| services.ringboard.x11.enable | Whether to enable X11 support for Ringboard.
|
| services.homed.enable | Whether to enable systemd home area/user account manager.
|
| services.homer.enable | Whether to enable A dead simple static HOMepage for your servER to keep your services on hand, from a simple yaml configuration file.
.
|
| services.homebox.enable | Whether to enable homebox.
|
| services.esphome.enable | Whether to enable esphome, for making custom firmwares for ESP32/ESP8266.
|
| qt.enable | Whether to enable Qt configuration, including theming
|
| nix.enable | Whether to enable Nix
|
| services.home-assistant.enable | Whether to enable Home Assistant
|
| boot.kexec.enable | Whether to enable kexec.
|
| services.homer.virtualHost.caddy.enable | Whether to enable a virtualhost to serve homer through caddy.
|
| services.homer.virtualHost.nginx.enable | Whether to enable a virtualhost to serve homer through nginx.
|
| users.ldap.enable | Whether to enable authentication against an LDAP server.
|
| power.ups.enable | Whether to enable support for Power Devices, such as Uninterruptible Power
Supplies, Power Distribution Units and Solar Controllers
.
|
| nix.sshServe.enable | Whether to enable serving the Nix store as a remote store via SSH.
|
| power.ups.upsd.enable | Whether to enable upsd.
|
| services.smartd.notifications.x11.enable | Whenever to send X11 xmessage notifications.
|
| xdg.portal.enable | Whether to enable xdg desktop integration.
|
| zramSwap.enable | Enable in-memory compressed devices and swap space provided by the zram
kernel module
|
| xdg.mime.enable | Whether to install files to support the
XDG Shared MIME-info specification and the
XDG MIME Applications specification.
|
| users.mysql.enable | Whether to enable authentication against a MySQL/MariaDB database.
|
| boot.bcache.enable | Whether to enable bcache mount support.
|
| xdg.menus.enable | Whether to install files to support the
XDG Desktop Menu specification.
|
| xdg.icons.enable | Whether to install files to support the
XDG Icon Theme specification.
|
| services.homebridge.enable | Whether to enable Homebridge: Homekit home automation.
|
| boot.kernel.enable | Whether to enable the Linux kernel
|
| boot.loader.grub.enable | Whether to enable the GNU GRUB boot loader.
|
| console.enable | Whether to enable virtual console.
|
| xdg.portal.wlr.enable | Whether to enable desktop portal for wlroots-based desktops
|
| gtk.iconCache.enable | Whether to build icon theme caches for GTK applications.
|
| boot.uvesafb.enable | Whether to enable uvesafb.
|
| services.adguardhome.enable | Whether to enable AdGuard Home network-wide ad blocker.
|
| power.ups.upsmon.enable | Whether to enable upsmon.
|
| xdg.sounds.enable | Whether to install files to support the
XDG Sound Theme specification.
|
| systemd.oomd.enable | Whether to enable the systemd-oomd OOM killer.
|
| services.esphome.enableUnixSocket | Listen on a unix socket /run/esphome/esphome.sock instead of the TCP port.
|
| xdg.portal.lxqt.enable | Whether to enable the desktop portal for the LXQt desktop environment
|
| boot.initrd.enable | Whether to enable the NixOS initial RAM disk (initrd)
|
| services.homepage-dashboard.enable | Whether to enable Homepage Dashboard, a highly customizable application dashboard.
|
| fonts.fontDir.enable | Whether to create a directory with links to all fonts in
/run/current-system/sw/share/X11/fonts.
|
| services.pds.enable | Whether to enable pds.
|
| services.frp.enable | Whether to enable frp.
|
| services.qui.enable | Whether to enable qui.
|
| services.znc.enable | Whether to enable ZNC.
|
| services.k3s.enable | Whether to enable k3s.
|
| boot.loader.limine.enable | Whether to enable the Limine Bootloader.
|
| boot.initrd.clevis.enable | Whether to enable Clevis in initrd.
|
| services.i2p.enable | Whether to enable I2P router.
|
| services.bcg.enable | Whether to enable BigClown gateway.
|
| services.n8n.enable | Whether to enable n8n server.
|
| systemd.tpm2.enable | Whether to enable systemd TPM2 support.
|
| boot.loader.refind.enable | Whether to enable the rEFInd boot loader.
|
| services.bee.enable | Whether to enable Ethereum Swarm Bee.
|
| security.ipa.enable | Whether to enable FreeIPA domain integration.
|
| services.h2o.enable | Whether to enable H2O web server.
|
| services.psd.enable | Whether to enable the Profile Sync daemon.
|
| services.xfs.enable | Whether to enable the X Font Server.
|
| hardware.cpu.amd.sev.enable | Whether to enable access to the AMD SEV device.
|
| programs.nh.enable | Whether to enable nh, yet another Nix CLI helper.
|
| services.tlp.pd.enable | Whether to enable the power-rofiles-daemon like DBus interface for TLP.
|
| programs.npm.enable | Whether to enable npm global config.
|
| programs.iay.enable | Whether to enable iay, a minimalistic shell prompt.
|
| services.atd.enable | Whether to enable the at daemon, a command scheduler.
|
| hardware.ksm.enable | Whether to enable Linux kernel Same-Page Merging.
|
| services.mpd.enable | Whether to enable MPD, the music player daemon.
|
| services.tlp.enable | Whether to enable the TLP power management daemon.
|
| services.nsd.enable | Whether to enable NSD authoritative DNS server.
|
| services.vdr.enable | Whether to enable VDR, a video disk recorder.
|
| services.tt-rss.enable | Whether to enable tt-rss.
|
| programs.git.lfs.enable | Whether to enable git-lfs (Large File Storage).
|
| programs.zsh.ohMyZsh.enable | Enable oh-my-zsh.
|
| programs.git.enable | Whether to enable git, a distributed version control system.
|
| programs.vim.enable | Whether to enable Vi IMproved, an advanced text editor.
|
| programs.nbd.enable | Whether to enable Network Block Device (nbd) support.
|
| nix.firewall.enable | Whether to enable firewalling for outgoing traffic of the nix daemon.
|
| services.dex.enable | Whether to enable the OpenID Connect and OAuth2 identity provider.
|
| boot.initrd.unl0kr.enable | Whether to enable the unl0kr on-screen keyboard in initrd to unlock LUKS.
|
| security.pam.zfs.enable | Enable unlocking and mounting of encrypted ZFS home dataset at login.
|
| services.gvpe.enable | Whether to enable gvpe.
|
| services.grav.enable | Whether to enable grav.
|
| services.alps.enable | Whether to enable alps.
|
| programs.fuse.enable | Whether to enable fuse.
|
| services.etcd.enable | Whether to enable etcd.
|
| programs.mosh.enable | Whether to enable mosh.
|
| services.bamf.enable | Whether to enable bamf.
|
| services.osrm.enable | Enable the OSRM service.
|
| services.tang.enable | Whether to enable tang.
|
| services.soju.enable | Whether to enable soju.
|
| services.pppd.enable | Whether to enable pppd.
|
| services.frr.bgpd.enable | Whether to enable FRR bgpd.
|
| services.frr.pbrd.enable | Whether to enable FRR pbrd.
|
| services.frr.pimd.enable | Whether to enable FRR pimd.
|
| services.frr.ldpd.enable | Whether to enable FRR ldpd.
|
| services.frr.bfdd.enable | Whether to enable FRR bfdd.
|
| services.frr.ripd.enable | Whether to enable FRR ripd.
|
| programs.bat.enable | Whether to enable bat, a cat(1) clone with wings.
|
| programs.nix-ld.enable | Whether to enable nix-ld, Documentation: https://github.com/nix-community/nix-ld.
|
| services.guix.gc.enable | Whether to enable automatic garbage collection service for Guix.
|
| services.ergo.enable | Whether to enable Ergo service.
|
| services.honk.enable | Whether to enable the Honk server.
|
| services.croc.enable | Whether to enable croc relay.
|
| services.goss.enable | Whether to enable Goss daemon.
|
| services.sogo.enable | Whether to enable SOGo groupware.
|
| services.nifi.enable | Whether to enable Apache NiFi.
|
| services.loki.enable | Whether to enable Grafana Loki.
|
| services.ttyd.enable | Whether to enable ttyd daemon.
|
| i18n.inputMethod.enable | Whether to enable an additional input method type.
|
| system.nixos-init.enable | Whether to enable nixos-init, a system for bashless initialization
|
| services.ceph.rgw.enable | Whether to enable Ceph RadosGW daemon.
|
| services.ceph.mgr.enable | Whether to enable Ceph MGR daemon.
|
| services.ceph.osd.enable | Whether to enable Ceph OSD daemon.
|
| services.ceph.mon.enable | Whether to enable Ceph MON daemon.
|
| services.ceph.mds.enable | Whether to enable Ceph MDS daemon.
|
| services.lvm.boot.vdo.enable | Whether to enable support for booting from VDOLVs.
|
| services.go-neb.enable | Whether to enable an extensible matrix bot written in Go.
|
| programs.foot.enable | Whether to enable foot terminal emulator.
|
| programs.htop.enable | Whether to enable htop process monitor.
|
| services.cage.enable | Whether to enable cage kiosk service.
|
| programs.rush.enable | Whether to enable Restricted User Shell..
|
| services.cron.enable | Whether to enable the Vixie cron daemon.
|
| programs.skim.enable | Whether to enable skim fuzzy finder.
|
| services.ceph.enable | Whether to enable Ceph global configuration.
|
| services.esdm.enable | Whether to enable ESDM service configuration.
|
| programs.less.enable | Whether to enable less, a file pager.
|
| services.tika.enable | Whether to enable Apache Tika server.
|
| services.orca.enable | Whether to enable Orca screen reader.
|
| services.nats.enable | Whether to enable NATS messaging system.
|
| services.unit.enable | Whether to enable Unit App Server.
|
| services.plex.enable | Whether to enable Plex Media Server.
|
| services.ocis.enable | Whether to enable ownCloud Infinite Scale.
|
| services.sslh.enable | Whether to enable sslh, protocol demultiplexer.
|
| services.part-db.enable | Whether to enable PartDB.
|
| services.ente.api.enable | Whether to enable Museum (API server for ente.io).
|
| services.zfs.trim.enable | Whether to enable periodic TRIM on all ZFS pools.
|
| security.pam.oath.enable | Enable the OATH (one-time password) PAM module.
|
| services.ente.web.enable | Whether to enable Ente web frontend (Photos, Albums).
|
| services.gvfs.enable | Whether to enable GVfs, a userspace virtual filesystem.
|
| services.gpsd.enable | Whether to enable gpsd, a GPS service daemon.
|
| services.bird.enable | Whether to enable BIRD Internet Routing Daemon.
|
| services.exim.enable | Whether to enable the Exim mail transfer agent.
|
| programs.kde-pim.enable | Whether to enable KDE PIM base packages.
|
| services.guix.enable | Whether to enable Guix build daemon service.
|
| boot.plymouth.enable | Whether to enable Plymouth boot splash screen.
|
| services.bind.enable | Whether to enable BIND domain name server.
|
| services.keyd.enable | Whether to enable keyd, a key remapping daemon.
|
| services.diod.enable | Whether to enable the diod 9P file server.
|
| programs.alvr.enable | Whether to enable ALVR, the VR desktop streamer.
|
| programs.yazi.enable | Whether to enable yazi terminal file manager.
|
| services.knot.enable | Whether to enable Knot authoritative-only DNS server.
|
| services.sssd.enable | Whether to enable the System Security Services Daemon.
|
| services.mmsd.enable | Whether to enable Multimedia Messaging Service Daemon.
|
| services.rauc.enable | Whether to enable RAUC A/B update service.
|
| services.ympd.enable | Whether to enable ympd, the MPD Web GUI.
|
| services.yarr.enable | Whether to enable Yet another rss reader.
|
| services.e-imzo.enable | Whether to enable E-IMZO.
|
| services.wiki-js.enable | Whether to enable wiki-js.
|
| programs.zsh.enable | Whether to configure zsh as an interactive shell
|
| services.dae.enable | Whether to enable dae, a Linux high-performance transparent proxy solution based on eBPF.
|
| programs.bcc.enable | Whether to enable bcc, tools for BPF-based Linux IO analysis, networking, monitoring, and more.
|
| security.pam.rssh.enable | Whether to enable authenticating using a signature performed by the ssh-agent.
|
| programs.niri.enable | Whether to enable Niri, a scrollable-tiling Wayland compositor.
|
| programs.atop.enable | Whether to enable Atop, a tool for monitoring system resources.
|
| services.udev.enable | Whether to enable udev, a device manager for the Linux kernel.
|
| services.oink.enable | Whether to enable Oink, a dynamic DNS client for Porkbun.
|
| services.xrdp.enable | Whether to enable xrdp, the Remote Desktop Protocol server.
|
| services.db-rest.enable | Whether to enable db-rest service.
|
| services.go-camo.enable | Whether to enable go-camo service.
|
| services.turn-rs.enable | Whether to enable turn-rs server.
|
| services.pict-rs.enable | Whether to enable pict-rs server.
|
| services.buffyboard.settings.input.pointer | Enable or disable the use of a hardware mouse or other pointing device.
|
| services.gpm.enable | Whether to enable GPM, the General Purpose Mouse daemon,
which enables mouse support in virtual consoles.
|
| services.lvm.boot.thin.enable | Whether to enable support for booting from ThinLVs.
|
| programs.nncp.enable | Whether to enable NNCP (Node to Node copy) utilities and configuration.
|
| services.drbd.enable | Whether to enable support for DRBD, the Distributed Replicated
Block Device.
|
| services.lirc.enable | Whether to enable the LIRC daemon, to receive and send infrared signals.
|
| services.rkvm.enable | Whether to enable rkvm, a Virtual KVM switch for Linux machines.
|
| services.odoo.enable | Whether to enable odoo, an open source ERP and CRM system.
|
| services.newt.enable | Whether to enable Newt, user space tunnel client for Pangolin.
|
| services.send.enable | Whether to enable Send, a file sharing web sevice for ffsend..
|
| services.i2pd.upnp.enable | Whether to enable UPnP service discovery.
|
| programs.zoom-us.enable | Whether to enable zoom.us video conferencing application.
|
| services.step-ca.enable | Whether to enable the smallstep certificate authority server.
|
| services.nvme-rs.enable | Whether to enable nvme-rs, a monitoring service.
|
| services.mlmmj.enable | Enable mlmmj
|
| services.uwsgi.enable | Enable uWSGI
|
| services.iio-niri.enable | Whether to enable IIO-Niri.
|
| services.acme-dns.enable | Whether to enable acme-dns.
|
| services.cook-cli.enable | Whether to enable cook-cli.
|
| programs.xss-lock.enable | Whether to enable xss-lock.
|
| services.r53-ddns.enable | Whether to enable r53-ddyns.
|
| services.tor.enable | Whether to enable Tor daemon
|
| programs.mepo.enable | Whether to enable Mepo, a fast, simple and hackable OSM map viewer.
|
| programs.nano.enable | Whether to enable nano, a small user-friendly console text editor.
|
| boot.crashDump.enable | If enabled, NixOS will set up a kernel that will
boot on crash, and leave the user in systemd rescue
to be able to save the crashed kernel dump at
/proc/vmcore
|
| services.frr.pathd.enable | Whether to enable FRR pathd.
|
| services.frr.nhrpd.enable | Whether to enable FRR nhrpd.
|
| services.frr.isisd.enable | Whether to enable FRR isisd.
|
| services.frr.ospfd.enable | Whether to enable FRR ospfd.
|
| services.frr.pim6d.enable | Whether to enable FRR pim6d.
|
| services.frr.vrrpd.enable | Whether to enable FRR vrrpd.
|
| services.ntpd-rs.enable | Whether to enable Network Time Service (ntpd-rs).
|
| services.tox-node.enable | Whether to enable Tox Node service.
|
| services.node-red.enable | Whether to enable the Node-RED service.
|
| services.clatd.enable | Whether to enable clatd.
|
| services.gitea.enable | Enable Gitea Service.
|
| programs.labwc.enable | Whether to enable labwc.
|
| services.flood.enable | Whether to enable flood.
|
| services.grocy.enable | Whether to enable grocy.
|
| services.angrr.enable | Whether to enable angrr.
|
| programs.steam.enable | Whether to enable steam.
|
| services.gatus.enable | Whether to enable Gatus.
|
| services.hound.enable | Whether to enable hound.
|
| services.bosun.enable | Whether to enable bosun.
|
| security.agnos.enable | Whether to enable agnos.
|
| services.haven.enable | Whether to enable haven.
|
| programs.dconf.enable | Whether to enable dconf.
|
| services.mimir.enable | Whether to enable mimir.
|
| services.snmpd.enable | Whether to enable snmpd.
|
| services.tetrd.enable | Whether to enable tetrd.
|
| services.seatd.enable | Whether to enable seatd.
|
| services.monit.enable | Whether to enable Monit.
|
| services.shoko.enable | Whether to enable Shoko.
|
| services.tuned.enable | Whether to enable TuneD.
|
| services.rimgo.enable | Whether to enable rimgo.
|
| services.umami.enable | Whether to enable umami.
|
| services.tayga.enable | Whether to enable Tayga.
|
| services.ofono.enable | Whether to enable Ofono.
|
| services.pdnsd.enable | Whether to enable pdnsd.
|
| services.slskd.enable | Whether to enable slskd.
|
| services.stash.enable | Whether to enable stash.
|
| services.zrepl.enable | Whether to enable zrepl.
|
| services.foldingathome.enable | Whether to enable Folding@home client.
|
| programs.nh.clean.enable | Whether to enable periodic garbage collection with nh clean all.
|
| programs.zmap.enable | Whether to enable ZMap, a network scanner designed for Internet-wide network surveys.
|
| services.ncps.enable | Whether to enable ncps: Nix binary cache proxy service implemented in Go.
|
| hardware.coral.usb.enable | Whether to enable Coral USB support.
|
| services.nginx.sso.enable | Whether to enable nginx-sso service.
|
| services.sympa.web.enable | Whether to enable Sympa web interface.
|
| services.lact.enable | Whether to enable LACT, a tool for monitoring, configuring and overclocking GPUs.
If you are on an AMD GPU, it is recommended to enable overdrive mode by using
hardware.amdgpu.overdrive.enable = true; in your configuration
|
| services.ntfy-sh.enable | Whether to enable ntfy-sh, a push notification service.
|
| hardware.ckb-next.enable | Whether to enable the Corsair keyboard/mouse driver.
|
| services.amule.enable | Whether to enable aMule daemon.
|
| services.agate.enable | Whether to enable Agate Server.
|
| services.coder.enable | Whether to enable Coder service.
|
| services.alloy.enable | Whether to enable Grafana Alloy.
|
| services.hitch.enable | Whether to enable Hitch Server.
|
| services.acpid.enable | Whether to enable the ACPI daemon.
|
| services.fider.enable | Whether to enable the Fider server.
|
| services.below.enable | Whether to enable 'below' resource monitor.
|
| programs.bash-my-aws.enable | Whether to enable bash-my-aws.
|
| services.godns.enable | Whether to enable GoDNS service.
|
| services.mympd.enable | Whether to enable MyMPD server.
|
| services.munge.enable | Whether to enable munge service.
|
| services.pykms.enable | Whether to enable the PyKMS service.
|
| services.tempo.enable | Whether to enable Grafana Tempo.
|
| services.movim.enable | Whether to enable a Movim instance.
|
| services.mysql.enable | Whether to enable MySQL server.
|
| services.tsidp.enable | Whether to enable tsidp server.
|
| services.owamp.enable | Whether to enable OWAMP server.
|
| services.vault.enable | Whether to enable Vault daemon.
|
| boot.swraid.enable | Whether to enable support for Linux MD RAID arrays
|
| programs.qdmr.enable | Whether to enable QDMR - a GUI application and command line tool for programming DMR radios.
|
| hardware.xone.enable | Whether to enable the xone driver for Xbox One and Xbox Series X|S accessories.
|
| services.evcc.enable | Whether to enable EVCC, the extensible EV Charge Controller and Home Energy Management System.
|
| services.auto-epp.enable | Whether to enable auto-epp for amd active pstate.
|
| services.sing-box.enable | Whether to enable sing-box universal proxy platform.
|
| services.karma.enable | Whether to enable the Karma dashboard service.
|
| services.dictd.enable | Whether to enable the DICT.org dictionary server.
|
| services.gonic.enable | Whether to enable Gonic music server.
|
| services.dspam.enable | Whether to enable the dspam spam filter.
|
| services.caddy.enable | Whether to enable Caddy web server.
|
| services.envoy.enable | Whether to enable Envoy reverse proxy.
|
| programs.iftop.enable | Whether to enable iftop and setcap wrapper for it.
|
| programs.xppen.enable | Whether to enable XPPen PenTablet application.
|
| programs.msmtp.enable | Whether to enable msmtp - an SMTP client.
|
| services.httpd.enable | Whether to enable the Apache HTTP Server.
|
| programs.iotop.enable | Whether to enable iotop + setcap wrapper.
|
| services.dunst.enable | Whether to enable Dunst notification daemon.
|
| services.fcron.enable | Whether to enable the fcron daemon.
|
| services.dante.enable | Whether to enable Dante SOCKS proxy.
|
| services.memos.enable | Whether to enable Memos note-taking.
|
| services.neard.enable | Whether to enable neard, an NFC daemon.
|
| services.scion.enable | Whether to enable all of the scion components and services.
|
| services.neo4j.enable | Whether to enable Neo4j Community Edition.
|
| services.unifi.enable | Whether or not to enable the unifi controller service.
|
| services.rqbit.enable | Whether to enable rqbit BitTorrent daemon.
|
| services.nginx.enable | Whether to enable Nginx Web Server.
|
| services.minio.enable | Whether to enable Minio Object Storage.
|
| services.xmrig.enable | Whether to enable XMRig Mining Software.
|
| services.snips-sh.enable | Whether to enable snips.sh.
|
| services.rke2.enable | Whether to enable rke2.
|
| services.i2pd.proto.sam.enable | Whether to enable sam.
|
| services.i2pd.proto.bob.enable | Whether to enable bob.
|
| security.sudo.enable | Whether to enable the sudo command, which
allows non-root users to execute commands as root.
|
| security.doas.enable | Whether to enable the doas command, which allows
non-root users to execute commands as root.
|
| services.ifm.enable | Whether to enable Improved file manager, a single-file web-based filemanager
Lightweight and minimal, served using PHP's built-in server
.
|
| programs.dwl.enable | Whether to enable Dwl is a compact, hackable compositor for Wayland based on wlroots
|
| services.lvm.enable | Whether to enable lvm2.
The lvm2 package contains device-mapper udev rules and without those tools like cryptsetup do not fully function!
|
| services.sks.enable | Whether to enable SKS (synchronizing key server for OpenPGP) and start the database
server
|
| services.kea.dhcp-ddns.enable | Whether to enable Kea DDNS server.
|
| system.tools.nixos-enter.enable | Whether to enable nixos-enter script.
|
| programs.geary.enable | Whether to enable Geary, a Mail client for GNOME.
|
| services.cfssl.enable | Whether to enable the CFSSL CA api-server.
|
| services.arbtt.enable | Whether to enable Arbtt statistics capture service.
|
| services.felix.enable | Whether to enable the Apache Felix OSGi service.
|
| services.davis.enable | Whether to enable Davis is a caldav and carddav server.
|
| services.legit.enable | Whether to enable legit git web frontend.
|
| services.leaps.enable | Whether to enable leaps, a pair programming service.
|
| services.cntlm.enable | Whether to enable cntlm, which starts a local proxy.
|
| services.picom.enable | Whether or not to enable Picom as the X.org composite manager.
|
| services.paisa.enable | Whether to enable Paisa personal finance manager.
|
| services.nexus.enable | Whether to enable Sonatype Nexus3 OSS service.
|
| services.samba.enable | Whether to enable Samba, the SMB/CIFS protocol.
|
| services.sympa.enable | Whether to enable Sympa mailing list manager.
|
| services.wivrn.enable | Whether to enable WiVRn, an OpenXR streaming application.
|
| programs.ente-auth.enable | Whether to enable Ente Auth.
|
| services.i2pd.ssu2.enable | Whether to enable SSU2.
|
| services.conman.enable | Whether to enable Enable the conman Console manager
|
| security.pam.mount.enable | Enable PAM mount system to mount filesystems on user login.
|
| security.krb5.enable | Enable and configure Kerberos utilities
|
| services.ebusd.mqtt.enable | Whether to enable support for MQTT.
|
| hardware.uni-sync.enable | Whether to enable udev rules and software for Lian Li Uni Controllers.
|
| programs.river.enable | Whether to enable river, a dynamic tiling Wayland compositor.
|
| services.morty.enable | Whether to enable Morty proxy server
|
| hardware.flirc.enable | Whether to enable software to configure a Flirc USB device.
|
| services.dsnet.enable | Whether to enable dsnet, a centralised Wireguard VPN manager.
|
| services.atuin.enable | Whether to enable Atuin server for shell history sync.
|
| services.lemmy.enable | Whether to enable lemmy a federated alternative to reddit in rust.
|
| services.asusd.enable | Whether to enable the asusd service for ASUS ROG laptops.
|
| services.mstpd.enable | Whether to enable the multiple spanning tree protocol daemon.
|
| services.lldpd.enable | Whether to enable Link Layer Discovery Protocol Daemon.
|
| services.rumno.enable | Whether to enable rumno visual pop-up notification manager.
|
| services.pgscv.enable | Whether to enable pgSCV, a PostgreSQL ecosystem metrics collector.
|
| services.omnom.enable | Whether to enable Omnom, a webpage bookmarking and snapshotting service.
|
| services.rsync.enable | Whether to enable periodic directory syncing via rsync.
|
| services.plikd.enable | Whether to enable plikd, a temporary file upload system.
|
| services.alice-lg.enable | Whether to enable Alice Looking Glass.
|
| services.crab-hole.enable | Whether to enable Crab-hole Service.
|
| boot.initrd.systemd.dbus.enable | Whether to enable dbus in stage 1.
|
| hardware.coral.pcie.enable | Whether to enable Coral PCIe support.
|
| services.i2pd.trust.enable | Whether to enable explicit trust options.
|
| services.samba.smbd.enable | Whether to enable Samba's smbd daemon.
|
| services.slurm.rest.enable | Whether to enable slurm REST daemon.
|
| hardware.cpu.x86.msr.enable | Whether to enable the msr (Model-Specific Registers) kernel module and configure udev rules for its devices (usually /dev/cpu/*/msr).
|
| services.g810-led.enable | Whether to enable g810-led, a Linux LED controller for some Logitech G Keyboards.
|
| services.ente.api.nginx.enable | Whether to enable nginx proxy for the API server.
|
| programs.calls.enable | Whether to enable GNOME calls: a phone dialer and call handler
.
|
| services.ebusd.enable | Whether to enable ebusd, a daemon for communication with eBUS heating systems.
|
| services.jboss.enable | Whether to enable JBoss
|
| services.illum.enable | Enable illum, a daemon for controlling screen brightness with brightness buttons.
|
| services.iptsd.enable | Whether to enable the userspace daemon for Intel Precise Touch & Stylus.
|
| services.maddy.enable | Whether to enable Maddy, a free an open source mail server.
|
| services.pptpd.enable | Whether to enable pptpd, the Point-to-Point Tunneling Protocol daemon.
|
| services.rshim.enable | Whether to enable user-space rshim driver for the BlueField SoC.
|
| services.zwave-js.enable | Whether to enable the zwave-js server on boot.
|
| services.quorum.ws.enable | Enable WS-RPC interface.
|
| hardware.cpu.amd.sevGuest.enable | Whether to enable access to the AMD SEV guest device.
|
| xdg.terminal-exec.enable | Whether to enable xdg-terminal-exec, the proposed Default Terminal Execution Specification.
|
| hardware.i2c.enable | Whether to enable i2c devices support
|
| services.scx.enable | Whether to enable SCX service, a daemon to run schedulers from userspace.
This service requires a kernel with the Sched-ext feature
|
| services.fwupd.enable | Whether to enable fwupd, a DBus service that allows
applications to update firmware.
|
| services.realm.enable | Whether to enable A simple, high performance relay server written in rust.
|
| services.nipap.enable | Whether to enable global Neat IP Address Planner (NIPAP) configuration.
|
| services.nomad.enable | Whether to enable Nomad, a distributed, highly available, datacenter-aware scheduler.
|
| hardware.nfc-nci.enable | Whether to enable PN5xx kernel module with udev rules, libnfc-nci userland, and optional ifdnfc-nci PC/SC driver.
|
| hardware.sane.enable | Enable support for SANE scanners.
Users in the "scanner" group will gain access to the scanner, or the "lp" group if it's also a printer.
|
| services.i2pd.proto.http.enable | Whether to enable http.
|
| services.i2pd.proto.i2cp.enable | Whether to enable i2cp.
|
| services.do-agent.enable | Whether to enable do-agent, the DigitalOcean droplet metrics agent.
|
| services.ecs-agent.enable | Whether to enable Amazon ECS agent.
|
| services.llama-cpp.enable | Whether to enable LLaMA C++ server.
|
| services.zwave-js-ui.enable | Whether to enable zwave-js-ui.
|
| systemd.network.enable | Whether to enable networkd or not.
|
| services.db-rest.redis.enable | Enable caching with redis for db-rest.
|
| services.quorum.rpc.enable | Enable RPC interface.
|
| services.tor.client.dns.enable | Whether to enable DNS resolver.
|
| services.epmd.enable | Whether to enable socket activation for Erlang Port Mapper Daemon (epmd),
which acts as a name server on all hosts involved in distributed
Erlang computations.
|
| services.komga.enable | Whether to enable Komga, a free and open source comics/mangas media server.
|
| services.hatsu.enable | Whether to enable Self-hosted and fully-automated ActivityPub bridge for static sites.
|
| services.aesmd.enable | Whether to enable Intel's Architectural Enclave Service Manager (AESM) for Intel SGX.
|
| services.ulogd.enable | Whether to enable ulogd, a userspace logging daemon for netfilter/iptables related logging.
|
| services.ndppd.enable | Whether to enable daemon that proxies NDP (Neighbor Discovery Protocol) messages between interfaces.
|
| services.linux-enable-ir-emitter.enable | Whether to enable IR emitter hardware
|
| programs.rust-motd.enable | Whether to enable rust-motd, a Message Of The Day (MOTD) generator.
|
| hardware.ipu6.enable | Whether to enable support for Intel IPU6/MIPI cameras.
|
| security.tpm2.enable | Whether to enable Trusted Platform Module 2 support.
|
| services.jotta-cli.enable | Whether to enable Jottacloud Command-line Tool.
|
| services.kea.dhcp6.enable | Whether to enable Kea DHCP6 server.
|
| services.kea.dhcp4.enable | Whether to enable Kea DHCP4 server.
|
| i18n.inputMethod.enableGtk2 | Whether to enable Gtk2 support.
|
| i18n.inputMethod.enableGtk3 | Whether to enable Gtk3 support.
|
| security.sudo-rs.enable | Whether to enable a memory-safe implementation of the sudo command,
which allows non-root users to execute commands as root
.
|
| services.bird-lg.proxy.enable | Whether to enable Bird Looking Glass Proxy.
|
| services.rauc.mark-good.enable | Whether to enable RAUC Good-marking service.
|
| system.tools.nixos-build-vms.enable | Whether to enable nixos-build-vms script.
|
| system.etc.overlay.enable | Mount /etc as an overlayfs instead of generating it via a perl script
|
| services.beszel.hub.enable | Whether to enable beszel hub.
|
| services.llama-swap.tls.enable | Whether to enable TLS encryption.
|
| services.frr.babeld.enable | Whether to enable FRR babeld.
|
| services.frr.eigrpd.enable | Whether to enable FRR eigrpd.
|
| services.frr.sharpd.enable | Whether to enable FRR sharpd.
|
| services.frr.ripngd.enable | Whether to enable FRR ripngd.
|
| services.frr.ospf6d.enable | Whether to enable FRR ospf6d.
|
| services.tabby.enable | Whether to enable Self-hosted AI coding assistant using large language models.
|
| services.wlock.enable | Whether to enable wlock, a Wayland sessionlocker using the ext-session-lock-v1 protocol.
|
| programs.nix-index.enable | Whether to enable nix-index, a file database for nixpkgs.
|
| programs.i3lock.enable | Whether to enable i3lock.
|
| security.polkit.enable | Whether to enable polkit.
|
| services.kismet.enable | Whether to enable kismet.
|
| services.hebbot.enable | Whether to enable hebbot.
|
| services.convos.enable | Whether to enable Convos.
|
| services.drupal.enable | Whether to enable drupal.
|
| services.echoip.enable | Whether to enable echoip.
|
| services.glance.enable | Whether to enable glance.
|
| programs.kclock.enable | Whether to enable KClock.
|
| services.baikal.enable | Whether to enable baikal.
|
| services.disnix.enable | Whether to enable Disnix.
|
| services.alerta.enable | Whether to enable alerta.
|
| services.gitlab.enable | Enable the gitlab service.
|
| services.immich.enable | Whether to enable Immich.
|
| services.akkoma.enable | Whether to enable Akkoma.
|
| services.clight.enable | Whether to enable clight.
|
| services.fanout.enable | Whether to enable fanout.
|
| services.strfry.enable | Whether to enable strfry.
|
| services.maubot.enable | Whether to enable maubot.
|
| services.monica.enable | Whether to enable monica.
|
| services.ocserv.enable | Whether to enable ocserv.
|
| services.sonarr.enable | Whether to enable Sonarr.
|
| services.statsd.enable | Whether to enable statsd.
|
| services.vsftpd.enable | Whether to enable vsftpd.
|
| services.wakapi.enable | Whether to enable Wakapi.
|
| services.whoami.enable | Whether to enable whoami.
|
| services.deluge.web.enable | Whether to enable Deluge Web daemon.
|
| services.torque.mom.enable | Whether to enable torque computing node.
|
| services.nfs.server.enable | Whether to enable the kernel's NFS server.
|
| services.kea.ctrl-agent.enable | Whether to enable Kea Control Agent.
|
| services.ferm.enable | Whether to enable Ferm Firewall.
Warning: Enabling this service WILL disable the existing NixOS
firewall! Default firewall rules provided by packages are not
considered at the moment.
|
| services.sshd.enable | Alias of services.openssh.enable.
|
| services.lldap.enable | Whether to enable lldap, a lightweight authentication server that provides an opinionated, simplified LDAP interface for authentication.
|
| services.jack.jackd.enable | Whether to enable JACK Audio Connection Kit
|
| programs.bash.blesh.enable | Whether to enable blesh, a full-featured line editor written in pure Bash.
|
| services.snipe-it.enable | Whether to enable snipe-it, a free open source IT asset/license management system.
|
| programs.adb.enable | Whether to configure system to use Android Debug Bridge (adb).
|
| programs.mtr.enable | Whether to add mtr to the global environment and configure a
setcap wrapper for it.
|
| programs.dms-shell.enable | Whether to enable DankMaterialShell, a complete desktop shell for Wayland compositors.
|
| services.nar-serve.enable | Whether to enable serving NAR file contents via HTTP.
|
| security.ipa.dyndns.enable | Whether to enable FreeIPA automatic hostname updates.
|
| services.zfs.autoScrub.enable | Whether to enable periodic scrubbing of ZFS pools.
|
| programs.nixbit.enable | Whether to enable Nixbit configuration.
|
| services.gocd-agent.enable | Whether to enable gocd-agent.
|
| services.a2boot.enable | Whether to enable the a2boot daemon.
|
| services.glpiAgent.enable | Whether to enable GLPI Agent.
|
| services.deluge.enable | Whether to enable Deluge daemon.
|
| services.galene.enable | Whether to enable Galene Service.
|
| services.i2pd.ntcp2.enable | Whether to enable NTCP2.
|
| services.intune.enable | Whether to enable Microsoft Intune.
|
| services.cross-seed.enable | Whether to enable cross-seed.
|
| hardware.uinput.enable | Whether to enable uinput support.
|
| services.brltty.enable | Whether to enable the BRLTTY daemon.
|
| programs.vscode.enable | Whether to enable VSCode editor.
|
| services.byedpi.enable | Whether to enable the ByeDPI service.
|
| services.docuum.enable | Whether to enable docuum daemon.
|
| services.gotify.enable | Whether to enable Gotify webserver.
|
| programs.winbox.enable | Whether to enable MikroTik Winbox.
|
| services.atalkd.enable | Whether to enable the AppleTalk daemon.
|
| services.nntp-proxy.enable | Whether to enable NNTP-Proxy.
|
| services.porn-vault.enable | Whether to enable Porn-Vault.
|
| services.spiped.enable | Enable the spiped service module.
|
| services.soft-serve.enable | Whether to enable soft-serve.
|
| services.todesk.enable | Whether to enable ToDesk daemon.
|
| services.rsyncd.enable | Whether to enable the rsync daemon.
|
| services.tlsrpt.enable | Whether to enable the TLSRPT services.
|
| services.pghero.enable | Whether to enable PgHero service.
|
| services.tomcat.enable | Whether to enable Apache Tomcat.
|
| services.skydns.enable | Whether to enable skydns service.
|
| services.murmur.enable | Whether to enable Mumble server.
|
| services.zenohd.enable | Whether to enable Zenoh daemon..
|
| services.gerrit.enable | Whether to enable Gerrit service.
|
| services.v2raya.enable | Whether to enable the v2rayA service.
|
| services.webdav.enable | Whether to enable WebDAV server.
|
| services.gnome.games.enable | Whether to enable GNOME games.
|
| services.angrr.timer.enable | Whether to enable angrr timer.
|
| services.ombi.enable | Whether to enable Ombi, a web application that automatically gives your shared Plex or
Emby users the ability to request content by themselves!
Optionally see https://docs.ombi.app/info/reverse-proxy
on how to set up a reverse proxy
.
|
| services.pcscd.enable | Whether to enable PCSC-Lite daemon, to access smart cards using SCard API (PC/SC).
|
| services.tftpd.enable | Whether to enable tftpd, a Trivial File Transfer Protocol server
|
| services.kbfs.enable | Whether to mount the Keybase filesystem.
|
| users.users.<name>.enable | If set to false, the user account will not be created
|
| services.nix-serve.enable | Whether to enable nix-serve, the standalone Nix binary cache server.
|
| boot.initrd.systemd.tpm2.enable | Whether to enable systemd initrd TPM2 support.
|
| services.nbd.server.enable | Whether to enable the Network Block Device (nbd) server.
|
| services.ipp-usb.enable | Whether to enable ipp-usb, a daemon to turn an USB printer/scanner supporting IPP everywhere (aka AirPrint, WSD, AirScan) into a locally accessible network printer/scanner.
|
| services.nscd.enable | Whether to enable the Name Service Cache Daemon
|
| system.tools.nixos-option.enable | Whether to enable nixos-option script.
|
| services.quorum.enable | Whether to enable Quorum blockchain daemon.
|
| programs.cnping.enable | Whether to enable a setcap wrapper for cnping.
|
| programs.gpaste.enable | Whether to enable GPaste, a clipboard manager.
|
| services.kavita.enable | Whether to enable Kavita reading server.
|
| services.gammu-smsd.enable | Whether to enable gammu-smsd daemon.
|
| services.hoogle.enable | Whether to enable Haskell documentation server.
|
| security.auditd.enable | Whether to enable the Linux Audit daemon.
|
| hardware.mcelog.enable | Enable the Machine Check Exception logger.
|
| services.gobgpd.enable | Whether to enable GoBGP Routing Daemon.
|
| hardware.pcmcia.enable | Enable this option to support PCMCIA card.
|
| services.flarum.enable | Whether to enable Flarum discussion platform.
|
| services.artalk.enable | Whether to enable artalk, a comment system.
|
| programs.sysdig.enable | Whether to enable sysdig, a tracing tool.
|
| services.coturn.enable | Whether to enable coturn TURN server.
|
| services.stubby.enable | Whether to enable Stubby DNS resolver.
|
| services.ngircd.enable | Whether to enable the ngircd IRC server.
|
| services.open-webui.enable | Whether to enable Open-WebUI server.
|
| services.llama-swap.enable | Whether to enable the llama-swap service.
|
| services.oncall.enable | Whether to enable Oncall web app.
|
| services.moodle.enable | Whether to enable Moodle web application.
|
| services.mchprs.enable | Whether to enable MCHPRS, a Minecraft server.
|
| services.toxvpn.enable | Whether to enable toxvpn running on startup.
|
| services.monado.enable | Whether to enable Monado user service.
|
| services.qemuGuest.enable | Whether to enable the qemu guest agent.
|
| services.monero.enable | Whether to enable Monero node daemon.
|
| services.pyload.enable | Whether to enable pyLoad download manager.
|
| services.go2rtc.enable | Whether to enable go2rtc streaming server.
|
| services.veilid.enable | Whether to enable Veilid Headless Node.
|
| services.hans.server.enable | enable hans server
|
| services.gitea.dump.enable | Enable a timer that runs gitea dump to generate backup-files of the
current gitea database and repositories.
|
| security.pam.dp9ik.enable | Whether to enable the dp9ik pam module provided by tlsclient
|
| boot.initrd.systemd.enable | Whether to enable systemd in initrd
|
| security.pam.howdy.enable | Whether to enable the Howdy PAM module
|
| programs.fish.enable | Whether to configure fish as an interactive shell.
|
| security.audit.enable | Whether to enable the Linux audit system
|
| hardware.nvidia.gsp.enable | Whether to enable the GPU System Processor (GSP) on the video card
.
|
| services.tcsd.enable | Whether to enable tcsd, a Trusted Computing management service
that provides TCG Software Stack (TSS)
|
| services.gnome.sushi.enable | Whether to enable Sushi, a quick previewer for nautilus.
|
| services.polipo.enable | Whether to enable polipo caching web proxy.
|
| programs.xastir.enable | Whether to enable Xastir Graphical APRS client.
|
| services.babeld.enable | Whether to enable the babeld network routing daemon.
|
| programs.thunar.enable | Whether to enable Thunar, the Xfce file manager.
|
| programs.trippy.enable | Whether to enable trippy, a network diagnostic tool.
|
| services.erigon.enable | Whether to enable Ethereum implementation on the efficiency frontier.
|
| services.athens.enable | Whether to enable Go module datastore and proxy.
|
| services.kmonad.enable | Whether to enable KMonad: an advanced keyboard manager.
|
| programs.evince.enable | Whether to enable Evince, the GNOME document viewer.
|
| hardware.ledger.enable | Whether to enable udev rules for Ledger devices.
|
| programs.screen.enable | Whether to enable screen, a basic terminal multiplexer.
|
| services.irkerd.enable | Whether to enable irker, an IRC notification daemon.
|
| services.colord.enable | Whether to enable colord, the color management daemon.
|
| services.shiori.enable | Whether to enable Shiori simple bookmarks manager.
|
| services.target.enable | Whether to enable the kernel's LIO iscsi target.
|
| services.redlib.enable | Whether to enable Private front-end for Reddit.
|
| services.mopidy.enable | Whether to enable Mopidy, a music player daemon.
|
| services.sanoid.enable | Whether to enable Sanoid ZFS snapshotting service.
|
| services.opkssh.enable | Whether to enable OpenID Connect SSH authentication.
|
| services.miredo.enable | Whether to enable the Miredo IPv6 tunneling service.
|
| services.smartd.enable | Whether to enable smartd daemon from smartmontools package.
|
| services.rustus.enable | Whether to enable TUS protocol implementation in Rust.
|
| services.zapret.enable | Whether to enable the Zapret DPI bypass service..
|
| services.xinetd.enable | Whether to enable the xinetd super-server daemon.
|
| services.tor.relay.enable | Whether to enable relaying of Tor traffic for others
|
| services.emacs.enable | Whether to enable a user service for the Emacs daemon
|
| services.u9fs.enable | Whether to run the u9fs 9P server for Unix.
|
| services.tp-auto-kbbl.enable | Whether to enable auto toggle keyboard back-lighting on Thinkpads (and maybe other laptops) for Linux.
|
| services.lemmy.nginx.enable | Whether to enable exposing lemmy with the nginx reverse proxy.
|
| services.lemmy.caddy.enable | Whether to enable exposing lemmy with the caddy reverse proxy.
|
| services.gnome.core-apps.enable | Whether to enable GNOME core apps.
|
| services.gitlab.smtp.enable | Enable gitlab mail delivery over SMTP.
|
| services.ceph.client.enable | Whether to enable Ceph client configuration.
|
| services.bazarr.enable | Whether to enable bazarr, a subtitle manager for Sonarr and Radarr.
|
| services.gancio.enable | Whether to enable Gancio, a shared agenda for local communities.
|
| services.gollum.enable | Whether to enable Gollum, a git-powered wiki service.
|
| services.devmon.enable | Whether to enable devmon, an automatic device mounting daemon.
|
| programs.udevil.enable | Whether to enable udevil, to mount filesystems without password.
|
| services.atticd.enable | Whether to enable the atticd, the Nix Binary Cache server.
|
| services.gdomap.enable | Whether to enable GNUstep Distributed Objects name server.
|
| programs.xfconf.enable | Whether to enable Xfconf, the Xfce configuration storage system.
|
| services.lidarr.enable | Whether to enable Lidarr, a Usenet/BitTorrent music downloader.
|
| services.garage.enable | Whether to enable Garage Object Storage (S3 compatible).
|
| programs.throne.enable | Whether to enable Throne, a GUI proxy configuration manager.
|
| services.mealie.enable | Whether to enable Mealie, a recipe manager and meal planner.
|
| services.nagios.enable | Whether to enable Nagios to monitor your system or network.
|
| services.radarr.enable | Whether to enable Radarr, a UsetNet/BitTorrent movie downloader.
|
| services.nzbget.enable | Whether to enable NZBGet, for downloading files from news servers.
|
| services.nitter.enable | Whether to enable Nitter, an alternative Twitter front-end.
|
| services.mihomo.enable | Whether to enable Mihomo, A rule-based proxy in Go.
|
| services.rspamd.enable | Whether to enable rspamd, the Rapid spam filtering system.
|
| services.mptcpd.enable | Whether to enable the Multipath TCP path management daemon.
|
| services.bacula-sd.enable | Whether to enable Bacula Storage Daemon.
|
| services.bacula-fd.enable | Whether to enable the Bacula File Daemon.
|
| services.syslog-ng.enable | Whether to enable the syslog-ng daemon.
|
| services.pocket-id.enable | Whether to enable Pocket ID server.
|
| services.confd.enable | Whether to enable confd, a service to manage local application configuration files using templates and data from etcd/consul/redis/zookeeper.
|
| services.searx.enable | Whether to enable Searx, the meta search engine.
|
| services.gnome.at-spi2-core.enable | Whether to enable at-spi2-core, a service for the Assistive Technologies
available on the GNOME platform
|
| services.cgit.<name>.enable | Whether to enable cgit.
|
| programs.criu.enable | Install criu along with necessary kernel options.
|
| services.xrdp.audio.enable | Whether to enable audio support for xrdp sessions
|
| services.ntp.enable | Whether to synchronise your machine's time using ntpd, as a peer in
the NTP network
|
| services.rauc.client.enable | Whether to enable RAUC client in the system environment.
|
| services.kanidm.unix.enable | Whether to enable the Kanidm PAM and NSS integration.
|
| services.kubo.enableGC | Whether to enable automatic garbage collection
|
| services.ncdns.enable | Whether to enable ncdns, a Go daemon to bridge Namecoin to DNS
|
| services.actual.enable | Whether to enable actual, a privacy focused app for managing your finances.
|
| services.cyrus-imap.enable | Whether to enable Cyrus IMAP, an email, contacts and calendar server.
|
| services.dgraph.enable | Whether to enable Dgraph native GraphQL database with a graph backend.
|
| services.greetd.enable | Whether to enable greetd, a minimal and flexible login manager daemon.
|
| programs.zoxide.enable | Whether to enable zoxide, a smarter cd command that learns your habits.
|
| services.jicofo.enable | Whether to enable Jitsi Conference Focus - component of Jitsi Meet.
|
| services.fstrim.enable | Whether to enable periodic SSD TRIM of mounted partitions in background.
|
| services.jigasi.enable | Whether to enable Jitsi Gateway to SIP - component of Jitsi Meet.
|
| services.ollama.enable | Whether to enable ollama server for local large language models.
|
| services.vector.enable | Whether to enable Vector, a high-performance observability data pipeline.
|
| services.xl2tpd.enable | Whether to enable xl2tpd, the Layer 2 Tunnelling Protocol Daemon.
|
| services.vnstat.enable | Whether to enable update of network usage statistics via vnstatd.
|
| services.chhoto-url.enable | Whether to enable Chhoto URL.
|
| services.fluent-bit.enable | Whether to enable Fluent Bit.
|
| services.rss-bridge.enable | Whether to enable rss-bridge.
|
| services.vdr.enableLirc | Whether to enable LIRC.
|
| hardware.alsa.enable | Whether to set up the user space part of the Advanced Linux Sound Architecture (ALSA)
Enable this option only if you want to use ALSA as your main sound system,
not if you're using a sound server (e.g
|
| users.mysql.pam.logging.enable | Enables logging of authentication attempts in the MySQL database.
|
| image.repart.verityStore.enable | Whether to enable building images with a dm-verity protected nix store.
|
| services.mame.enable | Whether to setup TUN/TAP Ethernet interface for MAME emulator.
|
| boot.loader.external.enable | Whether to enable using an external tool to install your bootloader.
|
| services.rkvm.server.enable | Whether to enable the rkvm server daemon (input transmitter).
|
| services.rkvm.client.enable | Whether to enable the rkvm client daemon (input receiver).
|
| services.uhub.<name>.enable | Whether to enable hub instance.
|
| services.nipap.nipap-www.enable | Whether to enable nipap-www server.
|
| programs.wayvnc.enable | Whether to enable wayvnc, VNC server for wlroots based Wayland compositors.
|
| programs.ghidra.enable | Whether to enable Ghidra, a software reverse engineering (SRE) suite of tools.
|
| services.jitsi-meet.enable | Whether to enable Jitsi Meet - Secure, Simple and Scalable Video Conferences.
|
| services.fluidd.enable | Whether to enable Fluidd, a Klipper web interface for managing your 3d printer.
|
| services.mbpfan.enable | Whether to enable mbpfan, fan controller daemon for Apple Macs and MacBooks.
|
| services.nohang.enable | Whether to enable nohang, a daemon that keeps system responsiveness when Linux is out of memory.
|
| services.qdrant.enable | Whether to enable Vector Search Engine for the next generation of AI applications.
|
| services.urxvtd.enable | Enable urxvtd, the urxvt terminal daemon
|
| services.tremor-rs.enable | Whether to enable Tremor event- or stream-processing system.
|
| services.doh-server.enable | Whether to enable DNS-over-HTTPS server.
|
| services.doh-proxy-rust.enable | Whether to enable doh-proxy-rust.
|
| services.bacula-dir.enable | Whether to enable Bacula Director Daemon.
|
| services.pihole-web.enable | Whether to enable Pi-hole dashboard.
|
| services.pihole-ftl.enable | Whether to enable Pi-hole FTL.
|
| services.zabbixWeb.enable | Whether to enable the Zabbix web interface.
|
| services.zfs.zed.enableMail | Whether to enable ZED's ability to send emails.
|
| services.neo4j.http.enable | Enable the HTTP connector for Neo4j
|
| services.neo4j.bolt.enable | Enable the BOLT connector for Neo4j
|
| services.gitea.lfs.enable | Enables git-lfs support.
|
| services.salt.master.enable | Whether to enable Salt configuration management system master service.
|
| services.salt.minion.enable | Whether to enable Salt configuration management system minion service.
|
| security.rtkit.enable | Whether to enable the RealtimeKit system service, which hands
out realtime scheduling priority to user processes on
demand
|
| services.xray.enable | Whether to run xray server
|
| boot.initrd.systemd.fido2.enable | Whether to enable systemd FIDO2 support.
|
| services.gns3-server.ssl.enable | Whether to enable SSL encryption.
|
| services.geth.<name>.enable | Whether to enable Go Ethereum Node.
|
| programs.git.prompt.enable | Whether to enable automatically sourcing git-prompt.sh
|
| boot.loader.systemd-boot.enable | Whether to enable the systemd-boot (formerly gummiboot) EFI boot manager
|
| services.tor.client.enable | Whether to enable the routing of application connections
|
| services.gokapi.enable | Whether to enable Lightweight selfhosted Firefox Send alternative without public upload.
|
| services.kanata.enable | Whether to enable kanata, a tool to improve keyboard comfort and usability with advanced customization.
|
| programs.ccache.enable | Whether to enable CCache, a compiler cache for fast recompilation of C/C++ code.
|
| services.atftpd.enable | Whether to enable the atftpd TFTP server
|
| security.tpm2.abrmd.enable | Whether to enable Trusted Platform 2 userspace resource manager daemon
.
|
| programs.usbtop.enable | Whether to enable usbtop and required kernel module, to show estimated USB bandwidth.
|
| services.deconz.enable | Whether to enable deCONZ, a Zigbee gateway for use with ConBee/RaspBee hardware (https://phoscon.de/).
|
| services.realmd.enable | Whether to enable realmd service for managing system enrollment in Active Directory domains.
|
| services.pretix.enable | Whether to enable Pretix, a ticket shop application for conferences, festivals, concerts, etc.
|
| services.upower.enable | Whether to enable Upower, a DBus service that provides power
management support to applications.
|
| services.zeyple.enable | Whether to enable Zeyple, an utility program to automatically encrypt outgoing emails with GPG.
|
| services.geth.<name>.http.enable | Whether to enable Go Ethereum HTTP API.
|
| hardware.tuxedo-rs.enable | Whether to enable Rust utilities for interacting with hardware from TUXEDO Computers.
|
| programs.nm-applet.enable | Whether to enable nm-applet, a NetworkManager control applet for GNOME.
|
| services.dwm-status.enable | Whether to enable dwm-status user service.
|
| programs.clash-verge.enable | Whether to enable Clash Verge.
|
| services.ttyd.enableSSL | Whether or not to enable SSL (https) support.
|
| services.hadoop.hdfs.zkfc.enable | Whether to enable HDFS ZooKeeper failover controller.
|
| services.isso.enable | Whether to enable isso, a commenting server similar to Disqus
|
| services.saned.enable | Enable saned network daemon for remote connection to scanners.
saned would be run from scanner user; to allow
access to hardware that doesn't have scanner group
you should add needed groups to this user.
|
| boot.initrd.services.lvm.enable | This will only be used when systemd is used in stage 1.
Whether to enable booting from LVM2 in the initrd.
|
| programs.throne.tunMode.enable | Whether to enable TUN mode of Throne.
|
| services.samba.nmbd.enable | Whether to enable Samba's nmbd, which replies to NetBIOS over IP name
service requests
|
| hardware.xpad-noone.enable | Whether to enable the Xpad driver from the Linux kernel with support for Xbox One controllers removed.
|
| services.inadyn.enable | Whether to enable synchronise your machine's IP address with a dynamic DNS provider using inadyn
.
|
| programs.waybar.enable | Whether to enable waybar, a highly customizable Wayland bar for Sway and Wlroots based compositors.
|
| programs.weylus.enable | Whether to enable weylus, which turns your smart phone into a graphic tablet/touch screen for your computer.
|
| hardware.brillo.enable | Whether to enable brillo in userspace
|
| services.zammad.enable | Whether to enable Zammad, a web-based, open source user support/ticketing solution.
|
| services.ircdHybrid.enable | Whether to enable IRCD.
|
| services.nezha-agent.enable | Whether to enable Agent of Nezha Monitoring.
|
| services.cjdns.enable | Whether to enable the cjdns network encryption
and routing engine
|
| services.boinc.enable | Whether to enable the BOINC distributed computing client
|
| services.keter.enable | Whether to enable keter, a web app deployment manager
|
| programs.arp-scan.enable | Whether to configure a setcap wrapper for arp-scan.
|
| services.reaction.enable | Whether to enable enable reaction.
|
| programs.vivid.enable | Whether to configure LS_COLORS with vivid.
|
| services.i2pd.enableIPv4 | Whether to enable IPv4 connectivity.
|
| services.i2pd.enableIPv6 | Whether to enable IPv6 connectivity.
|
| services.hydra.enable | Whether to run Hydra services.
|
| services.ttyd.enableIPv6 | Whether or not to enable IPv6 support.
|
| services.ivpn.enable | This option enables iVPN daemon
|
| services.i2pd.enable | Enables I2Pd as a running service upon activation
|
| services.druid.router.enable | Whether to enable Druid Router.
|
| services.druid.broker.enable | Whether to enable Druid Broker.
|
| services.kismet.httpd.enable | True to enable the HTTP server.
|
| services.beszel.agent.enable | Whether to enable beszel agent.
|
| services.nipap.nipapd.enable | Whether to enable nipapd server.
|
| services.nginx.gitweb.enable | If true, enable gitweb in nginx.
|
| services.vwifi.client.enable | Whether to enable vwifi client.
|
| services.wivrn.config.enable | Whether to enable configuration for WiVRn.
|
| services.vwifi.module.enable | Whether to enable mac80211_hwsim module.
|
| services.vwifi.server.enable | Whether to enable vwifi server.
|
| services.frr.fabricd.enable | Whether to enable FRR fabricd.
|
| nix.channel.enable | Whether the nix-channel command and state files are made available on the machine
|
| services.chrony.enable | Whether to synchronise your machine's time using chrony
|
| services.neo4j.shell.enable | Enable a remote shell server which Neo4j Shell clients can log in to
|
| services.kubo.enable | Whether to enable the Interplanetary File System (WARNING: may cause severe network degradation)
|
| services.molly-brown.enable | Whether to enable Molly-Brown Gemini server.
|
| services.eris-server.enable | Whether to enable an ERIS server.
|
| services.gocd-server.enable | Whether to enable gocd-server.
|
| services.code-server.enable | Whether to enable code-server.
|
| services.self-deploy.enable | Whether to enable self-deploy.
|
| services.roon-bridge.enable | Whether to enable Roon Bridge.
|
| services.roon-server.enable | Whether to enable Roon Server.
|
| services.karakeep.enable | Whether to enable Enable the Karakeep service.
|
| services.gnome.core-shell.enable | Whether to enable GNOME Shell services.
|
| services.gnome.gcr-ssh-agent.enable | Whether to enable GCR SSH agent.
|
| services.btrfs.autoScrub.enable | Whether to enable regular btrfs scrub.
|
| services.gitlab.pages.enable | Whether to enable the GitLab Pages service.
|
| programs.direnv.angrr.enable | Whether to enable angrr direnv integration.
|
| services.spark.worker.enable | Whether to enable Spark worker service.
|
| services.spark.master.enable | Whether to enable Spark master service.
|
| services.slurm.client.enable | Whether to enable slurm client daemon.
|
| programs.cdemu.enable | cdemu for members of
programs.cdemu.group.
|
| programs.xonsh.enable | Whether to configure xonsh as an interactive shell.
|
| security.pam.enableUMask | Whether to enable the umask PAM module.
|
| services.squid.enable | Whether to run squid web proxy.
|
| services.dleyna.enable | Whether to enable dleyna-renderer and dleyna-server service,
a DBus service for handling DLNA servers and renderers.
|
| security.please.enable | Whether to enable please, a Sudo clone which allows a users to execute a command or edit a
file as another user
.
|
| services.blocky.enable | Whether to enable blocky, a fast and lightweight DNS proxy as ad-blocker for local network with many features.
|
| services.matomo.enable | Enable Matomo web analytics with php-fpm backend
|
| services.netbox.enable | Enable Netbox
|
| services.nncp.daemon.enable | Whether to enable NNCP TCP synronization daemon
|
| services.jibri.enable | Whether to enable Jitsi BRoadcasting Infrastructure
|
| programs.k3b.enable | Whether to enable k3b, the KDE disk burning application
|
| hardware.sensor.iio.enable | Enable this option to support IIO sensors with iio-sensor-proxy
|
| services.davfs2.enable | Whether to enable davfs2.
|
| hardware.apple.touchBar.enable | Whether to enable support for the Touch Bar on some Apple laptops using tiny-dfr.
|
| services.preload.enable | Whether to enable preload.
|
| services.bluemap.enable | Whether to enable bluemap.
|
| services.htpdate.enable | Enable htpdate daemon.
|
| services.flatpak.enable | Whether to enable flatpak.
|
| services.glances.enable | Whether to enable Glances.
|
| services.fireqos.enable | Whether to enable FireQOS.
|
| services.cockpit.enable | Whether to enable Cockpit.
|
| services.freeciv.enable | Whether to enable freeciv.
|
| services.bonsaid.enable | Whether to enable bonsaid.
|
| programs.autoenv.enable | Whether to enable autoenv.
|
| services.certmgr.enable | Whether to enable certmgr.
|
| services.flannel.enable | Whether to enable flannel.
|
| services.autobrr.enable | Whether to enable Autobrr.
|
| services.kasmweb.enable | Whether to enable kasmweb.
|
| services.espanso.enable | Whether to enable Espanso.
|
| services.grafana.enable | Whether to enable grafana.
|
| services.patroni.enable | Whether to enable Patroni.
|
| services.pretalx.enable | Whether to enable pretalx.
|
| services.outline.enable | Whether to enable outline.
|
| services.marytts.enable | Whether to enable MaryTTS.
|
| services.netdata.enable | Whether to enable netdata.
|
| services.misskey.enable | Whether to enable misskey.
|
| services.selfoss.enable | Whether to enable selfoss.
|
| services.rathole.enable | Whether to enable Rathole.
|
| services.pleroma.enable | Whether to enable pleroma.
|
| services.readeck.enable | Whether to enable Readeck.
|
| services.zerobin.enable | Whether to enable 0bin.
|
| services.zipline.enable | Whether to enable Zipline.
|
| services.zeronet.enable | Whether to enable zeronet.
|
| services.nghttpx.enable | Whether to enable nghttpx.
|
| services.xbanish.enable | Whether to enable xbanish.
|
| services.uptermd.enable | Whether to enable uptermd.
|
| services.weechat.enable | Whether to enable weechat.
|
| services.cato-client.enable | Whether to enable cato-client service.
|
| services.gns3-server.enable | Whether to enable GNS3 Server daemon.
|
| programs.cfs-zen-tweaks.enable | Whether to enable CFS Zen Tweaks.
|
| services.nostr-rs-relay.enable | Whether to enable nostr-rs-relay.
|
| services.i2pd.proto.httpProxy.enable | Whether to enable httpproxy.
|
| services.seafile.gc.enable | Whether to enable automatic garbage collection on stored data blocks.
|
| programs.sway.enable | Whether to enable Sway, the i3-compatible tiling Wayland compositor
|
| services.immich.redis.enable | Whether to enable a redis cache for use with immich.
|
| security.pam.enableOTPW | Whether to enable the OTPW (one-time password) PAM module.
|
| services.tika.enableOcr | Whether to enable OCR support by adding the tesseract package as a dependency.
|
| services.gns3-server.vpcs.enable | Whether to enable VPCS support.
|
| services.hdapsd.enable | Whether to enable Hard Drive Active Protection System Daemon,
devices are detected and managed automatically by udev and systemd
.
|
| programs.pmount.enable | Whether to enable pmount, a tool that allows normal users to mount removable devices
without requiring root privileges
.
|
| services.jack.alsa.enable | Route audio to/from generic ALSA-using applications using ALSA JACK PCM plugin.
|
| services.nncp.caller.enable | Whether to enable cron'ed NNCP TCP daemon caller
|
| services.hadoop.hbase.rest.enable | Whether to enable HBase rest.
|
| programs.obs-studio.enable | Whether to enable Free and open source software for video recording and live streaming.
|
| services.pppd.peers.<name>.enable | Whether to enable this PPP peer.
|
| services.gateone.enable | Whether to enable GateOne server.
|
| services.seafile.enable | Whether to enable Seafile server.
|
| services.freenet.enable | Whether to enable Freenet daemon.
|
| services.flexget.enable | Whether to enable FlexGet daemon.
|
| services.couchdb.enable | Whether to enable CouchDB Server.
|
| services.icecast.enable | Whether to enable Icecast server.
|
| services.litellm.enable | Whether to enable LiteLLM server.
|
| services.prosody.enable | Whether to enable the prosody server
|
| services.livekit.enable | Whether to enable the livekit server.
|
| services.lokinet.enable | Whether to enable Lokinet daemon.
|
| services.sundtek.enable | Whether to enable Sundtek driver.
|
| services.sabnzbd.enable | Whether to enable the sabnzbd server.
|
| services.openbao.enable | Whether to enable OpenBao daemon.
|
| services.osquery.enable | Whether to enable osqueryd daemon.
|
| services.orthanc.enable | Whether to enable Orthanc server.
|
| services.mongodb.enable | Whether to enable the MongoDB server.
|
| services.vikunja.enable | Whether to enable vikunja service.
|
| services.varnish.enable | Whether to enable Varnish Server.
|
| services.hylafax.enable | Whether to enable HylaFAX server.
|
| services.weblate.enable | Whether to enable Weblate service.
|
| services.frigate.enable | Whether to enable Frigate NVR.
|
| services.xserver.enable | Whether to enable the X server.
|
| services.gnome.rygel.enable | Whether to enable Rygel UPnP Mediaserver
|
| services.fprintd.tod.enable | Whether to enable Touch OEM Drivers library support.
|
| system.tools.nixos-version.enable | Whether to enable nixos-version script.
|
| system.tools.nixos-install.enable | Whether to enable nixos-install script.
|
| system.tools.nixos-rebuild.enable | Whether to enable nixos-rebuild script.
|
| programs.slock.enable | Whether to install slock screen locker with setuid wrapper.
|
| services.neo4j.https.enable | Enable the HTTPS connector for Neo4j
|
| programs.file-roller.enable | Whether to enable File Roller, an archive manager for GNOME.
|
| services.rauc.slots.<name>.*.enable | Whether to enable this RAUC slot.
|
| services.yandex-disk.enable | Whether to enable Yandex-disk client
|
| programs.corefreq.enable | Whether to enable Whether to enable the corefreq daemon and kernel module.
|
| services.jitsi-meet.caddy.enable | Whether to enable caddy reverse proxy to expose jitsi-meet.
|
| services.coredns.enable | Whether to enable Coredns dns server.
|
| programs.mdevctl.enable | Whether to enable Mediated Device Management.
|
| programs.firefox.enable | Whether to enable the Firefox web browser.
|
| services.goeland.enable | Whether to enable goeland, an alternative to rss2email.
|
| hardware.onlykey.enable | Enable OnlyKey device (https://crp.to/p/) support.
|
| services.blueman.enable | Whether to enable blueman, a bluetooth manager.
|
| hardware.wooting.enable | Whether to enable support for Wooting keyboards.
|
| services.clipcat.enable | Whether to enable Clipcat clipboard daemon.
|
| services.jupyter.enable | Whether to enable Jupyter development server.
|
| services.forgejo.enable | Whether to enable Forgejo, a software forge.
|
| services.merecat.enable | Whether to enable Merecat HTTP server.
|
| services.radicle.enable | Whether to enable Radicle Seed Node.
|
| services.pgadmin.enable | Whether to enable PostgreSQL Admin 4.
|
| services.sysprof.enable | Whether to enable sysprof profiling daemon.
|
| services.serviio.enable | Whether to enable the Serviio Media Server.
|
| services.traefik.enable | Whether to enable Traefik web server.
|
| services.monetdb.enable | Whether to enable the MonetDB database server.
|
| services.polaris.enable | Whether to enable Polaris Music Server.
|
| services.prefect.enable | enable prefect server and worker services
|
| services.solanum.enable | Whether to enable Solanum IRC daemon.
|
| services.umurmur.enable | Whether to enable uMurmur Mumble server.
|
| services.tarsnap.enable | Whether to enable periodic tarsnap backups.
|
| services.tuptime.enable | Whether to enable the total uptime service.
|
| services.logkeys.enable | Whether to enable logkeys, a keylogger service.
|
| services.xonotic.enable | Whether to enable Xonotic dedicated server.
|
| programs.zsh.zsh-autoenv.enable | Whether to enable zsh-autoenv.
|
| services.mailman.ldap.enable | Whether to enable LDAP auth.
|
| services.incron.enable | Whether to enable the incron daemon
|
| services.munin-node.enable | Enable Munin Node agent
|
| services.xserver.cmt.enable | Enable chrome multitouch input (cmt)
|
| services.radvd.enable | Whether to enable the Router Advertisement Daemon
(radvd), which provides link-local
advertisements of IPv6 router addresses and prefixes using
the Neighbor Discovery Protocol (NDP)
|
| services.uptime-kuma.enable | Whether to enable Uptime Kuma, this assumes a reverse proxy to be set.
|
| services.go-httpbin.enable | Whether to enable go-httpbin.
|
| services.parsoid.enable | Whether to enable Parsoid -- bidirectional
wikitext parser.
|
| services.duckdns.enable | Whether to enable DuckDNS Dynamic DNS Client.
|
| services.klipper.enable | Whether to enable Klipper, the 3D printer firmware.
|
| services.dnsdist.enable | Whether to enable dnsdist domain name server.
|
| programs.schroot.enable | Whether to enable schroot, a lightweight virtualisation tool.
|
| services.https-dns-proxy.enable | Whether to enable https-dns-proxy daemon.
|
| services.fluentd.enable | Whether to enable fluentd, a data/log collector.
|
| services.biboumi.enable | Whether to enable the Biboumi XMPP gateway to IRC.
|
| services.ananicy.enable | Whether to enable Ananicy, an auto nice daemon.
|
| programs.hamster.enable | Whether to enable hamster, a time tracking program.
|
| services.jenkins.enable | Whether to enable Jenkins, a continuous integration server.
|
| services.bepasty.enable | Whether to enable bepasty, a binary pastebin server.
|
| services.davmail.enable | Whether to enable davmail, an MS Exchange gateway.
|
| services.corteza.enable | Whether to enable Corteza, a low-code platform.
|
| services.graylog.enable | Whether to enable Graylog, a log management solution.
|
| services.sysstat.enable | Whether to enable sar system activity collection.
|
| services.quassel.enable | Whether to enable the Quassel IRC client daemon.
|
| services.stunnel.enable | Whether to enable the stunnel TLS tunneling service.
|
| services.syncoid.enable | Whether to enable Syncoid ZFS synchronization service.
|
| services.sharkey.enable | Whether to enable Sharkey, a Sharkish microblogging platform.
|
| services.ratbagd.enable | Whether to enable ratbagd for configuring gaming mice.
|
| services.mjolnir.enable | Whether to enable Mjolnir, a moderation tool for Matrix.
|
| services.riemann.enable | Whether to enable Riemann network monitoring daemon.
|
| services.unbound.enable | Whether to enable Unbound domain name server.
|
| services.uptimed.enable | Enable uptimed, allowing you to track
your highest uptimes.
|
| services.waagent.enable | Whether to enable Windows Azure Linux Agent.
|
| services.rdnssd.enable | Whether to enable the RDNSS daemon
(rdnssd), which configures DNS servers in
/etc/resolv.conf from RDNSS
advertisements sent by IPv6 routers.
|
| hardware.sata.timeout.enable | Whether to enable SATA drive timeouts.
|
| services.weblate.smtp.enable | Whether to enable Weblate SMTP support.
|
| services.dunst.enableX11 | Whether to enable X11 support.
|
| services.httpd.enablePHP | Whether to enable the PHP module.
|
| programs.tmux.enable | Whenever to configure tmux system-wide.
|
| security.soteria.enable | Whether to enable Soteria, a Polkit authentication agent
for any desktop environment.
You should only enable this if you are on a Desktop Environment that
does not provide a graphical polkit authentication agent, or you are on
a standalone window manager or Wayland compositor.
|
| system.switch.enable | Whether to include the capability to switch configurations
|
| services.nixops-dns.enable | Whether to enable the nixops-dns resolution
of NixOps virtual machines via dnsmasq and fake domain name.
|
| services.v2ray.enable | Whether to run v2ray server
|
| services.thanos.store.enable | Whether to enable the Thanos store node giving access to blocks in a bucket provider.
|
| programs.gnome-disks.enable | Whether to enable GNOME Disks daemon, a program designed to
be a UDisks2 graphical front-end.
|
| services.pfix-srsd.enable | Whether to run the postfix sender rewriting scheme daemon.
|
| services.bluesky-pds.enable | Whether to enable pds.
|
| programs.nekoray.enable | Whether to enable nekoray, a GUI proxy configuration manager.
|
| services.siproxd.enable | Whether to enable the Siproxd SIP
proxy/masquerading daemon.
|
| services.joycond.enable | Whether to enable support for Nintendo Pro Controllers and Joycons.
|
| services.corerad.enable | Whether to enable CoreRAD IPv6 NDP RA daemon.
|
| services.awstats.enable | Whether to enable awstats, a real-time logfile analyzer.
|
| programs.bazecor.enable | Whether to enable Bazecor, the graphical configurator for Dygma Products.
|
| hardware.intel-gpu-tools.enable | Whether to enable a setcap wrapper for intel-gpu-tools.
|
| programs.wayfire.enable | Whether to enable Wayfire, a wayland compositor based on wlroots.
|
| services.g3proxy.enable | Whether to enable g3proxy, a generic purpose forward proxy.
|
| programs.gtklock.enable | Whether to enable gtklock, a GTK-based lockscreen for Wayland.
|
| security.isolate.enable | Whether to enable Sandbox for securely executing untrusted programs
.
|
| services.distccd.enable | Whether to enable distccd, a distributed C/C++ compiler.
|
| hardware.libftdi.enable | Whether to enable udev rules for devices supported by libftdi.
|
| services.arsenik.enable | Whether to enable A 33-key layout that works with all keyboards..
|
| services.bpftune.enable | Whether to enable bpftune BPF driven auto-tuning.
|
| services.kthxbye.enable | Whether to enable kthxbye alert acknowledgement management daemon.
|
| services.readarr.enable | Whether to enable Readarr, a Usenet/BitTorrent ebook downloader.
|
| services.owncast.enable | Whether to enable owncast, a video live streaming solution.
|
| services.speechd.enable | Whether to enable speech-dispatcher speech synthesizer daemon.
|
| services.privoxy.enable | Whether to enable Privoxy, non-caching filtering proxy.
|
| services.redmine.enable | Whether to enable Redmine, a project management web application.
|
| services.supybot.enable | Enable Supybot, an IRC bot (also known as Limnoria).
|
| services.podgrab.enable | Whether to enable Podgrab, a self-hosted podcast manager.
|
| services.screego.enable | Whether to enable screego screen-sharing server for developers.
|
| services.tumbler.enable | Whether to enable Tumbler, A D-Bus thumbnailer service.
|
| networking.rxe.enable | Whether to enable RDMA over converged ethernet.
|
| services.deepin.dde-api.enable | Whether to enable the DDE API, which provides some dbus interfaces that is used for screen zone detecting,
thumbnail generating, and sound playing in Deepin Desktop Environment
.
|
| security.pam.sshAgentAuth.enable | Whether to enable authenticating using a signature performed by the ssh-agent
|
| services.thanos.rule.enable | Whether to enable the Thanos ruler service which evaluates Prometheus rules against given Query nodes, exposing Store API and storing old blocks in bucket.
|
| services.sftpgo.enable | sftpgo
|
| services.iperf3.enable | Whether to enable iperf3 network throughput testing server.
|
| services.gns3-server.auth.enable | Whether to enable password based HTTP authentication to access the GNS3 Server.
|
| hardware.raid.HPSmartArray.enable | Whether to enable HP Smart Array kernel modules and CLI utility.
|
| security.shadow.enable | Enable the shadow authentication suite, which provides critical programs such as su, login, passwd
|
| services.guix.publish.enable | Whether to enable substitute server for your Guix store directory.
|
| services.public-inbox.mda.enable | Whether to enable the public-inbox Mail Delivery Agent.
|
| boot.modprobeConfig.enable | Whether to enable modprobe config
|
| programs.thefuck.enable | Whether to enable thefuck, an app which corrects your previous console command.
|
| hardware.xpadneo.enable | Whether to enable the xpadneo driver for Xbox One wireless controllers.
|
| services.jackett.enable | Whether to enable Jackett, API support for your favorite torrent trackers.
|
| programs.lazygit.enable | Whether to enable lazygit, a simple terminal UI for git commands.
|
| services.mailhog.enable | Whether to enable MailHog, web and API based SMTP testing.
|
| services.traccar.enable | Whether to enable Traccar, an open source GPS tracking system.
|
| services.nextdns.enable | Whether to enable the NextDNS DNS/53 to DoH Proxy service.
|
| services.zitadel.enable | Whether to enable ZITADEL, a user and identity access management platform.
|
| services.hickory-dns.enable | Whether to enable hickory-dns.
|
| services.haste-server.enable | Whether to enable haste-server.
|
| services.devpi-server.enable | Whether to enable Devpi Server.
|
| services.calibre-web.enable | Whether to enable Calibre-Web.
|
| programs.amnezia-vpn.enable | Whether to enable The AmneziaVPN client.
|
| services.oauth2-proxy.enable | Whether to enable oauth2-proxy.
|
| services.mysqlBackup.enable | Whether to enable MySQL backups.
|
| services.zabbixProxy.enable | Whether to enable the Zabbix Proxy.
|
| services.zabbixAgent.enable | Whether to enable the Zabbix Agent.
|
| services.iodine.server.enable | enable iodined server
|
| security.pam.krb5.enable | Enables Kerberos PAM modules (pam-krb5,
pam-ccreds)
|
| boot.initrd.systemd.network.enable | Whether to enable networkd or not.
|
| services.i2pd.proto.socksProxy.enable | Whether to enable socksproxy.
|
| systemd.oomd.enableRootSlice | Whether to enable oomd on the root slice (-.slice).
|
| users.ldap.daemon.enable | Whether to let the nslcd daemon (nss-pam-ldapd) handle the
LDAP lookups for NSS and PAM
|
| security.pam.p11.enable | Enables P11 PAM (pam_p11) module
|
| services.kresd.enable | Whether to enable knot-resolver (version 5) domain name server
|
| services.consul.alerts.enable | Whether to enable consul-alerts.
|
| services.torque.server.enable | Whether to enable torque server.
|
| services.kanidm.client.enable | Whether to enable the Kanidm client.
|
| services.kanidm.server.enable | Whether to enable the Kanidm server.
|
| services.crabfit.enable | Whether to enable Crab Fit, a meeting scheduler based on peoples' availability.
|
| services.cgminer.enable | Whether to enable cgminer, an ASIC/FPGA/GPU miner for bitcoin and litecoin.
|
| services.eintopf.enable | Whether to enable Lauti (Eintopf) community event calendar web app.
|
| services.evremap.enable | Whether to enable evremap, a keyboard input remapper for Linux/Wayland systems.
|
| services.fprintd.enable | Whether to enable fprintd daemon and PAM module for fingerprint readers handling.
|
| programs.mininet.enable | Whether to enable Mininet, an emulator for rapid prototyping of Software Defined Networks.
|
| programs.dsearch.enable | Whether to enable dsearch, a fast filesystem search service with fuzzy matching.
|
| services.trezord.enable | Enable Trezor bridge daemon, for use with Trezor hardware bitcoin wallets.
|
| services.mailman.enable | Enable Mailman on this host
|
| services.userdbd.enable | Whether to enable the systemd JSON user/group record lookup service
.
|
| services.canto-daemon.enable | Whether to enable the canto RSS daemon.
|
| services.hledger-web.enable | Whether to enable hledger-web service.
|
| services.sonic-server.enable | Whether to enable Sonic Search Index.
|
| services.howdy.enable | Whether to enable Howdy and its PAM module for face recognition
|
| services.tsmBackup.enable | Whether to enable automatic backups with the
IBM Storage Protect (Tivoli Storage Manager, TSM) client
|
| programs.direnv.enable | Whether to enable direnv integration
|
| services.tor.enableGeoIP | Whether to enable use of GeoIP databases
|
| systemd.repart.enable | Grow and add partitions to a partition table.
systemd-repart only works with GPT partition tables
|
| programs.atop.atopgpu.enable | Whether to install and enable the atopgpud daemon to get information about
NVIDIA gpus.
|
| boot.plymouth.tpm2-totp.enable | Whether to display a TOTP during boot using tpm2-totp and Plymouth.
|
| services.ntpd-rs.metrics.enable | Whether to enable ntpd-rs Prometheus Metrics Exporter.
|
| services.consul.enable | Enables the consul daemon.
|
| programs.nekoray.tunMode.enable | Whether to enable TUN mode of nekoray.
|
| hardware.amdgpu.amdvlk.enable | Whether to enable AMDVLK Vulkan driver.
|
| services.clamav.daemon.enable | Whether to enable ClamAV clamd daemon.
|
| services.restic.server.enable | Whether to enable Restic REST Server.
|
| services.vwifi.server.vsock.enable | Whether to enable vsock kernel module.
|
| programs.ydotool.enable | Whether to enable ydotoold system service and ydotool for members of
programs.ydotool.group.
.
|
| services.haproxy.enable | Whether to enable HAProxy, the reliable, high performance TCP/HTTP load balancer.
|
| services.stratis.enable | Whether to enable Stratis Storage - Easy to use local storage management for Linux.
|
| services.openssh.enable | Whether to enable the OpenSSH secure shell daemon, which
allows secure remote logins.
|
| security.duosec.ssh.enable | If enabled, protect SSH logins with Duo Security.
|
| services.tt-rss.pubSubHubbub.enable | Enable client PubSubHubbub support in tt-rss
|
| programs.appgate-sdp.enable | Whether to enable the AppGate SDP VPN client.
|
| services.immich-kiosk.enable | Whether to enable Immich Kiosk slideshow service.
|
| services.cachix-agent.enable | Whether to enable Cachix Deploy Agent: https://docs.cachix.org/deploy/.
|
| services.public-inbox.enable | Whether to enable the public-inbox mail archiver.
|
| services.tomcat.axis2.enable | Whether to enable Apache Axis2 container.
|
| services.samba-wsdd.enable | Whether to enable Web Services Dynamic Discovery host daemon
|
| xdg.autostart.enable | Whether to install files to support the
XDG Autostart specification.
|
| services.forgejo.dump.enable | Whether to enable periodic dumps via the built-in dump command.
|
| programs.light.enable | Whether to install Light backlight control command
and udev rules granting access to members of the "video" group.
|
| services.sdrplayApi.enable | Whether to enable the SDRplay API service and udev rules.
To enable integration with SoapySDR and GUI applications like gqrx create an overlay containing
soapysdr-with-plugins = super.soapysdr.override { extraPackages = [ super.soapysdrplay ]; };
|
| boot.initrd.network.ifstate.enable | Whether to enable initrd networking using IfState.
|
| services.public-inbox.imap.enable | Whether to enable the public-inbox IMAP server.
|
| services.public-inbox.http.enable | Whether to enable the public-inbox HTTP server.
|
| services.public-inbox.nntp.enable | Whether to enable the public-inbox NNTP server.
|
| services.thanos.query.enable | Whether to enable the Thanos query node exposing PromQL enabled Query API with data retrieved from multiple store nodes.
|
| services.hadoop.hdfs.httpfs.enable | Whether to enable HDFS JournalNode.
|
| services.cloud-init.xfs.enable | Allow the cloud-init service to operate xfs filesystem.
|
| services.usbmuxd.enable | Enable the usbmuxd ("USB multiplexing daemon") service
|
| services.opengfw.enable | Whether to enable OpenGFW, A flexible, easy-to-use, open source implementation of GFW on Linux
.
|
| services.linyaps.enable | Whether to enable linyaps, a cross-distribution package manager with sandboxed apps and shared runtime.
|
| services.vmagent.enable | Whether to enable VictoriaMetrics's vmagent.
vmagent efficiently scrape metrics from Prometheus-compatible exporters
|
| hardware.fw-fanctrl.enable | Whether to enable the fw-fanctrl systemd service and install the needed packages.
|
| hardware.saleae-logic.enable | Whether to enable udev rules for Saleae Logic devices.
|
| services.apache-kafka.enable | Whether to enable Apache Kafka event streaming broker.
|
| services.anki-sync-server.enable | Whether to enable anki-sync-server.
|
| services.lk-jwt-service.enable | Whether to enable lk-jwt-service.
|
| programs.tsmClient.enable | Whether to enable IBM Storage Protect (Tivoli Storage Manager, TSM)
client command line applications with a
client system-options file "dsm.sys"
.
|
| programs.neovim.enable | Whether to enable Neovim
|
| hardware.cpu.amd.ryzen-smu.enable | Whether to enable ryzen_smu, a linux kernel driver that exposes access to the SMU (System Management Unit) for certain AMD Ryzen Processors
|
| systemd.user.tmpfiles.enable | Whether to enable systemd user units systemd-tmpfiles-setup.service and systemd-tmpfiles-clean.timer.
|
| services.jitsi-meet.jibri.enable | Whether to enable a Jibri instance and configure it to connect to Prosody
|
| security.duosec.pam.enable | If enabled, protect logins with Duo Security using PAM support.
|
| programs.oddjobd.enable | Whether to enable oddjob, a D-Bus service which runs odd jobs on behalf of client applications.
|
| services.httpd.enablePerl | Whether to enable the Perl module (mod_perl).
|
| services.private-gpt.enable | Whether to enable private-gpt for local large language models.
|
| services.lasuite-docs.enable | Whether to enable SuiteNumérique Docs.
|
| services.lasuite-meet.enable | Whether to enable SuiteNumérique Meet.
|
| services.movim.h2o.acme.enable | Whether to ask Let’s Encrypt to sign a certificate for this
virtual host
|
| programs.bash.enable | Whenever to configure Bash as an interactive shell
|
| programs.steam.extest.enable | Whether to enable Load the extest library into Steam, to translate X11 input events to
uinput events (e.g. for using Steam Input on Wayland)
.
|
| hardware.amdgpu.opencl.enable | Whether to enable OpenCL support using ROCM runtime library.
|
| services.syslogd.enable | Whether to enable syslogd
|
| services.amazon-ssm-agent.enable | Whether to enable Amazon SSM agent.
|
| programs.cpu-energy-meter.enable | Whether to enable CPU Energy Meter.
|
| programs.pqos-wrapper.enable | Whether to enable PQoS Wrapper for BenchExec.
|
| services.tmate-ssh-server.enable | Whether to enable tmate ssh server.
|
| services.lxd-image-server.enable | Whether to enable lxd-image-server.
|
| services.riemann-dash.enable | Enable the riemann-dash dashboard daemon.
|
| services.auto-cpufreq.enable | Whether to enable auto-cpufreq daemon.
|
| systemd.user.paths.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.user.units.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| boot.initrd.systemd.storePaths.*.enable | Whether to enable copying of this file and symlinking it.
|
| services.distccd.stats.enable | Whether to enable statistics reporting via HTTP server.
|
| services.radicle.httpd.enable | Whether to enable Radicle HTTP gateway to radicle-node.
|
| users.extraUsers.<name>.enable | If set to false, the user account will not be created
|
| services.graphite.web.enable | Whether to enable graphite web frontend.
|
| services.lvm.dmeventd.enable | Whether to enable the LVM dmevent daemon.
|
| services.metabase.ssl.enable | Whether to enable SSL (https) support.
|
| services.xtreemfs.dir.enable | Whether to enable XtreemFS DIR service.
|
| services.xtreemfs.osd.enable | Whether to enable XtreemFS OSD service.
|
| services.xtreemfs.mrc.enable | Whether to enable XtreemFS MRC service.
|
| programs.minipro.enable | Whether to enable minipro and its udev rules
|
| services.haveged.enable | Whether to enable haveged entropy daemon, which refills /dev/random when low
|
| services.vlagent.enable | Whether to enable VictoriaMetrics's vlagent.
vlagent is a tiny agent which helps you collect logs from various sources and store them in VictoriaLogs .
|
| programs.gnupg.agent.enable | Enables GnuPG agent with socket-activation for every user session.
|
| services.ente.api.enableLocalDB | Whether to enable the automatic creation of a local postgres database for museum..
|
| services.firefly-iii.enable | Whether to enable Firefly III: A free and open source personal finance manager.
|
| services.hardware.bolt.enable | Whether to enable Bolt, a userspace daemon to enable
security levels for Thunderbolt 3 on GNU/Linux
|
| services.logstash.enable | Enable logstash.
|
| hardware.mwProCapture.enable | Whether to enable the Magewell Pro Capture family kernel module.
|
| services.nifi.enableHTTPS | Enable HTTPS protocol
|
| services._3proxy.enable | Whether to enable 3proxy.
|
| services.automx2.enable | Whether to enable automx2.
|
| services.mailman.serve.enable | Whether to enable automatic nginx and uwsgi setup for mailman-web.
|
| services.lorri.enable | Enables the daemon for lorri, a nix-shell replacement for project
development
|
| hardware.logitech.lcd.enable | Whether to enable support for Logitech LCD Devices.
|
| programs.atop.netatop.enable | Whether to install and enable the netatop kernel module
|
| services.vmalert.enable | Wether to enable VictoriaMetrics's vmalert.
vmalert evaluates alerting and recording rules against a data source, sends notifications via Alertmanager.
|
| programs.sedutil.enable | Whether to enable sedutil, to manage self encrypting drives that conform to the Trusted Computing Group OPAL 2.0 SSC specification.
|
| services.etesync-dav.enable | Whether to enable etesync-dav, end-to-end encrypted sync for contacts, calendars and tasks.
|
| services.clamsmtp.enable | Whether to enable clamsmtp.
|
| services.peroxide.enable | Whether to enable peroxide.
|
| services.lavalink.enable | Whether to enable Lavalink.
|
| services.agorakit.enable | Whether to enable agorakit.
|
| programs.immersed.enable | Whether to enable immersed.
|
| services.cloudlog.enable | Whether to enable Cloudlog.
|
| services.canaille.enable | Whether to enable Canaille.
|
| programs.envision.enable | Whether to enable envision.
|
| services.inspircd.enable | Whether to enable InspIRCd.
|
| services.cryptpad.enable | Whether to enable cryptpad.
|
| services.dysnomia.enable | Whether to enable Dysnomia
|
| services.libinput.enable | Whether to enable libinput.
|
| services.duckling.enable | Whether to enable duckling.
|
| programs.liboping.enable | Whether to enable liboping.
|
| services.factorio.enable | Whether to enable Factorio.
|
| services.dolibarr.enable | Whether to enable dolibarr.
|
| services.filebeat.enable | Whether to enable filebeat.
|
| programs.kbdlight.enable | Whether to enable kbdlight.
|
| programs.autojump.enable | Whether to enable autojump.
|
| services.kanboard.enable | Whether to enable Kanboard.
|
| services.dnsproxy.enable | Whether to enable dnsproxy.
|
| services.corosync.enable | Whether to enable corosync.
|
| services.ersatztv.enable | Whether to enable ErsatzTV.
|
| services.mediamtx.enable | Whether to enable MediaMTX.
|
| services.unpoller.enable | Whether to enable unpoller.
|
| services.opentsdb.enable | Whether to enable OpenTSDB.
|
| services.suricata.enable | Whether to enable Suricata.
|
| services.miniflux.enable | Whether to enable miniflux.
|
| services.pairdrop.enable | Whether to enable pairdrop.
|
| services.rtorrent.enable | Whether to enable rtorrent.
|
| services.redsocks.enable | Whether to enable redsocks.
|
| services.quickwit.enable | Whether to enable Quickwit.
|
| services.olivetin.enable | Whether to enable OliveTin.
|
| services.renovate.enable | Whether to enable renovate.
|
| services.sshwifty.enable | Whether to enable Sshwifty.
|
| services.temporal.enable | Whether to enable Temporal.
|
| services.snapraid.enable | Whether to enable SnapRAID.
|
| services.peertube.enable | Whether to enable Peertube.
|
| services.urserver.enable | Whether to enable urserver.
|
| services.whisparr.enable | Whether to enable Whisparr.
|
| services.userborn.enable | Whether to enable userborn.
|
| services.wstunnel.enable | Whether to enable wstunnel.
|
| services.xtreemfs.enable | Whether to enable XtreemFS.
|
| services.eg25-manager.enable | Whether to enable Quectel EG25 modem manager service.
|
| hardware.sane.brscan5.enable | Whether to enable the Brother brscan5 sane backend.
|
| services.radicle.ci.broker.enable | Whether to enable radicle-ci-broker.
|
| services.i2pd.proto.i2pControl.enable | Whether to enable i2pcontrol.
|
| services.deepin.dde-daemon.enable | Whether to enable daemon for handling the deepin session settings.
|
| services.scion.scion-router.enable | Whether to enable the scion-router service.
|
| services.scion.scion-daemon.enable | Whether to enable the scion-daemon service.
|
| programs.sway.xwayland.enable | Whether to enable XWayland.
|
| services.timekpr.enable | Whether to enable Timekpr-nExT, a screen time managing application that helps optimizing time spent at computer for your subordinates, children or even for yourself.
|
| services.pdfding.enable | Whether to enable PdfDing service
|
| services.ntopng.enable | Enable ntopng, a high-speed web-based traffic analysis and flow
collection tool
|
| hardware.bladeRF.enable | Enables udev rules for BladeRF devices
|
| services.jitsi-meet.jicofo.enable | Whether to enable JiCoFo instance and configure it to connect to Prosody
|
| services.hadoop.hbase.master.enable | Whether to enable HBase master.
|
| services.hadoop.hbase.thrift.enable | Whether to enable HBase thrift.
|
| services.endlessh.enable | Whether to enable endlessh service.
|
| services.documize.enable | Whether to enable Documize Wiki.
|
| services.collectd.enable | Whether to enable collectd agent.
|
| services.dendrite.enable | Whether to enable matrix.org dendrite.
|
| services.heapster.enable | Whether to enable Heapster monitoring.
|
| programs.droidcam.enable | Whether to enable DroidCam client.
|
| services.easytier.enable | Whether to enable EasyTier daemon.
|
| services.cadvisor.enable | Whether to enable Cadvisor service.
|
| services.gitlab-runner.enable | Whether to enable Gitlab Runner.
|
| services.ejabberd.enable | Whether to enable ejabberd server
|
| services.influxdb.enable | Whether to enable the influxdb server.
|
| services.c2fmzq-server.enable | Whether to enable c2fmzq-server.
|
| services.peerflix.enable | Whether to enable peerflix service.
|
| services.sshguard.enable | Whether to enable the sshguard service.
|
| services.sniproxy.enable | Whether to enable sniproxy server.
|
| services.openldap.enable | Whether to enable the ldap server.
|
| services.lighttpd.enable | Enable the lighttpd web server.
|
| services.metabase.enable | Whether to enable Metabase service.
|
| services.pixelfed.enable | Whether to enable a Pixelfed instance.
|
| services.promtail.enable | Whether to enable the Promtail ingresser.
|
| services.telegraf.enable | Whether to enable telegraf server.
|
| services.pipewire.enable | Whether to enable PipeWire service.
|
| services.teleport.enable | Whether to enable the Teleport service.
|
| services.onedrive.enable | Whether to enable OneDrive service.
|
| services.matter-server.enable | Whether to enable Matter-server.
|
| services.mycelium.enable | Whether to enable mycelium network.
|
| services.subsonic.enable | Whether to enable Subsonic daemon.
|
| services.youtrack.enable | Whether to enable YouTrack service.
|
| services.windmill.enable | Whether to enable windmill service.
|
| services.zabbixServer.enable | Whether to enable the Zabbix Server.
|
| services.pinnwand.enable | Whether to enable Pinnwand, a pastebin.
|
| services.usbguard.enable | Whether to enable USBGuard daemon.
|
| services.autofs.enable | Mount filesystems on demand
|
| services.slurm.server.enable | Whether to enable the slurm control daemon
|
| hardware.keyboard.qmk.enable | Whether to enable non-root access to the firmware of QMK keyboards.
|
| programs.dms-shell.systemd.enable | Whether to enable DankMaterialShell systemd startup service.
|
| services.tahoe.nodes.<name>.sftpd.enable | Whether to enable SFTP service.
|
| boot.initrd.services.bcache.enable | This will only be used when systemd is used in stage 1.
Whether to enable bcache support in the initrd.
|
| programs.sharing.enable | Whether to enable sharing, a CLI tool for sharing files
|
| services.oidentd.enable | Whether to enable ‘oidentd’, an implementation of the Ident
protocol (RFC 1413)
|
| services.pipewire.alsa.enable | Whether to enable ALSA support.
|
| services.jitsi-meet.jigasi.enable | Whether to enable jigasi instance and configure it to connect to Prosody
|
| boot.initrd.network.ssh.enable | Start SSH service during initrd boot
|
| systemd.units.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.paths.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.mounts.*.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.ipfs-cluster.enable | Whether to enable Pinset orchestration for IPFS - requires ipfs daemon to be useful.
|
| programs.virt-manager.enable | Whether to enable virt-manager, an UI for managing virtual machines in libvirt.
|
| services.domoticz.enable | Whether to enable Domoticz home automation.
|
| services.earlyoom.enable | Whether to enable early out of memory killing.
|
| services.firebird.enable | Whether to enable the Firebird super server.
|
| programs.starship.enable | Whether to enable the Starship shell prompt.
|
| services.jellyfin.enable | Whether to enable Jellyfin Media Server.
|
| services.crowdsec.enable | Whether to enable CrowdSec Security Engine.
|
| programs.ladybird.enable | Whether to enable the Ladybird web browser.
|
| services.chisel-server.enable | Whether to enable Chisel Tunnel Server.
|
| services.asterisk.enable | Whether to enable the Asterisk PBX server.
|
| services.hedgedoc.enable | Whether to enable the HedgeDoc Markdown Editor.
|
| services.ergochat.enable | Whether to enable Ergo IRC daemon.
|
| services.twingate.enable | Whether to enable Twingate Client daemon.
|
| services.pgmanage.enable | Whether to enable PostgreSQL Administration for the web.
|
| services.tautulli.enable | Whether to enable Tautulli Plex Monitor.
|
| services.netatalk.enable | Whether to enable the Netatalk AFP fileserver.
|
| services.safeeyes.enable | Whether to enable the safeeyes OSGi service.
|
| services.smartdns.enable | Whether to enable SmartDNS DNS server.
|
| services.wastebin.enable | Whether to enable Wastebin, a pastebin service.
|
| services.grafana-to-ntfy.enable | Whether to enable Grafana-to-ntfy (ntfy.sh) alerts channel.
|
| appstream.enable | Whether to install files to support the
AppStream metadata specification.
|
| services.cinnamon.apps.enable | Whether to enable Cinnamon default applications.
|
| services.pipewire.jack.enable | Whether to enable JACK audio emulation.
|
| services.pantheon.apps.enable | Whether to enable Pantheon default applications.
|
| services.usbguard.dbus.enable | Whether to enable USBGuard dbus daemon.
|
| services.lxd-image-server.nginx.enable | Whether to enable nginx.
|
| services.grocy.nginx.enableSSL | Whether or not to enable SSL (with ACME and let's encrypt)
for the grocy vhost.
|
| system.switch.enableNg | Whether to use switch-to-configuration-ng, the Rust-based
re-implementation of the original Perl switch-to-configuration.
|
| services.ncdns.dnssec.enable | Whether to enable DNSSEC support in ncdns
|
| services.kanidm.enablePam | Whether to enable the Kanidm PAM and NSS integration.
|
| hardware.rtl-sdr.enable | Enables rtl-sdr udev rules, ensures 'plugdev' group exists, and blacklists DVB kernel modules
|
| programs.atop.atopService.enable | Whether to enable the atop service responsible for storing statistics for
long-term analysis.
|
| programs.direnv.nix-direnv.enable | Whether to enable a faster, persistent implementation of use_nix and use_flake, to replace the builtin one
.
|
| services.dump1090-fa.enable | Whether to enable dump1090-fa.
|
| services.webdav-server-rs.enable | Whether to enable WebDAV server.
|
| programs.ecryptfs.enable | Whether to enable ecryptfs setuid mount wrappers.
|
| services.librenms.enable | Whether to enable LibreNMS network monitoring system.
|
| services.cfdyndns.enable | Whether to enable Cloudflare Dynamic DNS Client.
|
| services.infnoise.enable | Whether to enable the Infinite Noise TRNG driver.
|
| services.castopod.enable | Whether to enable Castopod, a hosting platform for podcasters.
|
| programs.firejail.enable | Whether to enable firejail, a sandboxing tool for Linux.
|
| services.elephant.enable | Whether to enable Elephant application launcher backend.
|
| services.draupnir.enable | Whether to enable Draupnir, a moderations bot for Matrix.
|
| services.clipmenu.enable | Whether to enable clipmenu, the clipboard management daemon.
|
| networking.ucarp.enable | Whether to enable ucarp, userspace implementation of CARP.
|
| services.hypridle.enable | Whether to enable hypridle, Hyprland's idle daemon.
|
| services.activemq.enable | Enable the Apache ActiveMQ message broker service.
|
| services.opendkim.enable | Whether to enable OpenDKIM sender authentication system.
|
| services.pomerium.enable | Whether to enable the Pomerium authenticating reverse proxy.
|
| services.radicale.enable | Whether to enable Radicale CalDAV and CardDAV server.
|
| services.printing.enable | Whether to enable printing support through the CUPS daemon.
|
| services.powerdns.enable | Whether to enable PowerDNS domain name server.
|
| services.spotifyd.enable | Whether to enable spotifyd, a Spotify playing daemon.
|
| services.ostinato.enable | Whether to enable Ostinato agent-controller (Drone).
|
| services.thermald.enable | Whether to enable thermald, the temperature management daemon.
|
| services.openntpd.enable | Whether to enable OpenNTP time synchronization server.
|
| services.oxidized.enable | Whether to enable the oxidized configuration backup service.
|
| services.pangolin.enable | Whether to enable Pangolin reverse proxy server.
|
| services.quake3-server.enable | Whether to enable Quake 3 dedicated server.
|
| services.jirafeau.enable | Whether to enable Jirafeau file upload application.
|
| services.postsrsd.enable | Whether to enable the postsrsd SRS server for Postfix..
|
| services.xandikos.enable | Whether to enable Xandikos CalDAV and CardDAV server.
|
| services.znapzend.enable | Whether to enable ZnapZend ZFS backup daemon.
|
| services.webhook.enable | Whether to enable Webhook, a server written in Go that allows you to create HTTP endpoints (hooks),
which execute configured commands for any person or service that knows the URL
.
|
| services.locate.enable | If enabled, NixOS will periodically update the database of
files used by the locate command.
|
| services.clamav.scanner.enable | Whether to enable ClamAV scanner.
|
| services.saunafs.client.enable | Whether to enable Saunafs client.
|
| services.moosefs.client.enable | Whether to enable MooseFS client.
|
| system.autoUpgrade.enable | Whether to periodically upgrade NixOS to the latest
version
|
| hardware.amdgpu.initrd.enable | Whether to enable loading amdgpu kernelModule in stage 1
|
| services.meme-bingo-web.enable | Whether to enable a web app for the meme bingo, rendered entirely on the web server and made interactive with forms
|
| security.pam.ussh.enable | Enables Uber's USSH PAM (pam-ussh) module
|
| services.forgejo.lfs.enable | Enables git-lfs support.
|
| services.displayManager.ly.x11Support | Whether to enable support for X11
|
| services.kmscon.enable | Whether to enable kmscon as the virtual console instead of gettys.
kmscon is a kms/dri-based userspace virtual terminal implementation
|
| services.ddns-updater.enable | Whether to enable Container to update DNS records periodically with WebUI for many DNS providers.
|
| services.teleport.diag.enable | Whether to enable endpoints for monitoring purposes
|
| services.docling-serve.enable | Whether to enable Docling Serve server.
|
| services.endlessh-go.enable | Whether to enable endlessh-go service.
|
| services.wg-access-server.enable | Whether to enable wg-access-server.
|
| services.drupal.sites.<name>.enable | Whether to enable Drupal web application.
|
| programs.gamemode.enable | Whether to enable GameMode to optimise system performance on demand.
|
| programs.sniffnet.enable | Whether to enable sniffnet, a network traffic monitor application.
|
| services.fediwall.enable | Whether to enable fediwall, a social media wall for the fediverse.
|
| services.keycloak.enable | Whether to enable the Keycloak identity and access management
server.
|
| services.docuseal.enable | Whether to enable DocuSeal, open source document signing.
|
| services.ferretdb.enable | Whether to enable FerretDB, an Open Source MongoDB alternative.
|
| services.touchegg.enable | Whether to enable touchegg, a multi-touch gesture recognizer.
|
| services.mastodon.enable | Whether to enable Mastodon, a federated social network server.
|
| services.novacomd.enable | Whether to enable Novacom service for connecting to WebOS devices.
|
| services.scrutiny.enable | Whether to enable Scrutiny, a web application for drive monitoring.
|
| services.mainsail.enable | Whether to enable a modern and responsive user interface for Klipper.
|
| services.tuliprox.enable | Whether to enable Tuliprox IPTV playlist processor & proxy.
|
| services.stalwart.enable | Whether to enable the all-in-one collaboration and mail server, Stalwart.
|
| services.tts.servers.<name>.enable | Whether to enable Coqui TTS server.
|
| services.clamav.updater.enable | Whether to enable ClamAV freshclam updater.
|
| services.netdata.python.enable | Whether to enable python-based plugins
|
| services.envfs.enable | Fuse filesystem that returns symlinks to executables based on the PATH
of the requesting process
|
| hardware.tuxedo-rs.tailor-gui.enable | Whether to enable tailor-gui, an alternative to TUXEDO Control Center, written in Rust.
|
| services.pretix.nginx.enable | Whether to set up an nginx virtual host.
|
| services.rpcbind.enable | Whether to enable rpcbind, an ONC RPC directory service
notably used by NFS and NIS, and which can be queried
using the rpcinfo(1) command. rpcbind is a replacement for
portmap.
|
| services.libeufin.bank.enable | Whether to enable libeufin core banking system and web interface.
|
| hardware.keyboard.teck.enable | Whether to enable non-root access to the firmware of TECK keyboards.
|
| services.thanos.sidecar.enable | Whether to enable the Thanos sidecar for Prometheus server.
|
| services.chromadb.enable | Whether to enable ChromaDB, an open-source AI application database..
|
| services.harmonia.enable | Whether to enable Harmonia: Nix binary cache written in Rust.
|
| services.gemstash.enable | Whether to enable gemstash, a cache for rubygems.org and a private gem server.
|
| services.spoolman.enable | Whether to enable Spoolman, a filament spool inventory management system..
|
| services.resolved.enable | Whether to enable the Systemd DNS resolver daemon (systemd-resolved).
|
| services.listmonk.enable | Whether to enable Listmonk, this module assumes a reverse proxy to be set.
|
| services.svnserve.enable | Whether to enable svnserve to serve Subversion repositories through the SVN protocol.
|
| services.routedns.enable | Whether to enable RouteDNS - DNS stub resolver, proxy and router.
|
| systemd.shutdownRamfs.enable | Whether to enable pivoting back to an initramfs for shutdown.
|
| networking.nat.enable | Whether to enable Network Address Translation (NAT)
|
| services.gnunet.enable | Whether to run the GNUnet daemon
|
| services.munin-cron.enable | Enable munin-cron
|
| services.avahi.enable | Whether to run the Avahi daemon, which allows Avahi clients
to use Avahi's service discovery facilities and also allows
the local machine to advertise its presence and services
(through the mDNS responder implemented by avahi-daemon).
|
| services.gnome.gnome-user-share.enable | Whether to enable GNOME User Share, a user-level file sharing service for GNOME.
|
| programs.java.enable | Install and setup the Java development kit.
This adds JAVA_HOME to the global environment, by sourcing the
jdk's setup-hook on shell init
|
| services.bacula-fd.tls.enable | Specifies if TLS should be enabled
|
| services.bacula-sd.tls.enable | Specifies if TLS should be enabled
|
| hardware.sensor.hddtemp.enable | Enable this option to support HDD/SSD temperature sensors.
|
| services.bird-lg.frontend.enable | Whether to enable Bird Looking Glass Frontend Webserver.
|
| programs.river.xwayland.enable | Whether to enable XWayland.
|
| programs.appimage.enable | Whether to enable appimage-run wrapper script for executing appimages on NixOS.
|
| services.dawarich.enable | Whether to enable Dawarich, a self-hostable alternative to Google Location History.
|
| services.bitbox-bridge.enable | Whether to enable Bitbox bridge daemon, for use with Bitbox hardware wallets..
|
| programs.hyprlock.enable | Whether to enable hyprlock, Hyprland's GPU-accelerated screen locking utility.
|
| programs.haguichi.enable | Whether to enable Haguichi, a Linux GUI frontend to the proprietary LogMeIn Hamachi.
|
| services.freshrss.enable | Whether to enable FreshRSS RSS aggregator and reader with php-fpm backend.
|
| services.redshift.enable | Enable Redshift to change your screen's colour temperature depending on
the time of day.
|
| services.sunshine.enable | Whether to enable Sunshine, a self-hosted game stream host for Moonlight.
|
| services.stirling-pdf.enable | Whether to enable the stirling-pdf service.
|
| services.static-web-server.enable | Whether to enable Static Web Server.
|
| services.mtr-exporter.enable | Whether to enable a Prometheus exporter for MTR.
|
| services.datadog-agent.enable | Whether to enable Datadog-agent v7 monitoring service.
|
| services.spice-webdavd.enable | Whether to enable the spice guest webdav proxy daemon.
|
| hardware.sane.drivers.scanSnap.enable | Whether to enable drivers for the Fujitsu ScanSnap scanners
|
| services.netbird.ui.enable | Controls presence netbird-ui wrappers, defaults to presence of graphical sessions.
|
| services.dnsmasq.enable | Whether to run dnsmasq.
|
| services.aria2.enable | Whether or not to enable the headless Aria2 daemon service
|
| systemd.user.slices.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.user.timers.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.cloud-init.btrfs.enable | Allow the cloud-init service to operate btrfs filesystem.
|
| hardware.nvidia.prime.sync.enable | Whether to enable NVIDIA Optimus support using the NVIDIA proprietary driver via PRIME
|
| services.synergy.server.enable | Whether to enable the Synergy server (send keyboard and mouse events).
|
| services.dae.openFirewall.enable | Whether to enable opening port in the firewall.
|
| services.druid.overlord.enable | Whether to enable Druid Overlord.
|
| systemd.oomd.enableUserSlices | Whether to enable oomd on all user slices (user@.slice) and all user owned slices.
|
| programs.xwayland.enable | Whether to enable Xwayland (an X server for interfacing X11 apps with the Wayland protocol).
|
| hardware.decklink.enable | Whether to enable hardware support for the Blackmagic Design Decklink audio/video interfaces.
|
| services.logcheck.enable | Whether to enable logcheck cron job, to mail anomalies in the system logfiles to the administrator.
|
| services.rabbitmq.enable | Whether to enable the RabbitMQ server, an Advanced Message
Queuing Protocol (AMQP) broker.
|
| services.prowlarr.enable | Whether to enable Prowlarr, an indexer manager/proxy for Torrent trackers and Usenet indexers.
|
| programs.river-classic.enable | Whether to enable river-classic, a dynamic tiling Wayland compositor.
|
| services.transfer-sh.enable | Whether to enable Easy and fast file sharing from the command-line.
|
| services.prosody-filer.enable | Whether to enable Prosody Filer XMPP upload file server.
|
| services.oauth2-proxy.tls.enable | Whether to serve over TLS.
|
| programs.zsh.enableLsColors | Enable extra colors in directory listings (used by ls and tree).
|
| services.lighttpd.cgit.enable | If true, enable cgit (fast web interface for git repositories) as a
sub-service in lighttpd.
|
| services.uhub.<name>.enableTLS | Whether to enable TLS support.
|
| services.keybase.enable | Whether to start the Keybase service.
|
| services.ncps.openTelemetry.enable | Whether to enable Enable OpenTelemetry logs, metrics, and tracing.
|
| services.firezone.relay.enable | Whether to enable the firezone relay server.
|
| services.taler.exchange.enable | Whether to enable the GNU Taler exchange.
|
| services.pipewire.pulse.enable | Whether to enable PulseAudio server emulation.
|
| services.taler.merchant.enable | Whether to enable the GNU Taler merchant.
|
| systemd.network.links.<name>.enable | Whether to enable this .link unit
|
| programs.seahorse.enable | Whether to enable Seahorse, a GNOME application for managing encryption keys and passwords in the GNOME Keyring.
|
| programs.chromium.enable | Whether to enable policies for chromium based browsers like Chromium, Google Chrome or Brave.
|
| services.fail2ban.enable | Whether to enable the fail2ban service
|
| services.portunus.enable | Whether to enable Portunus, a self-contained user/group management and authentication service for LDAP.
|
| services.minidlna.enable | Whether to enable MiniDLNA, a simple DLNA server
|
| services.bacula-dir.tls.enable | Specifies if TLS should be enabled
|
| services.pingvin-share.enable | Whether to enable Pingvin Share, a self-hosted file sharing platform.
|
| services.i2pd.inTunnels.<name>.enable | Whether to enable ‹name›.
|
| programs.iio-hyprland.enable | Whether to enable iio-hyprland and iio-sensor-proxy.
|
| hardware.display.edid.enable | Enables handling of EDID files
|
| boot.loader.initScript.enable | Some systems require a /sbin/init script which is started
|
| services.udisks2.enable | Whether to enable udisks2, a DBus service that allows applications to query and manipulate storage devices.
|
| services.synergy.client.enable | Whether to enable the Synergy client (receive keyboard and mouse events from a Synergy server).
|
| services.thanos.compact.enable | Whether to enable the Thanos compactor which continuously compacts blocks in an object store bucket.
|
| services.tahoe.nodes.<name>.helper.enable | Whether to enable helper service.
|
| services.tzupdate.timer.enable | Enable the tzupdate timer to update the timezone automatically.
|
| services.postfix.enable | Whether to run the Postfix mail server.
|
| services.tinydns.enable | Whether to run the tinydns dns server
|
| services.sourcehut.hg.enable | Whether to enable hg service.
|
| services.airsonic.enable | Whether to enable Airsonic, the Free and Open Source media streaming server (fork of Subsonic and Libresonic).
|
| services.microbin.enable | Whether to enable MicroBin is a super tiny, feature rich, configurable paste bin web application.
|
| services.goxlr-utility.enable | Whether to enable goxlr-utility for controlling your TC-Helicon GoXLR or GoXLR Mini
|
| services.sslmate-agent.enable | Whether to enable sslmate-agent, a daemon for managing SSL/TLS certificates on a server.
|
| services.geth.<name>.metrics.enable | Whether to enable Go Ethereum prometheus metrics.
|
| services.cachix-watch-store.enable | Whether to enable Cachix Watch Store: https://docs.cachix.org.
|
| services.netbird.server.enable | Whether to enable Netbird Server stack, comprising the dashboard, management API and signal service.
|
| services.moosefs.master.enable | Enable MooseFS master daemon
|
| services.cloud-init.ext4.enable | Allow the cloud-init service to operate ext4 filesystem.
|
| services.nsd.remoteControl.enable | Whether to enable remote control via nsd-control.
|
| services.scion.scion-control.enable | Whether to enable the scion-control service.
|
| hardware.nfc-nci.enableIFD | Register ifdnfc-nci as a serial reader with pcscd.
|
| programs.bash.enableLsColors | Whether to enable extra colors in directory listings.
|
| services.connman.enable | Whether to use ConnMan for managing your network connections.
|
| systemd.oomd.enableSystemSlice | Whether to enable oomd on the system slice (system.slice).
|
| services.rsyslogd.enable | Whether to enable syslogd
|
| services.chrony.enableNTS | Whether to enable Network Time Security authentication
|
| programs.atop.atopRotateTimer.enable | Whether to enable the atop-rotate timer, which restarts the atop service
daily to make sure the data files are rotate.
|
| services.matrix-tuwunel.enable | Whether to enable tuwunel.
|
| services.geth.<name>.authrpc.enable | Whether to enable Go Ethereum Auth RPC API.
|
| programs.pay-respects.enable | Whether to enable pay-respects, an app which corrects your previous console command.
|
| services.i2pd.outTunnels.<name>.enable | Whether to enable ‹name›.
|
| programs.ssh.systemd-ssh-proxy.enable | Whether to enable systemd's ssh proxy plugin
|
| services.actkbd.enable | Whether to enable the actkbd key mapping daemon
|
| hardware.new-lg4ff.enable | Enables improved Linux module drivers for Logitech driving wheels
|
| services.libeufin.nexus.enable | Whether to enable libeufin core banking system and web interface.
|
| services.tor.controlSocket.enable | Whether to enable control socket,
created in /run/tor/control.
|
| services.sourcehut.git.enable | Whether to enable git service.
|
| services.sourcehut.man.enable | Whether to enable man service.
|
| services.sourcehut.hub.enable | Whether to enable hub service.
|
| services.gns3-server.ubridge.enable | Whether to enable uBridge support.
|
| services.nsd.ratelimit.enable | Whether to enable ratelimit capabilities.
|
| services.netbox.enableLdap | Enable LDAP-Authentication for Netbox
|
| boot.initrd.network.udhcpc.enable | Enables the udhcpc service during stage 1 of the boot process
|
| services.tzupdate.enable | Enable the tzupdate timezone updating service
|
| services.thanos.receive.enable | Whether to enable the Thanos receiver which accept Prometheus remote write API requests and write to local tsdb.
|
| services.matrix-conduit.enable | Whether to enable matrix-conduit.
|
| services.openafsClient.enable | Whether to enable the OpenAFS client.
|
| services.postfix-tlspol.enable | Whether to enable postfix-tlspol.
|
| services.trilium-server.enable | Whether to enable trilium-server.
|
| services.rstudio-server.enable | Whether to enable RStudio server.
|
| services.stalwart-mail.enable | Whether to enable the Stalwart all-in-one email server.
|
| services.mjpg-streamer.enable | Whether to enable mjpg-streamer webcam streamer.
|
| services.athens.enablePprof | Enable pprof endpoints.
|
| services.physlock.enable | Whether to enable the physlock screen locking mechanism
|
| systemd.nspawn.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.timers.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.slices.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.hostapd.enable | Whether to enable hostapd, a user space daemon for access point and
authentication servers
|
| security.pam.yubico.enable | Enables Yubico PAM (yubico-pam) module
|
| services.pingvin-share.nginx.enable | Whether to enable a Nginx reverse proxy for Pingvin Share..
|
| services.bluesky-pds.goat.enable | Add goat to PATH
|
| services.monero.mining.enable | Whether to mine monero.
|
| hardware.deviceTree.enable | Build device tree files
|
| boot.initrd.network.enable | Add network connectivity support to initrd
|
| services.gitDaemon.enable | Enable Git daemon, which allows public hosting of git repositories
without any access controls
|
| programs.wavemon.enable | Whether to add wavemon to the global environment and configure a
setcap wrapper for it.
|
| programs.spacefm.enable | Whether to install SpaceFM and create /etc/spacefm/spacefm.conf.
|
| services.dashy.enable | Whether to enable Dashy, a highly customizable, easy to use, privacy-respecting dashboard app
|
| services.anuko-time-tracker.enable | Whether to enable Anuko Time Tracker.
|
| services.whoogle-search.enable | Whether to enable Whoogle, a metasearch engine.
|
| services.ax25.axlisten.enable | Whether to enable AX.25 axlisten daemon.
|
| services.pdns-recursor.enable | Whether to enable PowerDNS Recursor, a recursive DNS server.
|
| services.firezone.server.web.enable | Whether to enable the Firezone web server.
|
| services.firezone.server.api.enable | Whether to enable the Firezone api server.
|
| services.hardware.lcd.server.enable | Enable the LCD panel server (LCDd)
|
| services.hardware.lcd.client.enable | Enable the LCD panel client (LCDproc)
|
| services.httpd.enableMellon | Whether to enable the mod_auth_mellon module.
|
| services.scion.scion-ip-gateway.enable | Whether to enable the scion-ip-gateway service.
|
| programs.uwsm.enable | Whether to enable uwsm, which wraps standalone Wayland compositors with a set
of Systemd units on the fly
|
| services.xserver.imwheel.enable | Whether to enable IMWheel service.
|
| services.freshrss.api.enable | Whether to enable API access for mobile apps and third-party clients (Google Reader API and Fever API)
|
| security.tpm2.pkcs11.enable | Whether to enable TPM2 PKCS#11 tool and shared library in system path
(/run/current-system/sw/lib/libtpm2_pkcs11.so)
.
|
| services.saunafs.master.enable | Enable Saunafs master daemon
|
| services.nylon.<name>.enable | Enables nylon as a running service upon activation.
|
| security.pam.u2f.enable | Enables U2F PAM (pam-u2f) module
|
| services.tor.tsocks.enable | Whether to build tsocks wrapper script to relay application traffic via Tor.
You shouldn't use this unless you know what you're
doing because your installation of Tor already comes with
its own superior (doesn't leak DNS queries)
torsocks wrapper which does pretty much
exactly the same thing as this.
|
| services.apcupsd.enable | Whether to enable the APC UPS daemon. apcupsd monitors your UPS and
permits orderly shutdown of your computer in the event of a power
failure
|
| services.trickster.enable | Enable Trickster.
|
| services.open-web-calendar.enable | Whether to enable OpenWebCalendar service.
|
| services.redis.servers.<name>.enable | Whether to enable Redis server.
|
| services.rspamd-trainer.enable | Whether to enable Spam/ham trainer for rspamd.
|
| services.matrix-synapse.enable | Whether to enable matrix.org synapse, the reference homeserver.
|
| services.hadoop.gatewayRole.enable | Whether to enable gateway role for deploying hadoop configs.
|
| services.livekit.ingress.enable | Whether to enable the livekit ingress service.
|
| services.i2pd.yggdrasil.enable | Whether to enable Yggdrasil.
|
| services.i2pd.websocket.enable | Whether to enable websockets.
|
| services.connman.enableVPN | Whether to enable ConnMan VPN service.
|
| services.mullvad-vpn.enable | This option enables Mullvad VPN daemon.
|
| boot.initrd.systemd.dmVerity.enable | Mount verity-protected block devices in the initrd
|
| programs.plotinus.enable | Whether to enable the Plotinus GTK 3 plugin
|
| services.warpgate.enable | Whether to enable Warpgate
|
| programs.openvpn3.enable | Whether to enable the openvpn3 client.
|
| boot.loader.limine.secureBoot.enable | Whether to use sign the limine binary with sbctl.
This requires you to already have generated the keys and enrolled them with sbctl
|
| programs.tcpdump.enable | Whether to configure a setcap wrapper for tcpdump
|
| programs.cardboard.enable | Whether to enable cardboard.
|
| services.commafeed.enable | Whether to enable CommaFeed.
|
| services.borgmatic.enable | Whether to enable borgmatic.
|
| programs.benchexec.enable | Whether to enable BenchExec.
|
| services.glitchtip.enable | Whether to enable GlitchTip.
|
| services.invidious.enable | Whether to enable Invidious.
|
| services.duplicati.enable | Whether to enable Duplicati.
|
| services.lanraragi.enable | Whether to enable LANraragi.
|
| services.kapacitor.enable | Whether to enable kapacitor.
|
| services.infinoted.enable | Whether to enable infinoted.
|
| programs.chrysalis.enable | Whether to enable Chrysalis.
|
| services.firewalld.enable | Whether to enable FirewallD.
|
| services.postgrest.enable | Whether to enable PostgREST.
|
| services.rosenpass.enable | Whether to enable Rosenpass.
|
| services.rutorrent.enable | Whether to enable ruTorrent.
|
| services.nextcloud.enable | Whether to enable nextcloud.
|
| services.typesense.enable | Whether to enable typesense.
|
| services.mediawiki.enable | Whether to enable MediaWiki.
|
| services.plausible.enable | Whether to enable plausible.
|
| services.pinchflat.enable | Whether to enable pinchflat.
|
| services.memcached.enable | Whether to enable Memcached.
|
| services.pacemaker.enable | Whether to enable pacemaker.
|
| services.rss2email.enable | Whether to enable rss2email.
|
| services.manticore.enable | Whether to enable Manticoresearch.
|
| services.opencloud.enable | Whether to enable OpenCloud.
|
| services.pixiecore.enable | Whether to enable Pixiecore.
|
| services.zookeeper.enable | Whether to enable Zookeeper.
|
| services.portunus.dex.enable | Whether to enable Dex ldap connector
|
| services.h2o.hosts.<name>.acme.enable | Whether to ask Let’s Encrypt to sign a certificate for this
virtual host
|
| services.froide-govplan.enable | Whether to enable Gouvernment planer web app Govplan.
|
| services.calibre-server.enable | Whether to enable calibre-server (e-book software).
|
| services.lasuite-meet.enableNginx | Whether to enable enable and configure Nginx for reverse proxying.
|
| services.lasuite-docs.enableNginx | Whether to enable enable and configure Nginx for reverse proxying.
|
| services.ncps.prometheus.enable | Whether to enable Enable Prometheus metrics endpoint at /metrics.
|
| services.jitsi-meet.nginx.enable | Whether to enable nginx virtual host that will serve the javascript application and act as
a proxy for the XMPP server
|
| programs.dsearch.systemd.enable | Whether to enable systemd user service for dsearch.
|
| services.sourcehut.meta.enable | Whether to enable meta service.
|
| services.sourcehut.todo.enable | Whether to enable todo service.
|
| services.icecream.daemon.enable | Whether to enable Icecream Daemon.
|
| services.gitlab.registry.enable | Enable GitLab container registry.
|
| services.firezone.server.enable | Whether to enable all Firezone components.
|
| services.graphite.seyren.enable | Whether to enable seyren service.
|
| services.orangefs.server.enable | Whether to enable OrangeFS server.
|
| boot.initrd.systemd.repart.enable | Grow and add partitions to a partition table at boot time in the initrd.
systemd-repart only works with GPT partition tables
|
| services.gitolite.enable | Enable gitolite management under the
gitolite user
|
| programs.regreet.enable | Enable ReGreet, a clean and customizable greeter for greetd
|
| services.avahi.publish.enable | Whether to allow publishing in general.
|
| boot.specialFileSystems.<name>.enable | Whether to enable the filesystem mount.
|
| services.nix-store-gcs-proxy.<name>.enable | Whether to enable proxy for this bucket
|
| services.hadoop.hdfs.namenode.enable | Whether to enable HDFS NameNode.
|
| services.hadoop.hdfs.datanode.enable | Whether to enable HDFS DataNode.
|
| services.hqplayerd.enable | Whether to enable HQPlayer Embedded.
|
| services.duplicity.enable | Whether to enable backups with duplicity.
|
| services.fakeroute.enable | Whether to enable the fakeroute service.
|
| services.librechat.enable | Whether to enable the LibreChat server.
|
| services.glusterfs.enable | Whether to enable GlusterFS Daemon.
|
| programs.gnome-terminal.enable | Whether to enable GNOME Terminal.
|
| services.lambdabot.enable | Enable the Lambdabot IRC bot
|
| programs.fcast-receiver.enable | Whether to enable FCast Receiver.
|
| services.bitmagnet.enable | Whether to enable Bitmagnet service.
|
| services.aerospike.enable | Whether to enable Aerospike server.
|
| hardware.bluetooth.enable | Whether to enable support for Bluetooth.
|
| services.sickbeard.enable | Whether to enable the sickbeard server.
|
| services.smokeping.enable | Whether to enable smokeping service.
|
| services.netclient.enable | Whether to enable Netclient Daemon.
|
| services.supergfxd.enable | Whether to enable the supergfxd service.
|
| services.teeworlds.enable | Whether to enable Teeworlds Server.
|
| services.opensmtpd.enable | Whether to enable the OpenSMTPD server.
|
| services.miniupnpd.enable | Whether to enable MiniUPnP daemon.
|
| services.rethinkdb.enable | Whether to enable RethinkDB server.
|
| services.tinyproxy.enable | Whether to enable Tinyproxy daemon.
|
| services.rsnapshot.enable | Whether to enable rsnapshot backups.
|
| services.recyclarr.enable | Whether to enable recyclarr service.
|
| services.mackerel-agent.enable | Whether to enable mackerel.io agent.
|
| services.dnscrypt-proxy.enable | Whether to enable dnscrypt-proxy.
|
| security.pam.services.<name>.enable | Whether to enable this PAM service.
|
| services.mautrix-signal.enable | Whether to enable mautrix-signal, a Matrix-Signal puppeting bridge.
|
| services.displayManager.ly.enable | Whether to enable ly as the display manager.
|
| services.bcachefs.autoScrub.enable | Whether to enable regular bcachefs scrub.
|
| services.jitsi-meet.secureDomain.enable | Whether to enable Authenticated room creation.
|
| services.orangefs.client.enable | Whether to enable OrangeFS client daemon.
|
| services.soju.adminSocket.enable | Listen for admin connections from sojuctl at /run/soju/admin.
|
| programs.corectrl.enable | Whether to enable CoreCtrl, a tool to overclock amd graphics cards and processors
|
| hardware.keyboard.uhk.enable | Whether to enable non-root access to the firmware of UHK keyboards
|
| services.pretalx.nginx.enable | Whether to set up an nginx virtual host.
|
| hardware.facter.detected.dhcp.enable | Whether to enable Facter dhcp module.
|
| services.sitespeed-io.enable | Whether to enable Sitespeed.io.
|
| services.charybdis.enable | Whether to enable Charybdis IRC daemon.
|
| services.immich-public-proxy.enable | Whether to enable Immich Public Proxy.
|
| services.libreswan.enable | Whether to enable Libreswan IPsec service.
|
| hardware.rasdaemon.enable | Whether to enable RAS logging daemon.
|
| programs.dms-shell.plugins.<name>.enable | Whether to enable this plugin
|
| services.greenclip.enable | Whether to enable Greenclip, a clipboard manager.
|
| services.darkhttpd.enable | Whether to enable DarkHTTPd web server.
|
| services.heartbeat.enable | Whether to enable heartbeat, uptime monitoring.
|
| programs.pulseview.enable | Whether to enable pulseview, a sigrok GUI.
|
| services.shellhub-agent.enable | Whether to enable ShellHub Agent daemon.
|
| services.stargazer.enable | Whether to enable Stargazer Gemini server.
|
| services.softether.enable | Whether to enable SoftEther VPN services.
|
| services.openiscsi.enable | Whether to enable the openiscsi iscsi daemon.
|
| services.tailscale.enable | Whether to enable Tailscale client daemon.
|
| services.openarena.enable | Whether to enable OpenArena game server.
|
| services.namecoind.enable | Whether to enable namecoind, Namecoin client.
|
| services.schleuder.enable | Whether to enable Schleuder secure remailer.
|
| services.mosquitto.enable | Whether to enable the MQTT Mosquitto broker.
|
| services.pgbouncer.enable | Whether to enable PostgreSQL connection pooler.
|
| services.navidrome.enable | Whether to enable Navidrome music server.
|
| services.logrotate.enable | Whether to enable the logrotate systemd service.
|
| services.powerdns-admin.enable | Whether to enable the PowerDNS web interface.
|
| services.yggdrasil.enable | Whether to enable the yggdrasil system service.
|
| services.journald.remote.enable | Whether to enable receiving systemd journals from the network.
|
| services.lighttpd.gitweb.enable | If true, enable gitweb in lighttpd
|
| services.druid.middleManager.enable | Whether to enable Druid middleManager.
|
| services.public-inbox.postfix.enable | Whether to enable the integration into Postfix.
|
| programs.fish.vendor.config.enable | Whether fish should source configuration snippets provided by other packages.
|
| services.gitea.captcha.enable | Enables Gitea to display a CAPTCHA challenge on registration.
|
| services.pds.pdsadmin.enable | Add pdsadmin script to PATH
|
| services.nitter.config.enableRSS | Whether to enable RSS feeds.
|
| hardware.cpu.intel.sgx.provision.enable | Whether to enable access to the Intel SGX provisioning device.
|
| networking.nat.enableIPv6 | Whether to enable IPv6 NAT.
|
| networking.dhcpcd.enable | Whether to enable dhcpcd for device configuration
|
| services.journald.upload.enable | Whether to enable uploading the systemd journal to a remote server.
|
| hardware.glasgow.enable | Enables Glasgow udev rules and ensures 'plugdev' group exists
|
| systemd.sysusers.enable | If enabled, users are created with systemd-sysusers instead of with
the custom update-users-groups.pl script
|
| services.gnome.core-os-services.enable | Whether to enable essential services for GNOME3.
|
| services.handheld-daemon.ui.enable | Whether to enable Handheld Daemon UI.
|
| services.mysql.galeraCluster.enable | Whether to enable MariaDB Galera Cluster.
|
| services.imaginary.enable | Whether to enable imaginary image processing microservice.
|
| hardware.openrazer.enable | Whether to enable OpenRazer drivers and userspace daemon
.
|
| hardware.spacenavd.enable | Whether to enable spacenavd to support 3DConnexion devices.
|
| hardware.ubertooth.enable | Whether to enable Ubertooth software and its udev rules.
|
| programs.rog-control-center.enable | Whether to enable the rog-control-center application.
|
| services.spice-vdagentd.enable | Whether to enable Spice guest vdagent daemon.
|
| services.thelounge.enable | Whether to enable The Lounge web IRC client.
|
| services.mirakurun.enable | Whether to enable the Mirakurun DVR Tuner Server.
|
| services.unclutter.enable | Enable unclutter to hide your mouse cursor when inactive
|
| services.magnetico.enable | Whether to enable Magnetico, Bittorrent DHT crawler.
|
| services.throttled.enable | Whether to enable fix for Intel CPU throttling.
|
| services.mediatomb.enable | Whether to enable the Gerbera/Mediatomb DLNA server.
|
| services.usbrelayd.enable | Whether to enable USB Relay MQTT daemon.
|
| systemd.user.targets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.user.sockets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.netbird.server.signal.enable | Whether to enable Netbird's Signal Service.
|
| services.tuptime.timer.enable | Whether to regularly log uptime to detect bad shutdowns.
|
| services.part-db.enableNginx | Whether to enable nginx or not
|
| hardware.keyboard.zsa.enable | Whether to enable udev rules for keyboards from ZSA like the ErgoDox EZ, Planck EZ and Moonlander Mark I
|
| services.displayManager.gdm.enable | Whether to enable GDM, the GNOME Display Manager.
|
| services.tahoe.nodes.<name>.storage.enable | Whether to enable storage service.
|
| services.resilio.enable | If enabled, start the Resilio Sync daemon
|
| services.local-content-share.enable | Whether to enable Local-Content-Share.
|
| programs.quark-goldleaf.enable | Whether to enable quark-goldleaf with udev rules applied.
|
| services.hologram-agent.enable | Whether to enable the Hologram agent for AWS instance credentials
|
| services.autorandr.enable | Whether to enable handling of hotplug and sleep events by autorandr.
|
| services.create_ap.enable | Whether to enable setting up wifi hotspots using create_ap.
|
| services.discourse.enable | Whether to enable Discourse, an open source discussion platform.
|
| services.gotenberg.enable | Whether to enable Gotenberg, a stateless API for PDF files.
|
| services.swapspace.enable | Whether to enable Swapspace, a dynamic swap space manager.
|
| services.octoprint.enable | Whether to enable OctoPrint, web interface for 3D printers.
|
| services.moonraker.enable | Whether to enable Moonraker, an API web server for Klipper.
|
| services.mobilizon.enable | Whether to enable Mobilizon federated organization and mobilization platform.
|
| services.saslauthd.enable | Whether to enable saslauthd, the Cyrus SASL authentication daemon.
|
| services.ustreamer.enable | Whether to enable µStreamer, a lightweight MJPEG-HTTP streamer.
|
| services.watchdogd.enable | Whether to enable watchdogd, an advanced system & process supervisor.
|
| hardware.enableAllHardware | Whether to enable Enable support for most hardware.
|
| services.gnome.gnome-keyring.enable | Whether to enable GNOME Keyring daemon, a service designed to
take care of the user's security credentials,
such as user names and passwords
.
|
| system.rebuild.enableNg | Whether to use ‘nixos-rebuild-ng’ in place of ‘nixos-rebuild’, the
Python-based re-implementation of the original in Bash.
|
| services.dovecot2.enable | Whether to enable the dovecot 2.x POP3/IMAP server.
|
| services.printing.cups-pdf.enable | Whether to enable the cups-pdf virtual pdf printer backend
|
| hardware.hackrf.enable | Enables hackrf udev rules and ensures 'plugdev' group exists
|
| services.xserver.wacom.enable | Whether to enable the Wacom touchscreen/digitizer/tablet
|
| services.immich.database.enable | Whether to enable the postgresql database for use with immich
|
| services.firezone.gui-client.enable | Whether to enable the firezone gui client.
|
| services.resilio.enableWebUI | Enable Web UI for administration
|
| systemd.coredump.enable | Whether core dumps should be processed by
systemd-coredump
|
| services.broadcast-box.enable | Whether to enable Broadcast Box.
|
| programs.k40-whisperer.enable | Whether to enable K40-Whisperer.
|
| services.cassandra.enable | Whether to enable Apache Cassandra – Scalable and highly available database
.
|
| programs.gamescope.enable | Whether to enable gamescope, the SteamOS session compositing window manager.
|
| services.blendfarm.enable | Whether to enable Blendfarm, a render farm management software for Blender.
|
| services.headscale.enable | Whether to enable headscale, Open Source coordination server for Tailscale.
|
| programs.nexttrace.enable | Whether to enable Nexttrace to the global environment and configure a setcap wrapper for it.
|
| services.nginx.proxyCachePath.<name>.enable | Whether to enable this proxy cache path entry.
|
| services.multipath.enable | Whether to enable the device mapper multipath (DM-MP) daemon.
|
| services.zeitgeist.enable | Whether to enable zeitgeist, a service which logs the users' activities and events.
|
| programs.miriway.enable | Whether to enable Miriway, a Mir based Wayland compositor
|
| services.sourcehut.lists.enable | Whether to enable lists service.
|
| services.sourcehut.paste.enable | Whether to enable paste service.
|
| services.sourcehut.pages.enable | Whether to enable pages service.
|
| services.slurm.dbdserver.enable | Whether to enable SlurmDBD service.
|
| networking.ifstate.enable | Whether to enable networking using IfState.
|
| services.passSecretService.enable | Whether to enable pass secret service.
|
| services.hadoop.hbase.regionServer.enable | Whether to enable HBase regionServer.
|
| programs.localsend.enable | Whether to enable localsend, an open source cross-platform alternative to AirDrop.
|
| services.jmusicbot.enable | Whether to enable jmusicbot, a Discord music bot that's easy to set up and run yourself.
|
| services.openwebrx.enable | Whether to enable OpenWebRX Web interface for Software-Defined Radios on http://localhost:8073.
|
| programs.git.lfs.enablePureSSHTransfer | Whether to enable Enable pure SSH transfer in server side by adding git-lfs-transfer to environment.systemPackages.
|
| boot.initrd.services.resolved.enable | Whether to enable resolved for stage 1 networking
|
| services.cloud-init.enable | Enable the cloud-init service
|
| boot.initrd.systemd.contents.<name>.enable | Whether to enable copying of this file and symlinking it.
|
| powerManagement.enable | Whether to enable power management
|
| services.sourcehut.nginx.enable | Whether to enable local nginx integration.
|
| services.sourcehut.minio.enable | Whether to enable local minio integration.
|
| services.displayManager.sddm.enable | Whether to enable sddm as the display manager.
|
| services.tailscale.serve.enable | Whether to enable Tailscale Serve configuration.
|
| services.syncthing.relay.enable | Whether to enable Syncthing relay service.
|
| services.firezone.server.nginx.enable | Whether to enable nginx virtualhost definition.
|
| programs.yubikey-manager.enable | Whether to enable yubikey-manager.
|
| programs.flashprog.enable | Whether to enable configuring flashprog udev rules and
installing flashprog as system package
.
|
| services.overseerr.enable | Whether to enable Overseerr, a request management and media discovery tool for the Plex ecosystem.
|
| programs.flexoptix-app.enable | Whether to enable FLEXOPTIX app + udev rules.
|
| programs.ns-usbloader.enable | Whether to enable ns-usbloader application with udev rules applied.
|
| programs.gnupg.dirmngr.enable | Enables GnuPG network certificate management daemon with socket-activation for every user session.
|
| services.samba.winbindd.enable | Whether to enable Samba's winbindd, which provides a number of services
to the Name Service Switch capability found in most modern C libraries,
to arbitrary applications via PAM and ntlm_auth and to Samba itself.
|
| services.mongodb.enableAuth | Enable client authentication
|
| hardware.graphics.enable | Whether to enable hardware accelerated graphics drivers
|
| system.tools.nixos-generate-config.enable | Whether to enable nixos-generate-config script.
|
| services.lasuite-meet.livekit.enable | Whether to enable Configure local livekit server.
|
| services.kanidm.enableClient | Whether to enable the Kanidm client.
|
| services.kanidm.enableServer | Whether to enable the Kanidm server.
|
| services.ihaskell.enable | Autostart an IHaskell notebook service.
|
| services.syncplay.enable | If enabled, start the Syncplay server.
|
| services.postgrey.enable | Whether to run the Postgrey daemon
|
| services.gns3-server.dynamips.enable | Whether to enable Dynamips support.
|
| services.ax25.axports.<name>.enable | Whether to enable Enables the axport interface.
|
| services.netbird.enable | Enables backward-compatible NetBird client service
|
| services.geoclue2.enable | Whether to enable GeoClue 2 daemon, a DBus service
that provides location information for accessing.
|
| programs.joycond-cemuhook.enable | Whether to enable joycond-cemuhook, a program to enable support for cemuhook's UDP protocol for joycond devices.
|
| hardware.steam-hardware.enable | Enable udev rules for Steam hardware such as the Steam Controller, other supported controllers and the HTC Vive
|
| hardware.acpilight.enable | Enable acpilight
|
| services.bookstack.enable | Whether to enable BookStack: A platform to create documentation/wiki content built with PHP & Laravel.
|
| services.surrealdb.enable | Whether to enable SurrealDB, a scalable, distributed, collaborative, document-graph database, for the realtime web.
|
| services.syncthing.enable | Whether to enable Syncthing, a self-hosted open-source alternative to Dropbox and Bittorrent Sync.
|
| services.thinkfan.enable | Whether to enable thinkfan, a fan control program.
This module targets IBM/Lenovo thinkpads by default, for
other hardware you will have configure it more carefully.
|
| services.netbird.server.coturn.enable | Whether to enable a Coturn server for Netbird, will also open the firewall on the configured range.
|
| boot.zfs.enabled | True if ZFS filesystem support is enabled
|
| services.tor.torsocks.enable | Whether to build /etc/tor/torsocks.conf
containing the specified global torsocks configuration.
|
| services.deepin.app-services.enable | Whether to enable service collection of DDE applications, including dconfig-center.
|
| services.gnome.gnome-software.enable | Whether to enable GNOME Software, package manager for GNOME.
|
| services.outline.rateLimiter.enable | Whether to enable rate limiter for the application web server.
|
| security.wrappers.<name>.enable | Whether to enable the wrapper.
|
| programs.wayfire.xwayland.enable | Whether to enable XWayland.
|
| hardware.nitrokey.enable | Enables udev rules for Nitrokey devices.
|
| services.bitlbee.enable | Whether to run the BitlBee IRC to other chat network gateway
|
| services.input-remapper.enable | Whether to enable input-remapper, an easy to use tool to change the mapping of your input device buttons.
|
| services.handheld-daemon.enable | Whether to enable Handheld Daemon.
|
| services.dockerRegistry.enable | Whether to enable Docker Registry.
|
| services.buildbot-worker.enable | Whether to enable the Buildbot Worker.
|
| services.plantuml-server.enable | Whether to enable PlantUML server.
|
| services.peertube-runner.enable | Whether to enable peertube-runner.
|
| services.displayManager.enable | Whether to enable shared display manager integration.
|
| systemd.sockets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.targets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.pgadmin.emailServer.enable | Whether to enable SMTP email server
|
| services.sourcehut.redis.enable | Whether to enable local redis integration in a dedicated redis-server.
|
| services.trezord.emulator.enable | Enable Trezor emulator support.
|
| services.gitwatch.<name>.enable | Whether to enable watching for repo.
|
| services.bitcoind.<name>.enable | Whether to enable Bitcoin daemon.
|
| services.dnscache.enable | Whether to run the dnscache caching dns server.
|
| programs.hyprland.enable | Whether to enable Hyprland, the dynamic tiling Wayland compositor that doesn't sacrifice on its looks
|
| services.dunst.enableWayland | Whether to enable Wayland support.
|
| services.znapzend.zetup.<name>.enable | Whether to enable this source.
|
| services.knot.enableXDP | Extends the systemd unit with permissions to allow for the use of
the eXpress Data Path (XDP).
Make sure to read up on functional limitations
when running in XDP mode.
|
| services.rspamd.postfix.enable | Add rspamd milter to postfix main.conf
|
| services.journald.gateway.enable | Whether to enable the HTTP gateway to the journal.
|
| services.dnsdist.dnscrypt.enable | Whether to enable a DNSCrypt endpoint to dnsdist.
|
| networking.wireless.iwd.enable | Whether to enable iwd.
|
| security.run0.enableSudoAlias | Whether to enable make sudo an alias to run0..
|
| services.nomad.enableDocker | Enable Docker support
|
| programs.evolution.enable | Whether to enable Evolution, a Personal information management application that provides integrated mail, calendaring and address book functionality.
|
| programs.feedbackd.enable | Whether to enable the feedbackd D-BUS service and udev rules
|
| services.telepathy.enable | Whether to enable Telepathy service, a communications framework
that enables real-time communication via pluggable protocol backends.
|
| services.longview.enable | If enabled, system metrics will be sent to Linode LongView.
|
| services.buildbot-master.enable | Whether to enable the Buildbot continuous integration server.
|
| services.pretalx.celery.enable | Whether to set up celery as an asynchronous task runner.
|
| services.knot-resolver.enable | Whether to enable knot-resolver (version 6) domain name server
|
| security.pam.services.<name>.ttyAudit.enable | Enable or disable TTY auditing for specified users
|
| services.desktopManager.gnome.enable | Enable GNOME desktop manager.
|
| hardware.nvidia.prime.offload.enable | Whether to enable render offload support using the NVIDIA proprietary driver via PRIME
|
| services.mx-puppet-discord.enable | Whether to enable mx-puppet-discord is a discord puppeting bridge for matrix
|
| services.sourcehut.enable | Whether to enable sourcehut - git hosting, continuous integration, mailing list, ticket tracking, wiki
and account management services
.
|
| hardware.facter.detected.graphics.amd.enable | Whether to enable Enable the AMD Graphics module.
|
| networking.enableIPv6 | Whether to enable support for IPv6.
|
| services.hologram-server.enable | Whether to enable the Hologram server for AWS instance credentials
|
| services.zram-generator.enable | Whether to enable Systemd unit generator for zram devices.
|
| services.xserver.windowManager.dk.enable | Whether to enable dk.
|
| services.bluemap.enableNginx | Enable configuring a virtualHost for serving the bluemap webapp
|
| services.hardware.openrgb.enable | Whether to enable OpenRGB server, for RGB lighting control.
|
| services.pulseaudio.tcp.enable | Whether to enable tcp streaming support.
|
| services.kubernetes.pki.enable | Whether to enable easyCert issuer service.
|
| hardware.sane.brscan4.enable | When enabled, will automatically register the "brscan4" sane
backend and bring configuration files to their expected location.
|
| systemd.network.wait-online.enable | Whether to enable the systemd-networkd-wait-online service.
systemd-networkd-wait-online can timeout and fail if there are no network interfaces
available for it to manage
|
| boot.loader.grub.memtest86.enable | Make Memtest86+, a memory testing program, available from the GRUB
boot menu.
|
| hardware.bumblebee.enable | Enable the bumblebee daemon to manage Optimus hybrid video cards
|
| services.undervolt.enable | Whether to enable Undervolting service for Intel CPUs
|
| boot.loader.systemd-boot.edk2-uefi-shell.enable | Make the EDK2 UEFI Shell available from the systemd-boot menu
|
| hardware.hid-fanatecff.enable | Whether to enable hid-fanatecff, a Linux kernel driver that aims to add support for Fanatec devices.
|
| security.dhparams.enable | Whether to generate new DH params and clean up old DH params.
|
| services.go-csp-collector.enable | Whether to enable go-csp-collector, a content security policy violation collector.
|
| services.logmein-hamachi.enable | Whether to enable LogMeIn Hamachi, a proprietary
(closed source) commercial VPN software.
|
| services.mautrix-discord.enable | Whether to enable Mautrix-Discord, a Matrix-Discord puppeting/relay-bot bridge.
|
| services.tailscaleAuth.enable | Whether to enable tailscale.nginx-auth, to authenticate users via tailscale.
|
| services.printing.browsed.enable | Whether to enable the CUPS Remote Printer Discovery (browsed) daemon.
|
| services.snapserver.tcp.enable | Whether to enable the JSON-RPC via TCP.
|
| services.misskey.reverseProxy.enable | Whether to enable a HTTP reverse proxy for Misskey.
|
| services.sourcehut.builds.enable | Whether to enable builds service.
|
| services.gitlab.logrotate.enable | Enable rotation of log files.
|
| boot.initrd.network.openvpn.enable | Starts an OpenVPN client during initrd boot
|
| services.dolibarr.h2o.acme.enable | Whether to ask Let’s Encrypt to sign a certificate for this
virtual host
|
| services.firezone.server.domain.enable | Whether to enable the Firezone domain server.
|
| services.xserver.windowManager.dwm.enable | Whether to enable dwm.
|
| services.xserver.windowManager.twm.enable | Whether to enable twm.
|
| services.xserver.windowManager.mwm.enable | Whether to enable mwm.
|
| services.xserver.windowManager.lwm.enable | Whether to enable lwm.
|
| services.xserver.windowManager.jwm.enable | Whether to enable jwm.
|
| services.xserver.windowManager.cwm.enable | Whether to enable cwm.
|
| services.cloud-init.network.enable | Allow the cloud-init service to configure network interfaces
through systemd-networkd.
|
| hardware.facter.detected.graphics.enable | Whether to enable Enable the Graphics module.
|
| services.dkimproxy-out.enable | Whether to enable dkimproxy_out
|
| services.pihole-ftl.queryLogDeleter.enable | Whether to enable Pi-hole FTL DNS query log deleter.
|
| services.xserver.digimend.enable | Whether to enable the digimend drivers for Huion/XP-Pen/etc. tablets.
|
| services.frp.instances.<name>.enable | Whether to enable frp.
|
| services.matrix-hookshot.enable | Whether to enable matrix-hookshot, a bridge between Matrix and project management services.
|
| services.ddclient.enable | Whether to synchronise your machine's IP address with a dynamic DNS provider (e.g. dyndns.org).
|
| services.freefall.enable | Whether to protect HP/Dell laptop hard drives (not SSDs) in free fall.
|
| services.kapacitor.alerta.enable | Whether to enable kapacitor alerta integration.
|
| services.rustdesk-server.relay.enable | Whether to enable the RustDesk relay server.
|
| services.xandikos.nginx.enable | Configure the nginx reverse proxy settings.
|
| programs.wshowkeys.enable | Whether to enable wshowkeys (displays keypresses on screen on supported Wayland
compositors)
|
| security.agnos.generateKeys.enable | Enable automatic generation of account keys
|
| services.gnome.gnome-initial-setup.enable | Whether to enable GNOME Initial Setup, a Simple, easy, and safe way to prepare a new system.
|
| services.music-assistant.enable | Whether to enable Music Assistant.
|
| hardware.amdgpu.overdrive.enable | Whether to enable amdgpu overdrive mode for overclocking.
|
| services.speedify.enable | This option enables Speedify daemon
|
| services.influxdb2.enable | Whether to enable the influxdb2 server.
|
| services.slurm.enableStools | Whether to provide a slurm.conf file
|
| services.nitter.config.enableDebug | Whether to enable request logs and debug endpoints.
|
| services.pipewire.audio.enable | Whether to use PipeWire as the primary sound server
|
| services.nominatim.enable | Whether to enable nominatim
|
| systemd.user.services.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.xserver.enableTearFree | Whether to enable the TearFree option in the first Device section.
|
| services.zfs.autoSnapshot.enable | Enable the (OpenSolaris-compatible) ZFS auto-snapshotting service
|
| boot.enableContainers | Whether to enable support for NixOS containers.
|
| services.keepalived.snmp.enable | Whether to enable the builtin AgentX subagent.
|
| programs.goldwarden.enable | Whether to enable Goldwarden.
|
| services.filesender.enable | Whether to enable FileSender.
|
| programs.kubeswitch.enable | Whether to enable kubeswitch.
|
| services.govee2mqtt.enable | Whether to enable Govee2MQTT.
|
| services.expressvpn.enable | Enable the ExpressVPN daemon.
|
| services.ghostunnel.enable | Whether to enable ghostunnel.
|
| services.SystemdJournal2Gelf.enable | Whether to enable SystemdJournal2Gelf.
|
| services.keepalived.enable | Whether to enable Keepalived.
|
| networking.wireless.enable | Whether to enable wpa_supplicant.
|
| programs.ausweisapp.enable | Whether to enable AusweisApp.
|
| services.freeswitch.enable | Whether to enable FreeSWITCH.
|
| services.strongswan.enable | Whether to enable strongSwan.
|
| services.reposilite.enable | Whether to enable Reposilite.
|
| services.linkwarden.enable | Whether to enable Linkwarden.
|
| services.scanservjs.enable | Whether to enable scanservjs.
|
| services.metricbeat.enable | Whether to enable metricbeat.
|
| services.slimserver.enable | Whether to enable slimserver.
|
| services.litestream.enable | Whether to enable litestream.
|
| services.snapserver.enable | Whether to enable snapserver.
|
| services.pgbackrest.enable | Whether to enable pgBackRest.
|
| services.opensearch.enable | Whether to enable OpenSearch.
|
| services.vdirsyncer.enable | Whether to enable vdirsyncer.
|
| services.blackfire-agent.enable | Whether to enable Blackfire profiler agent.
|
| services.systemd-lock-handler.enable | Whether to enable systemd-lock-handler.
|
| services.mighttpd2.enable | Whether to enable Mighttpd2 web server.
|
| services.warpgate.settings.ssh.enable | Whether to enable SSH listener.
|
| services.shorewall.enable | Whether to enable Shorewall IPv4 Firewall.
Enabling this service WILL disable the existing NixOS
firewall! Default firewall rules provided by packages are not
considered at the moment.
|
| services.roundcube.enable | Whether to enable roundcube
|
| services.synergy.server.tls.enable | Whether TLS encryption should be used
|
| services.etebase-server.enable | Whether to enable the Etebase server
|
| services.kanidm.provision.enable | Whether to enable provisioning of groups, users and oauth2 resource servers.
|
| security.pam.services.<name>.howdy.enable | Whether to enable the Howdy PAM module
|
| services.snapserver.http.enable | Whether to enable the JSON-RPC via HTTP.
|
| image.repart.compression.enable | Whether to enable Image compression.
|
| programs.captive-browser.enable | Whether to enable captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings.
|
| services.peering-manager.enable | Enable Peering Manager
|
| services.echoip.enablePortLookup | Whether to enable port lookup.
|
| hardware.infiniband.enable | Whether to enable Infiniband support.
|
| services.librespeed.enable | Whether to enable LibreSpeed server.
|
| services.headphones.enable | Whether to enable the headphones server.
|
| services.irqbalance.enable | Whether to enable irqbalance daemon.
|
| services.freeradius.enable | Whether to enable the freeradius server.
|
| services.nullmailer.enable | Whether to enable nullmailer daemon.
|
| services.phylactery.enable | Whether to enable Phylactery server.
|
| services.postgresql.enable | Whether to enable PostgreSQL Server.
|
| services.routinator.enable | Whether to enable Routinator 3000.
|
| services.picosnitch.enable | Whether to enable picosnitch daemon.
|
| services.onlyoffice.enable | Whether to enable OnlyOffice DocumentServer.
|
| services.playerctld.enable | Whether to enable the playerctld daemon.
|
| services.wgautomesh.enable | Whether to enable the wgautomesh daemon.
|
| services.accounts-daemon.enable | Whether to enable AccountsService, a DBus service for accessing
the list of user accounts and information attached to those accounts.
|
| services.rustdesk-server.enable | Whether to enable RustDesk, a remote access and remote control software, allowing maintenance of computers and other devices.
|
| services.shairport-sync.enable | Enable the shairport-sync daemon
|
| services.bluemap.enableRender | Enable rendering
|
| programs.flashrom.enable | Installs flashrom and configures udev rules for programmers
used by flashrom
|
| services.xserver.windowManager.oxwm.enable | Whether to enable oxwm.
|
| services.xserver.windowManager.exwm.enable | Whether to enable exwm.
|
| services.xserver.windowManager.hypr.enable | Whether to enable hypr.
|
| services.xserver.windowManager.wmii.enable | Whether to enable wmii.
|
| services.jitsi-meet.prosody.enable | Whether to configure Prosody to relay XMPP messages between Jitsi Meet components
|
| services.nzbhydra2.enable | Whether to enable NZBHydra2, Usenet meta search.
|
| services.nginx.tailscaleAuth.enable | Whether to enable tailscale.nginx-auth, to authenticate nginx users via tailscale.
|
| services.gnome.gnome-remote-desktop.enable | Whether to enable Remote Desktop support using Pipewire.
|
| programs.bash.completion.enable | Whether to enable Bash completion for all interactive bash shells.
|
| services.komodo-periphery.ssl.enable | Whether to enable SSL/TLS support.
|
| services.suwayomi-server.enable | Whether to enable Suwayomi, a free and open source manga reader server that runs extensions built for Tachiyomi.
|
| services.centrifugo.enable | Whether to enable Centrifugo messaging server.
|
| hardware.trackpoint.enable | Enable sensitivity and speed configuration for trackpoints.
|
| services.jupyterhub.enable | Whether to enable Jupyterhub development server.
|
| services.beanstalkd.enable | Whether to enable the Beanstalk work queue.
|
| hardware.facetimehd.enable | Whether to enable the facetimehd kernel module.
|
| services.clickhouse.enable | Whether to enable ClickHouse database server.
|
| services.tiddlywiki.enable | Whether to enable TiddlyWiki nodejs server.
|
| services.pulseaudio.enable | Whether to enable the PulseAudio sound server.
|
| services.mattermost.enable | Whether to enable Mattermost chat server.
|
| services.photoprism.enable | Whether to enable Photoprism web server.
|
| services.opensnitch.enable | Whether to enable Opensnitch application firewall.
|
| services.prometheus.enable | Whether to enable Prometheus monitoring daemon.
|
| services.limesurvey.enable | Whether to enable Limesurvey web application.
|
| services.mozillavpn.enable | Whether to enable Mozilla VPN daemon.
|
| services.nebula.networks.<name>.enable | Enable or disable this network.
|
| programs.nix-required-mounts.enable | Whether to enable Expose extra paths to the sandbox depending on derivations' requiredSystemFeatures.
|
| programs.dmrconfig.enable | Whether to configure system to enable use of dmrconfig
|
| services.openafsServer.roles.backup.enable | Whether to enable the backup server role
|
| services.hylafax.faxcron.enable.spoolInit | Whether to enable purging old files from the spooling area with
faxcron
each time the spooling area is initialized
.
|
| services.hercules-ci-agent.enable | Enable to run Hercules CI Agent as a system service.
Hercules CI is a
continuous integation service that is centered around Nix
|
| services.tailscale.derper.enable | Whether to enable Tailscale Derper
|
| services.anubis.defaultOptions.enable | Whether to enable this instance of Anubis.
|
| services.desktopManager.budgie.enable | Whether to enable the Budgie desktop.
|
| security.pam.enableEcryptfs | Whether to enable eCryptfs PAM module (mounting ecryptfs home directory on login).
|
| services.workout-tracker.enable | Whether to enable workout tracking web application for personal use (or family, friends), geared towards running and other GPX-based activities.
|
| programs.streamdeck-ui.enable | Whether to enable streamdeck-ui.
|
| services.shibboleth-sp.enable | Whether to enable the shibboleth service
|
| services.jellyseerr.enable | Whether to enable Jellyseerr, a requests manager for Jellyfin.
|
| services.fractalart.enable | Enable FractalArt for generating colorful wallpapers on login
|
| services.hockeypuck.enable | Whether to enable Hockeypuck OpenPGP Key Server.
|
| services.autotierfs.enable | Whether to enable the autotier passthrough tiering filesystem.
|
| services.gotosocial.enable | Whether to enable ActivityPub social network server.
|
| services.teamviewer.enable | Whether to enable TeamViewer daemon & system package.
|
| services.xe-guest-utilities.enable | Whether to enable the XenServer guest utilities daemon.
|
| services.snowflake-proxy.enable | Whether to enable snowflake-proxy, a system to defeat internet censorship.
|
| security.apparmor.enable | Whether to enable the AppArmor Mandatory Access Control system
|
| services.desktopManager.cosmic.enable | Whether to enable COSMIC desktop environment.
|
| programs.hyprland.xwayland.enable | Whether to enable XWayland.
|
| hardware.nvidia.dynamicBoost.enable | Whether to enable dynamic Boost balances power between the CPU and the GPU for improved
performance on supported laptops using the nvidia-powerd daemon
|
| hardware.cpu.intel.sgx.enableDcapCompat | Whether to enable backward compatibility for SGX software build for the
out-of-tree Intel SGX DCAP driver
|
| programs.dms-shell.enableVPN | Whether to install dependencies required for VPN widgets
|
| services.karakeep.browser.enable | Enable the karakeep-browser service that runs a chromium instance in
the background with debugging ports exposed
|
| services.eternal-terminal.enable | Whether to enable Eternal Terminal server.
|
| services.wg-netmanager.enable | Whether to enable Wireguard network manager.
|
| programs.tuxclocker.enable | Whether to enable TuxClocker, a hardware control and monitoring program
.
|
| services.buffyboard.enable | Whether to enable buffyboard framebuffer keyboard (on-screen keyboard).
|
| hardware.fancontrol.enable | Whether to enable software fan control (requires fancontrol.config).
|
| services.parsedmarc.enable | Whether to enable parsedmarc, a DMARC report monitoring service
.
|
| services.malcontent.enable | Whether to enable Malcontent, parental control support for applications.
|
| systemd.shutdownRamfs.storePaths.*.enable | Whether to enable copying of this file and symlinking it.
|
| programs.wayland.miracle-wm.enable | Whether to enable miracle-wm, a tiling Mir based Wayland compositor
|
| security.acme.certs.<name>.enableDebugLogs | Whether to enable debug logging for this certificate.
|
| services.lavalink.enableHttp2 | Whether to enable HTTP/2 support.
|
| programs.bash.undistractMe.enable | Whether to enable notifications when long-running terminal commands complete.
|
| services.druid.historical.enable | Whether to enable Druid Historical.
|
| services.kubernetes.proxy.enable | Whether to enable Kubernetes proxy.
|
| services.tsidp.settings.enableSts | Enable OAuth token exchange using RFC 8693.
|
| services.athens.storage.minio.enableSSL | Enable SSL for the minio storage backend.
|
| programs.gnupg.agent.enableExtraSocket | Enable extra socket for GnuPG agent.
|
| programs.projecteur.enable | Whether to enable projecteur, an application for the Logitech Spotlight device (and similar).
|
| services.geth.<name>.websocket.enable | Whether to enable Go Ethereum WebSocket API.
|
| services.rebuilderd.enable | Whether to enable rebuilderd service for independent verification of binary packages.
|
| services.wyoming.piper.servers.<name>.enable | Whether to enable Wyoming Piper server.
|
| programs.river-classic.xwayland.enable | Whether to enable XWayland.
|
| services.grafana.provision.enable | Whether to enable provision.
|
| services.xserver.xautolock.enable | Whether to enable xautolock.
|
| services.rustdesk-server.signal.enable | Whether to enable the RustDesk signal server.
|
| programs.mouse-actions.enable | Whether to install and set up mouse-actions and it's udev rules
|
| programs.zsh.enableGlobalCompInit | Enable execution of compinit call for all interactive zsh shells
|
| i18n.inputMethod.enabled | Deprecated - use type and enable = true instead
|
| security.googleOsLogin.enable | Whether to enable Google OS Login
|
| services.rutorrent.nginx.enable | Whether to enable nginx virtual host management
|
| services.nscd.enableNsncd | Whether to use nsncd instead of nscd from glibc
|
| services.thanos.query-frontend.enable | Whether to enable the Thanos query frontend implements a service deployed in front of queriers to
improve query parallelization and caching..
|
| networking.wireguard.enable | Whether to enable WireGuard.
By default, this module is powered by a script-based backend
|
| services.epgstation.enable | Whether to enable EPGStation: DVR system for Mirakurun-managed TV tuners.
|
| programs.television.enable | Whether to enable Blazingly fast general purpose fuzzy finder TUI.
|
| services.crossmacro.enable | Whether to enable CrossMacro, a cross-platform mouse and keyboard macro application.
|
| services.lifecycled.enable | Whether to enable lifecycled, a daemon for responding to AWS AutoScaling Lifecycle Hooks.
|
| services.microsocks.enable | Whether to enable Tiny, portable SOCKS5 server with very moderate resource usage.
|
| boot.loader.limine.enableEditor | Whether to allow editing the boot entries before booting them
|
| services.desktopManager.lomiri.enable | Whether to enable the Lomiri graphical shell (formerly known as Unity8)
.
|
| services.netbird.tunnels.<name>.login.enable | Whether to enable automated login for NetBird client.
|
| services.netbird.clients.<name>.login.enable | Whether to enable automated login for NetBird client.
|
| hardware.facter.detected.camera.ipu6.enable | Whether to enable webcams using ipu6 from Intel.
|
| hardware.logitech.wireless.enable | Whether to enable support for Logitech Wireless Devices.
|
| services.lighttpd.collectd.enable | Whether to enable collectd subservice accessible at http://yourserver/collectd.
|
| services.samba.usershares.enable | Whether to enable user-configurable Samba shares.
|
| services.xserver.windowManager.i3.enable | Whether to enable i3 window manager.
|
| services.wyoming.satellite.enable | Whether to enable Wyoming Satellite.
|
| services.xserver.windowManager.e16.enable | Whether to enable e16.
|
| services.xserver.windowManager.icewm.enable | Whether to enable icewm.
|
| services.xserver.windowManager.bspwm.enable | Whether to enable bspwm.
|
| services.xserver.windowManager.qtile.enable | Whether to enable qtile.
|
| services.xserver.windowManager.berry.enable | Whether to enable berry.
|
| services.xserver.windowManager.pekwm.enable | Whether to enable pekwm.
|
| services.collabora-online.enable | Whether to enable collabora-online.
|
| services.robustirc-bridge.enable | Whether to enable RobustIRC bridge.
|
| services.tee-supplicant.enable | Whether to enable OP-TEE userspace supplicant.
|
| services.toxBootstrapd.enable | Whether to enable the Tox DHT bootstrap daemon.
|
| services.jack.loopback.enable | Create ALSA loopback device, instead of using PCM plugin
|
| hardware.sane.dsseries.enable | When enabled, will automatically register the "dsseries" SANE backend
|
| systemd.services.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.go-autoconfig.enable | Whether to enable IMAP/SMTP autodiscover feature for mail clients.
|
| services.mautrix-whatsapp.enable | Whether to enable mautrix-whatsapp, a Matrix-WhatsApp puppeting bridge.
|
| programs.noisetorch.enable | Whether to enable noisetorch (+ setcap wrapper), a virtual microphone device with noise suppression.
|
| services.szurubooru.enable | Whether to enable Szurubooru, an image board engine dedicated for small and medium communities.
|
| services.deepin.deepin-anything.enable | Whether to enable deepin anything file search tool.
|
| services.sourcehut.postfix.enable | Whether to enable local postfix integration.
|
| services.ringboard.wayland.enable | Whether to enable Wayland support for Ringboard.
|
| hardware.tuxedo-drivers.enable | Whether to enable The tuxedo-drivers driver enables access to the following on TUXEDO notebooks:
- Driver for Fn-keys
- SysFS control of brightness/color/mode for most TUXEDO keyboards
- Hardware I/O driver for TUXEDO Control Center
For more inforation it is best to check at the source code description: https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers
.
|
| hardware.nvidia.prime.reverseSync.enable | Whether to enable NVIDIA Optimus support using the NVIDIA proprietary driver via reverse
PRIME
|
| boot.initrd.systemd.network.wait-online.enable | Whether to enable the systemd-networkd-wait-online service.
systemd-networkd-wait-online can timeout and fail if there are no network interfaces
available for it to manage
|
| security.enableWrappers | Whether to enable SUID/SGID wrappers.
|
| services.cpupower-gui.enable | Enables dbus/systemd service needed by cpupower-gui
|
| programs.gphoto2.enable | Whether to configure system to use gphoto2
|
| services.fusionInventory.enable | Whether to enable Fusion Inventory Agent.
|
| services.invidious-router.enable | Whether to enable the invidious-router service.
|
| programs.extra-container.enable | Whether to enable extra-container, a tool for running declarative NixOS containers
without host system rebuilds
.
|
| hardware.gpgSmartcards.enable | Whether to enable udev rules for gnupg smart cards.
|
| services.ytdl-sub.instances.<name>.enable | Whether to enable ytdl-sub instance.
|
| services.dnscrypt-proxy2.enable | Whether to enable dnscrypt-proxy2.
|
| services.fedimintd.<name>.enable | Whether to enable fedimintd.
|
| services.kubernetes.addons.dns.enable | Whether to enable kubernetes dns addon.
|
| services.xserver.desktopManager.cde.enable | Whether to enable Common Desktop Environment.
|
| hardware.bluetooth.hsphfpd.enable | Whether to enable support for hsphfpd[-prototype] implementation.
|
| services.calibre-server.auth.enable | Password based authentication to access the server
|
| services.postfix.enableSmtp | Whether to enable the smtp service configured in the master.cf
|
| services.uvcvideo.dynctrl.enable | Whether to enable uvcvideo dynamic controls
|
| services.davis.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.slskd.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.movim.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.spice-autorandr.enable | Whether to enable spice-autorandr service that will automatically resize display to match SPICE client window size.
|
| services.xserver.displayManager.gdm.enable | Whether to enable GDM, the GNOME Display Manager.
|
| security.pam.enableFscrypt | Whether to enable fscrypt, to automatically unlock directories with the user's login password
|
| services.guacamole-client.enable | Whether to enable Apache Guacamole Client (Tomcat).
|
| hardware.system76.power-daemon.enable | Whether to enable the system76 power daemon
|
| services.guacamole-server.enable | Whether to enable Apache Guacamole Server (guacd).
|
| services.yggdrasil-jumper.enable | Whether to enable the Yggdrasil Jumper system service.
|
| services.warpgate.settings.mysql.enable | Whether to enable MySQL listener.
|
| programs.system-config-printer.enable | Whether to enable system-config-printer, a Graphical user interface for CUPS administration.
|
| services.mautrix-telegram.enable | Whether to enable Mautrix-Telegram, a Matrix-Telegram hybrid puppeting/relaybot bridge.
|
| services.paperless.enable | Whether to enable Paperless-ngx
|
| hardware.parallels.enable | This enables Parallels Tools for Linux guests.
|
| services.timesyncd.enable | Enables the systemd NTP client daemon.
|
| services.xserver.synaptics.enable | Whether to enable touchpad support
|
| services.trilium-server.nginx.enable | Configure the nginx reverse proxy settings.
|
| services.wyoming.satellite.vad.enable | Whether to enable voice activity detection
|
| hardware.facter.detected.bluetooth.enable | Whether to enable Enable the Facter bluetooth module.
|
| services.rspamd.locals.<name>.enable | Whether this file locals should be generated
|
| services.xserver.windowManager.mlvwm.enable | Whether to enable Macintosh-like Virtual Window Manager.
|
| services.openafsServer.enable | Whether to enable the OpenAFS server
|
| services.suricata.settings.stats.enable | Whether to enable suricata global stats.
|
| services.deye-dummycloud.enable | Whether to enable the deye-dummycloud service.
|
| services.privatebin.enable | Whether to enable Privatebin: A minimalist, open source online
pastebin where the server has zero knowledge of pasted data..
|
| services.unclutter-xfixes.enable | Enable unclutter-xfixes to hide your mouse cursor when inactive.
|
| services.pdfding.backup.enable | Automatic backup of important data to a AWS S3 (or compatible) instance
|
| services.system-config-printer.enable | Whether to enable system-config-printer, a service for CUPS administration used by printing interfaces.
|
| services.dashy.virtualHost.enableNginx | Whether to enable a virtualhost to serve dashy through nginx.
|
| services.blocky.enableConfigCheck | Whether to enable checking the config during build time.
|
| services.jenkinsSlave.enable | If true the system will be configured to work as a jenkins slave
|
| services.yubikey-agent.enable | Whether to start yubikey-agent when you log in
|
| services.xserver.desktopManager.mate.enable | Enable the MATE desktop environment
|
| services.xserver.desktopManager.xfce.enable | Enable the Xfce desktop environment.
|
| services.xserver.desktopManager.kodi.enable | Enable the kodi multimedia center.
|
| fonts.fontconfig.enable | If enabled, a Fontconfig configuration file will be built
pointing to a set of default fonts
|
| hardware.kryoflux.enable | Enables kryoflux udev rules, ensures 'floppy' group exists
|
| services.gnome.tinysparql.enable | Whether to enable TinySPARQL services, a search engine,
search tool and metadata storage system.
|
| services.hardware.argonone.enable | Whether to enable the driver for Argon One Raspberry Pi case fan and power button.
|
| services.hardware.pommed.enable | Whether to use the pommed tool to handle Apple laptop
keyboard hotkeys.
|
| services.chrony.makestep.enable | Allow chronyd to step the system clock if the error is larger than
the specified threshold.
|
| networking.firewall.enable | Whether to enable the firewall
|
| services.ddccontrol.enable | Whether to enable ddccontrol for controlling displays
|
| hardware.libjaylink.enable | Whether to enable udev rules for devices supported by libjaylink
|
| services.taskserver.enable | Whether to enable the Taskwarrior 2 server
|
| services.lubelogger.enable | Whether to enable LubeLogger, a self-hosted, open-source, web-based vehicle maintenance and fuel milage tracker.
|
| services.gnome.gnome-settings-daemon.enable | Whether to enable GNOME Settings Daemon.
|
| services.cloudflare-ddns.enable | Whether to enable Cloudflare Dynamic DNS service.
|
| services.vsmartcard-vpcd.enable | Whether to enable Virtual smart card driver..
|
| programs.systemtap.enable | Install systemtap along with necessary kernel options.
|
| services.uptime.enableWebService | Whether to enable the uptime monitoring program web service.
|
| programs.atop.atopacctService.enable | Whether to enable the atopacct service which manages process accounting
|
| services.snipe-it.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.displayManager.sddm.wayland.enable | Whether to enable experimental Wayland support.
|
| services.xserver.displayManager.xpra.enable | Whether to enable xpra as display manager.
|
| services.xserver.desktopManager.lxqt.enable | Whether to enable the LXQt desktop manager.
|
| services.plausible.mail.smtp.enableSSL | Whether to enable SSL when connecting to the SMTP server.
|
| services.terraria.enable | If enabled, starts a Terraria server
|
| services.gnome.core-developer-tools.enable | Whether to enable GNOME core developer tools.
|
| services.invidious-router.nginx.enable | Whether to enable Automatic nginx proxy configuration
.
|
| services.dependency-track.oidc.enable | Whether to enable oidc support.
|
| services.cloudflare-warp.enable | Whether to enable Cloudflare Zero Trust client daemon.
|
| services.netbird.server.enableNginx | Whether to enable Nginx reverse-proxy for the netbird server services.
|
| services.caddy.enableReload | Reload Caddy instead of restarting it when configuration file changes
|
| programs.bandwhich.enable | Whether to add bandwhich to the global environment and configure a
setcap wrapper for it.
|
| services.displayManager.lemurs.enable | Whether to enable lemurs, a customizable TUI display/login manager.
For Wayland compositors, your user must be in the "seat" group.
|
| services.lighthouse.beacon.http.enable | Whether to enable Beacon node http api.
|
| fonts.fontconfig.hinting.enable | Enable font hinting
|
| services.clamav.fangfrisch.enable | Whether to enable ClamAV fangfrisch updater.
|
| services.libvirtd.autoSnapshot.enable | Whether to enable LibVirt VM snapshots.
|
| programs.xonsh.bashCompletion.enable | Whether to enable bash completions for xonsh.
|
| services.gnome.glib-networking.enable | Whether to enable network extensions for GLib.
|
| boot.initrd.nix-store-veritysetup.enable | Whether to enable nix-store-veritysetup.
|
| services.lighthouse.beacon.enable | Whether to enable Lightouse Beacon node.
|
| services.mattermost.socket.enable | Whether to enable Mattermost control socket.
|
| networking.jool.enable | Whether to enable Jool, an Open Source implementation of IPv4/IPv6
translation on Linux
|
| services.wstunnel.clients.<name>.enable | Whether to enable this wstunnel instance.
|
| services.wstunnel.servers.<name>.enable | Whether to enable this wstunnel instance.
|
| services.komodo-periphery.enable | Whether to enable Periphery, a multi-server Docker and Git deployment agent by Komodo.
|
| services.xserver.windowManager.yeahwm.enable | Whether to enable yeahwm.
|
| services.xserver.windowManager.nimdow.enable | Whether to enable nimdow.
|
| services.xserver.windowManager.tinywm.enable | Whether to enable tinywm.
|
| services.xserver.windowManager.notion.enable | Whether to enable notion.
|
| services.xserver.windowManager.leftwm.enable | Whether to enable leftwm.
|
| services.xserver.windowManager.xmonad.enable | Whether to enable xmonad.
|
| services.xserver.windowManager.clfswm.enable | Whether to enable clfswm.
|
| services.xserver.windowManager.evilwm.enable | Whether to enable evilwm.
|
| services.firezone.gateway.enable | Whether to enable the firezone gateway
|
| services.jitsi-meet.excalidraw.enable | Whether to enable Excalidraw collaboration backend for Jitsi.
|
| hardware.amdgpu.amdvlk.support32Bit.enable | Whether to enable 32-bit driver support.
|
| services.displayManager.generic.enable | Whether to enable generic display manager integration - deprecated.
|
| services.rspamd.workers.<name>.enable | Whether to run the rspamd worker.
|
| services.dependency-track.enable | Whether to enable dependency-track.
|
| hardware.amdgpu.legacySupport.enable | Whether to enable using amdgpu kernel driver instead of radeon for Southern Islands
(Radeon HD 7000) series and Sea Islands (Radeon HD 8000)
series cards
|
| systemd.sysupdate.enable | Atomically update the host OS, container images, portable service
images or other sources
|
| services.xserver.desktopManager.phosh.enable | Enable the Phone Shell.
|
| services.k3s.autoDeployCharts.<name>.enable | Whether to enable the installation of this Helm chart
|
| services.jenkins.jobBuilder.enable | Whether to enable the Jenkins Job Builder (JJB) service
|
| services.mobilizon.nginx.enable | Whether an Nginx virtual host should be
set up to serve Mobilizon.
|
| services.xserver.enableTCP | Whether to allow the X server to accept TCP connections.
|
| services.prometheus.sachet.enable | Whether to enable Sachet, an SMS alerting tool for the Prometheus Alertmanager.
|
| services.displayManager.dms-greeter.enable | Whether to enable DankMaterialShell greeter.
|
| security.acme.defaults.enableDebugLogs | Whether to enable debug logging for this certificate.
|
| hardware.system76.enableAll | Whether to enable all recommended configuration for system76 systems.
|
| boot.loader.grub.enableCryptodisk | Enable support for encrypted partitions
|
| services.aria2.settings.enable-rpc | Enable JSON-RPC/XML-RPC server.
|
| services.disnix.enableProfilePath | Whether to enable exposing the Disnix profiles in the system's PATH.
|
| services.xserver.desktopManager.gnome.enable | Enable GNOME desktop manager.
|
| services.earlyoom.enableDebugInfo | Enable debugging messages.
|
| hardware.nvidia.datacenter.enable | Whether to enable Data Center drivers for NVIDIA cards on a NVLink topology
.
|
| services.moodle.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.nagios.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.packagekit.enable | Whether to enable PackageKit, a cross-platform D-Bus abstraction layer for
installing software
|
| services.hostapd.radios.<name>.wifi7.enable | Enables support for IEEE 802.11be (WiFi 7, EHT)
|
| services.xserver.desktopManager.xterm.enable | Enable a xterm terminal as a desktop manager.
|
| services.tandoor-recipes.enable | Enable Tandoor Recipes
|
| services.dovecot2.enableDHE | Whether to enable ssl_dh and generation of primes for the key exchange.
|
| services.firefly-iii-data-importer.enable | Whether to enable Firefly III Data Importer.
|
| services.anubis.instances.<name>.enable | Whether to enable this instance of Anubis.
|
| powerManagement.powertop.enable | Whether to enable powertop auto tuning on startup.
|
| services.nagios.enableWebInterface | Whether to enable the Nagios web interface
|
| services.minetest-server.enable | If enabled, starts a Minetest Server.
|
| services.thanos.downsample.enable | Whether to enable the Thanos downsampler which continuously downsamples blocks in an object store bucket.
|
| services.xserver.windowManager.fvwm3.enable | Whether to enable Fvwm3 window manager.
|
| services.xserver.windowManager.fvwm2.enable | Whether to enable Fvwm2 window manager.
|
| services.icecream.scheduler.enable | Whether to enable Icecream Scheduler.
|
| services.akkoma.initDb.enable | Whether to automatically initialise the database on startup
|
| hardware.sheep_net.enable | Enables sheep_net udev rules, ensures 'sheep_net' group exists, and adds
sheep-net to boot.kernelModules and boot.extraModulePackages
|
| services.goatcounter.enable | Whether to enable goatcounter.
|
| services.filebrowser.enable | Whether to enable FileBrowser.
|
| services.journalbeat.enable | Whether to enable journalbeat.
|
| services.dragonflydb.enable | Whether to enable DragonflyDB.
|
| services.immichframe.enable | Whether to enable ImmichFrame.
|
| services.birdwatcher.enable | Whether to enable Birdwatcher.
|
| services.spacecookie.enable | Whether to enable spacecookie.
|
| services.sillytavern.enable | Whether to enable sillytavern.
|
| services.opentracker.enable | Whether to enable opentracker.
|
| services.zerotierone.enable | Whether to enable ZeroTierOne.
|
| services.vaultwarden.enable | Whether to enable vaultwarden.
|
| services.beszel.agent.smartmon.enable | Include services.beszel.agent.smartmon.package in the Beszel agent path for disk monitoring and add the agent to the disk group.
|
| services.grafana-image-renderer.enable | Whether to enable grafana-image-renderer.
|
| programs.yubikey-touch-detector.enable | Whether to enable yubikey-touch-detector.
|
| programs.partition-manager.enable | Whether to enable KDE Partition Manager.
|
| services.firefly-iii.enableNginx | Whether to enable nginx or not
|
| services.gnome.gnome-online-accounts.enable | Whether to enable GNOME Online Accounts daemon, a service that provides
a single sign-on framework for the GNOME desktop.
|
| fonts.enableDefaultPackages | Enable a basic set of fonts providing several styles
and families and reasonable coverage of Unicode.
|
| services.icingaweb2.enable | Whether to enable the icingaweb2 web interface.
|
| programs._1password.enable | Whether to enable the 1Password CLI tool.
|
| services.hardware.dell-bios-fan-control.enable | Whether to enable One-shot service to disable dell bios fan control on startup.
|
| services.geoclue2.enableWifi | Whether to enable WiFi source.
|
| services.geoclue2.enableCDMA | Whether to enable CDMA source.
|
| services.scrutiny.collector.enable | Whether to enable the Scrutiny metrics collector.
|
| services.scion.scion-dispatcher.enable | Whether to enable the scion-dispatcher service.
|
| programs.ryzen-monitor-ng.enable | Whether to enable ryzen_monitor_ng, a userspace application for setting and getting Ryzen SMU (System Management Unit) parameters via the ryzen_smu kernel driver
|
| programs.atop.setuidWrapper.enable | Whether to install a setuid wrapper for Atop
|
| services.privoxy.enableTor | Whether to configure Privoxy to use Tor's faster SOCKS port,
suitable for HTTP.
|
| services.cockroachdb.enable | Whether to enable CockroachDB Server.
|
| programs.proxychains.enable | Whether to enable proxychains configuration.
|
| services.autosuspend.enable | Whether to enable the autosuspend daemon.
|
| services.tigerbeetle.enable | Whether to enable TigerBeetle server.
|
| services.meshtasticd.enable | Whether to enable Meshtastic daemon.
|
| services.zigbee2mqtt.enable | Whether to enable zigbee2mqtt service.
|
| services.vdirsyncer.jobs.<name>.enable | Whether to enable this vdirsyncer job.
|
| services.pid-fan-controller.enable | Whether to enable the PID fan controller, which controls the configured fans by running a closed-loop PID control loop.
|
| services.immich.machine-learning.enable | Whether to enable immich's machine-learning functionality to detect faces and search for objects.
|
| services.gitolite.enableGitAnnex | Enable git-annex support
|
| documentation.man.man-db.enable | Whether to enable man-db as the default man page viewer.
|
| services.moonraker.analysis.enable | Whether to enable Runtime analysis with klipper-estimator.
|
| services.paperless.exporter.enable | Whether to enable regular automatic document exports.
|
| programs.steam.gamescopeSession.enable | Whether to enable GameScope Session.
|
| services.netbird.server.dashboard.enable | Whether to enable the static netbird dashboard frontend.
|
| services.netbird.tunnels.<name>.ui.enable | Controls presence of netbird-ui wrapper for this NetBird client.
|
| services.netbird.clients.<name>.ui.enable | Controls presence of netbird-ui wrapper for this NetBird client.
|
| services.fluidd.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.gancio.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.akkoma.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.monica.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.matomo.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.dovecot2.enablePop3 | Whether to enable starting the POP3 listener (when Dovecot is enabled).
|
| services.riemann-tools.enableHealth | Enable the riemann-health daemon.
|
| services.power-profiles-daemon.enable | Whether to enable power-profiles-daemon, a DBus daemon that allows
changing system behavior based upon user-selected power profiles.
|
| hardware.tenstorrent.enable | Whether to enable Tenstorrent driver & utilities.
|
| programs.thunderbird.enable | Whether to enable Thunderbird mail client.
|
| services.qbittorrent.enable | Whether to enable qbittorrent, BitTorrent client.
|
| services.mail.sendmailSetuidWrapper.enable | Whether to enable the wrapper.
|
| services.zfs.autoReplication.enable | Whether to enable ZFS snapshot replication.
|
| programs.kdeconnect.enable | Whether to enable kdeconnect
|
| services.invidious.sig-helper.enable | Whether to enable and configure inv-sig-helper to emulate the youtube client's javascript
|
| networking.iproute2.enable | Whether to enable copying IP route configuration files.
|
| services.cloudlog.upload-qrz.enable | Whether to periodically upload logs to QRZ
|
| hardware.alsa.enableBluetooth | Whether to enable Bluetooth audio support via BlueALSA.
|
| environment.stub-ld.enable | Install a stub ELF loader to print an informative error message
in the event that a user attempts to run an ELF binary not
compiled for NixOS.
|
| services.dovecot2.enablePAM | Whether to enable creating a own Dovecot PAM service and configure PAM user logins.
|
| programs.browserpass.enable | Whether to enable Browserpass native messaging host.
|
| hardware.inputmodule.enable | Whether to enable Support for Framework input modules.
|
| environment.wordlist.enable | Whether to enable environment variables for lists of words.
|
| services.meilisearch.enable | Whether to enable Meilisearch - a RESTful search API.
|
| services.squeezelite.enable | Whether to enable Squeezelite, a software Squeezebox emulator.
|
| services.meshcentral.enable | Whether to enable MeshCentral computer management server.
|
| systemd.network.netdevs.<name>.enable | Whether to manage network configuration using systemd-network
|
| services.bluesky-pds.pdsadmin.enable | Add pdsadmin script to PATH
|
| services.persistent-evdev.enable | Whether to enable virtual input devices that persist even if the backing device is hotplugged.
|
| services.moosefs.cgiserver.enable | Whether to enable MooseFS GUI server (mfsgui) for web interface
|
| services.druid.coordinator.enable | Whether to enable Druid Coordinator.
|
| services.below.compression.enable | Whether to enable data compression.
|
| services.kubernetes.kubelet.enable | Whether to enable Kubernetes kubelet.
|
| services.kubernetes.flannel.enable | Whether to enable flannel networking.
|
| programs.neovim.runtime.<name>.enable | Whether this runtime directory should be generated
|
| services.cloudlog.update-dok.enable | Whether to periodically update the DOK resource file
|
| services.cgit.<name>.gitHttpBackend.enable | Whether to bypass cgit and use git-http-backend for HTTP clones
|
| programs.gamemode.enableRenice | Whether to enable CAP_SYS_NICE on gamemoded to support lowering process niceness.
|
| programs.gnupg.agent.enableSSHSupport | Enable SSH agent support in GnuPG agent
|
| services.varnish.enableConfigCheck | Whether to enable checking the config during build time.
|
| services.discourse.nginx.enable | Whether an nginx virtual host should be
set up to serve Discourse
|
| services.xserver.windowManager."2bwm".enable | Whether to enable 2bwm.
|
| hardware.alsa.enableOSSEmulation | Whether to enable the OSS emulation.
|
| services.github-runners.<name>.enable | Whether to enable GitHub Actions runner
|
| services.cachefilesd.enable | Whether to enable cachefilesd network filesystems caching daemon.
|
| services.rmfakecloud.enable | Whether to enable rmfakecloud remarkable self-hosted cloud.
|
| services.writefreely.enable | Whether to enable Writefreely, build a digital writing community.
|
| services.prometheus.xmpp-alerts.enable | Whether to enable XMPP Web hook service for Alertmanager.
|
| services.saunafs.metalogger.enable | Whether to enable Saunafs metalogger daemon.
|
| services.mailman.hyperkitty.enable | Whether to enable the Hyperkitty archiver for Mailman.
|
| services.hadoop.gatewayRole.enableHbaseCli | Whether to enable HBase CLI tools.
|
| services.xserver.windowManager.smallwm.enable | Whether to enable smallwm.
|
| services.xserver.windowManager.openbox.enable | Whether to enable openbox.
|
| services.xserver.windowManager.sawfish.enable | Whether to enable sawfish.
|
| services.xserver.windowManager.fluxbox.enable | Whether to enable fluxbox.
|
| services.xserver.windowManager.stumpwm.enable | Whether to enable stumpwm.
|
| services.dovecot2.enableImap | Whether to enable starting the IMAP listener (when Dovecot is enabled).
|
| services.dovecot2.enableLmtp | Whether to enable starting the LMTP listener (when Dovecot is enabled).
|
| services.nextjs-ollama-llm-ui.enable | Whether to enable Simple Ollama web UI service; an easy to use web frontend for a Ollama backend service
|
| hardware.usb-modeswitch.enable | Enable this option to support certain USB WLAN and WWAN adapters
|
| programs.fish.vendor.functions.enable | Whether fish should autoload fish functions provided by other packages.
|
| programs._1password-gui.enable | Whether to enable the 1Password GUI application.
|
| services.gnome.evolution-data-server.enable | Whether to enable Evolution Data Server, a collection of services for storing addressbooks and calendars.
|
| services.xserver.desktopManager.budgie.enable | Whether to enable the Budgie desktop.
|
| services.xserver.desktopManager.lumina.enable | Enable the Lumina desktop manager
|
| services.openvscode-server.enable | Whether to enable openvscode-server.
|
| services.postgresqlBackup.enable | Whether to enable PostgreSQL dumps.
|
| services.protonmail-bridge.enable | Whether to enable protonmail bridge.
|
| services.desktopManager.pantheon.enable | Enable the pantheon desktop manager
|
| services.writefreely.nginx.enable | Whether or not to enable and configure nginx as a proxy for WriteFreely.
|
| services.vsftpd.enableVirtualUsers | Whether to enable the pam_userdb-based
virtual user system
|
| hardware.flipperzero.enable | Whether to enable udev rules and software for Flipper Zero devices.
|
| services.certspotter.enable | Whether to enable Cert Spotter, a Certificate Transparency log monitor.
|
| services.geoipupdate.enable | Whether to enable periodic downloading of GeoIP databases using geoipupdate
.
|
| programs.idescriptor.enable | Whether to enable iDescriptor, a cross-platform iDevice management tool.
|
| services.botamusique.enable | Whether to enable botamusique, a bot to play audio streams on mumble.
|
| services.systembus-notify.enable | Whether to enable System bus notification support
WARNING: enabling this option (while convenient) should not be done on a
machine where you do not trust the other users as it allows any other
local user to DoS your session by spamming notifications
.
|
| services.xserver.desktopManager.deepin.enable | Whether to enable Deepin desktop manager.
|
| services.xserver.windowManager.awesome.enable | Whether to enable Awesome window manager.
|
| services.graphite.carbon.enableCache | Whether to enable carbon cache, the graphite storage daemon.
|
| services.clamav.clamonacc.enable | Whether to enable ClamAV on-access scanner
|
| services.vault-agent.instances.<name>.enable | Whether to enable this vault-agent instance.
|
| programs.git-worktree-switcher.enable | Whether to enable git-worktree-switcher, switch between git worktrees with speed..
|
| services.cloudflared.enable | Whether to enable Cloudflare Tunnel client daemon (formerly Argo Tunnel).
|
| services.mollysocket.enable | Whether to enable MollySocket for getting Signal
notifications via UnifiedPush
.
|
| programs.gnupg.agent.enableBrowserSocket | Enable browser socket for GnuPG agent.
|
| services.teeworlds.game.enableVoteKick | Whether to enable voting to kick players.
|
| services.k3s.manifests.<name>.enable | Whether this manifest file should be generated.
|
| services.soju.enableMessageLogging | Whether to enable message logging.
|
| services.graphite.carbon.enableRelay | Whether to enable carbon relay, the carbon replication and sharding service.
|
| services.cloudlog.update-sota.enable | Whether to periodically update the SOTA database
|
| services.cloudlog.update-wwff.enable | Whether to periodically update the WWFF database
|
| services.cloudflare-dyndns.enable | Whether to enable Cloudflare Dynamic DNS Client.
|
| services.hylafax.faxqclean.enable.spoolInit | Whether to enable purging old files from the spooling area with
faxqclean
each time the spooling area is initialized
.
|
| services.engelsystem.enable | Whether to enable engelsystem, an online tool for coordinating volunteers and shifts on large events.
|
| services.offlineimap.enable | Whether to enable OfflineIMAP, a software to dispose your mailbox(es) as a local Maildir(s).
|
| services.firezone.server.enableLocalDB | Whether to enable a local postgresql database for Firezone.
|
| services.netbird.server.signal.enableNginx | Whether to enable Nginx reverse-proxy for the netbird signal service.
|
| services.zoneminder.enable | Whether to enable ZoneMinder
|
| services.scollector.enable | Whether to run scollector.
|
| services.teleport.insecure.enable | Whether to enable starting teleport in insecure mode
|
| services.zabbixWeb.httpd.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.awstats.configs.<name>.webService.enable | Whether to enable awstats web service.
|
| hardware.enableAllFirmware | Whether to enable all firmware, including unfree packages that must be explictly allowed
|
| services.firezone.headless-client.enable | Whether to enable the firezone headless client.
|
| services.cloudlog.upload-lotw.enable | Whether to periodically upload logs to LoTW
|
| services.hbase-standalone.enable | Whether to enable HBase master in standalone mode with embedded regionserver and zookeper
|
| programs.dublin-traceroute.enable | Whether to enable dublin-traceroute (including setcap wrapper).
|
| services.v4l2-relayd.instances.<name>.enable | Whether to enable this v4l2-relayd instance.
|
| services.mailcatcher.enable | Whether to enable MailCatcher, an SMTP server and web interface to locally test outbound emails.
|
| services.gitlab.smtp.enableStartTLSAuto | Whether to try to use StartTLS.
|
| services.hadoop.hdfs.journalnode.enable | Whether to enable HDFS JournalNode.
|
| services.moosefs.metalogger.enable | Whether to enable MooseFS metalogger daemon that maintains a backup copy of the master's metadata.
|
| services.nginx.enableQuicBPF | Enables routing of QUIC packets using eBPF
|
| services.datadog-agent.enableTraceAgent | Whether to enable the trace agent.
|
| services.icingaweb2.modules.doc.enable | Whether to enable the icingaweb2 doc module.
|
| services.upower.enableWattsUpPro | Enable the Watts Up Pro device
|
| services.mchprs.whitelist.enable | Whether or not the whitelist (in whitelist.json) shoud be enabled
|
| services.desktopManager.plasma6.enable | Enable the Plasma 6 (KDE 6) desktop environment.
|
| services.mpdscribble.enable | Whether to enable mpdscribble, an MPD client which submits info about tracks being played to Last.fm (formerly AudioScrobbler).
|
| services.calibre-web.options.reverseProxyAuth.enable | Enable authorization using auth proxy.
|
| services.hadoop.yarn.nodemanager.enable | Whether to enable Hadoop YARN NodeManager.
|
| services.nginx.enableReload | Reload nginx when configuration file changes (instead of restart)
|
| boot.bootspec.enableValidation | Whether to enable the validation of bootspec documents for each build
|
| services.gnome.localsearch.enable | Whether to enable LocalSearch, indexing services for TinySPARQL
search engine and metadata storage system.
|
| services.dovecot2.enableQuota | Whether to enable the dovecot quota service.
|
| security.pam.services.<name>.failDelay.enable | If enabled, this will replace the FAIL_DELAY setting from login.defs
|
| services.displayManager.autoLogin.enable | Automatically log in as autoLogin.user.
|
| services.handheld-daemon.adjustor.enable | Whether to enable Handheld Daemon TDP control plugin.
|
| services.librechat.enableLocalDB | Whether to enable a local mongodb instance.
|
| programs.traceroute.enable | Whether to configure a setcap wrapper for traceroute.
|
| programs.nautilus-open-any-terminal.enable | Whether to enable nautilus-open-any-terminal.
|
| services.technitium-dns-server.enable | Whether to enable Technitium DNS Server.
|
| services.matrix-appservice-irc.enable | Whether to enable the Matrix/IRC bridge.
|
| systemd.shutdownRamfs.contents.<name>.enable | Whether to enable copying of this file and symlinking it.
|
| networking.tcpcrypt.enable | Whether to enable opportunistic TCP encryption
|
| services.displayManager.sddm.enableHidpi | Whether to enable automatic HiDPI mode.
|
| programs.gpu-screen-recorder.enable | Whether to install gpu-screen-recorder and generate setcap
wrappers for promptless recording.
|
| services.k3s.gracefulNodeShutdown.enable | Whether to enable graceful node shutdowns where the kubelet attempts to detect
node system shutdown and terminates pods running on the node
|
| services.system76-scheduler.enable | Whether to enable system76-scheduler.
|
| services.klipper.firmwares.<name>.enable | Whether to enable building of firmware for manual flashing
.
|
| services.nextcloud.imaginary.enable | Whether to enable Imaginary.
|
| programs.rust-motd.enableMotdInSSHD | Whether to let openssh print the
result when entering a new ssh-session
|
| services.firezone.server.provision.enable | Whether to enable provisioning of the Firezone domain server.
|
| swapDevices.*.encrypted.enable | The block device is backed by an encrypted one, adds this device as a initrd luks entry.
|
| services.whitebophir.enable | Whether to enable whitebophir, an online collaborative whiteboard server (persistent state will be maintained under /var/lib/whitebophir).
|
| services.woodpecker-server.enable | Whether to enable the Woodpecker-Server, a CI/CD application for automatic builds, deployments and tests.
|
| services.postfix.enableHeaderChecks | Whether to enable postfix header checks
|
| services.icingaweb2.modules.test.enable | Whether to enable the icingaweb2 test module.
|
| security.apparmor.enableCache | Whether to enable caching of AppArmor policies
in /var/cache/apparmor/
|
| programs.wireshark.enable | Whether to add Wireshark to the global environment and create a 'wireshark'
group
|
| services.disnix.enableMultiUser | Whether to support multi-user mode by enabling the Disnix D-Bus service
|
| services.keepalived.snmp.enableRfc | Enable SNMP handling of RFC2787 and RFC6527 VRRP MIBs.
|
| networking.nftables.tables.<name>.enable | Enable this table.
|
| services.peering-manager.enableOidc | Enable OIDC-Authentication for Peering Manager
|
| services.peering-manager.enableLdap | Enable LDAP-Authentication for Peering Manager
|
| programs.nethoscope.enable | Whether to add nethoscope to the global environment and configure a
setcap wrapper for it.
|
| services.softether.vpnserver.enable | Whether to enable SoftEther VPN Server.
|
| services.softether.vpnbridge.enable | Whether to enable SoftEther VPN Bridge.
|
| services.softether.vpnclient.enable | Whether to enable SoftEther VPN Client.
|
| services.sabnzbd.settings.servers.<name>.enable | Enable this server by default
|
| services.postgresql.enableJIT | Whether to enable JIT support.
|
| hardware.nvidia.prime.offload.enableOffloadCmd | Whether to enable adding a nvidia-offload convenience script to environment.systemPackages
for offloading programs to an nvidia device
|
| services.nncp.daemon.socketActivation.enable | Whether to enable socket activation for nncp-daemon.
|
| boot.loader.systemd-boot.memtest86.enable | Make Memtest86+ available from the systemd-boot menu
|
| services.displayManager.cosmic-greeter.enable | Whether to enable COSMIC greeter.
|
| services.invidious.nginx.enable | Whether to configure nginx as a reverse proxy for Invidious
|
| services.netbird.server.management.enable | Whether to enable Netbird Management Service.
|
| services.xserver.displayManager.lightdm.enable | Whether to enable lightdm as the display manager.
|
| systemd.automounts.*.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.xserver.windowManager.ragnarwm.enable | Whether to enable ragnarwm.
|
| services.xserver.windowManager.katriawm.enable | Whether to enable katriawm.
|
| services.xserver.windowManager.metacity.enable | Whether to enable metacity.
|
| services.xserver.windowManager.spectrwm.enable | Whether to enable spectrwm.
|
| services.geoclue2.enableModemGPS | Whether to enable Modem-GPS source.
|
| services.mailman.enablePostfix | Enable Postfix integration
|
| documentation.man.mandoc.enable | Whether to enable mandoc as the default man page viewer.
|
| services.lighthouse.beacon.metrics.enable | Whether to enable Beacon node prometheus metrics.
|
| services.sympa.settingsFile.<name>.enable | Whether this file should be generated
|
| programs.zsh.enableCompletion | Enable zsh completion for all interactive zsh shells.
|
| services.buildkite-agents.<name>.enable | Whether to enable this buildkite agent
|
| services.keepalived.snmp.enableRfcV3 | Enable SNMP handling of RFC6527 VRRP MIB.
|
| services.keepalived.snmp.enableRfcV2 | Enable SNMP handling of RFC2787 VRRP MIB.
|
| services.strongswan-swanctl.enable | Whether to enable strongswan-swanctl service.
|
| services.endlessh-go.prometheus.enable | Whether to enable Prometheus integration.
|
| programs.soundmodem.enable | Whether to add Soundmodem to the global environment and configure a
wrapper for 'soundmodemconfig' for users in the 'soundmodem' group.
|
| services.hostapd.radios.<name>.wifi6.enable | Enables support for IEEE 802.11ax (WiFi 6, HE)
|
| services.localtimed.enable | Enable localtimed, a simple daemon for keeping the
system timezone up-to-date based on the current location
|
| programs.hyprland.systemd.setPath.enable | Set environment path of systemd to include the current system's bin directory
|
| programs.ssh.enableAskPassword | Whether to configure SSH_ASKPASS in the environment.
|
| services.desktopManager.cosmic.xwayland.enable | Whether to enable Xwayland support for the COSMIC compositor.
|
| services.wyoming.piper.servers.<name>.zeroconf.enable | Whether to enable zeroconf discovery.
|
| virtualisation.lxd.ui.enable | Whether to enable (experimental) LXD UI.
|
| services.lifecycled.queueCleaner.enable | Whether to enable lifecycled-queue-cleaner.
|
| services.kubernetes.addonManager.enable | Whether to enable Kubernetes addon manager.
|
| services.tor.client.transparentProxy.enable | Whether to enable transparent proxy.
|
| services.warpgate.settings.postgres.enable | Whether to enable PostgreSQL listener.
|
| services.invidious.http3-ytproxy.enable | Whether to enable http3-ytproxy for faster loading of images and video playback
|
| systemd.network.networks.<name>.enable | Whether to manage network configuration using systemd-network
|
| services.x2goserver.enable | Enables the x2goserver module
|
| services.ncps.analytics.reporting.enable | Enable reporting anonymous usage statistics (DB type, Lock type, Total Size) to the project maintainers.
|
| services.shorewall6.enable | Whether to enable Shorewall IPv6 Firewall.
Enabling this service WILL disable the existing NixOS
firewall! Default firewall rules provided by packages are not
considered at the moment.
|
| hardware.nvidia.powerManagement.enable | Whether to enable experimental power management through systemd
|
| services.hostapd.radios.<name>.wifi5.enable | Enables support for IEEE 802.11ac (WiFi 5, VHT)
|
| services.mediagoblin.enable | Whether to enable MediaGoblin
|
| services.icingaweb2.modules.setup.enable | Whether to enable the icingaweb2 setup module.
|
| programs.wireshark.usbmon.enable | Whether to allow users in the 'wireshark' group to capture USB traffic
|
| services.fedimintd.<name>.nginx.enable | Whether to configure nginx for fedimintd
|
| programs.command-not-found.enable | Whether interactive shells should show which Nix package (if
any) provides a missing command
|
| services.pdfding.consume.enable | Bulk PDF import from consume directory
|
| services.kmonad.keyboards.<name>.defcfg.enable | Whether to enable automatic generation of the defcfg block
|
| services.pantheon.contractor.enable | Whether to enable contractor, a desktop-wide extension service used by Pantheon.
|
| services.easytier.instances.<name>.enable | Enable the instance.
|
| services.crossfire-server.enable | If enabled, the Crossfire game server will be started at boot.
|
| services.linux-enable-ir-emitter.package | Package to use for the Linux Enable IR Emitter service.
|
| services.ayatana-indicators.enable | Whether to enable Ayatana Indicators, a continuation of Canonical's Application Indicators
.
|
| services.jitsi-videobridge.enable | Whether to enable Jitsi Videobridge, a WebRTC compatible video router.
|
| services.stunnel.enableInsecureSSLv3 | Enable support for the insecure SSLv3 protocol.
|
| services.keepalived.snmp.enableTraps | Enable SNMP traps.
|
| services.bacula-sd.director.<name>.tls.enable | Specifies if TLS should be enabled
|
| services.bacula-fd.director.<name>.tls.enable | Specifies if TLS should be enabled
|
| services.asusd.enableUserService | Activate the asusd-user service.
|
| services.inputplumber.enable | Whether to enable InputPlumber.
|
| services.powerstation.enable | Whether to enable PowerStation.
|
| services.photonvision.enable | Whether to enable PhotonVision.
|
| services.mtprotoproxy.enable | Whether to enable mtprotoproxy.
|
| services.your_spotify.enable | Whether to enable your_spotify.
|
| environment.etc.<name>.enable | Whether this /etc file should be generated
|
| services.amazon-cloudwatch-agent.enable | Whether to enable Amazon CloudWatch Agent.
|
| services.vmalert.instances.<name>.enable | Wether to enable VictoriaMetrics's vmalert.
vmalert evaluates alerting and recording rules against a data source, sends notifications via Alertmanager.
|
| services.httpd.virtualHosts.<name>.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.mastodon.mediaAutoRemove.enable | Automatically remove remote media attachments and preview cards older than the configured amount of days
|
| services.radicle.httpd.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.saunafs.chunkserver.enable | Whether to enable Saunafs chunkserver daemon.
|
| services.printing.cups-pdf.instances.<name>.enable | Whether to enable this cups-pdf instance.
|
| services.das_watchdog.enable | Whether to enable realtime watchdog.
|
| services.foundationdb.enable | Whether to enable FoundationDB Server.
|
| services.spamassassin.enable | Whether to enable the SpamAssassin daemon.
|
| hardware.system76.firmware-daemon.enable | Whether to enable the system76 firmware daemon
|
| services.authelia.instances.<name>.enable | Whether to enable Authelia instance.
|
| services.rke2.autoDeployCharts.<name>.enable | Whether to enable the installation of this Helm chart
|
| services.prometheus.exporters.sql.enable | Whether to enable the prometheus sql exporter.
|
| services.prometheus.exporters.frr.enable | Whether to enable the prometheus frr exporter.
|
| services.prometheus.exporters.nut.enable | Whether to enable the prometheus nut exporter.
|
| services.prometheus.exporters.lnd.enable | Whether to enable the prometheus lnd exporter.
|
| services.prometheus.exporters.pve.enable | Whether to enable the prometheus pve exporter.
|
| services.prometheus.exporters.zfs.enable | Whether to enable the prometheus zfs exporter.
|
| services.prometheus.exporters.kea.enable | Whether to enable the prometheus kea exporter.
|
| services.gitlab.sidekiq.memoryKiller.enable | Whether the Sidekiq MemoryKiller should be turned
on
|
| services.xserver.displayManager.startx.enable | Whether to enable the dummy "startx" pseudo-display manager, which
allows users to start X manually via the startx command from a
virtual terminal.
The X server will run under the current user, not as root.
|
| services.userdbd.enableSSHSupport | Whether to enable exposing OpenSSH public keys defined in userdb
|
| services.livebook.enableUserService | Whether to enable a user service for Livebook.
|
| services.tt-rss.enableGZipOutput | Selectively gzip output to improve wire performance
|
| services.heisenbridge.enable | Whether to enable the Matrix to IRC bridge.
|
| services.gmediarender.enable | Whether to enable the gmediarender DLNA renderer.
|
| services.xscreensaver.enable | Whether to enable xscreensaver user service.
|
| services.switcherooControl.enable | Whether to enable switcheroo-control, a D-Bus service to check the availability of dual-GPU.
|
| services.teeworlds.game.enableReadyMode | Whether to enable "ready mode"; where players can pause/unpause the game
and start the game in warmup, using their ready state.
|
| fileSystems.<name>.encrypted.enable | The block device is backed by an encrypted one, adds this device as a initrd luks entry.
|
| nixops.enableDeprecatedAutoLuks | Whether to enable the deprecated NixOps AutoLuks module.
|
| security.pam.services.<name>.enableAppArmor | Enable support for attaching AppArmor profiles at the
user/group level, e.g., as part of a role based access
control scheme.
|
| services.chatgpt-retrieval-plugin.enable | Whether to enable chatgpt-retrieval-plugin service.
|
| services.matterbridge.enable | Whether to enable Matterbridge chat platform bridge.
|
| services.triggerhappy.enable | Whether to enable the triggerhappy hotkey daemon.
|
| services.magic-wormhole-mailbox-server.enable | Whether to enable Magic Wormhole Mailbox Server.
|
| services.xserver.desktopManager.surf-display.enable | Whether to enable surf-display as a kiosk browser session.
|
| services.openafsServer.roles.backup.enableFabs | Whether to enable FABS, the flexible AFS backup system
|
| services.xserver.displayManager.sx.enable | Whether to enable the "sx" pseudo-display manager, which allows users
to start manually via the "sx" command from a vt shell
|
| services.cloudlog.update-lotw-users.enable | Whether to periodically update the list of LoTW users
|
| services.logrotate.settings.<name>.enable | Whether to enable setting individual kill switch.
|
| boot.loader.systemd-boot.netbootxyz.enable | Make netboot.xyz available from the
systemd-boot menu. netboot.xyz
is a menu system that allows you to boot OS installers and
utilities over the network.
|
| services.moosefs.chunkserver.enable | Whether to enable MooseFS chunkserver daemon that stores file data.
|
| services.synapse-auto-compressor.enable | Whether to enable synapse-auto-compressor.
|
| services.xserver.desktopManager.pantheon.enable | Enable the pantheon desktop manager
|
| services.spacecookie.settings.log.enable | Whether to enable logging for spacecookie.
|
| services.drupal.sites.<name>.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| programs.wireshark.dumpcap.enable | Whether to allow users in the 'wireshark' group to capture network traffic
|
| services.znapzend.zetup.<name>.mbuffer.enable | Whether to use mbuffer.
|
| security.pam.services.<name>.gnupg.enable | If enabled, pam_gnupg will attempt to automatically unlock the
user's GPG keys with the login password via
gpg-agent
|
| services.suricata.settings.logging.outputs.file.enable | Whether to enable logging to file.
|
| services.minecraft-server.enable | If enabled, start a Minecraft Server
|
| services.prometheus.exporters.ipmi.enable | Whether to enable the prometheus ipmi exporter.
|
| services.prometheus.exporters.mqtt.enable | Whether to enable the prometheus mqtt exporter.
|
| services.prometheus.exporters.ping.enable | Whether to enable the prometheus ping exporter.
|
| services.prometheus.exporters.snmp.enable | Whether to enable the prometheus snmp exporter.
|
| services.prometheus.exporters.mail.enable | Whether to enable the prometheus mail exporter.
|
| services.prometheus.exporters.knot.enable | Whether to enable the prometheus knot exporter.
|
| services.prometheus.exporters.ebpf.enable | Whether to enable the prometheus ebpf exporter.
|
| services.prometheus.exporters.nats.enable | Whether to enable the prometheus nats exporter.
|
| services.prometheus.exporters.bird.enable | Whether to enable the prometheus bird exporter.
|
| services.prometheus.exporters.node.enable | Whether to enable the prometheus node exporter.
|
| services.prometheus.exporters.bind.enable | Whether to enable the prometheus bind exporter.
|
| services.prometheus.exporters.json.enable | Whether to enable the prometheus json exporter.
|
| services.prometheus.exporters.flow.enable | Whether to enable the prometheus flow exporter.
|
| services.xserver.desktopManager.cinnamon.enable | Whether to enable the cinnamon desktop manager.
|
| programs.zsh.enableBashCompletion | Enable compatibility with bash's programmable completion system.
|
| services.dockerRegistry.enableDelete | Enable delete for manifests and blobs.
|
| services.healthchecks.enable | Enable healthchecks
|
| services.flaresolverr.enable | Whether to enable FlareSolverr, a proxy server to bypass Cloudflare protection.
|
| services.mautrix-meta.instances.<name>.enable | Whether to enable Mautrix-Meta, a Matrix <-> Facebook and Matrix <-> Instagram hybrid puppeting/relaybot bridge.
|
| services.nextcloud.autoUpdateApps.enable | Run a regular auto-update of all apps installed from the Nextcloud app store.
|
| services.wyoming.faster-whisper.servers.<name>.enable | Whether to enable Wyoming faster-whisper server.
|
| services.prometheus.exporters.php-fpm.enable | Whether to enable the prometheus php-fpm exporter.
|
| services.xtreemfs.mrc.replication.enable | Whether to enable XtreemFS MRC replication plugin.
|
| services.xtreemfs.dir.replication.enable | Whether to enable XtreemFS DIR replication plugin.
|
| services.discourse.mail.incoming.enable | Whether to set up Postfix to receive incoming mail.
|
| services.openiscsi.enableAutoLoginOut | Whether to enable automatic login and logout of all automatic targets
|
| services.hostapd.radios.<name>.wifi4.enable | Enables support for IEEE 802.11n (WiFi 4, HT)
|
| hardware.nvidia-container-toolkit.enable-hooks | List of hooks to enable when generating the CDI specification
|
| virtualisation.incus.ui.enable | Whether to enable Incus Web UI.
|
| services.writefreely.acme.enable | Whether or not to automatically fetch and configure SSL certs.
|
| services.xserver.windowManager.ratpoison.enable | Whether to enable ratpoison.
|
| services.xserver.windowManager.afterstep.enable | Whether to enable afterstep.
|
| services.xserver.windowManager.windowlab.enable | Whether to enable windowlab.
|
| services.xserver.windowManager.hackedbox.enable | Whether to enable hackedbox.
|
| services.xserver.windowManager.wmderland.enable | Whether to enable wmderland.
|
| services.scrutiny.influxdb.enable | Enables InfluxDB on the host system using the services.influxdb2 NixOS module
with default options
|
| services.gnome.gnome-browser-connector.enable | Whether to enable native host connector for the GNOME Shell browser extension, a DBus service
allowing to install GNOME Shell extensions from a web browser
.
|
| services.postgres-websockets.enable | Whether to enable postgres-websockets.
|
| services.xserver.desktopManager.xfce.enableXfwm | Enable the XFWM (default) window manager.
|
| services.ethercalc.enable | ethercalc, an online collaborative spreadsheet server
|
| services.victorialogs.enable | Whether to enable VictoriaLogs is an open source user-friendly database for logs from VictoriaMetrics.
|
| virtualisation.lxd.agent.enable | Whether to enable LXD agent.
|
| services.lighthouse.validator.enable | Enable Lightouse Validator node.
|
| services.kubernetes.apiserver.enable | Whether to enable Kubernetes apiserver.
|
| services.kubernetes.scheduler.enable | Whether to enable Kubernetes scheduler.
|
| services.xserver.desktopManager.plasma5.enable | Enable the Plasma 5 (KDE 5) desktop environment.
|
| services.input-remapper.enableUdevRules | Whether to enable udev rules added by input-remapper to handle hotplugged devices
|
| services.dependency-track.nginx.enable | Whether to set up an nginx virtual host.
|
| programs.steam.protontricks.enable | Whether to enable protontricks, a simple wrapper for running Winetricks commands for Proton-enabled games.
|
| services.radicle.ci.broker.enableHardening | Whether to enable systemd hardening.
|
| services.teeworlds.game.enableTeamDamage | Whether to enable team damage; whether to allow team mates to inflict damage on one another.
|
| services.kapacitor.defaultDatabase.enable | Whether to enable kapacitor.defaultDatabase.
|
| services.influxdb2.provision.enable | Whether to enable initial database setup and provisioning.
|
| services.sourcehut.postgresql.enable | Whether to enable local postgresql integration.
|
| hardware.nvidia-container-toolkit.enable | Enable dynamic CDI configuration for Nvidia devices by running
nvidia-container-toolkit on boot.
|
| services.schleuder.enablePostfix | Whether to enable automatic postfix integration.
|
| services.rke2.gracefulNodeShutdown.enable | Whether to enable graceful node shutdowns where the kubelet attempts to detect
node system shutdown and terminates pods running on the node
|
| services.pantheon.parental-controls.enable | Whether to enable Pantheon parental controls daemon.
|
| systemd.sysupdate.reboot.enable | Whether to automatically reboot after an update
|
| services.immich.database.enableVectors | Whether to enable pgvecto.rs in the database
|
| services.heisenbridge.identd.enable | Whether to enable identd service support.
|
| services.crowdsec-firewall-bouncer.enable | Whether to enable CrowdSec Firewall Bouncer.
|
| services.prometheus.exporters.nginx.enable | Whether to enable the prometheus nginx exporter.
|
| services.prometheus.exporters.idrac.enable | Whether to enable the prometheus idrac exporter.
|
| services.prometheus.exporters.kafka.enable | Whether to enable the prometheus kafka exporter.
|
| services.prometheus.exporters.dmarc.enable | Whether to enable the prometheus dmarc exporter.
|
| services.prometheus.exporters.redis.enable | Whether to enable the prometheus redis exporter.
|
| services.prometheus.exporters.v2ray.enable | Whether to enable the prometheus v2ray exporter.
|
| services.prometheus.exporters.fritz.enable | Whether to enable the prometheus fritz exporter.
|
| services.prometheus.exporters.jitsi.enable | Whether to enable the prometheus jitsi exporter.
|
| hardware.nvidia.prime.reverseSync.setupCommands.enable | Whether to enable configure the display manager to be able to use the outputs
attached to the NVIDIA GPU
|
| services.fastnetmon-advanced.enable | Whether to enable the fastnetmon-advanced DDoS Protection daemon.
|
| services.lighttpd.enableModules | List of lighttpd modules to enable
|
| services.languagetool.enable | Whether to enable the LanguageTool server, a multilingual spelling, style, and grammar checker that helps correct or paraphrase texts.
|
| services.dolibarr.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.kanboard.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.fediwall.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.agorakit.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.librenms.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.mainsail.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.pixelfed.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.dovecot2.mailPlugins.globally.enable | mail plugins to enable as a list of strings to append to the top-level $mail_plugins configuration variable
|
| services.hardware.deepcool-digital-linux.enable | Whether to enable DeepCool Digital monitoring daemon.
|
| services.pufferpanel.enable | Whether to enable PufferPanel game management server
|
| services.slurm.enableSrunX11 | If enabled srun will accept the option "--x11" to allow for X11 forwarding
from within an interactive session or a batch job
|
| services.immich.database.enableVectorChord | Whether to enable the new VectorChord extension for full-text search in Postgres.
|
| services.rke2.manifests.<name>.enable | Whether this manifest file should be generated.
|
| services.shadowsocks.enable | Whether to run shadowsocks-libev shadowsocks server.
|
| virtualisation.tpm.enable | Whether to enable a TPM device in the virtual machine with a driver, using swtpm.
|
| services.silverbullet.enable | Whether to enable Silverbullet, an open-source, self-hosted, offline-capable Personal Knowledge Management (PKM) web application.
|
| services.gitlab-runner.clear-docker-cache.enable | Whether to periodically prune gitlab runner's Docker resources
|
| services.mjolnir.pantalaimon.enable | Whether to enable ignoring the accessToken
|
| services.prometheus.exporters.node-cert.enable | Whether to enable the prometheus node-cert exporter.
|
| services.movim.precompressStaticFiles.gzip.enable | Whether to enable Gzip precompression.
|
| services.esdm.enableLinuxCompatServices | Enable /dev/random, /dev/urandom and /proc/sys/kernel/random/* userspace wrapper.
|
| networking.stevenblack.enable | Whether to enable the stevenblack hosts file blocklist.
|
| virtualisation.cri-o.enable | Whether to enable Container Runtime Interface for OCI (CRI-O).
|
| fileSystems.<name>.enable | Whether to enable the filesystem mount.
|
| services.dockerRegistry.enableRedisCache | Whether to enable redis as blob cache.
|
| services.teamspeak3.enable | Whether to run the Teamspeak3 voice communication server daemon.
|
| programs.light.brightnessKeys.enable | Whether to enable brightness control with keyboard keys
|
| security.pam.services.<name>.kwallet.enable | If enabled, pam_wallet will attempt to automatically unlock the
user's default KDE wallet upon login
|
| programs.zsh.syntaxHighlighting.enable | Whether to enable zsh-syntax-highlighting.
|
| services.cloudlog.upload-clublog.enable | Whether to periodically upload logs to Clublog
|
| services.rspamd.overrides.<name>.enable | Whether this file overrides should be generated
|
| services.pgpkeyserver-lite.enable | Whether to enable pgpkeyserver-lite on a nginx vHost proxying to a gpg keyserver.
|
| services.kbfs.enableRedirector | Whether to enable the Keybase root redirector service, allowing
any user to access KBFS files via /keybase,
which will show different contents depending on the requester.
|
| services.borgmatic.enableConfigCheck | Whether to enable checking all configurations during build time.
|
| services.prometheus.enableAgentMode | Whether to enable agent mode.
|
| services.rabbitmq.managementPlugin.enable | Whether to enable the management plugin.
|
| services.firefox-syncserver.singleNode.enable | Whether to enable auto-configuration for a simple single-node setup.
|
| services.pipewire.wireplumber.enable | Whether to enable WirePlumber, a modular session / policy manager for PipeWire
|
| services.icingaweb2.modules.migrate.enable | Whether to enable the icingaweb2 migrate module.
|
| services.xserver.desktopManager.plasma5.mobile.enable | Enable support for running the Plasma Mobile shell.
|
| services.pulseaudio.zeroconf.publish.enable | Whether to enable publishing the pulseaudio sink in the local network.
|
| services.shibboleth-sp.fastcgi.enable | Whether to include the shibauthorizer and shibresponder FastCGI processes
|
| services.webhook.enableTemplates | Enable the generated hooks file to be parsed as a Go template
|
| services.xserver.desktopManager.retroarch.enable | Whether to enable RetroArch.
|
| programs.singularity.enable | Whether to install Singularity/Apptainer with system-level overriding such as SUID support.
|
| services.suricata.settings.logging.outputs.syslog.enable | Whether to enable logging to syslog.
|
| services.karakeep.meilisearch.enable | Enable Meilisearch and configure Karakeep to use it
|
| services.nagios.virtualHost.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.moodle.virtualHost.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.chrony.enableRTCTrimming | Enable tracking of the RTC offset to the system clock and automatic trimming
|
| services.interception-tools.enable | Whether to enable the interception tools service.
|
| services.ocsinventory-agent.enable | Whether to enable OCS Inventory Agent.
|
| virtualisation.incus.agent.enable | Whether to enable Incus agent.
|
| documentation.man.enable | Whether to install manual pages
|
| services.prometheus.exporters.chrony.enable | Whether to enable the prometheus chrony exporter.
|
| services.prometheus.exporters.mysqld.enable | Whether to enable the prometheus mysqld exporter.
|
| services.prometheus.exporters.restic.enable | Whether to enable the prometheus restic exporter.
|
| services.prometheus.exporters.script.enable | Whether to enable the prometheus script exporter.
|
| services.prometheus.exporters.dnssec.enable | Whether to enable the prometheus dnssec exporter.
|
| services.prometheus.exporters.tibber.enable | Whether to enable the prometheus tibber exporter.
|
| services.prometheus.exporters.pihole.enable | Whether to enable the prometheus pihole exporter.
|
| services.prometheus.exporters.rspamd.enable | Whether to enable the prometheus rspamd exporter.
|
| services.prometheus.exporters.shelly.enable | Whether to enable the prometheus shelly exporter.
|
| services.prometheus.exporters.statsd.enable | Whether to enable the prometheus statsd exporter.
|
| services.prometheus.exporters.deluge.enable | Whether to enable the prometheus deluge exporter.
|
| services.prometheus.exporters.domain.enable | Whether to enable the prometheus domain exporter.
|
| services.prometheus.exporters.fastly.enable | Whether to enable the prometheus fastly exporter.
|
| networking.interfaces.<name>.wakeOnLan.enable | Whether to enable wol on this interface.
|
| services.postfixadmin.enable | Whether to enable postfixadmin
|
| systemd.enableEmergencyMode | Whether to enable emergency mode, which is an
sulogin shell started on the console if
mounting a filesystem fails
|
| networking.nftables.enable | Whether to enable nftables and use nftables based firewall if enabled.
nftables is a Linux-based packet filtering framework intended to
replace frameworks like iptables
|
| programs.nix-required-mounts.presets.nvidia-gpu.enable | Whether to enable Declare the support for derivations that require an Nvidia GPU to be
available, e.g. derivations with requiredSystemFeatures = [ "cuda" ]
|
| services.nebula-lighthouse-service.enable | Whether to enable nebula-lighthouse-service.
|
| services.matrix-appservice-discord.enable | Whether to enable a bridge between Matrix and Discord.
|
| services.networkd-dispatcher.enable | Whether to enable Networkd-dispatcher service for systemd-networkd connection status
change
|
| services.cloudlog.update-clublog-scp.enable | Whether to periodically update the Clublog SCP database
|
| services.angrr.settings.profile-policies.<name>.enable | Whether to enable this angrr policy.
|
| services.calibre-web.options.enableKepubify | Whether to enable kepub conversion support.
|
| programs.fish.vendor.completions.enable | Whether fish should use completion files provided by other packages.
|
| security.pam.services.<name>.ttyAudit.enablePattern | For each user matching one of comma-separated
glob patterns, enable TTY auditing
|
| services.xserver.displayManager.lightdm.greeters.gtk.enable | Whether to enable lightdm-gtk-greeter as the lightdm greeter.
|
| services.memcached.enableUnixSocket | Whether to enable Unix Domain Socket at /run/memcached/memcached.sock instead of listening on an IP address and port
|
| security.pam.services.<name>.duoSecurity.enable | If set, use the Duo Security pam module
pam_duo for authentication
|
| hardware.facter.detected.fingerprint.enable | Whether to enable Fingerprint devices.
|
| services.mediawiki.httpd.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.radicle.ci.adapters.native.instances.<name>.enable | Whether to enable this radicle-native-ci instance.
|
| services.dysnomia.enableLegacyModules | Whether to enable Dysnomia legacy process and wrapper modules
|
| security.pam.services.<name>.enableUMask | If enabled, the pam_umask module will be loaded.
|
| services.firezone.relay.enableTelemetry | Whether to enable telemetry.
|
| services.prometheus.exporters.nvidia-gpu.enable | Whether to enable the prometheus nvidia-gpu exporter.
|
| hardware.system76.kernel-modules.enable | Whether to make the system76 out-of-tree kernel modules available
|
| programs.singularity.enableSuid | Whether to enable the SUID support of Singularity/Apptainer.
|
| services.blockbook-frontend.<name>.enable | Whether to enable blockbook-frontend application.
|
| services.elasticsearch.enable | Whether to enable elasticsearch.
|
| programs.opengamepadui.enable | Whether to enable opengamepadui.
|
| services.globalprotect.enable | Whether to enable globalprotect.
|
| services.matrix-continuwuity.enable | Whether to enable continuwuity.
|
| programs.proxychains.proxies.<name>.enable | Whether to enable this proxy.
|
| services.xserver.displayManager.lightdm.greeters.enso.enable | Whether to enable enso-os-greeter as the lightdm greeter
|
| hardware.facter.detected.networking.intel._2200BG.enable | Whether to enable the Facter Intel 2200BG module.
|
| services.keepalived.snmp.enableChecker | Enable SNMP handling of checker element of KEEPALIVED MIB.
|
| services.netbird.server.dashboard.enableNginx | Whether to enable Nginx reverse-proxy to serve the dashboard.
|
| services.mattermost.matterircd.enable | Whether to enable Mattermost IRC bridge.
|
| services.hddfancontrol.enable | Whether to enable hddfancontrol daemon.
|
| services.networkaudiod.enable | Whether to enable Networkaudiod (NAA).
|
| services.matrix-alertmanager.enable | Whether to enable matrix-alertmanager.
|
| services.torrentstream.enable | Whether to enable TorrentStream daemon.
|
| services.warpgate.settings.recordings.enable | Whether to enable session recording.
|
| services.peertube.enableWebHttps | Whether clients will access your PeerTube instance with HTTPS
|
| services.suricata.settings.logging.outputs.console.enable | Whether to enable logging to console.
|
| services.privatebin.enableNginx | Whether to enable nginx or not
|
| services.outline.enableUpdateCheck | Have the installation check for updates by sending anonymized statistics
to the maintainers.
|
| hardware.nvidia.modesetting.enable | Whether to enable kernel modesetting when using the NVIDIA proprietary driver
|
| services.anuko-time-tracker.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.nextcloud.notify_push.enable | Whether to enable Notify push.
|
| virtualisation.qemu.guestAgent.enable | Enable the Qemu guest agent.
|
| services.wyoming.openwakeword.enable | Whether to enable Wyoming protocol server for openWakeWord wake word detection system.
|
| services.trafficserver.enable | Whether to enable Apache Traffic Server.
|
| services.nullidentdmod.enable | Whether to enable the nullidentdmod identd daemon.
|
| services.wasabibackend.enable | Whether to enable Wasabi backend service.
|
| services.hylafax.faxcron.enable.frequency | purging old files from the spooling area with
faxcron with the given frequency
(see systemd.time(7))
|
| services.consul-template.instances.<name>.enable | Whether to enable this consul-template instance.
|
| documentation.doc.enable | Whether to install documentation distributed in packages' /share/doc
|
| hardware.facter.detected.networking.intel._3945ABG.enable | Whether to enable the Facter Intel 3945ABG module.
|
| boot.loader.generationsDir.enable | Whether to create symlinks to the system generations under
/boot
|
| documentation.info.enable | Whether to install info pages and the info command
|
| virtualisation.vmware.guest.enable | Whether to enable VMWare Guest Support.
|
| services.movim.precompressStaticFiles.brotli.enable | Whether to enable Brotli precompression.
|
| networking.resolvconf.enable | Whether DNS configuration is managed by resolvconf.
|
| programs.foot.enableZshIntegration | Whether to enable foot zsh integration.
|
| programs.coolercontrol.enable | Whether to enable CoolerControl GUI & its background services.
|
| services.mqtt2influxdb.enable | Whether to enable BigClown MQTT to InfluxDB bridge.
|
| services.zabbixWeb.httpd.virtualHost.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.zabbixWeb.nginx.virtualHost.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.geoclue2.enableNmea | Whether to fetch location from NMEA sources on local network.
|
| services.prometheus.exporters.apcupsd.enable | Whether to enable the prometheus apcupsd exporter.
|
| services.prometheus.exporters.bitcoin.enable | Whether to enable the prometheus bitcoin exporter.
|
| services.prometheus.exporters.sabnzbd.enable | Whether to enable the prometheus sabnzbd exporter.
|
| services.prometheus.exporters.process.enable | Whether to enable the prometheus process exporter.
|
| services.prometheus.exporters.ecoflow.enable | Whether to enable the prometheus ecoflow exporter.
|
| services.prometheus.exporters.libvirt.enable | Whether to enable the prometheus libvirt exporter.
|
| services.prometheus.exporters.klipper.enable | Whether to enable the prometheus klipper exporter.
|
| services.prometheus.exporters.varnish.enable | Whether to enable the prometheus varnish exporter.
|
| services.prometheus.exporters.dnsmasq.enable | Whether to enable the prometheus dnsmasq exporter.
|
| services.prometheus.exporters.postfix.enable | Whether to enable the prometheus postfix exporter.
|
| services.prometheus.exporters.systemd.enable | Whether to enable the prometheus systemd exporter.
|
| services.prometheus.exporters.dovecot.enable | Whether to enable the prometheus dovecot exporter.
|
| services.prometheus.exporters.mongodb.enable | Whether to enable the prometheus mongodb exporter.
|
| services.prometheus.exporters.unbound.enable | Whether to enable the prometheus unbound exporter.
|
| services.networking.websockify.enable | Whether to enable websockify to forward websocket connections to TCP connections.
|
| services.cpuminer-cryptonight.enable | Whether to enable the cpuminer cryptonight miner.
|
| services.invoiceplane.sites.<name>.enable | Whether to enable InvoicePlane web application.
|
| systemd.enableCgroupAccounting | Whether to enable cgroup accounting; see cgroups(7).
|
| services.lighthouse.validator.metrics.enable | Whether to enable Validator node prometheus metrics.
|
| services.librenms.enableLocalBilling | Enable billing Cron-Jobs on the local instance
|
| services.xserver.displayManager.lightdm.greeters.slick.enable | Whether to enable lightdm-slick-greeter as the lightdm greeter.
|
| services.tsidp.settings.enableFunnel | Use Tailscale Funnel to make tsidp available on the public internet so it works with SaaS products.
|
| services.go-shadowsocks2.server.enable | Whether to enable go-shadowsocks2 server.
|
| services.journaldriver.enable | Whether to enable journaldriver to forward journald logs to
Stackdriver Logging.
|
| services.gitea-actions-runner.instances.<name>.enable | Whether to enable Gitea Actions Runner instance.
|
| services.postgresql.systemCallFilter.<name>.enable | Whether to enable ‹name› in postgresql's syscall filter.
|
| services.jitsi-meet.videobridge.enable | Jitsi Videobridge instance and configure it to connect to Prosody
|
| services.invoiceplane.sites.<name>.cron.enable | Enable cron service which periodically runs Invoiceplane tasks
|
| services.openafsServer.roles.database.enable | Database server role, maintains the Volume Location Database,
Protection Database (and Backup Database, see
backup role)
|
| services.discourse.enableACME | Whether an ACME certificate should be used to secure
connections to the server.
|
| services.bookstack.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.nextcloud-spreed-signaling.enable | Whether to enable Spreed standalone signaling server.
|
| services.transmission.enable | Whether to enable the headless Transmission BitTorrent daemon
|
| services.peertube.redis.enableUnixSocket | Use Unix socket.
|
| services.mastodon.redis.enableUnixSocket | Use Unix socket
|
| programs.starship.transientPrompt.enable | Whether to enable Starship's transient prompt
feature in fish shells
|
| programs.foot.enableFishIntegration | Whether to enable foot fish integration.
|
| programs.foot.enableBashIntegration | Whether to enable foot bash integration.
|
| hardware.alsa.enablePersistence | Whether to enable ALSA sound card state saving on shutdown
|
| services.geoclue2.enableStatic | Whether to enable the static source
|
| services.librespeed.frontend.enable | Enables the LibreSpeed frontend and adds a nginx virtual host if
not explicitly disabled and services.librespeed.domain is not null.
|
| security.chromiumSuidSandbox.enable | Whether to install the Chromium SUID sandbox which is an executable that
Chromium may use in order to achieve sandboxing
|
| services.woodpecker-agents.agents.<name>.enable | Whether to enable this Woodpecker-Agent
|
| services.xserver.displayManager.lightdm.greeters.mini.enable | Whether to enable lightdm-mini-greeter as the lightdm greeter
|
| services.xserver.displayManager.lightdm.greeters.tiny.enable | Whether to enable lightdm-tiny-greeter as the lightdm greeter
|
| services.autorandr.profiles.<name>.config.<name>.enable | Whether to enable the output.
|
| services.homed.promptOnFirstBoot | Whether to enable interactively prompting for user creation on first boot
.
|
| services.sourcehut.builds.enableWorker | Whether to enable worker for builds.sr.ht
For smaller deployments, job runners can be installed alongside the master server
but even if you only build your own software, integration with other services
may cause you to run untrusted builds
(e.g. automatic testing of patches via listssrht)
|
| services.xserver.displayManager.lightdm.greeters.lomiri.enable | Whether to enable lomiri's greeter as the lightdm greeter.
|
| services.prometheus.exporters.py-air-control.enable | Whether to enable the prometheus py-air-control exporter.
|
| services.jitterentropy-rngd.enable | Whether to enable jitterentropy-rngd service configuration.
|
| services.xserver.displayManager.lightdm.greeters.mobile.enable | Whether to enable lightdm-mobile-greeter as the lightdm greeter.
|
| virtualisation.rosetta.enable | Whether to enable Rosetta support
|
| services.chrony.enableMemoryLocking | Whether to add the -m flag to lock memory.
|
| services.taskchampion-sync-server.enable | Whether to enable TaskChampion Sync Server for Taskwarrior 3.
|
| services.angrr.enableNixGcIntegration | Whether to enable nix-gc.service integration.
|
| services.limesurvey.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| hardware.alsa.enableRecorder | Whether to set up a loopback device that continuously records and
allows to play back audio from the computer
|
| services.unbound.enableRootTrustAnchor | Use and update root trust anchor for DNSSEC validation.
|
| virtualisation.xen.enable | Whether to enable the Xen Project Hypervisor, a virtualisation technology defined as a type-1 hypervisor, which allows multiple virtual machines, known as domains, to run concurrently on the physical machine
|
| programs.nix-index.enableZshIntegration | Whether to enable Zsh integration.
|
| services.xserver.enableCtrlAltBackspace | Whether to enable the DontZap option, which binds Ctrl+Alt+Backspace
to forcefully kill X
|
| services.nebula.networks.<name>.enableReload | Enable automatic config reload on config change
|
| services.limesurvey.httpd.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.prometheus.exporters.collectd.enable | Whether to enable the prometheus collectd exporter.
|
| services.prometheus.exporters.smartctl.enable | Whether to enable the prometheus smartctl exporter.
|
| services.prometheus.exporters.mikrotik.enable | Whether to enable the prometheus mikrotik exporter.
|
| services.prometheus.exporters.blackbox.enable | Whether to enable the prometheus blackbox exporter.
|
| services.prometheus.exporters.graphite.enable | Whether to enable the prometheus graphite exporter.
|
| services.prometheus.exporters.postgres.enable | Whether to enable the prometheus postgres exporter.
|
| services.prometheus.exporters.unpoller.enable | Whether to enable the prometheus unpoller exporter.
|
| services.prometheus.exporters.opnsense.enable | Whether to enable the prometheus opnsense exporter.
|
| services.prometheus.exporters.influxdb.enable | Whether to enable the prometheus influxdb exporter.
|
| services.prometheus.exporters.keylight.enable | Whether to enable the prometheus keylight exporter.
|
| services.prometheus.exporters.fritzbox.enable | Whether to enable the prometheus fritzbox exporter.
|
| services.prometheus.exporters.nginxlog.enable | Whether to enable the prometheus nginxlog exporter.
|
| services.xserver.windowManager.windowmaker.enable | Whether to enable windowmaker.
|
| security.tpm2.tctiEnvironment.enable | Set common TCTI environment variables to the specified value
|
| virtualisation.xen.store.settings.quota.enable | Whether to enable the quota system.
|
| virtualisation.xen.store.settings.perms.enable | Whether to enable the node permission system.
|
| services.pulseaudio.zeroconf.discovery.enable | Whether to enable discovery of pulseaudio sinks in the local network.
|
| services.journalwatch.enable | If enabled, periodically check the journal with journalwatch and report the results by mail.
|
| services.prometheus.pushgateway.enable | Whether to enable Prometheus Pushgateway.
|
| services.prometheus.exporters.rtl_433.enable | Whether to enable the prometheus rtl_433 exporter.
|
| services.openafsServer.roles.fileserver.enable | Fileserver role, serves files and volumes from its local storage.
|
| services.syslogd.enableNetworkInput | Accept logging through UDP
|
| services.jirafeau.nginxConfig.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.netbird.server.management.enableNginx | Whether to enable Nginx reverse-proxy for the netbird management service.
|
| services.firezone.gateway.enableTelemetry | Whether to enable telemetry.
|
| hardware.openrazer.batteryNotifier.enable | Mouse battery notifier.
|
| programs.direnv.enableZshIntegration | Whether to enable Zsh integration
.
|
| programs.zoxide.enableZshIntegration | Whether to enable Zsh integration.
|
| programs.nix-index.enableFishIntegration | Whether to enable Fish integration.
|
| programs.nix-index.enableBashIntegration | Whether to enable Bash integration.
|
| services.linux-enable-ir-emitter.device | IR camera device to depend on
|
| services.dovecot2.mailPlugins.perProtocol.<name>.enable | mail plugins to enable as a list of strings to append to the corresponding per-protocol $mail_plugins configuration variable
|
| virtualisation.hypervGuest.enable | Whether to enable Hyper-V Guest Support.
|
| virtualisation.vswitch.enable | Whether to enable Open vSwitch
|
| virtualisation.libvirtd.dbus.enable | Whether to enable exposing libvirtd APIs over D-Bus.
|
| services.armagetronad.servers.<name>.enable | Whether to enable armagetronad.
|
| services.tt-rss.registration.enable | Allow users to register themselves
|
| services.wordpress.sites.<name>.virtualHost.enableUserDir | Whether to enable serving ~/public_html as
/~«username».
|
| services.prometheus.exporters.imap-mailstat.enable | Whether to enable the prometheus imap-mailstat exporter.
|
| services.firefox-syncserver.enable | Whether to enable the Firefox Sync storage service
|
| services.gotenberg.enableBasicAuth | HTTP Basic Authentication
|
| programs.obs-studio.enableVirtualCamera | Installs and sets up the v4l2loopback kernel module, necessary for OBS
to start a virtual camera.
|
| services.httpd.virtualHosts.<name>.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.nginx.virtualHosts.<name>.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| hardware.facter.detected.virtualisation.qemu.enable | Whether to enable Enable the Facter Virtualisation Qemu module.
|
| hardware.facter.detected.virtualisation.none.enable | Whether to enable Enable the Facter Virtualisation None module.
|
| services.prometheus.exporters.postfix.systemd.enable | Whether to enable reading metrics from the systemd journal instead of from a logfile
|
| programs.zoxide.enableBashIntegration | Whether to enable Bash integration.
|
| programs.direnv.enableBashIntegration | Whether to enable Bash integration
.
|
| programs.zoxide.enableFishIntegration | Whether to enable Fish integration.
|
| programs.direnv.enableFishIntegration | Whether to enable Fish integration
.
|
| services.xserver.xautolock.enableNotifier | Whether to enable the notifier feature of xautolock
|
| services.automatic-timezoned.enable | Enable automatic-timezoned, simple daemon for keeping the system
timezone up-to-date based on the current location
|
| documentation.nixos.enable | Whether to install NixOS's own documentation.
|
| programs.qgroundcontrol.enable | Whether to enable qgroundcontrol.
|
| virtualisation.waydroid.enable | Whether to enable Waydroid.
|
| services.firefly-iii-data-importer.enableNginx | Whether to enable nginx or not
|
| documentation.enable | Whether to install documentation of packages from
environment.systemPackages into the generated system path
|
| services.nextcloud-whiteboard-server.enable | Whether to enable Nextcloud backend server for the Whiteboard app.
|
| services.xserver.desktopManager.plasma5.bigscreen.enable | Enable support for running the Plasma Bigscreen session.
|
| hardware.amdgpu.amdvlk.supportExperimental.enable | Whether to enable Experimental features support.
|
| services.drupal.sites.<name>.virtualHost.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.libretranslate.enable | Whether to enable LibreTranslate service.
|
| virtualisation.kvmgt.enable | Whether to enable KVMGT (iGVT-g) VGPU support
|
| services.prometheus.exporters.smokeping.enable | Whether to enable the prometheus smokeping exporter.
|
| services.prometheus.exporters.pgbouncer.enable | Whether to enable the prometheus pgbouncer exporter.
|
| services.prometheus.exporters.nextcloud.enable | Whether to enable the prometheus nextcloud exporter.
|
| services.prometheus.exporters.rasdaemon.enable | Whether to enable the prometheus rasdaemon exporter.
|
| services.prometheus.exporters.borgmatic.enable | Whether to enable the prometheus borgmatic exporter.
|
| services.prometheus.exporters.tailscale.enable | Whether to enable the prometheus tailscale exporter.
|
| services.prometheus.exporters.surfboard.enable | Whether to enable the prometheus surfboard exporter.
|
| services.prometheus.exporters.wireguard.enable | Whether to enable the prometheus wireguard exporter.
|
| services.xserver.displayManager.lightdm.greeter.enable | If set to false, run lightdm in greeterless mode
|
| documentation.dev.enable | Whether to install documentation targeted at developers.
- This includes man pages targeted at developers if
documentation.man.enable is
set (this also includes "devman" outputs).
- This includes info pages targeted at developers if
documentation.info.enable
is set (this also includes "devinfo" outputs).
- This includes other pages targeted at developers if
documentation.doc.enable
is set (this also includes "devdoc" outputs).
|
| services.firefox-syncserver.singleNode.enableTLS | Whether to enable automatic TLS setup.
|
| services.nebula.networks.<name>.lighthouse.dns.enable | Whether this lighthouse node should serve DNS.
|
| services.prometheus.exporters.junos-czerwonk.enable | Whether to enable the prometheus junos-czerwonk exporter.
|
| virtualisation.lxc.enable | This enables Linux Containers (LXC), which provides tools
for creating and managing system or application containers
on Linux.
|
| services.angrr.settings.temporary-root-policies.<name>.enable | Whether to enable this angrr policy.
|
| services.prometheus.exporters.mailman3.enable | Whether to enable the prometheus mailman3 exporter.
|
| services.xserver.displayManager.lightdm.greeters.pantheon.enable | Whether to enable elementary-greeter as the lightdm greeter.
|
| services.hylafax.faxqclean.enable.frequency | Purge old files from the spooling area with
faxcron with the given frequency
(see systemd.time(7)).
|
| services.nextcloud.config.objectstore.s3.enable | Whether to enable S3 object storage as primary storage
|
| services.graphite.carbon.enableAggregator | Whether to enable carbon aggregator, the carbon buffering service.
|
| services.audiobookshelf.enable | Whether to enable Audiobookshelf, self-hosted audiobook and podcast server.
|
| services.paretosecurity.enable | Whether to enable ParetoSecurity agent and its root helper.
|
| virtualisation.incus.enable | Whether to enable incusd, a daemon that manages containers and virtual machines
|
| programs.zoxide.enableXonshIntegration | Whether to enable Xonsh integration.
|
| programs.direnv.enableXonshIntegration | Whether to enable Xonsh integration
.
|
| services.evdevremapkeys.enable | Whether to enable evdevremapkeys, a daemon to remap events on linux input devices.
|
| services.kubernetes.controllerManager.enable | Whether to enable Kubernetes controller manager.
|
| services.geoclue2.enableDemoAgent | Whether to use the GeoClue demo agent
|
| services.onlyoffice.enableExampleServer | Whether to enable OnlyOffice example server.
|
| services.your_spotify.enableLocalDB | Whether to enable a local mongodb instance.
|
| virtualisation.appvm.enable | This enables AppVMs and related virtualisation settings.
|
| services.xserver.windowManager.herbstluftwm.enable | Whether to enable herbstluftwm.
|
| services.icingaweb2.modules.monitoring.enable | Whether to enable the icingaweb2 monitoring module.
|
| services.part-db.enablePostgresql | Whether to configure the postgresql database for part-db
|
| hardware.logitech.wireless.enableGraphical | Enable graphical support applications.
|
| services.dockerRegistry.enableGarbageCollect | Whether to enable garbage collect.
|
| services.victoriatraces.enable | Whether to enable VictoriaTraces is an open source distributed traces storage and query engine from VictoriaMetrics.
|
| programs.dms-shell.enableDynamicTheming | Whether to install dependencies required for dynamic theming support
|
| services.mastodon.enableUnixSocket | Instead of binding to an IP address like 127.0.0.1, you may bind to a Unix socket
|
| environment.enableDebugInfo | Some NixOS packages provide debug symbols
|
| services.hologram-server.enableLdapRoles | Whether to assign user roles based on the user's LDAP group memberships
|
| hardware.facter.detected.virtualisation.oracle.enable | Whether to enable Enable the Facter Virtualisation Oracle module.
|
| services.elasticsearch-curator.enable | Whether to enable elasticsearch curator.
|
| virtualisation.lxc.lxcfs.enable | This enables LXCFS, a FUSE filesystem for LXC
|
| services.echoip.enableReverseHostnameLookups | Whether to enable reverse hostname lookups.
|
| hardware.facter.detected.virtualisation.hyperv.enable | Whether to enable Enable the Facter Virtualisation Hyper-V module.
|
| services.hitch.ocsp-stapling.enabled | Whether to enable OCSP Stapling
|
| services.prometheus.alertmanager.enable | Whether to enable Prometheus Alertmanager.
|
| services.matrix-continuwuity.admin.enable | Add conduwuit command to PATH for administration
|
| programs.dms-shell.enableCalendarEvents | Whether to install dependencies required for calendar events support
|
| systemd.enableStrictShellChecks | Whether to run shellcheck on the generated scripts for systemd
units
|
| programs.zsh.autosuggestions.enable | Whether to enable zsh-autosuggestions.
|
| services.teeworlds.game.enablePowerups | Whether to allow powerups such as the ninja.
|
| services.smartd.notifications.wall.enable | Whenever to send wall notifications to all users.
|
| services.smartd.notifications.mail.enable | Whenever to send e-mail notifications.
|
| services.fail2ban.bantime-increment.enable | "bantime.increment" allows to use database for searching of previously banned ip's to increase
a default ban time using special formula, default it is banTime * 1, 2, 4, 8, 16, 32 ...
|
| services.firefox-syncserver.singleNode.enableNginx | Whether to enable nginx virtualhost definitions.
|
| services.xserver.windowManager.xmonad.enableContribAndExtras | Enable xmonad-{contrib,extras} in Xmonad.
|
| services.prometheus.exporters.buildkite-agent.enable | Whether to enable the prometheus buildkite-agent exporter.
|
| hardware.digitalbitbox.enable | Enables udev rules for Digital Bitbox devices.
|
| services.parsedmarc.provision.localMail.enable | Whether Postfix and Dovecot should be set up to receive
mail locally. parsedmarc will be configured to watch the
local inbox as the automatically created user specified in
services.parsedmarc.provision.localMail.recipientName
|
| services.syncthing.settings.folders.<name>.enable | Whether to share this folder
|
| systemd.user.services.<name>.enableDefaultPath | Whether to append a minimal default PATH environment variable to the service, containing common system utilities.
|
| services.prometheus.exporters.storagebox.enable | Whether to enable the prometheus storagebox exporter.
|
| services.prometheus.exporters.scaphandre.enable | Whether to enable the prometheus scaphandre exporter.
|
| services.postfix.enableSubmission | Whether to enable the `submission` service configured in master.cf
|
| boot.loader.generic-extlinux-compatible.enable | Whether to generate an extlinux-compatible configuration file
under /boot/extlinux.conf
|
| services.xserver.desktopManager.mate.enableWaylandSession | Whether to enable MATE Wayland session.
|
| programs.digitalbitbox.enable | Installs the Digital Bitbox application and enables the complementary hardware module.
|
| services.teeworlds.server.enableHighBandwidth | Whether to enable high bandwidth mode on LAN servers
|
| services.xserver.desktopManager.xfce.enableWaylandSession | Whether to enable the experimental Xfce Wayland session.
|
| services.mediawiki.httpd.virtualHost.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.postgresql.enableTCPIP | Whether PostgreSQL should listen on all network interfaces
|
| services.prometheus.alertmanager-ntfy.enable | Whether to enable alertmanager-ntfy.
|
| services.grafana.settings.smtp.enabled | Whether to enable SMTP.
|
| virtualisation.multipass.enable | Whether to enable Multipass, a simple manager for virtualised Ubuntu instances.
|
| services.wstunnel.servers.<name>.enableHTTPS | Use HTTPS for the tunnel server.
|
| services.guacamole-client.enableWebserver | Enable the Guacamole web application in a Tomcat webserver.
|
| services.frigate.settings.mqtt.enabled | Whether to enable MQTT support.
|
| systemd.user.services.<name>.enableStrictShellChecks | Enable running shellcheck on the generated scripts for this unit
|
| services.rsnapshot.enableManualRsnapshot | Whether to enable manual usage of the rsnapshot command with this module.
|
| services.keepalived.snmp.enableKeepalived | Enable SNMP handling of vrrp element of KEEPALIVED MIB.
|
| networking.enableB43Firmware | Turn on this option if you want firmware for the NICs supported by the b43 module.
|
| services.bitwarden-directory-connector-cli.enable | Whether to enable Bitwarden Directory Connector.
|
| services.postfix.enableSubmissions | Whether to enable the submissions service configured in master.cf
|
| services.prometheus.exporters.exportarr-lidarr.enable | Whether to enable the prometheus exportarr-lidarr exporter.
|
| services.prometheus.exporters.exportarr-bazarr.enable | Whether to enable the prometheus exportarr-bazarr exporter.
|
| services.prometheus.exporters.exportarr-sonarr.enable | Whether to enable the prometheus exportarr-sonarr exporter.
|
| services.prometheus.exporters.exportarr-radarr.enable | Whether to enable the prometheus exportarr-radarr exporter.
|
| systemd.services.<name>.confinement.enable | If set, all the required runtime store paths for this service are
bind-mounted into a tmpfs-based
chroot(2).
|
| services.hadoop.yarn.resourcemanager.enable | Whether to enable Hadoop YARN ResourceManager.
|
| programs.dms-shell.enableClipboardPaste | Whether to install dependencies required for pasting directly from the clipboard history support
|
| services.icingaweb2.modules.translation.enable | Whether to enable the icingaweb2 translation module.
|
| services.fedimintd.<name>.nginx.config.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.privoxy.settings.enable-edit-actions | Whether the web-based actions file editor may be used.
|
| services.automysqlbackup.enable | Whether to enable AutoMySQLBackup.
|
| services.jellyfin.hardwareAcceleration.enable | Whether to enable hardware acceleration for video transcoding.
|
| services.lemmy.settings.captcha.enabled | Enable Captcha.
|
| services.teeworlds.server.enableSpamProtection | Whether to enable chat spam protection.
|
| virtualisation.lxd.enable | This option enables lxd, a daemon that manages
containers
|
| virtualisation.virtualbox.guest.enable | Whether to enable the VirtualBox service and other guest additions.
|
| services.kerberos_server.enable | Whether to enable the kerberos authentication server.
|
| services.wstunnel.servers.<name>.listen.enableHTTPS | Use HTTPS for the tunnel server.
|
| virtualisation.libvirtd.qemu.ovmf.enable | Allows libvirtd to take advantage of OVMF when creating new
QEMU VMs with UEFI boot.
|
| services.prometheus.alertmanagerIrcRelay.enable | Whether to enable Alertmanager IRC Relay.
|
| services.changedetection-io.enable | Whether to enable changedetection-io.
|
| services.discourse.mail.outgoing.enableStartTLSAuto | Whether to try to use StartTLS.
|
| virtualisation.virtualbox.host.enable | Whether to enable VirtualBox.
In order to pass USB devices from the host to the guests, the user
needs to be in the vboxusers group.
|
| services.firezone.headless-client.enableTelemetry | Whether to enable telemetry.
|
| services.prometheus.exporters.exportarr-readarr.enable | Whether to enable the prometheus exportarr-readarr exporter.
|
| virtualisation.podman.enable | This option enables Podman, a daemonless container engine for
developing, managing, and running OCI Containers on your Linux System
|
| services.desktopManager.gnome.flashback.enableMetacity | Whether to enable the standard GNOME Flashback session with Metacity.
|
| virtualisation.libvirtd.qemu.swtpm.enable | Allows libvirtd to use swtpm to create an emulated TPM.
|
| services.prometheus.alertmanagerGotify.enable | Whether to enable alertmagager-gotify.
|
| services.prometheus.exporters.artifactory.enable | Whether to enable the prometheus artifactory exporter.
|
| virtualisation.containerd.enable | Whether to enable containerd container runtime.
|
| programs.singularity.enableFakeroot | Whether to enable the --fakeroot support of Singularity/Apptainer
|
| virtualisation.vmware.host.enable | This enables VMware host virtualisation for running VMs.
vmware-vmx will cause kcompactd0 due to
Transparent Hugepages feature in kernel
|
| virtualisation.fileSystems.<name>.enable | Whether to enable the filesystem mount.
|
| services.geoclue2.enable3G | Whether to enable 3G source.
|
| networking.getaddrinfo.enable | Enables custom address sorting configuration for getaddrinfo(3) according to RFC 3484
|
| services.mullvad-vpn.enableExcludeWrapper | This option activates the wrapper that allows the use of mullvad-exclude
|
| virtualisation.podman.autoPrune.enable | Whether to periodically prune Podman resources
|
| virtualisation.docker.autoPrune.enable | Whether to periodically prune Docker resources
|
| services.librenms.enableOneMinutePolling | Enables the 1-Minute Polling
|
| fonts.enableGhostscriptFonts | Whether to add the fonts provided by Ghostscript (such as
various URW fonts and the “Base-14” Postscript fonts) to the
list of system fonts, making them available to X11
applications.
|
| services.archisteamfarm.web-ui.enable | Whether to start the web-ui
|
| services.opentelemetry-collector.enable | Whether to enable Opentelemetry Collector.
|
| services.prometheus.exporters.collectd.collectdBinary.enable | Whether to enable collectd binary protocol receiver.
|
| hardware.facter.detected.virtualisation.parallels.enable | Whether to enable Enable the Facter Virtualisation Parallels module.
|
| systemd.services.<name>.enableDefaultPath | Whether to append a minimal default PATH environment variable to the service, containing common system utilities.
|
| services.xserver.desktopManager.enlightenment.enable | Enable the Enlightenment desktop environment.
|
| virtualisation.docker.enable | This option enables docker, a daemon that manages
linux containers
|
| services.freeswitch.enableReload | Issue the reloadxml command to FreeSWITCH when configuration directory changes (instead of restart)
|
| services.prometheus.enableReload | Reload prometheus when configuration file changes (instead of restart)
|
| services.limesurvey.httpd.virtualHost.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.limesurvey.nginx.virtualHost.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| hardware.nvidia.enabled | True if NVIDIA support is enabled
|
| services.limesurvey.virtualHost.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.librenms.distributedPoller.enable | Configure this LibreNMS instance as a distributed poller
|
| virtualisation.xen.store.settings.enableMerge | Whether to enable transaction merge support.
|
| services.victoriametrics.enable | Whether to enable VictoriaMetrics in single-node mode
|
| services.kmonad.keyboards.<name>.enableHardening | Whether to enable systemd hardening.
If KMonad is used to execute shell commands, hardening may make some of them fail.
|
| virtualisation.libvirtd.nss.enable | This option enables the older libvirt NSS module
|
| services.prometheus.exporters.exportarr-prowlarr.enable | Whether to enable the prometheus exportarr-prowlarr exporter.
|
| services.kanidm.provision.systems.oauth2.<name>.enableLegacyCrypto | Enable legacy crypto on this client
|
| programs.dms-shell.enableAudioWavelength | Whether to install dependencies required for audio wavelength visualization
|
| systemd.services.<name>.enableStrictShellChecks | Enable running shellcheck on the generated scripts for this unit
|
| services.jellyfin.transcoding.enableToneMapping | Enable tone mapping when transcoding HDR content.
|
| networking.modemmanager.enable | Whether to use ModemManager to manage modem devices
|
| services.x2goserver.superenicer.enable | Enables the SupeReNicer code in x2gocleansessions, this will renice
suspended sessions to nice level 19 and renice them to level 0 if the
session becomes marked as running again
|
| services.xserver.desktopManager.xfce.enableScreensaver | Enable the XFCE screensaver.
|
| services.system76-scheduler.settings.cfsProfiles.enable | Tweak CFS latency parameters when going on/off battery
|
| environment.enableAllTerminfo | Whether to install all terminfo outputs
|
| networking.wireless.userControlled.enable | Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli
|
| services.datadog-agent.enableLiveProcessCollection | Whether to enable the live process collection agent.
|
| programs.opengamepadui.gamescopeSession.enable | Whether to enable GameScope Session.
|
| services.calibre-web.options.enableBookUploading | Allow books to be uploaded via Calibre-Web UI.
|
| services.misskey.reverseProxy.webserver.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.wordpress.sites.<name>.virtualHost.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.xserver.desktopManager.gnome.flashback.enableMetacity | Whether to enable the standard GNOME Flashback session with Metacity.
|
| swapDevices.*.randomEncryption.enable | Encrypt swap device with a random key
|
| security.pam.services.<name>.enableGnomeKeyring | If enabled, pam_gnome_keyring will attempt to automatically unlock the
user's default Gnome keyring upon login
|
| services.prometheus.exporters.modemmanager.enable | Whether to enable the prometheus modemmanager exporter.
|
| virtualisation.directBoot.enable | If enabled, the virtual machine will boot directly into the kernel instead of through a bootloader
|
| virtualisation.docker.enableNvidia | Deprecated, please use hardware.nvidia-container-toolkit.enable instead
|
| virtualisation.podman.enableNvidia | Deprecated, please use hardware.nvidia-container-toolkit.enable instead
|
| services.netdata.enableAnalyticsReporting | Enable reporting of anonymous usage statistics to Netdata Inc. via either
Google Analytics (in versions prior to 1.29.4), or Netdata Inc.'s
self-hosted PostHog (in versions 1.29.4 and later)
|
| services.wgautomesh.enablePersistence | Enable persistence of Wireguard peer info between restarts.
|
| services.klipper.firmwares.<name>.enableKlipperFlash | Whether to enable flashings scripts for firmware
|
| services.lighttpd.enableUpstreamMimeTypes | Whether to include the list of mime types bundled with lighttpd
(upstream)
|
| services.wg-access-server.settings.dns.enabled | Enable/disable the embedded DNS proxy server
|
| services.grafana_reporter.enable | Whether to enable grafana_reporter.
|
| programs.streamcontroller.enable | Whether to enable StreamController.
|
| programs.dms-shell.enableSystemMonitoring | Whether to install dependencies required for system monitoring widgets
|
| programs.television.enableZshIntegration | Whether to enable Zsh integration.
|
| services.clatd.enableNetworkManagerIntegration | Whether to enable NetworkManager integration.
|
| services.wgautomesh.enableGossipEncryption | Enable encryption of gossip traffic.
|
| services.libretranslate.enableApiKeys | Whether to enable the API keys database.
|
| virtualisation.docker.rootless.enable | This option enables docker in a rootless mode, a daemon that manages
linux containers
|
| virtualisation.containers.ociSeccompBpfHook.enable | Enable the OCI seccomp BPF hook
|
| services.uptime.enableSeparateMonitoringService | Whether to enable the uptime monitoring service.
|
| programs.television.enableBashIntegration | Whether to enable Bash integration.
|
| programs.television.enableFishIntegration | Whether to enable Fish integration.
|
| hardware.facter.detected.virtualisation.virtio_scsi.enable | Whether to enable Enable the Facter Virtualisation Virtio SCSI module.
|
| services.nextcloud.enableImagemagick | Whether to enable the ImageMagick module for PHP
|
| services.prometheus.alertmanagerWebhookLogger.enable | Whether to enable Alertmanager Webhook Logger.
|
| hardware.opentabletdriver.enable | Enable OpenTabletDriver udev rules, user service and blacklist kernel
modules known to conflict with OpenTabletDriver.
|
| networking.enableIntel2200BGFirmware | Turn on this option if you want firmware for the Intel
PRO/Wireless 2200BG to be loaded automatically
|
| virtualisation.libvirtd.enable | This option enables libvirtd, a daemon that manages
virtual machines
|
| virtualisation.xen.store.settings.perms.enableWatch | Whether to enable the watch permission system
|
| services.calibre-web.options.enableBookConversion | Configure path to the Calibre's ebook-convert in the DB.
|
| services.mattermost.telemetry.enableSecurityAlerts | True if we should enable security update checking
|
| virtualisation.podman.dockerSocket.enable | Make the Podman socket available in place of the Docker socket, so
Docker tools can find the Podman socket
|
| networking.networkmanager.enableStrongSwan | Enable the StrongSwan plugin
|
| programs.opengamepadui.inputplumber.enable | Whether to enable Run InputPlumber service for input management and gamepad configuration.
.
|
| programs.opengamepadui.powerstation.enable | Whether to enable Run PowerStation service for TDP control and performance settings.
.
|
| services.prosody.virtualHosts.<name>.enabled | Whether to enable the virtual host
|
| services.archisteamfarm.enable | If enabled, starts the ArchisSteamFarm service
|
| services.peering-manager.enableScheduledTasks | Set up scheduled tasks
|
| services.headscale.settings.oidc.pkce.enabled | Enable or disable PKCE (Proof Key for Code Exchange) support
|
| services.linkwarden.enableRegistration | Whether to enable registration for new users.
|
| services.snapserver.settings.tcp.enabled | Whether to enable the TCP JSON-RPC.
|
| services.pihole-ftl.lists.*.enabled | Whether this list is enabled
|
| services.crowdsec-firewall-bouncer.registerBouncer.enable | Whether to automatically register the bouncer to the locally running
crowdsec service
|
| services.watchdogd.settings.filenr.enabled | Whether to enable watchdogd plugin filenr.
|
| programs.tuxclocker.enabledNVIDIADevices | Enable NVIDIA GPU controls for a device by index
|
| virtualisation.containers.enable | This option enables the common /etc/containers configuration module.
|
| virtualisation.podman.networkSocket.enable | Make the Podman and Docker compatibility API available over the network
with TLS client certificate authentication
|
| services.desktopManager.gnome.flashback.customSessions.*.enableGnomePanel | Whether to enable the GNOME panel in this session.
|
| services.snapserver.settings.http.enabled | Whether to enable the HTTP JSON-RPC.
|
| virtualisation.virtualbox.host.enableKvm | Enable KVM support for VirtualBox
|
| programs.chromium.enablePlasmaBrowserIntegration | Whether to enable Native Messaging Host for Plasma Browser Integration.
|
| services.suricata.settings.unix-command.enabled | Enable unix-command socket.
|
| services.keepalived.enableScriptSecurity | Don't run scripts configured to be run as root if any part of the path is writable by a non-root user.
|
| services.system76-scheduler.settings.processScheduler.enable | Tweak scheduling of individual processes in real time.
|
| services.jellyfin.transcoding.enableIntelLowPowerEncoding | Enable low-power encoding mode for Intel Quick Sync Video
|
| services.desktopManager.plasma6.enableQt5Integration | Enable Qt 5 integration (theming, etc)
|
| services.prometheus.exporters.snmp.enableConfigCheck | Whether to run a correctness check for the configuration file
|
| security.pam.services.<name>.googleAuthenticator.enable | If set, users with enabled Google Authenticator (created
~/.google_authenticator) will be required
to provide Google Authenticator token to log in.
|
| services.kubernetes.apiserver.enableAdmissionPlugins | Kubernetes admission control plugins to enable
|
| services.jellyfin.transcoding.enableHardwareEncoding | Enable hardware encoding for video transcoding.
|
| services.watchdogd.settings.loadavg.enabled | Whether to enable watchdogd plugin loadavg.
|
| services.watchdogd.settings.meminfo.enabled | Whether to enable watchdogd plugin meminfo.
|
| services.xserver.desktopManager.gnome.flashback.customSessions.*.enableGnomePanel | Whether to enable the GNOME panel in this session.
|
| services.mattermost.telemetry.enableDiagnostics | True if we should enable sending diagnostic data
|
| networking.networkmanager.enable | Whether to use NetworkManager to obtain an IP address and other
configuration for all network interfaces that are not manually
configured
|
| services.xserver.windowManager.xmonad.enableConfiguredRecompile | Enable recompilation even if config is set to a
non-null value
|
| services.nextcloud.nginx.enableFastcgiRequestBuffering | Whether to buffer requests against fastcgi requests
|
| services.dendrite.settings.sync_api.search.enabled | Whether to enable Dendrite's full-text search engine.
|
| virtualisation.docker.enableOnBoot | When enabled dockerd is started on boot
|
| services.listmonk.database.settings.smtp.*.enabled | Whether to enable this SMTP server for listmonk.
|
| networking.wireless.enableHardening | Whether to apply security hardening measures to wpa_supplicant
|
| hardware.opentabletdriver.daemon.enable | Whether to start OpenTabletDriver daemon as a systemd user service.
|
| networking.supplicant.<name>.userControlled.enable | Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli
|
| services.strongswan.enabledPlugins | A list of additional plugins to enable if
managePlugins is true.
|
| services.sourcehut.settings."meta.sr.ht::billing".enabled | Whether to enable the billing system.
|
| services.glusterfs.enableGlustereventsd | Whether to enable the GlusterFS Events Daemon
|
| services.suricata.settings.outputs.*.<name>.enabled | Whether to enable .
|
| services.smartd.notifications.systembus-notify.enable | Whenever to send systembus-notify notifications
|
| virtualisation.libvirtd.nss.enableGuest | This option enables the newer libvirt_guest NSS module
|
| services.matrix-synapse.settings.presence.enabled | Whether to enable presence tracking
|
| services.veilid.settings.logging.api.enabled | Events of type 'api' will be logged.
|
| services.snapserver.settings.tcp-control.enabled | Whether to enable the TCP JSON-RPC.
|
| virtualisation.fileSystems.<name>.encrypted.enable | The block device is backed by an encrypted one, adds this device as a initrd luks entry.
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.enable | Boost Pipewire client priorities.
|
| services.bluemap.webserverSettings.enabled | Enable bluemap's built-in webserver
|
| services.autosuspend.checks.<name>.enabled | Whether to enable this activity check.
|
| services.prometheus.exporters.blackbox.enableConfigCheck | Whether to run a correctness check for the configuration file
|
| services.sabnzbd.settings.misc.enable_https | Whether to enable HTTPS for the web UI
|
| hardware.graphics.enable32Bit | On 64-bit systems, whether to also install 32-bit drivers for
32-bit applications (such as Wine).
|
| programs.singularity.enableExternalLocalStateDir | Whether to use top-level directories as LOCALSTATEDIR
instead of the store path ones
|
| virtualisation.spiceUSBRedirection.enable | Install the SPICE USB redirection helper with setuid
privileges
|
| services.grafana.settings.server.enable_gzip | Set this option to true to enable HTTP compression, this can improve transfer speed and bandwidth utilization
|
| services.veilid.settings.logging.system.enabled | Events of type 'system' will be logged.
|
| services.autosuspend.wakeups.<name>.enabled | Whether to enable this wake-up check.
|
| virtualisation.virtualbox.host.enableHardening | Enable hardened VirtualBox, which ensures that only the binaries in the
system path get access to the devices exposed by the kernel modules
instead of all users in the vboxusers group.
Disabling this can put your system's security at risk, as local users
in the vboxusers group can tamper with the VirtualBox device files.
|
| services.snapserver.settings.tcp-streaming.enabled | Whether to enable streaming via TCP.
|
| services.transmission.settings.utp-enabled | Whether to enable Micro Transport Protocol (µTP).
|
| services.matrix-synapse.enableRegistrationScript | Whether to install the register_new_matrix_user script, that
allows account creation on the terminal.
This script does not work when the client listener uses UNIX domain sockets
|
| services.matrix-synapse.settings.redis.enabled | Whether to use redis support
|
| hardware.enableRedistributableFirmware | Whether to enable firmware with a license allowing redistribution.
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.enable | Boost foreground process priorities.
(And de-boost background ones)
|
| services.dysnomia.enableAuthentication | Whether to publish privacy-sensitive authentication credentials
|
| services.suricata.enabledSources | List of sources that should be enabled
|
| services.immich.settings.newVersionCheck.enabled | Check for new versions
|
| services.earlyoom.enableNotifications | Send notifications about killed processes via the system d-bus
|
| services.kanidm.provision.systems.oauth2.<name>.enableLocalhostRedirects | Allow localhost redirects
|
| services.transmission.settings.watch-dir-enabled | Whether to enable the
services.transmission.settings.watch-dir.
|
| services.peertube-runner.enabledJobTypes | Job types that this runner will execute.
|
| virtualisation.virtualbox.host.enableWebService | Build VirtualBox web service tool (vboxwebsrv) to allow managing VMs via other webpage frontend tools
|
| services.veilid.settings.logging.terminal.enabled | Events of type 'terminal' will be logged.
|
| services.cloudflared.tunnels.<name>.warp-routing.enabled | Enable warp routing
|
| services.sabnzbd.settings.ntfosd.ntfosd_enable | Whether to enable NotifyOSD alerts
|
| services.prometheus.exporters.frr.enabledCollectors | Collectors to enable
|
| services.mihomo.tunMode | Whether to enable necessary permission for Mihomo's systemd service for TUN mode to function properly
|
| services.i2pd.ssu | Whether to enable ssu.
|
| services.prometheus.exporters.node.enabledCollectors | Collectors to enable
|
| users.users.<name>.linger | Whether to enable or disable lingering for this user
|
| services.prometheus.exporters.opnsense.enabledExporter | Collectors to enable or disable
|
| services.i2pd.nat | Whether to enable NAT bypass.
|
| services.akkoma.config.":pleroma".":media_proxy".enabled | Whether to enable proxying of remote media through the instance's proxy.
|
| services.authelia.instances.<name>.settings.telemetry.metrics.enabled | Enable Metrics.
|
| services.archisteamfarm.bots.<name>.enabled | Whether to enable the bot on startup.
|
| virtualisation.virtualbox.host.enableExtensionPack | Whether to install the Oracle Extension Pack for VirtualBox.
You must set nixpkgs.config.allowUnfree = true in
order to use this
|
| services.prometheus.exporters.chrony.enabledCollectors | Collectors to enable
|
| services.nixseparatedebuginfod.enable | Whether to enable separatedebuginfod, a debuginfod server providing source and debuginfo for nix packages.
|
| services.jellyfin.transcoding.enableSubtitleExtraction | Embedded subtitles can be extracted from videos and delivered to clients in plain text, in order to help prevent video transcoding
|
| services.i2pd.ntcp | Whether to enable ntcp.
|
| services.davis.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.slskd.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.movim.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.snipe-it.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.firefox-syncserver.settings.tokenserver.enabled | Whether to enable the token service as well.
|
| services.matrix-synapse.settings.enable_metrics | Enable collection and rendering of performance metrics
|
| programs.throne.tunMode.setuid | Whether to enable setting suid bit for throne-core to run as root, which is less
secure than default setcap method but closer to upstream assumptions
|
| users.extraUsers.<name>.linger | Whether to enable or disable lingering for this user
|
| services.akkoma.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.fluidd.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.gancio.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.monica.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.matomo.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.dependency-track.settings."alpine.ldap.enabled" | Defines if LDAP will be used for user authentication
|
| services.dependency-track.settings."alpine.oidc.enabled" | Defines if OpenID Connect will be used for user authentication
|
| programs.kde-pim.kmail | Whether to enable KMail.
|
| services.chrony.initstepslew.enabled | DEPRECATED
|
| services.i2pd.proto.http.auth | Whether to enable webconsole authentication.
|
| nix.sshServe.write | Whether to enable writing to the Nix store as a remote store via SSH
|
| services.croc.debug | Whether to enable debug logs.
|
| services.minidlna.settings.enable_tivo | Support for streaming .jpg and .mp3 files to a TiVo supporting HMO.
|
| services.fastnetmon-advanced.enableAdvancedTrafficPersistence | Store historical flow data in clickhouse
|
| programs.nekoray.tunMode.setuid | Whether to enable setting suid bit for nekobox_core to run as root, which is less
secure than default setcap method but closer to upstream assumptions
|
| services.tt-rss.plugins | List of plugins to load automatically for all users
|
| services.suricata.settings.app-layer.protocols.<name>.enabled | The option "enabled" takes 3 values - "yes", "no", "detection-only".
"yes" enables both detection and the parser, "no" disables both, and
"detection-only" enables protocol detection only (parser disabled).
|
| services.odoo.autoInit | Whether to enable automatically initialize the DB.
|
| services.nextcloud.settings."profile.enabled" | Makes user-profiles globally available under nextcloud.tld/u/user.name
|
| services.onlyoffice.wopi | Whether to enable Enable WOPI support.
|
| services.radicle.httpd.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.rutorrent.plugins | List of plugins to enable
|
| services.avahi.debug | Whether to enable debug logging.
|
| services.i2pd.logCLFTime | Whether to enable full CLF-formatted date and time to log.
|
| security.auditd.plugins.<name>.active | Whether to enable Whether to enable this plugin.
|
| services.minidlna.settings.enable_subtitles | Enable subtitle support on unknown clients.
|
| services.nixseparatedebuginfod2.enable | Whether to enable nixseparatedebuginfod2, a debuginfod server providing source and debuginfo for nix packages.
|
| programs.i3lock.u2fSupport | Whether to enable U2F support in the i3lock program
|
| services.veilid.settings.client_api.ipc_enabled | veilid-server will respond to Python and other JSON client requests.
|
| services.sftpgo.settings.httpd.bindings.*.enable_web_admin | Enable the built-in web admin for this interface binding.
|
| services.dolibarr.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.fediwall.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.agorakit.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.librenms.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.kanboard.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.pixelfed.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.mainsail.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.avahi.wideArea | Whether to enable wide-area service discovery.
|
| services.gollum.math | Enable support for math rendering using KaTeX
|
| services.arsenik.lt | Enable layer-taps.
|
| services.vwifi.client.spy | Whether to enable spy mode, useful for wireless monitors.
|
| services.geth.<name>.http.apis | APIs to enable over WebSocket
|
| services.nsd.bind8Stats | Whether to enable BIND8 like statistics.
|
| services.i2pd.trust.hidden | Whether to enable router concealment.
|
| services.arsenik.hrm | Enable homerow.
|
| programs.java.binfmt | Whether to enable binfmt to execute java jar's and classes.
|
| hardware.nvidia.open | Whether to enable the open source NVIDIA kernel module.
|
| containers.<name>.enableTun | Allows the container to create and setup tunnel interfaces
by granting the NET_ADMIN capability and
enabling access to /dev/net/tun.
|
| services.nsd.roundRobin | Whether to enable round robin rotation of records.
|
| services.k3s.selinux | Enable SELinux in containerd.
|
| console.earlySetup | Enable setting virtual console options as early as possible (in initrd).
|
| services.davis.nginx.quic | Whether to enable the QUIC transport protocol
|
| services.slskd.nginx.quic | Whether to enable the QUIC transport protocol
|
| services.movim.nginx.quic | Whether to enable the QUIC transport protocol
|
| services.nextcloud.settings.enabledPreviewProviders | The preview providers that should be explicitly enabled.
|
| services.zabbixWeb.nginx.virtualHost.http2 | Whether to enable the HTTP/2 protocol
|
| programs.neovim.withRuby | Enable Ruby provider.
|
| services.pfix-srsd.domain | The domain for which to enable srs
|
| services.gns3-server.log.debug | Whether to enable debug logging.
|
| services.wivrn.autoStart | Whether to enable starting the service by default.
|
| services.murmur.dbus | Enable D-Bus remote control
|
| services.hostapd.radios.<name>.networks.<name>.authentication.enableRecommendedPairwiseCiphers | Additionally enable the recommended set of pairwise ciphers
|
| services.rss-bridge.config.system.enabled_bridges | Only enabled bridges are available for feed production
|
| boot.loader.grub.forceInstall | Whether to try and forcibly install GRUB even if problems are
detected
|
| services.anuko-time-tracker.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.snipe-it.nginx.quic | Whether to enable the QUIC transport protocol
|
| services.cassandra.remoteJmx | Cassandra ships with JMX accessible only from localhost
|
| programs.kde-pim.kontact | Whether to enable Kontact.
|
| programs.neovim.withNodeJs | Enable Node provider.
|
| programs.kde-pim.merkuro | Whether to enable Merkuro.
|
| services.sftpgo.settings.httpd.bindings.*.enable_web_client | Enable the built-in web client for this interface binding.
|
| services.ncps.cache.lock.retry.jitter | Enable jitter in retry delays to prevent thundering herd.
|
| services.davis.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.slskd.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.movim.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.ebusd.mqtt.retain | Whether to enable set the retain flag on all topics instead of only selected global ones.
|
| services.hedgedoc.settings.useSSL | Enable to use SSL server.
|
| services.cyrus-imap.debug | Whether to enable debugging messages for the Cyrus master process.
|
| services.hockeypuck.settings | Configuration file for hockeypuck, here you can override
certain settings (loglevel and
openpgp.db.dsn) by just setting those values
|
| services.bookstack.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.davis.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.slskd.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.movim.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.snipe-it.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.ente.web.domains.api | The domain under which the api is served
|
| services.postfix.useSrs | Whether to enable sender rewriting scheme
|
| services.i2pd.reseed.verify | Whether to enable SU3 signature verification.
|
| users.users.<name>.shell | The path to the user's shell
|
| services.nezha-agent.debug | Whether to enable verbose log.
|
| services.davis.nginx.listen.*.ssl | Enable SSL.
|
| services.movim.nginx.listen.*.ssl | Enable SSL.
|
| services.slskd.nginx.listen.*.ssl | Enable SSL.
|
| services.davis.nginx.kTLS | Whether to enable kTLS support
|
| services.slskd.nginx.kTLS | Whether to enable kTLS support
|
| services.movim.nginx.kTLS | Whether to enable kTLS support
|
| services.snipe-it.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.akkoma.nginx.quic | Whether to enable the QUIC transport protocol
|
| services.fluidd.nginx.quic | Whether to enable the QUIC transport protocol
|
| services.gancio.nginx.quic | Whether to enable the QUIC transport protocol
|
| services.matomo.nginx.quic | Whether to enable the QUIC transport protocol
|
| services.monica.nginx.quic | Whether to enable the QUIC transport protocol
|
| services.murmur.logToFile | Whether to enable logging to a file instead of journald, which is stored in /var/log/murmur.
|
| services.snipe-it.nginx.listen.*.ssl | Enable SSL.
|
| services.snipe-it.nginx.kTLS | Whether to enable kTLS support
|
| services.sabnzbd.allowConfigWrite | By default we create the sabnzbd configuration read-only,
which keeps the nixos configuration as the single source
of truth
|
| services.jirafeau.nginxConfig.http2 | Whether to enable the HTTP/2 protocol
|
| services.picom.vSync | Enable vertical synchronization
|
| services.ncps.cache.allowPutVerb | Whether to enable Whether to allow the PUT verb to push narinfo and nar files directly
to the cache.
.
|
| programs.direnv.silent | Whether to enable the hiding of direnv logging
.
|
| security.polkit.debug | Whether to enable debug logs from polkit
|
| services.fluidd.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.akkoma.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.gancio.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.matomo.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.monica.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| programs.clash-verge.tunMode | Whether to enable Setcap for TUN Mode
|
| services.gollum.user-icons | Enable specific user icons for history view
|
| services.nginx.statusPage | Enable status page reachable from localhost on http://127.0.0.1/nginx_status.
|
| services.transmission.settings.script-torrent-done-enabled | Whether to run
services.transmission.settings.script-torrent-done-filename
at torrent completion.
|
| services.minio.browser | Enable or disable access to web UI.
|
| services.exim.package | The exim package to use
|
| services.fluidd.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.gancio.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.akkoma.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.matomo.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.monica.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.amule.openPeerPorts | Whether to enable open the peer port(s) in the firewall.
|
| services.kubernetes.roles | Kubernetes role that this machine should take
|
| services.k3s.role | Whether k3s should run as a server or agent
|
| services.omnom.settings.smtp.tls | Whether to enable Whether TLS encryption should be used..
|
| boot.growPartition | Whether to enable growing the root partition on boot.
|
| services.akkoma.nginx.listen.*.ssl | Enable SSL.
|
| services.fluidd.nginx.listen.*.ssl | Enable SSL.
|
| services.gancio.nginx.listen.*.ssl | Enable SSL.
|
| services.matomo.nginx.listen.*.ssl | Enable SSL.
|
| services.monica.nginx.listen.*.ssl | Enable SSL.
|
| services.nsd.zones.<name>.dnssec | Whether to enable DNSSEC.
|
| services.nghttpx.tls | TLS certificate and key paths
|
| services.transmission.settings.incomplete-dir-enabled | |
| services.fluidd.nginx.kTLS | Whether to enable kTLS support
|
| services.akkoma.nginx.kTLS | Whether to enable kTLS support
|
| services.gancio.nginx.kTLS | Whether to enable kTLS support
|
| services.monica.nginx.kTLS | Whether to enable kTLS support
|
| services.matomo.nginx.kTLS | Whether to enable kTLS support
|
| services.kmscon.hwRender | Whether to enable 3D hardware acceleration to render the console.
|
| services.nginx.virtualHosts.<name>.http2 | Whether to enable the HTTP/2 protocol
|
| programs.dms-shell.plugins | DMS Plugins to install and enable
|
| services.below.collect.ioStats | Whether to enable io.stat collection for cgroups.
|
| services.prometheus.exporters.rasdaemon.enabledCollectors | List of error types to collect from the event database.
|
| services.vsftpd.localUsers | Whether to enable FTP for local users.
|
| services.omnom.settings.app.debug | Whether to enable debug mode.
|
| services.hadoop.hbase.master.initHDFS | Whether to enable initialization of the hbase directory on HDFS.
|
| services.nitter.server.https | Set secure attribute on cookies
|
| services.stunnel.fipsMode | Enable FIPS 140-2 mode required for compliance.
|
| services.peertube.settings.video_transcription.enabled | Enable automatic transcription of videos.
|
| programs.clash-verge.autoStart | Whether to enable Clash Verge auto launch.
|
| services.opengfw.rules.*.log | Whether to enable logging for the rule.
|
| services.libeufin.bank.debug | Whether to enable debug logging.
|
| services.zeyple.rotateLogs | Whether to enable rotation of log files.
|
| services.mympd.settings.ssl | Whether to enable listening on the SSL port
|
| services.redis.vmOverCommit | Whether to enable set vm.overcommit_memory sysctl to 1
(Suggested for Background Saving: https://redis.io/docs/get-started/faq/)
.
|
| services.radicle.httpd.nginx.quic | Whether to enable the QUIC transport protocol
|
| services.xserver.cmt.models | Which models to enable cmt for
|
| programs.neovim.withPython3 | Enable Python 3 provider.
|
| services.below.collect.diskStats | Whether to enable dist_stat collection.
|
| services.ncps.analytics.reporting.samples | Whether to enable Enable printing the analytics samples to stdout
|
| services.below.collect.exitStats | Whether to enable eBPF-based exitstats.
|
| services.matrix-synapse.settings.enable_registration | Enable registration for new users.
|
| services.radicle.httpd.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.tuned.ppdSupport | Whether to enable translation of power-profiles-daemon API calls to TuneD.
|
| programs.direnv.loadInNixShell | Whether to enable loading direnv in nix-shell nix shell or nix develop
.
|
| services.rke2.selinux | Enable SELinux in containerd.
|
| services.radicle.httpd.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.libeufin.nexus.debug | Whether to enable debug logging.
|
| services.taler.merchant.debug | Whether to enable debug logging.
|
| services.taler.exchange.debug | Whether to enable debug logging.
|
| services.thermald.debug | Whether to enable debug logging.
|
| services.fedimintd.<name>.nginx.config.http2 | Whether to enable the HTTP/2 protocol
|
| services.davis.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.movim.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.slskd.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.netbox.unixSocket | Enable Unix Socket for the server to listen on.
listenAddress and port will be ignored.
|
| services.amule.openWebServerPort | Whether to enable open the web server port.
|
| services.i2pd.proto.http.strictHeaders | Enable strict host checking on WebUI.
|
| services.webdav-server-rs.debug | Enable debug mode.
|
| services.public-inbox.imap.port | Listening port
|
| services.public-inbox.nntp.port | Listening port
|
| users.extraUsers.<name>.shell | The path to the user's shell
|
| services.radicle.httpd.nginx.kTLS | Whether to enable kTLS support
|
| services.radicle.httpd.nginx.listen.*.ssl | Enable SSL.
|
| programs.vim.defaultEditor | Whether to enable vim as the default editor.
|
| services.tor.openFirewall | Whether to enable opening of the relay port(s) in the firewall.
|
| services.ncps.cache.allowDeleteVerb | Whether to enable Whether to allow the DELETE verb to delete narinfo and nar files from
the cache.
.
|
| services.pingvin-share.https | Whether to enable HTTPS for the domain.
|
| services.prosody.modules.bosh | Enable BOSH clients, aka 'Jabber over HTTP'
|
| services.caddy.acmeCA |
Sets the acme_ca option
in the global options block of the resulting Caddyfile.
The URL to the ACME CA's directory
|
| services.snipe-it.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.nezha-agent.settings.gpu | Enable GPU monitoring.
|
| services.hledger-web.serveApi | Whether to enable serving only the JSON web API, without the web UI.
|
| programs.weylus.users | To enable stylus and multi-touch support, the user you're going to use must be added to this list
|
| services.limesurvey.nginx.virtualHost.http2 | Whether to enable the HTTP/2 protocol
|
| services.nezha-agent.settings.tls | Enable SSL/TLS encryption.
|
| services.hylafax.modems | Description of installed modems
|
| services.outline.sentryDsn | Optionally enable Sentry to
track errors and performance.
|
| programs.niri.useNautilus | Whether to enable Nautilus as file-chooser for xdg-desktop-portal-gnome.
|
| services.journald.audit | If enabled systemd-journald will turn on auditing on start-up
|
| services.librenms.nginx.quic | Whether to enable the QUIC transport protocol
|
| services.kanboard.nginx.quic | Whether to enable the QUIC transport protocol
|
| services.fediwall.nginx.quic | Whether to enable the QUIC transport protocol
|
| services.dolibarr.nginx.quic | Whether to enable the QUIC transport protocol
|
| services.agorakit.nginx.quic | Whether to enable the QUIC transport protocol
|
| services.mainsail.nginx.quic | Whether to enable the QUIC transport protocol
|
| services.pixelfed.nginx.quic | Whether to enable the QUIC transport protocol
|
| services.pgadmin.emailServer.useTLS | Whether to enable TLS for connecting to the SMTP server.
|
| services.pgadmin.emailServer.useSSL | Whether to enable SSL for connecting to the SMTP server.
|
| services.misskey.reverseProxy.webserver.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.croc.openFirewall | Whether to enable opening of the peer port(s) in the firewall.
|
| services.murmur.bonjour | Whether to enable Bonjour auto-discovery, which allows clients over your LAN to automatically discover Mumble servers.
|
| services.openbao.settings.ui | Whether to enable the OpenBao web UI.
|
| services.prometheus.exporters.ecoflow.debug | Enable debug log messages
|
| services.nats.jetstream | Whether to enable JetStream.
|
| services.nipap.settings.nipapd.debug | Enable debug logging.
|
| services.consul.alerts.watchChecks | Whether to enable check watcher.
|
| services.consul.alerts.watchEvents | Whether to enable event watcher.
|
| services.bonsaid.extraFlags | Extra flags to pass to bonsaid, such as [ "-v" ] to enable verbose logging.
|
| services.openssh.allowSFTP | Whether to enable the SFTP subsystem in the SSH daemon
|
| services.zapret.udpSupport | Enable UDP routing
|
| services.jibri.ignoreCert | Whether to enable the flag "--ignore-certificate-errors" for the Chromium browser opened by Jibri
|
| services.gancio.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.fluidd.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.akkoma.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.matomo.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.monica.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.kanboard.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.librenms.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.dolibarr.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.agorakit.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.fediwall.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.mainsail.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.pixelfed.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.step-ca.openFirewall | Whether to enable opening the certificate authority server port.
|
| services.miniupnpd.upnp | Whether to enable UPNP support.
|
| services.tuned.settings.daemon | Whether to enable the use of a daemon for TuneD.
|
| services.kanata.package | The kanata package to use. ::: {.note}
If danger-enable-cmd is enabled in any of the keyboards, the
kanata-with-cmd package should be used.
:::
|
| services.cachix-agent.verbose | Enable verbose output
|
| services.icecream.daemon.user | User to run the icecream daemon as
|
| services.memos.openFirewall | Whether to enable opening the ports in the firewall.
|
| services.dolibarr.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.agorakit.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.fediwall.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.kanboard.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.librenms.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.mainsail.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.pixelfed.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| security.pam.services.<name>.zfs | Enable unlocking and mounting of encrypted ZFS home dataset at login.
|
| services.displayManager.gdm.debug | Whether to enable debugging messages in GDM.
|
| services.tayga.wkpfStrict | Enable restrictions on the use of the well-known prefix (64:ff9b::/96) - prevents translation of non-global IPv4 ranges when using the well-known prefix
|
| programs.clash-verge.serviceMode | Whether to enable Service Mode.
|
| services.gollum.allowUploads | Enable uploads of external files
|
| services.pds.settings.LOG_ENABLED | Enable logging
|
| services.kanboard.nginx.listen.*.ssl | Enable SSL.
|
| services.fediwall.nginx.listen.*.ssl | Enable SSL.
|
| services.freeciv.settings.auth | Whether to enable server authentication.
|
| services.dolibarr.nginx.listen.*.ssl | Enable SSL.
|
| services.librenms.nginx.listen.*.ssl | Enable SSL.
|
| services.agorakit.nginx.listen.*.ssl | Enable SSL.
|
| services.openssh.settings.UsePAM | Whether to enable PAM authentication.
|
| services.pixelfed.nginx.listen.*.ssl | Enable SSL.
|
| services.mainsail.nginx.listen.*.ssl | Enable SSL.
|
| services.samba.nsswins | Whether to enable WINS NSS (Name Service Switch) plug-in
|
| services.openafsClient.crypt | Whether to enable (weak) protocol encryption.
|
| services.nagios.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.moodle.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.radicle.ci.broker.checkConfig | Whether to enable checking the ci-broker.yaml file resulting from services.radicle.ci.broker.settings.
|
| services.zabbixWeb.nginx.virtualHost.quic | Whether to enable the QUIC transport protocol
|
| services.librenms.nginx.kTLS | Whether to enable kTLS support
|
| services.fediwall.nginx.kTLS | Whether to enable kTLS support
|
| services.dolibarr.nginx.kTLS | Whether to enable kTLS support
|
| services.agorakit.nginx.kTLS | Whether to enable kTLS support
|
| services.kanboard.nginx.kTLS | Whether to enable kTLS support
|
| services.mainsail.nginx.kTLS | Whether to enable kTLS support
|
| services.pixelfed.nginx.kTLS | Whether to enable kTLS support
|
| services.rqbit.openFirewall | Whether to enable opening of the HTTP and Peer ports in the firewall.
|
| services.samba.openFirewall | Whether to enable opening the default ports in the firewall for Samba.
|
| services.wivrn.highPriority | Whether to enable high priority capability for asynchronous reprojection.
|
| services.wivrn.openFirewall | Whether to enable the default ports in the firewall for the WiVRn server.
|
| services.nagios.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.moodle.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.prosody.modules.limits | Enable bandwidth limiting for XMPP connections
|
| services.deconz.allowSetSystemTime | Whether to enable setting the system time.
|
| services.anuko-time-tracker.nginx.quic | Whether to enable the QUIC transport protocol
|
| services.nginx.defaultListen.*.ssl | Enable SSL.
|
| services.mackerel-agent.runAsRoot | Whether to enable running as root.
|
| services.zabbixWeb.nginx.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.zabbixWeb.httpd.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.tomcat.logPerVirtualHost | Whether to enable logging per virtual host.
|
| services.wiki-js.settings.offline | Disable latest file updates and enable
sideloading.
|
| services.radicle.httpd.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| programs.appimage.binfmt | Whether to enable binfmt registration to run appimages via appimage-run seamlessly.
|
| services.zabbixWeb.nginx.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.zabbixWeb.httpd.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.tox-node.lanDiscovery | Enable local network discovery.
|
| services.misskey.reverseProxy.ssl | Whether to enable SSL for the reverse proxy
|
| services.nixops-dns.dnsmasq | Enable dnsmasq forwarding to nixops-dns
|
| services.radicle.checkConfig | Whether to enable checking the config.json file resulting from services.radicle.settings.
|
| services.portunus.ldap.tls | Whether to enable LDAPS protocol
|
| services.rabbitmq.plugins | The names of plugins to enable
|
| services.anuko-time-tracker.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.restic.server.appendOnly | Enable append only mode
|
| services.zabbixWeb.nginx.virtualHost.listen.*.ssl | Enable SSL.
|
| services.nagios.virtualHost.listen.*.ssl | Whether to enable SSL (https) support.
|
| services.moodle.virtualHost.listen.*.ssl | Whether to enable SSL (https) support.
|
| services.vwifi.server.openFirewall | Whether to enable opening the firewall for the TCP and spy ports.
|
| services.i2pd.ssu2.published | Whether to enable SSU2 publication.
|
| services.bookstack.nginx.quic | Whether to enable the QUIC transport protocol
|
| services.zabbixWeb.nginx.virtualHost.kTLS | Whether to enable kTLS support
|
| services.immich.database.createDB | Whether to enable the automatic creation of the database for immich..
|
| services.matomo.nginx | With this option, you can customize an nginx virtualHost which already has sensible defaults for Matomo
|
| services.anuko-time-tracker.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.deconz.openFirewall | Whether to enable opening up the service ports in the firewall.
|
| services.prosody.extraModules | Enable custom modules
|
| services.freeciv.settings.exit-on-end | Whether to enable exit instead of restarting when a game ends.
|
| services.anuko-time-tracker.nginx.listen.*.ssl | Enable SSL.
|
| services.desktopManager.gnome.debug | Whether to enable pkgs.gnome-session debug messages.
|
| services.radicle.node.openFirewall | Whether to enable opening the firewall for radicle-node.
|
| services.avahi.nssmdns4 | Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv4
|
| services.zabbixWeb.httpd.virtualHost.listen.*.ssl | Whether to enable SSL (https) support.
|
| services.monado.highPriority | Whether to enable high priority capability for monado-service.
|
| services.murmur.openFirewall | Whether to enable opening ports in the firewall for the Mumble server.
|
| services.nylon.<name>.logging | Enable logging, default is no logging.
|
| services.bookstack.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.redis.servers.<name>.syslog | Enable logging to the system logger.
|
| services.anuko-time-tracker.nginx.kTLS | Whether to enable kTLS support
|
| programs.sway.wrapperFeatures.gtk | Whether to enable the wrapGAppsHook wrapper to execute sway with required environment
variables for GTK applications.
|
| services.moodle.virtualHost.http2 | Whether to enable HTTP 2
|
| services.nagios.virtualHost.http2 | Whether to enable HTTP 2
|
| services.bookstack.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.deconz.allowRebootSystem | Whether to enable rebooting the system.
|
| services.samba-wsdd.discovery | Enable discovery operation mode.
|
| services.grafana.settings.analytics.reporting_enabled | When enabled Grafana will send anonymous usage statistics to stats.grafana.org
|
| services.meme-bingo-web.openFirewall | Whether to enable Opens the specified port in the firewall.
.
|
| services.collectd.autoLoadPlugin | Enable plugin autoloading.
|
| services.cachix-watch-store.verbose | Enable verbose output
|
| services.lifecycled.json | Enable JSON logging.
|
| services.bookstack.nginx.listen.*.ssl | Enable SSL.
|
| services.restic.server.privateRepos | Enable private repos
|
| services.zabbixWeb.httpd.virtualHost.http2 | Whether to enable HTTP 2
|
| services.i2pd.ntcp2.published | Whether to enable NTCP2 publication.
|
| services.miniupnpd.natpmp | Whether to enable NAT-PMP support.
|
| services.eris-server.backends | List of backend URLs
|
| services.doh-server.settings.verbose | Enable logging
|
| services.bookstack.nginx.kTLS | Whether to enable kTLS support
|
| services.jirafeau.nginxConfig.quic | Whether to enable the QUIC transport protocol
|
| services.xserver.displayManager.gdm.debug | Whether to enable debugging messages in GDM.
|
| services.mailhog.setSendmail | Whether to enable set the system sendmail to mailhogs's.
|
| services.freeciv.settings.Guests | Whether to enable guests to login if auth is enabled.
|
| security.pam.services.<name>.pamMount | Enable PAM mount (pam_mount) system to mount filesystems on user login.
|
| services.i2pd.proto.socksProxy.outproxyEnable | Whether to enable SOCKS outproxy.
|
| networking.dhcpcd.IPv6rs | Force enable or disable solicitation and receipt of IPv6 Router Advertisements
|
| services.geth.<name>.websocket.apis | APIs to enable over WebSocket
|
| services.davis.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.movim.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.slskd.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| networking.ucarp.preempt | Enable preemptive failover
|
| systemd.network.networks.<name>.DHCP | Whether to enable DHCP on the interfaces matched.
|
| services.amule.settings.WebServer.Enabled | Set to 1 to enable the web server
|
| boot.loader.systemd-boot.graceful | Invoke bootctl install with the --graceful option,
which ignores errors when EFI variables cannot be written or when the EFI System Partition
cannot be found
|
| services.openssh.settings.PrintMotd | Whether to enable printing /etc/motd when a user logs in interactively.
|
| services.snipe-it.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.pgadmin.openFirewall | Whether to enable firewall passthrough for pgadmin4.
|
| services.nsd.reuseport | Whether to enable SO_REUSEPORT on all used sockets
|
| services.jirafeau.nginxConfig.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| programs.mosh.withUtempter | Whether to enable libutempter for mosh
|
| programs.tmux.withUtempter | Whether to enable libutempter for tmux
|
| services.stash.mutablePlugins | Whether to enable Whether plugins/themes can be installed, updated, uninstalled manually..
|
| services.displayManager.dms-greeter.logs.save | Whether to enable saving logs from the DMS greeter to a file.
|
| programs.sway.wrapperFeatures.base | Whether to enable the base wrapper to execute extra session commands and prepend a
dbus-run-session to the sway command.
|
| services.agorakit.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.fediwall.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.kanboard.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.librenms.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.dolibarr.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.pixelfed.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.mainsail.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.xserver.desktopManager.mate.debug | Whether to enable mate-session debug messages.
|
| services.biboumi.openFirewall | Whether to enable opening of the identd port in the firewall.
|
| services.lifecycled.debug | Enable debugging information.
|
| services.jirafeau.nginxConfig.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.caddy.openFirewall | Whether to enable opening the specified http(s) ports in the firewall
|
| services.infinoted.plugins | Plugins to enable
|
| services.jirafeau.nginxConfig.listen.*.ssl | Enable SSL.
|
| services.freeciv.openFirewall | Whether to enable opening the firewall for the port listening for clients.
|
| services.vector.journaldAccess | Enable Vector to access journald.
|
| hardware.sane.extraBackends | Packages providing extra SANE backends to enable.
The example contains the package for HP scanners, and the package for
Apple AirScan and Microsoft WSD support (supports many
vendors/devices).
|
| services.syncplay.isolateRooms | Enable room isolation.
|
| services.openldap.package | The openldap package to use
|
| services.tomcat.purifyOnStart | On startup, the baseDir directory is populated with various files,
subdirectories and symlinks
|
| services.nginx.validateConfigFile | Whether to enable validating configuration with pkgs.writeNginxConfig.
|
| services.vsftpd.anonymousUser | Whether to enable the anonymous FTP user.
|
| services.jirafeau.nginxConfig.kTLS | Whether to enable kTLS support
|
| services.headscale.settings.derp.auto_update_enabled | Whether to automatically update DERP maps on a set frequency.
|
| services.zabbixWeb.nginx.virtualHost.http3 | Whether to enable the HTTP/3 protocol
|
| services.undervolt.verbose | Whether to enable verbose logging.
|
| hardware.nvidia.prime.allowExternalGpu | Whether to enable configuring X to allow external NVIDIA GPUs when using Prime [Reverse] sync optimus
.
|
| users.allowNoPasswordLogin | Disable checking that at least the root user or a user in the wheel group can log in using
a password or an SSH key
|
| boot.initrd.systemd.storePaths.*.dlopen.features | Features to enable via dlopen ELF notes
|
| services.gancio.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.akkoma.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.fluidd.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.matomo.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.monica.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.haste-server.openFirewall | Whether to enable firewall passthrough for haste-server.
|
| hardware.uni-sync.devices.*.sync_rgb | Enable ARGB header sync.
|
| programs.nano.syntaxHighlight | Whether to enable syntax highlight for various languages.
|
| services.davis.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.slskd.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.movim.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.drupal.sites.<name>.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.nginx.virtualHosts.<name>.quic | Whether to enable the QUIC transport protocol
|
| services.xserver.desktopManager.gnome.debug | Whether to enable pkgs.gnome-session debug messages.
|
| services.redmine.components.cvs | Whether to enable cvs integration..
|
| services.miniflux.config.WATCHDOG | Enable or disable Systemd watchdog.
|
| services.redmine.components.git | Whether to enable git integration..
|
| hardware.rasdaemon.testing | Whether to enable error injection infrastructure.
|
| services.icingaweb2.modulePackages | Name-package attrset of Icingaweb 2 modules packages to enable
|
| services.public-inbox.openFirewall | Whether to enable opening the firewall when using a port option.
|
| services.displayManager.sddm.autoNumlock | Enable numlock at login.
|
| services.bacula-sd.tls.require | Require TLS or TLS-PSK encryption
|
| services.bacula-fd.tls.require | Require TLS or TLS-PSK encryption
|
| services.lokinet.settings.network.exit | Whether to act as an exit node
|
| services.snipe-it.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.drupal.sites.<name>.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.znapzend.features.recvu | Whether to enable recvu feature which uses -u on the receiving end to keep the destination
filesystem unmounted
.
|
| services.grafana.settings.database.wal | For sqlite3 only
|
| programs.bash.undistractMe.playSound | Whether to enable notification sounds when long-running terminal commands complete.
|
| hardware.nvidia.nvidiaSettings | Whether to enable nvidia-settings, NVIDIA's GUI configuration tool
.
|
| services.devpi-server.openFirewall | Whether to enable opening the default ports in the firewall for Devpi Server.
|
| programs.fzf.fuzzyCompletion | Whether to enable fuzzy completion with fzf.
|
| services.searx.redisCreateLocally | Configure a local Redis server for SearXNG
|
| services.thanos.query.query.partial-response | Enable partial response for queries if no
partial_response param is specified.
|
| services.lasuite-meet.redis.createLocally | Whether to enable Configure local Redis cache server for meet.
|
| services.bacula-dir.tls.require | Require TLS or TLS-PSK encryption
|
| services.smokeping.webService | Enable a smokeping web interface
|
| services.thanos.rule.web.prefix-header | Name of HTTP request header used for dynamic prefixing of UI links and
redirects
|
| services.grafana.settings.users.verify_email_enabled | Require email validation before sign up completes.
|
| services.lemmy.database.createLocally | Whether to enable creation of database on the instance.
|
| services.wivrn.steam.importOXRRuntimes | Whether to enable Sets PRESSURE_VESSEL_IMPORT_OPENXR_1_RUNTIMES system-wide to allow Steam to automatically discover the WiVRn server
|
| services.nextcloud.caching.redis | Whether to load the Redis module into PHP
|
| services.httpd.virtualHosts.<name>.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.nginx.virtualHosts.<name>.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| boot.initrd.luks.devices.<name>.fido2.passwordLess | Defines whatever to use an empty string as a default salt
|
| services.anuko-time-tracker.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.sickbeard.package | The sickbeard package to use
|
| services.uptime-kuma.appriseSupport | Whether to enable apprise support for notifications.
|
| services.radicle.httpd.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.vector.validateConfig | Enable the checking of the vector config during build time
|
| programs.fzf.keybindings | Whether to enable fzf keybindings.
|
| services.bluesky-pds.settings.LOG_ENABLED | Enable logging
|
| services.kubo.localDiscovery | Whether to enable local discovery for the Kubo daemon
|
| services.httpd.virtualHosts.<name>.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.nginx.virtualHosts.<name>.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.roundcube.plugins | List of roundcube plugins to enable
|
| services.stash.mutableScrapers | Whether to enable Whether scrapers can be installed, updated, uninstalled manually..
|
| programs.mepo.locationBackends.gpsd | Whether to enable location detection via gpsd
|
| services.nginx.virtualHosts.<name>.listen.*.ssl | Enable SSL.
|
| services.drupal.sites.<name>.virtualHost.listen.*.ssl | Whether to enable SSL (https) support.
|
| hardware.facter.detected.uefi.supported | Whether to enable the facter uefi module.
|
| services.redis.servers.<name>.appendOnly | By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.
|
| services.undervolt.useTimer | Whether to set a timer that applies the undervolt settings every 30s
|
| programs.goldwarden.useSshAgent | Whether to enable Goldwarden's SSH Agent.
|
| programs.skim.fuzzyCompletion | Whether to enable fuzzy completion with skim.
|
| services.akkoma.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.gancio.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.fluidd.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.matomo.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.monica.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.mediawiki.httpd.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.restic.server.prometheus | Enable Prometheus metrics at /metrics.
|
| services.netdata.python.extraPackages | Extra python packages available at runtime
to enable additional python plugins.
|
| services.pixelfed.redis.createLocally | Whether to enable a local Redis database using UNIX socket authentication.
|
| services.bookstack.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.mediamtx.allowVideoAccess | Whether to enable access to video devices like cameras on the system
.
|
| services.mediawiki.httpd.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.thanos.query.web.prefix-header | Name of HTTP request header used for dynamic prefixing of UI links and
redirects
|
| programs.envision.openFirewall | Whether to enable the default ports in the firewall for the WiVRn server.
|
| services.scrutiny.openFirewall | Whether to enable opening the default ports in the firewall for Scrutiny.
|
| services.murmur.clientCertRequired | Whether to enable requiring clients to authenticate via certificates.
|
| services.nginx.virtualHosts.<name>.kTLS | Whether to enable kTLS support
|
| programs.skim.keybindings | Whether to enable skim keybindings.
|
| services.deluge.extraPackages | Extra packages available at runtime to enable Deluge's plugins
|
| services.pipewire.alsa.support32Bit | Whether to enable 32-bit ALSA support on 64-bit systems.
|
| services.httpd.virtualHosts.<name>.listen.*.ssl | Whether to enable SSL (https) support.
|
| services.prosody.modules.websocket | Enable WebSocket support
|
| services.freeradius.debug | Whether to enable debug logging for freeradius (-xx
option)
|
| services.freeciv.settings.Database | Enable database connection with given configuration.
|
| services.drupal.sites.<name>.virtualHost.http2 | Whether to enable HTTP 2
|
| services.deconz.allowRestartService | Whether to enable killing/restarting processes.
|
| services.gpsd.readonly | Whether to enable the broken-device-safety, otherwise
known as read-only mode
|
| services.matrix-synapse.settings.url_preview_enabled | Is the preview URL API enabled? If enabled, you must specify an
explicit url_preview_ip_range_blacklist of IPs that the spider is
denied from accessing.
|
| services.mediatomb.ps3Support | Whether to enable ps3 specific tweaks
|
| services.bluemap.coreSettings.metrics | Whether to enable Sending usage metrics containing the version of bluemap in use.
|
| systemd.user.paths.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.user.units.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.minidlna.openFirewall | Whether to enable opening HTTP (TCP) and SSDP (UDP) ports in the firewall.
|
| services.mattermost.socket.export | Whether to enable Export socket control to system environment variables.
|
| services.radicle.httpd.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.mediawiki.httpd.virtualHost.listen.*.ssl | Whether to enable SSL (https) support.
|
| services.freeciv.settings.Newusers | Whether to enable new users to login if auth is enabled.
|
| services.oncall.database.createLocally | Whether to enable Create the database and database user locally..
|
| services.xserver.synaptics.palmDetect | Whether to enable palm detection (hardware support required)
|
| services.avahi.nssmdns6 | Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv6
|
| services.fedimintd.<name>.nginx.config.quic | Whether to enable the QUIC transport protocol
|
| services.desktopManager.pantheon.debug | Whether to enable gnome-session debug messages.
|
| services.mediatomb.dsmSupport | Whether to enable D-Link DSM 320 specific tweaks
|
| services.minidlna.settings.inotify | Whether to enable inotify monitoring to automatically discover new files.
|
| hardware.uni-sync.devices.*.channels.*.mode | "PWM" to enable PWM sync. "Manual" to set speed.
|
| programs.ssh.forwardX11 | Whether to request X11 forwarding on outgoing connections by default
|
| services.cloudflare-dyndns.ipv4 | Whether to enable setting IPv4 A records.
|
| services.xserver.synaptics.tapButtons | Whether to enable tap buttons.
|
| services.wakapi.database.createLocally | Whether to enable automatic database configuration.
Only PostgreSQL is supported for the time being.
.
|
| services.crowdsec.localConfig.profiles | A list of profiles to enable
|
| services.lasuite-meet.livekit.openFirewall | Whether to enable Open firewall ports for livekit.
|
| services.jirafeau.nginxConfig.http3 | Whether to enable the HTTP/3 protocol
|
| services.monado.defaultRuntime | Whether to enable Monado as the default OpenXR runtime on the system
|
| services.cloudflare-dyndns.ipv6 | Whether to enable setting IPv6 AAAA records.
|
| services.mediatomb.tg100Support | Whether to enable Telegent TG100 specific tweaks.
|
| services.broadcast-box.web.openFirewall | Whether to enable opening the HTTP server port and, if enabled, the HTTPS redirect server
port in the firewall.
.
|
| services.mediawiki.httpd.virtualHost.http2 | Whether to enable HTTP 2
|
| services.fedimintd.<name>.nginx.config.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.httpd.virtualHosts.<name>.http2 | Whether to enable HTTP 2
|
| services.redmine.components.breezy | Whether to enable bazaar integration..
|
| services.tabby.usageCollection | Enable sending anonymous usage data
|
| hardware.trackpoint.ext_dev | Disable or enable external pointing device.
|
| services.openssh.generateHostKeys | Whether to generate SSH host keys
|
| services.glitchtip.redis.createLocally | Whether to enable and configure a local Redis instance.
|
| services.kanidm.unix.sshIntegration | Whether to enable Kanidm SSH keys login.
|
| services.wivrn.defaultRuntime | Whether to enable WiVRn as the default OpenXR runtime on the system
|
| boot.zfs.useKeyringForCredentials | Whether to enable Uses the kernel keyring for encryption credentials with keyname=zfs-.
|
| hardware.keyboard.qmk.keychronSupport | Whether to enable udev rules for keychron QMK based keyboards.
|
| services.limesurvey.nginx.virtualHost.quic | Whether to enable the QUIC transport protocol
|
| networking.bridges.<name>.rstp | Whether the bridge interface should enable rstp.
|
| services.fedimintd.<name>.nginx.config.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.amule.openExternalConnectPort | Whether to enable open the external connect port.
|
| services.pangolin.openFirewall | Whether to enable opening TCP ports 80 and 443, and UDP port 51820 in the firewall for the Pangolin service(s).
|
| services.nghttpx.frontends.*.params.tls | Enable or disable TLS
|
| services.fedimintd.<name>.nginx.config.listen.*.ssl | Enable SSL.
|
| programs.mepo.locationBackends.geoclue | Whether to enable location detection via geoclue
|
| services.xserver.synaptics.vertEdgeScroll | Whether to enable vertical edge drag-scrolling.
|
| services.matomo.periodicArchiveProcessing | Enable periodic archive processing, which generates aggregated reports from the visits
|
| boot.initrd.systemd.contents.<name>.dlopen.features | Features to enable via dlopen ELF notes
|
| services.movim.minifyStaticFiles | Do minification on public static files which reduces the size of
assets — saving data for the server & users as well as offering a
performance improvement
|
| services.kanboard.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.librenms.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.dolibarr.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.fediwall.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.agorakit.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.pixelfed.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.mainsail.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.limesurvey.nginx.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.limesurvey.httpd.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.stash.settings.notifications_enabled | If we should send notifications to the desktop
|
| services.nylon.<name>.verbosity | Enable verbose output, default is to not be verbose.
|
| services.pulseaudio.tcp.openFirewall | Whether to enable Open firewall for the specified port.
|
| services.fedimintd.<name>.nginx.config.kTLS | Whether to enable kTLS support
|
| services.wstunnel.clients.<name>.autoStart | Whether to enable starting this wstunnel instance automatically.
|
| services.wstunnel.servers.<name>.autoStart | Whether to enable starting this wstunnel instance automatically.
|
| services.cron.systemCronJobs | A list of Cron jobs to be appended to the system-wide
crontab
|
| services.misskey.reverseProxy.webserver.nginx.quic | Whether to enable the QUIC transport protocol
|
| systemd.user.timers.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.user.slices.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| programs.zsh.vteIntegration | Whether to enable Zsh integration for VTE terminals
|
| fonts.fontconfig.hinting.autohint | Enable the autohinter in place of the default interpreter
|
| services.zabbixWeb.nginx.virtualHost.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.sourcehut.settings."builds.sr.ht".allow-free | Whether to enable nonpaying users to submit builds.
|
| services.limesurvey.nginx.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.limesurvey.httpd.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.zipline.database.createLocally | Whether to enable and configure a local PostgreSQL database server.
|
| boot.loader.grub.memtest86.params | Parameters added to the Memtest86+ command line
|
| services.matrix-conduit.secretFile | Path to a file containing sensitive environment as described in {manpage}`systemd.exec(5)
|
| services.sourcehut.settings."lists.sr.ht".allow-new-lists | Whether to enable creation of new lists.
|
| services.xserver.displayManager.lightdm.greeters.enso.blur | Whether or not to enable blur
|
| services.wstunnel.clients.<name>.addNetBind | Whether to enable Whether add CAP_NET_BIND_SERVICE to the tunnel service, this should be enabled if you want to bind port < 1024.
|
| services.wstunnel.clients.<name>.soMark | Mark network packets with the SO_MARK sockoption with the specified value
|
| services.limesurvey.nginx.virtualHost.listen.*.ssl | Enable SSL.
|
| services.misskey.reverseProxy.webserver.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.libeufin.bank.createLocalDatabase | Whether to enable automatic creation of a local postgres database.
|
| services.blendfarm.openFirewall | Whether to enable allowing blendfarm network access through the firewall.
|
| programs.firefox.nativeMessagingHosts.fxCast | Whether to enable fx_cast support.
|
| services.limesurvey.nginx.virtualHost.kTLS | Whether to enable kTLS support
|
| services.glusterfs.useRpcbind | Enable use of rpcbind
|
| services.xserver.synaptics.horizEdgeScroll | Whether to enable horizontal edge drag-scrolling.
|
| services.xserver.desktopManager.pantheon.debug | Whether to enable gnome-session debug messages.
|
| services.misskey.reverseProxy.webserver.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.openbao.settings.listener.<name>.type | The listener type to enable.
|
| programs.localsend.openFirewall | Whether to enable opening the firewall port 53317 for receiving files.
|
| services.nghttpx.frontends.*.params.api | Enable API access for this frontend
|
| services.neard.settings.General.ConstantPoll | Enable constant polling
|
| services.limesurvey.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| programs.bash.vteIntegration | Whether to enable Bash integration for VTE terminals
|
| services.limesurvey.httpd.virtualHost.listen.*.ssl | Whether to enable SSL (https) support.
|
| services.crowdsec.autoUpdateService | Whether to enable if true cscli hub update will be executed daily
|
| services.misskey.reverseProxy.webserver.nginx.listen.*.ssl | Enable SSL.
|
| programs.proxychains.quietMode | Whether to enable Quiet mode (no output from the library).
|
| services.hostapd.radios.<name>.channel | The channel to operate on
|
| services.misskey.reverseProxy.webserver.nginx.kTLS | Whether to enable kTLS support
|
| services.librenms.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.kanboard.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.agorakit.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.dolibarr.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.fediwall.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.mainsail.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.pixelfed.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.limesurvey.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| fonts.fontconfig.antialias | Enable font antialiasing
|
| services.pulseaudio.package | The PulseAudio derivation to use
|
| services.prometheus.exporters.dmarc.debug | Whether to declare enable --debug.
|
| services.corteza.settings.HTTP_WEBAPP_ENABLED | Whether to enable webapps.
|
| services.plausible.database.postgres.setup | Whether to enable creating a postgresql instance.
|
| services.zabbixWeb.nginx.virtualHost.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.libeufin.nexus.createLocalDatabase | Whether to enable automatic creation of a local postgres database.
|
| services.anuko-time-tracker.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.nginx.virtualHosts.<name>.http3 | Whether to enable the HTTP/3 protocol
|
| services.limesurvey.httpd.virtualHost.http2 | Whether to enable HTTP 2
|
| services.easytier.allowSystemForward | Whether to enable Allow the system to forward packets from easytier
|
| services.squeezelite.pulseAudio | Whether to enable pulseaudio support.
|
| services.outline.googleAnalyticsId | Optionally enable Google Analytics to track page views in the knowledge
base.
|
| services.limesurvey.virtualHost.listen.*.ssl | Whether to enable SSL (https) support.
|
| services.znapzend.features.oracleMode | Whether to enable destroying snapshots one by one instead of using one long argument list
|
| hardware.usbStorage.manageShutdown | Enable this option to gracefully spin-down external storage during shutdown
|
| services.xserver.synaptics.twoFingerScroll | Whether to enable two-finger drag-scrolling
|
| services.znapzend.features.sendRaw | Whether to enable sendRaw feature which adds the options -w to the
zfs send command
|
| security.pam.services.<name>.kwallet.forceRun | The force_run option is used to tell the PAM module for KWallet
to forcefully run even if no graphical session (such as a GUI
display manager) is detected
|
| services.frigate.vaapiDriver | Force usage of a particular VA-API driver for video acceleration
|
| services.grafana-image-renderer.verbose | Whether to enable verbosity for the service.
|
| services.mchprs.settings.bungeecord | Enable compatibility with
BungeeCord
|
| networking.useNetworkd | Whether we should use networkd as the network configuration backend or
the legacy script based system
|
| networking.nftables.flushRuleset | Whether to enable flushing the entire ruleset on each reload.
|
| services.cadvisor.storageDriverSecure | Cadvisor storage driver, enable secure communication.
|
| hardware.trackpoint.emulateWheel | Enable scrolling while holding the middle mouse button.
|
| systemd.user.targets.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.user.sockets.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.wordpress.sites.<name>.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.bookstack.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.xserver.windowManager.fvwm2.gestures | Whether or not to enable libstroke for gesture support
|
| services.dovecot2.createMailUser | Whether to enable automatically creating the user
given in services.dovecot.user and the group
given in services.dovecot.group.
|
| services.nextcloud.extraAppsEnable | Automatically enable the apps in services.nextcloud.extraApps every time Nextcloud starts
|
| services.pixelfed.database.createLocally | Whether to enable a local database using UNIX socket authentication.
|
| services.disnix.useWebServiceInterface | Whether to enable the DisnixWebService interface running on Apache Tomcat.
|
| services.wordpress.sites.<name>.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.broadcast-box.openFirewall | Whether to enable opening WebRTC traffic ports in the firewall
|
| programs.firefox.nativeMessagingHosts.passff | Whether to enable PassFF support.
|
| programs.firefox.nativeMessagingHosts.jabref | Whether to enable JabRef support.
|
| programs.firefox.nativeMessagingHosts.ff2mpv | Whether to enable ff2mpv support.
|
| services.plantuml-server.plantumlStats | Set it to on to enable statistics report (https://plantuml.com/statistics-report).
|
| services.wyoming.piper.servers.<name>.streaming | Whether to enable audio streaming on sentence boundaries.
|
| services.anuko-time-tracker.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.limesurvey.virtualHost.http2 | Whether to enable HTTP 2
|
| services.libeufin.bank.initialAccounts | Accounts to enable before the bank service starts
|
| hardware.openrazer.verboseLogging | Whether to enable verbose logging
|
| services.prometheus.exporters.varnish.raw | Enable raw stdout logging without timestamps.
|
| services.xserver.synaptics.vertTwoFingerScroll | Whether to enable vertical two-finger drag-scrolling.
|
| services.bluesky-pds.settings.PDS_RATE_LIMITS_ENABLED | Enable rate limiting
|
| services.nginx.defaultListen.*.proxyProtocol | Enable PROXY protocol.
|
| services.dovecot2.showPAMFailure | Whether to enable showing the PAM failure message on authentication error (useful for OTPW).
|
| services.fedimintd.<name>.nginx.config.http3 | Whether to enable the HTTP/3 protocol
|
| services.nextcloud.webfinger | Enable this option if you plan on using the webfinger plugin
|
| services.zookeeper.purgeInterval | The time interval in hours for which the purge task has to be triggered
|
| services.sourcehut.settings."meta.sr.ht".welcome-emails | Whether to enable sending stock sourcehut welcome emails after signup.
|
| services.wordpress.sites.<name>.virtualHost.listen.*.ssl | Whether to enable SSL (https) support.
|
| networking.rxe.interfaces | Enable RDMA on the listed interfaces
|
| boot.loader.systemd-boot.rebootForBitlocker | Enable EXPERIMENTAL BitLocker support
|
| services.alloy.configPath | Alloy configuration file/directory path
|
| services.limesurvey.nginx.virtualHost.http3 | Whether to enable the HTTP/3 protocol
|
| services.arsenik.tap_timeout | The key must be pressed twice in XX ms to enable repetitions.
|
| services.bookstack.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.misskey.reverseProxy.webserver.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.jirafeau.nginxConfig.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| systemd.shutdownRamfs.storePaths.*.dlopen.features | Features to enable via dlopen ELF notes
|
| services.prometheus.exporters.unpoller.log.quiet | Whether to enable startup and error logs only.
|
| services.postgresql.systemCallFilter | Configures the syscall filter for postgresql.service
|
| services.sourcehut.settings."hg.sr.ht".migrate-on-upgrade | Whether to enable automatic migrations on package upgrade.
|
| services.xserver.synaptics.horizTwoFingerScroll | Whether to enable horizontal two-finger drag-scrolling.
|
| security.apparmor.killUnconfinedConfinables | Whether to enable killing of processes which have an AppArmor profile enabled
(in security.apparmor.policies)
but are not confined (because AppArmor can only confine new processes)
|
| services.prometheus.exporters.ipmi.webConfigFile | Path to configuration file that can enable TLS or authentication.
|
| services.sourcehut.settings."git.sr.ht".migrate-on-upgrade | Whether to enable automatic migrations on package upgrade.
|
| services.sourcehut.settings."man.sr.ht".migrate-on-upgrade | Whether to enable automatic migrations on package upgrade.
|
| services.sourcehut.settings."hub.sr.ht".migrate-on-upgrade | Whether to enable automatic migrations on package upgrade.
|
| services.firewalld.zones.<name>.forward | Whether to enable intra-zone forwarding
|
| services.grafana.settings.analytics.feedback_links_enabled | Set to false to remove all feedback links from the UI.
|
| services.znapzend.features.zfsGetType | Whether to enable using zfsGetType if your zfs get supports a
-t argument for filtering by dataset type at all AND
lists properties for snapshots by default when recursing, so that there
is too much data to process while searching for backup plans
|
| services.xserver.displayManager.xpra.pulseaudio | Whether to enable pulseaudio audio streaming.
|
| services.wordpress.sites.<name>.virtualHost.http2 | Whether to enable HTTP 2
|
| services.prometheus.exporters.mqtt.keepFullTopic | Whether to enable Keep entire topic instead of the first two elements only
|
| services.nextcloud.caching.memcached | Whether to load the Memcached module into PHP
|
| systemd.mounts.*.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.paths.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.units.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.upower.allowRiskyCriticalPowerAction | Enable the risky critical power actions "Suspend" and "Ignore".
|
| services.thanos.query.query.auto-downsampling | Enable automatic adjustment (step / 5) to what source of data should
be used in store gateways if no
max_source_resolution param is specified.
|
| programs.firefox.nativeMessagingHosts.euwebid | Whether to enable Web eID support.
|
| networking.firewall.filterForward | Enable filtering in IP forwarding
|
| services.transmission.openRPCPort | Whether to enable opening of the RPC port in the firewall.
|
| services.glitchtip.database.createLocally | Whether to enable and configure a local PostgreSQL database server.
|
| services.munin-node.disabledPlugins | Munin plugins to disable, even if
munin-node-configure --suggest tries to enable
them
|
| programs.tsmClient.servers.<name>.genPasswd | Whether to enable automatic client password generation
|
| services.sourcehut.settings."meta.sr.ht".migrate-on-upgrade | Whether to enable automatic migrations on package upgrade.
|
| services.sourcehut.settings."todo.sr.ht".migrate-on-upgrade | Whether to enable automatic migrations on package upgrade.
|
| systemd.user.services.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.jirafeau.nginxConfig.listen.*.proxyProtocol | Enable PROXY protocol.
|
| documentation.man.mandoc.settings.output.toc | Whether to enable printing a table of contents near the beginning of the HTML output
of mandoc(1) if an input file contains at least two
non-standard sections
.
|
| services.rke2.cisHardening | Enable CIS Hardening for RKE2
|
| services.cloudflare-warp.openFirewall | Whether to enable opening UDP ports in the firewall.
|
| services.prometheus.exporters.unpoller.log.debug | Whether to enable debug logging including line numbers, high resolution timestamps, per-device logs.
|
| services.chhoto-url.settings.public_mode | Whether to enable public mode.
|
| services.nitter.preferences.mp4Playback | Enable MP4 video playback.
|
| virtualisation.xen.trace | Whether to enable Xen debug tracing and logging for Domain 0.
|
| services.vsftpd.portPromiscuous | Set to YES if you want to disable the PORT security check that ensures that
outgoing data connections can only connect to the client
|
| services.nezha-agent.settings.temperature | Enable temperature monitoring.
|
| services.parsedmarc.provision.geoIp | Whether to enable and configure the geoipupdate
service to automatically fetch GeoIP databases
|
| services.hedgedoc.settings.allowGravatar | Whether to enable Libravatar as
profile picture source on your instance
|
| services.tailscale.derper.configureNginx | Whether to enable nginx reverse proxy for derper
|
| services.languagetool.public | Whether to enable access from anywhere (rather than just localhost).
|
| services.factorio.nonBlockingSaving | Highly experimental feature, enable only at your own risk of losing your saves
|
| services.teeworlds.game.tournamentMode | Whether to enable tournament mode
|
| boot.modprobeConfig.useUbuntuModuleBlacklist | Whether to enable Ubuntu distro's module blacklist.
|
| programs.proxychains.localnet | By default enable localnet for loopback address ranges.
|
| services.reposilite.settings.debugEnabled | Whether to enable debug mode.
|
| services.redmine.components.mercurial | Whether to enable Mercurial integration..
|
| services.waagent.settings.AutoUpdate.UpdateToLatestVersion | Whether or not to enable auto-update of the Extension Handler.
|
| services.nitter.preferences.hlsPlayback | Enable HLS video streaming (requires JavaScript).
|
| services.suricata.settings.logging.default-log-level | The default log level: can be overridden in an output section
|
| services.munin-node.extraAutoPlugins | Additional Munin plugins to autoconfigure, using
munin-node-configure --suggest
|
| services.sourcehut.settings."pages.sr.ht".migrate-on-upgrade | Whether to enable automatic migrations on package upgrade.
|
| services.sourcehut.settings."lists.sr.ht".migrate-on-upgrade | Whether to enable automatic migrations on package upgrade.
|
| services.sourcehut.settings."paste.sr.ht".migrate-on-upgrade | Whether to enable automatic migrations on package upgrade.
|
| services.pulseaudio.tcp.anonymousClients.allowAll | Whether to enable all anonymous clients to stream to the server.
|
| services.prometheus.exporters.bird.newMetricFormat | Enable the new more-generic metric format.
|
| services.xserver.desktopManager.plasma5.useQtScaling | Enable HiDPI scaling in Qt.
|
| services.prometheus.exporters.mqtt.logMqttMessage | Whether to enable Log MQTT original message, only if LOG_LEVEL is set to DEBUG..
|
| services.plausible.database.clickhouse.setup | Whether to enable creating a clickhouse instance.
|
| services.healthchecks.settings.DEBUG | Enable debug mode.
|
| security.pki.useCompatibleBundle | Whether to enable usage of a compatibility bundle
|
| services.strongswan.managePlugins | If set to true, this option will disable automatic plugin loading and
then tell strongSwan to enable the plugins specified in the
enabledPlugins option.
|
| services.mackerel-agent.autoRetirement | Whether to enable retiring the host upon OS shutdown
.
|
| programs.firefox.nativeMessagingHosts.bukubrow | Whether to enable Bukubrow support.
|
| systemd.slices.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.timers.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.prometheus.exporters.varnish.verbose | Enable verbose logging.
|
| services.transmission.openPeerPorts | Whether to enable opening of the peer port(s) in the firewall.
|
| services.syncoid.commands.<name>.recursive | Whether to enable the transfer of child datasets.
|
| services.smartd.notifications.mail.mailer | Sendmail-compatible binary to be used to send the messages
|
| services.matrix-synapse.settings.listeners.*.tls | Whether to enable TLS on the listener socket.
This option will be ignored for UNIX domain sockets.
|
| virtualisation.xen.debug | Whether to enable Xen debug features for Domain 0
|
| services.kmonad.keyboards.<name>.defcfg.allowCommands | Whether to enable keys to run shell commands.
|
| services.lasuite-meet.postgresql.createLocally | Whether to enable Configure local PostgreSQL database server for meet.
|
| services.filebrowser.openFirewall | Whether to enable opening firewall ports for FileBrowser.
|
| services.sourcehut.settings."builds.sr.ht".migrate-on-upgrade | Whether to enable automatic migrations on package upgrade.
|
| services.suwayomi-server.settings.server.systemTrayEnabled | Whether to enable a system tray icon, if possible.
|
| services.nginx.virtualHosts.<name>.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.cockroachdb.package | The cockroachdb package to use
|
| services.znapzend.features.lowmemRecurse | Whether to enable use lowmemRecurse on systems where you have too many datasets, so a
recursive listing of attributes to find backup plans exhausts the
memory available to znapzend: instead, go the slower
way to first list all impacted dataset names, and then query their
configs one by one
.
|
| services.logrotate.allowNetworking | Whether to enable network access for logrotate.
|
| services.ddns-updater.environment | Environment variables to be set for the ddns-updater service
|
| services.hylafax.faxqclean.archiving | Enable or suppress job archiving:
never disables job archiving,
as-flagged archives jobs that
have been flagged for archiving by sendfax,
always forces archiving of all jobs
|
| services.suwayomi-server.settings.server.basicAuthEnabled | Whether to enable basic access authentication for Suwayomi-Server
|
| services.linkwarden.database.createLocally | Whether to enable the automatic creation of the database for Linkwarden..
|
| programs.fish.generateCompletions | Whether to enable generating completion files from man pages.
|
| services.qbittorrent.openFirewall | Whether to enable opening both the webuiPort and torrentPort over TCP in the firewall.
|
| services.mediatomb.transcoding | Whether to enable transcoding.
|
| services.prometheus.exporters.mqtt.mqttExposeClientId | Whether to enable Expose the client ID as a label in Prometheus metrics..
|
| services.pulseaudio.systemWide | If false, a PulseAudio server is launched automatically for
each user that tries to use the sound system
|
| services.dragonflydb.memcachePort | To enable memcached compatible API on this port.
null means disabled.
|
| services.bacula-sd.director.<name>.tls.require | Require TLS or TLS-PSK encryption
|
| services.bacula-fd.director.<name>.tls.require | Require TLS or TLS-PSK encryption
|
| services.listmonk.database.mutableSettings | Database settings will be reset to the value set in this module if this is not enabled
|
| services.misskey.reverseProxy.webserver.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.syncthing.openDefaultPorts | Whether to open the default ports in the firewall: TCP/UDP 22000 for transfers
and UDP 21027 for discovery
|
| services.limesurvey.nginx.virtualHost.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.prometheus.exporters.mongodb.collectAll | Enable all collectors
|
| services.prometheus.exporters.mqtt.mqttV5Protocol | Whether to enable Force to use MQTT protocol v5 instead of 3.1.1..
|
| services.desktopManager.gnome.flashback.customSessions | Other GNOME Flashback sessions to enable.
|
| services.mosquitto.persistence | Enable persistent storage of subscriptions and messages.
|
| services.mackerel-agent.settings.diagnostic | Whether to enable collecting memory usage for the agent itself.
|
| systemd.shutdownRamfs.contents.<name>.dlopen.features | Features to enable via dlopen ELF notes
|
| services.fedimintd.<name>.nginx.config.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.nginx.virtualHosts.<name>.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.redmine.components.subversion | Whether to enable Subversion integration..
|
| services.desktopManager.cosmic.showExcludedPkgsWarning | Whether to enable the warning for excluding core packages.
|
| programs.starship.interactiveOnly | Whether to enable starship only when the shell is interactive
|
| hardware.nvidia.videoAcceleration | Whether to enable Whether video acceleration (VA-API) should be enabled.
.
|
| services.nginx.recommendedTlsSettings | Enable recommended TLS settings.
|
| services.mediawiki.extensions | Attribute set of paths whose content is copied to the extensions
subdirectory of the MediaWiki installation and enabled in configuration
|
| programs.firefox.nativeMessagingHosts.tridactyl | Whether to enable Tridactyl support.
|
| programs.firefox.nativeMessagingHosts.gsconnect | Whether to enable GSConnect support.
|
| services.ocsinventory-agent.settings.debug | Whether to enable debug mode.
|
| services.hydra.useSubstitutes | Whether to use binary caches for downloading store paths
|
| services.firewalld.zones.<name>.masquerade | Whether to enable masquerading in the zone.
|
| services.misskey.reverseProxy.webserver.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.limesurvey.nginx.virtualHost.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.fedimintd.<name>.nginx.config.listen.*.proxyProtocol | Enable PROXY protocol.
|
| systemd.targets.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.sockets.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.discourse.sslCertificate | The path to the server SSL certificate
|
| services.xserver.desktopManager.gnome.flashback.customSessions | Other GNOME Flashback sessions to enable.
|
| services.xserver.synaptics.horizontalScroll | Whether to enable horizontal scrolling (on touchpad)
|
| services.displayManager.dms-greeter.compositor.name | The Wayland compositor to run the greeter in
|
| services.nextcloud.appstoreEnable | Allow the installation and updating of apps from the Nextcloud appstore
|
| networking.dhcpcd.allowInterfaces | Enable the DHCP client for any interface whose name matches
any of the shell glob patterns in this list
|
| networking.wireless.dbusControlled | Whether to enable the DBus control interface
|
| security.forcePageTableIsolation | Whether to force-enable the Page Table Isolation (PTI) Linux kernel
feature even on CPU models that claim to be safe from Meltdown
|
| services.discourse.sslCertificateKey | The path to the server SSL certificate key
|
| security.pam.services.<name>.allowNullPassword | Whether to allow logging into accounts that have no password
set (i.e., have an empty password field in
/etc/passwd or
/etc/group)
|
| services.nginx.recommendedGzipSettings | Enable recommended gzip settings
|
| services.jitsi-videobridge.colibriRestApi | Whether to enable the private rest API for the COLIBRI control interface
|
| services.omnom.settings.app.disable_signup | Whether to enable restricting user creation.
|
| services.ferretdb.settings.FERRETDB_TELEMETRY | Enable or disable basic telemetry
|
| services.reposilite.settings.defaultFrontend | Whether to enable the default included frontend with a dashboard.
|
| services.writefreely.database.createLocally | When services.writefreely.database.type is set to
"mysql", this option will enable the MySQL service locally.
|
| services.nginx.recommendedZstdSettings | Enable recommended zstd settings
|
| services.buffyboard.settings.input.touchscreen | Enable or disable the use of the touchscreen.
|
| services.nginx.recommendedUwsgiSettings | Whether to enable recommended uwsgi settings if a vhost does not specify the option manually.
|
| services.nginx.recommendedProxySettings | Whether to enable recommended proxy settings if a vhost does not specify the option manually.
|
| services.redmine.components.ghostscript | Whether to enable exporting Gant diagrams as PDF..
|
| services.redmine.components.imagemagick | Whether to enable exporting Gant diagrams as PNG..
|
| services.prometheus.exporters.wireguard.verbose | Whether to enable verbose logging mode for prometheus-wireguard-exporter.
|
| services.prometheus.exporters.pgbouncer.webConfigFile | Path to configuration file that can enable TLS or authentication.
|
| services.nextcloud.config.objectstore.s3.sseCKeyFile | If provided this is the full path to a file that contains the key
to enable [server-side encryption with customer-provided keys][1]
(SSE-C)
|
| services.outline.slackIntegration.messageActions | Whether to enable message actions.
|
| services.firezone.server.smtp.configureManually | Outbound email configuration is mandatory for Firezone and supports
many different delivery adapters
|
| hardware.nvidia.nvidiaPersistenced | Whether to enable nvidia-persistenced a update for NVIDIA GPU headless mode, i.e
|
| services.rutorrent.nginx.exposeInsecureRPC2mount | If you do not enable one of the rpc or httprpc plugins you need to expose an RPC mount through scgi using this option
|
| programs.chromium.defaultSearchProviderEnabled | Enable the default search provider.
|
| systemd.services.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.nextcloud.nginx.recommendedHttpHeaders | Enable additional recommended HTTP response headers
|
| services.waagent.settings.Provisioning.Enable | Whether to enable provisioning functionality in the agent
|
| services.kmonad.keyboards.<name>.defcfg.fallthrough | Whether to enable re-emitting unhandled key events.
|
| services.znapzend.features.compressed | Whether to enable compressed feature which adds the options -Lce to
the zfs send command
|
| programs.firefox.nativeMessagingHosts.ugetIntegrator | Whether to enable Uget Integrator support.
|
| services.prometheus.exporters.imap-mailstat.oldestUnseenDate | Enable metric with timestamp of oldest unseen mail
|
| services.openssh.listenAddresses | List of addresses and ports to listen on (ListenAddress directive
in config)
|
| services.printing.cups-pdf.instances.<name>.installPrinter | Whether to enable a CUPS printer queue for this instance
|
| networking.wireless.autoDetectInterfaces | Whether to enable automatic detection of wireless interfaces.
|
| services.anubis.defaultOptions.settings.OG_PASSTHROUGH | Whether to enable Open Graph tag passthrough
|
| services.hostapd.radios.<name>.countryCode | Country code (ISO/IEC 3166-1)
|
| networking.wlanInterfaces.<name>.fourAddr | Whether to enable 4-address mode with type managed.
|
| services.blockbook-frontend.<name>.certFile | To enable SSL, specify path to the name of certificate files without extension
|
| services.nginx.recommendedBrotliSettings | Enable recommended brotli settings
|
| services.firezone.server.provision.accounts.<name>.features.idp_sync | Whether to enable the idp_sync feature for this account.
|
| services.firezone.server.provision.accounts.<name>.features.rest_api | Whether to enable the rest_api feature for this account.
|
| services.grafana-image-renderer.provisionGrafana | Whether to enable Grafana configuration for grafana-image-renderer.
|
| services.tuned.settings.dynamic_tuning | Whether to enable dynamic tuning.
|
| services.draupnir.settings.managementRoom | The room ID or alias where moderators can use the bot's functionality
|
| services.opensearch.settings."plugins.security.disabled" | Whether to enable the security plugin,
plugins.security.ssl.transport.keystore_filepath or
plugins.security.ssl.transport.server.pemcert_filepath and
plugins.security.ssl.transport.client.pemcert_filepath
must be set for this plugin to be enabled.
|
| services.xserver.displayManager.lightdm.greeters.slick.draw-user-backgrounds | Whether to enable draw user backgrounds.
|
| programs.firefox.nativeMessagingHosts.browserpass | Whether to enable Browserpass support.
|
| services.weblate.configurePostgresql | Whether to enable and configure a local PostgreSQL server by creating a user and database for weblate
|
| services.meilisearch.dumplessUpgrade | Whether to enable (experimental) dumpless upgrade
|
| services.netdata.python.recommendedPythonPackages | Whether to enable a set of recommended Python plugins
by installing extra Python packages.
|
| programs.coolercontrol.nvidiaSupport | Enable support for Nvidia GPUs.
|
| virtualisation.qemu.virtioKeyboard | Enable the virtio-keyboard device.
|
| services.tuned.settings.reapply_sysctl | Whether to enable the reapplying of global sysctls after TuneD sysctls are applied.
|
| hardware.nvidia.powerManagement.finegrained | Whether to enable experimental power management of PRIME offload
|
| services.autossh.sessions.*.extraArguments | Arguments to be passed to AutoSSH and retransmitted to SSH
process
|
| services.prometheus.exporters.unpoller.log.prometheusErrors | Whether to enable emitting errors to prometheus.
|
| services.jellyfin.transcoding.hardwareDecodingCodecs.vp8 | Enable hardware decoding for vp8 codec.
|
| services.jellyfin.transcoding.hardwareDecodingCodecs.vc1 | Enable hardware decoding for vc1 codec.
|
| services.jellyfin.transcoding.hardwareEncodingCodecs.av1 | Enable hardware encoding for av1 codec.
|
| services.jellyfin.transcoding.hardwareDecodingCodecs.av1 | Enable hardware decoding for av1 codec.
|
| services.jellyfin.transcoding.hardwareDecodingCodecs.vp9 | Enable hardware decoding for vp9 codec.
|
| virtualisation.useSecureBoot | Enable Secure Boot support in the EFI firmware.
|
| services.bitwarden-directory-connector-cli.sync.largeImport | Enable if you are syncing more than 2000 users/groups.
|
| virtualisation.virtualbox.guest.dragAndDrop | Whether to enable drag and drop support.
|
| services.pixelfed.database.automaticMigrations | Whether to enable automatic migrations for database schema and data.
|
| services.nginx.experimentalZstdSettings | Enable alpha quality zstd module with recommended settings
|
| services.jellyfin.transcoding.hardwareDecodingCodecs.hevc | Enable hardware decoding for hevc codec.
|
| services.jellyfin.transcoding.hardwareDecodingCodecs.h264 | Enable hardware decoding for h264 codec.
|
| services.jellyfin.transcoding.hardwareEncodingCodecs.hevc | Enable hardware encoding for hevc codec.
|
| services.crowdsec.localConfig.notifications | A list of notifications to enable and use in your profiles
|
| services.netbird.tunnels.<name>.hardened | Hardened service:
- runs as a dedicated user with minimal set of permissions (see caveats),
- restricts daemon configuration socket access to dedicated user group
(you can grant access to it with
users.users."<user>".extraGroups = [ netbird-‹name› ]),
Even though the local system resources access is restricted:
CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,- older kernels don't have
CAP_BPF and use CAP_SYS_ADMIN instead,
Known security features that are not (yet) integrated into the module:
- 2024-02-14:
rosenpass is an experimental feature configurable solely
through --enable-rosenpass flag on the netbird up command,
see the docs
|
| services.netbird.clients.<name>.hardened | Hardened service:
- runs as a dedicated user with minimal set of permissions (see caveats),
- restricts daemon configuration socket access to dedicated user group
(you can grant access to it with
users.users."<user>".extraGroups = [ netbird-‹name› ]),
Even though the local system resources access is restricted:
CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,- older kernels don't have
CAP_BPF and use CAP_SYS_ADMIN instead,
Known security features that are not (yet) integrated into the module:
- 2024-02-14:
rosenpass is an experimental feature configurable solely
through --enable-rosenpass flag on the netbird up command,
see the docs
|
| services.prometheus.exporters.deluge.exportPerTorrentMetrics | Enable per-torrent metrics
|
| networking.tempAddresses | Whether to enable IPv6 Privacy Extensions for interfaces not
configured explicitly in
networking.interfaces._name_.tempAddress
|
| systemd.services.<name>.confinement.fullUnit | Whether to include the full closure of the systemd unit file into the
chroot, instead of just the dependencies for the executables.
While it may be tempting to just enable this option to
make things work quickly, please be aware that this might add paths
to the closure of the chroot that you didn't anticipate
|
| services.navidrome.settings.EnableInsightsCollector | Enable anonymous usage data collection, see https://www.navidrome.org/docs/getting-started/insights/ for details.
|
| services.jellyfin.transcoding.hardwareDecodingCodecs.mpeg2 | Enable hardware decoding for mpeg2 codec.
|
| services.taskchampion-sync-server.openFirewall | Whether to enable Open firewall port for taskchampion-sync-server.
|
| services.prometheus.exporters.fritz.settings.devices.*.host_info | Enable extended host info for this device. Warning: This will heavily increase scrape time.
|
| services.librenms.useDistributedPollers | Enables distributed pollers
for this LibreNMS instance
|
| services.prometheus.exporters.opnsense.disabledExporter | Collectors to enable or disable
|
| systemd.automounts.*.wantedBy | Units that want (i.e. depend on) this unit
|
| services.mediagoblin.settings.mediagoblin.plugins | Plugins to enable
|
| services.sourcehut.settings."meta.sr.ht::settings".registration | Whether to enable public registration.
|
| networking.modemmanager.fccUnlockScripts | List of FCC unlock scripts to enable on the system, behaving as described in
https://modemmanager.org/docs/modemmanager/fcc-unlock/#integration-with-third-party-fcc-unlock-tools.
|
| services.yggdrasil.persistentKeys | Whether to enable automatic generation and persistence of keys
|
| services.n8n.environment.N8N_DIAGNOSTICS_ENABLED | Whether to share selected, anonymous telemetry with n8n
|
| hardware.amdgpu.overdrive.ppfeaturemask | Sets the amdgpu.ppfeaturemask kernel option
|
| services.jellyfin.transcoding.hardwareDecodingCodecs.hevcRExt10bit | Enable hardware decoding for hevcRExt10bit codec.
|
| services.jellyfin.transcoding.hardwareDecodingCodecs.hevcRExt12bit | Enable hardware decoding for hevcRExt12bit codec.
|
| services.anubis.instances.<name>.settings.OG_PASSTHROUGH | Whether to enable Open Graph tag passthrough
|
| services.jellyfin.transcoding.hardwareDecodingCodecs | Which codecs to enable for hardware decoding.
|
| security.allowUserNamespaces | Whether to allow creation of user namespaces
|
| hardware.nvidia.forceFullCompositionPipeline | Whether to enable forcefully the full composition pipeline
|
| services.davis.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.davis.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.movim.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.slskd.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.slskd.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.movim.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.radicle.httpd.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.radicle.httpd.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.clamsmtp.instances.*.transparentProxy | Enable clamsmtp's transparent proxy support.
|
| services.snipe-it.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.snipe-it.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.kanidm.provision.systems.oauth2.<name>.allowInsecureClientDisablePkce | Disable PKCE on this oauth2 resource server to work around insecure clients
that may not support it
|
| services.jellyfin.transcoding.hardwareEncodingCodecs | Which codecs to enable for hardware encoding. h264 is always enabled.
|
| programs.turbovnc.ensureHeadlessSoftwareOpenGL | Whether to set up NixOS such that TurboVNC's built-in software OpenGL
implementation works
|
| virtualisation.virtualbox.host.headless | Use VirtualBox installation without GUI and Qt dependency
|
| services.nginx.recommendedOptimisation | Enable recommended optimisation settings.
|
| networking.networkmanager.wifi.scanRandMacAddress | Whether to enable MAC address randomization of a Wi-Fi device
during scanning.
|
| services.akkoma.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.gancio.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.fluidd.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.fluidd.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.gancio.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.akkoma.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.matomo.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.matomo.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.monica.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.monica.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| virtualisation.virtualbox.guest.seamless | Whether to enable seamless mode
|
| services.wgautomesh.settings.lan_discovery | Enable discovery of peers on the same LAN using UDP broadcast.
|
| networking.networkmanager.wifi.powersave | Whether to enable Wi-Fi power saving.
|
| virtualisation.virtualbox.guest.clipboard | Whether to enable clipboard support.
|
| hardware.wirelessRegulatoryDatabase | Whether to enable loading the wireless regulatory database at boot.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.prometheus.exporters.mqtt.zigbee2MqttAvailability | Whether to enable Normalize sensor name for device availability metric added by Zigbee2MQTT..
|
| services.znapzend.features.skipIntermediates | Whether to enable the skipIntermediates feature to send a single increment
between latest common snapshot and the newly made one
|
| services.stash.settings.sound_on_preview | Enable sound on mouseover previews
|
| services.nextcloud.settings.mail_smtpdebug | Enable SMTP class debugging.
loglevel will likely need to be adjusted too.
See docs.
|
| services.jellyfin.transcoding.hardwareDecodingCodecs.hevc10bit | Enable hardware decoding for hevc10bit codec.
|
| virtualisation.incus.socketActivation | Whether to enable socket-activation for starting incus.service
|
| services.dolibarr.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.agorakit.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.librenms.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.kanboard.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.fediwall.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.librenms.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.kanboard.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.fediwall.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.agorakit.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.dolibarr.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.mainsail.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.pixelfed.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.pixelfed.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.mainsail.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.tuned.ppdSettings.main.battery_detection | Whether to enable battery detection.
|
| programs.pay-respects.aiIntegration | Whether to enable pay-respects' LLM integration
|
| services.changedetection-io.behindProxy | Enable this option when changedetection-io runs behind a reverse proxy, so that it trusts X-* headers
|
| services.anuko-time-tracker.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.anuko-time-tracker.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.headscale.settings.database.sqlite.write_ahead_log | Enable WAL mode for SQLite
|
| virtualisation.forwardPorts | When using the SLiRP user networking (default), this option allows to
forward ports to/from the host/guest.
If the NixOS firewall on the virtual machine is enabled, you also
have to open the guest ports to enable the traffic between host and
guest.
Currently QEMU supports only IPv4 forwarding.
|
| networking.resolvconf.dnsExtensionMechanism | Enable the edns0 option in resolv.conf
|
| services.bookstack.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.bookstack.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.paperless.openMPThreadingWorkaround | Whether to enable a workaround for document classifier timeouts
|
| services.mastodon.activeRecordEncryptionPrimaryKeyFile | This key must be set to enable the Active Record Encryption feature within
Rails that Mastodon uses to encrypt and decrypt some database attributes
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.misskey.reverseProxy.webserver.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.jirafeau.nginxConfig.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.jirafeau.nginxConfig.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.tuned.settings.recommend_command | Whether to enable recommend functionality.
|
| services.github-runners.<name>.ephemeral | If enabled, causes the following behavior:
- Passes the
--ephemeral flag to the runner configuration script
- De-registers and stops the runner with GitHub after it has processed one job
- On stop, systemd wipes the runtime directory (this always happens, even without using the ephemeral option)
- Restarts the service after its successful exit
- On start, wipes the state directory and configures a new runner
You should only enable this option if tokenFile points to a file which contains a
personal access token (PAT)
|
| programs.nix-required-mounts.allowedPatterns.<name>.unsafeFollowSymlinks | Whether to enable Instructs the hook to mount the symlink targets as well, when any of
the paths contain symlinks
|
| services.librenms.distributedPoller.distributedBilling | Enable distributed billing on this poller
|
| services.omnom.settings.smtp.tls_allow_insecure | Whether to enable Whether to allow insecure TLS..
|
| services.limesurvey.nginx.virtualHost.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.limesurvey.nginx.virtualHost.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| security.pam.services.<name>.googleOsLoginAccountVerification | If set, will use the Google OS Login PAM modules
(pam_oslogin_login,
pam_oslogin_admin) to verify possible OS Login
users and set sudoers configuration accordingly
|
| services.changedetection-io.webDriverSupport | Enable support for fetching web pages using WebDriver and Chromium
|
| networking.vswitches.<name>.supportedOpenFlowVersions | Supported versions to enable on this switch.
|
| services.opentelemetry-collector.validateConfigFile | Whether to enable Validate configuration file.
|
| security.pam.services.<name>.googleOsLoginAuthentication | If set, will use the pam_oslogin_login's user
authentication methods to authenticate users using 2FA
|
| hardware.trackpoint.press_to_select | Setting this to true will enable the Press to Select functions like tapping the control stick to simulate a left click, and setting false will disable it.
|
| services.grafana.settings.security.x_xss_protection | Set to true to enable the X-XSS-Protection header,
which tells browsers to stop pages from loading when they detect reflected cross-site scripting (XSS) attacks.
Note: this is the default in Grafana, it's turned off here
since it's recommended to not use this header anymore.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| virtualisation.useNixStoreImage | Build and use a disk image for the Nix store, instead of
accessing the host's one through 9p
|
| services.firezone.server.provision.accounts.<name>.features.flow_activities | Whether to enable the flow_activities feature for this account.
|
| services.firezone.server.provision.accounts.<name>.features.traffic_filters | Whether to enable the traffic_filters feature for this account.
|
| services.nginx.virtualHosts.<name>.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.nginx.virtualHosts.<name>.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ipcomp | Enable IPComp compression before encryption
|
| services.crab-hole.settings.blocklist.include_subdomains | Whether to enable Include subdomains.
|
| services.mastodon.activeRecordEncryptionKeyDerivationSaltFile | This key must be set to enable the Active Record Encryption feature within
Rails that Mastodon uses to encrypt and decrypt some database attributes
|
| virtualisation.lxc.unprivilegedContainers | Whether to enable support for unprivileged users to launch containers.
|
| services.scrutiny.settings.web.influxdb.tls.insecure_skip_verify | Whether to enable skipping TLS verification when connecting to InfluxDB.
|
| services.changedetection-io.playwrightSupport | Enable support for fetching web pages using playwright and Chromium
|
| services.transmission.performanceNetParameters | Whether to enable tweaking of kernel parameters
to open many more connections at the same time
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.tls | Whether to enable TLS on the listener socket.
This option will be ignored for UNIX domain sockets.
|
| services.firezone.server.provision.accounts.<name>.features.internet_resource | Whether to enable the internet_resource feature for this account.
|
| services.firezone.server.provision.accounts.<name>.features.policy_conditions | Whether to enable the policy_conditions feature for this account.
|
| services.firezone.server.provision.accounts.<name>.features.self_hosted_relays | Whether to enable the self_hosted_relays feature for this account.
|
| services.mastodon.activeRecordEncryptionDeterministicKeyFile | This key must be set to enable the Active Record Encryption feature within
Rails that Mastodon uses to encrypt and decrypt some database attributes
|
| services.hostapd.radios.<name>.networks.<name>.authentication.pairwiseCiphers | Set of accepted cipher suites (encryption algorithms) for pairwise keys (unicast packets)
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.hw_offload | Enable hardware offload for this CHILD_SA, if supported by the IPsec
implementation
|
| services.mediagoblin.settings.mediagoblin.allow_registration | Whether to enable user self registration
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.per_cpu_sas | Enable per-CPU CHILD_SAs
|
| services.firezone.server.provision.accounts.<name>.features.multi_site_resources | Whether to enable the multi_site_resources feature for this account.
|
| services.doh-server.settings.log_guessed_client_ip | Enable log IP from HTTPS-reverse proxy header: X-Forwarded-For or X-Real-IP
Note: http uri/useragent log cannot be controlled by this config
|
| services.slskd.settings.remote_file_management | Whether to enable modification of share contents through the web ui.
|
| services.postfix.settings.main.smtpd_tls_security_level | The server TLS security level
|
| services.grafana.settings.security.strict_transport_security | Set to true if you want to enable HTTP Strict-Transport-Security (HSTS) response header
|
| services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.include_parameters | Whether to include the parameters as meta labels
|
| services.grafana.settings.security.strict_transport_security_preload | Set to true to enable HSTS preloading option
|
| services.grafana.settings.security.content_security_policy_report_only | Set to true to add the Content-Security-Policy-Report-Only header to your requests
|
| services.grafana.settings.security.strict_transport_security_subdomains | Set to true to enable HSTS includeSubDomains option
|