local ‐ NixOS ‐ Searchix

Search Nix packages and options from NixOS, Darwin, Home Manager, Nix Packages and NUR

Indexing last ran 3 hours ago, will run again in 20 hours.

NixOS options search

Title	Description
networking.sits.<name>.local	The address of the local endpoint which the remote side should send packets to.
networking.ipips.<name>.local	The address of the local endpoint which the remote side should send packets to.
services.gollum.local-time	Use the browser's local timezone instead of the server's for displaying dates.
networking.fooOverUDP.<name>.local	Local address (and optionally device) to bind to using the given port.
services.vsftpd.localUsers	Whether to enable FTP for local users.
services.vsftpd.localRoot	This option represents a directory which vsftpd will try to change into after a local (i.e. non- anonymous) login
services.ncps.cache.storage.local	The local directory for storing configuration and cached store paths
services.rspamd.localLuaRules	Path of file to link to /etc/rspamd/rspamd.local.lua for local rules written in Lua
networking.greTunnels.<name>.local	The address of the local endpoint which the remote side should send packets to.
services.kubo.localDiscovery	Whether to enable local discovery for the Kubo daemon
services.pgmanage.localOnly	This tells pgmanage whether or not to set the listening socket to local addresses only.
services.quicktun.<name>.localPort	Local UDP port.
environment.localBinInPath	Add ~/.local/bin/ to $PATH
networking.fooOverUDP.<name>.local.dev	Network device to bind to.
services.local-content-share.enable	Whether to enable Local-Content-Share.
services.syncoid.localSourceAllow	Permissions granted for the `services.syncoid.user` user for local source datasets
services.local-content-share.package	The local-content-share package to use.
services.postfix.localRecipients	List of accepted local users
services.maddy.localDomains	Define list of allowed domains.
services.outline.storage.localRootDir	If `storageType` is `local`, this sets the parent directory under which all attachments/images go.
services.quicktun.<name>.localAddress	IP address or hostname of the local end.
networking.fooOverUDP.<name>.local.address	Local address to bind to
services.opengfw.settings.io.local	Set to false if you want to run OpenGFW on FORWARD chain. (e.g. on a router)
services.local-content-share.port	Port on which the service will be available
services.weblate.localDomain	The domain name serving your Weblate instance.
fonts.fontconfig.localConf	System-wide customization file contents, has higher priority than `defaultFonts` settings.
nixpkgs.localSystem	Systems with a recently generated `hardware-configuration.nix` do not need to specify this option, unless cross-compiling, in which case you should set only `nixpkgs.buildPlatform`
services.rspamd.locals	Local configuration files, written into /etc/rspamd/local.d/{name}.
services.syncoid.localTargetAllow	Permissions granted for the `services.syncoid.user` user for local target datasets
services.tsidp.settings.localPort	Listen on localhost:.
services.dawarich.localDomain	The domain serving your Dawarich instance.
services.castopod.localDomain	The domain serving your CastoPod instance.
services.mastodon.localDomain	The domain serving your Mastodon instance.
services.peertube.localDomain	The domain serving your PeerTube instance.
services.crowdsec.localConfig	The configuration for a crowdsec security engine.
services.wstunnel.clients.<name>.localToRemote	Listen on local and forwards traffic from remote.
services.shadowsocks.localAddress	Local addresses to which the server binds.
services.strongswan-swanctl.swanctl.connections.<name>.local	Section for a local authentication round
containers.<name>.localAddress	The IPv4 address assigned to the interface in the container
containers.<name>.localAddress6	The IPv6 address assigned to the interface in the container
services.mysql.galeraCluster.localName	The unique name that identifies this particular node within the cluster
networking.localCommands	Shell commands to be executed at the end of the `network-setup` systemd service
services.syncoid.commands.<name>.localSourceAllow	Permissions granted for the `services.syncoid.user` user for local source datasets
services.filesender.localDomain	The domain serving your FileSender instance.
services.jitsi-videobridge.nat.localAddress	Local address to assume when running behind NAT.
services.local-content-share.openFirewall	Whether to automatically open the specified port in the firewall
services.crowdsec.localConfig.parsers	The set of parser specifications
services.syncoid.commands.<name>.localTargetAllow	Permissions granted for the `services.syncoid.user` user for local target datasets
services.local-content-share.listenAddress	Address on which the service will be available
services.mysql.galeraCluster.localAddress	IP address or hostname of this node that will be used for cluster communication
services.suwayomi-server.settings.server.localSourcePath	Path to the local source folder.
programs.steam.localNetworkGameTransfers.openFirewall	Open ports in the firewall for Steam Local Network Game Transfers.
services.crowdsec.localConfig.patterns	A list of files containing custom grok patterns.
services.crowdsec.localConfig.profiles	A list of profiles to enable
services.zerotierone.localConf	Optional configuration to be written to the Zerotier JSON-based local.conf
services.crowdsec.localConfig.contexts	A list of additional contexts to specify
containers.<name>.extraVeths.<name>.localAddress	The IPv4 address assigned to the interface in the container
containers.<name>.extraVeths.<name>.localAddress6	The IPv6 address assigned to the interface in the container
services.crowdsec.localConfig.parsers.s00Raw	A list of stage s00-raw specifications
services.parsedmarc.provision.localMail.enable	Whether Postfix and Dovecot should be set up to receive mail locally. parsedmarc will be configured to watch the local inbox as the automatically created user specified in services.parsedmarc.provision.localMail.recipientName
services.zfs.autoReplication.localFilesystem	Local ZFS filesystem from which snapshots should be sent
services.crowdsec.localConfig.parsers.s01Parse	A list of stage s01-parse specifications
services.ocsinventory-agent.settings.local	If specified, the OCS Inventory Agent will run in offline mode and the resulting inventory file will be stored in the specified path.
services.unbound.localControlSocketPath	When not set to `null` this option defines the path at which the unbound remote control socket should be created at
services.hadoop.yarn.nodemanager.localDir	List of directories to store localized files in.
services.crowdsec.localConfig.scenarios	A list of scenarios specifications
i18n.localeCharsets	Per each `i18n.extraLocaleSettings`, choose the character set to use for it
services.crowdsec.localConfig.postOverflows	The set of Postoverflows specifications
services.toxvpn.localip	your ip on the vpn
services.crowdsec.localConfig.parsers.s02Enrich	A list of stage s02-enrich specifications
services.syncthing.settings.options.localAnnounceEnabled	Whether to send announcements to the local LAN, also use such announcements to find other devices.
services.vsftpd.chrootlocalUser	Whether local users are confined to their home directory.
services.parsedmarc.provision.localMail.recipientName	The DMARC mail recipient name, i.e. the name part of the email address which receives DMARC reports
services.rspamd.locals.<name>.text	Text of the file.
services.simplesamlphp.<name>.localDomain	The domain serving your SimpleSAMLphp instance
services.movim.podConfig.locale	The server main locale
programs.localsend.enable	Whether to enable localsend, an open source cross-platform alternative to AirDrop.
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.pubkeys	List of raw public key candidates to use for authentication
programs.localsend.package	The localsend package to use.
services.localtimed.package	The localtime package to use.
services.crowdsec.localConfig.acquisitions	A list of acquisition specifications, which define the data sources you want to be parsed
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.id	IKE identity to use for authentication round
services.syncthing.settings.options.localAnnouncePort	The port on which to listen and send IPv4 broadcast announcements to.
services.rspamd.locals.<name>.source	Path of the source file.
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert	Section for a certificate candidate to use for authentication
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.eap_id	Client EAP-Identity to use in EAP-Identity exchange and the EAP method.
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.slot	Optional slot number of the token that stores the certificate.
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.round	Optional numeric identifier by which authentication rounds are sorted
services.rspamd.locals.<name>.enable	Whether this file locals should be generated
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.file	Absolute path to the certificate to load
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.module	Optional PKCS#11 module name.
services.crowdsec.localConfig.postOverflows.s01Whitelist	A list of stage s01-whitelist specifications
services.parsedmarc.provision.localMail.hostname	The hostname to use when configuring Postfix
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.xauth_id	Client XAuth username used in the XAuth exchange.
services.crowdsec.localConfig.notifications	A list of notifications to enable and use in your profiles
services.gnome.localsearch.enable	Whether to enable LocalSearch, indexing services for TinySPARQL search engine and metadata storage system.
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.certs	List of certificate candidates to use for authentication
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.handle	Hex-encoded CKA_ID or handle of the certificate on a token or TPM, respectively
programs.localsend.openFirewall	Whether to enable opening the firewall port 53317 for receiving files.
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.aaa_id	Server side EAP-Identity to expect in the EAP method
services.exim.user	User to use when no root privileges are required
services.localtimed.enable	Enable `localtimed`, a simple daemon for keeping the system timezone up-to-date based on the current location
services.localtimed.geoclue2Package	The Geoclue2 package to use.
services.strongswan-swanctl.swanctl.connections.<name>.local_port	Local UDP port for IKE communication
services.strongswan-swanctl.swanctl.connections.<name>.local_addrs	Local address(es) to use for IKE communication
programs.proxychains.localnet	By default enable localnet for loopback address ranges.
services.matrix-appservice-irc.localpart	The user_id localpart to assign to the appservice
services.nextjs-ollama-llm-ui.hostname	The hostname under which the Ollama UI interface should be accessible
services.outline.redisUrl	Connection to a redis server
services.foundationdb.locality	FoundationDB locality settings.
boot.loader.grub.users	User accounts for GRUB
services.matrix-appservice-discord.localpart	The user_id localpart to assign to the AS.
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.auth	Authentication to perform locally. The default `pubkey` uses public key authentication using a private key associated to a usable certificate. `psk` uses pre-shared key authentication. The IKEv1 specific `xauth` is used for XAuth or Hybrid authentication, while the IKEv2 specific `eap` keyword defines EAP authentication. For `xauth`, a specific backend name may be appended, separated by a dash
services.resolved.llmnr	Controls Link-Local Multicast Name Resolution support (RFC 4795) on the local host
services.firefly-iii.settings.APP_ENV	The app environment
services.mpdscribble.passwordFile	File containing the password for the mpd daemon
services.mlmmj.user	mailinglist local user
services.fider.database.url	URI to use for the main PostgreSQL database
services.foundationdb.locality.zoneId	Zone identifier key
services.mlmmj.group	mailinglist local group
services.foundationdb.locality.dataHall	Data hall identifier key
services.outline.databaseUrl	URI to use for the main PostgreSQL database
services.ntopng.redis.createInstance	Local Redis instance name
services.cockroachdb.locality	An ordered, comma-separated list of key-value pairs that describe the topography of the machine
nix.firewall.allowPrivateNetworks	Whether to allow traffic to local networks
power.ups.mode	The MODE determines which part of the NUT is to be started, and which configuration files must be modified
services.outline.storage	To support uploading of images for avatars and document attachments an s3-compatible storage can be provided
services.foundationdb.locality.machineId	Machine identifier key
services.avahi.nssmdns6	Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv6
services.coturn.cli-ip	Local system IP address to be used for CLI server endpoint.
services.keycloak.database.name	Database name to use when connecting to an external or manually provisioned database; has no effect when a local database is automatically provisioned
services.gitlab.databaseCreateLocally	Whether a database should be automatically created on the local host
services.cntlm.enable	Whether to enable cntlm, which starts a local proxy.
services.ncps.cache.dataPath	The local directory for storing configuration and cached store paths
programs.ssh.forwardX11	Whether to request X11 forwarding on outgoing connections by default
services.foundationdb.locality.datacenterId	Data center identifier key
services.i2pd.outTunnels	Connect to someone as a client and establish a local accept endpoint
services.gancio.enable	Whether to enable Gancio, a shared agenda for local communities.
services.c2fmzq-server.port	The local port to use.
time.hardwareClockInLocalTime	If set, keep the hardware clock in local time instead of UTC.
services.keycloak.database.createLocally	Whether a database should be automatically created on the local host
services.c2fmzq-server.bindIP	The local address to use.
services.ollama.enable	Whether to enable ollama server for local large language models.
services.keycloak.database.username	Username to use when connecting to an external or manually provisioned database; has no effect when a local database is automatically provisioned
networking.nat.dmzHost	The local IP address to which all traffic that does not match any forwarding rule is forwarded.
services.crowdsec.name	Name of the machine when registering it at the central or local api.
services.discourse.database.createLocally	Whether a database should be automatically created on the local host
services.monero.extraNodes	List of additional peer IP addresses to add to the local list.
services.confd.enable	Whether to enable confd, a service to manage local application configuration files using templates and data from etcd/consul/redis/zookeeper.
services.gitwatch.<name>.path	The path to repo in local machine
services.livekit.redis.port	Port to bind local redis instance to.
services.livekit.redis.host	Address to bind local redis instance to.
services.miredo.bindPort	Depending on the local firewall/NAT rules, you might need to force Miredo to use a fixed UDP port and or IPv4 address.
services.blocky.enable	Whether to enable blocky, a fast and lightweight DNS proxy as ad-blocker for local network with many features.
services.ente.api.enableLocalDB	Whether to enable the automatic creation of a local postgres database for museum..
services.siproxd.ifInbound	Local network interface
networking.fooOverUDP.<name>.port	Local port of the encapsulation UDP socket.
services.mihomo.webui	Local web interface to use
services.private-gpt.enable	Whether to enable private-gpt for local large language models.
services.stratis.enable	Whether to enable Stratis Storage - Easy to use local storage management for Linux.
services.i2pd.reseed.zipfile	Path to local .zip file to reseed from.
nix.buildMachines	This option lists the machines to be used if distributed builds are enabled (see `nix.distributedBuilds`)
services.ncps.cache.storage.s3	Use S3 for storage instead of local storage.
system.autoUpgrade.flags	Any additional flags passed to `nixos-rebuild`
services.dependency-track.database.createLocally	Whether a database should be automatically created on the local host
services.yggdrasil.openMulticastPort	Whether to open the UDP port used for multicast peer discovery
services.udp-over-tcp.tcp2udp.<name>.bind	Which local IP to bind the UDP socket to.
services.sharkey.setupRedis	Whether to automatically set up a local Redis cache and configure Sharkey to use it.
services.avahi.browseDomains	List of non-local DNS domains to be browsed.
services.autossh.sessions.*.extraArguments	Arguments to be passed to AutoSSH and retransmitted to SSH process
services.dspam.domainSocket	Path to local domain socket which is used for communication with the daemon
services.btrbk.niceness	Niceness for local instances of btrbk
services.tox-node.lanDiscovery	Enable local network discovery.
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.local_ts	List of local traffic selectors to include in CHILD_SA
services.dependency-track.database.username	Username to use when connecting to an external or manually provisioned database; has no effect when a local database is automatically provisioned
services.librenms.useDistributedPollers	Enables distributed pollers for this LibreNMS instance
services.avahi.enable	Whether to run the Avahi daemon, which allows Avahi clients to use Avahi's service discovery facilities and also allows the local machine to advertise its presence and services (through the mDNS responder implemented by `avahi-daemon`).
services.eris-server.decode	Whether the HTTP service (when enabled) will decode ERIS content at /uri-res/N2R?urn:eris:
services.searx.runInUwsgi	Whether to run searx in uWSGI as a "vassal", instead of using its built-in HTTP server
services.avahi.publish.hinfo	Whether to register a mDNS HINFO record which contains information about the local operating system and CPU.
hardware.sane.openFirewall	Open ports needed for discovery of scanners on the local network, e.g. needed for Canon scanners (BJNP protocol).
services.geoclue2.enableNmea	Whether to fetch location from NMEA sources on local network.
services.gpsd.devices	List of devices that `gpsd` should subscribe to
services.peertube.listenHttp	The port that the local PeerTube web server will listen on.
services.samba-wsdd.enable	Whether to enable Web Services Dynamic Discovery host daemon
services.dependency-track.database.databaseName	Database name to use when connecting to an external or manually provisioned database; has no effect when a local database is automatically provisioned
services.radvd.enable	Whether to enable the Router Advertisement Daemon (`radvd`), which provides link-local advertisements of IPv6 router addresses and prefixes using the Neighbor Discovery Protocol (NDP)
services.send.redis.createLocally	Whether to create a local redis automatically.
services.miredo.bindAddress	Depending on the local firewall/NAT rules, you might need to force Miredo to use a fixed UDP port and or IPv4 address.
services.db-rest.redis.createLocally	Configure a local redis server for db-rest.
nix.buildMachines.*.sshKey	The path to the SSH private key with which to authenticate on the build machine
services.autossh.sessions.*.name	Name of the local AutoSSH session
boot.loader.grub.users.<name>.password	Specifies the clear text password for the account
services.gitlab.databaseHost	GitLab database hostname
services.sympa.mta.type	Mail transfer agent (MTA) integration
services.avahi.nssmdns4	Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv4
services.openafsServer.cellServDB	Definition of all cell-local database server machines
services.vsftpd.forceLocalDataSSL	Only applies if `sslEnable` is true
services.nitter.redisCreateLocally	Configure local Redis server for Nitter.
services.opendkim.domains	Local domains set (see opendkim(8) for more information on datasets)
services.biboumi.settings.port	The TCP port to use to connect to the local XMPP component.
programs.zsh.enableGlobalCompInit	Enable execution of compinit call for all interactive zsh shells
services.zammad.redis.createLocally	Whether to create a local redis automatically.
services.soju.acceptProxyIP	Allow the specified IPs to act as a proxy
services.librechat.enableLocalDB	Whether to enable a local mongodb instance.
services.ebusd.configpath	Directory to read CSV config files from
networking.dhcpcd.IPv6rs	Force enable or disable solicitation and receipt of IPv6 Router Advertisements
services.thanos.receive.enable	Whether to enable the Thanos receiver which accept Prometheus remote write API requests and write to local tsdb.
services.syncoid.user	The user for the service
services.vsftpd.forceLocalLoginsSSL	Only applies if `sslEnable` is true
services.sourcehut.nginx.enable	Whether to enable local nginx integration.
services.sourcehut.minio.enable	Whether to enable local minio integration.
services.searx.redisCreateLocally	Configure a local Redis server for SearXNG
services.oncall.settings.db.conn.str	Database connection scheme
services.nsd.ipTransparent	Allow binding to non local addresses.
services.zammad.nginx.configure	Whether to configure a local nginx for Zammad.
services.borgbackup.jobs.<name>.repo	Remote or local repository to back up to.
services.nipap.nipap-www.xmlrpcURIFile	Path to file containing XMLRPC URI for use by web UI - this is a secret, since it contains auth credentials
services.printing.defaultShared	Specifies whether local printers are shared by default.
services.lasuite-meet.livekit.enable	Whether to enable Configure local livekit server.
services.rustus.storage.data_dir	path to the local directory where all files are stored
services.opengfw.settings.io.rst	Set to true if you want to send RST for blocked TCP connections, needs `local = false`.
services.shairport-sync.enable	Enable the shairport-sync daemon
services.sourcehut.redis.enable	Whether to enable local redis integration in a dedicated redis-server.
services.livekit.redis.createLocally	Whether to set up a local redis instance.
nix.buildMachines.*.protocol	The protocol used for communicating with the build machine
hardware.nvidia-container-toolkit.mount-nvidia-docker-1-directories	Mount nvidia-docker-1 directories on containers: /usr/local/nvidia/lib and /usr/local/nvidia/lib64.
boot.loader.grub.users.<name>.passwordFile	Specifies the path to a file containing the clear text password for the account
services.misskey.redis.createLocally	Create and use a local Redis instance
users.ldap.daemon.enable	Whether to let the nslcd daemon (nss-pam-ldapd) handle the LDAP lookups for NSS and PAM
services.i2pd.yggdrasil.address	Your local yggdrasil address
services.firezone.server.enableLocalDB	Whether to enable a local postgresql database for Firezone.
services.outline.storage.storageType	File storage type, it can be local or s3.
services.x2goserver.enable	Enables the x2goserver module
services.mastodon.smtp.createLocally	Configure local Postfix SMTP server for Mastodon.
services.redsocks.redsocks	Local port to proxy associations to be performed
services.peertube.smtp.createLocally	Configure local Postfix SMTP server for PeerTube.
services.hylafax.sendmailPath	Path to sendmail program
services.avahi.publish.addresses	Whether to register mDNS address records for all local IP addresses.
services.hadoop.hdfs.datanode.dataDirs.*.path	Determines where on the local filesystem a data node should store its blocks.
boot.loader.grub.users.<name>.hashedPassword	Specifies the password hash for the account, generated with grub-mkpasswd-pbkdf2
services.bitlbee.interface	The interface the BitlBee daemon will be listening to
services.thanos.rule.tsdb.retention	Block retention time on local disk
services.lasuite-docs.redis.createLocally	Configure local Redis cache server for docs.
services.sourcehut.postfix.enable	Whether to enable local postfix integration.
services.docuseal.redis.createLocally	Whether to create a local redis automatically.
services.pfix-srsd.configurePostfix	Whether to configure the required settings to use pfix-srsd in the local Postfix instance.
services.part-db.settings.DATABASE_URL	The postgresql database server to connect to
services.peertube.redis.createLocally	Configure local Redis server for PeerTube.
services.mastodon.redis.createLocally	Configure local Redis server for Mastodon.
services.ncps.cache.lock.allowDegradedMode	Allow falling back to local locks if Redis is unavailable (WARNING: breaks HA guarantees).
services.sympa.database.createLocally	Whether to create a local database automatically.
services.movim.database.createLocally	local database using UNIX socket authentication
services.lasuite-meet.redis.createLocally	Whether to enable Configure local Redis cache server for meet.
services.borgmatic.settings.repositories	A required list of local or remote repositories with paths and optional labels (which can be used with the --repository flag to select a repository)
services.dnsmasq.resolveLocalQueries	Whether dnsmasq should resolve local queries (i.e. add 127.0.0.1 to /etc/resolv.conf).
services.quicktun.<name>.privateKeyFile	Path to file containing local secret key in binary or hexadecimal form. Not needed when `services.quicktun..protocol` is set to `raw`.
services.syncoid.commands.<name>.source	Source ZFS dataset
services.unbound.resolveLocalQueries	Whether unbound should resolve local queries (i.e. add 127.0.0.1 to /etc/resolv.conf).
services.thanos.store.sync-block-duration	Repeat interval for syncing the blocks between local and remote view
services.vsftpd.virtualUseLocalPrivs	If enabled, virtual users will use the same privileges as local users
networking.nat.externalIP	The public IP address to which packets from the local network are to be rewritten
services.discourse.database.host	Discourse database hostname. `null` means “prefer local unix socket connection”.
services.pixelfed.redis.createLocally	Whether to enable a local Redis database using UNIX socket authentication.
services.quicktun.<name>.privateKey	Local secret key in hexadecimal form. This option is deprecated
services.offlineimap.enable	Whether to enable OfflineIMAP, a software to dispose your mailbox(es) as a local Maildir(s).
services.zammad.database.createLocally	Whether to create a local database automatically.
services.postsrsd.settings.domains	List of local domains, that do not require rewriting.
services.jupyterhub.spawner	Jupyterhub spawner to use There are many spawners available including: local process, systemd, docker, kubernetes, yarn, batch, etc.
services.bitmagnet.useLocalPostgresDB	Use a local postgresql database, create user and database
networking.nat.externalIPv6	The public IPv6 address to which packets from the local network are to be rewritten
services.syncoid.commands.<name>.target	Target ZFS dataset
services.mealie.database.createLocally	Configure local PostgreSQL database server for Mealie.
services.nextcloud.settings.mail_smtpmode	Which mode to use for sending mail
services.gitea.database.createDatabase	Whether to create a local database automatically.
services.invidious.database.host	The database host Invidious should use
services.searx.configureUwsgi	Whether to run searx in uWSGI as a "vassal", instead of using its built-in HTTP server
services.rosenpass.settings.listen	List of local endpoints to listen for connections.
services.shairport-sync.arguments	Arguments to pass to the daemon
services.mattermost.database.name	Local Mattermost database name.
services.sharkey.setupPostgresql	Whether to automatically set up a local PostgreSQL database and configure Sharkey to use it.
services.mattermost.database.user	Local Mattermost database username.
services.wstunnel.clients.<name>.remoteToLocal	Listen on remote and forwards traffic from local
services.avahi.allowInterfaces	List of network interfaces that should be used by the `avahi-daemon`
services.quassel.interfaces	The interfaces the Quassel daemon will be listening to
services.sabnzbd.settings.misc.inet_exposure	Restrictions for access from non-local IP addresses
services.gitea.settings.server.SSH_PORT	SSH port displayed in clone URL
services.glitchtip.redis.createLocally	Whether to enable and configure a local Redis instance.
services.btrbk.ioSchedulingClass	IO scheduling class for btrbk (see ionice(1) for a quick description)
services.nebula.networks.<name>.tun.disable	When tun is disabled, a lighthouse can be started without a local tun interface (and therefore without root).
services.systembus-notify.enable	Whether to enable System bus notification support WARNING: enabling this option (while convenient) should not be done on a machine where you do not trust the other users as it allows any other local user to DoS your session by spamming notifications .
services.homebox.database.createLocally	Configure local PostgreSQL database server for Homebox.
boot.loader.grub.users.<name>.hashedPasswordFile	Specifies the path to a file containing the password hash for the account, generated with grub-mkpasswd-pbkdf2
services.pdfding.database.createLocally	Whether to create a local PostgreSQL database automatically
services.pretix.database.createLocally	Whether to automatically set up the database on the local DBMS instance
services.opengfw.settings.ruleset	The path to load specific local geoip/geosite db files
services.heisenbridge.owner	Set owner MXID otherwise first talking local user will claim the bridge
services.zipline.database.createLocally	Whether to enable and configure a local PostgreSQL database server.
services.zabbixProxy.database.createLocally	Whether to create a local database automatically.
services.libeufin.bank.createLocalDatabase	Whether to enable automatic creation of a local postgres database.
services.rustus.storage.force_sync	calls fsync system call after every write to disk in local storage
services.openafsServer.roles.backup.cellServDB	Definition of all cell-local backup database server machines
services.postsrsd.configurePostfix	Whether to configure the required settings to use postsrsd in the local Postfix instance.
services.yggdrasil.settings.Listen	Listen addresses for incoming connections
services.dawarich.redis.createLocally	Whether to configure a local Redis server for Dawarich
services.ostinato.rpcServer.address	By default, the Drone RPC server will listen on all interfaces and local IPv4 addresses for incoming connections from clients
services.postgresql.identMap	Defines the mapping from system users to database users
services.coturn.relay-ips	Relay address (the local IP address that will be used to relay the packets to the peer)
services.librenms.database.createLocally	Whether to create a local database automatically.
services.librenms.enableLocalBilling	Enable billing Cron-Jobs on the local instance
services.forgejo.database.createDatabase	Whether to create a local database automatically.
services.libeufin.nexus.createLocalDatabase	Whether to enable automatic creation of a local postgres database.
services.thanos.receive.tsdb.retention	How long to retain raw samples on local storage. `0d` - disables this retention Defaults to `15d` in Thanos when set to `null`.
services.mirakurun.openFirewall	Open ports in the firewall for Mirakurun. Exposing Mirakurun to the open internet is generally advised against
services.zabbixServer.database.createLocally	Whether to create a local database automatically.
services.woodpecker-agents.agents.<name>.path	Additional packages that should be added to the agent's `PATH`
services.windmill.database.createLocally	Whether to create a local database automatically.
services.avahi.publish.workstation	Whether to register a service of type "_workstation._tcp" on the local LAN.
services.rosenpass.settings.peers.*.device	Name of the local WireGuard interface to use for this peer.
services.mattermost.database.create	Create a local PostgreSQL or MySQL database for Mattermost automatically.
services.mastodon.database.createLocally	Configure local PostgreSQL database server for Mastodon.
services.pretalx.database.createLocally	Whether to automatically set up the database on the local DBMS instance
services.peertube.database.createLocally	Configure local PostgreSQL database server for PeerTube.
services.forgejo.settings.server.SSH_PORT	SSH port displayed in clone URL
services.your_spotify.enableLocalDB	Whether to enable a local mongodb instance.
security.duosec.fallbackLocalIP	Duo Unix reports the IP address of the authorizing user, for the purposes of authorization and whitelisting
security.pam.services.<name>.startSession	If set, the service will register a new session with systemd's login manager
services.pixelfed.database.createLocally	Whether to enable a local database using UNIX socket authentication.
services.zfs.autoReplication.followDelete	Remove remote snapshots that don't have a local correspondent.
programs.tsmClient.servers.<name>.servername	Local name of the IBM TSM server, must not contain space or more than 64 chars.
services.tsidp.settings.useLocalTailscaled	Use local tailscaled instead of tsnet.
services.postfix-tlspol.configurePostfix	Whether to configure the required settings to use postfix-tlspol in the local Postfix instance.
services.self-deploy.repository	The repository to fetch from
services.certspotter.sendmailPath	Path to the `sendmail` binary
services.sourcehut.postgresql.enable	Whether to enable local postgresql integration.
services.thanos.sidecar.prometheus.url	URL at which to reach Prometheus's API
services.ncps.cache.lock.backend	Lock backend to use: 'local' (single instance), 'redis' (distributed), 'postgres' (distributed, requires PostgreSQL)
services.miniflux.createDatabaseLocally	Whether a PostgreSQL database should be automatically created and configured on the local host
services.invidious.database.createLocally	Whether to create a local database with PostgreSQL.
services.dawarich.database.createLocally	Whether to configure a local PostgreSQL server and database for Dawarich
services.paperless.database.createLocally	Configure local PostgreSQL database server for Paperless.
services.glitchtip.database.createLocally	Whether to enable and configure a local PostgreSQL database server.
services.matrix-synapse.configureRedisLocally	Whether to automatically configure a local redis server for matrix-synapse.
services.epgstation.openFirewall	Open ports in the firewall for the EPGStation web interface. Exposing EPGStation to the open internet is generally advised against
networking.resolvconf.useLocalResolver	Use local DNS server for resolving.
services.cloudflare-ddns.provider.ipv4	IP detection provider for IPv4
services.cloudflare-ddns.provider.ipv6	IP detection provider for IPv6
services.tandoor-recipes.database.createLocally	Configure local PostgreSQL database server for Tandoor Recipes.
services.engelsystem.createDatabase	Whether to create a local database automatically
services.gotosocial.setupPostgresqlDB	Whether to setup a local postgres database and populate the `db-type` fields in `services.gotosocial.settings`.
services.lasuite-docs.postgresql.createLocally	Configure local PostgreSQL database server for docs.
services.borgbackup.jobs.<name>.removableDevice	Whether the repo (which must be local) is a removable device.
services.openafsServer.roles.fileserver.enable	Fileserver role, serves files and volumes from its local storage.
services.firefox-syncserver.database.host	Database host name. `localhost` is treated specially and inserts systemd dependencies, other hostnames or IP addresses of the local machine do not.
services.kubo.settings.Addresses.API	Multiaddr or array of multiaddrs describing the address to serve the local HTTP API on
services.lasuite-meet.postgresql.createLocally	Whether to enable Configure local PostgreSQL database server for meet.
services.rke2.environmentVars	Environment variables for configuring the rke2 service/agent
services.borgmatic.configurations.<name>.repositories	A required list of local or remote repositories with paths and optional labels (which can be used with the --repository flag to select a repository)
services.grafana.settings.smtp.password	Password used for authentication
services.pulseaudio.zeroconf.publish.enable	Whether to enable publishing the pulseaudio sink in the local network.
services.cjdns.ETHInterface.beacon	Auto-connect to other cjdns nodes on the same network
services.mailpit.instances.<name>.database	Specify the local database filename to store persistent data
virtualisation.nixStore9pCache	Type of 9p cache to use when mounting host nix store. "none" provides no caching. "loose" enables Linux's local VFS cache. "fscache" uses Linux's fscache subsystem
services.public-inbox.settings.publicinbox.css	The local path name of a CSS file for the PSGI web interface.
services.misskey.meilisearch.createLocally	Create and use a local Meilisearch instance
services.mediagoblin.createDatabaseLocally	Whether to configure a local postgres database and connect to it.
services.vaultwarden.configurePostgres	Whether to configure a local PostgreSQL server.
services.crowdsec-firewall-bouncer.settings.api_url	URL of the local API.
services.displayManager.dms-greeter.configHome	Path to a user's home directory from which to copy DankMaterialShell configuration files
services.synapse-auto-compressor.postgresUrl	Connection string to postgresql in the [rust `postgres` crate config format](https://docs.rs/postgres/latest/postgres/config/struct
services.mattermost.database.password	Password for local Mattermost database user
services.weblate.configurePostgresql	Whether to enable and configure a local PostgreSQL server by creating a user and database for weblate
services.rosenpass.settings.public_key	Path to a file containing the public key of the local Rosenpass peer
services.rosenpass.settings.secret_key	Path to a file containing the secret key of the local Rosenpass peer
services.sourcehut.settings."builds.sr.ht::worker".bind-address	HTTP bind address for serving local build information/monitoring.
services.matrix-synapse.settings.presence.enabled	Whether to enable presence tracking
services.sharkey.setupMeilisearch	Whether to automatically set up a local Meilisearch instance and configure Sharkey to use it
services.pulseaudio.zeroconf.discovery.enable	Whether to enable discovery of pulseaudio sinks in the local network.
services.prometheus.remoteRead.*.read_recent	Whether reads should be made for queries for time ranges that the local storage should have complete data for.
services.prometheus.exporters.chrony.user	User name under which the chrony exporter shall be run
services.prometheus.alertmanagerGotify.port	The local port the bridge is listening on.
services.prometheus.exporters.chrony.group	Group under which the chrony exporter shall be run
services.nullmailer.config.adminaddr	If set, all recipients to users at either "localhost" (the literal string) or the canonical host name (from the me control attribute) are remapped to this address
services.grafana.settings.database.password	The database user's password (not applicable for `sqlite3`)
services.glance.environmentFile	Path to an environment file as defined in systemd.exec(5)
services.crowdsec-firewall-bouncer.secrets.apiKeyPath	Path to the API key to authenticate with a local CrowdSec API
services.canaille.settings.CANAILLE_SQL.DATABASE_URI	The SQL server URI
services.openssh.listenAddresses	List of addresses and ports to listen on (ListenAddress directive in config)
services.firefox-syncserver.database.createLocally	Whether to create database and user on the local machine if they do not exist
services.syncthing.settings.options.limitBandwidthInLan	Whether to apply bandwidth limits to devices in the same broadcast domain as the local device.
services.tailscale.serve.services.<name>.endpoints	Map of incoming traffic patterns to local targets
services.prometheus.exporters.postgres.runAsLocalSuperUser	Whether to run the exporter as the local 'postgres' super user.
services.prometheus.exporters.pve.configFile	Path to the service's config file
services.foundationdb.extraReadWritePaths	An extra set of filesystem paths that FoundationDB can read to and write from
services.cloudflared.tunnels.<name>.originRequest.httpHostHeader	Sets the HTTP `Host` header on requests sent to the local service.
services.parsedmarc.provision.grafana.dashboard	Whether the official parsedmarc grafana dashboard should be provisioned to the local grafana instance.
services.nixseparatedebuginfod2.substituters	nix substituter to fetch debuginfo from
services.grafana.settings.security.secret_key	Secret key used for signing
services.netbird.tunnels.<name>.hardened	Hardened service: runs as a dedicated user with minimal set of permissions (see caveats), restricts daemon configuration socket access to dedicated user group (you can grant access to it with `users.users."<user>".extraGroups = [ netbird-‹name› ]`), Even though the local system resources access is restricted: `CAP_NET_RAW`, `CAP_NET_ADMIN` and `CAP_BPF` still give unlimited network manipulation possibilites, older kernels don't have `CAP_BPF` and use `CAP_SYS_ADMIN` instead, Known security features that are not (yet) integrated into the module: 2024-02-14: `rosenpass` is an experimental feature configurable solely through `--enable-rosenpass` flag on the `netbird up` command, see the docs
services.netbird.clients.<name>.hardened	Hardened service: runs as a dedicated user with minimal set of permissions (see caveats), restricts daemon configuration socket access to dedicated user group (you can grant access to it with `users.users."<user>".extraGroups = [ netbird-‹name› ]`), Even though the local system resources access is restricted: `CAP_NET_RAW`, `CAP_NET_ADMIN` and `CAP_BPF` still give unlimited network manipulation possibilites, older kernels don't have `CAP_BPF` and use `CAP_SYS_ADMIN` instead, Known security features that are not (yet) integrated into the module: 2024-02-14: `rosenpass` is an experimental feature configurable solely through `--enable-rosenpass` flag on the `netbird up` command, see the docs
services.draupnir.settings.managementRoom	The room ID or alias where moderators can use the bot's functionality
services.postfix.settings.main.mydestination	List of domain names intended for local delivery using /etc/passwd and /etc/aliases. Do not include virtual domains in this list. https://www.postfix.org/postconf.5.html#mydestination
services.prometheus.exporters.chrony.chronyServerAddress	ChronyServerAddress of the chrony server side command port. (Not enabled by default.) Defaults to the local unix socket.
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.auth	Authentication to expect from remote
services.crowdsec-firewall-bouncer.settings.api_key	API key to authenticate with a local crowdsec API
services.cloudflared.tunnels.<name>.originRequest.noHappyEyeballs	Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
services.jitsi-videobridge.nat.harvesterAddresses	Addresses of public STUN services to use to automatically find the public and local addresses of this Jitsi-Videobridge instance without the need for manual configuration
services.parsedmarc.provision.elasticsearch	Whether to set up and use a local instance of Elasticsearch.
services.earlyoom.enableNotifications	Send notifications about killed processes via the system d-bus
services.icingaweb2.modules.monitoring.transports.<name>.path	Path to the socket for local or remote transports
services.matrix-synapse.workers	Options for configuring workers
services.prometheus.exporters.pve.environmentFile	Path to the service's environment file
virtualisation.spiceUSBRedirection.enable	Install the SPICE USB redirection helper with setuid privileges
programs.pay-respects.aiIntegration	Whether to enable `pay-respects`' LLM integration
services.dependency-track.oidc.userProvisioning	Specifies if mapped OpenID Connect accounts are automatically created upon successful authentication
services.healthchecks.settings	Environment variables which are read by healthchecks `(local)_settings.py`
services.smartd.notifications.systembus-notify.enable	Whenever to send systembus-notify notifications
services.healthchecks.settingsFile	Environment variables which are read by healthchecks `(local)_settings.py`
services.grafana.settings.security.admin_password	Default admin password
virtualisation.virtualbox.host.enableHardening	Enable hardened VirtualBox, which ensures that only the binaries in the system path get access to the devices exposed by the kernel modules instead of all users in the vboxusers group. Disabling this can put your system's security at risk, as local users in the vboxusers group can tamper with the VirtualBox device files.
services.prometheus.exporters.idrac.configurationPath	Path to the service's config file
services.xserver.windowManager.xmonad.config	Configuration from which XMonad gets compiled
services.dependency-track.settings."alpine.oidc.user.provisioning"	Specifies if mapped OpenID Connect accounts are automatically created upon successful authentication
services.mobilizon.settings.":mobilizon"."Mobilizon.Storage.Repo".socket_dir	Path to the postgres socket directory
services.dependency-track.oidc.teamSynchronization	This option will ensure that team memberships for OpenID Connect users are dynamic and synchronized with membership of OpenID Connect groups or assigned roles
services.grafana.provision.datasources.settings.datasources.*.secureJsonData	Datasource specific secure configuration
services.tor.relay.role	Your role in Tor network
services.strongswan-swanctl.swanctl.connections.<name>.mediation_peer	Identity under which the peer is registered at the mediation server, that is, the IKE identity the other end of this connection uses as its local identity on its connection to the mediation server
services.dependency-track.settings."alpine.oidc.team.synchronization"	This option will ensure that team memberships for OpenID Connect users are dynamic and synchronized with membership of OpenID Connect groups or assigned roles
services.peertube.settings.video_transcription.engine_path	Custom engine path for local transcription.
services.postfix.settings.main.smtp_tls_security_level	The client TLS security level. Use `dane` with a local DNSSEC validating DNS resolver enabled. https://www.postfix.org/postconf.5.html#smtp_tls_security_level
services.doh-server.settings.ecs_allow_non_global_ip	By default, non global IP addresses are never forwarded to upstream servers
i18n.extraLocaleSettings	A set of additional system-wide locale settings other than `LANG` which can be configured with `i18n.defaultLocale`
i18n.extraLocales	Additional locales that the system should support, besides the ones configured with `i18n.defaultLocale` and `i18n.extraLocaleSettings`
services.gancio.userLocale	Override default locales within gancio
services.udev.extraHwdb	Additional `hwdb` files
services.redsocks.log	Where to send logs
services.udev.extraRules	Additional `udev` rules
services.jenkins.prefix	Specifies a urlPrefix to use with jenkins
boot.initrd.services.udev.rules	`udev` rules to include in the initrd only
services.mediawiki.extraConfig	Any additional text to be appended to MediaWiki's LocalSettings.php configuration file
services.private-gpt.settings	settings-local.yaml for private-gpt
services.kimai.sites.<name>.settings	Structural Kimai's local.yaml configuration
services.ente.api.settings	Museum yaml configuration
services.redsocks.chroot	Chroot under which to run redsocks
programs.singularity.enableExternalLocalStateDir	Whether to use top-level directories as LOCALSTATEDIR instead of the store path ones
services.spamassassin.config	The SpamAssassin local.cf config If you are using this configuration: `add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_` Then you can Use this sieve filter: `require ["fileinto", "reject", "envelope"]; if header :contains "X-Spam-Flag" "YES" { fileinto "spam"; }` Or this procmail filter: `:0: * ^X-Spam-Flag: YES /var/vpopmail/domains/lastlog.de/js/.maildir/.spam/new` To filter your messages based on the additional mail headers added by spamassassin.
nixpkgs.pkgs	If set, the pkgs argument to all NixOS modules is the value of this option, extended with `nixpkgs.overlays`, if that is also set
services.samba-wsdd.listen	Listen on path or localhost port in discovery mode.
services.nginx.statusPage	Enable status page reachable from localhost on http://127.0.0.1/nginx_status.
i18n.defaultCharset	The default locale character set.
services.prometheus.scrapeConfigs..consul_sd_configs..server	Consul server to query
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.remote_ts	List of remote selectors to include in CHILD_SA
services.trilium-server.host	The host address to bind to (defaults to localhost).
services.portunus.port	Port where the Portunus webserver should listen on
i18n.defaultLocale	The default locale
services.foundationdb.tls.allowedPeers	"Peer verification string"
networking.proxy.noProxy	This option specifies the no_proxy environment variable
services.xandikos.address	The IP address on which Xandikos will listen
services.riemann-tools.riemannHost	Address of the host riemann node
services.documize.db	Database specific connection string for example: MySQL/Percona/MariaDB: `user:password@tcp(host:3306)/documize` MySQLv8+: `user:password@tcp(host:3306)/documize?allowNativePasswords=true` PostgreSQL: `host=localhost port=5432 dbname=documize user=admin password=secret sslmode=disable` MSSQL: `sqlserver://username:password@localhost:1433?database=Documize` or `sqlserver://sa@localhost/SQLExpress?database=Documize`
services.mailman.webHosts	The list of hostnames and/or IP addresses from which the Mailman Web UI will accept requests
services.pingvin-share.hostname	The domain name of your instance
services.postfix.networks	Net masks for trusted - allowed to relay mail to third parties - hosts
services.uptime.configFile	The uptime configuration file If mongodb: server != localhost, please set usesRemoteMongo = true If you only want to run the monitor, please set enableWebService = false and enableSeparateMonitoringService = true If autoStartMonitor: false (recommended) and you want to run both services, please set enableSeparateMonitoringService = true
services.irkerd.listenAddress	Specifies the bind address on which the irker daemon listens
services.postfix.networksStyle	Name of standard way of trusted network specification to use, leave blank if you specify it explicitly or if you want to use default (localhost-only).
services.cassandra.remoteJmx	Cassandra ships with JMX accessible only from localhost
networking.hosts	Locally defined maps of hostnames to IP addresses.
services.nextcloud.notify_push.bendDomainToLocalhost	Whether to add an entry to `/etc/hosts` for the configured nextcloud domain to point to `localhost` and add `localhost` to nextcloud's `trusted_proxies` config option
services.hickory-dns.settings.zones.*.zone	Zone name, like "example.com", "localhost", or "0.0.127.in-addr.arpa".
services.keycloak.database.useSSL	Whether the database connection should be secured by SSL / TLS
services.tor.torsocks.allowInbound	Set Torsocks to accept inbound connections
services.apcupsd.configText	Contents of the runtime configuration file, apcupsd.conf
services.librenms.database.socket	A unix socket to mysql, accessible by the librenms user
services.portunus.ldap.tls	Whether to enable LDAPS protocol
services.roundcube.database.host	Host of the postgresql server
services.mailman.hyperkitty.baseUrl	Where can Mailman connect to Hyperkitty's internal API, preferably on localhost?
services.sympa.database.host	Database host address
services.keter.globalKeterConfig.ip-from-header	You want that ip-from-header in the nginx setup case
services.nextjs-ollama-llm-ui.enable	Whether to enable Simple Ollama web UI service; an easy to use web frontend for a Ollama backend service
services.nominatim.database.host	Host of the postgresql server
services.postgresql.enableTCPIP	Whether PostgreSQL should listen on all network interfaces
hardware.i2c.enable	Whether to enable i2c devices support
networking.dhcpcd.setHostname	Whether to set the machine hostname based on the information received from the DHCP server. The hostname will be changed only if the current one is the empty string, `localhost` or `nixos`
services.languagetool.public	Whether to enable access from anywhere (rather than just localhost).
services.pgbackrest.repos	An attribute set of repositories as described in: https://pgbackrest.org/configuration.html#section-repository Each repository defaults to set `repo-host` to the attribute's name
services.ipp-usb.enable	Whether to enable ipp-usb, a daemon to turn an USB printer/scanner supporting IPP everywhere (aka AirPrint, WSD, AirScan) into a locally accessible network printer/scanner.
services.lokinet.useLocally	Whether to use Lokinet locally.
services.nominatim.database.superUser	Postgresql database superuser used to create Nominatim database and import data
services.davis.database.name	Database name, only used when the databse is created locally.
services.jitsi-meet.prosody.lockdown	Whether to disable Prosody features not needed by Jitsi Meet
services.roundcube.database.username	Username for the postgresql connection
services.meilisearch.listenAddress	The IP address that Meilisearch will listen on
services.avahi.publish.domain	Whether to announce the locally used domain name for browsing by other hosts.
services.homepage-dashboard.allowedHosts	Hosts that homepage-dashboard will be running under
services.kanidm.provision.acceptInvalidCerts	Whether to allow invalid certificates when provisioning the target instance
services.canaille.settings.CANAILLE.SMTP	SMTP configuration
services.reposilite.settings.hostname	The hostname to bind to
services.keter.globalKeterConfig.listeners	You want that ip-from-header in the nginx setup case
services.postfixadmin.database.host	Host of the postgresql server
services.varnish.listen.*.address	If given an IP address, it can be a host name ("localhost"), an IPv4 dotted-quad ("127.0.0.1") or an IPv6 address enclosed in square brackets ("[::1]"). (VCL4.1 and higher) If given an absolute Path ("/path/to/listen.sock") or "@" followed by the name of an abstract socket ("@myvarnishd") accept connections on a Unix domain socket
services.ghostunnel.servers.<name>.unsafeTarget	If set, does not limit target to localhost, 127.0.0.1, [::1], or UNIX sockets
services.firezone.server.api.port	The port under which the api will be served locally
services.prosody.modules.admin_telnet	Opens telnet console interface on localhost port 5582
services.firezone.server.web.port	The port under which the web interface will be served locally
services.matrix-tuwunel.settings.global.address	Addresses (IPv4 or IPv6) to listen on for connections by the reverse proxy/tls terminator
services.roundcube.database.passwordFile	Password file for the postgresql connection
services.nebula.networks.<name>.lighthouse.dns.host	IP address on which nebula lighthouse should serve DNS. 'localhost' is a good default to ensure the service does not listen on public interfaces; use a Nebula address like 10.0.0.5 to make DNS resolution available to nebula hosts only.
services.stalwart.settings	Configuration options for the Stalwart server
services.changedetection-io.chromePort	A free port on which webDriverSupport or playwrightSupport listen on localhost.
services.tt-rss.database.createLocally	Create the database and database user locally.
services.ncdns.identity.address	The IP address the hostname specified in `services.ncdns.identity.hostname` should resolve to
services.postfixadmin.database.username	Username for the postgresql connection
services.send.redis.passwordFile	The path to the file containing the Redis password
services.pgbackrest.stanzas.<name>.instances	An attribute set of database instances as described in: https://pgbackrest.org/configuration.html#section-stanza Each instance defaults to set `pg-host` to the attribute's name
services.wordpress.sites.<name>.fontsDir	This directory is used to download fonts from a remote location, e.g. to host google fonts locally.
services.stalwart-mail.settings	Configuration options for the Stalwart email server
services.atuin.database.createLocally	Create the database and database user locally.
services.coder.database.createLocally	Create the database and database user locally.
services.davis.database.createLocally	Create the database and database user locally.
services.lldap.database.createLocally	Create the database and database user locally.
boot.kernel.randstructSeed	Provides a custom seed for the `RANDSTRUCT` security option of the Linux kernel
services.snipe-it.database.createLocally	Create the database and database user locally.
services.monica.database.createLocally	Create the database and database user locally.
services.moodle.database.createLocally	Create the database and database user locally.
boot.binfmt.addEmulatedSystemsToNixSandbox	Whether to add the `boot.binfmt.emulatedSystems` to `nix.settings.extra-platforms`
services.mailcatcher.enable	Whether to enable MailCatcher, an SMTP server and web interface to locally test outbound emails.
services.oncall.database.createLocally	Whether to enable Create the database and database user locally..
services.postfix.destination	Full (!) list of domains we deliver locally
services.redmine.database.createLocally	Create the database and database user locally.
services.prometheus.alertmanager.listenAddress	Address to listen on for the web interface and API
services.nullmailer.config.defaultdomain	The content of this attribute is appended to any host name that does not contain a period (except localhost), including defaulthost and idhost
services.akkoma.initDb.enable	Whether to automatically initialise the database on startup
services.gitlab-runner.services.<name>.buildsDir	Absolute path to a directory where builds will be stored in context of selected executor (Locally, Docker, SSH).
services.matrix-continuwuity.settings.global.address	Addresses (IPv4 or IPv6) to listen on for connections by the reverse proxy/tls terminator
services.kimai.sites.<name>.database.createLocally	Create the database and database user locally.
services.agorakit.database.createLocally	Create the database and database user locally.
services.castopod.database.createLocally	Create the database and database user locally.
services.dolibarr.database.createLocally	Create the database and database user locally.
services.cloudlog.database.createLocally	Create the database and database user locally.
services.misskey.database.createLocally	Create the PostgreSQL database locally
services.zoneminder.enable	Whether to enable ZoneMinder
services.ncdns.identity.hostmaster	An email address for the SOA record at the bit zone
services.tailscale.derper.verifyClients	Whether to verify clients against a locally running tailscale daemon if they are allowed to connect to this node or not.
services.listmonk.database.createLocally	Create the PostgreSQL database and database user locally.
services.drupal.sites.<name>.database.createLocally	Create the database and database user locally.
<imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.unsafeTarget	If set, does not limit target to localhost, 127.0.0.1, [::1], or UNIX sockets
services.kanidm.provision.systems.oauth2.<name>.enableLocalhostRedirects	Allow localhost redirects
services.anuko-time-tracker.database.createLocally	Create the database and database user locally.
networking.wlanInterfaces.<name>.mac	MAC address to use for the device
services.bookstack.database.createLocally	Create the database and database user locally.
services.nextcloud.database.createLocally	Whether to create the database and database user locally.
services.nextcloud-spreed-signaling.settings.stats.allowed_ips	List of IP addresses that are allowed to access the debug, stats and metrics endpoints
services.flarum.createDatabaseLocally	Create the database and database user locally, and run installation
services.ncdns.identity.hostname	The hostname of this ncdns instance, which defaults to the machine hostname
services.transmission.webHome	If not `null`, sets the value of the `TRANSMISSION_WEB_HOME` environment variable used by the service
services.mediawiki.database.createLocally	Create the database and database user locally
services.zoneminder.database.createLocally	Create the database and database user locally.
services.filesender.database.createLocally	Create the PostgreSQL database and database user locally.
services.wstunnel.clients.<name>.httpProxy	Proxy to use to connect to the wstunnel server (`USER:PASS@HOST:PORT`). Passwords specified here will be world-readable in the Nix store! To pass a password to the service, point the `environmentFile` option to a file containing `PROXY_PASSWORD=<your-password-here>` and set this option to `<user>:$PROXY_PASSWORD@<host>:<port>`
services.wordpress.sites.<name>.database.createLocally	Create the database and database user locally.
services.limesurvey.database.createLocally	Create the database and database user locally
services.rustus.storage.dir_structure	pattern of a directory structure locally and on s3
services.writefreely.database.createLocally	When `services.writefreely.database.type` is set to `"mysql"`, this option will enable the MySQL service locally.
services.hostapd.radios.<name>.networks.<name>.bssid	Specifies the BSSID for this BSS
services.sabnzbd.settings.servers.<name>.ssl_verify	Level of TLS verification
services.wstunnel.clients.<name>.environmentFile	Environment file to be passed to the systemd service
services.wstunnel.servers.<name>.environmentFile	Environment file to be passed to the systemd service
services.invoiceplane.sites.<name>.database.createLocally	Create the database and database user locally.
services.resolved.dnssec	If set to `"true"`: all DNS lookups are DNSSEC-validated locally (excluding LLMNR and Multicast DNS)
virtualisation.oci-containers.containers.<name>.ports	Network ports to publish from the container to the outer host
services.crowdsec-firewall-bouncer.registerBouncer.enable	Whether to automatically register the bouncer to the locally running `crowdsec` service
services.netbird.clients	Attribute set of NetBird client daemons, by default each one will: be manageable using dedicated tooling: `netbird-<name>` script, `NetBird - netbird-<name>` graphical interface when appropriate (see `ui.enable`), run as a `netbird-<name>.service`, listen for incoming remote connections on the port `51820` (`openFirewall` by default), manage the `netbird-<name>` wireguard interface, use the /var/lib/netbird-/config.json configuration file, override /var/lib/netbird-/config.json with values from /etc/netbird-/config.d/*.json, (`hardened`) be locally manageable by `netbird-<name>` system group, With following caveats: multiple daemons will interfere with each other's DNS resolution of `netbird.cloud`, but should remain fully operational otherwise
services.tabby.model	Specify the model that tabby will use to generate completions
services.wstunnel.clients.<name>.upgradeCredentials	Use these credentials to authenticate during the HTTP upgrade request (Basic authorization type, `USER:[PASS]`). Passwords specified here will be world-readable in the Nix store! To pass a password to the service, point the `environmentFile` option to a file containing `HTTP_PASSWORD=<your-password-here>` and set this option to `<user>:$HTTP_PASSWORD`
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.ca_id	Identity in CA certificate to accept for authentication
services.prometheus.scrapeConfigs..docker_sd_configs..host_networking_host	The host to use if the container is in host networking mode