Indicate if login is allowed if we can't cd to the home directory.

The default home directory for normal users.

The default locale

The default locale character set.

Index of the default menu item to be booted

Makes this vhost the default.

Makes this vhost the default.

Makes this vhost the default.

Group for the default nutmon user

Makes this vhost the default.

Default unit started when the system boots; see systemd.special(7).

Makes this vhost the default.

Makes this vhost the default.

Makes this vhost the default.

Makes this vhost the default.

Makes this vhost the default.

This option specifies the default value for httpProxy, httpsProxy, ftpProxy and rsyncProxy.

systemd service that is enabled by default

Makes this vhost the default.

Makes this vhost the default.

Makes this vhost the default.

Makes this vhost the default.

Makes this vhost the default.

Makes this vhost the default.

Makes this vhost the default.

Default MIME types for NGINX, as MIME types definitions from NGINX are very incomplete, we use by default the ones bundled in the mailcap package, used by most of the other Linux distributions.

Makes this vhost the default.

Service type

Makes this vhost the default.

Makes this vhost the default.

Whether to enable vim as the default editor.

This option defines the default shell assigned to user accounts

Makes this vhost the default.

Default PPD profile.

Makes this vhost the default.

Makes this vhost the default.

If hosts do not specify listen.port, use these ports for SSL by default.

Default colour depth.

When enabled, configures emacsclient to be the default editor using the EDITOR environment variable.

If hosts do not specify listen.port, use these ports for HTTP by default.

Default username for FreshRSS.

The default capture device (i.e. microphone)

The default CA host:port to use.

default guac token to use.

Default options for all instances of Anubis.

When enabled, configures VSCode to be the default editor using the EDITOR environment variable.

If vhosts do not specify listen.port, use these ports for SSL by default.

Screen resolution in modedb format

Makes this vhost the default.

The world used by the default map ruleset

Options used for the default rules, granting root and the wheel group permission to run any command as any user.

Name of the default JVB room that will be joined if no special header is included in SIP invite.

Options used for the default rules, granting root and the wheel group permission to run any command as any user.

When enabled, installs neovim and configures neovim to be the default editor using the EDITOR environment variable.

If vhosts do not specify listen.port, use these ports for HTTP by default.

If vhosts do not specify listen, use these addresses by default

The default playback device

Default font path

Default UDP port for clients to connect to virtual servers - used for first virtual server, subsequent ones will open on incrementing port numbers by default.

The default output format

This allows to override the default bit size for all of the Diffie-Hellman parameters set in security.dhparams.params.

Specifies whether local printers are shared by default.

Default network interface to listen for incoming connections

The default Nix expression search path, used by the Nix evaluator to look up paths enclosed in angle brackets (e.g. <nixpkgs>).

Makes this vhost the default.

The default syslog.conf file configures a fairly standard setup of log files, which can be extended by means of extraConfig.

default manager token to use.

The default source address.

The default source address.

The default gateway

The default gateway metric/preference.

default user password to use.

The default gateway metric/preference.

Name of the network interface to use for all peers by default.

The default ipv6 gateway

Whether to enable Monado as the default OpenXR runtime on the system

The log level. i2pd defaults to "info" but that generates copious amounts of log messages

The physical location of the server

Selects the default theme on boot

The default syslog.conf file configures a fairly standard setup of log files, which can be extended by means of extraConfig.

default admin password to use.

Default block I/O scheduler

The default gateway address.

The default gateway address.

Device name pattern to exclude from default scheduler assignment through config.hardware.block.defaultScheduler and config.hardware.block.defaultSchedulerRotational

The default interface language

Whether to enable WiVRn as the default OpenXR runtime on the system

Makes this vhost the default.

Sets the default applications for given mimetypes

Override default locales within gancio

With this option, you can customize an H2O virtual host which already has sensible defaults for Movim

System-wide default serif font(s)

scx package to use. scx.full, which includes all schedulers, is the default

Default strategy to use

Whether to include Anubis's default bot detection rules via the (data)/meta/default-config.yaml import

The window size of the default gateway

The configuration to give rss2email

List of site names for which statistics should be exported

If set, the pkgs argument to all NixOS modules is the value of this option, extended with nixpkgs.overlays, if that is also set

Default values applied to all accounts

System-wide default sans serif font(s)

If vhosts do not specify listenAddresses, use these addresses by default

Enable SSL.

Units that want (i.e. depend on) this unit

Units that want (i.e. depend on) this unit

Units that want (i.e. depend on) this unit

With this option, you can customize an Nginx virtual host which already has sensible defaults for Movim

The URL to an InfluxDB server that serves as the default database

Path in which suricata-update managed rules are stored by default.

IP address.

Port number.

The default gateway interface.

The default gateway interface.

Units that want (i.e. depend on) this unit

Units that want (i.e. depend on) this unit

If GitLab container registry should be enabled by default for projects.

Units that want (i.e. depend on) this unit

Units that want (i.e. depend on) this unit

Whether k3s should run as a server or agent

The default logging directory

Additional bot rules appended to the policy

Units that want (i.e. depend on) this unit

Units that want (i.e. depend on) this unit

Whether or not to enable the headless Aria2 daemon service

Units that want (i.e. depend on) this unit

Units that want (i.e. depend on) this unit

This option is opposite to lt-cred-mech. (TURN Server with no-auth option allows anonymous access)

This is a modular service, which can be imported into a NixOS configuration using the system.services option.

Configuration file to use with nohang

Chromium default search provider url.

Name of the image

Default values inheritable by all configured certs

Catch-all service if no ingress matches

System-wide default monospace font(s)

Enable the default search provider.

Units that want (i.e. depend on) this unit

Units that want (i.e. depend on) this unit

Units that want (i.e. depend on) this unit

With this option, you can customize an H2O virtual host which already has sensible defaults for Dolibarr

The time zone used when displaying times and dates

If multiple server stanzas are declared with programs.tsmClient.servers, this option may be used to name a default server stanza that IBM TSM uses in the absence of a user-defined dsm.opt file

Maximum memory used by the process

Settings to merge with the default configuration

Chromium default search provider url for suggestions.

Default URI to display.

Units that want (i.e. depend on) this unit

Whether to enable setting suid bit for throne-core to run as root, which is less secure than default setcap method but closer to upstream assumptions

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Default config (default.conf) for new containers, i.e. for network config

The configuration file passed to ukify(1) to create the UKI

With this option, you can customize an nginx virtual host which already has sensible defaults for Pixelfed

Whether to listen for and reject all HTTPS connections to this vhost

default registration token to use.

Common default options for explicitly monitored (listed in services.smartd.devices) devices

The status of firefox.preferences.

status can assume the following values:

• "default": Preferences appear as default.
• "locked": Preferences appear as default and can't be changed.
• "user": Preferences appear as changed.
• "clear": Value has no effect

System-wide default emoji font(s)

Each attribute in this option names an apcupsd event and the string value it contains will be executed in a shell, in response to that event (prior to the default action)

With this option, you can customize an NGINX virtual host which already has sensible defaults for Kanboard

Defines a default currency symbol for new groups

Defines one or more team names that auto-provisioned OIDC users shall be added to

Units that want (i.e. depend on) this unit

With this option, you can customize an nginx virtualHost which already has sensible defaults for Matomo

Whether to serve a default robots.txt that denies access to common AI bots by name and all other bots by wildcard.

Set of default packages that aren't strictly necessary for a running system, entries can be removed for a more minimal NixOS installation

Whether to enable setting suid bit for nekobox_core to run as root, which is less secure than default setcap method but closer to upstream assumptions

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Configuration options for the Default Terminal Execution Specification

default permissions for all unauthenticated accesses.

Number of boot attempts before this UKI is considered bad

Specifies the time limit (in seconds) to use when performing searches

Whether to enable the default included frontend with a dashboard.

Type of proxy to use

Whether to enable this instance of Anubis.

The default log level: can be overridden in an output section

The file mode creation mask for Aria2 service

With this option, you can customize an nginx virtual host which already has sensible defaults for Dolibarr

Name of the mongo database.

When enabled, instructs udisks2 to mount removable drives under /media/ directory, instead of the default, ACL-controlled /run/media/$USER/

Whether to enable or disable lingering for this user

Anubis policy configuration

The user under which Anubis is run

A list of extra flags to be passed to Anubis.

TCP connection port

This section defines default values for attributes which are used whenever no values are given in the appropriate device or multipath sections.

Controls the file Xorg logs to

Default data folder for Fider.

User to run upsmon as. upsmon.conf will have its owner set to this user

Strings to prefix to the default system.nixos.label

Installing a public key allows firmware signed with a matching private key to be recognized as trusted, which may require less authentication to install than for untrusted files

Fallback if no monitor layout can be detected

Keep or set the specified variables

The path to the default configuration options the PulseAudio server should use

The restriction flags to be set by default

Default block I/O scheduler for rotational drives (e.g. hard disks)

Defines Anuko Time Tracker default language

Working directory, available as $GITHUB_WORKSPACE during workflow runs and used as a default for repository checkouts

Default Sympa language

Set default evaluation interval for sub queries

The group under which Anubis is run

The path of the Searx server settings.yml file

Configure Subsonic to use this folder for music

The script to run when user log in, usually a window manager, e.g. "icewm", "xfce4-session" This is per-user overridable, if file ~/startwm.sh exists it will be used instead.

Sets the logical button mapping for this device, see XSetPointerMapping(3)

The name of an existing user account to use to own the ZNC server process

Enable PROXY protocol.

With this option, you can customize an nginx virtual host which already has sensible defaults for radicle-httpd

Whether to enable or disable lingering for this user

PHP package to use for php-fpm

Override the default port on which to listen for connections.

The default port to listen on for HTTP traffic.

Address to bind to

How many milliseconds ksmd should sleep between scans

The group to run oCIS under

Set the resolver to use for performing recursive DNS queries

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Attestation quote type.

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Enable ntopng, a high-speed web-based traffic analysis and flow collection tool

Directory holding configuration and by default also incoming and temporary files

What port to listen for client requests, default is 1080.

Extra configuration to append to the default ~/.gitolite.rc

Whether to listen for and reject all HTTPS connections to this vhost

Address:Port to bind to for HTTP (default: 0.0.0.0:8080).

Timeout (in seconds) until loader boots the default menu item

The path to use as hound's $HOME

Name of existing phpfpm pool that is used to run web-application

Directory where the uploaded files will be stored when the http_upload module is used

Socket to use for connecting to SNMP master agent

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Settings for podman's default network.

Configure Subsonic to use this folder for Podcasts

Enables the in-database configuration.

https://docs.postgrest.org/en/stable/references/configuration.html#in-database-configuration

PHP FPM configuration

Makes user-profiles globally available under nextcloud.tld/u/user.name

Only use TLSv1.3 (default also allows TLSv1.2).

Name of existing phpfpm pool that is used to run web-application

The user to run oCIS as

Whether to enable starting the service by default.

The status of thunderbird.preferences.

status can assume the following values:

• "default": Preferences appear as default.
• "locked": Preferences appear as default and can't be changed.
• "user": Preferences appear as changed.
• "clear": Value has no effect

Whether to listen for and reject all HTTPS connections to this vhost

Sets these config files to the default content

Named accounts and their respective configurations

File containing the MINIO_ROOT_USER, default is "minioadmin", and MINIO_ROOT_PASSWORD (length >= 8), default is "minioadmin"; in the format of an EnvironmentFile=, as described by systemd.exec(5).

Sets the logical button mapping for this device, see XSetPointerMapping(3)

The 16 colors palette used by the virtual consoles

Whether to propagate the legacy options under services.znc.confOptions.* to the znc config

Override the default port on which to listen for WS-RPC connections.

Override the default port on which to listen for RPC connections.

Filename to be used for the dump

Jibri configuration

Set the host address for this virtual host

Override the default TLS port for this virtual host.

The default encryption method to use for passwordCrypt = 1.

Disable default components, see the K3s documentation.

sched_latency_ns.

Freeform configuration via environment variables for Anubis

The host name or IP address on which to bind Airsonic

Whether to listen for and reject all HTTPS connections to this vhost

Preemption mode.

sched_nr_latency.

Configure Subsonic to use this folder for playlists

Configuration for the default logger

If the default user "gocd-agent" is configured then this is the primary group of that user.

Connect to testnet network instead of the default mainnet.

Whether to enable Tor daemon

The name of an existing user to use to run the service

The user to run Memos as.

Routing queue number

Configuration file to use for FRR

Disable default components, see the RKE2 documentation.

Sets the maximum size of the index

Whether to enable kapacitor.defaultDatabase.

This is a modular service, which can be imported into a NixOS configuration using the system.services option.

Whether to listen for and reject all HTTPS connections to this vhost

Extra parameters of this listen directive.

LIRC default options described in man:lircd(8) (lirc_options.conf)

Override the default HTTP port for this virtual host.

Anubis policy configuration in Nix syntax

The set of packages that appear in /run/current-system/sw

Cache directory to be used by oh-my-zsh

The default port to listen on for HTTPS traffic

Skydns default domain if not specified by etcd config.

Set this option when you want to run the slurmctld daemon as something else than the default slurm user "slurm"

The IP webhook should serve hooks on

Whether to enable xdg-terminal-exec, the proposed Default Terminal Execution Specification.

Whether this interface should be configured with DHCP

Specifies port number on which the jenkins HTTP interface listens

User under which the coder service runs.

By default pam-ussh reads the trusted user CA keys from /etc/ssh/trusted_user_ca

Set the host address for this virtual host

Override the default TLS port for this virtual host.

User under which Node-RED runs

The group to run Memos as.

The name of an existing group to use to run the service

Configuration for WiVRn

The default priority for messages sent to gotify.

The path to use as JENKINS_HOME

If the default user "jenkins" is configured then this is the primary group of that user.

Name of existing phpfpm pool that is used to run web-application

If the default user "gocd-server" is configured then this is the primary group of that user.

The user to run code-server as

Whether to open the default ports in the firewall: TCP/UDP 22000 for transfers and UDP 21027 for discovery

Attribute set of default values for modem config files etc/config.*

Whether to enable writing to the Nix store as a remote store via SSH

Default URL for FreshRSS.

User account under which Actual runs

Hostname or IP-address to listen to

Override the default HTTP port for this virtual host.

The network to connect to

Group under which the service should run

Enable logging, default is no logging.

sched_cfs_bandwidth_slice_us.

FastCGI parameters to override

FastCGI parameters to override

FastCGI parameters to override

Some NixOS packages provide debug symbols

Graphical session to pre-select in the session chooser (only effective for GDM, LightDM and SDDM)

Listening address.

FastCGI parameters to override

Options for PHP's php.ini file for nextcloud

Whether to listen for and reject all HTTPS connections to this vhost

Extra configuration options for Syncthing

Overridable config file to use for named

User account under which Klipper runs

Default data folder for Kanboard.

Whether to enable the atftpd TFTP server

Override the configuration file used by Apache

Group under which the coder service runs.

Default data folder for FreshRSS.

The existing user the Quassel daemon should run as

Group under which Node-RED runs

User under which the service should run

Verbatim contents of squid.conf

Default data folder for MicroBin.

Whether rke2 should run as a server or agent

(Extra) system-wide /**/bin paths for Apptainer/Singularity to find command-line utilities in.

"/run/wrappers/bin" is included by default to make utilities with SUID bit set available to Apptainer/Singularity

The password to connect to the remote InfluxDB server

The username to connect to the remote InfluxDB server

FastCGI parameters to override

FastCGI parameters to override

Extra environment variables passed to CommaFeed, refer to https://github.com/Athou/commafeed/blob/master/commafeed-server/config.yml.example for supported values

FastCGI parameters to override

FastCGI parameters to override

FastCGI parameters to override

The group to run code-server under

User account under which caddy runs.

The font used for the virtual consoles

Accept the CA's terms of service

The state directory where Guix service will store its data such as its user-specific profiles, cache, and state files.

Force deCONZ to use a specific USB device (e.g. /dev/ttyACM0)

User account under which MySQL runs.

List of directories to scan

List of site names for which statistics should be exported

Path to directory of CRLs (Certificate Revocation Lists) in PEM format

Filename to be used for the dump

Whether to enable i2c devices support

By default, H2O, without prejudice, will use as many TLS versions & cipher suites as it & the TLS library (OpenSSL) can support

Group account under which Actual runs

Whether to enable Ferm Firewall. Warning: Enabling this service WILL disable the existing NixOS firewall! Default firewall rules provided by packages are not considered at the moment.

Configuration of the IFM service

User account under which maddy runs.

Name of phpfpm pool that is used to run web-application

The user Quickwit runs as

Existing user that the CGI process will belong to. (Default almost surely will do.)

Override the configuration file used by MySQL

The user Temporal runs as

User to run Zeyple as.

Sets the maximum size of accepted JSON payloads

Key server from which to fetch and update keys

Defines how users authenticate themselves to the server

thefuck needs an alias to be configured

The work directory for CFSSL.

Group under which caddy runs.

Override the default port on which to listen for connections.

Daemon process priority for bee. 0 is the default Unix process priority, 19 is the lowest.

Enables udev rules for BladeRF devices

Default user to store mail for virtual users.

Group account under which Klipper runs

Path to default Klipper config.

Interface to use (IP or name) for inter-host communication

Threshold to start probabalistic backoff with ntcp sessions (default: use system limit).

The user for the service

Name of existing phpfpm pool that is used to run web-application

The directory where MPD stores its state, tag cache, playlists etc

The policy file to use

Whether to enable the headless Transmission BitTorrent daemon

Error log level.

Additional policy settings merged into the policy file

Server HTTP listen address

Maximum number of open files (0 - use system default).

Name of the default cryptographic profile chosen from the profile_dir directory.

Client-side web application settings that override the defaults in config.js

Directory for storing Caddy access logs.

Configuration file, default is generated from config.service.umurmur.settings

Group account under which MySQL runs.

"bantime.increment" allows to use database for searching of previously banned ip's to increase a default ban time using special formula, default it is banTime * 1, 2, 4, 8, 16, 32 ...

"bantime.factor" is a coefficient to calculate exponent growing of the formula or common multiplier, default value of factor is 1 and with default value of formula, the ban time grows by 1, 2, 4, 8, 16 ...

The network family that Anubis should bind to

Temporary directory that Athens will use to fetch modules from VCS prior to persisting them to a storage backend

Whether to enable HTTPS in addition to plain HTTP

Whether to open the default ports in the firewall for the ALVR server.

The path to use as JENKINS_HOME

User account under which inadyn runs.

Whether to enable HTTPS in addition to plain HTTP

Hostname or address on which NFS requests will be accepted

User account under which Sonarr runs.";

Whether to enable HTTPS in addition to plain HTTP

Path to the snmpd.conf file

The group temporal runs as

The group quickwit runs as

Group account under which maddy runs.

Whether to create symlinks to the system generations under /boot

Whenever to configure Bash as an interactive shell

Name of the php-fpm pool to use and setup

Address to bind to

Service port

Default group to store mail for virtual users.

List of IPs or networks to allow (default all allowed).

The data directory for MySQL.

Number of Neo4j worker threads, where the default of 0 indicates a worker count equal to the number of available processors.

Whether to enable HTTPS in addition to plain HTTP

Enable Munin Node agent

Overridable configuration file contents to use for ntopng

The group for the service

Group to use to run Zeyple.

Path to directory of X.509 certificates in PEM format for trusted parties

FastCGI parameters to override

FastCGI parameters to override

FastCGI parameters to override

FastCGI parameters to override

FastCGI parameters to override

"bantime.formula" used by default to calculate next value of ban time, default value below, the same ban time growing will be reached by multipliers 1, 2, 4, 8, 16, 32 ...

Whether to listen for and reject all HTTPS connections to this vhost

FastCGI parameters to override

FastCGI parameters to override

Whether to include Anubis's default bot detection rules via the (data)/meta/default-config.yaml import

Override the configuration file used by Caddy

Default options for yarn-site.xml

Require authentication of the STUN Binding request

Group running the ACME client.

A list of cryptographic kernel modules needed to decrypt the root device(s)

Default data folder for Anuko Time Tracker.

If the default slave agent user "jenkins" is configured then this is the primary group of that user.

Default environment variables available to the GameScope process, overridable at runtime.

Absolute path to programs.sqlite

Default options for hdfs-site.xml

Port to listen on (default: 443).

Use the given device as keyboard input event device instead of /dev/input/eventX default.

Enable client authentication

Override (NetBIOS) hostname to be used (default hostname).

Hop limit for multicast packets (default = 1).

The NATS data directory

sched_wakeup_granularity_ns.

AdGuard Home configuration

The path to a hardware watchdog device which will be managed by systemd

Default window size for this interface.

Set the host address for this virtual host

Override the default TLS port for this virtual host.

Group account under which inadyn runs.

Override the default database cache size in MiB.

Group account under which Sonarr runs.

Server configuration, see https://maddy.email for more information

Whether to enable opening the default ports in the firewall for Samba.

The backup service will be invoked automatically at the given date/time, which must be in the format described in systemd.time(5)

Upload speed limit. 0 is unlimited (default).

Whether to enable the default ports in the firewall for the WiVRn server.

FastCGI parameters to override

Options defined here will override the defaults for xendomains

FastCGI parameters to override

FastCGI parameters to override

A regex to filter output

Miriway's config

Whether extraEntries are included before the default option.

https_dns_proxy will by default use IPv6 and fail if it is not available

Default maximum packet size for this interface.

Whether to enable HTTPS in addition to plain HTTP

Whether to enable HTTPS in addition to plain HTTP

This option defines the maximum number of jobs that Nix will try to build in parallel

Multi-processing module to be used by Apache

Override the default port on which to listen for JSON-RPC connections.

Attrset of dconf profiles

Whether to enable HTTPS in addition to plain HTTP

Enable the HTTP connector for Neo4j

User under which Traefik runs.

The directory to store all user data, such as flow and credential files and all library data

The Sonarr home directory used to store all data

Database port

Whether to enable HTTPS in addition to plain HTTP

Whether to enable HTTPS in addition to plain HTTP

Web interface root public URL, including scheme and port (if non-default).

Enable the BOLT connector for Neo4j

List of integrations set are always set up, unless in recovery mode.

FastCGI parameters to override

Sets the pointer acceleration profile to the given profile

Allow Type-1 fonts

Default options for hbase-site.xml

Settings for files in maps/

Extra global default configuration for htop which is read on first startup only

Path to dtb directory that overlays and other processing will be applied to

Libraries that automatically become available to all programs

Override the default HTTP port for this virtual host.

The user tuwunel is run as

User account under which prosody runs.

Database user

Whether to run searx in uWSGI as a "vassal", instead of using its built-in HTTP server

The data directory for caddy.

The package that provides the default driver set.

Free form attribute set for aMule settings

The database's port

Creating multiple WLAN interfaces on top of one physical WLAN device (NIC)

The command the user is allowed to run

Specifies location of CouchDB view index files

The directory where Galene stores its internal state

pay-respects needs an alias to be configured

Whether to enable Cinnamon default applications.

Whether to enable the fail2ban service

By default, file systems and swap areas are trimmed on-the-go by setting "discard"

Set of btrbk instances

The option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard

The memory limit (max Java heap size) in megabytes

Whether to enable Pantheon default applications.

The memory limit (max Java heap size) in megabytes

Enable the HTTPS connector for Neo4j

Configuration of the Mealie service

Run sanoid at this interval

The log level when logging to file

The difficulty required for clients to solve the challenge

FastCGI parameters to override

Whether to listen for and reject all HTTPS connections to this vhost

FastCGI parameters to override

List of domains we agree to relay to

Sets the Debug-Level. 0 disables debugging, 1 enables pam_mount tracing, and 2 additionally enables tracing in mount.crypt

Whether to enable Neovim

This option specifies the no_proxy environment variable

Whether to enable the Interplanetary File System (WARNING: may cause severe network degradation)

The group tuwunel is run as

The group to run OpenCloud under

Enable verbose output, default is to not be verbose.

Auto-redirect to HTTPS in production

Set workgroup name (default WORKGROUP).

Group account under which prosody runs.

VirtualHost to serve gitweb on

STUN broker URL (default "stun:stun.stunprotocol.org:3478")

The group to run Syncthing under

The URI of the NixOS channel to use for automatic upgrades

If set to false, this unit will be a symlink to /dev/null

If set to false, this unit will be a symlink to /dev/null

If set to false, this unit will be a symlink to /dev/null

Extra commands to run on the default confDir derivation.

Database port

Minimum remaining validity before renewal in days.

Welcome line printed by agetty

Default options for mapred-site.xml

Name of the default administrator user

The prosody home directory used to store all data

Authentication endpoint

Overrides for the default mailman-web Django settings.

Port number to bind to

Open ports in the firewall for mpd

The directory where owncast stores its data files

The IP address on which Xandikos will listen

By default this service only changes the first packet sent, which is enough in most cases

Default kubernetes certificate authority

The network family that the metrics server should bind to

If set, shows a contact email address when rendering error pages

The prefix that will be added to all metrics

Path to certificate private key (PEM with private key)

Path to certificate (PEM with certificate chain)

Default language for FreshRSS.

Socket listen queue backlog size

Whether to power up the default Bluetooth controller on boot.

The default realm to be used for the users when no explicit origin/realm relationship was found in the database, or if the TURN server is not using any database (just the commands-line settings and the userdb file)

Whether to enable Sway, the i3-compatible tiling Wayland compositor

Level of Logging to use (debug, info, warn, error) (default "info").

The user to run OpenCloud as

Settings for MaryTTS

Whether to open the firewall for the default ports.

Whether to open the firewall for the default ports.

Local UDP port for IKE communication

Sets the default UI theme. system matches the user's system theme.

Default audio compression method.

Base directory for custom templates and other options

Which user or group the specified command is allowed to run as

User account under which dolibarr runs.

The name of the savegame that will be used by the server

Key type to use for private keys

Extra configuration options appended to the default asterisk.conf file.

On service or configuration errors that prevent Duo authentication, fail "safe" (allow access) or "secure" (deny access)

Host address the HTTP server listens on

Whether Galene should listen in http or in https

User account under which pixelfed runs.

Sets the bucket size for the map variables hash tables

The user to run Syncthing as

websocket relay URL (default "wss://snowflake.bamsoftware.com/")

Additional configuration lines added to the default section of xinetd's configuration.

PROTO can be 'HTTP' (the default) or 'PROXY'

Allow client if common name appears in the list.

Allow client if organizational unit name appears in the list.

If true, allow all clients, do not check client cert subject.

Email address for account creation and correspondence from the CA

Configuration for one or more device IDs

The set of system-wide known SSH hosts

Whether to enable knot-resolver (version 5) domain name server

Commands to run after new certificates go live

Define the client configurations

Location for any persistent data Traefik creates, such as the ACME certificate store.

The user OpenSearch runs as

The restriction flags to be set on source

Overridable config file contents to use for lighttpd

If set to false, this unit will be a symlink to /dev/null

If set to false, this unit will be a symlink to /dev/null

If set to false, this unit will be a symlink to /dev/null

Sets the pointer acceleration profile to the given profile

Allow client if DNS subject alternative name appears in the list.

Address to forward connections to (can be HOST:PORT or unix:PATH).

Address and port to listen on (can be HOST:PORT, unix:PATH).

Allow client if URI subject alternative name appears in the list.

Whether to enable lightdm-mini-greeter as the lightdm greeter

Whether to enable lightdm-tiny-greeter as the lightdm greeter

Specify the port (a positive integer) on which the Director daemon will listen for Bacula Console connections

Run a gitea dump at this interval

Specifies the default port over which Cassandra will be available for JMX connections

Path the service has access to

The options to use for this LUKS device in YubiKey-PBA

Attribute set of paths whose content is copied to the skins subdirectory of the MediaWiki installation in addition to the default skins.

Base url for images generated in the cgi

The timer configuration for performing the update

Whether to add the activation script to the system profile

FastCGI parameters to override

Default configuration for the loggers used by matrix-synapse and its workers

Package to use for ghostunnel

This option determines which Docker storage driver to use

Group for hg.sr.ht

Group account under which dolibarr runs.

Which package to copy default rules,types,cgroups from.

Whether to allow editing the kernel command-line before boot

The certificate profile to choose if the CA offers multiple profiles.

Whether to let openssh print the result when entering a new ssh-session

Will be inserted in the Default section of the config file.

DEPRECATED, use driverOptions

Extra configuration for collectd

The fully qualified domain name (FQDN) of this host

URL to the Origin

By default, nginx will look up both IPv4 and IPv6 addresses while resolving

Token redemption endpoint

Group account under which pixelfed runs.

Tell nylon which interface to use as an uplink, default is "enp3s0f0".

Broker URL (default "https://snowflake-broker.torproject.net/")

Lines to append to default multipath.conf

Lines to append to default iscsid.conf

Download speed limit. 0 is unlimited (default).

By default, nginx will look up both IPv4 and IPv6 addresses while resolving

By default, nginx caches answers using the TTL value of a response

Time of day to run logcheck

If set to false, this unit will be a symlink to /dev/null

If set to false, this unit will be a symlink to /dev/null

The salt used for serialization

Whether to enable Open Graph tag passthrough

Attribute set of NetBird client daemons, by default each one will:

1. be manageable using dedicated tooling:

• netbird-<name> script,
• NetBird - netbird-<name> graphical interface when appropriate (see ui.enable),

2. run as a netbird-<name>.service,
3. listen for incoming remote connections on the port 51820 (openFirewall by default),
4. manage the netbird-<name> wireguard interface,
5. use the /var/lib/netbird-/config.json configuration file,
6. override /var/lib/netbird-/config.json with values from /etc/netbird-/config.d/*.json,
7. (hardened) be locally manageable by netbird-<name> system group,

With following caveats:

• multiple daemons will interfere with each other's DNS resolution of netbird.cloud, but should remain fully operational otherwise

Group for man.sr.ht

Group for git.sr.ht

Group for hub.sr.ht

Establish a default set of export options

Whether to enable HTTPS in addition to plain HTTP

Whether to enable HTTPS in addition to plain HTTP

Whether to enable HTTPS in addition to plain HTTP

The data directory for goeland where the database will reside if using the unseen filter

Override default port used for service.

Customize the default settings, refer to https://github.com/kanboard/kanboard/blob/main/config.default.php for details on supported values.

Additional global flags to pass to all lego commands.

This option, if set, adds a collection of default kernel modules to boot.initrd.availableKernelModules and boot.initrd.kernelModules.

Whether to enable opening the default ports in the firewall for Devpi Server.

Whether to enable HTTPS in addition to plain HTTP

User accounts for GRUB

Whether to open the firewall port (default 45876).

The context path, i.e., the last part of the Airsonic URL

Whether to enable HTTPS in addition to plain HTTP

Extra configuration options to append or override

The context path, i.e., the last part of the Subsonic URL

The group OpenSearch runs as

The list of hostnames and/or IP addresses from which the Mailman Web UI will accept requests

Whether to enable HTTPS in addition to plain HTTP

Whether to enable HTTPS in addition to plain HTTP

The default evaluation interval to use

The prefix for MAC addresses to use, without the trailing ':'

Specifies whether userlistFile is a list of user names to allow or deny access

Name of auth backend to use by default.

Path to CA bundle file (PEM/X509)

The ASCII and UTF-8 output width, default is 78

Defines one or more team names that auto-provisioned OIDC users shall be added to

Additional flags to pass to lego run.

Specifies the bind address on which the jenkins HTTP interface listens

The server's configuration file

SCSI link power management policy

If enabled (the default), Nix will only download binaries from binary caches if they are cryptographically signed with any of the keys listed in nix.settings.trusted-public-keys

This file contains the full URI that can be used to access this instance of CouchDB

The gitolite home directory used to store all repositories

A list of names of users (separated by whitespace) that are allowed to connect to the Nix daemon

• never - Do not allocate huge memory pages

Default Alerta authentication token

Open the default ports in the firewall for the server.

HTTPS listening address

Sets the maximum size of the types hash tables (types_hash_max_size)

Primary group under which Traefik runs

Relay pools to join

Whether to enable NotifyOSD alerts

Group for todo.sr.ht

Group for meta.sr.ht

The ucarp package to use

Directory used to store media files

Configuration for Nix, see https://nixos.org/manual/nix/stable/command-ref/conf-file.html or nix.conf(5) for available options

Forcibly import the ZFS root pool(s) during early boot

Whether to enable HTTPS in addition to plain HTTP

The game type to use on the server

Allow the specified IPs to act as a proxy

Whether to enable HTTPS in addition to plain HTTP

Database connection scheme

Additional settings (see mjolnir default config for available settings)

If true, favors higher default fan speeds.

If set to false, this unit will be a symlink to /dev/null

If set to false, this unit will be a symlink to /dev/null

Net masks for trusted - allowed to relay mail to third parties - hosts

Name of existing PHP-FPM pool that is used to run Icingaweb2

Run bitbox-bridge.service only when hardware wallet is plugged, also registers the systemd device unit

Whether to enable debug logging for this certificate.

Extra command line options for the JVM running AirSonic

User account under which headscale runs.

Configuration to write to /etc/gitconfig

Whether to enable the default ports in the firewall for the WiVRn server.

Whether to enable opening the default ports in the firewall for Scrutiny.

Default directory to add folders in the web UI.

Whether to enable HTTPS in addition to plain HTTP

Searx settings

Content of the Stubby configuration file

If set to false, this unit will be a symlink to /dev/null

If set to false, this unit will be a symlink to /dev/null

Specifies the policy to use for reconnecting to an unavailable LDAP server

Additional arguments passed to each module in addition to ones like lib, config, and pkgs, modulesPath

This option defines the first version of NixOS you have installed on this particular machine, and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions

Kernel package where device tree include directory is from

Specifies location of CouchDB database files (*.couch named)

If enabled, a Fontconfig configuration file will be built pointing to a set of default fonts

Default origin of alert

This tells the dispatcher how the plugin wants to be run

By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.

Override the configuration file used by logrotate

Neo4j SSL policy for HTTPS traffic

Systems with a recently generated hardware-configuration.nix may instead specify only nixpkgs.buildPlatform, or fall back to removing the nixpkgs.hostPlatform line from the generated config

Define a lower and upper time value (in HH:MM format) which constitute a time window during which reboots are allowed after an upgrade

Time to schedule IKE reauthentication

FastCGI parameters to override

Networking-related command-line options that should be passed to qemu

Group for paste.sr.ht

Group for lists.sr.ht

Group for pages.sr.ht

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

The port the server should listen on

Whether to enable HTTPS in addition to plain HTTP

Specifies the bind address on which the irker daemon listens

Port of the database to connect to.

Whether to enable HTTPS in addition to plain HTTP

By default pam-u2f module sets the application ID to pam://$HOSTNAME

Group under which headscale runs.

Complete netdata config directory except netdata.conf

If set, the MUC rooms will be public by default.

User account under which this instance of redis-server runs.

Update the locate database at this interval

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

Whether to enable HTTPS in addition to plain HTTP

Sets the number of worker threads to use

Specifies the platform on which NixOS should be built

Grants the user created inherit permissions

Free-form settings written to Draupnir's configuration file

List of public keys used to sign binary caches

Additional flags to pass to lego renew.

AWS default role

Whether to enable knot-resolver (version 6) domain name server

The number of instances to start

Email address to which to send feed items

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

Sets the bucket size for the server names hash tables

Configuration options for the Stalwart server

Number of backups to keep

Number of blank characters at the left margin for normal text, default of 5 for mdoc(7) and 7 for man(7)

Netfilter mark and mask for input traffic

Set the resolver to use for performing recursive DNS queries

Whether to set NIX_PATH to include nixpkgs=flake:nixpkgs such that <nixpkgs> lookups receive the version of nixpkgs that the system was built with, in concert with nixpkgs.flake.setFlakeRegistry

By default pam-u2f module does not inform user that he needs to use the u2f device, it just waits without a prompt

Turns on the OCSP Must-Staple TLS extension

Whether to enable hardware accelerated graphics drivers

The network to connect to

Whether to enable HTTPS in addition to plain HTTP

The directory where Duplicati stores its data files.

Run a Forgejo dump at this interval

DEPRECATED, use driverOptions

Number of daemons to serve user requests

Instance ID for when running multiple processes (default null).

Tell nylon which interface to listen for client requests on, default is "lo".

The database's port

By default, nixos will check that programs

Which X11 packages to exclude from the default environment

Number of backups to keep

If set, does not limit target to localhost, 127.0.0.1, [::1], or UNIX sockets

Name of standard way of trusted network specification to use, leave blank if you specify it explicitly or if you want to use default (localhost-only).

ACME Directory Resource URI

Interface and port to listen on to solve HTTP challenges in the form [INTERFACE]:PORT

Enable ReGreet, a clean and customizable greeter for greetd

The order of the sections in programs.rust-motd.settings

URL of the Unifi controller.

Whether to enable Shorewall IPv4 Firewall.

Group account under which this instance of redis-server runs.

Whether to enable thinkfan, a fan control program.

Let prometheus select which controller to poll when scraping

If set to false, this unit will be a symlink to /dev/null

List of forwarded ports from host to container

If set to false, this unit will be a symlink to /dev/null

If set to false, this unit will be a symlink to /dev/null

Group for builds.sr.ht

If enabled, systemd will always respawn dnsmasq even if shut down manually

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

Output plugin. @www@ is substituted for default mjpg-streamer www directory

The main.cf configuration file as key value set

Whether to enable the cups-pdf virtual pdf printer backend

Default location for the Mattermost control socket used by mmctl.

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

Path to sendmail program

The IPv4 address assigned to the interface in the container

Path to keystore (combined PEM with cert/key, or PKCS12 keystore)

Extra arguments to pass to ghostunnel server

Default sample format.

Default number of snapshots to keep for VMs that don't specify a keep value.

Default port blendfarm server listens on.

These lines go to httpd.conf verbatim

These lines go to httpd.conf verbatim

The IPv6 address assigned to the interface in the container

Set the priority of the system call filter setting

Configuration options for the Stalwart email server

Default ppp settings for wvdial.

Open firewall ports for cluster communication by default

Clear all default commands

If set, the MUC rooms will display the public JIDs by default.

Command-line flags passed to the update daemon

Access token validation endpoint

The default XMPP server domain

Whether the server registers as a public server in the global server list

The user to run openvscode-server as

Extra labels in addition to the default (unless disabled through the noDefaultLabels option)

The timer configuration for rebooting after an update

Enable CIS Hardening for RKE2

Unifi service user name.

Default location for kubernetes secrets

Whether to enable HTTPS in addition to plain HTTP

FastCGI parameters to override

The path to the nixpkgs sources used to build the system

Specifies location of HBase database files

How long certs generated by Stargazer should live for

Default working directory for server (server-working-dir in rserver.conf).

Restrict the allowed ciphers of this policy to those defined here

Default loglevel to use for documentserver and converter

Whenever smartd should monitor all devices connected to the machine at the time it's being started (the default)

Name of the runner group to add this runner to (defaults to the default runner group)

Whether to append a minimal default PATH environment variable to the service, containing common system utilities.

List of site names for which statistics should be exported

Whether to enable pay-respects' LLM integration

Listen on a UNIX socket at the specified path

Specifies what to do when the laptop lid is closed and the system is on external power

Default minimum difference between two consecutive block's timestamps in seconds.

The directory or NFS/SMB network share where MPD reads music from

Contents of the runtime configuration file, apcupsd.conf

If set to true, Nix automatically detects files in the store that have identical contents, and replaces them with hard links to a single copy

DNS Challenge provider

Where the webroot of the HTTP vhost is located. .well-known/acme-challenge/ directory will be created below the webroot if it doesn't exist. http://example.org/.well-known/acme-challenge/ must also be available (notice unencrypted HTTP).

These lines go to httpd.conf verbatim

The port of the database Invidious should use

The number of allowed simultaneous connections to the daemon, default 10.

Nextcloud's data storage path

Default room language.

The data directory for PostgreSQL

Whether to enable HTTPS in addition to plain HTTP

Whether to enable HTTPS in addition to plain HTTP

Newline separated list of names to be allowed/denied if userlistEnable is true

If enabled, virtual users will use the same privileges as local users

A list of host names and/or IP numbers used for accessing the host's ssh service

Protocol number of the encapsulated packets

Client-side web-app interface settings that override the defaults in interface_config.js

Whether to add Wireshark to the global environment and create a 'wireshark' group

Systemd calendar expression when to check for renewal

Whether to enable udev rules added by input-remapper to handle hotplugged devices

The systemd target that will automatically start the dsearch service

Whether to clear the configuration of the interfaces that were set up in the initrd right before stage 2 takes over

The group to run openvscode-server under

Default settings for lists (list-defaults.yml)

Default lifetime of a session (e.g. login) cookie

If set to false, this unit will be a symlink to /dev/null

By default, nixos will check that programs

A proposal is a set of algorithms

Grants the user, created by the ensureUser attr, login permissions

If the default of yes is used, Mode Config works in pull mode, where the initiator actively requests a virtual IP

An absolute path to an executable to be run for each process killed

MTU size for packets leaving the interface

Whether to enable HTTPS in addition to plain HTTP

Network name for the icecream scheduler

Enables support for IEEE 802.11n (WiFi 4, HT)

What networks are allowed to use us as a resolver

Enables a click method

Files to load suricata-update managed rules, relative to 'default-rule-path'.

Run syncoid at this interval

Declarative configuration of firewall rules

Whether to enable Shorewall IPv6 Firewall.

If set, the MUC rooms will only be accessible to the members by default.

Whether all rooms will be persistent by default: the value of the “persistent” option in the global configuration of each user will be “true”, but the value of each individual room will still default to false

Defines whatever to use an empty string as a default salt

The directory where config.txt and serversettings.json is saved

Open the default ports in the firewall for the media server

Attribute set of environment variables.

https://github.com/Glimesh/broadcast-box#environment-variables

By default we create the sabnzbd configuration read-only, which keeps the nixos configuration as the single source of truth

Neo4j SSL policy for BOLT traffic

The secret used to create cookies

Override default chart values via Nix expressions

This setting configures the default UI language, which must be a supported IETF language tag, such as en-US.

IKE major version to use for connection.

• 1 uses IKEv1 aka ISAKMP,
• 2 uses IKEv2.
• A connection using the default of 0 accepts both IKEv1 and IKEv2 as responder, and initiates the connection actively with IKEv2

Server CoAP listen address

The list of systemd services to call systemctl try-reload-or-restart on.

Whether to enable Howdy and its PAM module for face recognition

The string that will be used for the NH_FLAKE environment variable.

NH_FLAKE is used by nh as the default flake for performing actions, such as nh os switch

Limit how many jobs can be handled concurrently by this service. 0 (default) simply means don't limit.

Chromium default homepage

Whether to run searx in uWSGI as a "vassal", instead of using its built-in HTTP server

If true, a system-wide PipeWire service and socket is enabled allowing all users in the "pipewire" group to use it simultaneously

Whether to enable the Wacom touchscreen/digitizer/tablet

Override default chart values via Nix expressions

Default audio compression method.

Set SCT Error Recovery Control timeout in deciseconds for use in RAID configurations

This defines the system default encryption algorithm for encrypting passwords.

Path to serial port this printer is connected to

How often clamdscan is invoked

Location of the dir with main.css CSS file

The environment file to use when starting Memos.

Log level of the Proton Mail Bridge service

This option defines (see systemd.time for format) when the databases should be dumped

Database host address

Whether to append a minimal default PATH environment variable to the service, containing common system utilities.

Attribute set of lines for the global faxq config file etc/config

Upscale the default X cursor to be more visible on high-density displays

A program name specifying a Postfix service/daemon process

Which LXQt packages to exclude from the default environment

Whether to enable WireGuard.

Which MATE packages to exclude from the default environment

Which packages XFCE should exclude from the default environment

Specifies which users are considered “administrators”, for those actions that require the user to authenticate as an administrator (i.e. have an auth_admin value)

The driver hostapd will use. nl80211 is used with all Linux mac80211 drivers. none is used if building a standalone RADIUS server that does not control any wireless/wired driver

Whether to enable man-db as the default man page viewer.

Videobridge configuration

The server address is of the form: [hostname][:port]

Path to a file that contains the secret to sign web requests using JSON Web Tokens

If set to false, this unit will be a symlink to /dev/null

ZoneMinder can generate quite a lot of data, so in case you don't want to use the default /var/lib/zoneminder, you can override the path here.

The boot entry builder script should be called with exactly one of the following arguments in order to specify its verbosity:

• quiet supresses all messages.

• default adds a simple "Installing Xen Project Hypervisor boot entries...done." message to the script.

• info is the same as default, but it also prints a diff with information on which generations were altered.

  • This option adds two extra dependencies to the script: diffutils and bat.

• debug prints information messages for every single step of the script

Directory for storing certificates to be used by Neo4j for TLS connections

Full (!) list of domains we deliver locally

The amount of time which can elapse after a reboot has been triggered before a watchdog hardware device will automatically reboot the system

Shell code that will be run after all other hooks

Nix daemon process I/O scheduling class

List of binary cache URLs used to obtain pre-built binaries of Nix packages

Configuration for Collabora Online WebSocket Daemon, see https://sdk.collaboraonline.com/docs/installation/Configuration.html, or https://github.com/CollaboraOnline/online/blob/master/coolwsd.xml.in for the default configuration.

The UDP port to open in the firewall

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

Configure the governor used to regulate the frequency of the available CPUs

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

By default pam-u2f module sets the origin to pam://$HOSTNAME

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

Whether to enable nginx virtual host that will serve the javascript application and act as a proxy for the XMPP server

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

Whether to add a separate nginx server block that permanently redirects (301) all plain HTTP traffic to HTTPS

The host name or IP address on which to bind Subsonic

Configuration for Nomad

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

[LEVEL LOW HIGH]

LEVEL is the fan level to use: it can be an integer (0-7 with thinkpad_acpi), "level auto" (to keep the default firmware behavior), "level full-speed" or "level disengaged" (to run the fan as fast as possible)

Do minification on public static files which reduces the size of assets — saving data for the server & users as well as offering a performance improvement

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

Path of a file containing the password for the unifi service user

The group to run Silverbullet under

Whether to add a separate nginx server block that permanently redirects (301) all plain HTTP traffic to HTTPS

The EFI boot entry builder script should be called with exactly one of the following arguments in order to specify its verbosity:

• quiet supresses all messages.

• default adds a simple "Installing Xen Project Hypervisor boot entries...done." message to the script.

• info is the same as default, but it also prints a diff with information on which generations were altered.

  • This option adds two extra dependencies to the script: diffutils and bat.

• debug prints information messages for every single step of the script

A set describing default parameters for babeld interfaces

Ensures the named printer is the default CUPS printer / printer queue.

The machine which hosts your database

IP Addresses to bind to

The path to the pommed.conf file

Path to an INI format configuration file to provide Buffyboard

When the skipback bit is set, backup cursor movement during releases from drags will be suppressed

If specified only the list of VMs will be snapshotted else all existing one

The initial schema of the database; if null (the default), an empty database is created.

The meilisearch package to use

Number of history message sent to participants by default.

Allows you to assign a custom name to the tracker script different from the default script.js.

Disables adding the default labels

These lines go to httpd.conf verbatim

Attribute set of lines for the global hfaxd config file etc/hfaxd.conf

The maximum number of processes to spawn for this service

Default sender for mail.

Which packages gnome should exclude from the default environment

By default enable localnet for loopback address ranges.

UDP packet size to use in Bytes

If set, the rooms will display the public JIDs by default.

Path to the i3 configuration file

Fixed reqid to use for this CHILD_SA

Whether to add a separate nginx server block that permanently redirects (301) all plain HTTP traffic to HTTPS

Names of backends which are enabled by default but should be disabled

These lines go to httpd.conf verbatim

GRUB entry name instead of default.

Folder to store Silverbullet's space/workspace

Engine statistics such as packet counters, memory use counters and others can be logged in several ways

If set, the MUC rooms will be moderated by default.

Tracing configuration

The user to run Silverbullet as

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

Whether the service's sockets and storage directory is restricted to be only available via the mail system

The directory where MPD stores playlists

Paths to keyboard devices

Name is used as a suffix for the service name, user, and group

Default zone for connections.

• menu shows the menu.
• countdown uses a text-mode countdown.
• hidden hides GRUB entirely

The Noto fonts - used for UI by default package to use.

Where to store runtime data (save files, persistent items, etc)

Whether to enable HTTPS in addition to plain HTTP

Enable this server by default

The Lounge's config.js contents as attribute set (will be converted to JSON to generate the configuration file)

Enable the XFWM (default) window manager.

Whether to consider the network online when any interface is online, as opposed to all of them

Enables MOBIKE on IKEv2 connections

Whether to configure a local Redis server for Dawarich

Enable the autohinter in place of the default interpreter

The SSL / TLS CA certificate that verifies the identity of the database server

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

Whether to enable Dashy, a highly customizable, easy to use, privacy-respecting dashboard app

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

Mute videos by default.

Enables InfluxDB on the host system using the services.influxdb2 NixOS module with default options

By default, the Drone RPC server will listen on all interfaces and local IPv4 addresses for incoming connections from clients

Defines the mapping from system users to database users

Send certificate payloads when using certificate authentication.

• With the default of ifasked the daemon sends certificate payloads only if certificate requests have been received.
• never disables sending of certificate payloads altogether,
• always causes certificate payloads to be sent unconditionally whenever certificate authentication is used

List of default packages to exclude from the configuration

Path to mercurial repositories on disk

Relay address (the local IP address that will be used to relay the packets to the peer)

Options for PHP's php.ini file for librenms

A list of components and their hosts that are part of this cluster

Which packages Budgie should exclude from the default environment.

By default, when SSH forwarding, enabling Duo Security will disable TCP forwarding

If "never" (the default) always do incremental backups (the first backup will be a full backup, of course)

Whether to set up a loopback device that continuously records and allows to play back audio from the computer

Enable billing Cron-Jobs on the local instance

Whether to enable mandoc as the default man page viewer.

Default banning action (e.g. iptables, iptables-new, iptables-multiport, iptables-ipset-proto6-allports, shorewall, etc)

Initial password file for the pgAdmin account

Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for the remote IP address maps back to the very same IP address

Tracing configuration

Directory used as cache

Allow the service to create and use its own config file inside the dataDir as configured by services.mediatomb.dataDir

Tracing configuration

Default currency for events in its ISO 4217 three-letter code.

The screen resolutions for the X server

Initialize HA cluster using an embedded etcd datastore

Whether to enable ZoneMinder

Path to git repositories on disk

The systemd TimeoutStopSec to use

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

Backup all databases using pg_dumpall

When enabled, the stargazer process will be given CAP_SETGID and CAP_SETUID so that it can run cgi processes as a different user

Override the default runtime

Whether to enable the DontZap option, which binds Ctrl+Alt+Backspace to forcefully kill X

Whether to enable HTTPS in addition to plain HTTP

Server definitions ("stanzas") for the client system-options file

When to create snapshots (systemd calendar format)

File containing PYLOAD_DEFAULT_USERNAME and PYLOAD_DEFAULT_PASSWORD in the format of an EnvironmentFile=, as described by systemd.exec(5)

A list of host names and/or IP numbers used for accessing the host's ssh service

Path of the Neo4j home directory

Default log level from 0 to 4 (debug, info, important, warning, error).

The hosts.hfaxd file entry in the spooling area will be symlinked to the location given here

Path to the mlvwm configuration file

List of forwarded ports from host to container

Override the default pause image for pod sandboxes

Plugin settings for dovecot in general, e.g. sieve, sieve_default, etc

MAC address of the interface

Settings serialized into user-data/conf.yml before build

Set environment path of systemd to include the current system's bin directory

If set, the service will register a new session with systemd's login manager

Default pull-policy for Docker images

The data directory for PostgreSQL

Allows you to send metrics to a location different than the default /api/send.

Whether to enable HTTPS in addition to plain HTTP

Flags to pass to the zfs-auto-snapshot command

The IPv4 address assigned to the interface in the container

Remote UDP port for IKE communication

List of default packages to exclude from the configuration

List of default packages to exclude from the configuration

Frontend configuration

Only consider archive names starting with this prefix for pruning

User account under which healthchecks runs.

Enables a click method

Object store configuration

IP addresses or hostnames of all nodes in the cluster, including this node

Same as hooks, but these hooks are specified as literal strings instead of Nix values, and hence can include template syntax which might not be representable as JSON

Enable API access for this frontend

The IPv6 address assigned to the interface in the container

Set the sector size for the plain encrypted device type

List of packages containing systemd-tmpfiles rules

Path to the sendmail binary

The public facing domain name used to access grafana from a browser

If a user fails to authenticate with a second factor, Duo Unix will prompt the user to authenticate again

Enable automatic config reload on config change

Munin plugins to disable, even if munin-node-configure --suggest tries to enable them

Whether to add a separate nginx server block that permanently redirects (301) all plain HTTP traffic to HTTPS

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

Optional fixed priority for IPsec policies

Default sample format.

Allows AdGuard Home to open raw sockets (CAP_NET_RAW), which is required for the integrated DHCP server

The id of the bootloader to store in efi nvram

fangfrisch configuration

The resolution of the console

If false (the default), this is up to the user to declare the firewall rules

A program name specifying a Postfix service/daemon process

Charon by default uses the normal retransmission mechanism and timeouts to check the liveness of a peer, as all messages are used for liveness checking

If enabled, pam_wallet will attempt to automatically unlock the user's default KDE wallet upon login

Group account under which healthchecks runs.

Adds entries to the label table, as described in section 2.1 of RFC 3484

By default, borg cannot write anywhere on the system but $HOME/.config/borg and $HOME/.cache/borg

Settings serialized into config.yml before build

Whether to add a separate nginx server block that permanently redirects (301) all plain HTTP traffic to HTTPS

List of nameservers to use

Set the class A subnet number to use for the internal remote DNS mapping, uses the reserved 224.x.x.x range by default.

How often is offlineimap started

Collect and save data from the intrusion detection system to influxdb and Loki.

Path of the data directory

Ports to map by default.

Object store configuration

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS

Attribute set of values for the given modem

Whether to enable HTTPS in addition to plain HTTP

Configuration for all Datadog checks

The directory used to store all data for healthchecks.

Additional bot rules appended to the policy

Default idle timeout used by Jetty.

The hostname under which the Ollama UI interface should be accessible

Location of the HTML templates

Whether to request X11 forwarding on outgoing connections by default

The type of interface to create

The upstream provider to use or custom in case you do not trust any of the predefined providers or just want to use your own

Additional packages to add to the default graphics driver lookup path

Whether to disable Prosody features not needed by Jitsi Meet

Tracing configuration

How long waiting for offlineimap before killing it

The maximum number of processes to spawn for this service

Tracing configuration

Tracing configuration

Group under which to run the service

NixOS version name to be used in the names of generated outputs and boot labels

Enable/disable the embedded DNS proxy server

Override the default pause command

Number of retransmission sequences to perform during initial connect

IKE rekeying refreshes key material using a Diffie-Hellman exchange, but does not re-check associated credentials

These lines go to httpd.conf verbatim

Whether to enable uwsm, which wraps standalone Wayland compositors with a set of Systemd units on the fly

A default volume attenuation (in dB) for the endpoint.

The config file

If enabled, pam_gnome_keyring will attempt to automatically unlock the user's default Gnome keyring upon login

Create a systemd system service tsm-backup.service that starts a backup based on the given servername's stanza

Hash, with md5, client names and MAC addresses

If enabled srun will accept the option "--x11" to allow for X11 forwarding from within an interactive session or a batch job

Name of the pool(s) to collect, repeat for multiple pools (default: all pools).

The package that provides a default icon theme.

SRS tag separator used in generated sender addresses

AH proposals to offer for the CHILD_SA

Definitions of SIIT instances of Jool

The team ID associated with the reported computation results

Which packages pantheon should exclude from the default environment

The permission for settings.dir

When disabled, unprivileged users will not be able to create new namespaces

Which packages cinnamon should exclude from the default environment

Create the database and database user locally, and run installation

Pick CSV config files matching initial scan ("none" or empty for no initial scan message, "full" for full scan, or a single hex address to scan, default is to send a broadcast ident message)

Extra configuration for the caddy virtual host of Misskey

These lines go to httpd.conf verbatim

The ollama package to use

Extra configuration for the nginx virtual host of Misskey

Whether to enable HTTPS in addition to plain HTTP

Whether to enable HTTPS in addition to plain HTTP

Enable localtimed, a simple daemon for keeping the system timezone up-to-date based on the current location

Whether the service's sockets and storage directory is restricted to be only available via the mail system

Directory used to store media files

This is the config file for override lxc-net bridge default settings.

Enables lxd to use zfs as a storage for containers

Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones for the configured link-layer packet type.

Whether to pin nixpkgs in the system-wide flake registry (/etc/nix/registry.json) to the store path of the sources of nixpkgs used to build the NixOS system

IP address on which RabbitMQ will listen for AMQP connections

When not set to null this option defines the path at which the unbound remote control socket should be created at

Configure the default calendar

Collect and save data from deep packet inspection

Path to the Xen multiboot binary used for BIOS booting

Type of token to use for runner registration

Default kubeconfig certificate authority file used to connect to kube-apiserver.

List of default nx agent options.

Default port blendfarm server advertises itself on.

User as which this instance of fcgiwrap will be run

If not specified, the MTU is automatically determined from the endpoint addresses or the system default route, which is usually a sane choice

How many processor threads to use for processing sidekiq background job queues

Default Alerta environment

Address or CIDR subnets

StrongSwan default: []

Whether to allow invalid certificates when provisioning the target instance

QEMU device model for the TPM, uses the appropriate default based on th guest platform system and the package passed.

Default kubeconfig client key file used to connect to kube-apiserver.

Timeout before closing CHILD_SA after inactivity

Path to a file containing the default admin password

Disable client authentication, no client certificate will be required.

SMTP configuration

PKCE method to use:

• plain: Use plain code verifier
• S256: Use SHA256 hashed code verifier (default, recommended)

Alternative listening port for UDP and TCP listeners; default (or zero) value means "listening port plus one"

Definitions of NAT64 instances of Jool

If set, Nix will perform builds in a sandboxed environment that it will set up automatically for each build

Whether to enable IPv6 Privacy Extensions for interfaces not configured explicitly in networking.interfaces._name_.tempAddress

Base directory used for logging.

Address or CIDR subnets

StrongSwan default: []

Address or CIDR subnets

StrongSwan default: []

Enables the use of the ~/.ssh/authorized_keys file

Default kubeconfig client certificate file used to connect to kube-apiserver.

These lines go to httpd.conf verbatim

Default kubeconfig kube-apiserver server address.

AddressBook subscription URL for initial setup

Path to a custom home page

The configuration of each Fail2ban “jail”

The job name assigned to scraped metrics by default.

Object store configuration

Object store configuration

Object store configuration

By default, pam_mysql keeps the connection to the MySQL database until the session is closed

Configuration for ZNC, see https://wiki.znc.in/Configuration for details

Authentication to perform locally.

• The default pubkey uses public key authentication using a private key associated to a usable certificate.
• psk uses pre-shared key authentication.
• The IKEv1 specific xauth is used for XAuth or Hybrid authentication,
• while the IKEv2 specific eap keyword defines EAP authentication.
• For xauth, a specific backend name may be appended, separated by a dash