| services.fedimintd.<name>.nginx.config.http2 | Whether to enable the HTTP/2 protocol
|
| boot.initrd.supportedFilesystems | Names of supported filesystem types, or an attribute set of file system types
and their state
|
| services.immich.redis.port | The port that redis will listen on
|
| services.syslogd.tty | The tty device on which syslogd will print important log
messages
|
| services.rke2.role | Whether rke2 should run as a server or agent
|
| services.domoticz.port | Port to bind to for HTTP, set to 0 to disable HTTP.
|
| services.tor.enableGeoIP | Whether to enable use of GeoIP databases
|
| services.icingaweb2.modules.monitoring.backends.<name>.disabled | Disable this backend
|
| services.chhoto-url.settings.disable_frontend | Whether to disable the frontend.
|
| services.chrony.enable | Whether to synchronise your machine's time using chrony
|
| services.ferm.enable | Whether to enable Ferm Firewall.
Warning: Enabling this service WILL disable the existing NixOS
firewall! Default firewall rules provided by packages are not
considered at the moment.
|
| hardware.sane.disabledDefaultBackends | Names of backends which are enabled by default but should be disabled
|
| services.airsonic.port | The port on which Airsonic will listen for
incoming HTTP traffic
|
| services.subsonic.port | The port on which Subsonic will listen for
incoming HTTP traffic
|
| services.cryptpad.settings.blockDailyCheck | Disable telemetry
|
| services.journald.audit | If enabled systemd-journald will turn on auditing on start-up
|
| powerManagement.powertop.postStart | Shell commands executed after powertop is started
|
| system.autoUpgrade.upgrade | Disable adding the --upgrade parameter when channel
is not set, such as when upgrading to the latest version
of a flake honouring its lockfile.
|
| services.limesurvey.nginx.virtualHost.http2 | Whether to enable the HTTP/2 protocol
|
| programs.zsh.ohMyZsh.preLoaded | Shell commands executed before the oh-my-zsh is loaded
|
| services.galene.turnAddress | Built-in TURN server listen address and port
|
| services.tor.client.enable | Whether to enable the routing of application connections
|
| users.users.<name>.expires | Set the date on which the user's account will no longer be
accessible
|
| services.k3s.manifests | Auto-deploying manifests that are linked to /var/lib/rancher/k3s/server/manifests before k3s starts
|
| services.rke2.manifests | Auto-deploying manifests that are linked to /var/lib/rancher/rke2/server/manifests before rke2 starts
|
| services.prometheus.exporters.mail.configuration.disableFileDeletion | Disables the exporter's function to delete probing mails.
|
| services.dspam.domainSocket | Path to local domain socket which is used for communication with the daemon
|
| security.shadow.enable | Enable the shadow authentication suite, which provides critical programs such as su, login, passwd
|
| users.allowNoPasswordLogin | Disable checking that at least the root user or a user in the wheel group can log in using
a password or an SSH key
|
| services.jibri.xmppEnvironments.<name>.disableCertificateVerification | Whether to skip validation of the server's certificate.
|
| services.bird.checkConfig | Whether the config should be checked at build time
|
| services.subsonic.httpsPort | The port on which Subsonic will listen for
incoming HTTPS traffic
|
| services.trilium-server.noBackup | Disable periodic database backups.
|
| virtualisation.vmware.host.enable | This enables VMware host virtualisation for running VMs.
vmware-vmx will cause kcompactd0 due to
Transparent Hugepages feature in kernel
|
| services.movim.h2o.tls.policy | add will additionally listen for TLS connections. only will
disable TLS connections. force will redirect non-TLS traffic
to the TLS connection.
|
| services.thanos.rule.grpc-server-tls-key | TLS Key for the gRPC server, leave blank to disable TLS
|
| services.jitsi-videobridge.xmppConfigs.<name>.disableCertificateVerification | Whether to skip validation of the server's certificate.
|
| services.misskey.reverseProxy.webserver.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.knot.keyFiles | A list of files containing additional configuration
to be included using the include directive
|
| services.grafana.settings.security.disable_gravatar | Set to true to disable the use of Gravatar for user profile images.
|
| services.bosun.opentsdbHost | Host and port of the OpenTSDB database that stores bosun data
|
| services.lifecycled.noSpot | Disable the spot termination listener.
|
| services.thanos.rule.grpc-server-tls-cert | TLS Certificate for gRPC server, leave blank to disable TLS
|
| users.extraUsers.<name>.expires | Set the date on which the user's account will no longer be
accessible
|
| xdg.icons.fallbackCursorThemes | Names of the fallback cursor themes, in order of preference, to be used when no other icon source can be found
|
| services.nezha-agent.settings.disable_send_query | Disable sending TCP/ICMP/HTTP requests.
|
| services.avahi.cacheEntriesMax | Number of resource records to be cached per interface
|
| services.thanos.store.grpc-server-tls-key | TLS Key for the gRPC server, leave blank to disable TLS
|
| services.thanos.query.grpc-server-tls-key | TLS Key for the gRPC server, leave blank to disable TLS
|
| services.zapret.httpSupport | Whether to route http traffic on port 80
|
| services.h2o.hosts.<name>.tls.policy | add will additionally listen for TLS connections. only will
disable TLS connections. force will redirect non-TLS traffic
to the TLS connection.
|
| services.stargazer.genCerts | Set to false to disable automatic certificate generation
|
| networking.dhcpcd.enable | Whether to enable dhcpcd for device configuration
|
| services.dawarich.redis.port | The port of the redis server Dawarich will connect to
|
| services.thanos.query.grpc-server-tls-cert | TLS Certificate for gRPC server, leave blank to disable TLS
|
| services.thanos.store.grpc-server-tls-cert | TLS Certificate for gRPC server, leave blank to disable TLS
|
| services.documize.db | Database specific connection string for example:
- MySQL/Percona/MariaDB:
user:password@tcp(host:3306)/documize
- MySQLv8+:
user:password@tcp(host:3306)/documize?allowNativePasswords=true
- PostgreSQL:
host=localhost port=5432 dbname=documize user=admin password=secret sslmode=disable
- MSSQL:
sqlserver://username:password@localhost:1433?database=Documize or
sqlserver://sa@localhost/SQLExpress?database=Documize
|
| services.oauth2-proxy.cookie.refresh | Refresh the cookie after this duration; 0 to disable.
|
| services.nats.validateConfig | If true, validate nats config at build time
|
| services.movim.podConfig.chatonly | Disable all the social feature (Communities, Blog…) and keep only the chat ones
|
| systemd.network.wait-online.timeout | Time to wait for the network to come online, in seconds
|
| services.wiki-js.settings.offline | Disable latest file updates and enable
sideloading.
|
| networking.dhcpcd.IPv6rs | Force enable or disable solicitation and receipt of IPv6 Router Advertisements
|
| services.nebula.networks.<name>.enable | Enable or disable this network.
|
| security.lockKernelModules | Disable kernel module loading once the system is fully initialised
|
| boot.zfs.forceImportRoot | Forcibly import the ZFS root pool(s) during early boot
|
| services.sftpgo.settings.smtp.host | Location of SMTP email server
|
| services.sslh.settings.numeric | Whether to disable reverse DNS lookups, thus keeping IP
address literals in the log.
|
| services.thanos.receive.grpc-server-tls-key | TLS Key for the gRPC server, leave blank to disable TLS
|
| services.thanos.sidecar.grpc-server-tls-key | TLS Key for the gRPC server, leave blank to disable TLS
|
| services.envoy.requireValidConfig | Whether a failure during config validation at build time is fatal
|
| services.locate.interval | Update the locate database at this interval
|
| services.acme-dns.settings.api.disable_registration | Whether to disable the HTTP registration endpoint.
|
| hardware.trackpoint.ext_dev | Disable or enable external pointing device.
|
| security.pam.services.<name>.ttyAudit.enable | Enable or disable TTY auditing for specified users
|
| services.thanos.sidecar.grpc-server-tls-cert | TLS Certificate for gRPC server, leave blank to disable TLS
|
| services.thanos.receive.grpc-server-tls-cert | TLS Certificate for gRPC server, leave blank to disable TLS
|
| services.dolibarr.h2o.tls.policy | add will additionally listen for TLS connections. only will
disable TLS connections. force will redirect non-TLS traffic
to the TLS connection.
|
| services.pihole-ftl.privacyLevel | Level of detail in generated statistics. 0 enables full statistics, 3
shows only anonymous statistics
|
| services.shorewall.enable | Whether to enable Shorewall IPv4 Firewall.
Enabling this service WILL disable the existing NixOS
firewall! Default firewall rules provided by packages are not
considered at the moment.
|
| services.miniflux.config.WATCHDOG | Enable or disable Systemd watchdog.
|
| services.tt-rss.enableGZipOutput | Selectively gzip output to improve wire performance
|
| services.earlyoom.reportInterval | Interval (in seconds) at which a memory report is printed (set to 0 to disable).
|
| services.discourse.nginx.enable | Whether an nginx virtual host should be
set up to serve Discourse
|
| security.tpm2.fapi.ekCertLess | A switch to disable Endorsement Key (EK) certificate verification
|
| services.physlock.muteKernelMessages | Disable kernel messages on console while physlock is running.
|
| services.omnom.settings.app.disable_signup | Whether to enable restricting user creation.
|
| services.gitea.settings.server.DISABLE_SSH | Disable external SSH feature.
|
| fonts.fontconfig.antialias | Enable font antialiasing
|
| services.physlock.enable | Whether to enable the physlock screen locking mechanism
|
| services.ntopng.redis.createInstance | Local Redis instance name
|
| services.nextcloud.extraApps | Extra apps to install
|
| services.shorewall6.enable | Whether to enable Shorewall IPv6 Firewall.
Enabling this service WILL disable the existing NixOS
firewall! Default firewall rules provided by packages are not
considered at the moment.
|
| boot.binfmt.addEmulatedSystemsToNixSandbox | Whether to add the boot.binfmt.emulatedSystems to nix.settings.extra-platforms
|
| programs.gnupg.agent.enableSSHSupport | Enable SSH agent support in GnuPG agent
|
| services.thanos.query-frontend.grpc-server-tls-key | TLS Key for the gRPC server, leave blank to disable TLS
|
| hardware.sata.timeout.deciSeconds | Set SCT Error Recovery Control timeout in deciseconds for use in RAID configurations
|
| boot.initrd.systemd.network.wait-online.timeout | Time to wait for the network to come online, in seconds
|
| services.stargazer.requestTimeout | Number of seconds to wait for the client to send a complete
request
|
| services.thanos.query-frontend.grpc-server-tls-cert | TLS Certificate for gRPC server, leave blank to disable TLS
|