| virtualisation.xen.efi.bootBuilderVerbosity | The EFI boot entry builder script should be called with exactly one of the following arguments in order to specify its verbosity:
-
quiet supresses all messages.
-
default adds a simple "Installing Xen Project Hypervisor boot entries...done." message to the script.
-
info is the same as default, but it also prints a diff with information on which generations were altered.
- This option adds two extra dependencies to the script:
diffutils and bat.
-
debug prints information messages for every single step of the script
|
| services.babeld.interfaceDefaults | A set describing default parameters for babeld interfaces
|
| services.libvirtd.autoSnapshot.vms | If specified only the list of VMs will be snapshotted else all existing one
|
| hardware.trackpoint.skipback | When the skipback bit is set, backup cursor movement during releases from drags will be suppressed
|
| hardware.printers.ensureDefaultPrinter | Ensures the named printer is the default CUPS printer / printer queue.
|
| services.buffyboard.configFile | Path to an INI format configuration file to provide Buffyboard
|
| services.kavita.settings.IpAddresses | IP Addresses to bind to
|
| services.firefly-iii.settings.DB_HOST | The machine which hosts your database
|
| services.hardware.pommed.configFile | The path to the pommed.conf file
|
| services.prosody.muc.*.roomDefaultHistoryLength | Number of history message sent to participants by default.
|
| services.umami.settings.TRACKER_SCRIPT_NAME | Allows you to assign a custom name to the tracker script different from the default script.js.
|
| services.mysql.initialDatabases.*.schema | The initial schema of the database; if null (the default),
an empty database is created.
|
| services.meilisearch.package | The meilisearch package to use
|
| services.zabbixWeb.httpd.virtualHost.extraConfig | These lines go to httpd.conf verbatim
|
| services.github-runners.<name>.noDefaultLabels | Disables adding the default labels
|
| services.hylafax.hfaxdConfig | Attribute set of lines for the global
hfaxd config file etc/hfaxd.conf
|
| services.postfix.masterConfig.<name>.maxproc | The maximum number of processes to spawn for this service
|
| environment.gnome.excludePackages | Which packages gnome should exclude from the default environment
|
| programs.proxychains.localnet | By default enable localnet for loopback address ranges.
|
| services.anuko-time-tracker.settings.email.sender | Default sender for mail.
|
| services.prosody.muc.*.roomDefaultChangeSubject | If set, the rooms will display the public JIDs by default.
|
| services.openafsServer.udpPacketSize | UDP packet size to use in Bytes
|
| services.xserver.windowManager.i3.configFile | Path to the i3 configuration file
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.reqid | Fixed reqid to use for this CHILD_SA
|
| services.drupal.sites.<name>.virtualHost.extraConfig | These lines go to httpd.conf verbatim
|
| services.httpd.virtualHosts.<name>.forceSSL | Whether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS
|
| boot.loader.grub.configurationName | GRUB entry name instead of default.
|
| hardware.sane.disabledDefaultBackends | Names of backends which are enabled by default but should be disabled
|
| services.silverbullet.user | The user to run Silverbullet as
|
| services.thanos.rule.tracing.config | Tracing configuration
|
| services.radicle.httpd.nginx.forceSSL | Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS
|
| services.silverbullet.spaceDir | Folder to store Silverbullet's space/workspace
|
| services.suricata.settings.stats | Engine statistics such as packet counters, memory use counters and others can be logged in several ways
|
| services.prosody.muc.*.roomDefaultModerated | If set, the MUC rooms will be moderated by default.
|
| services.postfix.masterConfig.<name>.private | Whether the service's sockets and storage directory is restricted to
be only available via the mail system
|
| services.mpd.playlistDirectory | The directory where MPD stores playlists
|
| services.desktopManager.plasma6.notoPackage | The Noto fonts - used for UI by default package to use.
|
| services.authelia.instances.<name>.name | Name is used as a suffix for the service name, user, and group
|
| services.fedimintd.<name>.nginx.config.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.firewalld.settings.DefaultZone | Default zone for connections.
|
| services.crossfire-server.stateDir | Where to store runtime data (save files, persistent items, etc)
|
| boot.loader.grub.timeoutStyle |
menu shows the menu.countdown uses a text-mode countdown.hidden hides GRUB entirely
|
| services.kanata.keyboards.<name>.devices | Paths to keyboard devices
|
| services.sabnzbd.settings.servers.<name>.enable | Enable this server by default
|
| services.thelounge.extraConfig | The Lounge's config.js contents as attribute set (will be
converted to JSON to generate the configuration file)
|
| systemd.network.wait-online.anyInterface | Whether to consider the network online when any interface is online, as opposed to all of them
|
| services.xserver.desktopManager.xfce.enableXfwm | Enable the XFWM (default) window manager.
|
| services.strongswan-swanctl.swanctl.connections.<name>.mobike | Enables MOBIKE on IKEv2 connections
|
| services.keycloak.database.caCert | The SSL / TLS CA certificate that verifies the identity of the
database server
|
| fonts.fontconfig.hinting.autohint | Enable the autohinter in place of the default interpreter
|
| services.anuko-time-tracker.nginx.forceSSL | Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS
|
| services.dawarich.redis.createLocally | Whether to configure a local Redis server for Dawarich
|
| services.dashy.enable | Whether to enable Dashy, a highly customizable, easy to use, privacy-respecting dashboard app
|
| services.nginx.virtualHosts.<name>.forceSSL | Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS
|
| services.nitter.preferences.muteVideos | Mute videos by default.
|
| services.postgresql.identMap | Defines the mapping from system users to database users
|
| services.scrutiny.influxdb.enable | Enables InfluxDB on the host system using the services.influxdb2 NixOS module
with default options
|
| services.ostinato.rpcServer.address | By default, the Drone RPC server will listen on all interfaces and
local IPv4 addresses for incoming connections from clients
|
| services.strongswan-swanctl.swanctl.connections.<name>.send_cert | Send certificate payloads when using certificate authentication.
- With the default of
ifasked the daemon sends
certificate payloads only if certificate requests have been received.
never disables sending of certificate payloads
altogether,always causes certificate payloads to be sent
unconditionally whenever certificate authentication is used
|
| environment.deepin.excludePackages | List of default packages to exclude from the configuration
|
| services.sourcehut.settings."hg.sr.ht".repos | Path to mercurial repositories on disk
|
| services.firezone.server.clusterHosts | A list of components and their hosts that are part of this cluster
|
| services.librenms.enableLocalBilling | Enable billing Cron-Jobs on the local instance
|
| services.coturn.relay-ips | Relay address (the local IP address that will be used to relay the
packets to the peer)
|
| environment.budgie.excludePackages | Which packages Budgie should exclude from the default environment.
|
| hardware.alsa.enableRecorder | Whether to set up a loopback device that continuously records and
allows to play back audio from the computer
|
| services.fail2ban.banaction | Default banning action (e.g. iptables, iptables-new, iptables-multiport,
iptables-ipset-proto6-allports, shorewall, etc)
|
| security.duosec.allowTcpForwarding | By default, when SSH forwarding, enabling Duo Security will
disable TCP forwarding
|
| services.duplicity.fullIfOlderThan | If "never" (the default) always do incremental
backups (the first backup will be a full backup, of course)
|
| documentation.man.mandoc.enable | Whether to enable mandoc as the default man page viewer.
|
| services.librenms.phpOptions | Options for PHP's php.ini file for librenms
|
| services.pgadmin.initialPasswordFile | Initial password file for the pgAdmin account
|
| services.openssh.settings.UseDns | Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for
the remote IP address maps back to the very same IP address
|
| services.thanos.store.tracing.config | Tracing configuration
|
| services.linkwarden.cacheLocation | Directory used as cache
|
| services.thanos.query.tracing.config | Tracing configuration
|
| services.pretix.settings.pretix.currency | Default currency for events in its ISO 4217 three-letter code.
|
| services.mediatomb.customCfg | Allow the service to create and use its own config file inside the dataDir as
configured by services.mediatomb.dataDir
|
| services.k3s.clusterInit | Initialize HA cluster using an embedded etcd datastore
|
| services.zoneminder.enable | Whether to enable ZoneMinder
|
| services.xserver.resolutions | The screen resolutions for the X server
|
| services.sourcehut.settings."git.sr.ht".repos | Path to git repositories on disk
|
| services.bookstack.nginx.forceSSL | Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS
|
| services.glusterfs.stopKillTimeout | The systemd TimeoutStopSec to use
|
| services.postgresqlBackup.backupAll | Backup all databases using pg_dumpall
|
| services.stargazer.allowCgiUser | When enabled, the stargazer process will be given CAP_SETGID
and CAP_SETUID so that it can run cgi processes as a different
user
|
| virtualisation.cri-o.runtime | Override the default runtime
|
| services.xserver.enableCtrlAltBackspace | Whether to enable the DontZap option, which binds Ctrl+Alt+Backspace
to forcefully kill X
|
| services.limesurvey.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.libvirtd.autoSnapshot.calendar | When to create snapshots (systemd calendar format)
|
| programs.tsmClient.servers | Server definitions ("stanzas")
for the client system-options file
|
| services.neo4j.directories.home | Path of the Neo4j home directory
|
| services.opensnitch.settings.LogLevel | Default log level from 0 to 4 (debug, info, important, warning,
error).
|
| services.openssh.knownHosts.<name>.hostNames | A list of host names and/or IP numbers used for accessing
the host's ssh service
|
| services.pyload.credentialsFile | File containing PYLOAD_DEFAULT_USERNAME and
PYLOAD_DEFAULT_PASSWORD in the format of an EnvironmentFile=,
as described by systemd.exec(5)
|
| services.xserver.windowManager.mlvwm.configFile | Path to the mlvwm configuration file
|
| virtualisation.cri-o.pauseImage | Override the default pause image for pod sandboxes
|
| containers.<name>.extraVeths.<name>.forwardPorts | List of forwarded ports from host to container
|
| services.hylafax.userAccessFile | The hosts.hfaxd
file entry in the spooling area
will be symlinked to the location given here
|
| networking.interfaces.<name>.macAddress | MAC address of the interface
|