| fonts.fontconfig.defaultFonts.sansSerif | System-wide default sans serif font(s)
|
| services.nginx.defaultListenAddresses | If vhosts do not specify listenAddresses, use these addresses by default
|
| services.nginx.defaultListen.*.ssl | Enable SSL.
|
| systemd.mounts.*.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.paths.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.units.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.movim.nginx | With this option, you can customize an Nginx virtual host which
already has sensible defaults for Movim
|
| services.kapacitor.defaultDatabase.url | The URL to an InfluxDB server that serves as the default database
|
| services.suricata.settings.default-rule-path | Path in which suricata-update managed rules are stored by default.
|
| services.nginx.defaultListen.*.addr | IP address.
|
| services.nginx.defaultListen.*.port | Port number.
|
| networking.defaultGateway6.interface | The default gateway interface.
|
| networking.defaultGateway.interface | The default gateway interface.
|
| systemd.slices.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.timers.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.gitlab.registry.defaultForProjects | If GitLab container registry should be enabled by default for projects.
|
| systemd.user.paths.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.user.units.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.k3s.role | Whether k3s should run as a server or agent
|
| services.suricata.settings.default-log-dir | The default logging directory
|
| services.anubis.defaultOptions.policy.extraBots | Additional bot rules appended to the policy
|
| systemd.targets.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.sockets.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.aria2.enable | Whether or not to enable the headless Aria2 daemon service
|
| systemd.user.timers.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.user.slices.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.coturn.no-auth | This option is opposite to lt-cred-mech.
(TURN Server with no-auth option allows anonymous access)
|
| <imports = [ pkgs.php.services.default ]> | This is a modular service, which can be imported into a NixOS configuration using the system.services option.
|
| services.nohang.configPath | Configuration file to use with nohang
|
| programs.chromium.defaultSearchProviderSearchURL | Chromium default search provider url.
|
| image.repart.name | Name of the image
|
| security.acme.defaults | Default values inheritable by all configured certs
|
| services.cloudflared.tunnels.<name>.default | Catch-all service if no ingress matches
|
| fonts.fontconfig.defaultFonts.monospace | System-wide default monospace font(s)
|
| programs.chromium.defaultSearchProviderEnabled | Enable the default search provider.
|
| systemd.services.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.user.targets.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| systemd.user.sockets.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| services.dolibarr.h2o | With this option, you can customize an H2O virtual host which already
has sensible defaults for Dolibarr
|
| time.timeZone | The time zone used when displaying times and dates
|
| programs.tsmClient.defaultServername | If multiple server stanzas are declared with
programs.tsmClient.servers,
this option may be used to name a default
server stanza that IBM TSM uses in the absence of
a user-defined dsm.opt file
|
| services.foundationdb.memory | Maximum memory used by the process
|
| services.harmonia.settings | Settings to merge with the default configuration
|
| programs.chromium.defaultSearchProviderSuggestURL | Chromium default search provider url for suggestions.
|
| services.xserver.desktopManager.surf-display.defaultWwwUri | Default URI to display.
|
| systemd.user.services.<name>.wantedBy | Units that want (i.e. depend on) this unit
|
| programs.throne.tunMode.setuid | Whether to enable setting suid bit for throne-core to run as root, which is less
secure than default setcap method but closer to upstream assumptions
|
| services.davis.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.slskd.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.movim.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| virtualisation.lxc.defaultConfig | Default config (default.conf) for new containers, i.e. for
network config
|
| boot.uki.configFile | The configuration file passed to ukify(1) to create the UKI
|
| services.pixelfed.nginx | With this option, you can customize an nginx virtual host which already has sensible defaults for Pixelfed
|
| services.snipe-it.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.kasmweb.defaultRegistrationToken | default registration token to use.
|
| services.smartd.defaults.monitored | Common default options for explicitly monitored (listed in
services.smartd.devices) devices
|
| programs.firefox.preferencesStatus | The status of firefox.preferences.
status can assume the following values:
"default": Preferences appear as default."locked": Preferences appear as default and can't be changed."user": Preferences appear as changed."clear": Value has no effect
|
| fonts.fontconfig.defaultFonts.emoji | System-wide default emoji font(s)
|
| services.apcupsd.hooks | Each attribute in this option names an apcupsd event and the string
value it contains will be executed in a shell, in response to that
event (prior to the default action)
|
| services.kanboard.nginx | With this option, you can customize an NGINX virtual host which already
has sensible defaults for Kanboard
|
| services.anuko-time-tracker.settings.defaultCurrency | Defines a default currency symbol for new groups
|
| services.dependency-track.oidc.teams.default | Defines one or more team names that auto-provisioned OIDC users shall be added to
|
| systemd.automounts.*.wantedBy | Units that want (i.e. depend on) this unit
|
| services.matomo.nginx | With this option, you can customize an nginx virtualHost which already has sensible defaults for Matomo
|
| services.anubis.defaultOptions.settings.SERVE_ROBOTS_TXT | Whether to serve a default robots.txt that denies access to common AI bots by name and all other
bots by wildcard.
|
| environment.defaultPackages | Set of default packages that aren't strictly necessary
for a running system, entries can be removed for a more
minimal NixOS installation
|
| programs.nekoray.tunMode.setuid | Whether to enable setting suid bit for nekobox_core to run as root, which is less
secure than default setcap method but closer to upstream assumptions
|
| services.akkoma.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.fluidd.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.gancio.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.monica.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.matomo.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| xdg.terminal-exec.settings | Configuration options for the Default Terminal Execution Specification
|
| services.bepasty.servers.<name>.defaultPermissions | default permissions for all unauthenticated accesses.
|
| boot.uki.tries | Number of boot attempts before this UKI is considered bad
|
| users.ldap.timeLimit | Specifies the time limit (in seconds) to use when performing
searches
|
| services.reposilite.settings.defaultFrontend | Whether to enable the default included frontend with a dashboard.
|
| services.aesmd.settings.proxyType | Type of proxy to use
|
| services.anubis.defaultOptions.enable | Whether to enable this instance of Anubis.
|
| services.suricata.settings.logging.default-log-level | The default log level: can be overridden in an output section
|
| services.aria2.serviceUMask | The file mode creation mask for Aria2 service
|
| services.dolibarr.nginx | With this option, you can customize an nginx virtual host which already has sensible defaults for Dolibarr
|
| services.athens.storage.mongo.defaultDBName | Name of the mongo database.
|
| services.udisks2.mountOnMedia | When enabled, instructs udisks2 to mount removable drives under /media/ directory, instead of the
default, ACL-controlled /run/media/$USER/
|
| users.users.<name>.linger | Whether to enable or disable lingering for this user
|
| services.anubis.defaultOptions.policy | Anubis policy configuration
|
| services.anubis.defaultOptions.user | The user under which Anubis is run
|
| services.anubis.defaultOptions.extraFlags | A list of extra flags to be passed to Anubis.
|
| services.pulseaudio.tcp.port | TCP connection port
|
| services.multipath.defaults | This section defines default values for attributes which are used
whenever no values are given in the appropriate device or multipath
sections.
|
| services.xserver.logFile | Controls the file Xorg logs to
|
| services.fider.dataDir | Default data folder for Fider.
|
| power.ups.upsmon.user | User to run upsmon as. upsmon.conf will have its owner set to this
user
|
| system.nixos.tags | Strings to prefix to the default
system.nixos.label
|
| services.fwupd.extraTrustedKeys | Installing a public key allows firmware signed with a matching private key to be recognized as trusted, which may require less authentication to install than for untrusted files
|
| services.autorandr.defaultTarget | Fallback if no monitor layout can be detected
|
| security.doas.extraRules.*.setEnv | Keep or set the specified variables
|
| services.pulseaudio.configFile | The path to the default configuration options the PulseAudio server
should use
|
| services.ntp.restrictDefault | The restriction flags to be set by default
|
| hardware.block.defaultSchedulerRotational | Default block I/O scheduler for rotational drives (e.g. hard disks)
|