| services.lighthouse.beacon.execution.port | Port number the Beacon node will be listening on for the execution layer.
|
| services.gitlab.secrets.otpFile | A file containing the secret used to encrypt secrets for OTP
tokens
|
| services.displayManager.generic.execCmd | Command to start the display manager.
|
| programs.proxychains.chain.length | Chain length for random chain.
|
| boot.loader.systemd-boot.graceful | Invoke bootctl install with the --graceful option,
which ignores errors when EFI variables cannot be written or when the EFI System Partition
cannot be found
|
| services.invidious.hmacKeyFile | A path to a file containing the hmac_key
|
| services.limesurvey.nginx.virtualHost.listen.*.port | Port number to listen on
|
| services.tt-rss.enableGZipOutput | Selectively gzip output to improve wire performance
|
| services.coturn.tls-listening-port | TURN listener port for TLS
|
| services.nginx.uwsgiResolveWhileRunning | Resolves domains of uwsgi targets at runtime
and not only at start, you have to set
services.nginx.resolver, too.
|
| services.akkoma.config.":pleroma"."Pleroma.Web.Endpoint".url.port | External port number.
|
| services.strongswan-swanctl.swanctl.connections.<name>.rand_time | Time range from which to choose a random value to subtract from
rekey/reauth times
|
| services.liquidsoap.streams | Set of Liquidsoap streams to start,
one systemd service per stream.
|
| programs.dms-shell.systemd.target | The systemd target that will automatically start the DankMaterialShell service
|
| containers.<name>.timeoutStartSec | Time for the container to start
|
| networking.hostId | The 32-bit host ID of the machine, formatted as 8 hexadecimal characters
|
| services.druid.coordinator.restartIfChanged | Automatically restart the service on config change
|
| services.actkbd.enable | Whether to enable the actkbd key mapping daemon
|
| services.lighthouse.validator.metrics.port | Port number of Validator node metrics service.
|
| services.wastebin.secretFile | Path to file containing sensitive environment variables
|
| services.minecraft-server.enable | If enabled, start a Minecraft Server
|
| systemd.automounts.*.restartTriggers | An arbitrary list of items such as derivations
|
| services.grafana.settings.server.http_port | Listening port.
|
| services.lasuite-meet.livekit.keyFile | LiveKit key file holding one or multiple application secrets
|
| services.grafana_reporter.grafana.port | Grafana port.
|
| services.mastodon.elasticsearch.port | Elasticsearch port.
|
| services.akkoma.initSecrets | Whether to initialise non‐existent secrets with random values
|
| services.vwifi.server.ports.spy | The spy interface port
|
| services.vwifi.server.ports.tcp | The TCP server port
|
| services.easytier.instances.<name>.settings.peers | Peers to connect initially
|
| boot.loader.systemd-boot.edk2-uefi-shell.sortKey | systemd-boot orders the menu entries by their sort keys,
so if you want something to appear after all the NixOS entries,
it should start with o or onwards
|
| services.firewalld.zones.<name>.forwardPorts.*.port | |
| services.mqtt2influxdb.influxdb.port | InfluxDB server port
|
| services.mtprotoproxy.secureOnly | Don't allow users to connect in non-secure mode (without random padding).
|
| services.prometheus.exporters.modemmanager.port | Port to listen on.
|
| services.paperless.exporter.onCalendar | When to run the exporter
|
| services.wasabibackend.endpoint.port | Port for P2P connection to bitcoind.
|
| systemd.user.services.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.github-runners.<name>.workDir | Working directory, available as $GITHUB_WORKSPACE during workflow runs
and used as a default for repository checkouts
|
| systemd.user.sockets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.user.targets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| programs.proxychains.proxies.<name>.port | Proxy port
|
| services.caddy.adapter | Name of the config adapter to use
|
| services.akkoma.config.":pleroma"."Pleroma.Web.Endpoint".http.port | Listener port number
|
| services.invoiceplane.sites.<name>.database.port | Database host port.
|
| services.physlock.enable | Whether to enable the physlock screen locking mechanism
|
| services.yggdrasil.settings | Configuration for yggdrasil, as a structured Nix attribute set
|
| services.gitlab.secrets.secretFile | A file containing the secret used to encrypt variables in
the DB
|
| programs.obs-studio.enableVirtualCamera | Installs and sets up the v4l2loopback kernel module, necessary for OBS
to start a virtual camera.
|
| services.changedetection-io.port | Port the server will listen on.
|
| services.cloudflare-ddns.updateOnStart | Whether to perform an update check immediately on service start.
|
| services.jupyterhub.kernels.<name>.argv | Command and arguments to start the kernel.
|
| programs.hyprland.enable | Whether to enable Hyprland, the dynamic tiling Wayland compositor that doesn't sacrifice on its looks
|
| services.bitwarden-directory-connector-cli.ldap.port | Port LDAP is accessible on.
|
| services.vsftpd.portPromiscuous | Set to YES if you want to disable the PORT security check that ensures that
outgoing data connections can only connect to the client
|
| services.thinkfan.sensors.*.indices | A list of sensors to pick in case multiple sensors match the query.
|
| services.thanos.store.min-time | Start of time range limit to serve
|
| services.biboumi.settings.identd_port | The TCP port on which to listen for identd queries.
|
| services.livekit.ingress.settings.whip_port | TCP port for WHIP connections
|
| services.livekit.ingress.settings.rtmp_port | TCP port for RTMP connections
|
| services.hostapd.radios.<name>.channel | The channel to operate on
|
| services.seafile.seafileSettings.fileserver.port | The tcp port used by seafile fileserver.
|
| services.cyrus-imap.cyrusSettings.START | This section lists the processes to run before any SERVICES are spawned
|
| services.prometheus.alertmanager.port | Port to listen on for the web interface and API.
|
| services.librespeed.secrets | Attribute set of filesystem paths
|
| services.hadoop.hdfs.journalnode.restartIfChanged | Automatically restart the service on config change
|
| services.hadoop.yarn.nodemanager.restartIfChanged | Automatically restart the service on config change
|
| services.xserver.displayManager.startx.generateScript | Whether to generate the system-wide xinitrc script (/etc/X11/xinit/xinitrc)
|
| services.teleport.settings | Contents of the teleport.yaml config file
|
| boot.loader.systemd-boot.windows.<name>.sortKey | systemd-boot orders the menu entries by their sort keys,
so if you want something to appear after all the NixOS entries,
it should start with o or onwards
|
| systemd.automounts.*.requires | Start the specified units when this unit is started, and stop
this unit when the specified units are stopped or fail.
|
| services.firewalld.services.<name>.sourcePorts.*.port | |
| services.elasticsearch.restartIfChanged | Automatically restart the service on config change
|
| services.cockroachdb.extraArgs | Extra CLI arguments passed to cockroach start
|
| services.vwifi.server.ports.vhost | The vhost port
|
| services.szurubooru.server.threads | Number of waitress threads to start.
|
| services.hickory-dns.settings.listen_port | Port to listen on (applies to all listen addresses).
|
| services.misskey.reverseProxy.webserver.nginx.listen.*.port | Port number to listen on
|
| services.nullidentdmod.userid | User ID to return
|
| services.hqplayerd.auth.password | Password used for HQPlayer's WebUI
|
| services.hqplayerd.auth.username | Username used for HQPlayer's WebUI
|
| programs.dsearch.systemd.target | The systemd target that will automatically start the dsearch service
|
| services.gitlab.secrets.activeRecordSaltFile | A file containing the salt for active record encryption in the DB
|
| services.teeworlds.game.enableReadyMode | Whether to enable "ready mode"; where players can pause/unpause the game
and start the game in warmup, using their ready state.
|
| services.icingaweb2.modules.monitoring.transports.<name>.port | Port to connect to for the api or remote transport
|
| services.lasuite-docs.collaborationServer.port | Port used by the collaboration server to listen.
|
| power.ups.upsmon.monitor.<name>.passwordFile | The full path to a file containing the password from
upsd.users for accessing this UPS
|
| systemd.services.<name>.stopIfChanged | If set, a changed unit is restarted by calling
systemctl stop in the old configuration,
then systemctl start in the new one
|
| services.croc.ports | Ports of the relay.
|
| services.nginx.proxyResolveWhileRunning | Resolves domains of proxyPass targets at runtime and not only at startup
|
| services.zapret.httpSupport | Whether to route http traffic on port 80
|
| services.tlsrpt.reportd.settings | Flags from tlsrpt-reportd(1) as key-value pairs.
|
| power.ups.mode | The MODE determines which part of the NUT is to be started, and
which configuration files must be modified
|
| programs.tsmClient.servers.<name>.genPasswd | Whether to enable automatic client password generation
|
| services.transmission.openRPCPort | Whether to enable opening of the RPC port in the firewall.
|
| services.statsd.mgmt_port | Port to run the management TCP interface on
|
| services.stash.settings.preview_exclude_start | Duration of end of video to exclude when generating previews
|
| services.mautrix-meta.instances.<name>.dataDir | Path to the directory with database, registration, and other data for the bridge service
|
| services.prometheus.alertmanagerGotify.port | The local port the bridge is listening on.
|
| services.cjdns.admin.bind | Bind the administration port to this address and port.
|