| services.borgbackup.jobs.<name>.encryption.passCommand | A command which prints the passphrase to stdout
|
| services.cassandra.listenInterface | Set listenAddress OR listenInterface, not both
|
| hardware.block.defaultSchedulerExclude | Device name pattern to exclude from default scheduler assignment
through config.hardware.block.defaultScheduler and
config.hardware.block.defaultSchedulerRotational
|
| hardware.block.defaultSchedulerRotational | Default block I/O scheduler for rotational drives (e.g. hard disks)
|
| services.cjdns.extraConfig | Extra configuration, given as attrs, that will be merged recursively
with the rest of the JSON generated by this module, at the root node.
|
| programs.river-classic.enable | Whether to enable river-classic, a dynamic tiling Wayland compositor.
|
| services.ente.api.enableLocalDB | Whether to enable the automatic creation of a local postgres database for museum..
|
| services.forgejo.useWizard | Whether to use the built-in installation wizard instead of
declaratively managing the app.ini config file in nix.
|
| networking.modemmanager.fccUnlockScripts.*.path | Path to the unlock script
|
| services.kanboard.nginx.forceSSL | Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS
|
| services.firezone.server.api.address | The address to listen on
|
| services.fedimintd.<name>.api_ws.bind | Address to bind on for API connections relied by the reverse proxy/tls terminator.
|
| services.homebox.package | The homebox package to use.
|
| services.gitlab-runner.services.<name>.requestConcurrency | Limit number of concurrent requests for new jobs from GitLab.
|
| services.hadoop.hdfs.httpfs.tempPath | HTTPFS_TEMP path used by HTTPFS
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.present | Whether to ensure that this user is present or absent.
|
| services.alps.imaps.host | The IMAPS server address.
|
| programs.tmux.aggressiveResize | Resize the window to the size of the smallest session for which it is the current window.
|
| services.fider.package | The fider package to use.
|
| hardware.nvidia.package | The NVIDIA driver package to use.
|
| services.crowdsec.package | The crowdsec package to use.
|
| services.emacs.package | The emacs package to use.
|
| fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| services.anuko-time-tracker.nginx.locations.<name>.index | Adds index directive.
|
| services.fedimintd.<name>.p2p.openFirewall | Opens port in firewall for fedimintd's p2p port (both TCP and UDP)
|
| environment.wvdial.dialerDefaults | Contents of the "Dialer Defaults" section of
/etc/wvdial.conf.
|
| services.hostapd.radios.<name>.wifi4.require | Require stations (clients) to support WiFi 4 (HT) and disassociate them if they don't.
|
| programs.atop.atopgpu.enable | Whether to install and enable the atopgpud daemon to get information about
NVIDIA gpus.
|
| security.doas.extraRules.*.args | Arguments that must be provided to the command
|
| services.amazon-cloudwatch-agent.user | The user that runs the Amazon CloudWatch Agent.
|
| services.gemstash.settings.db_adapter | Which database type to use
|
| services.borgbackup.jobs.<name>.extraCompactArgs | Additional arguments for borg compact
|
| programs.gnome-terminal.enable | Whether to enable GNOME Terminal.
|
| services.cadvisor.storageDriverPasswordFile | File that contains the cadvisor storage driver password.
storageDriverPasswordFile takes precedence over storageDriverPassword
Warning: when storageDriverPassword is non-empty this defaults to a file in the
world-readable Nix store that contains the value of storageDriverPassword
|
| services.dependency-track.frontend.baseUrl | The base URL of the API server
|
| services.cockroachdb.enable | Whether to enable CockroachDB Server.
|
| services.easytier.instances.<name>.configServer | Configure the instance from config server
|
| services.hydra.minimumDiskFreeEvaluator | Threshold of minimum disk space (GiB) to determine if the evaluator should run or not.
|
| services.gancio.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.inadyn.settings.custom.<name>.ddns-server | DDNS server name.
|
| services.etesync-dav.sslCertificate | Path to server SSL certificate
|
| services.bcg.automaticRenameKitNodes | Automatically rename kit's nodes.
|
| services.headscale.settings.dns.base_domain | Defines the base domain to create the hostnames for MagicDNS
|
| services.invidious-router.nginx.extraDomains | Additional domains to serve invidious-router on.
|
| services.ergo.openFirewall | Open ports in the firewall for the Ergo node as well as the API.
|
| programs.sway.xwayland.enable | Whether to enable XWayland.
|
| services.hologram-server.ldapBindPassword | Password of account to use to query the LDAP server
|
| services.fail2ban.bantime-increment.enable | "bantime.increment" allows to use database for searching of previously banned ip's to increase
a default ban time using special formula, default it is banTime * 1, 2, 4, 8, 16, 32 ...
|
| services.irkerd.openPorts | Open ports in the firewall for irkerd
|
| services.fprintd.tod.driver | Touch OEM Drivers (TOD) package to use.
|
| services.anuko-time-tracker.nginx.listenAddresses | Listen addresses for this virtual host
|
| services.firezone.server.provision.accounts.<name>.features.multi_site_resources | Whether to enable the multi_site_resources feature for this account.
|
| services.cassandra.fullRepairOptions | Options passed through to the full repair command.
|
| services.gancio.nginx.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| boot.loader.limine.style.interface.brandingColor | Color index of the title at the top of the screen in the range of 0-7 (Limine defaults to 6 (cyan)).
|
| services.hledger-web.journalFiles | Paths to journal files relative to services.hledger-web.stateDir.
|
| services.grafana.settings.users.default_language | This setting configures the default UI language, which must be a supported IETF language tag, such as en-US.
|
| programs.wshowkeys.enable | Whether to enable wshowkeys (displays keypresses on screen on supported Wayland
compositors)
|
| services.easytier.instances.<name>.extraArgs | Extra args append to the easytier command-line.
|
| services.jellyfin.transcoding.enableIntelLowPowerEncoding | Enable low-power encoding mode for Intel Quick Sync Video
|
| services.evremap.settings.remap.*.output | The key sequence that should be output when the input sequence is entered
|
| security.ipa.useAsTimeserver | Whether to add the IPA server to the timeserver.
|
| boot.loader.grub.configurationLimit | Maximum of configurations in boot menu
|
| boot.zfs.passwordTimeout | Timeout in seconds to wait for password entry for decrypt at boot
|
| services.crowdsec.settings.lapi | LAPI Configuration attributes
|
| services.arsenik.layout | Your keyboard layout
|
| services.komodo-periphery.bindIp | IP address to bind to.
|
| programs.zsh.shellAliases | Set of aliases for zsh shell, which overrides environment.shellAliases
|
| services.coturn.no-auth | This option is opposite to lt-cred-mech.
(TURN Server with no-auth option allows anonymous access)
|
| services.fluidd.nginx.kTLS | Whether to enable kTLS support
|
| services.keter.bundle.domain | The domain keter will bind to
|
| services.athens.singleFlight.redisSentinel.lockConfig.timeout | Timeout for the lock in seconds.
|
| programs.skim.keybindings | Whether to enable skim keybindings.
|
| programs.captive-browser.browser | The shell (/bin/sh) command executed once the proxy starts
|
| services.i2pd.enableIPv6 | Whether to enable IPv6 connectivity.
|
| services.geoipupdate.settings.LicenseKey | A file containing the MaxMind license key
|
| services.knot.enableXDP | Extends the systemd unit with permissions to allow for the use of
the eXpress Data Path (XDP).
Make sure to read up on functional limitations
when running in XDP mode.
|
| security.acme.defaults.dnsResolver | Set the resolver to use for performing recursive DNS queries
|
| services.dependency-track.nginx.enable | Whether to set up an nginx virtual host.
|
| services.firezone.server.provision.accounts.<name>.actors.<name>.type | The account type
|
| services.gammu-smsd.backend.files.outboxPath | Where SMSes to be sent should be placed
|
| security.wrappers.<name>.program | The name of the wrapper program
|
| services.bacula-fd.tls.verifyPeer | Verify peer certificate
|
| services.confd.backend | Confd config storage backend to use.
|
| services.deluge.extraPackages | Extra packages available at runtime to enable Deluge's plugins
|
| services.crowdsec.localConfig.scenarios | A list of scenarios specifications
|
| services.gitlab.extraShellConfig | Extra configuration to merge into shell-config.yml
|
| boot.kernel.sysctl."net.core.rmem_max" | The maximum receive socket buffer size in bytes
|
| networking.wireless.networks.<name>.extraConfig | Extra configuration lines appended to the network block
|
| services.kthxbye.logJSON | Format logged messages as JSON.
|
| services.bacula-sd.director | This option defines Director resources in Bacula Storage Daemon.
|
| services.fediwall.settings | Fediwall configuration
|
| services.fediwall.nginx.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| services.kmonad.extraArgs | Extra arguments to pass to KMonad.
|
| services.cloudflare-ddns.package | The cloudflare-ddns package to use.
|
| services.dspam.enable | Whether to enable the dspam spam filter.
|
| powerManagement.enable | Whether to enable power management
|
| security.tpm2.tctiEnvironment.interface | The name of the TPM command transmission interface (TCTI) library to
use.
|
| services.docuseal.redis.port | Port of the redis server.
|
| boot.loader.limine.biosSupport | Whether or not to install limine for BIOS.
|