Filebeat modules provide a quick way to get started processing common log formats

The name of the module

Metricbeat modules are responsible for reading metrics from the various sources

image-specific NixOS Modules used for system.build.images.

Inputs specify how Filebeat locates and processes input data

Packages to be added to the module search path of the X server.

The name of the module

Store messages in an archive and allow users to access it

Enables users to publish their mood, activity, playing music and more

Add support for secure TLS on c2s/s2s connections

Configuration files of output modules.

Implements the CSI protocol that allows clients to report their active/inactive state to the server

Send a message to users when they log in

Replies to XMPP pings with pongs

Let others know the time here on this server

Enable BOSH clients, aka 'Jabber over HTTP'

A set of modules to load.

A set of modules to load.

A list of modules to include in the znc.conf file.

Service discovery

Allow users to set vCards

A set of modules to load.

The location for users to install Drupal modules.

Allow users to have a roster

Shared roster support

Report how long server has been running

Enable bandwidth limiting for XMPP connections

Allow a client to resume a disconnected session, and prevent message loss

Replies to server version requests

Welcome users who register accounts

Keep multiple clients in sync

Private XML storage (for room bookmarks, etc.)

Enables a file transfer proxy service which clients behind NAT can use

s2s dialback support

Send announcement to all online users

Authentication for clients and servers

Allow users to register on this server using a client and change passwords

Whether to enable the icingaweb2 doc module.

Enable WebSocket support

Allow users to block communications with other users

Allows interop between older clients that use XEP-0048: Bookmarks in its 1.0 version and recent clients which use it in PEP

Whether to enable the icingaweb2 test module.

ZNC network modules to load.

Whether to enable the icingaweb2 setup module.

Serve static files from a directory over HTTP

Legacy authentication

Whether to enable the icingaweb2 migrate module.

Allows administration via an XMPP client that supports ad-hoc commands

gtklock modules to load.

Opens telnet console interface on localhost port 5582

Converts users profiles and Avatars between old and new formats

Push notifications to inform users of new messages or other pertinent information even when they have no XMPP clients online

Whether to enable the icingaweb2 monitoring module.

Whether to enable the icingaweb2 translation module.

Monitoring backends to define

Make config.ini of the monitoring module mutable (e.g. via the web interface).

Make backends.ini of the monitoring module mutable (e.g. via the web interface).

Command transports to define

Whether to enable mac80211_hwsim module.

Make commandtransports.ini of the monitoring module mutable (e.g. via the web interface).

Whether to make the system76 out-of-tree kernel modules available

Type of this transport

Host for the api or remote transport

Path to the socket for local or remote transports

Port to connect to for the api or remote transport

Disable this backend

Name of the IDO resource

List of string patterns for custom variables which should be excluded from user’s view.

The number of virtual radio interfaces to create.

Password for the api transport

Username for the api or remote transport

Assign a icinga instance to this transport

SSH identity resource for the remote transport

The prefix for MAC addresses to use, without the trailing ':'

Alert admins of registrations

A list of global znc module packages to add to znc.

Publish contact information for this service

Contents of the Module section of the X server configuration file.

OpenAFS kernel module package

Per-scrape limit on length of labels name that will be accepted for a sample

Additional arguments passed to each module in addition to ones like lib, config, and pkgs, modulesPath

Optional PKCS#11 module name to access the token.

Name-package attrset of Icingaweb 2 modules packages to enable

Modules to obtain Kerberos configuration from.

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Optional PKCS#11 module name.

Require TLS or TLS-PSK encryption

Require TLS or TLS-PSK encryption

Specify the rules for which files to read on the host

Modules to obtain Kerberos configuration from.

Verify peer certificate

Verify peer certificate

Whether to listen for and reject all HTTPS connections to this vhost

Optional PKCS#11 module name.

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Packages providing GDK-Pixbuf modules, for cache generation.

Optional PKCS#11 module name.

Optional PKCS#11 module name.

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Specifies if TLS should be enabled

Specifies if TLS should be enabled

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Configures the syscall filter for postgresql.service

Common name attribute of allowed peer certificates

Common name attribute of allowed peer certificates

Whether to listen for and reject all HTTPS connections to this vhost

Whether to listen for and reject all HTTPS connections to this vhost

Default configuration for the loggers used by matrix-synapse and its workers

TCP sockets to bind to

Whether to listen for and reject all HTTPS connections to this vhost

Enables the use of the ~/.ssh/authorized_keys file

Whether to delete the folders which are not configured via the folders option

An attribute set of options as described in: https://pgbackrest.org/configuration.html

All options can be used

The full path to the PEM encoded TLS certificate

The full path to the PEM encoded TLS certificate

The path specifying a PEM encoded TLS CA certificate(s)

The path specifying a PEM encoded TLS CA certificate(s)

TLS certificates are obtained by modules called "certificate loaders"

Whether to enable Support for Framework input modules.

Name for the device

Whether to enable IPv6 Privacy Extensions for interfaces not configured explicitly in networking.interfaces._name_.tempAddress

Configuration for WiVRn

Multi-processing module to be used by Apache

The Go package used by Athens at runtime

Defines how Athens behaves when a module@version is not found in storage

Use a fixed port for the NFS lock manager kernel module (lockd/nlockmgr)

The pulseaudio-module-xrdp package to use.

Whether to enable tcsd, a Trusted Computing management service that provides TCG Software Stack (TSS)

Whether to enable the PHP module.

Whether to enable vsock kernel module.

Enable the spiped service module.

Whether to enable the Perl module (mod_perl).

Whether to enable Go module datastore and proxy.

Whether to enable keter, a web app deployment manager

Server configuration, see https://maddy.email for more information

Enable Netbox

Mode in which to run the server.

'monolithic' runs all components, and is suitable for single-node deployments.

'api-server' runs only the API server, and is suitable for clustering.

'garbage-collector' only runs the garbage collector periodically

Settings for Newt module, see Newt CLI docs for more information.

Extra configuration, given as attrs, that will be merged recursively with the rest of the JSON generated by this module, at the root node.

Whether to enable fprintd daemon and PAM module for fingerprint readers handling.

Whether to enable the mod_auth_mellon module.

Whether to enable Howdy and its PAM module for face recognition

Rauc configuration that will be converted to INI

Do not persist any stateful znapzend setups

Configures the http_file_share module to handle user uploads

A list of paths to extra plugin bundles to install in Plex's plugin directory

Whether to enable Listmonk, this module assumes a reverse proxy to be set.

Additional Apache modules to be used

Add settings here to override NixOS module generated settings

Whether to enable Warpgate

Verbatim inspircd.conf file

If enabled srun will accept the option "--x11" to allow for X11 forwarding from within an interactive session or a batch job

A set of plugins to activate

Whether to load the APCu module into PHP.

PHP package to use for php-fpm

Path to configuration file

If set, the calling user's SSH agent is used to authenticate against the configured keys

The user under which Anubis is run

Whether to enable the Howdy PAM module

A list of paths to extra scanners to install in Plex's scanners directory

Whether to enable thinkfan, a fan control program.

A list of paths that should be included in syslog-ng's --module-path option

Settings that go into ca.json

The server's configuration file

This option sets the PAM "control" used for this module.

HTTPS listening address

If set, the pam_mysql module will be used to authenticate users against a MySQL/MariaDB database.

Additional settings (see mjolnir default config for available settings)

The content of rtorrent.rc

The group under which Anubis is run

Whether to load the Redis module into PHP

Whether maubot should write updated config into extraConfigFile. This will make your Nix module settings have no effect besides the initial config, as extraConfigFile takes precedence over NixOS settings!

The configuration of each Fail2ban “jail”

Directory where the uploaded files will be stored when the http_upload module is used

The settings to use for dsnet

The config file

If enabled, the pam_umask module will be loaded.

Configuration file for gitlab-runner.

configFile takes precedence over services. checkInterval and concurrent will be ignored too

The final package used by the module

The Nginx status page URL

Enable Peering Manager

Configuration for all Datadog checks

Configuration options for the Stalwart server

Enables InfluxDB on the host system using the services.influxdb2 NixOS module with default options

Path to the directory where firewall rules can be found and will get stored by the NixOS module.

The force_run option is used to tell the PAM module for KWallet to forcefully run even if no graphical session (such as a GUI display manager) is detected

Enables the x2goserver module

Use a certificate generated by the NixOS ACME module for the given host

ethercalc, an online collaborative spreadsheet server

Allow the service to create and use its own config file inside the dataDir as configured by services.mediatomb.dataDir

Configuration options for the Stalwart email server

Your configuration.yaml as a Nix attribute set

JSON file containing secret keys

Enables the in-database configuration.

https://docs.postgrest.org/en/stable/references/configuration.html#in-database-configuration

The user under which Anubis is run

If set, use the Duo Security pam module pam_duo for authentication

The final package used by the module

Package to the finalized Nextcloud package, including all installed apps

Disable kernel module loading once the system is fully initialised

List of lighttpd modules to enable

rsnapshot configuration option in addition to the defaults from rsnapshot and this module

The group under which Anubis is run

Use a certificate generated by the NixOS ACME module for the given host

Literal string to append to configFile and the config file generated by the pulseaudio module.

Path to the periphery configuration file

The host name or IP address on which to bind Airsonic

Configuration files to load besides the immutable one defined by the NixOS module

Reference to the matrix-synapse wrapper with all extras (e.g. for oidc or saml2) added to the PYTHONPATH of all executables

OpenAFS programs package

Configuration for the LDAP backend

h2 database is not recommended for a production setup. postgresql this settings it recommended for production setups. manual the module doesn't handle database settings.

By default pam-u2f module does not inform user that he needs to use the u2f device, it just waits without a prompt

Sets the environment variable $HELOHOST which is used by the SMTP protocol module to set the parameter given to the HELO command

IP address on which RabbitMQ will listen for AMQP connections

Enables Uber's USSH PAM (pam-ussh) module

Whether to load the Memcached module into PHP

Extra contents appended to the jupyterhub configuration

Jupyterhub configuration is a normal python file using Traitlets. https://jupyterhub.readthedocs.io/en/stable/getting-started/config-basics.html

Whether to load the acpi_call kernel module

List of maintainers of each module

If set, then the authenticating user must be a member of this group to use this module.

Enable in-memory compressed devices and swap space provided by the zram kernel module

The SQL server URI

Database settings will be reset to the value set in this module if this is not enabled

Enable the OATH (one-time password) PAM module.

The river package to use

Hardened service:

• runs as a dedicated user with minimal set of permissions (see caveats),
• restricts daemon configuration socket access to dedicated user group (you can grant access to it with users.users."<user>".extraGroups = [ netbird-‹name› ]),

Even though the local system resources access is restricted:

• CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,
• older kernels don't have CAP_BPF and use CAP_SYS_ADMIN instead,

Known security features that are not (yet) integrated into the module:

• 2024-02-14: rosenpass is an experimental feature configurable solely through --enable-rosenpass flag on the netbird up command, see the docs

Hardened service:

• runs as a dedicated user with minimal set of permissions (see caveats),
• restricts daemon configuration socket access to dedicated user group (you can grant access to it with users.users."<user>".extraGroups = [ netbird-‹name› ]),

Even though the local system resources access is restricted:

• CAP_NET_RAW, CAP_NET_ADMIN and CAP_BPF still give unlimited network manipulation possibilites,
• older kernels don't have CAP_BPF and use CAP_SYS_ADMIN instead,

Known security features that are not (yet) integrated into the module:

• 2024-02-14: rosenpass is an experimental feature configurable solely through --enable-rosenpass flag on the netbird up command, see the docs

Configure the default calendar

The XEP-0423 defines a set of recommended XEPs to implement for a server

The sway package to use

Add module allowners, any user in chat is able to kick other

The configuration of vaultwarden is done through environment variables, therefore it is recommended to use upper snake case (e.g. DISABLE_2FA_REMEMBER)

Whether to enable manual usage of the rsnapshot command with this module.

Wildcard path of the hwmon pwm file

Whether to enable the msr (Model-Specific Registers) kernel module and configure udev rules for its devices (usually /dev/cpu/*/msr).

The time to wait for a remote module listed above to complete sending a message before killing it and trying again, in seconds

Path under which the stats socket is placed

Settings whose options overwrite fields in .config/transmission-daemon/settings.json (each time the service starts)

Whether to enable the open source NVIDIA kernel module.

Plugin settings for dovecot in general, e.g. sieve, sieve_default, etc

Connection string to postgresql in the [rust postgres crate config format](https://docs.rs/postgres/latest/postgres/config/struct

Whether to enable the dp9ik pam module provided by tlsclient

Whether to enable the Howdy PAM module

Add module allowners, any user in chat is able to kick other

This option sets the pam "control" used for this module.

This option sets the PAM "control" used for this module.

Whether to enable the umask PAM module.

Whether to enable the OTPW (one-time password) PAM module.

Enable alpha quality zstd module with recommended settings

Parameters for the msr kernel module.

Instances of SimpleSAMLphp

Whether to enable the ImageMagick module for PHP

Whether to enable PN5xx kernel module with udev rules, libnfc-nci userland, and optional ifdnfc-nci PC/SC driver.

File containing the secret token when using the Synapse HTTP Antispam module to be used in place of services.draupnir.settings.web.synapseHTTPAntispam.authorization

Whether to have the module create the appropriate firewall configuration based on the bouncer settings

The set of kernel modules in the initial ramdisk used during the boot process

Enables P11 PAM (pam_p11) module

config.ini contents

Syncthing can be configured to ignore certain files in a folder using ignore patterns

The archisteamfarm package to use. ::: {.warning} Should always be the latest version, for security reasons, since this module uses very new features and to not get out of sync with the Steam API. :::

By default pam-u2f module sets the application ID to pam://$HOSTNAME

The river-classic package to use

Declarative instance config

Options to pass to the PAM module

Literal string to append to configFile and the config file generated by the plymouth module.

Enables Yubico PAM (yubico-pam) module

The bcachefs-tools package to use

Whether to enable usbtop and required kernel module, to show estimated USB bandwidth.

Add network connectivity support to initrd

Whether to enable Google OS Login

Whether to enable nftables and use nftables based firewall if enabled. nftables is a Linux-based packet filtering framework intended to replace frameworks like iptables

Enables U2F PAM (pam-u2f) module

Whether to install and enable the netatop kernel module

Options to pass to the pam_rssh module

Whether to enable setting suid bit for throne-core to run as root, which is less secure than default setcap method but closer to upstream assumptions

Whether to enable Trusted Platform Module 2 support.

By default pam-u2f module sets the origin to pam://$HOSTNAME

Whether to enable Facter dhcp module.

Enables improved Linux module drivers for Logitech driving wheels

LiteLLM Module settings

Whether to enable Neovim

Set of modules that are always loaded by the initrd

Whether to enable the AppArmor Mandatory Access Control system

Whether to enable setting suid bit for nekobox_core to run as root, which is less secure than default setcap method but closer to upstream assumptions

Whether to enable the Magewell Pro Capture family kernel module.

Defines where FileSender logging is sent

Whether to enable Whether to enable the corefreq daemon and kernel module.

Defines how users authenticate themselves to the server

Whether to let openssh print the result when entering a new ssh-session

Whether to enable Enable the AMD Graphics module.

Whether to enable eCryptfs PAM module (mounting ecryptfs home directory on login).

Name of the kernel module that provides the card.

Enable ReGreet, a clean and customizable greeter for greetd

The hyprland package to use

By default pam-u2f module reads the keys from $XDG_CONFIG_HOME/Yubico/u2f_keys (or $HOME/.config/Yubico/u2f_keys if XDG variable is not set)

Whether to enable Enable the Graphics module.

Whether to enable the facter uefi module.

Authentication to perform locally.

• The default pubkey uses public key authentication using a private key associated to a usable certificate.
• psk uses pre-shared key authentication.
• The IKEv1 specific xauth is used for XAuth or Hybrid authentication,
• while the IKEv2 specific eap keyword defines EAP authentication.
• For xauth, a specific backend name may be appended, separated by a dash

Additional memory module label descriptions to be placed in /etc/ras/dimm_labels.d/labels

The set of kernel modules to be loaded in the second stage of the boot process

Any additional configuration to be appended to the generated modprobe.conf

This option enables the newer libvirt_guest NSS module

Whether to enable the facetimehd kernel module.

Whether to enable Enable the Facter bluetooth module.

List of overlays to apply to Nixpkgs

If set, the pkgs argument to all NixOS modules is the value of this option, extended with nixpkgs.overlays, if that is also set

Additional shell commands executed as part of the nat initialisation script

Installs and sets up the v4l2loopback kernel module, necessary for OBS to start a virtual camera.

Additional shell commands executed as part of the nat teardown script

Whether to enable Jool, an Open Source implementation of IPv4/IPv6 translation on Linux

Whether to enable the Facter Intel 2200BG module.

Whether to enable the Facter Intel 3945ABG module.

The xdg-desktop-portal-hyprland package to use

If not null, set the path used by yubico pam module where the challenge expected response is stored

List of rules to be added to /etc/xdg/pay-respects/rules. pay-respects will read the contents of these generated rules to recommend command corrections

Whether to enable WireGuard.

Diffie-Hellman parameters to generate

This option allows you to override the Linux kernel used by NixOS

Whether to enable the deprecated NixOps AutoLuks module.

Whether to enable Ubuntu distro's module blacklist.

A list of paths to files in OpenSSH's authorized_keys format, containing the keys that will be trusted by the pam_ssh_agent_auth module

Turn on this option if you want firmware for the NICs supported by the b43 module.

Whether to enable Enable the Facter Virtualisation Qemu module.

Whether to enable Enable the Facter Virtualisation None module.

The package that provides the system-wide resolvconf command

Installs the Digital Bitbox application and enables the complementary hardware module.

This option enables the older libvirt NSS module

libvirt NSS module options.

Whether to enable Enable the Facter Virtualisation Oracle module.

Whether to enable Enable the Facter Virtualisation Hyper-V module.

Which extra NixOS module paths the generated NixOS's documentation should strip from options.

Whether to enable Enable the Facter Virtualisation Parallels module.

A set of environment variables used in the global environment

Whether to enable Enable the Facter Virtualisation Virtio SCSI module.

This option enables the common /etc/containers configuration module.

Whether to enable pay-respects' LLM integration

ZSH_AUTOSUGGEST_STRATEGY is an array that specifies how suggestions should be generated

A set of environment variables used in the global environment

A specification of the desired configuration of this container, as a NixOS module.