| services.quickwit.dataDir | Data directory for Quickwit
|
| programs.corectrl.enable | Whether to enable CoreCtrl, a tool to overclock amd graphics cards and processors
|
| services.buildbot-worker.workerUser | Specifies the Buildbot Worker user.
|
| services.dovecot2.createMailUser | Whether to enable automatically creating the user
given in services.dovecot.user and the group
given in services.dovecot.group.
|
| programs.zsh.enableGlobalCompInit | Enable execution of compinit call for all interactive zsh shells
|
| services.logcheck.extraGroups | Extra groups for the logcheck user, for example to be able to use sendmail,
or to access certain log files.
|
| services.lasuite-meet.settings.DB_USER | User of the database
|
| services.vsftpd.enableVirtualUsers | Whether to enable the pam_userdb-based
virtual user system
|
| services.lasuite-docs.settings.DB_USER | User of the database
|
| security.run0.wheelNeedsPassword | Whether users of the wheel group must
provide a password to run commands as super user via run0.
|
| services.couchdb.uriFile | This file contains the full URI that can be used to access this
instance of CouchDB
|
| services.syncoid.localSourceAllow | Permissions granted for the services.syncoid.user user
for local source datasets
|
| services.vsftpd.anonymousUserHome | Directory to consider the HOME of the anonymous user.
|
| services.dendrite.settings.user_api.device_database.connection_string | Database for the User API, devices.
|
| security.sudo.wheelNeedsPassword | Whether users of the wheel group must
provide a password to run commands as super user via sudo.
|
| security.doas.wheelNeedsPassword | Whether users of the wheel group must provide a password to
run commands as super user via doas.
|
| services.immich.mediaLocation | Directory used to store media files
|
| services.jenkinsSlave.enable | If true the system will be configured to work as a jenkins slave
|
| programs.feedbackd.enable | Whether to enable the feedbackd D-BUS service and udev rules
|
| security.sudo-rs.wheelNeedsPassword | Whether users of the wheel group must
provide a password to run commands as super user via sudo.
|
| services.icingaweb2.modules.monitoring.transports.<name>.username | Username for the api or remote transport
|
| programs.mosh.withUtempter | Whether to enable libutempter for mosh
|
| programs.tmux.withUtempter | Whether to enable libutempter for tmux
|
| services.greetd.useTextGreeter | Whether the greeter uses text-based user interfaces (For example, tuigreet)
|
| services.tt-rss.plugins | List of plugins to load automatically for all users
|
| services.pgmanage.loginGroup | This tells pgmanage to only allow users in a certain PostgreSQL group to
login to pgmanage
|
| services.dovecot2.quotaGlobalPerUser | Quota limit for the user in bytes
|
| services.akkoma.initDb.password | Password of the database user to initialise the database with
|
| services.hostapd.enable | Whether to enable hostapd, a user space daemon for access point and
authentication servers
|
| services.accounts-daemon.enable | Whether to enable AccountsService, a DBus service for accessing
the list of user accounts and information attached to those accounts.
|
| environment.stub-ld.enable | Install a stub ELF loader to print an informative error message
in the event that a user attempts to run an ELF binary not
compiled for NixOS.
|
| services.couchdb.extraConfigFiles | Extra configuration files
|
| services.couchdb.databaseDir | Specifies location of CouchDB database files (*.couch named)
|
| services.gitea.captcha.requireForLogin | Displays a CAPTCHA challenge whenever a user logs in.
|
| services.lighttpd.document-root | Document-root of the web server
|
| services.mailman.ldap.groupSearch.query | Query to find a group associated to a user in the LDAP database.
|
| services.nomad.dropPrivileges | Whether the nomad agent should be run as a non-root nomad user.
|
| services.earlyoom.enableNotifications | Send notifications about killed processes via the system d-bus
|
| services.upower.ignoreLid | Do we ignore the lid state
Some laptops are broken
|
| services.strongswan-swanctl.swanctl.connections.<name>.unique | Connection uniqueness policy to enforce
|
| services.prosody.muc.*.vcard_muc | Adds the ability to set vCard for Multi User Chat rooms
|
| services.jenkins.jobBuilder.accessUser | User id in Jenkins used to reload config.
|
| services.cockroachdb.group | User account under which CockroachDB runs
|
| services.fediwall.nginx.kTLS | Whether to enable kTLS support
|
| services.kanboard.nginx.kTLS | Whether to enable kTLS support
|
| services.librenms.nginx.kTLS | Whether to enable kTLS support
|
| services.headscale.group | Group under which headscale runs.
If left as the default value this group will automatically be created
on system activation, otherwise you are responsible for
ensuring the user exists before the headscale service starts.
|
| services.buildbot-master.extraGroups | List of extra groups that the buildbot user should be a part of.
|
| services.agorakit.nginx.kTLS | Whether to enable kTLS support
|
| fonts.fontconfig.includeUserConf | Include the user configuration from
~/.config/fontconfig/fonts.conf or
~/.config/fontconfig/conf.d.
|
| services.dolibarr.nginx.kTLS | Whether to enable kTLS support
|
| services.namecoind.rpc.allowFrom | List of IP address ranges allowed to use the RPC API
|
| services.pixelfed.nginx.kTLS | Whether to enable kTLS support
|
| services.mainsail.nginx.kTLS | Whether to enable kTLS support
|
| services.dendrite.settings.user_api.account_database.connection_string | Database for the User API, accounts.
|
| services.gnome.gnome-keyring.enable | Whether to enable GNOME Keyring daemon, a service designed to
take care of the user's security credentials,
such as user names and passwords
.
|
| services.gitea.settings.service.DISABLE_REGISTRATION | By default any user can create an account on this gitea instance
|
| services.gitlab.databaseUsername | GitLab database user.
|
| services.buildbot-worker.extraGroups | List of extra groups that the Buildbot Worker user should be a part of.
|
| services.apcupsd.enable | Whether to enable the APC UPS daemon. apcupsd monitors your UPS and
permits orderly shutdown of your computer in the event of a power
failure
|
| services.livebook.enableUserService | Whether to enable a user service for Livebook.
|
| services.matomo.nginx | With this option, you can customize an nginx virtualHost which already has sensible defaults for Matomo
|
| services.restic.server.privateRepos | Enable private repos
|
| services.openafsClient.daemons | Number of daemons to serve user requests
|
| boot.bootspec.extensions | User-defined data that extends the bootspec document
|
| programs.system-config-printer.enable | Whether to enable system-config-printer, a Graphical user interface for CUPS administration.
|
| security.pam.u2f.settings.cue | By default pam-u2f module does not inform user
that he needs to use the u2f device, it just waits without a prompt
|
| boot.loader.initScript.enable | Some systems require a /sbin/init script which is started
|
| services.openssh.settings.PrintMotd | Whether to enable printing /etc/motd when a user logs in interactively.
|
| services.privoxy.settings | This option is mapped to the main Privoxy configuration file
|
| services.tt-rss.database.createLocally | Create the database and database user locally.
|
| services.miniflux.config.CREATE_ADMIN | Create an admin user from environment variables.
|
| services.maubot.extraConfigFile | A file for storing secrets
|
| virtualisation.oci-containers.containers.<name>.login.username | Username for login.
|
| security.pam.enableFscrypt | Whether to enable fscrypt, to automatically unlock directories with the user's login password
|
| services.anki-sync-server.baseDirectory | Base directory where user(s) synchronized data will be stored.
|
| services.consul.dropPrivileges | Whether the consul agent should be run as a non-root consul user.
|
| services.gammu-smsd.backend.sql.password | User password used for connection to the database
|
| services.radicle.httpd.nginx.kTLS | Whether to enable kTLS support
|
| services.misskey.settings.url | The final user-facing URL
|
| services.minetest-server.configPath | Path to the config to use
|
| services.netbird.clients.<name>.name | Primary name for use (as a suffix) in:
- systemd service name,
- hardened user name and group,
- systemd
*Directory= names,
- desktop application identification,
|
| services.microsocks.authOnce | If true, once a specific ip address authed successfully with user/pass,
it is added to a whitelist and may use the proxy without auth.
|
| services.netbird.tunnels.<name>.name | Primary name for use (as a suffix) in:
- systemd service name,
- hardened user name and group,
- systemd
*Directory= names,
- desktop application identification,
|
| services.grafana.settings.users.allow_org_create | Set to false to prohibit users from creating new organizations.
|
| services.pgmanage.superOnly | This tells pgmanage whether or not to only allow super users to
login
|
| services.dependency-track.settings."alpine.oidc.team.synchronization" | This option will ensure that team memberships for OpenID Connect users are dynamic and
synchronized with membership of OpenID Connect groups or assigned roles
|
| programs.steam.fontPackages | Font packages to use in Steam
|
| services.wstunnel.clients.<name>.upgradeCredentials | Use these credentials to authenticate during the HTTP upgrade request
(Basic authorization type, USER:[PASS]).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing HTTP_PASSWORD=<your-password-here> and set this
option to <user>:$HTTP_PASSWORD
|
| services.gitolite.adminPubkey | Initial administrative public key for Gitolite
|
| services.portunus.dex.enable | Whether to enable Dex ldap connector
|
| services.unpoller.influxdb.pass | Path of a file containing the password for influxdb
|
| services.slurm.dbdserver.storageUser | Database user name.
|
| services.grafana.settings.users.default_language | This setting configures the default UI language, which must be a supported IETF language tag, such as en-US.
|
| services.httpd.logFormat | Selects the access log format written to log files
|
| services.kasmweb.defaultUserPassword | default user password to use.
|
| services.jupyter.kernels.<name>.displayName | Name that will be shown to the user.
|
| services.anuko-time-tracker.nginx.kTLS | Whether to enable kTLS support
|
| services.nginx.virtualHosts.<name>.kTLS | Whether to enable kTLS support
|
| services.udisks2.mountOnMedia | When enabled, instructs udisks2 to mount removable drives under /media/ directory, instead of the
default, ACL-controlled /run/media/$USER/
|