| options/nixos/services.redmine.components.mercurial | Whether to enable Mercurial integration..
|
| options/nixos/programs.i3lock.u2fSupport | Whether to enable U2F support in the i3lock program
|
| options/nixos/services.hylafax.faxqclean.archiving | Enable or suppress job archiving:
never disables job archiving,
as-flagged archives jobs that
have been flagged for archiving by sendfax,
always forces archiving of all jobs
|
| options/nixos/services.prometheus.exporters.bird.newMetricFormat | Enable the new more-generic metric format.
|
| options/nixos/services.misskey.reverseProxy.webserver.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| options/nixos/services.strongswan.managePlugins | If set to true, this option will disable automatic plugin loading and
then tell strongSwan to enable the plugins specified in the
enabledPlugins option.
|
| options/nixos/services.hydra.useSubstitutes | Whether to use binary caches for downloading store paths
|
| options/nixos/services.limesurvey.nginx.virtualHost.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| options/nixos/services.cockroachdb.package | The cockroachdb package to use
|
| options/nixos/services.plausible.database.clickhouse.setup | Whether to enable creating a clickhouse instance.
|
| options/nixos/services.fedimintd.<name>.nginx.config.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| options/nixos/services.xserver.desktopManager.plasma5.useQtScaling | Enable HiDPI scaling in Qt.
|
| options/nixos/services.smartd.notifications.mail.mailer | Sendmail-compatible binary to be used to send the messages
|
| options/nixos/services.matrix-synapse.settings.listeners.*.tls | Whether to enable TLS on the listener socket.
This option will be ignored for UNIX domain sockets.
|
| options/home-manager/services.xsuspender.rules.<name>.onlyOnBattery | Whether to enable process suspend only on battery.
|
| options/nixos/services.suwayomi-server.settings.server.basicAuthEnabled | Whether to enable basic access authentication for Suwayomi-Server
|
| options/nixos/programs.java.binfmt | Whether to enable binfmt to execute java jar's and classes.
|
| options/nixos/hardware.nvidia.open | Whether to enable the open source NVIDIA kernel module.
|
| options/nixos/services.healthchecks.settings.DEBUG | Enable debug mode.
|
| options/nixos/services.ddns-updater.environment | Environment variables to be set for the ddns-updater service
|
| options/nixos/services.prometheus.exporters.varnish.verbose | Enable verbose logging.
|
| options/nixos/services.mackerel-agent.autoRetirement | Whether to enable retiring the host upon OS shutdown
.
|
| options/nixos/services.sourcehut.settings."builds.sr.ht".migrate-on-upgrade | Whether to enable automatic migrations on package upgrade.
|
| options/nixos/services.kmonad.keyboards.<name>.defcfg.allowCommands | Whether to enable keys to run shell commands.
|
| options/darwin/system.defaults.NSGlobalDomain."com.apple.swipescrolldirection" | Whether to enable "Natural" scrolling direction
|
| options/nixos/services.listmonk.database.mutableSettings | Database settings will be reset to the value set in this module if this is not enabled
|
| options/nixos/services.prometheus.exporters.mqtt.mqttExposeClientId | Whether to enable Expose the client ID as a label in Prometheus metrics..
|
| options/nixos/services.syncoid.commands.<name>.recursive | Whether to enable the transfer of child datasets.
|
| options/nixos/services.transmission.openPeerPorts | Whether to enable opening of the peer port(s) in the firewall.
|
| options/nixos/services.linkwarden.database.createLocally | Whether to enable the automatic creation of the database for Linkwarden..
|
| options/nixos/containers.<name>.enableTun | Allows the container to create and setup tunnel interfaces
by granting the NET_ADMIN capability and
enabling access to /dev/net/tun.
|
| options/nixos/services.filebrowser.openFirewall | Whether to enable opening firewall ports for FileBrowser.
|
| options/nixos/services.prometheus.exporters.mqtt.mqttV5Protocol | Whether to enable Force to use MQTT protocol v5 instead of 3.1.1..
|
| options/nixos/services.mediawiki.extensions | Attribute set of paths whose content is copied to the extensions
subdirectory of the MediaWiki installation and enabled in configuration
|
| options/nixos/services.qbittorrent.openFirewall | Whether to enable opening both the webuiPort and torrentPort over TCP in the firewall.
|
| options/nixos/services.prometheus.exporters.mongodb.collectAll | Enable all collectors
|
| options/nixos/console.earlySetup | Enable setting virtual console options as early as possible (in initrd).
|
| options/nixos/services.logrotate.allowNetworking | Whether to enable network access for logrotate.
|
| options/nixos/services.displayManager.dms-greeter.compositor.name | The Wayland compositor to run the greeter in
|
| options/nixos/services.dragonflydb.memcachePort | To enable memcached compatible API on this port.
null means disabled.
|
| options/nixos/services.nextcloud.appstoreEnable | Allow the installation and updating of apps from the Nextcloud appstore
|
| options/nixos/programs.neovim.withRuby | Enable Ruby provider.
|
| options/home-manager/programs.neovim.withRuby | Enable ruby provider.
|
| options/nixos/services.desktopManager.gnome.flashback.customSessions | Other GNOME Flashback sessions to enable.
|
| options/nixos/boot.loader.grub.forceInstall | Whether to try and forcibly install GRUB even if problems are
detected
|
| options/nixos/security.pam.services.<name>.allowNullPassword | Whether to allow logging into accounts that have no password
set (i.e., have an empty password field in
/etc/passwd or
/etc/group)
|
| options/nixos/services.hostapd.radios.<name>.countryCode | Country code (ISO/IEC 3166-1)
|
| options/nixos/services.mackerel-agent.settings.diagnostic | Whether to enable collecting memory usage for the agent itself.
|
| options/nixos/services.mediatomb.transcoding | Whether to enable transcoding.
|
| options/nixos/services.desktopManager.cosmic.showExcludedPkgsWarning | Whether to enable the warning for excluding core packages.
|
| options/nixos/services.nginx.virtualHosts.<name>.listen.*.proxyProtocol | Enable PROXY protocol.
|
| options/nixos/services.redmine.components.subversion | Whether to enable Subversion integration..
|
| options/nixos/services.mosquitto.persistence | Enable persistent storage of subscriptions and messages.
|
| options/nixos/services.misskey.reverseProxy.webserver.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| options/home-manager/services.mpdris2.multimediaKeys | Whether to enable multimedia key support.
|
| options/nixos/programs.neovim.withNodeJs | Enable Node provider.
|
| options/nixos/programs.kde-pim.merkuro | Whether to enable Merkuro.
|
| options/nixos/programs.kde-pim.kontact | Whether to enable Kontact.
|
| options/nixos/services.firezone.server.smtp.configureManually | Outbound email configuration is mandatory for Firezone and supports
many different delivery adapters
|
| options/nixos/services.openssh.listenAddresses | List of addresses and ports to listen on (ListenAddress directive
in config)
|
| options/nixos/services.limesurvey.nginx.virtualHost.listen.*.proxyProtocol | Enable PROXY protocol.
|
| options/nixos/services.xserver.desktopManager.gnome.flashback.customSessions | Other GNOME Flashback sessions to enable.
|
| options/nixos/services.nginx.recommendedTlsSettings | Enable recommended TLS settings.
|
| options/nixos/services.ocsinventory-agent.settings.debug | Whether to enable debug mode.
|
| options/nixos/services.fedimintd.<name>.nginx.config.listen.*.proxyProtocol | Enable PROXY protocol.
|
| options/nixos/services.firewalld.zones.<name>.masquerade | Whether to enable masquerading in the zone.
|
| options/nixos/services.discourse.sslCertificate | The path to the server SSL certificate
|
| options/nixos/services.xserver.synaptics.horizontalScroll | Whether to enable horizontal scrolling (on touchpad)
|
| options/nixos/services.nextcloud.config.objectstore.s3.sseCKeyFile | If provided this is the full path to a file that contains the key
to enable [server-side encryption with customer-provided keys][1]
(SSE-C)
|
| options/nixos/services.rutorrent.nginx.exposeInsecureRPC2mount | If you do not enable one of the rpc or httprpc plugins you need to expose an RPC mount through scgi using this option
|
| options/nixos/users.users.<name>.shell | The path to the user's shell
|
| options/home-manager/accounts.email.accounts.<name>.getmail.readAll | Enable if you want to fetch all, even the read messages from the
server
|
| options/nixos/services.znapzend.features.compressed | Whether to enable compressed feature which adds the options -Lce to
the zfs send command
|
| options/nixos/services.jitsi-videobridge.colibriRestApi | Whether to enable the private rest API for the COLIBRI control interface
|
| options/home-manager/programs.neovim.withPerl | Enable perl provider
|
| options/nixos/services.discourse.sslCertificateKey | The path to the server SSL certificate key
|
| options/nixos/services.omnom.settings.app.disable_signup | Whether to enable restricting user creation.
|
| options/nixos/services.nginx.recommendedGzipSettings | Enable recommended gzip settings
|
| options/nixos/services.netbird.tunnels.<name>.hardened | Hardened service:
- runs as a dedicated user with minimal set of permissions (see caveats),
- restricts daemon configuration socket access to dedicated user group
(you can grant access to it with
users.users."<user>".extraGroups = [ netbird-‹name› ]),
Even though the local system resources access is restricted:
CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,- older kernels don't have
CAP_BPF and use CAP_SYS_ADMIN instead,
Known security features that are not (yet) integrated into the module:
- 2024-02-14:
rosenpass is an experimental feature configurable solely
through --enable-rosenpass flag on the netbird up command,
see the docs
|
| options/nixos/services.netbird.clients.<name>.hardened | Hardened service:
- runs as a dedicated user with minimal set of permissions (see caveats),
- restricts daemon configuration socket access to dedicated user group
(you can grant access to it with
users.users."<user>".extraGroups = [ netbird-‹name› ]),
Even though the local system resources access is restricted:
CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,- older kernels don't have
CAP_BPF and use CAP_SYS_ADMIN instead,
Known security features that are not (yet) integrated into the module:
- 2024-02-14:
rosenpass is an experimental feature configurable solely
through --enable-rosenpass flag on the netbird up command,
see the docs
|
| options/home-manager/programs.neomutt.vimKeys | Enable vim-like bindings.
|
| options/nixos/services.ferretdb.settings.FERRETDB_TELEMETRY | Enable or disable basic telemetry
|
| options/nixos/services.writefreely.database.createLocally | When services.writefreely.database.type is set to
"mysql", this option will enable the MySQL service locally.
|
| options/nixos/services.reposilite.settings.defaultFrontend | Whether to enable the default included frontend with a dashboard.
|
| options/nixos/services.buffyboard.settings.input.touchscreen | Enable or disable the use of the touchscreen.
|
| options/home-manager/programs.neovim.withNodeJs | Enable node provider
|
| options/nixos/services.nginx.recommendedZstdSettings | Enable recommended zstd settings
|
| options/darwin/programs.direnv.silent | Whether to enable the hiding of direnv logging
.
|
| options/nixos/programs.direnv.silent | Whether to enable the hiding of direnv logging
.
|
| options/nixos/services.prometheus.exporters.wireguard.verbose | Whether to enable verbose logging mode for prometheus-wireguard-exporter.
|
| options/nixos/services.waagent.settings.Provisioning.Enable | Whether to enable provisioning functionality in the agent
|
| options/nixos/security.polkit.debug | Whether to enable debug logs from polkit
|
| options/nixos/services.prometheus.exporters.pgbouncer.webConfigFile | Path to configuration file that can enable TLS or authentication.
|
| options/home-manager/programs.jujutsu.ediff | Enable ediff as a merge tool
|
| options/nixos/services.draupnir.settings.managementRoom | The room ID or alias where moderators can use the bot's functionality
|
| options/nixos/programs.clash-verge.tunMode | Whether to enable Setcap for TUN Mode
|
| options/nixos/services.redmine.components.ghostscript | Whether to enable exporting Gant diagrams as PDF..
|
| options/nixos/services.redmine.components.imagemagick | Whether to enable exporting Gant diagrams as PNG..
|
| options/home-manager/programs.fish.binds.<name>.erase | Whether to enable remove bind.
|
| options/nixos/services.nginx.recommendedUwsgiSettings | Whether to enable recommended uwsgi settings if a vhost does not specify the option manually.
|