| services.grafana.settings.security.strict_transport_security_subdomains | Set to true to enable HSTS includeSubDomains option
|
| services.https-dns-proxy.enable | Whether to enable https-dns-proxy daemon.
|
| services.jibri.config | Jibri configuration
|
| services.gitlab.secrets.activeRecordSaltFile | A file containing the salt for active record encryption in the DB
|
| services.athens.filterFile | Filename for the include exclude filter.
|
| hardware.fw-fanctrl.config.strategies.<name>.movingAverageInterval | Interval (seconds) of the last temperatures to use to calculate the average temperature
|
| services.grafana.provision.datasources.settings.datasources.*.name | Name of the datasource
|
| documentation.man.mandoc.enable | Whether to enable mandoc as the default man page viewer.
|
| power.ups.upsd.extraConfig | Additional lines to add to upsd.conf.
|
| services.fediwall.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.grafana.settings.database.wal | For sqlite3 only
|
| boot.binfmt.registrations.<name>.interpreter | The interpreter to invoke to run the program
|
| boot.loader.grub.gfxpayloadBios | The gfxpayload to pass to GRUB when loading a graphical boot interface under BIOS.
|
| hardware.alsa.enablePersistence | Whether to enable ALSA sound card state saving on shutdown
|
| ec2.zfs.datasets.<name>.mount | Where to mount this dataset.
|
| services.govee2mqtt.enable | Whether to enable Govee2MQTT.
|
| services.libinput.mouse.horizontalScrolling | Enables or disables horizontal scrolling
|
| security.pam.p11.enable | Enables P11 PAM (pam_p11) module
|
| services.i2pd.outTunnels.<name>.destinationPort | Connect to particular port at destination.
|
| services.displayManager.dms-greeter.logs.save | Whether to enable saving logs from the DMS greeter to a file.
|
| programs.dsearch.enable | Whether to enable dsearch, a fast filesystem search service with fuzzy matching.
|
| services.lavalink.openFirewall | Whether to expose the port to the network.
|
| services.cloudflare-warp.rootDir | Working directory for the warp-svc daemon.
|
| services.inspircd.package | The InspIRCd package to use
|
| networking.vswitches.<name>.supportedOpenFlowVersions | Supported versions to enable on this switch.
|
| services.easytier.instances.<name>.extraArgs | Extra args append to the easytier command-line.
|
| services.ebusd.logs.update | Only write log for matching AREAs (all|main|network|bus|device|update|other) below or equal to LEVEL (none|error|notice|info|debug)
|
| boot.swraid.mdadmConf | Contents of /etc/mdadm.conf.
|
| services.invoiceplane.sites.<name>.enable | Whether to enable InvoicePlane web application.
|
| services.beanstalkd.listen.port | TCP port that will be used to accept client connections.
|
| services.code-server.extensionsDir | Path to the extensions directory.
|
| programs.dms-shell.systemd.restartIfChanged | Whether to restart the dms.service when the DankMaterialShell package or
configuration changes
|
| services.ihaskell.extraPackages | Extra packages available to ghc when running ihaskell
|
| fileSystems.<name>.label | Label of the device
|
| services.dgraph.enable | Whether to enable Dgraph native GraphQL database with a graph backend.
|
| services.fluidd.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.lemmy.enable | Whether to enable lemmy a federated alternative to reddit in rust.
|
| services.cockroachdb.openPorts | Open firewall ports for cluster communication by default
|
| services.immich.database.enableVectorChord | Whether to enable the new VectorChord extension for full-text search in Postgres.
|
| services.davis.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.doh-server.settings.verbose | Enable logging
|
| services.etebase-server.settings.global.secret_file | The path to a file containing the secret
used as django's SECRET_KEY.
|
| services.beszel.hub.dataDir | Data directory of beszel-hub.
|
| services.glitchtip.redis.createLocally | Whether to enable and configure a local Redis instance.
|
| services.bpftune.enable | Whether to enable bpftune BPF driven auto-tuning.
|
| services.anuko-time-tracker.nginx.listenAddresses | Listen addresses for this virtual host
|
| services.dae.disableTxChecksumIpGeneric | See https://github.com/daeuniverse/dae/issues/43
|
| services.firewalld.zones.<name>.forwardPorts.*.port | |
| services.cjdns.UDPInterface.connectTo.<name>.password | Authorized password to the opposite end of the tunnel.
|
| hardware.sheep_net.enable | Enables sheep_net udev rules, ensures 'sheep_net' group exists, and adds
sheep-net to boot.kernelModules and boot.extraModulePackages
|
| services.komodo-periphery.group | Group under which the Periphery agent runs.
|
| services.canaille.settings.CANAILLE.SMTP.PASSWORD | SMTP Password
|
| services.connman.extraFlags | Extra flags to pass to connmand
|
| services.draupnir.secrets.accessToken | File containing the access token for Draupnir's Matrix account
to be used in place of services.draupnir.settings.accessToken.
|
| services.frp.instances.<name>.enable | Whether to enable frp.
|
| services.dolibarr.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| programs.vscode.extensions | List of extensions to install.
|
| services.infinoted.user | What to call the dedicated user under which infinoted is run
|
| services.hostapd.radios.<name>.networks.<name>.macAcl | Station MAC address -based authentication
|
| services.dolibarr.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.factorio.autosave-interval | Autosave interval in minutes.
|
| services.hardware.pommed.enable | Whether to use the pommed tool to handle Apple laptop
keyboard hotkeys.
|
| services.fluentd.enable | Whether to enable fluentd, a data/log collector.
|
| services.jicofo.xmppHost | Hostname of the XMPP server to connect to.
|
| services.i2pd.family | Specify a family the router belongs to.
|
| services.i2pd.floodfill | Makes your router a floodfill, that means what other routers will
publish and get LeaseSets and RouterInfos on your router.
|
| hardware.openrazer.verboseLogging | Whether to enable verbose logging
|
| hardware.nvidia.prime.offload.enableOffloadCmd | Whether to enable adding a nvidia-offload convenience script to environment.systemPackages
for offloading programs to an nvidia device
|
| services.grafana.provision.dashboards.path | Path to YAML dashboard configuration
|
| services.grafana.settings.server.socket | Path where the socket should be created when protocol=socket
|
| boot.loader.systemd-boot.graceful | Invoke bootctl install with the --graceful option,
which ignores errors when EFI variables cannot be written or when the EFI System Partition
cannot be found
|
| programs.openvpn3.log-service | Log service configuration
|
| services.i2pd.proto.socksProxy.latency.min | Min latency for tunnels.
|
| documentation.man.mandoc.extraConfig | Extra configuration to write to man.conf(5).
|
| services.hadoop.hdfs.zkfc.extraEnv | Extra environment variables for HDFS ZooKeeper failover controller
|
| services.flarum.package | The flarum package to use.
|
| services.gpm.protocol | Mouse protocol to use.
|
| services.deluge.openFirewall | Whether to open the firewall for the ports in
services.deluge.config.listen_ports
|
| services.keepalived.vrrpInstances.<name>.vmacXmitBase | Send/Recv VRRP messages from base interface instead of VMAC interface.
|
| i18n.inputMethod.type | Select the enabled input method
|
| services.icingaweb2.modules.monitoring.backends | Monitoring backends to define
|
| services.libinput.mouse.accelProfile | Sets the pointer acceleration profile to the given profile
|
| services.go-camo.extraOptions | Extra options passed to the go-camo command.
|
| services.authelia.instances.<name>.secrets.oidcHmacSecretFile | Path to your HMAC secret used to sign OIDC JWTs.
|
| programs.cdemu.image-analyzer | Whether to install the image analyzer.
|
| nix.optimise.randomizedDelaySec | Add a randomized delay before the optimizer will run
|
| services.cfssl.mutualTlsClientCert | Mutual TLS - client certificate to call remote instance requiring client certs.
|
| networking.interfaces.<name>.tempAddress | When IPv6 is enabled with SLAAC, this option controls the use of
temporary address (aka privacy extensions) on this
interface
|
| services.druid.middleManager.enable | Whether to enable Druid middleManager.
|
| programs.uwsm.waylandCompositors.<name>.comment | The comment field of the desktop entry file.
|
| boot.loader.grub.extraEntriesBeforeNixOS | Whether extraEntries are included before the default option.
|
| services.jigasi.environmentFile | File containing environment variables to be passed to the jigasi service,
in which secret tokens can be specified securely by defining values for
JIGASI_SIPUSER,
JIGASI_SIPPWD,
JIGASI_SIPSERVER and
JIGASI_SIPPORT.
|
| boot.iscsi-initiator.extraConfigFile | Append an additional file's contents to /etc/iscsid.conf
|
| networking.firewall.allowedTCPPortRanges | A range of TCP ports on which incoming connections are
accepted.
|
| services.changedetection-io.group | Group account under which changedetection-io runs.
|
| services.grafana.provision.datasources.path | Path to YAML datasource configuration
|
| services.librenms.nginx.locations.<name>.root | Root directory for requests.
|
| services.davfs2.enable | Whether to enable davfs2.
|
| services.dovecot2.mailPlugins.globally | Additional entries to add to the mail_plugins variable for all protocols
|
| services.gdomap.enable | Whether to enable GNUstep Distributed Objects name server.
|