The MODE determines which part of the NUT is to be started, and which configuration files must be modified

Mode to set for the SEV device.

Mode to set for devices of the msr kernel subsystem.

Mode to set for the SEV guest device.

DEPRECATED, use driverOptions

Which mode to use

If set to something else than symlink, the file is copied instead of symlinked, with the given file mode.

Screen resolution in modedb format

Mode of operation

Mode in which to run the server.

'monolithic' runs all components, and is suitable for single-node deployments.

'api-server' runs only the API server, and is suitable for clustering.

'garbage-collector' only runs the garbage collector periodically

The mode of the macvlan device.

Choose the type of authentication used

Mode to set for the SGX provisioning device.

Permission of the socket file (3-digit octal value).

A video kernel parameter (framebuffer mode) configuration for the specific output:

<xres>x<yres>[M][R][-<bpp>][@<refresh>][i][m][eDd]

See for more information:

• https://docs.kernel.org/fb/modedb.html
• https://wiki.archlinux.org/title/Kernel_mode_setting#Forcing_modes

The resolution of the console

Mail sending mode

Relay protocols.

Blockchain garbage collection mode.

If the Suricata box is a router for the sniffed networks, set it to 'router'

IPsec Mode to establish CHILD_SA with.

• tunnel negotiates the CHILD_SA in IPsec Tunnel Mode,
• whereas transport uses IPsec Transport Mode.
• transport_proxy signifying the special Mobile IPv6 Transport Proxy Mode.
• beet is the Bound End to End Tunnel mixture mode, working with fixed inner addresses without the need to include them in each packet.
• Both transport and beet modes are subject to mode negotiation; tunnel mode is negotiated if the preferred mode is not available.
• pass and drop are used to install shunt policies which explicitly bypass the defined traffic from IPsec processing or drop it, respectively

Amazon CloudWatch Agent mode

The mode can be "file" or "database" that defines where the ACL policies are stored and read from.

"PWM" to enable PWM sync. "Manual" to set speed.

Encryption mode to use

Mode to be set on the UNIX socket

In what mode should the main Lovelace panel be, yaml or storage (UI managed).

Defines the database mode of operation

Firewall mode to use.

Blockchain sync mode.

The file access mode to use when creating this file or directory.

Blockchain sync mode.

Rendering mode of grafana-image-renderer:

• default: Creates on browser-instance per rendering request.
• reusable: One browser instance will be started and reused for each rendering request.
• clustered: allows to precisely configure how many browser-instances are supposed to be used

Output resolution.

The file access mode to use when creating this file or directory.

File permissions on the UNIX domain socket.

The mode to use when discovering the available entities.

Model path.

The user's home directory mode in numeric format

Enable this option to support certain USB WLAN and WWAN adapters

Models directory.

The sync mode influences how operations are committed to the disk log before the operation is acknowledged to the caller.

-ASYNC mode the writes to the disk log are buffered in memory by the operating system

The sync mode influences how operations are committed to the disk log before the operation is acknowledged to the caller.

-ASYNC mode the writes to the disk log are buffered in memory by the operating system

The gfxmode to pass to GRUB when loading a graphical boot interface under EFI.

The gfxmode to pass to GRUB when loading a graphical boot interface under BIOS.

The user's home directory mode in numeric format

The directory that the ollama service will read models from and download new models to.

The value full-apivfs (the default) sets up private /dev, /proc, /sys, /tmp and /var/tmp file systems in a separate user name space

X keyboard model.

Description of installed modems

The file ~/.background-image is used as a background image

SSL mode for the Postgres database.

Whether to enable necessary permission for Mihomo's systemd service for TUN mode to function properly

Which models to enable cmt for

Whether to enable GameMode to optimise system performance on demand.

Name of modem device, will be searched for in /dev.

Allow rooms to be moderated

Whether to enable public mode.

Name of the model to download and use for speech synthesis

Path to PCAP replay file

Name of modem configuration file, will be searched for in config in the spooling area directory.

Models preset configuration as a Nix attribute set

File permissions on the UNIX domain socket.

On service or configuration errors that prevent Duo authentication, fail "safe" (allow access) or "secure" (deny access)

If the default of yes is used, Mode Config works in pull mode, where the initiator actively requests a virtual IP

If set to

• "true": all DNS lookups are DNSSEC-validated locally (excluding LLMNR and Multicast DNS)

Selects the authentication mode for this AP.

• "none": Don't configure any authentication

Password for accessing the database.

Whether to enable tournament mode

Whether to enable CAP_SYS_NICE on gamemoded to support lowering process niceness.

Attribute set of XFree86 Modelines automatically converted and exposed as edid/<name>.bin files in initrd

Whether to enable upsd.

Mode where the socket should be set when protocol=socket

The model of the network device.

The model of the network device.

System-wide configuration for GameMode (/etc/gamemode.ini)

The soundmodem package to use.

Enable append only mode

Whether to add Soundmodem to the global environment and configure a wrapper for 'soundmodemconfig' for users in the 'soundmodem' group.

List of supported models on the server, with model-specific configs.

Whether to launch Node-RED in --safe mode.

The modemmanager package to use.

(Deprecated) This option, if set, activates the VESA 800x600 video mode on boot and disables kernel modesetting

Whether to invoke grub-install with --removable

Attribute set of values for the given modem

Whether to enable upsmon.

Whether to enable emergency mode, which is an sulogin shell started on the console if mounting a filesystem fails

Whether to enable kernel modesetting when using the NVIDIA proprietary driver

Whether to use ModemManager to manage modem devices

Specify the model that tabby will use to generate completions

uWSGI configuration

Specifies when a server connection can be reused by other clients.

session Server is released back to pool after client disconnects

Location of the ppd driver file for the printer. lpinfo -m shows a list of supported models.

In this mode, Vault runs in-memory and starts unsealed

Whether to use TLS wrapper-mode.

Whether to run the rspamd daemon in debug mode.

The maximum expiry delay in seconds to force in public mode.

List of FCC unlock scripts to enable on the system, behaving as described in https://modemmanager.org/docs/modemmanager/fcc-unlock/#integration-with-third-party-fcc-unlock-tools.

vid:pid of either the PCI or USB vendor and product ID

Path to the unlock script

Run this program in a single process mode for debugging purpose

Whether to use sign the limine binary with sbctl.

Which mode to use for sending mail

Listen on path or localhost port in discovery mode.

Whether to enable Setcap for TUN Mode

Whether to enable spy mode, useful for wireless monitors.

Define a common behavior for all exception policies

Whether to run the server in debug mode.

The list of data directories or nodes for storing the objects

Enable FIPS 140-2 mode required for compliance.

The user file mode creation mask to use on home directories newly created by pam_mkhomedir.

Whether to enable nvidia-persistenced a update for NVIDIA GPU headless mode, i.e

File mode of the socket.

Enable debug mode.

Whether to enable TUN mode of Throne.

For Postgres, use either disable, require or verify-full

Port to listen on.

User name under which the modemmanager exporter shall be run.

Permissions on the UNIX socket.

Extends the systemd unit with permissions to allow for the use of the eXpress Data Path (XDP).

Group under which the modemmanager exporter shall be run.

Unix command socket that can be used to pass commands to Suricata

Start up in disconnected mode

Whether to enable Service Mode.

Whether to enable the prometheus modemmanager exporter.

Controls the addon manager reconciliation mode for the DNS addon

Whether to enable LACT, a tool for monitoring, configuring and overclocking GPUs.

Whether to operate in tun (IP) or tap (Ethernet) mode.

Whether to enable TUN mode of nekoray.

Extra commandline options to pass to the modemmanager exporter.

GID of created file

UID of created file

For sqlite3 only. Shared cache setting used for connecting to the database.

Set true for offline mode.

Operate in single user mode, disables all functionality related to multiple users and authentication

Whether to run searx in uWSGI as a "vassal", instead of using its built-in HTTP server

Whether to support multi-user mode by enabling the Disnix D-Bus service

Kernel commandline arguments

Path under which the stats socket is placed

Enable discovery operation mode.

Run Stargazer in debug mode.

Enables Aggressive Mode instead of Main Mode with Identity Protection

Address to listen on.

Background image used for GRUB

Whether k3s should run as a server or agent

Allows specifying if weechat should run in TUI or headless mode.

Open port in firewall for incoming connections.

How frequently ModemManager will refresh the extended signal quality information for each modem

AppArmor mode for dbus.

enabled enables mediation when it's supported in the kernel, disabled always disables AppArmor even with kernel support, and required fails when AppArmor was not found in the kernel.

Whether to enable debug mode.

By default this service only changes the first packet sent, which is enough in most cases

Whether to format log dirs in KRaft mode if all log dirs are unformatted, ie. they contain no meta.properties.

Initrd path

Kernel path

Paths to the Nix profile

Specify rules for nftables to add to the input chain when services.prometheus.exporters.modemmanager.openFirewall is true.

The file mode creation mask is initialized to this value.

KRaft mode ClusterId used for formatting log directories

The hostname or IP of the cable modem.

Whether the member list should be overwritten each time (true) or appended (false)

URI to connect to the API

Disables scan for overlapping BSSs in HT40+/- mode

Specify a filter for iptables to use when services.prometheus.exporters.modemmanager.openFirewall is true

Disable email debug mode to start sending outgoing mails

The TLS mode to use

Name of the voice model to use

User name of file owner

Determine whether the mounted path will be accessed in read-only mode.

Group name of file owner

Whether to enable amdgpu overdrive mode for overclocking.

Sets the send events mode to disabled, enabled, or disabled-on-external-mouse

Some systems require a /sbin/init script which is started

Whether to enable automatic HiDPI mode.

The file mode creation mask for Aria2 service

Server mode ghostunnels (TLS listener -> plain TCP/UNIX target)

Broker ID. -1 or null to auto-allocate in zookeeper mode.

Whether to enable Quiet mode (no output from the library).

The file access mode of the UNIX socket.

Whether to enable agent mode.

Path to the HQPlayer license key file

Makes this policy trust all remote parties

Use DEV as eBUS device [/dev/ttyUSB0]

Enables fallback update mode where tt-rss tries to update feeds in background while tt-rss is open in your browser

The path of the Searx server settings.yml file

The path to a file or AF_UNIX stream socket to read the server certificate from

'Static' authentication secret value (a string) for TURN REST API only

DEPRECATED, use driverOptions

Whether to run searx in uWSGI as a "vassal", instead of using its built-in HTTP server

Whether to run the SpamAssassin daemon in debug mode

Whether to enable HBase master in standalone mode with embedded regionserver and zookeper

Once this mode is on, Dragonfly will evict items least likely to be stumbled upon in the future but only when it is near maxmemory limit.

Debug mode, return more verbose errors, reload templates on each request.

Whether to enable The tuxedo-drivers driver enables access to the following on TUXEDO notebooks:

• Driver for Fn-keys
• SysFS control of brightness/color/mode for most TUXEDO keyboards
• Hardware I/O driver for TUXEDO Control Center

For more inforation it is best to check at the source code description: https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers .

Run in insecure mode.

Preswitch hook executed before mode switch.

Whether to enable "ready mode"; where players can pause/unpause the game and start the game in warmup, using their ready state.

Whether to enable the broken-device-safety, otherwise known as read-only mode

Sets the send events mode to disabled, enabled, or disabled-on-external-mouse

The path to the list of CSV files to use when generating the CDI specification in CSV mode.

Whether to enable 4-address mode with type managed.

Hostname of a waiting vpicc server vpcd will be connecting to

Prometheus Alertmanager URL

• menu shows the menu.
• countdown uses a text-mode countdown.
• hidden hides GRUB entirely

Override the hjkl and HJKL bindings for pane navigation and resizing in VI mode.

Set to true for unauthenticated emergency access, and false or null for no emergency access

Enables whitelist mode.

Start a desktop environment instead of seamless mode

If the mode is set to "file", the path to a HuJSON file containing ACL policies.

Postswitch hook executed after mode switch.

Don't allow users to connect in non-secure mode (without random padding).

The hosts.hfaxd file entry in the spooling area will be symlinked to the location given here

Whether to generate the password files at build time and store them directly in the system closure, without requiring any services at boot time

The permissions of the wrapper program

For smtp, the sendmail binary is started with the parameter -bs: Use the SMTP protocol on standard input and output

Whether to enable starting teleport in insecure mode

Whether to enable debug mode.

Reduce storage requirements by enabling pruning (deleting) of old blocks

Enable debug mode.

If set, Nix will perform builds in a sandboxed environment that it will set up automatically for each build

Configures how Athens will return the results of the /list endpoint as it can be assembled from both its own storage and the upstream VCS

Whether to run QEMU with a graphics window, or in nographic mode

An array of string values each providing an address and port on which the RTR server should listen in TCP mode

If given an IP address, it can be a host name ("localhost"), an IPv4 dotted-quad ("127.0.0.1") or an IPv6 address enclosed in square brackets ("[::1]").

(VCL4.1 and higher) If given an absolute Path ("/path/to/listen.sock") or "@" followed by the name of an abstract socket ("@myvarnishd") accept connections on a Unix domain socket

Set X-Auth-Request-User and X-Auth-Request-Email response headers (useful in Nginx auth_request mode)

An integer value specifying the number of seconds Routinator should wait between consecutive validation runs in server mode

Whether to enable debug mode.

Preswitch hook executed before mode switch.

Whether to enable high bandwidth mode on LAN servers

Whether to restrict access to information such as health, ammo and armour in spectator mode.

Whether to run in snapshot only mode

Specify what to do when a client goes inactive (see services.teeworlds.server.inactiveTime).

• spectator: send the client into spectator mode

• spectator/kick: send the client into a free spectator slot, otherwise kick the client

• kick: kick the client

This option allows you to define APs for one or multiple physical radios

The framebuffer resolution to set when booting Linux entries

List of custom lovelace card packages to load as lovelace resources

Runs container in ephemeral mode with the empty root filesystem at boot

Postswitch hook executed after mode switch.

If set to false, run lightdm in greeterless mode

The shell (/bin/sh) command executed once the proxy starts

If specified, the OCS Inventory Agent will run in offline mode and the resulting inventory file will be stored in the specified path.

Disable the DHCP client for any interface whose name matches any of the shell glob patterns in this list

Grant capabilities to the uWSGI instance

Sets transmission's file mode creation mask

Prometheus Alertmanager URL

Set the DNS (resolv.conf) processing mode

The permissions of the wrapper program

List of integrations set are always set up, unless in recovery mode.

Performs a reverse path filter test on a packet

The minimum time to pause between successive queue runs when there are messages in the queue, in seconds

ESP proposals to offer for the CHILD_SA

If set to

• "true": all DNS lookups will be encrypted

Whether to enable VictoriaMetrics in single-node mode

This option enables docker in a rootless mode, a daemon that manages linux containers

Enables extended logs for debugging purposes

Whether to enable verbose logging mode for prometheus-wireguard-exporter.

Allows the generation of a private key and associated self-signed certificate

For target type static: List of GRPC targets to connect to for clustering mode.

Enables single account mode

If set to true, disables single account mode

Enable low-power encoding mode for Intel Quick Sync Video

The ASCII and UTF-8 output width, default is 78

Whether to enable seamless mode

Preemption mode.

Kubernetes apiserver authorization mode (AlwaysAllow/AlwaysDeny/ABAC/Webhook/RBAC/Node)

List of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config

Preemption mode.

Additional configuration for the WirePlumber daemon when run in single-instance mode (the default in nixpkgs and currently the only supported way to run WirePlumber configured via extraConfig)

Access mode. proxy or direct (Server or Browser in the UI)

Enable WAL mode for SQLite

Whether to copy the DF bit to the outer IPv4 header in tunnel mode

Sets the password for WPA-PSK

Whether to copy the ECN (Explicit Congestion Notification) header field to/from the outer IP header in tunnel mode

The security model to use for this share:

• passthrough: files are stored using the same credentials as they are created on the guest (this requires QEMU to run as root)
• mapped-xattr: some of the file attributes like uid, gid, mode bits and link target are stored as file attributes
• mapped-file: the attributes are stored in the hidden .virtfs_metadata directory

Sets allowed passwords for WPA3-SAE

The system-wide memory allocator

Sets the password for WPA-PSK that will be converted to the pre-shared key

Sets the password for WPA3-SAE

Enable hardware offload for this CHILD_SA, if supported by the IPsec implementation

Whether to copy the DSCP (Differentiated Services Field Codepoint) header field to/from the outer IP header in tunnel mode

Sets the password(s) for WPA-PSK

A proposal is a set of algorithms

AH proposals to offer for the CHILD_SA

Authentication to perform locally.

• The default pubkey uses public key authentication using a private key associated to a usable certificate.
• psk uses pre-shared key authentication.
• The IKEv1 specific xauth is used for XAuth or Hybrid authentication,
• while the IKEv2 specific eap keyword defines EAP authentication.
• For xauth, a specific backend name may be appended, separated by a dash

The host to use if the container is in host networking mode

Set to true to add the Content-Security-Policy-Report-Only header to your requests

Download these models using ollama pull as soon as ollama.service has started

Disallow ModemManager from interfering with serial connections that QGroundControl might use

Whether to enable Draupnir, a moderations bot for Matrix.

Whether to enable Mjolnir, a moderation tool for Matrix.

Whether to enable Tiny, portable SOCKS5 server with very moderate resource usage.

If set, the MUC rooms will be moderated by default.

Area code for server and all modems.

Paths to directories with custom wake word models (*.tflite model files).

The content of rtorrent.rc

List of packages containing EDID binary files at $out/lib/firmware/edid

Country code for server and all modems.

The room ID or alias where moderators can use the bot's functionality

Long distance prefix for server and all modems.

Whether to enable NVIDIA Optimus support using the NVIDIA proprietary driver via PRIME

Whether to enable NVIDIA Optimus support using the NVIDIA proprietary driver via reverse PRIME

Whether to enable Quectel EG25 modem manager service.

International prefix for server and all modems.

Whether to enable Modem-GPS source.

The following authentication modes are available: Open -- Accept connections from anyone, use NickServ for user authentication

Whether sshd should check file modes and ownership of directories

Synchronize all currently installed models with those declared in services.ollama.loadModels, removing any models that are installed but not currently declared there.

Attribute set of default values for modem config files etc/config.*

Whether to enable Jool, an Open Source implementation of IPv4/IPv6 translation on Linux

Station MAC address -based authentication

Whether to enable Self-hosted AI coding assistant using large language models.

DEPRECATED, use driverOptions

Whether to enable ollama server for local large language models.

Whether to enable private-gpt for local large language models.

Whether to enable the msr (Model-Specific Registers) kernel module and configure udev rules for its devices (usually /dev/cpu/*/msr).

The ollama package to use

Set of accepted cipher suites (encryption algorithms) for pairwise keys (unicast packets)

Whether to enable a modern and responsive user interface for Klipper.

What interface to use for hardware acceleration

Specifies the device to use for hardware acceleration.

• cpu: no acceleration just use the CPU
• rocm: supported by modern AMD GPUs
• cuda: supported by modern NVIDIA GPUs
• metal: supported on darwin aarch64 machines

Tabby will try and determine what type of acceleration that is already enabled in your configuration when acceleration = null.

• nixpkgs.config.cudaSupport
• nixpkgs.config.rocmSupport
• if stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64

IFF multiple acceleration methods are found to be enabled or if you haven't set either cudaSupport or rocmSupport you will have to specify the device type manually here otherwise it will default to the first from the list above or to cpu.

Action to perform after loading the configuration.

• The default of none loads the connection only, which then can be manually initiated or used as a responder configuration.
• The value trap installs a trap policy, which triggers the tunnel as soon as matching traffic has been detected.
• The value start initiates the connection actively.
• Since version 5.9.6 two modes above can be combined with trap|start, to immediately initiate a connection for which trap policies have been installed

Whether to force-enable the Page Table Isolation (PTI) Linux kernel feature even on CPU models that claim to be safe from Meltdown

Override what rocm will detect your gpu model as

Name of the voice model to use

Whether to enable pay-respects' LLM integration

ID of a specific speaker in a multi-speaker model.

Switch to "bare" PS/2 mouse support in case Trackpoint buttons are not recognized properly

Whether to enable Samba's winbindd, which provides a number of services to the Name Service Switch capability found in most modern C libraries, to arbitrary applications via PAM and ntlm_auth and to Samba itself.

Whether to enable Simple Ollama web UI service; an easy to use web frontend for a Ollama backend service

Update language models at startup

QEMU device model for the TPM, uses the appropriate default based on th guest platform system and the package passed.

List of wake word models to preload after startup.

Whether to enable the backup server role

Whether to provide the dependencies to allow using transformer models.

Exposes EDID files from users-sourced database at https://github.com/linuxhw/EDID

Attribute names will be mapped to EDID filenames <NAME>.bin

Must be left blank or set together with heapNewSize

Assign block I/O scheduler by device name pattern

By default, H2O, without prejudice, will use as many TLS versions & cipher suites as it & the TLS library (OpenSSL) can support

By default, H2O, without prejudice, will use as many TLS versions & cipher suites as it & the TLS library (OpenSSL) can support

By default, H2O, without prejudice, will use as many TLS versions & cipher suites as it & the TLS library (OpenSSL) can support

By default, H2O, without prejudice, will use as many TLS versions & cipher suites as it & the TLS library (OpenSSL) can support