| options/nixos/services.epgstation.openFirewall | Open ports in the firewall for the EPGStation web interface.
Exposing EPGStation to the open internet is generally advised
against
|
| options/nixos/networking.resolvconf.useLocalResolver | Use local DNS server for resolving.
|
| options/home-manager/vdirsyncer.conflictResolution | What to do in case of a conflict between the storages
|
| options/nixos/services.cloudflare-ddns.provider.ipv4 | IP detection provider for IPv4
|
| options/nixos/services.cloudflare-ddns.provider.ipv6 | IP detection provider for IPv6
|
| options/nixos/services.tandoor-recipes.database.createLocally | Configure local PostgreSQL database server for Tandoor Recipes.
|
| packages/nixpkgs/ktunnel | Cli that exposes your local resources to kubernetes |
| packages/nixpkgs/kubefwd | Bulk port forwarding Kubernetes services for local development |
| packages/nixpkgs/mutagen | Make remote development work with your local tools |
| options/nixos/services.engelsystem.createDatabase | Whether to create a local database automatically
|
| options/nixos/services.gotosocial.setupPostgresqlDB | Whether to setup a local postgres database and populate the
db-type fields in services.gotosocial.settings.
|
| options/nixos/services.lasuite-docs.postgresql.createLocally | Configure local PostgreSQL database server for docs.
|
| packages/nixpkgs/woof | Web Offer One File - Command-line utility to easily exchange files over a local network |
| options/nixos/services.borgbackup.jobs.<name>.removableDevice | Whether the repo (which must be local) is a removable device.
|
| options/nixos/services.openafsServer.roles.fileserver.enable | Fileserver role, serves files and volumes from its local storage.
|
| options/nixos/services.firefox-syncserver.database.host | Database host name. localhost is treated specially and inserts
systemd dependencies, other hostnames or IP addresses of the local machine do not.
|
| options/nixos/services.kubo.settings.Addresses.API | Multiaddr or array of multiaddrs describing the address to serve the local HTTP API on
|
| options/nixos/services.lasuite-meet.postgresql.createLocally | Whether to enable Configure local PostgreSQL database server for meet.
|
| options/home-manager/programs.papis.libraries.<name>.isDefault | Whether this is a default library
|
| packages/nixpkgs/frigate | NVR with realtime local object detection for IP cameras |
| packages/nixpkgs/pairdrop | Local file sharing in your browser |
| options/nixos/services.rke2.environmentVars | Environment variables for configuring the rke2 service/agent
|
| options/nixos/services.borgmatic.configurations.<name>.repositories | A required list of local or remote repositories with paths and
optional labels (which can be used with the --repository flag to
select a repository)
|
| options/nixos/services.grafana.settings.smtp.password | Password used for authentication
|
| packages/nixpkgs/gnome-user-share | Service that exports the contents of the Public folder in your home directory on the local network |
| options/nixos/services.pulseaudio.zeroconf.publish.enable | Whether to enable publishing the pulseaudio sink in the local network.
|
| packages/nixpkgs/texlivePackages.cmextra | Knuth's local information |
| packages/nixpkgs/airlift | Flexible, configuration driven CLI for Apache Airflow local development |
| packages/nixpkgs/seagoat | Local-first semantic code search engine |
| options/nixos/services.cjdns.ETHInterface.beacon | Auto-connect to other cjdns nodes on the same network
|
| options/nixos/services.mailpit.instances.<name>.database | Specify the local database filename to store persistent data
|
| options/nixos/virtualisation.nixStore9pCache | Type of 9p cache to use when mounting host nix store. "none" provides
no caching. "loose" enables Linux's local VFS cache. "fscache" uses Linux's
fscache subsystem
|
| options/nixos/services.public-inbox.settings.publicinbox.css | The local path name of a CSS file for the PSGI web interface.
|
| packages/nixpkgs/gh-signoff | GitHub CLI extension for local CI to sign off on your own work |
| packages/nixpkgs/typstPackages.minitoc | An outline function just for one section and nothing else |
| packages/nixpkgs/kubernix | Single dependency Kubernetes clusters for local testing, experimenting and development |
| options/nixos/services.misskey.meilisearch.createLocally | Create and use a local Meilisearch instance
|
| options/nixos/services.mediagoblin.createDatabaseLocally | Whether to configure a local postgres database and connect to it.
|
| options/nixos/services.vaultwarden.configurePostgres | Whether to configure a local PostgreSQL server.
|
| packages/nixpkgs/atuin-desktop | Local-first, executable runbook editor |
| packages/nixpkgs/golds | Experimental Go local docs server/generator and code reader implemented with some fresh ideas |
| options/nixos/services.crowdsec-firewall-bouncer.settings.api_url | URL of the local API.
|
| options/nixos/services.displayManager.dms-greeter.configHome | Path to a user's home directory from which to copy DankMaterialShell
configuration files
|
| options/nixos/services.synapse-auto-compressor.postgresUrl | Connection string to postgresql in the
[rust postgres crate config format](https://docs.rs/postgres/latest/postgres/config/struct
|
| options/nixos/services.mattermost.database.password | Password for local Mattermost database user
|
| options/nixos/services.weblate.configurePostgresql | Whether to enable and configure a local PostgreSQL server by creating a user and database for weblate
|
| options/nixos/services.rosenpass.settings.public_key | Path to a file containing the public key of the local Rosenpass peer
|
| options/nixos/services.rosenpass.settings.secret_key | Path to a file containing the secret key of the local Rosenpass peer
|
| packages/nixpkgs/gtfocli | GTFO Command Line Interface for search binaries commands to bypass local security restrictions |
| packages/nixpkgs/selfci | Minimalistic local-first Unix-philosophy-abiding CI |
| options/nixos/services.sourcehut.settings."builds.sr.ht::worker".bind-address | HTTP bind address for serving local build information/monitoring.
|
| options/nixos/services.matrix-synapse.settings.presence.enabled | Whether to enable presence tracking
|
| packages/nixpkgs/gollum | Simple, Git-powered wiki with a sweet API and local frontend |
| packages/nixpkgs/viceroy | Provides local testing for developers working with Compute@Edge |
| packages/nixpkgs/live-server | Local network server with live reload feature for static pages |
| options/nixos/services.sharkey.setupMeilisearch | Whether to automatically set up a local Meilisearch instance and configure Sharkey to use it
|
| packages/nixpkgs/sunpaper | Utility to change wallpaper based on local weather, sunrise and sunset times |
| options/nixos/services.pulseaudio.zeroconf.discovery.enable | Whether to enable discovery of pulseaudio sinks in the local network.
|
| options/nixos/services.prometheus.remoteRead.*.read_recent | Whether reads should be made for queries for time ranges that
the local storage should have complete data for.
|
| options/nixos/services.prometheus.exporters.chrony.user | User name under which the chrony exporter shall be run
|
| packages/nixpkgs/smartdns | Local DNS server to obtain the fastest website IP for the best Internet experience |
| options/nixos/services.prometheus.alertmanagerGotify.port | The local port the bridge is listening on.
|
| options/nixos/services.prometheus.exporters.chrony.group | Group under which the chrony exporter shall be run
|
| options/nixos/services.nullmailer.config.adminaddr | If set, all recipients to users at either "localhost" (the literal string)
or the canonical host name (from the me control attribute) are remapped to this address
|
| options/nixos/services.grafana.settings.database.password | The database user's password (not applicable for sqlite3)
|
| options/nixos/services.glance.environmentFile | Path to an environment file as defined in systemd.exec(5)
|
| options/nixos/services.crowdsec-firewall-bouncer.secrets.apiKeyPath | Path to the API key to authenticate with a local CrowdSec API
|
| packages/nixpkgs/chntpw | Utility to reset the password of any user that has a valid local account on a Windows system |
| packages/nixpkgs/typesetter | Minimalist, local-first Typst editor |
| options/nixos/services.canaille.settings.CANAILLE_SQL.DATABASE_URI | The SQL server URI
|
| options/nixos/services.openssh.listenAddresses | List of addresses and ports to listen on (ListenAddress directive
in config)
|
| options/nixos/services.firefox-syncserver.database.createLocally | Whether to create database and user on the local machine if they do not exist
|
| options/nixos/services.syncthing.settings.options.limitBandwidthInLan | Whether to apply bandwidth limits to devices in the same broadcast domain as the local device.
|
| options/home-manager/services.syncthing.settings.options.limitBandwidthInLan | Whether to apply bandwidth limits to devices in the same broadcast domain as the local device.
|
| packages/nixpkgs/piper-train | Fast, local neural text to speech system |
| options/nixos/services.tailscale.serve.services.<name>.endpoints | Map of incoming traffic patterns to local targets
|
| options/nixos/services.prometheus.exporters.postgres.runAsLocalSuperUser | Whether to run the exporter as the local 'postgres' super user.
|
| packages/nixpkgs/bitrise | CLI for running your Workflows from Bitrise on your local machine |
| options/nixos/services.prometheus.exporters.pve.configFile | Path to the service's config file
|
| options/nixos/services.foundationdb.extraReadWritePaths | An extra set of filesystem paths that FoundationDB can read to
and write from
|
| options/home-manager/accounts.email.accounts.<name>.lieer.settings.ignore_tags | Set labels to ignore when syncing from local tags to
remote labels (after translations).
|
| options/nixos/services.cloudflared.tunnels.<name>.originRequest.httpHostHeader | Sets the HTTP Host header on requests sent to the local service.
|
| options/nixos/services.parsedmarc.provision.grafana.dashboard | Whether the official parsedmarc grafana dashboard should
be provisioned to the local grafana instance.
|
| packages/nixpkgs/blast | Basic Local Alignment Search Tool (BLAST) finds regions of similarity between biological sequences |
| options/nixos/services.nixseparatedebuginfod2.substituters | nix substituter to fetch debuginfo from
|
| packages/nixpkgs/pacproxy | No-frills local HTTP proxy server powered by a proxy auto-config (PAC) file |
| options/nixos/services.grafana.settings.security.secret_key | Secret key used for signing
|
| options/nixos/services.netbird.tunnels.<name>.hardened | Hardened service:
- runs as a dedicated user with minimal set of permissions (see caveats),
- restricts daemon configuration socket access to dedicated user group
(you can grant access to it with
users.users."<user>".extraGroups = [ netbird-‹name› ]),
Even though the local system resources access is restricted:
CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,- older kernels don't have
CAP_BPF and use CAP_SYS_ADMIN instead,
Known security features that are not (yet) integrated into the module:
- 2024-02-14:
rosenpass is an experimental feature configurable solely
through --enable-rosenpass flag on the netbird up command,
see the docs
|
| options/nixos/services.netbird.clients.<name>.hardened | Hardened service:
- runs as a dedicated user with minimal set of permissions (see caveats),
- restricts daemon configuration socket access to dedicated user group
(you can grant access to it with
users.users."<user>".extraGroups = [ netbird-‹name› ]),
Even though the local system resources access is restricted:
CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,- older kernels don't have
CAP_BPF and use CAP_SYS_ADMIN instead,
Known security features that are not (yet) integrated into the module:
- 2024-02-14:
rosenpass is an experimental feature configurable solely
through --enable-rosenpass flag on the netbird up command,
see the docs
|
| packages/nixpkgs/whosthere | Local Area Network discovery tool |
| packages/nixpkgs/notus-scanner | Helper to create results from local security checks |
| options/nixos/services.draupnir.settings.managementRoom | The room ID or alias where moderators can use the bot's functionality
|
| options/nixos/services.postfix.settings.main.mydestination | List of domain names intended for local delivery using /etc/passwd and /etc/aliases.
Do not include virtual domains in this list.
https://www.postfix.org/postconf.5.html#mydestination
|
| options/nixos/services.prometheus.exporters.chrony.chronyServerAddress | ChronyServerAddress of the chrony server side command port. (Not enabled by default.)
Defaults to the local unix socket.
|
| options/nixos/services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.auth | Authentication to expect from remote
|
| options/nixos/services.crowdsec-firewall-bouncer.settings.api_key | API key to authenticate with a local crowdsec API
|
| packages/nixpkgs/rsnapshot | Filesystem snapshot utility for making backups of local and remote systems |
| options/home-manager/accounts.contact.accounts.<name>.pimsync.extraLocalStorageDirectives | Extra directives that should be added under this accounts local storage directive
|
| options/home-manager/accounts.contact.accounts.<name>.khard.addressbooks | If provided, each item on this list will generate an
entry on khard configuration file as a separate addressbook
(vdir)
|
| packages/nixpkgs/tunnelto | Expose your local web server to the internet with a public URL |