| services.borgbackup.repos.<name>.quota | Storage quota for the repository
|
| services.consul.forceIpv4 | Deprecated: Use consul.forceAddrFamily instead
|
| services.dendrite.httpsPort | The port to listen for HTTPS requests on.
|
| services.hardware.argonone.package | The argononed package to use.
|
| services.firefly-iii.group | Group under which firefly-iii runs
|
| services.libinput.mouse.sendEventsMode | Sets the send events mode to disabled, enabled,
or disabled-on-external-mouse
|
| services.hadoop.gatewayRole.enableHbaseCli | Whether to enable HBase CLI tools.
|
| boot.loader.grub.fontSize | Font size for the grub menu
|
| nix.registry.<name>.to | The flake reference from is rewritten to
|
| services.firewalld.zones.<name>.masquerade | Whether to enable masquerading in the zone.
|
| security.pam.u2f.settings.authfile | By default pam-u2f module reads the keys from
$XDG_CONFIG_HOME/Yubico/u2f_keys (or
$HOME/.config/Yubico/u2f_keys if XDG variable is
not set)
|
| services.icingaweb2.modulePackages | Name-package attrset of Icingaweb 2 modules packages to enable
|
| services.gitlab.extraConfig | Extra options to be added under
production in
config/gitlab.yml, as a nix attribute
set
|
| services.akkoma.nginx.locations.<name>.alias | Alias directory for requests.
|
| networking.wireless.secretsFile | File consisting of lines of the form varname=value
to define variables for the wireless configuration
|
| services.firefox-syncserver.secrets | A file containing the various secrets
|
| services.frp.instances.<name>.settings | Frp configuration, for configuration options
see the example of client
or server on github.
|
| hardware.nvidia.videoAcceleration | Whether to enable Whether video acceleration (VA-API) should be enabled.
.
|
| services.caddy.httpPort | The default port to listen on for HTTP traffic.
|
| services.apcupsd.hooks | Each attribute in this option names an apcupsd event and the string
value it contains will be executed in a shell, in response to that
event (prior to the default action)
|
| hardware.facter.detected.boot.keyboard.kernelModules | List of kernel modules to include in the initrd to support the keyboard.
|
| programs.ssh.kexAlgorithms | Specifies the available KEX (Key Exchange) algorithms.
|
| services.bind.extraArgs | Additional command-line arguments to pass to named.
|
| services.coturn.alt-listening-port | Alternative listening port for UDP and TCP listeners;
default (or zero) value means "listening port plus one"
|
| nixops.enableDeprecatedAutoLuks | Whether to enable the deprecated NixOps AutoLuks module.
|
| services.bcg.mqtt.host | Host where MQTT server is running.
|
| services.journalwatch.interval | How often to run journalwatch
|
| services.caddy.adapter | Name of the config adapter to use
|
| security.auditd.plugins.<name>.settings | Plugin-specific config file to link to /etc/audit/.conf
|
| boot.initrd.luks.devices.<name>.fido2.credential | The FIDO2 credential ID.
|
| hardware.ledger.enable | Whether to enable udev rules for Ledger devices.
|
| power.ups.upsd.listen.*.address | Address of the interface for upsd to listen on
|
| services.kanboard.nginx.listen.*.ssl | Enable SSL.
|
| hardware.trackpoint.sensitivity | Trackpoint sensitivity.
|
| power.ups.maxStartDelay | This can be set as a global variable above your first UPS
definition and it can also be set in a UPS section
|
| services.jellyfin.enable | Whether to enable Jellyfin Media Server.
|
| services.gitea-actions-runner.instances.<name>.url | Base URL of your Gitea/Forgejo instance.
|
| services.certspotter.enable | Whether to enable Cert Spotter, a Certificate Transparency log monitor.
|
| services.lavalink.plugins.*.hash | The hash of the plugin.
|
| networking.bonds | This option allows you to define bond devices that aggregate multiple,
underlying networking interfaces together
|
| services.calibre-web.listen.port | Listen port for Calibre-Web.
|
| services.ddclient.usev4 | Method to determine the IPv4 address to send to the dynamic DNS provider
|
| services.desktopManager.lomiri.enable | Whether to enable the Lomiri graphical shell (formerly known as Unity8)
.
|
| services.honk.port | The port the server should listen to.
|
| services.lavalink.enableHttp2 | Whether to enable HTTP/2 support.
|
| services.firezone.server.provision.accounts.<name>.relayGroups.<name>.name | The name of this relay group
|
| services.jupyter.notebookConfig | Raw jupyter config
|
| boot.nixStoreMountOpts | Defines the mount options used on a bind mount for the /nix/store
|
| services.dolibarr.h2o.tls.policy | add will additionally listen for TLS connections. only will
disable TLS connections. force will redirect non-TLS traffic
to the TLS connection.
|
| services.fcgiwrap.instances | Configuration for fcgiwrap instances.
|
| services.gocd-server.extraGroups | List of extra groups that the "gocd-server" user should be a part of.
|
| services.chrony.package | The chrony package to use.
|
| services.ente.web.domains.photos | The domain under which the photos frontend will be served.
|
| services.flannel.subnetMax | The end of IP range which the subnet allocation should start with
|
| services.glusterfs.tlsSettings | Make the server communicate via TLS
|
| services.hydra.listenHost | The hostname or address to listen on or * to listen
on all interfaces.
|
| services.jenkins.port | Specifies port number on which the jenkins HTTP interface listens
|
| services.conman.config | The configuration object
|
| services.dae.openFirewall.port | Port to be opened
|
| services.graylog.nodeIdFile | Path of the file containing the graylog node-id
|
| services.i2pd.inTunnels.<name>.accessList | I2P nodes that are allowed to connect to this service.
|
| services.jack.alsa.enable | Route audio to/from generic ALSA-using applications using ALSA JACK PCM plugin.
|
| programs.nix-index.package | The nix-index package to use.
|
| services.acme-dns.settings.api.tls | TLS backend to use.
|
| services.dnsmasq.alwaysKeepRunning | If enabled, systemd will always respawn dnsmasq even if shut down manually
|
| services.kapacitor.extraConfig | These lines go into kapacitord.conf verbatim.
|
| services.libinput.mouse.additionalOptions | Additional options for libinput mouse driver
|
| services.librespeed.package | The librespeed-rust package to use.
|
| programs.ausweisapp.enable | Whether to enable AusweisApp.
|
| services.bitwarden-directory-connector-cli.ldap.startTls | Whether to use STARTTLS.
|
| services.freenet.enable | Whether to enable Freenet daemon.
|
| fonts.fontconfig.allowBitmaps | Allow bitmap fonts
|
| services.dolibarr.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services.gammu-smsd.backend.sql.user | User name used for connection to the database
|
| services.jellyfin.dataDir | Base data directory,
passed with --datadir see #data-directory
|
| services.fluent-bit.configurationFile | Fluent Bit configuration
|
| services.httpd.virtualHosts.<name>.listen.*.ip | IP to listen on. 0.0.0.0 for IPv4 only, * for all.
|
| services.immich-public-proxy.port | The port that IPP will listen on.
|
| programs.iay.enable | Whether to enable iay, a minimalistic shell prompt.
|
| services.anubis.instances.<name>.policy.useDefaultBotRules | Whether to include Anubis's default bot detection rules via the
(data)/meta/default-config.yaml import
|
| services.bitlbee.libpurple_plugins | The list of libpurple plugins to install.
|
| services.kimai.sites | Specification of one or more Kimai sites to serve
|
| services.athens.githubToken | Creates .netrc file with the given token to be used for GitHub
|
| services.below.retention.size | Size limit for below's data, in bytes
|
| services.canaille.settings.CANAILLE_OIDC | OpenID Connect settings
|
| services.legit.settings.repo.ignore | Repositories to ignore.
|
| services.bookstack.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.gocd-agent.extraGroups | List of extra groups that the "gocd-agent" user should be a part of.
|
| image.repart.verityStore.enable | Whether to enable building images with a dm-verity protected nix store.
|
| hardware.sane.drivers.scanSnap.enable | Whether to enable drivers for the Fujitsu ScanSnap scanners
|
| services.crowdsec.settings.simulation | Attributes inside the simulation.yaml file.
|
| services.borgbackup.jobs.<name>.patterns | Include/exclude paths matching the given patterns
|
| services.hickory-dns.settings.listen_addrs_ipv6 | List of ipv6 addresses on which to listen for DNS queries.
|
| boot.bootspec.enableValidation | Whether to enable the validation of bootspec documents for each build
|
| services.flarum.package | The flarum package to use.
|
| services.gitea.dump.interval | Run a gitea dump at this interval
|
| services.endlessh.openFirewall | Whether to open a firewall port for the SSH listener.
|
| services.librespeed.frontend.contactEmail | Email address listed in the privacy policy.
|
| boot.loader.grub.default | Index of the default menu item to be booted
|
| services.clamav.updater.settings | freshclam configuration
|