| programs.flashrom.enable | Installs flashrom and configures udev rules for programmers
used by flashrom
|
| hardware.ubertooth.enable | Whether to enable Ubertooth software and its udev rules.
|
| services.miredo.bindAddress | Depending on the local firewall/NAT rules, you might need to force
Miredo to use a fixed UDP port and or IPv4 address.
|
| services.thanos.rule.enable | Whether to enable the Thanos ruler service which evaluates Prometheus rules against given Query nodes, exposing Store API and storing old blocks in bucket.
|
| programs.quark-goldleaf.enable | Whether to enable quark-goldleaf with udev rules applied.
|
| security.sudo.defaultOptions | Options used for the default rules, granting root and the
wheel group permission to run any command as any user.
|
| programs.flexoptix-app.enable | Whether to enable FLEXOPTIX app + udev rules.
|
| services.ndppd.interface | Interface which is on link-level with router.
(Legacy option, use services.ndppd.proxies.<interface>.rules.<network> instead)
|
| security.sudo-rs.defaultOptions | Options used for the default rules, granting root and the
wheel group permission to run any command as any user.
|
| programs.mouse-actions.enable | Whether to install and set up mouse-actions and it's udev rules
|
| programs.ns-usbloader.enable | Whether to enable ns-usbloader application with udev rules applied.
|
| hardware.hackrf.enable | Enables hackrf udev rules and ensures 'plugdev' group exists
|
| programs.flashprog.enable | Whether to enable configuring flashprog udev rules and
installing flashprog as system package
.
|
| hardware.steam-hardware.enable | Enable udev rules for Steam hardware such as the Steam Controller, other supported controllers and the HTC Vive
|
| services.sdrplayApi.enable | Whether to enable the SDRplay API service and udev rules.
To enable integration with SoapySDR and GUI applications like gqrx create an overlay containing
soapysdr-with-plugins = super.soapysdr.override { extraPackages = [ super.soapysdrplay ]; };
|
| hardware.sheep_net.enable | Enables sheep_net udev rules, ensures 'sheep_net' group exists, and adds
sheep-net to boot.kernelModules and boot.extraModulePackages
|
| services.prometheus.ruleFiles | Any additional rules files to include in this configuration.
|
| programs.feedbackd.enable | Whether to enable the feedbackd D-BUS service and udev rules
|
| services.suricata.disabledRules | List of rules that should be disabled.
|
| services.dokuwiki.sites.<name>.aclFile | Location of the dokuwiki acl rules
|
| services.suricata.settings.vars | Variables to be used within the suricata rules.
|
| hardware.kryoflux.enable | Enables kryoflux udev rules, ensures 'floppy' group exists
|
| services.usbguard.deviceRulesWithPort | Generate device specific rules including the "via-port" attribute.
|
| hardware.gpgSmartcards.enable | Whether to enable udev rules for gnupg smart cards.
|
| services.graphite.carbon.relayRules | Relay rules are used to send certain metrics to a certain backend.
|
| services.firewalld.zones.<name>.target | Action for packets that doesn't match any rules.
|
| boot.initrd.services.udev.packages | This will only be used when systemd is used in stage 1.
List of packages containing udev rules that will be copied to stage 1
|
| services.shorewall.enable | Whether to enable Shorewall IPv4 Firewall.
Enabling this service WILL disable the existing NixOS
firewall! Default firewall rules provided by packages are not
considered at the moment.
|
| systemd.tmpfiles.settings | Declare systemd-tmpfiles rules to create, delete, and clean up volatile
and temporary files and directories
|
| hardware.libjaylink.enable | Whether to enable udev rules for devices supported by libjaylink
|
| programs.dmrconfig.enable | Whether to configure system to enable use of dmrconfig
|
| hardware.flipperzero.enable | Whether to enable udev rules and software for Flipper Zero devices.
|
| security.doas.extraRules.*.setEnv | Keep or set the specified variables
|
| boot.initrd.services.udev.binPackages | This will only be used when systemd is used in stage 1.
Packages to search for binaries that are referenced by the udev rules in stage 1
|
| services.input-remapper.enableUdevRules | Whether to enable udev rules added by input-remapper to handle hotplugged devices
|
| hardware.keyboard.zsa.enable | Whether to enable udev rules for keyboards from ZSA like the ErgoDox EZ, Planck EZ and Moonlander Mark I
|
| services.earlyoom.killHook | An absolute path to an executable to be run for each process killed
|
| services.suricata.settings.rule-files | Files to load suricata-update managed rules, relative to 'default-rule-path'.
|
| services.shorewall6.enable | Whether to enable Shorewall IPv6 Firewall.
Enabling this service WILL disable the existing NixOS
firewall! Default firewall rules provided by packages are not
considered at the moment.
|
| nix.firewall.allowPrivateNetworks | Whether to allow traffic to local networks
|
| services.pcscd.ignoreReaderNames | List of reader name patterns for the PCSC daemon to ignore
|
| hardware.block.scheduler | Assign block I/O scheduler by device name pattern
|
| networking.firewall.extraInputRules | Additional nftables rules to be appended to the input-allow
chain
|
| services.ndppd.proxies.<name>.interface | Listen for any Neighbor Solicitation messages on this interface,
and respond to them according to a set of rules
|
| boot.initrd.systemd.tmpfiles.settings | Similar to systemd.tmpfiles.settings but the rules are
only applied by systemd-tmpfiles before initrd-switch-root.target
|
| services.nextcloud.webfinger | Enable this option if you plan on using the webfinger plugin
|
| hardware.keyboard.qmk.keychronSupport | Whether to enable udev rules for keychron QMK based keyboards.
|
| services.mirakurun.allowSmartCardAccess | Install polkit rules to allow Mirakurun to access smart card readers
which is commonly used along with tuner devices.
|
| programs.wireshark.usbmon.enable | Whether to allow users in the 'wireshark' group to capture USB traffic
|
| services.dovecot2.imapsieve.mailbox | Configure Sieve filtering rules on IMAP actions
|
| networking.jool.siit.<name>.framework | The framework to use for attaching Jool's translation to the exist
kernel packet processing rules
|
| networking.vswitches.<name>.openFlowRules | OpenFlow rules to insert into the Open vSwitch
|
| networking.jool.nat64.<name>.framework | The framework to use for attaching Jool's translation to the exist
kernel packet processing rules
|
| services.suricata.settings.default-rule-path | Path in which suricata-update managed rules are stored by default.
|
| services.vmalert.instances.<name>.enable | Wether to enable VictoriaMetrics's vmalert.
vmalert evaluates alerting and recording rules against a data source, sends notifications via Alertmanager.
|
| services.reaction.runAsRoot | Whether to run reaction as root
|
| services.firewalld.settings.FlushAllOnReload | Whether to flush all runtime rules on a reload.
|
| networking.firewall.extraForwardRules | Additional nftables rules to be appended to the forward-allow
chain
|
| programs.tsmClient.servers | Server definitions ("stanzas")
for the client system-options file
|
| services.firewalld.settings.CleanupOnExit | Whether to clean up firewall rules when firewalld stops.
|
| services.logrotate.settings.<name>.files | Single or list of files for which rules are defined
|
| services.nebula.networks.<name>.firewall.inbound | Firewall rules for inbound traffic.
|
| services.tinyproxy.settings.Filter | Tinyproxy supports filtering of web sites based on URLs or domains
|
| hardware.digitalbitbox.enable | Enables udev rules for Digital Bitbox devices.
|
| systemd.network.networks.<name>.routingPolicyRules | A list of routing policy rules sections to be added to the unit
|
| services.trafficserver.remap | URL remapping rules used by Traffic Server
|
| services.trafficserver.cache | Caching rules that overrule the origin's caching policy
|
| services.opensnitch.settings.Rules.Path | Path to the directory where firewall rules can be found and will
get stored by the NixOS module.
|
| security.pki.useCompatibleBundle | Whether to enable usage of a compatibility bundle
|
| services.nebula.networks.<name>.firewall.outbound | Firewall rules for outbound traffic.
|
| hardware.digitalbitbox.package | The digitalbitbox package to use
|
| programs.digitalbitbox.package | The digitalbitbox package to use
|
| networking.firewall.extraReversePathFilterRules | Additional nftables rules to be appended to the rpfilter-allow
chain
|
| networking.getaddrinfo.scopev4 | Adds custom rules to the IPv4 scope table
|
| services.uvcvideo.dynctrl.packages | List of packages containing uvcvideo dynamic controls
rules
|
| services.crossfire-server.configFiles | Text to append to the corresponding configuration files
|
| services.firezone.server.settingsSecret | This is a convenience option which allows you to set secret values for
environment variables by specifying a file which will contain the value
at runtime
|
| services.prometheus.exporters.nut.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.nut.openFirewall is true.
|
| services.prometheus.exporters.lnd.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.lnd.openFirewall is true.
|
| services.prometheus.exporters.sql.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.sql.openFirewall is true.
|
| services.prometheus.exporters.frr.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.frr.openFirewall is true.
|
| services.prometheus.exporters.pve.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.pve.openFirewall is true.
|
| services.prometheus.exporters.zfs.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.zfs.openFirewall is true.
|
| services.prometheus.exporters.kea.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.kea.openFirewall is true.
|
| services.firewalld.settings.NftablesTableOwner | If enabled, the generated nftables rule set will be owned exclusively by firewalld
|
| services.prometheus.exporters.nats.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.nats.openFirewall is true.
|
| services.prometheus.exporters.bind.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.bind.openFirewall is true.
|
| services.prometheus.exporters.ping.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.ping.openFirewall is true.
|
| services.prometheus.exporters.flow.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.flow.openFirewall is true.
|
| services.prometheus.exporters.json.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.json.openFirewall is true.
|
| services.prometheus.exporters.ipmi.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.ipmi.openFirewall is true.
|
| services.prometheus.exporters.bird.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.bird.openFirewall is true.
|
| services.prometheus.exporters.mail.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.mail.openFirewall is true.
|
| services.prometheus.exporters.ebpf.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.ebpf.openFirewall is true.
|
| services.prometheus.exporters.knot.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.knot.openFirewall is true.
|
| services.prometheus.exporters.node.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.node.openFirewall is true.
|
| services.prometheus.exporters.snmp.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.snmp.openFirewall is true.
|
| services.prometheus.exporters.mqtt.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.mqtt.openFirewall is true.
|
| services.prometheus.exporters.php-fpm.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.php-fpm.openFirewall is true.
|
| services.prometheus.exporters.nginx.firewallRules | Specify rules for nftables to add to the input chain
when services.prometheus.exporters.nginx.openFirewall is true.
|