| services.grafana.settings.security.cookie_secure | Set to true if you host Grafana behind HTTPS.
|
| services.nullmailer.config.defaultdomain | The content of this attribute is appended to any host name that
does not contain a period (except localhost), including defaulthost
and idhost
|
| services.livebook.environmentFile | Additional environment file as defined in systemd.exec(5)
|
| services.grafana.settings.server.enforce_domain | Redirect to correct domain if the host header does not match the domain
|
| services.cloudflared.tunnels.<name>.edgeIPVersion | Specifies the IP address version (IPv4 or IPv6) used to establish a connection between cloudflared and the Cloudflare global network
|
| services.matrix-appservice-discord.serviceDependencies | List of Systemd services to require and wait for when starting the application service,
such as the Matrix homeserver if it's running on the same host.
|
| programs.tsmClient.servers.<name>.tcpserveraddress | Host/domain name or IP address of the IBM TSM server.
|
| services.easytier.instances.<name>.settings.instance_name | Identify different instances on same host
|
| services.vaultwarden.environmentFile | Additional environment file or files as defined in systemd.exec(5)
|
| services.litestream.environmentFile | Environment file as defined in systemd.exec(5)
|
| security.virtualisation.flushL1DataCache | Whether the hypervisor should flush the L1 data cache before
entering guests
|
| programs.pay-respects.aiIntegration | Whether to enable pay-respects' LLM integration
|
| services.veilid.settings.core.network.routing_table.bootstrap | Host name of existing well-known Veilid bootstrap servers for the network to connect to.
|
| services.xserver.displayManager.lightdm.greeters.gtk.indicators | List of allowed indicator modules to use for the lightdm gtk
greeter panel
|
| services.prometheus.exporters.snmp.environmentFile | EnvironmentFile as defined in systemd.exec(5)
|
| services.prometheus.exporters.php-fpm.environmentFile | Environment file as defined in systemd.exec(5)
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.resources.*.names | List of resources to host on this listener.
|
| services.prometheus.exporters.postgres.environmentFile | Environment file as defined in systemd.exec(5)
|
| services.movim.h2o.tls.recommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.h2o.defaultTLSRecommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.dolibarr.h2o.tls.recommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.headscale.settings.dns.base_domain | Defines the base domain to create the hostnames for MagicDNS
|
| containers.<name>.localAddress6 | The IPv6 address assigned to the interface in the container
|
| containers.<name>.localAddress | The IPv4 address assigned to the interface in the container
|
| containers.<name>.extraVeths.<name>.localAddress6 | The IPv6 address assigned to the interface in the container
|
| services.journald.remote.output | The location of the output journal
|
| containers.<name>.extraVeths.<name>.localAddress | The IPv4 address assigned to the interface in the container
|
| services.polipo.parentProxy | Hostname and port number of an HTTP parent proxy;
it should have the form ‘host:port’.
|
| services.polipo.socksParentProxy | Hostname and port number of an SOCKS parent proxy;
it should have the form ‘host:port’.
|
| services.tinc.networks.<name>.name | The name of the node which is used as an identifier when communicating
with the remote nodes in the mesh
|
| services.hadoop.hbase.regionServer.overrideHosts | Remove /etc/hosts entries for "127.0.0.2" and "::1" defined in nixos/modules/config/networking.nix
Regionservers must be able to resolve their hostnames to their IP addresses, through PTR records
or /etc/hosts entries.
|
| services.cjdns.addExtraHosts | Whether to add cjdns peers with an associated hostname to
/etc/hosts
|
| services.livekit.settings.rtc.use_external_ip | When set to true, attempts to discover the host's public IP via STUN
|
| services.bookstack.settings.DB_HOST | The IP or hostname which hosts your database.
|
| services.dnscache.domainServers | Table of {hostname: server} pairs to use as authoritative servers for hosts (and subhosts)
|
| services.firezone.server.clusterHosts | A list of components and their hosts that are part of this cluster
|
| services.livekit.ingress.settings.rtc_config.use_external_ip | When set to true, attempts to discover the host's public IP via STUN
|
| services.tt-rss.sphinx.server | Hostname:port combination for the Sphinx server.
|
| services.tt-rss.email.server | Hostname:port combination to send outgoing mail
|
| nixpkgs.crossSystem | Systems with a recently generated hardware-configuration.nix
may instead specify only nixpkgs.buildPlatform,
or fall back to removing the nixpkgs.hostPlatform line from the generated config
|
| services.pghero.listenAddress | hostname:port to listen for HTTP traffic
|
| services.gerrit.listenAddress | hostname:port to listen for HTTP traffic
|
| nixpkgs.localSystem | Systems with a recently generated hardware-configuration.nix
do not need to specify this option, unless cross-compiling, in which case
you should set only nixpkgs.buildPlatform
|
| services.dawarich.enable | Whether to enable Dawarich, a self-hostable alternative to Google Location History.
|
| networking.search | The list of domain search paths that are considered for resolving
hostnames with fewer dots than configured in the ndots option,
which defaults to 1 if unset.
|
| services.certmgr.defaultRemote | The default CA host:port to use.
|
| services.thanos.rule.http-address | Listen host:port for HTTP endpoints
|
| services.thanos.store.http-address | Listen host:port for HTTP endpoints
|
| services.thanos.query.http-address | Listen host:port for HTTP endpoints
|
| services.tor.torsocks.server | IP/Port of the Tor SOCKS server
|
| services.sslh.listenAddresses | Listening addresses or hostnames.
|
| services.oauth2-proxy.loginURL | Authentication endpoint
|
| programs.ssh.knownHosts.<name>.certAuthority | This public key is an SSH certificate authority, rather than an
individual host's key.
|
| security.acme.certs.<name>.dnsResolver | Set the resolver to use for performing recursive DNS queries
|
| services.thanos.sidecar.http-address | Listen host:port for HTTP endpoints
|
| services.thanos.receive.http-address | Listen host:port for HTTP endpoints
|
| services.thanos.compact.http-address | Listen host:port for HTTP endpoints
|
| services.castopod.enable | Whether to enable Castopod, a hosting platform for podcasters.
|
| services.mailman.webHosts | The list of hostnames and/or IP addresses from which the Mailman Web
UI will accept requests
|
| services.oauth2-proxy.redeemURL | Token redemption endpoint
|
| services.nghttpx.backends.*.server | Backend server location specified as either a host:port pair
or a unix domain docket.
|
| services.ncps.cache.redis.addresses | A list of host:port for the Redis servers that are part of a cluster
|
| services.sshguard.whitelist | Whitelist a list of addresses, hostnames, or address blocks.
|
| security.acme.defaults.dnsResolver | Set the resolver to use for performing recursive DNS queries
|
| services.openssh.knownHosts.<name>.certAuthority | This public key is an SSH certificate authority, rather than an
individual host's key.
|
| services.tor.torsocks.fasterServer | IP/Port of the Tor SOCKS server for torsocks-faster wrapper suitable for HTTP
|
| services.thanos.query-frontend.http-address | Listen host:port for HTTP endpoints
|
| services.github-runners.<name>.enable | Whether to enable GitHub Actions runner
|
| services.oauth2-proxy.validateURL | Access token validation endpoint
|
| services.synergy.client.serverAddress | The server address is of the form: [hostname][:port]
|
| services.sourcehut.enable | Whether to enable sourcehut - git hosting, continuous integration, mailing list, ticket tracking, wiki
and account management services
.
|
| services.kubo.localDiscovery | Whether to enable local discovery for the Kubo daemon
|
| services.mlmmj.mailLists | The collection of hosted maillists
|
| networking.extraHosts | Additional verbatim entries to be appended to /etc/hosts
|
| boot.loader.initScript.enable | Some systems require a /sbin/init script which is started
|
| services.hedgedoc.settings.urlPath | URL path for the website
|
| services.gitDaemon.enable | Enable Git daemon, which allows public hosting of git repositories
without any access controls
|
| services.mysql.galeraCluster.nodeAddresses | IP addresses or hostnames of all nodes in the cluster, including this node
|
| services.pretix.settings.memcached.location | The host:port combination or the path to the UNIX socket of a memcached instance
|
| services.hatsu.enable | Whether to enable Self-hosted and fully-automated ActivityPub bridge for static sites.
|
| virtualisation.kvmgt.enable | Whether to enable KVMGT (iGVT-g) VGPU support
|
| services.tabby.enable | Whether to enable Self-hosted AI coding assistant using large language models.
|
| virtualisation.rosetta.mountTag | The VirtioFS mount tag for the Rosetta runtime, exposed by the host's virtualisation software
|
| services.snips-sh.settings | The configuration of snips-sh is done through environment variables,
therefore you must use upper snake case (e.g. SNIPS_HTTP_INTERNAL)
|
| services.slurm.dbdserver.dbdHost | Hostname of the machine where slurmdbd
is running (i.e. name returned by hostname -s).
|
| programs.xfs_quota.projects.<name>.fileSystem | XFS filesystem hosting the xfs_quota project.
|
| services.dashy.enable | Whether to enable Dashy, a highly customizable, easy to use, privacy-respecting dashboard app
|
| services.slurm.controlMachine | The short hostname of the machine where SLURM control functions are
executed (i.e. the name returned by the command "hostname -s", use "tux001"
rather than "tux001.my.com").
|
| services.jibri.xmppEnvironments.<name>.xmppServerHosts | Hostnames of the XMPP servers to connect to.
|
| services.podgrab.enable | Whether to enable Podgrab, a self-hosted podcast manager.
|
| hardware.sane.netConf | Network hosts that should be probed for remote scanners.
|
| services.snapserver.streams.<name>.location | For type pipe or file, the path to the pipe or file
|
| services.slurm.rest.environment.SLURMRESTD_LISTEN | Comma-delimited list of host:port pairs or unix sockets to listen on.
|
| services.tailscale.serve.services.<name>.endpoints | Map of incoming traffic patterns to local targets
|
| virtualisation.credentials.<name>.text | Text content of the credential
|
| security.ipa.server | IPA Server hostname.
|
| services.postsrsd.settings.srs-domain | Dedicated mail domain used for ephemeral SRS envelope addresses
|
| virtualisation.useNixStoreImage | Build and use a disk image for the Nix store, instead of
accessing the host's one through 9p
|
| services.pingvin-share.enable | Whether to enable Pingvin Share, a self-hosted file sharing platform.
|
| services.murmur.registerHostname | DNS hostname where your server can be reached
|