| services.fail2ban.bantime-increment.enable | "bantime.increment" allows to use database for searching of previously banned ip's to increase
a default ban time using special formula, default it is banTime * 1, 2, 4, 8, 16, 32 ...
|
| services.coturn.cli-ip | Local system IP address to be used for CLI server endpoint.
|
| environment.pathsToLink | List of directories to be symlinked in /run/current-system/sw.
|
| services.davis.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| programs.television.enableFishIntegration | Whether to enable Fish integration.
|
| services.akkoma.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.i2pd.proto.socksProxy.name | The endpoint name.
|
| boot.initrd.luks.devices.<name>.yubikey.slot | Which slot on the YubiKey to challenge.
|
| boot.kernelParams | Parameters added to the kernel command line.
|
| fileSystems.<name>.encrypted.label | Label of the unlocked encrypted device
|
| programs.k40-whisperer.enable | Whether to enable K40-Whisperer.
|
| programs.rush.shell | The resolved shell path that users can inherit to set rush as their login shell
|
| services.cloudlog.dataDir | Cloudlog data directory.
|
| services.deluge.dataDir | The directory where deluge will create files.
|
| services.diod.exportall | Export all file systems listed in /proc/mounts
|
| security.pam.services.<name>.enableAppArmor | Enable support for attaching AppArmor profiles at the
user/group level, e.g., as part of a role based access
control scheme.
|
| services.dolibarr.package | The dolibarr package to use.
|
| services.kanata.keyboards | Keyboard configurations.
|
| services.httpd.logPerVirtualHost | If enabled, each virtual host gets its own
access.log and
error.log, namely suffixed by the
hostName of the virtual host.
|
| services.invidious-router.nginx.extraDomains | Additional domains to serve invidious-router on.
|
| services.doh-server.settings.verbose | Enable logging
|
| security.pam.dp9ik.authserver | This controls the hostname for the 9front authentication server
that users will be authenticated against.
|
| services.jigasi.userDomain | Domain part of the JID for XMPP user connection.
|
| services.legit.settings.meta.description | Website description.
|
| image.repart.compression.algorithm | Compression algorithm
|
| services.journald.gateway.cert | The path to a file or AF_UNIX stream socket to read the server
certificate from
|
| security.pam.services.<name>.kwallet.package | The kwallet-pam package to use.
|
| services.akkoma.installWrapper | Whether to install a wrapper around pleroma_ctl to simplify administration of the
Akkoma instance.
|
| security.krb5.enable | Enable and configure Kerberos utilities
|
| services.bluesky-pds.pdsadmin.enable | Add pdsadmin script to PATH
|
| programs.dms-shell.enableSystemMonitoring | Whether to install dependencies required for system monitoring widgets
|
| services.gotenberg.libreoffice.package | The libreoffice package to use.
|
| services.libeufin.nexus.settings | Configuration options for the libeufin nexus config file
|
| services.geoipupdate.settings.EditionIDs | List of database edition IDs
|
| services.baikal.phpPackage | The php package to use.
|
| services.fluent-bit.enable | Whether to enable Fluent Bit.
|
| documentation.nixos.options.warningsAreErrors | Treat warning emitted during the option documentation build (eg for missing option
descriptions) as errors.
|
| services.eternal-terminal.verbosity | The verbosity level (0-9).
|
| services.hadoop.hdfs.namenode.extraEnv | Extra environment variables for HDFS NameNode
|
| programs.firefox.autoConfigFiles | AutoConfig files can be used to set and lock preferences that are not covered
by the policies.json for Mac and Linux
|
| services.gammu-smsd.user | User that has access to the device
|
| services.atalkd.configFile | Optional path to a custom atalkd.conf file
|
| security.acme.defaults.listenHTTP | Interface and port to listen on to solve HTTP challenges
in the form [INTERFACE]:PORT
|
| services.cloudflare-dyndns.domains | List of domain names to update records for.
|
| services.actual.settings.hostname | The address to listen on
|
| services.fider.environmentFiles | Files to load environment variables from
|
| services.icecast.admin.password | Password used for all administration functions.
|
| services.borgbackup.repos.<name>.user | The user borg serve is run as
|
| networking.hostFiles | Files that should be concatenated together to form /etc/hosts.
|
| services.agorakit.nginx.quic | Whether to enable the QUIC transport protocol
|
| services.asusd.auraConfigs | The content of /etc/asusd/aura_.ron
|
| services.keepalived.vrrpInstances.<name>.trackInterfaces | List of network interfaces to monitor for health tracking.
|
| services.desktopManager.pantheon.extraSwitchboardPlugs | Plugs to add to Switchboard.
|
| programs.sway.wrapperFeatures.base | Whether to enable the base wrapper to execute extra session commands and prepend a
dbus-run-session to the sway command.
|
| services.influxdb2.provision.users.<name>.passwordFile | Password for the user
|
| services.canaille.secretKeyFile | File containing the Flask secret key
|
| services.librenms.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| boot.loader.systemd-boot.extraInstallCommands | Additional shell commands inserted in the bootloader installer
script after generating menu entries
|
| services.blockbook-frontend.<name>.coinName | See https://github.com/trezor/blockbook/blob/master/bchain/coins/blockchain.go#L61
for current of coins supported in master (Note: may differ from release).
|
| services.firewalld.zones.<name>.sources.*.mac | A MAC address.
|
| networking.firewall.interfaces.<name>.allowedUDPPortRanges | Range of open UDP ports.
|
| services.forgejo.database.createDatabase | Whether to create a local database automatically.
|
| services.bird.enable | Whether to enable BIRD Internet Routing Daemon.
|
| services.akkoma.config.":pleroma".":media_proxy".enabled | Whether to enable proxying of remote media through the instance's proxy.
|
| services.code-server.extraPackages | Additional packages to add to the code-server PATH.
|
| security.pam.u2f.settings.authfile | By default pam-u2f module reads the keys from
$XDG_CONFIG_HOME/Yubico/u2f_keys (or
$HOME/.config/Yubico/u2f_keys if XDG variable is
not set)
|
| services.desktopManager.budgie.extraGSettingsOverridePackages | List of packages for which GSettings are overridden.
|
| services.i2pd.yggdrasil.address | Your local yggdrasil address
|
| security.pki.caCertificateBlacklist | A list of blacklisted CA certificate names that won't be imported from
the Mozilla Trust Store into
/etc/ssl/certs/ca-certificates.crt
|
| services.invoiceplane.sites.<name>.poolConfig | Options for the InvoicePlane PHP pool
|
| services.btrbk.sshAccess.*.key | SSH public key allowed to login as user btrbk to run remote backups.
|
| services.akkoma.config.":pleroma".":instance".description | Instance description.
|
| services.fluidd.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.kanboard.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.jenkins.jobBuilder.yamlJobs | Job descriptions for Jenkins Job Builder in YAML format.
|
| programs.schroot.profiles.<name>.copyfiles | A list of files to copy into the chroot from the host system.
|
| services.ceph.global.clusterName | Name of cluster
|
| services.keycloak.plugins | Keycloak plugin jar, ear files or derivations containing
them
|
| services.easytier.instances.<name>.settings.network_secret | EasyTier network credential used for verification and
encryption
|
| services.crowdsec.hub.postOverflows | List of hub postoverflows to install
|
| services.hostapd.radios.<name>.networks.<name>.bssid | Specifies the BSSID for this BSS
|
| nix.optimise.dates | Specification (in the format described by
systemd.time(7)) of the time at
which the optimiser will run.
|
| services.akkoma.nginx.locations.<name>.alias | Alias directory for requests.
|
| services.komodo-periphery.environmentFile | Environment file for additional configuration via environment variables.
|
| services.avahi.publish.userServices | Whether to publish user services
|
| programs.droidcam.enable | Whether to enable DroidCam client.
|
| services.dictd.enable | Whether to enable the DICT.org dictionary server.
|
| services.cloudflared.tunnels | Cloudflare tunnels.
|
| services.duplicity.cleanup.maxAge | If non-null, delete all backup sets older than the given time
|
| services.cook-cli.basePath | Path to the directory cook-cli will look for recipes.
|
| services.atuin.package | The atuin package to use.
|
| services.borgbackup.jobs.<name>.repo | Remote or local repository to back up to.
|
| services.etcd.trustedCaFile | Certificate authority file to use for clients
|
| programs.zsh.autosuggestions.enable | Whether to enable zsh-autosuggestions.
|
| services.davis.nginx.locations.<name>.root | Root directory for requests.
|
| services.jibri.xmppEnvironments.<name>.control.login.domain | The domain part of the JID for this Jibri instance.
|
| services.desktopManager.pantheon.extraGSettingsOverridePackages | List of packages for which gsettings are overridden.
|
| services.go-camo.sslListen | Address:Port to bind to for HTTPS.
|
| services.homepage-dashboard.enable | Whether to enable Homepage Dashboard, a highly customizable application dashboard.
|
| services.immich.database.name | The name of the immich database.
|