nixos/services.filebrowser.settings.port | The port to listen on.
|
| options/nixos/services.firezone.server.nginx.enable | Whether to enable nginx virtualhost definition.
|
| options/nixos/boot.loader.systemd-boot.consoleMode | The resolution of the console
|
| options/nixos/boot.specialFileSystems.<name>.fsType | Type of the file system
|
| options/nixos/services.atuin.openFirewall | Open ports in the firewall for the atuin server.
|
| options/nixos/services.jellyseerr.openFirewall | Open port in the firewall for the Jellyseerr web interface.
|
| options/nixos/services.geoclue2.whitelistedAgents | Desktop IDs (without the .desktop extension) of whitelisted agents.
|
| options/nixos/hardware.cpu.amd.ryzen-smu.enable | Whether to enable ryzen_smu, a linux kernel driver that exposes access to the SMU (System Management Unit) for certain AMD Ryzen Processors
|
| options/nixos/programs.xwayland.defaultFontPath | Default font path
|
| options/nixos/boot.crashDump.enable | If enabled, NixOS will set up a kernel that will
boot on crash, and leave the user in systemd rescue
to be able to save the crashed kernel dump at
/proc/vmcore
|
| options/nixos/services.druid.broker.config | (key=value) Configuration to be written to runtime.properties of the druid Druid Broker
https://druid.apache.org/docs/latest/configuration/index.html
|
| options/nixos/services.ipfs-cluster.dataDir | The data dir for ipfs-cluster.
|
| options/nixos/services.armagetronad.servers.<name>.dns | DNS address to use for this server
|
| options/nixos/networking.wg-quick.interfaces.<name>.dns | The IP addresses of DNS servers to configure.
|
| options/nixos/services.anuko-time-tracker.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| options/nixos/services.certspotter.startAtEnd | Whether to skip certificates issued before the first launch of Cert Spotter
|
| options/nixos/services.anuko-time-tracker.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| options/nixos/services.i2pd.exploratory.outbound.quantity | Number of simultaneous exploratory tunnels.
|
| options/nixos/services.libretranslate.group | Group account under which libretranslate runs.
|
| options/nixos/networking.wg-quick.interfaces.<name>.peers.*.persistentKeepalive | This is optional and is by default off, because most
users will not need it
|