| services.hardware.lcd.serverHost | Host on which LCDd is listening.
|
| services.go-httpbin.package | The go-httpbin package to use.
|
| services.jenkins.prefix | Specifies a urlPrefix to use with jenkins
|
| services.firewalld.settings.StrictForwardPorts | If enabled, the generated destination NAT (DNAT) rules will NOT accept traffic that was DNAT'd by other entities, e.g. docker
|
| services.glitchtip.user | The user account under which GlitchTip runs.
|
| services.httpd.logFormat | Selects the access log format written to log files
|
| services.invidious.sig-helper.listenAddress | The IP address/port where inv-sig-helper should listen.
|
| services.kthxbye.extraOptions | Extra command line options
|
| services.angrr.settings.profile-policies.<name>.profile-paths | Paths to the Nix profile
|
| services.anuko-time-tracker.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.draupnir.secrets.web.synapseHTTPAntispam.authorization | File containing the secret token when using the Synapse HTTP Antispam module
to be used in place of
services.draupnir.settings.web.synapseHTTPAntispam.authorization
|
| services.fedimintd.<name>.nginx.config.serverName | Name of this virtual host
|
| programs.ssh.macs | Specifies the MAC (message authentication code) algorithms in order of preference
|
| services.druid.package | The apache-druid package to use.
|
| services.asterisk.useTheseDefaultConfFiles | Sets these config files to the default content
|
| services.flood.port | Port to bind webserver.
|
| services.dbus.brokerPackage | The dbus-broker package to use.
|
| services.dokuwiki.sites.<name>.package | The dokuwiki package to use.
|
| services.gvpe.enable | Whether to enable gvpe.
|
| services.jenkins.jobBuilder.accessUser | User id in Jenkins used to reload config.
|
| services.komodo-periphery.excludeDiskMounts | Exclude these mount paths from disk reporting.
|
| hardware.saleae-logic.package | Saleae Logic package to use.
|
| programs.fish.shellInit | Shell script code called during fish shell initialisation.
|
| services.homebridge.uiSettings.platform | Type of the homebridge UI platform
|
| security.acme.certs.<name>.directory | Directory where certificate and other state is stored.
|
| services.desktopManager.plasma6.notoPackage | The Noto fonts - used for UI by default package to use.
|
| services.discourse.mail.outgoing.passwordFile | A file containing the password of the SMTP server account
|
| services.gpsd.nowait | don't wait for client connects to poll GPS
|
| services.grafana.settings.security.disable_brute_force_login_protection | Set to true to disable brute force login protection.
|
| networking.firewall.extraForwardRules | Additional nftables rules to be appended to the forward-allow
chain
|
| programs.tmux.clock24 | Use 24 hour clock.
|
| services.cockroachdb.group | User account under which CockroachDB runs
|
| services.gitlab.pages.settings | Configuration options to set in the GitLab Pages config
file
|
| services.kubo.emptyRepo | If set to false, the repo will be initialized with help files
|
| services.agorakit.enable | Whether to enable agorakit.
|
| services.dashy.finalDrv | Final derivation containing the fully built static files
|
| services.davis.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.earlyoom.enable | Whether to enable early out of memory killing.
|
| networking.wireguard.interfaces.<name>.preShutdown | Commands called before shutting down the interface.
|
| services.cfdyndns.enable | Whether to enable Cloudflare Dynamic DNS Client.
|
| services.cloudflare-dyndns.ipv4 | Whether to enable setting IPv4 A records.
|
| services.discourse.mail.outgoing.username | The username of the SMTP server.
|
| services.healthchecks.settingsFile | Environment variables which are read by healthchecks (local)_settings.py
|
| services.filebrowser.settings.address | The address to listen on.
|
| services.gitlab-runner.services.<name>.dockerPullPolicy | Default pull-policy for Docker images
|
| hardware.facter.debug.nvd | A shell application which will produce an nvd diff of the system closure with and without facter enabled.
|
| networking.networkmanager.ensureProfiles.profiles.<name>.connection.type | The connection type defines the connection kind, like vpn, wireguard, gsm, wifi and more.
|
| services.autosuspend.wakeups.<name>.class | Name of the class implementing the check
|
| services.blockbook-frontend.<name>.rpc.url | URL for JSON-RPC connections.
|
| services.cgminer.package | The cgminer package to use.
|
| services.incron.deny | Users forbidden from using incrontab.
|
| services.beesd.filesystems.<name>.extraOptions | Extra command-line options passed to the daemon
|
| services.invoiceplane.sites.<name>.settings | Structural InvoicePlane configuration
|
| networking.wireless.extraConfigFiles | Extra wpa_supplicant configuration files to load.
|
| boot.loader.grub.gfxmodeBios | The gfxmode to pass to GRUB when loading a graphical boot interface under BIOS.
|
| services.geoclue2.geoProviderUrl | The url to the wifi GeoLocation Service.
|
| services.gotenberg.downloadFrom.allowList | Allow these URLs to be used in the downloadFrom API field
|
| services.druid.overlord.config | (key=value) Configuration to be written to runtime.properties of the druid Druid Overlord
https://druid.apache.org/docs/latest/configuration/index.html
|
| security.tpm2.abrmd.enable | Whether to enable Trusted Platform 2 userspace resource manager daemon
.
|
| nix.settings.require-sigs | If enabled (the default), Nix will only download binaries from binary caches if
they are cryptographically signed with any of the keys listed in
nix.settings.trusted-public-keys
|
| services.akkoma.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.anubis.instances.<name>.extraFlags | A list of extra flags to be passed to Anubis.
|
| services.acpid.acEventCommands | Shell commands to execute on an ac_adapter.* event.
|
| services.certmgr.specs | Certificate specs as described by:
https://github.com/cloudflare/certmgr#certificate-specs
These will be added to the Nix store, so they will be world readable.
|
| services.fluidd.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| security.apparmor.policies.<name>.path | A path of a profile file to include
|
| services.gitlab.puma.workers | The number of worker processes Puma should spawn
|
| security.pam.services.<name>.failDelay.delay | The delay time (in microseconds) on failure.
|
| services.cgit.<name>.nginx.virtualHost | VirtualHost to serve cgit on, defaults to the attribute name.
|
| services.librenms.hostname | The hostname to serve LibreNMS on.
|
| services.htpdate.enable | Enable htpdate daemon.
|
| services.i2pd.addressbook.defaulturl | AddressBook subscription URL for initial setup
|
| services.journald.extraConfig | Extra config options for systemd-journald
|
| services.fediwall.nginx.kTLS | Whether to enable kTLS support
|
| services.homebridge.user | User to run homebridge as.
|
| nix.buildMachines.*.systems | The system types the build machine can execute derivations on
|
| services.keepalived.vrrpInstances.<name>.vmacXmitBase | Send/Recv VRRP messages from base interface instead of VMAC interface.
|
| programs.git-worktree-switcher.enable | Whether to enable git-worktree-switcher, switch between git worktrees with speed..
|
| services.bird.package | The bird3 package to use.
|
| security.loginDefs.settings.SYS_GID_MAX | Range of group IDs used for the creation of system groups by useradd, groupadd, or newusers
|
| services.bind.ipv4Only | Only use ipv4, even if the host supports ipv6.
|
| services.davis.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| security.pam.services.<name>.ttyAudit.enable | Enable or disable TTY auditing for specified users
|
| services.fluidd.enable | Whether to enable Fluidd, a Klipper web interface for managing your 3d printer.
|
| services.grafana.provision.alerting.rules.settings.deleteRules.*.orgId | Organization ID, default = 1
|
| services.ihaskell.enable | Autostart an IHaskell notebook service.
|
| boot.zfs.pools.<name>.devNodes | Name of directory from which to import ZFS device, this is passed to zpool import
as the value of the -d option
|
| boot.binfmt.emulatedSystems | List of systems to emulate
|
| services.discourse.redis.host | Redis server hostname.
|
| services.ente.api.settings.apps.public-albums | If you're running a self hosted instance and wish to serve public links,
set this to the URL where your albums web app is running.
|
| services.discourse.backendSettings | Additional settings to put in the
discourse.conf file
|
| services.i2pd.proto.i2cp.address | Bind address for i2cp endpoint.
|
| boot.initrd.systemd.users | Users to include in initrd.
|
| hardware.acpilight.enable | Enable acpilight
|
| services.gitlab.packages.gitlab-workhorse | The gitlab-workhorse package to use.
|
| services.buildbot-master.changeSource | List of Change Sources.
|
| services.fluent-bit.enable | Whether to enable Fluent Bit.
|
| services.gmediarender.package | The gmediarender package to use.
|
| services.akkoma.dist.epmdPort | TCP port to bind Erlang Port Mapper Daemon to.
|
| services.gitlab.extraDatabaseConfig | Extra configuration in config/database.yml.
|