| boot.loader.limine.biosSupport | Whether or not to install limine for BIOS.
|
| services.bookstack.nginx.locations | Declarative location config
|
| services.hostapd.radios.<name>.wifi6.multiUserBeamformer | HE multi user beamformee support
|
| services.galene.recordingsDir | Recordings directory.
|
| services.jenkins.enable | Whether to enable Jenkins, a continuous integration server.
|
| services.ddclient.package | The ddclient executable package run by the service.
|
| services.druid.middleManager.openFirewall | Open firewall ports for Druid middleManager.
|
| services.ceph.mon.daemons | A list of monitor daemons that should have a service created
|
| services.crab-hole.settings | Crab-holes config
|
| services.borgbackup.jobs.<name>.doInit | Run borg init if the
specified repo does not exist
|
| programs.ssh.knownHosts.<name>.publicKeyFile | The path to the public key file for the host
|
| services.displayManager.defaultSession | Graphical session to pre-select in the session chooser (only effective for GDM, LightDM and SDDM)
|
| services.ddclient.username | User name.
|
| services.heapster.source | Heapster metric source
|
| services.endlessh-go.extraOptions | Additional command line options to pass to the endlessh-go daemon.
|
| services.icingaweb2.timezone | PHP-compliant timezone specification
|
| services.discourse.secretKeyBaseFile | The path to a file containing the
secret_key_base secret
|
| services.hostapd.radios.<name>.networks.<name>.macAllowFile | Specifies a file containing the MAC addresses to allow if macAcl is set to "allow" or "radius"
|
| services.actkbd.bindings | Key bindings for actkbd
|
| services.bird.preCheckConfig | Commands to execute before the config file check
|
| services.filebrowser.package | The filebrowser package to use.
|
| services.ax25.axlisten.enable | Whether to enable AX.25 axlisten daemon.
|
| networking.interfaces.<name>.macAddress | MAC address of the interface
|
| services.authelia.instances.<name>.secrets.storageEncryptionKeyFile | Path to your storage encryption key.
|
| services.athens.downloadMode | Defines how Athens behaves when a module@version
is not found in storage
|
| services.doh-server.settings.ecs_allow_non_global_ip | By default, non global IP addresses are never forwarded to upstream servers
|
| boot.initrd.luks.devices.<name>.yubikey.storage.path | Absolute path of the salt on the unencrypted device with
that device's root directory as "/".
|
| programs.evince.package | The evince package to use.
|
| services.arbtt.logFile | The log file for captured samples.
|
| services.kmonad.package | The KMonad package to use.
|
| hardware.alsa.controls.<name>.maxVolume | The maximum volume in dB.
|
| services.atftpd.enable | Whether to enable the atftpd TFTP server
|
| services.drupal.sites.<name>.virtualHost.listen | Listen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL
|
| programs.dsearch.enable | Whether to enable dsearch, a fast filesystem search service with fuzzy matching.
|
| services.gancio.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.bacula-dir.tls.require | Require TLS or TLS-PSK encryption
|
| services.dolibarr.group | Group account under which dolibarr runs.
If left as the default value this group will automatically be created
on system activation, otherwise you are responsible for
ensuring the group exists before the dolibarr application starts.
|
| services.freeradius.enable | Whether to enable the freeradius server.
|
| programs.git.config | Configuration to write to /etc/gitconfig
|
| services.btrbk.instances.<name>.onCalendar | How often this btrbk instance is started
|
| services.crossmacro.enable | Whether to enable CrossMacro, a cross-platform mouse and keyboard macro application.
|
| services.coredns.enable | Whether to enable Coredns dns server.
|
| fonts.fontconfig.defaultFonts.monospace | System-wide default monospace font(s)
|
| services.gitweb.projectroot | Path to git projects (bare repositories) that should be served by
gitweb
|
| services.ersatztv.baseUrl | Base URL to support reverse proxies that use paths (e.g. /ersatztv)
|
| services.gancio.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| hardware.deviceTree.dtboBuildExtraPreprocessorFlags | Additional flags to pass to the preprocessor during dtbo compilations
|
| services.hologram-agent.enable | Whether to enable the Hologram agent for AWS instance credentials
|
| image.repart.partitions.<name>.nixStorePrefix | The prefix to use for store paths
|
| services.gitlab.sidekiq.memoryKiller.graceTime | The time MemoryKiller waits after noticing excessive memory
consumption before killing Sidekiq.
|
| environment.enlightenment.excludePackages | Which packages Enlightenment should exclude from the default environment
|
| services.discourse.redis.useSSL | Connect to Redis with SSL.
|
| security.duosec.pam.enable | If enabled, protect logins with Duo Security using PAM support.
|
| services.anuko-time-tracker.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.avahi.publish.enable | Whether to allow publishing in general.
|
| services.db-rest.host | The host address the db-rest server should listen on.
|
| services.firewalld.services.<name>.version | Version of the service.
|
| boot.initrd.network.ifstate.allowIfstateToDrasticlyIncreaseInitrdSize | IfState in initrd drastically increases the size of initrd, your boot partition may be too small and/or you may have significantly fewer generations
|
| boot.loader.refind.enable | Whether to enable the rEFInd boot loader.
|
| hardware.sane.brscan4.netDevices.<name>.model | The model of the network device.
|
| services.icingaweb2.modules.translation.enable | Whether to enable the icingaweb2 translation module.
|
| services.anuko-time-tracker.hostname | The hostname to serve Anuko Time Tracker on.
|
| nixpkgs.flake.setFlakeRegistry | Whether to pin nixpkgs in the system-wide flake registry (/etc/nix/registry.json) to the
store path of the sources of nixpkgs used to build the NixOS system
|
| services.btrbk.sshAccess.*.key | SSH public key allowed to login as user btrbk to run remote backups.
|
| services.freshrss.extensions | Additional extensions to be used.
|
| services.gmediarender.enable | Whether to enable the gmediarender DLNA renderer.
|
| services.anubis.instances.<name>.policy | Anubis policy configuration
|
| services.davis.dataDir | Davis data directory.
|
| services.coturn.tls-listening-port | TURN listener port for TLS
|
| services.journald.forwardToSyslog | Whether to forward log messages to syslog.
|
| services.crowdsec.autoUpdateService | Whether to enable if true cscli hub update will be executed daily
|
| services.foldingathome.package | The fahclient package to use.
|
| services.jupyter.password | Password to use with notebook
|
| services.jellyfin.transcoding.hardwareDecodingCodecs | Which codecs to enable for hardware decoding.
|
| services.journald.remote.settings.Remote.ServerKeyFile | A path to a SSL secret key file in PEM format
|
| programs.bcc.enable | Whether to enable bcc, tools for BPF-based Linux IO analysis, networking, monitoring, and more.
|
| services.lemmy.settings.port | Port where lemmy should listen for incoming requests.
|
| services.input-remapper.enableUdevRules | Whether to enable udev rules added by input-remapper to handle hotplugged devices
|
| hardware.xone.enable | Whether to enable the xone driver for Xbox One and Xbox Series X|S accessories.
|
| services.freeciv.settings.quitidle | Quit if no players for given time in seconds.
|
| services.handheld-daemon.package | The handheld-daemon package to use.
|
| services.hoogle.extraOptions | Additional command-line arguments to pass to
hoogle server
|
| services.immich.database.port | Port of the postgresql server.
|
| programs.fish.enable | Whether to configure fish as an interactive shell.
|
| services.cjdns.ETHInterface.bind | Bind to this device for native ethernet operation.
all is a pseudo-name which will try to connect to all devices.
|
| networking.wlanInterfaces.<name>.fourAddr | Whether to enable 4-address mode with type managed.
|
| networking.wireless.networks.<name>.pskRaw | Either the raw pre-shared key in hexadecimal format
or the name of the secret (as defined inside
networking.wireless.secretsFile and prefixed
with ext:) containing the network pre-shared key.
Be aware that this will be written to the Nix store
in plaintext! Always use an external reference.
The external secret can be either the plaintext
passphrase or the raw pre-shared key.
Mutually exclusive with psk and auth.
|
| services.gitlab.smtp.domain | HELO domain to use for outgoing mail.
|
| services.gitwatch.<name>.enable | Whether to enable watching for repo.
|
| services.buildbot-worker.masterUrl | Specifies the Buildbot Worker connection string.
|
| services.gancio.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.displayManager.ly.package | The ly package to use.
|
| services.icecast.listen.port | TCP port that will be used to accept client connections.
|
| services.akkoma.nginx.extraConfig | These lines go to the end of the vhost verbatim.
|
| services.firewalld.zones.<name>.ports.*.port | |
| services.foundationdb.memory | Maximum memory used by the process
|
| services.i2pd.family | Specify a family the router belongs to.
|
| security.acme.acceptTerms | Accept the CA's terms of service
|
| services.bacula-fd.director | This option defines director resources in Bacula File Daemon.
|
| services.conman.configFile | The absolute path to the configuration file
|