| options/nixos/services.icingaweb2.modules.monitoring.mutableTransports | Make commandtransports.ini of the monitoring module mutable (e.g. via the web interface).
|
| options/nixos/boot.initrd.supportedFilesystems | Names of supported filesystem types, or an attribute set of file system types
and their state
|
| options/nixos/services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.query | The SQL query to run.
|
| options/nixos/services.changedetection-io.webDriverSupport | Enable support for fetching web pages using WebDriver and Chromium
|
| options/nixos/services.pantalaimon-headless.instances.<name>.listenPort | The port where the daemon will listen to client connections for
this homeserver
|
| options/nixos/services.grafana_reporter.templateDir | Optional template directory to use custom tex templates
|
| options/nixos/services.homepage-dashboard.listenPort | Port for Homepage to bind to.
|
| options/nixos/services.prometheus.exporters.unpoller.controllers.*.hash_pii | Hash, with md5, client names and MAC addresses
|
| options/nixos/services.prometheus.exporters.modemmanager.firewallFilter | Specify a filter for iptables to use when
services.prometheus.exporters.modemmanager.openFirewall
is true
|
| options/nixos/services.prometheus.exporters.mikrotik.configuration | Mikrotik exporter configuration as nix attribute set
|
| options/nixos/services.fedimintd.<name>.nginx.config.http2 | Whether to enable the HTTP/2 protocol
|
| options/nixos/services.cassandra.allowClients | Enables or disables the native transport server (CQL binary protocol)
|
| options/nixos/services.prometheus.exporters.unpoller.controllers.*.save_dpi | Collect and save data from deep packet inspection
|
| options/nixos/services.SystemdJournal2Gelf.graylogServer | Host and port of your graylog2 input
|
| options/nixos/services.pgpkeyserver-lite.hkpPort | Which port the sks-keyserver is listening on.
|
| options/nixos/services.prometheus.exporters.dmarc.deduplicationMaxSeconds | How long individual report IDs will be remembered to avoid
counting double delivered reports twice.
|
| options/nixos/virtualisation.lxd.zfsSupport | Enables lxd to use zfs as a storage for containers
|
| options/nixos/services.prometheus.exporters.imap-mailstat.configurationFile | File containing the configuration
|
| options/nixos/services.prometheus.exporters.postgres.environmentFile | Environment file as defined in systemd.exec(5)
|
| options/nixos/services.gotosocial.openFirewall | Open the configured port in the firewall
|
| options/nixos/services.reposilite.openFirewall | Whether to open the firewall ports for Reposilite
|
| options/nixos/services.teamspeak3.queryHttpPort | TCP port opened for ServerQuery connections using the HTTP protocol.
|
| options/nixos/boot.supportedFilesystems | Names of supported filesystem types, or an attribute set of file system types
and their state
|
| options/nixos/services.netbird.server.management.metricsPort | Internal port of the metrics server.
|
| options/nixos/services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.values | A set of columns that will be used as values of this metric.
|
| options/nixos/services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.labels | A set of columns that will be used as Prometheus labels.
|
| options/nixos/services.prometheus.exporters.junos-czerwonk.configuration | JunOS exporter configuration as nix attribute set
|
| options/nixos/networking.nat.forwardPorts.*.destination | Forward connection to destination ip:port (or [ipv6]:port); to specify a port range, use ip:start-end
|
| options/nixos/services.prometheus.exporters.imap-mailstat.accounts.<name>.mailaddress | Your email address (at the moment used as login name)
|
| options/nixos/services.prometheus.exporters.junos-czerwonk.configurationFile | Specify the JunOS exporter configuration file to use.
|
| options/nixos/services.limesurvey.nginx.virtualHost.http2 | Whether to enable the HTTP/2 protocol
|
| options/nixos/services.icecream.scheduler.openFirewall | Whether to automatically open the daemon port in the firewall.
|
| options/home-manager/wayland.windowManager.hyprland.importantPrefixes | List of prefix of attributes to source at the top of the config.
|
| options/nixos/services.prometheus.exporters.mail.configuration.disableFileDeletion | Disables the exporter's function to delete probing mails.
|
| options/nixos/services.icingaweb2.modules.monitoring.transports.<name>.password | Password for the api transport
|
| options/nixos/services.icingaweb2.modules.monitoring.transports.<name>.username | Username for the api or remote transport
|
| options/nixos/services.icingaweb2.modules.monitoring.transports.<name>.instance | Assign a icinga instance to this transport
|
| options/nixos/services.silverbullet.listenPort | Port to listen on.
|
| options/nixos/services.icingaweb2.modules.monitoring.transports.<name>.resource | SSH identity resource for the remote transport
|
| options/nixos/services.cassandra.rpcAddress | The address or interface to bind the native transport server to
|
| options/nixos/hardware.amdgpu.amdvlk.supportExperimental.enable | Whether to enable Experimental features support.
|
| options/nixos/services.rabbitmq.listenAddress | IP address on which RabbitMQ will listen for AMQP
connections
|
| options/nixos/services.ghostunnel.servers.<name>.listen | Address and port to listen on (can be HOST:PORT, unix:PATH).
|
| options/nixos/services.netbird.tunnels.<name>.openFirewall | Opens up firewall port for communication between NetBird peers directly over LAN or public IP,
without using (internet-hosted) TURN servers as intermediaries.
|
| options/nixos/services.netbird.clients.<name>.openFirewall | Opens up firewall port for communication between NetBird peers directly over LAN or public IP,
without using (internet-hosted) TURN servers as intermediaries.
|
| options/nixos/services.prometheus.exporters.unpoller.controllers.*.verify_ssl | Verify the Unifi controller's certificate.
|
| options/nixos/services.prometheus.exporters.unpoller.controllers.*.save_sites | Collect and save site data.
|
| options/nixos/services.misskey.reverseProxy.webserver.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| options/nixos/services.kubernetes.apiserver.securePort | Kubernetes apiserver secure port.
|
| options/nixos/services.varnish.http_address | HTTP listen address and port.
|
| options/nixos/services.prometheus.exporters.mail.configuration.servers.*.detectionDir | Directory in which new mails for the exporter user are placed
|
| options/nixos/services.fedimintd.<name>.api_ws.openFirewall | Opens TCP port in firewall for fedimintd's Websocket API
|
| options/nixos/services.grafana.settings.security.strict_transport_security | Set to true if you want to enable HTTP Strict-Transport-Security (HSTS) response header
|
| options/nixos/services.spacecookie.openFirewall | Whether to open the necessary port in the firewall for spacecookie.
|
| options/nixos/services.firezone.server.openClusterFirewall | Opens up the erlang distribution port of all enabled components to
allow reaching the server cluster from the internet
|
| options/nixos/services.grafana.settings.security.disable_initial_admin_creation | Disable creation of admin user on first start of Grafana.
|
| options/nixos/services.prometheus.exporters.mail.configuration.servers.*.passphrase | Password to use for SMTP authentication.
|
| options/nixos/services.tahoe.introducers.<name>.tub.location | The external location that the introducer should listen on
|
| options/nixos/services.prometheus.exporters.sql.configuration.jobs.<name>.connections | A list of connection strings of the SQL servers to scrape metrics from
|
| options/nixos/services.dragonflydb.memcachePort | To enable memcached compatible API on this port.
null means disabled.
|
| options/nixos/services.blendfarm.serverConfig.BroadcastPort | Default port blendfarm server advertises itself on.
|
| options/nixos/services.hadoop.yarn.nodemanager.openFirewall | Open firewall ports for nodemanager
|
| options/nixos/services.prometheus.exporters.unpoller.controllers.*.save_events | Collect and save data from UniFi events to influxdb and Loki.
|
| options/nixos/services.prometheus.exporters.unpoller.controllers.*.save_alarms | Collect and save data from UniFi alarms to influxdb and Loki.
|
| options/nixos/services.wstunnel.clients.<name>.httpProxy | Proxy to use to connect to the wstunnel server (USER:PASS@HOST:PORT).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing PROXY_PASSWORD=<your-password-here> and set
this option to <user>:$PROXY_PASSWORD@<host>:<port>
|
| options/nixos/programs.coolercontrol.nvidiaSupport | Enable support for Nvidia GPUs.
|
| options/nixos/services.prometheus.exporters.mail.configuration.monitoringInterval | Time interval between two probe attempts.
|
| options/nixos/services.i2pd.outTunnels.<name>.destinationPort | Connect to particular port at destination.
|
| options/nixos/services.nsd.zones.<name>.outgoingInterface | This address will be used for zone-transfer requests if configured
as a secondary server or notifications in case of a primary server
|
| options/nixos/services.adguardhome.openFirewall | Open ports in the firewall for the AdGuard Home web interface
|
| options/nixos/services.netbird.clients | Attribute set of NetBird client daemons, by default each one will:
- be manageable using dedicated tooling:
netbird-<name> script,NetBird - netbird-<name> graphical interface when appropriate (see ui.enable),
- run as a
netbird-<name>.service,
- listen for incoming remote connections on the port
51820 (openFirewall by default),
- manage the
netbird-<name> wireguard interface,
- use the /var/lib/netbird-/config.json configuration file,
- override /var/lib/netbird-/config.json with values from /etc/netbird-/config.d/*.json,
- (
hardened) be locally manageable by netbird-<name> system group,
With following caveats:
- multiple daemons will interfere with each other's DNS resolution of
netbird.cloud, but
should remain fully operational otherwise
|
| options/nixos/services.prometheus.exporters.imap-mailstat.accounts.<name>.serveraddress | mailserver name or address
|
| options/nixos/networking.fooOverUDP.<name>.local | Local address (and optionally device) to bind to using the given port.
|
| options/nixos/services.prosody.modules.admin_telnet | Opens telnet console interface on localhost port 5582
|
| options/nixos/services.changedetection-io.playwrightSupport | Enable support for fetching web pages using playwright and Chromium
|
| options/nixos/hardware.infiniband.guids | A list of infiniband port guids on the system
|
| options/nixos/services.kanidm.serverSettings.bindaddress | Address/port combination the webserver binds to.
|
| options/nixos/services.shibboleth-sp.fastcgi.shibResponderPort | Port for shibauthorizer FastCGI process to bind to
|
| options/nixos/services.silverbullet.openFirewall | Open port in the firewall.
|
| options/nixos/services.teamspeak3.fileTransferPort | TCP port opened for file transfers.
|
| options/nixos/services.flaresolverr.openFirewall | Open the port in the firewall for FlareSolverr.
|
| options/nixos/services.misskey.meilisearch.createLocally | Create and use a local Meilisearch instance
|
| options/nixos/services.blockbook-frontend.<name>.public | Public http server binding [address]:port.
|
| options/nixos/networking.networkmanager.ensureProfiles.profiles | Declaratively define NetworkManager profiles
|
| options/nixos/security.agnos.settings.dns_listen_addr | Address for agnos to listen on
|
| options/nixos/virtualisation.forwardPorts.*.from | Controls the direction in which the ports are mapped:
"host" means traffic from the host ports
is forwarded to the given guest port."guest" means traffic from the guest ports
is forwarded to the given host port.
|
| options/nixos/services.nextcloud.notify_push.dbhost | Database host (+port) or socket path
|
| options/nixos/boot.initrd.luks.mitigateDMAAttacks | Unless enabled, encryption keys can be easily recovered by an attacker with physical
access to any machine with PCMCIA, ExpressCard, ThunderBolt or FireWire port
|
| options/nixos/services.postfix.enableSubmission | Whether to enable the `submission` service configured in master.cf
|
| options/nixos/services.postfix.enableSubmissions | Whether to enable the submissions service configured in master.cf
|
| options/nixos/services.fedimintd.<name>.api_iroh.openFirewall | Opens UDP port in firewall for fedimintd's API Iroh endpoint
|
| options/nixos/services.thanos.rule.alertmanagers.urls | Alertmanager replica URLs to push firing alerts
|
| options/nixos/services.kubernetes.apiserverAddress | Clusterwide accessible address for the kubernetes apiserver,
including protocol and optional port.
|
| options/nixos/services.foundationdb.publicAddress | Publicly visible IP address of the process
|
| options/nixos/services.foundationdb.listenAddress | Publicly visible IP address of the process
|
| options/nixos/services.yggdrasil.openMulticastPort | Whether to open the UDP port used for multicast peer discovery
|
| options/nixos/<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.disableAuthentication | Disable client authentication, no client certificate will be required.
|
| options/nixos/services.shibboleth-sp.fastcgi.shibAuthorizerPort | Port for shibauthorizer FastCGI process to bind to
|
| options/nixos/services.autossh.sessions.*.monitoringPort | Port to be used by AutoSSH for peer monitoring
|
| options/darwin/services.autossh.sessions.*.monitoringPort | Port to be used by AutoSSH for peer monitoring
|