| services.chisel-server.socks5 | Allow clients access to internal SOCKS5 proxy
|
| services.anuko-time-tracker.settings.email.smtpAuth | MTA requires authentication.
|
| services.bitlbee.protocols | This option allows to remove the support of protocol, even if compiled
in
|
| hardware.openrazer.enable | Whether to enable OpenRazer drivers and userspace daemon
.
|
| programs.wayvnc.enable | Whether to enable wayvnc, VNC server for wlroots based Wayland compositors.
|
| services.hadoop.hbase.rest.restartIfChanged | Restart rest con config change.
|
| services.broadcast-box.web.port | Port the HTTP server listens on.
|
| services.gocd-server.listenAddress | Specifies the bind address on which the Go
|
| services.icingaweb2.generalConfig | config.ini contents
|
| services.i2pd.exploratory.inbound.length | Guaranteed minimum hops for exploratory tunnels.
|
| services.gotenberg.libreoffice.autoStart | Automatically start LibreOffice when Gotenberg starts
|
| boot.initrd.stage1Greeting | The greeting message displayed during NixOS stage 1 boot.
|
| programs.dms-shell.enable | Whether to enable DankMaterialShell, a complete desktop shell for Wayland compositors.
|
| services.firezone.server.provision.accounts.<name>.groups.<name>.members | The members of this group
|
| services.libretranslate.domain | The domain serving your LibreTranslate instance
|
| services.factorio.game-name | Name of the game as it will appear in the game listing.
|
| programs.npm.enable | Whether to enable npm global config.
|
| hardware.nvidia-container-toolkit.mounts.*.containerPath | Container path.
|
| services.amazon-cloudwatch-agent.configurationFile | Amazon CloudWatch Agent configuration file
|
| services.gitlab.registry.keyFile | Path to GitLab container registry certificate-key.
|
| programs.gnupg.agent.enableBrowserSocket | Enable browser socket for GnuPG agent.
|
| hardware.cpu.amd.sev.group | Group to assign to the SEV device.
|
| services.code-server.user | The user to run code-server as
|
| services.agorakit.mail.encryption | SMTP encryption mechanism to use.
|
| services.gokapi.settingsFile | Path to config file to parse and append to settings
|
| services.hoogle.haskellPackages | Which haskell package set to use.
|
| programs.ns-usbloader.enable | Whether to enable ns-usbloader application with udev rules applied.
|
| programs.yubikey-manager.package | The yubikey-manager package to use.
|
| programs.pmount.enable | Whether to enable pmount, a tool that allows normal users to mount removable devices
without requiring root privileges
.
|
| networking.interfaces.<name>.ipv4.addresses.*.prefixLength | Subnet mask of the interface, specified as the number of
bits in the prefix (24).
|
| services.harmonia.settings | Settings to merge with the default configuration
|
| services.anuko-time-tracker.nginx.acmeRoot | Directory for the ACME challenge, which is public
|
| environment.cinnamon.excludePackages | Which packages cinnamon should exclude from the default environment
|
| services.kimai.sites.<name>.database.socket | Path to the unix socket file to use for authentication.
|
| services.dolibarr.nginx.locations.<name>.root | Root directory for requests.
|
| services.gitlab.secrets.activeRecordDeterministicKeyFile | A file containing the secret used to encrypt some rails data in a deterministic way
in the DB
|
| security.tpm2.fapi.systemPcrs | The PCR registers which are used by the system.
|
| services.headscale.settings.tls_letsencrypt_listen | When HTTP-01 challenge is chosen, letsencrypt must set up a
verification endpoint, and it will be listening on:
:http = port 80.
|
| services.displayManager.sddm.autoLogin.minimumUid | Minimum user ID for auto-login user.
|
| boot.initrd.luks.devices.<name>.yubikey.slot | Which slot on the YubiKey to challenge.
|
| boot.initrd.systemd.mounts | Definition of systemd mount units
|
| services.jitsi-meet.excalidraw.port | The port which the Excalidraw backend for Jitsi should listen to.
|
| services.fediwall.settings.loadTrends | Load trending posts
|
| services.distccd.zeroconf | Whether to register via mDNS/DNS-SD
|
| boot.bcachefs.package | The bcachefs-tools package to use
|
| security.acme.certs.<name>.email | Email address for account creation and correspondence from the CA
|
| services.buildbot-master.group | Primary group of buildbot user.
|
| services.dspam.storageDriver | Storage driver backend to use for dspam.
|
| services.dsnet.settings.Network6 | The IPv6 network that the server will use to allocate IPs on the
network
|
| services.hostapd.radios.<name>.networks.<name>.authentication.mode | Selects the authentication mode for this AP.
- "none": Don't configure any authentication
|
| programs.nixbit.forceAutostart | Force creation of autostart desktop entry when application starts
|
| services.etcd.initialAdvertisePeerUrls | Etcd list of this member's peer URLs to advertise to rest of the cluster.
|
| services.ax25.axports.<name>.callsign | The callsign of the physical interface to bind to.
|
| programs.screen.package | The screen package to use.
|
| security.pam.yubico.id | client id
|
| services.goatcounter.extraArgs | List of extra arguments to be passed to goatcounter cli
|
| services.jitterentropy-rngd.package | The jitterentropy-rngd package to use.
|
| services.chisel-server.keepalive | Keepalive interval, falls back to 25s
|
| services.anuko-time-tracker.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.desktopManager.budgie.extraPlugins | Extra plugins for the Budgie desktop
|
| services.crowdsec.localConfig.patterns | A list of files containing custom grok patterns.
|
| services.firezone.gateway.name | The name of this gateway as shown in firezone
|
| services.coturn.no-udp-relay | Disable UDP relay endpoints
|
| services.akkoma.nginx.default | Makes this vhost the default.
|
| services.klipper.configDir | Path to Klipper config file.
|
| programs.hyprland.withUWSM | Launch Hyprland with the UWSM (Universal Wayland Session Manager) session manager
|
| programs.thunderbird.policies | Group policies to install
|
| services.echoip.virtualHost | Name of the nginx virtual host to use and setup
|
| security.auditd.enable | Whether to enable the Linux Audit daemon.
|
| services.blockbook-frontend.<name>.rpc.password | RPC password for JSON-RPC connections
|
| services.athens.index.postgres.host | Host for the Postgres database.
|
| services.firezone.relay.enable | Whether to enable the firezone relay server.
|
| services.glance.settings.server.port | Glance port to listen on
|
| boot.uvesafb.v86d.package | Which v86d package to use with uvesafb
|
| programs.sway.wrapperFeatures.gtk | Whether to enable the wrapGAppsHook wrapper to execute sway with required environment
variables for GTK applications.
|
| services.factorio.allowedPlayers | If non-empty, only these player names are allowed to connect
|
| services.actkbd.extraConfig | Literal contents to append to the end of actkbd configuration file.
|
| services.buildkite-agents.<name>.package | The buildkite-agent package to use.
|
| programs.vivid.theme | Theme to be used (see vivid themes)
|
| services.eternal-terminal.enable | Whether to enable Eternal Terminal server.
|
| services.forgejo.database.path | Path to the sqlite3 database file.
|
| services.lidarr.settings.update.mechanism | which update mechanism to use
|
| image.repart.version | Version of the image
|
| services.librenms.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.consul-template.instances.<name>.settings | Free-form settings written directly to the config.json file
|
| hardware.printers.ensurePrinters.*.deviceUri | How to reach the printer.
lpinfo -v shows a list of supported device URIs and schemes.
|
| hardware.deviceTree.enable | Build device tree files
|
| services.bacula-dir.tls | TLS Options for the Director
|
| services.datadog-agent.diskCheck | Disk check config
|
| programs.alvr.enable | Whether to enable ALVR, the VR desktop streamer.
|
| networking.wlanInterfaces.<name>.type | The type of the WLAN interface
|
| programs.npm.npmrc | The system-wide npm configuration
|
| services.confd.package | The confd package to use.
|
| services.grafana.settings.users.auto_assign_org_id | Set this value to automatically add new users to the provided org
|
| services.kmscon.fonts | Fonts used by kmscon, in order of priority.
|
| hardware.nvidia.prime.reverseSync.enable | Whether to enable NVIDIA Optimus support using the NVIDIA proprietary driver via reverse
PRIME
|
| services.i2pd.ssu2.enable | Whether to enable SSU2.
|
| hardware.deviceTree.filter | Only include .dtb files matching glob expression.
|
| services.immich.group | The group immich should run as.
|
| networking.ucarp.upscript | Command to run after become master, the interface name, virtual address
and optional extra parameters are passed as arguments.
|