| services.k3s.disable | Disable default components, see the K3s documentation.
|
| services.rke2.disable | Disable default components, see the RKE2 documentation.
|
| services.cfssl.disable | Endpoints to disable (comma-separated list)
|
| hardware.nvidiaOptimus.disable | Completely disable the NVIDIA graphics card and use the
integrated graphics processor instead.
|
| services.physlock.disableSysRq | Whether to disable SysRq when locked with physlock.
|
| services.unpoller.influxdb.disable | Whether to disable the influxdb output plugin.
|
| hardware.nvidia-container-toolkit.disable-hooks | List of hooks to disable when generating the CDI specification
|
| services.k3s.disableAgent | Only run the server
|
| services.gotenberg.downloadFrom.disable | Whether to disable the ability to download files for conversion from outside sources.
|
| services.unpoller.prometheus.disable | Whether to disable the prometheus output plugin.
|
| services.code-server.disableTelemetry | Disable telemetry.
|
| hardware.fw-fanctrl.disableBatteryTempCheck | Disable checking battery temperature sensor
|
| services.code-server.disableUpdateCheck | Disable update check
|
| services.code-server.disableFileDownloads | Disable file downloads from Code.
|
| services.nebula.networks.<name>.tun.disable | When tun is disabled, a lighthouse can be started without a local tun interface (and therefore without root).
|
| services.libinput.mouse.disableWhileTyping | Disable input method while typing.
|
| services.misskey.settings.db.disableCache | Whether to disable caching queries.
|
| services.code-server.disableWorkspaceTrust | Disable Workspace Trust feature.
|
| services.tailscale.disableTaildrop | Whether to disable the Taildrop feature for sending files between nodes.
|
| services.gotenberg.pdfEngines.disableRoutes | Disable routes related to PDF engines.
|
| security.pam.services.<name>.ttyAudit.disablePattern | For each user matching one of comma-separated
glob patterns, disable TTY auditing
|
| services.libinput.touchpad.disableWhileTyping | Disable input method while typing.
|
| services.libreswan.disableRedirects | Whether to disable send and accept redirects for all network interfaces
|
| services.gotenberg.chromium.disableRoutes | Disable all routes allowing Chromium-based conversion.
|
| services.spiped.config.<name>.disableKeepalives | Disable transport layer keep-alives.
|
| services.munin-node.disabledPlugins | Munin plugins to disable, even if
munin-node-configure --suggest tries to enable
them
|
| services.tailscale.disableUpstreamLogging | Whether to disable Tailscaled from sending debug logging upstream.
|
| services.komodo-periphery.disableTerminals | Disable remote shell access through Periphery.
|
| services.veilid.settings.core.capabilities.disable | A list of capabilities to disable (for example, DHTV to say you cannot store DHT information).
|
| services.code-server.disableGettingStartedOverride | Disable the coder/coder override in the Help: Getting Started page.
|
| services.komodo-periphery.disableContainerExec | Disable remote container shell access through Periphery.
|
| services.dae.disableTxChecksumIpGeneric | See https://github.com/daeuniverse/dae/issues/43
|
| services.libretranslate.disableWebUI | Whether to disable the Web UI.
|
| users.users.<name>.linger | Whether to enable or disable lingering for this user
|
| services.spiped.config.<name>.disableReresolution | Disable target address re-resolution.
|
| services.gotenberg.chromium.disableJavascript | Disable Javascript execution.
|
| services.gotenberg.libreoffice.disableRoutes | Disable all routes allowing LibreOffice-based conversion.
|
| users.extraUsers.<name>.linger | Whether to enable or disable lingering for this user
|
| services.microsocks.disableLogging | If true, microsocks will not log any messages to stdout/stderr.
|
| services.morty.key | HMAC url validation key (hexadecimal encoded)
|
| services.thanos.compact.downsampling.disable | Disables downsampling
|
| services.slskd.settings.web.https.disabled | Disable the built-in HTTPS server
|
| hardware.bluetooth.disabledPlugins | Built-in plugins to disable
|
| services.kubernetes.apiserver.disableAdmissionPlugins | Kubernetes admission control plugins to disable
|
| fileSystems.<name>.noCheck | Disable running fsck on this filesystem.
|
| services.nezha-agent.settings.disable_nat | Disable NAT penetration.
|
| services.davis.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.slskd.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.movim.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| i18n.glibcLocales | Customized pkg.glibcLocales package
|
| services.tt-rss.plugins | List of plugins to load automatically for all users
|
| services.snipe-it.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.ghostunnel.servers.<name>.disableAuthentication | Disable client authentication, no client certificate will be required.
|
| services.akkoma.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.fluidd.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.gancio.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.monica.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.matomo.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| boot.tmp.useZram | Whether to mount a zram device on /tmp during boot.
Large Nix builds can fail if the mounted zram device is not large enough
|
| boot.tmp.useTmpfs | Whether to mount a tmpfs on /tmp during boot.
Large Nix builds can fail if the mounted tmpfs is not large enough
|
| services.prometheus.exporters.chrony.disabledCollectors | Collectors to disable which are enabled by default
|
| services.coturn.no-tcp | Disable TCP client listener
|
| services.coturn.no-tls | Disable TLS client listener
|
| services.coturn.no-udp | Disable UDP client listener
|
| services.plausible.server.disableRegistration | Whether to prohibit creating an account in plausible's UI or allow on invite_only.
|
| services.lighthouse.beacon.disableDepositContractSync | Explicitly disables syncing of deposit logs from the execution node
|
| services.gollum.no-edit | Disable editing pages
|
| users.users.<name>.enable | If set to false, the user account will not be created
|
| services.coturn.no-dtls | Disable DTLS client listener
|
| services.dolibarr.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.fediwall.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.agorakit.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.librenms.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.kanboard.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.pixelfed.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.mainsail.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.netbird.server.management.disableSingleAccountMode | If set to true, disables single account mode
|
| services.radicle.httpd.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.k3s.autoDeployCharts.<name>.enable | Whether to enable the installation of this Helm chart
|
| services.rke2.autoDeployCharts.<name>.enable | Whether to enable the installation of this Helm chart
|
| services.anuko-time-tracker.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.nginx.virtualHosts.<name>.http2 | Whether to enable the HTTP/2 protocol
|
| services.netbird.server.management.disableAnonymousMetrics | Disables push of anonymous usage metrics to NetBird.
|
| services.suricata.disabledRules | List of rules that should be disabled.
|
| services.bookstack.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.davis.nginx | Use this option to customize an nginx virtual host
|
| services.coturn.no-tcp-relay | Disable TCP relay endpoints
|
| services.coturn.no-udp-relay | Disable UDP relay endpoints
|
| boot.supportedFilesystems | Names of supported filesystem types, or an attribute set of file system types
and their state
|
| services.jirafeau.nginxConfig.http2 | Whether to enable the HTTP/2 protocol
|
| users.extraUsers.<name>.enable | If set to false, the user account will not be created
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.disableAuthentication | Disable client authentication, no client certificate will be required.
|
| services.zabbixWeb.nginx.virtualHost.http2 | Whether to enable the HTTP/2 protocol
|
| services.minio.browser | Enable or disable access to web UI.
|
| services.bitcoind.<name>.prune | Reduce storage requirements by enabling pruning (deleting) of old
blocks
|
| services.prometheus.exporters.frr.disabledCollectors | Collectors to disable which are enabled by default.
|
| services.cloudflared.tunnels.<name>.originRequest.disableChunkedEncoding | Disables chunked transfer encoding
|
| services.prometheus.exporters.node.disabledCollectors | Collectors to disable which are enabled by default.
|
| services.murmur.logDays | How long to store RPC logs for in the database
|
| services.prometheus.exporters.opnsense.disabledExporter | Collectors to enable or disable
|
| services.fedimintd.<name>.nginx.config.http2 | Whether to enable the HTTP/2 protocol
|
| boot.initrd.supportedFilesystems | Names of supported filesystem types, or an attribute set of file system types
and their state
|
| services.immich.redis.port | The port that redis will listen on
|
| services.syslogd.tty | The tty device on which syslogd will print important log
messages
|
| services.rke2.role | Whether rke2 should run as a server or agent
|
| services.domoticz.port | Port to bind to for HTTP, set to 0 to disable HTTP.
|
| services.tor.enableGeoIP | Whether to enable use of GeoIP databases
|
| services.icingaweb2.modules.monitoring.backends.<name>.disabled | Disable this backend
|
| services.chhoto-url.settings.disable_frontend | Whether to disable the frontend.
|
| services.chrony.enable | Whether to synchronise your machine's time using chrony
|
| services.ferm.enable | Whether to enable Ferm Firewall.
Warning: Enabling this service WILL disable the existing NixOS
firewall! Default firewall rules provided by packages are not
considered at the moment.
|
| hardware.sane.disabledDefaultBackends | Names of backends which are enabled by default but should be disabled
|
| services.airsonic.port | The port on which Airsonic will listen for
incoming HTTP traffic
|
| services.subsonic.port | The port on which Subsonic will listen for
incoming HTTP traffic
|
| services.cryptpad.settings.blockDailyCheck | Disable telemetry
|
| services.journald.audit | If enabled systemd-journald will turn on auditing on start-up
|
| powerManagement.powertop.postStart | Shell commands executed after powertop is started
|
| system.autoUpgrade.upgrade | Disable adding the --upgrade parameter when channel
is not set, such as when upgrading to the latest version
of a flake honouring its lockfile.
|
| services.limesurvey.nginx.virtualHost.http2 | Whether to enable the HTTP/2 protocol
|
| programs.zsh.ohMyZsh.preLoaded | Shell commands executed before the oh-my-zsh is loaded
|
| services.galene.turnAddress | Built-in TURN server listen address and port
|
| services.tor.client.enable | Whether to enable the routing of application connections
|
| users.users.<name>.expires | Set the date on which the user's account will no longer be
accessible
|
| services.k3s.manifests | Auto-deploying manifests that are linked to /var/lib/rancher/k3s/server/manifests before k3s starts
|
| services.rke2.manifests | Auto-deploying manifests that are linked to /var/lib/rancher/rke2/server/manifests before rke2 starts
|
| services.prometheus.exporters.mail.configuration.disableFileDeletion | Disables the exporter's function to delete probing mails.
|
| services.dspam.domainSocket | Path to local domain socket which is used for communication with the daemon
|
| security.shadow.enable | Enable the shadow authentication suite, which provides critical programs such as su, login, passwd
|
| users.allowNoPasswordLogin | Disable checking that at least the root user or a user in the wheel group can log in using
a password or an SSH key
|
| services.jibri.xmppEnvironments.<name>.disableCertificateVerification | Whether to skip validation of the server's certificate.
|
| services.bird.checkConfig | Whether the config should be checked at build time
|
| services.subsonic.httpsPort | The port on which Subsonic will listen for
incoming HTTPS traffic
|
| services.trilium-server.noBackup | Disable periodic database backups.
|
| virtualisation.vmware.host.enable | This enables VMware host virtualisation for running VMs.
vmware-vmx will cause kcompactd0 due to
Transparent Hugepages feature in kernel
|
| services.movim.h2o.tls.policy | add will additionally listen for TLS connections. only will
disable TLS connections. force will redirect non-TLS traffic
to the TLS connection.
|
| services.thanos.rule.grpc-server-tls-key | TLS Key for the gRPC server, leave blank to disable TLS
|
| services.jitsi-videobridge.xmppConfigs.<name>.disableCertificateVerification | Whether to skip validation of the server's certificate.
|
| services.misskey.reverseProxy.webserver.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.knot.keyFiles | A list of files containing additional configuration
to be included using the include directive
|
| services.grafana.settings.security.disable_gravatar | Set to true to disable the use of Gravatar for user profile images.
|
| services.bosun.opentsdbHost | Host and port of the OpenTSDB database that stores bosun data
|
| services.lifecycled.noSpot | Disable the spot termination listener.
|
| services.thanos.rule.grpc-server-tls-cert | TLS Certificate for gRPC server, leave blank to disable TLS
|
| users.extraUsers.<name>.expires | Set the date on which the user's account will no longer be
accessible
|
| xdg.icons.fallbackCursorThemes | Names of the fallback cursor themes, in order of preference, to be used when no other icon source can be found
|
| services.nezha-agent.settings.disable_send_query | Disable sending TCP/ICMP/HTTP requests.
|
| services.avahi.cacheEntriesMax | Number of resource records to be cached per interface
|
| services.thanos.store.grpc-server-tls-key | TLS Key for the gRPC server, leave blank to disable TLS
|
| services.thanos.query.grpc-server-tls-key | TLS Key for the gRPC server, leave blank to disable TLS
|
| services.zapret.httpSupport | Whether to route http traffic on port 80
|
| services.h2o.hosts.<name>.tls.policy | add will additionally listen for TLS connections. only will
disable TLS connections. force will redirect non-TLS traffic
to the TLS connection.
|
| services.stargazer.genCerts | Set to false to disable automatic certificate generation
|
| networking.dhcpcd.enable | Whether to enable dhcpcd for device configuration
|
| services.dawarich.redis.port | The port of the redis server Dawarich will connect to
|
| services.thanos.query.grpc-server-tls-cert | TLS Certificate for gRPC server, leave blank to disable TLS
|
| services.thanos.store.grpc-server-tls-cert | TLS Certificate for gRPC server, leave blank to disable TLS
|
| services.documize.db | Database specific connection string for example:
- MySQL/Percona/MariaDB:
user:password@tcp(host:3306)/documize
- MySQLv8+:
user:password@tcp(host:3306)/documize?allowNativePasswords=true
- PostgreSQL:
host=localhost port=5432 dbname=documize user=admin password=secret sslmode=disable
- MSSQL:
sqlserver://username:password@localhost:1433?database=Documize or
sqlserver://sa@localhost/SQLExpress?database=Documize
|
| services.oauth2-proxy.cookie.refresh | Refresh the cookie after this duration; 0 to disable.
|
| services.nats.validateConfig | If true, validate nats config at build time
|
| services.movim.podConfig.chatonly | Disable all the social feature (Communities, Blog…) and keep only the chat ones
|
| systemd.network.wait-online.timeout | Time to wait for the network to come online, in seconds
|
| services.wiki-js.settings.offline | Disable latest file updates and enable
sideloading.
|
| networking.dhcpcd.IPv6rs | Force enable or disable solicitation and receipt of IPv6 Router Advertisements
|
| services.nebula.networks.<name>.enable | Enable or disable this network.
|
| security.lockKernelModules | Disable kernel module loading once the system is fully initialised
|
| boot.zfs.forceImportRoot | Forcibly import the ZFS root pool(s) during early boot
|
| services.sftpgo.settings.smtp.host | Location of SMTP email server
|
| services.sslh.settings.numeric | Whether to disable reverse DNS lookups, thus keeping IP
address literals in the log.
|
| services.thanos.receive.grpc-server-tls-key | TLS Key for the gRPC server, leave blank to disable TLS
|
| services.thanos.sidecar.grpc-server-tls-key | TLS Key for the gRPC server, leave blank to disable TLS
|
| services.envoy.requireValidConfig | Whether a failure during config validation at build time is fatal
|
| services.locate.interval | Update the locate database at this interval
|
| services.acme-dns.settings.api.disable_registration | Whether to disable the HTTP registration endpoint.
|
| hardware.trackpoint.ext_dev | Disable or enable external pointing device.
|
| security.pam.services.<name>.ttyAudit.enable | Enable or disable TTY auditing for specified users
|
| services.thanos.sidecar.grpc-server-tls-cert | TLS Certificate for gRPC server, leave blank to disable TLS
|
| services.thanos.receive.grpc-server-tls-cert | TLS Certificate for gRPC server, leave blank to disable TLS
|
| services.dolibarr.h2o.tls.policy | add will additionally listen for TLS connections. only will
disable TLS connections. force will redirect non-TLS traffic
to the TLS connection.
|
| services.pihole-ftl.privacyLevel | Level of detail in generated statistics. 0 enables full statistics, 3
shows only anonymous statistics
|
| services.shorewall.enable | Whether to enable Shorewall IPv4 Firewall.
Enabling this service WILL disable the existing NixOS
firewall! Default firewall rules provided by packages are not
considered at the moment.
|
| services.miniflux.config.WATCHDOG | Enable or disable Systemd watchdog.
|
| services.tt-rss.enableGZipOutput | Selectively gzip output to improve wire performance
|
| services.earlyoom.reportInterval | Interval (in seconds) at which a memory report is printed (set to 0 to disable).
|
| services.discourse.nginx.enable | Whether an nginx virtual host should be
set up to serve Discourse
|
| security.tpm2.fapi.ekCertLess | A switch to disable Endorsement Key (EK) certificate verification
|
| services.physlock.muteKernelMessages | Disable kernel messages on console while physlock is running.
|
| services.omnom.settings.app.disable_signup | Whether to enable restricting user creation.
|
| services.gitea.settings.server.DISABLE_SSH | Disable external SSH feature.
|
| fonts.fontconfig.antialias | Enable font antialiasing
|
| services.physlock.enable | Whether to enable the physlock screen locking mechanism
|
| services.ntopng.redis.createInstance | Local Redis instance name
|
| services.nextcloud.extraApps | Extra apps to install
|
| services.shorewall6.enable | Whether to enable Shorewall IPv6 Firewall.
Enabling this service WILL disable the existing NixOS
firewall! Default firewall rules provided by packages are not
considered at the moment.
|
| boot.binfmt.addEmulatedSystemsToNixSandbox | Whether to add the boot.binfmt.emulatedSystems to nix.settings.extra-platforms
|
| programs.gnupg.agent.enableSSHSupport | Enable SSH agent support in GnuPG agent
|
| services.thanos.query-frontend.grpc-server-tls-key | TLS Key for the gRPC server, leave blank to disable TLS
|
| hardware.sata.timeout.deciSeconds | Set SCT Error Recovery Control timeout in deciseconds for use in RAID configurations
|
| boot.initrd.systemd.network.wait-online.timeout | Time to wait for the network to come online, in seconds
|
| services.stargazer.requestTimeout | Number of seconds to wait for the client to send a complete
request
|
| services.thanos.query-frontend.grpc-server-tls-cert | TLS Certificate for gRPC server, leave blank to disable TLS
|
| services.hardware.dell-bios-fan-control.enable | Whether to enable One-shot service to disable dell bios fan control on startup.
|
| services.borgbackup.jobs.<name>.wrapper | Name of the wrapper that is installed into PATH
|
| services.jitsi-meet.nginx.enable | Whether to enable nginx virtual host that will serve the javascript application and act as
a proxy for the XMPP server
|
| services.collectd.validateConfig | Validate the syntax of collectd configuration file at build time
|
| services.kapacitor.loadDirectory | Directory where to load services from, such as tasks, templates and handlers (or null to disable service loading on startup)
|
| services.immich.database.enableVectors | Whether to enable pgvecto.rs in the database
|
| services.geoclue2.enableStatic | Whether to enable the static source
|
| services.vsftpd.anonymousUserNoPassword | Whether to disable the password for the anonymous FTP user.
|
| services.opensearch.settings."plugins.security.disabled" | Whether to enable the security plugin,
plugins.security.ssl.transport.keystore_filepath or
plugins.security.ssl.transport.server.pemcert_filepath and
plugins.security.ssl.transport.client.pemcert_filepath
must be set for this plugin to be enabled.
|
| services.grafana.settings.database.wal | For sqlite3 only
|
| services.pomerium.useACMEHost | If set, use a NixOS-generated ACME certificate with the specified name
|
| services.invidious.nginx.enable | Whether to configure nginx as a reverse proxy for Invidious
|
| services.librespeed.downloadIPDB | Whether to download the IP info database before starting librespeed
|
| services.forgejo.settings.server.DISABLE_SSH | Disable external SSH feature.
|
| services.nghttpx.frontends.*.params.tls | Enable or disable TLS
|
| services.scrutiny.influxdb.enable | Enables InfluxDB on the host system using the services.influxdb2 NixOS module
with default options
|
| services.zapret.configureFirewall | Whether to setup firewall routing so that system http(s) traffic is forwarded via this service
|
| services.xserver.windowManager.awesome.noArgb | Disable client transparency support, which can be greatly detrimental to performance in some setups
|
| services.vsftpd.portPromiscuous | Set to YES if you want to disable the PORT security check that ensures that
outgoing data connections can only connect to the client
|
| services.watchdogd.settings.safe-exit | With safeExit enabled, the daemon will ask the driver to disable the WDT before exiting
|
| fonts.fontconfig.hinting.enable | Enable font hinting
|
| security.duosec.allowTcpForwarding | By default, when SSH forwarding, enabling Duo Security will
disable TCP forwarding
|
| services.librenms.enableLocalBilling | Enable billing Cron-Jobs on the local instance
|
| services.strongswan.managePlugins | If set to true, this option will disable automatic plugin loading and
then tell strongSwan to enable the plugins specified in the
enabledPlugins option.
|
| services.nezha-agent.settings.disable_command_execute | Disable executing the command from dashboard.
|
| services.stargazer.responseTimeout | Number of seconds to wait for the client to send a complete
request and for stargazer to finish sending the response
|
| services.dendrite.settings.client_api.registration_disabled | Whether to disable user registration to the server
without the shared secret.
|
| services.cassandra.fullRepairInterval | Set the interval how often full repairs are run, i.e.
nodetool repair --full is executed
|
| services.lighttpd.enableUpstreamMimeTypes | Whether to include the list of mime types bundled with lighttpd
(upstream)
|
| services.clamsmtp.instances.*.keepAlives | Number of seconds to wait between each NOOP sent to the sending
server. 0 to disable
|
| services.gitlab-runner.services.<name>.dockerDisableCache | Disable all container caching.
|
| programs.ssh.forwardX11 | Whether to request X11 forwarding on outgoing connections by default
|
| services.jitsi-meet.prosody.lockdown | Whether to disable Prosody features not needed by Jitsi Meet
|
| services.lldap.silenceForceUserPassResetWarning | Disable warning when the admin password is set declaratively with the ldap_user_pass_file setting
but the force_ldap_user_pass_reset is set to false
|
| services.wg-access-server.settings.dns.enabled | Enable/disable the embedded DNS proxy server
|
| networking.dhcpcd.denyInterfaces | Disable the DHCP client for any interface whose name matches
any of the shell glob patterns in this list
|
| services.nitter.preferences.replaceYouTube | Replace YouTube links with links to this instance (blank to disable).
|
| services.cron.systemCronJobs | A list of Cron jobs to be appended to the system-wide
crontab
|
| services.ollama.package | The ollama package to use
|
| services.cloudflare-ddns.provider.ipv4 | IP detection provider for IPv4
|
| services.cloudflare-ddns.provider.ipv6 | IP detection provider for IPv6
|
| services.dnscrypt-proxy.upstreamDefaults | Whether to base the config declared in services.dnscrypt-proxy.settings on the upstream example config (https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml)
Disable this if you want to declare your dnscrypt config from scratch.
|
| networking.wireless.fallbackToWPA2 | Whether to fall back to WPA2 authentication protocols if WPA3 failed
|
| services.umami.settings.DISABLE_TELEMETRY | Umami collects completely anonymous telemetry data in order help improve the application
|
| services.buffyboard.settings.input.pointer | Enable or disable the use of a hardware mouse or other pointing device.
|
| networking.tempAddresses | Whether to enable IPv6 Privacy Extensions for interfaces not
configured explicitly in
networking.interfaces._name_.tempAddress
|
| services.nitter.preferences.replaceReddit | Replace Reddit links with links to this instance (blank to disable).
|
| virtualisation.fileSystems.<name>.noCheck | Disable running fsck on this filesystem.
|
| services.dnscrypt-proxy2.upstreamDefaults | Whether to base the config declared in services.dnscrypt-proxy2.settings on the upstream example config (https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml)
Disable this if you want to declare your dnscrypt config from scratch.
|
| services.znc.config | Configuration for ZNC, see
https://wiki.znc.in/Configuration for details
|
| services.gitlab-runner.services.<name>.debugTraceDisabled | When set to true Runner will disable the possibility of
using the CI_DEBUG_TRACE feature.
|
| services.pocket-id.settings.ANALYTICS_DISABLED | Whether to disable analytics
|
| services.sabnzbd.settings.servers.<name>.optional | In case of connection failures, temporarily
disable this server. (See sabnzbd's documentation
for usage guides).
|
| services.paretosecurity.trayIcon | Set to false to disable the tray icon and run as a CLI tool only.
|
| services.rustus.disable_health_access_logs | disable access log for /health endpoint
|
| services.nextcloud.appstoreEnable | Allow the installation and updating of apps from the Nextcloud appstore
|
| services.tarsnap.archives.<name>.cachedir | The cache allows tarsnap to identify previously stored data
blocks, reducing archival time and bandwidth usage
|
| services.nitter.preferences.replaceTwitter | Replace Twitter links with links to this instance (blank to disable).
|
| services.grafana.settings.database.ssl_mode | For Postgres, use either disable, require or verify-full
|
| services.weblate.configurePostgresql | Whether to enable and configure a local PostgreSQL server by creating a user and database for weblate
|
| services.wyoming.satellite.microphone.autoGain | Automatic gain control in dbFS, with 31 being the loudest value
|
| virtualisation.vmware.guest.headless | Whether to disable X11-related features.
|
| services.ferretdb.settings.FERRETDB_TELEMETRY | Enable or disable basic telemetry
|
| services.movim.podConfig.disableregistration | Remove the XMPP registration flow and buttons from the interface
|
| services.headscale.settings.oidc.pkce.enabled | Enable or disable PKCE (Proof Key for Code Exchange) support
|
| services.crowdsec-firewall-bouncer.createRulesets | Whether to have the module create the appropriate firewall configuration
based on the bouncer settings
|
| networking.wireless.athUserRegulatoryDomain | If enabled, sets the ATH_USER_REGD kernel config switch to true to
disable the enforcement of EEPROM regulatory restrictions for ath
drivers
|
| services.paperless.passwordFile | A file containing the superuser password
|
| services.nextcloud-spreed-signaling.settings.mcu.type | The type of MCU to use
|
| services.yggdrasil.denyDhcpcdInterfaces | Disable the DHCP client for any interface whose name matches
any of the shell glob patterns in this list
|
| services.tarsnap.archives.<name>.checkpointBytes | Create a checkpoint every checkpointBytes
of uploaded data (optionally specified using an SI prefix).
1GB is the minimum value
|
| services.librenms.distributedPoller.enable | Configure this LibreNMS instance as a distributed poller
|
| networking.firewall.checkReversePath | Performs a reverse path filter test on a packet
|
| hardware.nvidia.prime.reverseSync.setupCommands.enable | Whether to enable configure the display manager to be able to use the outputs
attached to the NVIDIA GPU
|
| services.logrotate.checkConfig | Whether the config should be checked at build time
|
| services.nextcloud.enableImagemagick | Whether to enable the ImageMagick module for PHP
|
| services.desktopManager.plasma6.enableQt5Integration | Enable Qt 5 integration (theming, etc)
|
| services.nextcloud-spreed-signaling.settings.grpc.listen | IP and port to listen on for GRPC requests
|
| services.libinput.mouse.horizontalScrolling | Enables or disables horizontal scrolling
|
| services.buffyboard.settings.input.touchscreen | Enable or disable the use of the touchscreen.
|
| services.xserver.desktopManager.surf-display.pointerButtonMap | Disable right and middle pointer device click in browser sessions
while keeping scrolling wheels' functionality intact
|
| services.ollama.acceleration | What interface to use for hardware acceleration
|
| networking.getaddrinfo.precedence | Similar to networking.getaddrinfo.label, but this option
defines entries for the precedence table instead
|
| services.resolved.dnssec | If set to
"true":
all DNS lookups are DNSSEC-validated locally (excluding
LLMNR and Multicast DNS)
|
| services.nextcloud-spreed-signaling.settings.turn.servers | A list of TURN servers to use
|
| services.matomo.periodicArchiveProcessing | Enable periodic archive processing, which generates aggregated reports from the visits
|
| services.sabnzbd.settings.servers.<name>.expire_date | If Notifications are enabled and an expiry date is
set, warn 5 days before expiry
|
| services.cassandra.incrementalRepairInterval | Set the interval how often incremental repairs are run, i.e.
nodetool repair is executed
|
| networking.interfaces.<name>.tempAddress | When IPv6 is enabled with SLAAC, this option controls the use of
temporary address (aka privacy extensions) on this
interface
|
| services.grafana.settings.plugins.preinstall_disabled | When set to true, disables the Background Plugin Installer, which runs before Grafana starts
|
| services.libinput.touchpad.horizontalScrolling | Enables or disables horizontal scrolling
|
| virtualisation.xen.store.settings.ringScanInterval | Perodic scanning for all the rings as a safenet for lazy clients
|
| services.prometheus.exporters.opnsense.enabledExporter | Collectors to enable or disable
|
| services.cloudflared.tunnels.<name>.originRequest.noHappyEyeballs | Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
|
| services.kanidm.serverSettings.online_backup.versions | Number of backups to keep
|
| hardware.trackpoint.press_to_select | Setting this to true will enable the Press to Select functions like tapping the control stick to simulate a left click, and setting false will disable it.
|
| services.suricata.settings.exception-policy | Define a common behavior for all exception policies
|
| services.kanidm.server.settings.online_backup.versions | Number of backups to keep
|
| services.grafana.settings.security.disable_initial_admin_creation | Disable creation of admin user on first start of Grafana.
|
| networking.firewall.connectionTrackingModules | List of connection-tracking helpers that are auto-loaded
|
| services.wyoming.satellite.microphone.noiseSuppression | Noise suppression level with 4 being the maximum suppression,
which may cause audio distortion
|
| services.kanidm.provision.systems.oauth2.<name>.allowInsecureClientDisablePkce | Disable PKCE on this oauth2 resource server to work around insecure clients
that may not support it
|
| services.librenms.distributedPoller.distributedBilling | Enable distributed billing on this poller
|
| programs.qgroundcontrol.blacklistModemManagerFromTTYUSB | Disallow ModemManager from interfering with serial connections that QGroundControl might use
|
| services.nextcloud.settings.mail_smtpmode | Which mode to use for sending mail
|
| services.jellyfin.transcoding.enableSubtitleExtraction | Embedded subtitles can be extracted from videos and delivered to clients in plain text, in order to help prevent video transcoding
|
| services.multipath.devices.*.flush_on_last_del | If set to "yes" multipathd will disable queueing when the last path to a
device has been deleted.
|
| services.multipath.devices.*.fast_io_fail_tmo | Specify the number of seconds the SCSI layer will wait after a problem has been
detected on a FC remote port before failing I/O to devices on that remote port
|
| services.pufferpanel.environment | Environment variables to set for the service
|
| services.grafana.settings.security.disable_brute_force_login_protection | Set to true to disable brute force login protection.
|
| services.mediagoblin.settings.mediagoblin.email_debug_mode | Disable email debug mode to start sending outgoing mails
|
| services.strongswan-swanctl.swanctl.connections.<name>.fragmentation | Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2
fragmentation)
|
| services.prometheus.remoteRead.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.mode | Selects the authentication mode for this AP.
- "none": Don't configure any authentication
|
| services.prometheus.remoteWrite.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.prometheus.scrapeConfigs.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.grafana.settings.security.x_content_type_options | Set to false to disable the X-Content-Type-Options response header
|
| services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|
| services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config.insecure_skip_verify | Disable validation of the server certificate.
|