| programs.slock.package | The slock package to use.
|
| services.kanboard.package | The kanboard package to use.
|
| services.keycloak.initialAdminPassword | Initial password set for the temporary admin user
|
| services.akkoma.config.":pleroma"."Pleroma.Web.Endpoint".signing_salt | Signing salt
|
| services.immich-kiosk.settings.kiosk.port | Port on which immich-kiosk will listen.
|
| services.goss.enable | Whether to enable Goss daemon.
|
| hardware.tuxedo-rs.enable | Whether to enable Rust utilities for interacting with hardware from TUXEDO Computers.
|
| services.beszel.hub.package | The beszel package to use.
|
| nix.firewall.extraNftablesRules | Extra nftables rules to prepend to the generated ones
|
| services.dolibarr.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| ec2.zfs.datasets | Datasets to create under the tank and boot zpools.
NOTE: This option is used only at image creation time, and
does not attempt to declaratively create or manage datasets
on an existing system.
|
| services.engelsystem.settings | Options to be added to config.php, as a nix attribute set
|
| services.dnsdist.extraConfig | Extra lines to be added verbatim to dnsdist.conf.
|
| services.dokuwiki.sites.<name>.package | The dokuwiki package to use.
|
| services.amazon-cloudwatch-agent.configuration | See configurationFile.
configurationFile takes precedence over configuration.
|
| services.dwm-status.package | The dwm-status package to use.
|
| environment.etc.<name>.user | User name of file owner
|
| services.haven.importRelays | List of relay configurations for importing historical events
|
| services.hadoop.hdfs.datanode.dataDirs.*.type | Storage types ([SSD]/[DISK]/[ARCHIVE]/[RAM_DISK]) for HDFS storage policies.
|
| services.hadoop.gatewayRole.enable | Whether to enable gateway role for deploying hadoop configs.
|
| services.i2pd.proto.httpProxy.inbound.length | Guaranteed minimum hops for httpproxy tunnels.
|
| services.autobrr.settings | Autobrr configuration options
|
| services.iodine.server.extraConfig | Additional command line parameters
|
| services.easytier.instances.<name>.settings.hostname | Hostname shown in peer list and web console.
|
| security.wrappers | This option effectively allows adding setuid/setgid bits, capabilities,
changing file ownership and permissions of a program without directly
modifying it
|
| services.httpd.virtualHosts.<name>.robotsEntries | Specification of pages to be ignored by web crawlers
|
| services.hostapd.radios.<name>.wifi7.enable | Enables support for IEEE 802.11be (WiFi 7, EHT)
|
| services.journalbeat.tags | Tags to place on the shipped log messages
|
| services.gancio.nginx.listenAddresses | Listen addresses for this virtual host
|
| networking.modemmanager.fccUnlockScripts.*.id | vid:pid of either the PCI or USB vendor and product ID
|
| services.gatus.enable | Whether to enable Gatus.
|
| hardware.openrazer.keyStatistics | Collects number of keypresses per hour per key used to
generate a heatmap.
|
| services.lidarr.settings | Attribute set of arbitrary config options
|
| services.fluent-bit.configurationFile | Fluent Bit configuration
|
| services.gitea.captcha.requireForExternalRegistration | Displays a CAPTCHA challenge for users that register externally.
|
| services.dnsdist.dnscrypt.listenAddress | Listen IP address of the endpoint
|
| services.acpid.handlers.<name>.action | Shell commands to execute when the event is triggered.
|
| hardware.fw-fanctrl.config.strategies.<name>.speedCurve | How should the speed curve look like
|
| services.druid.overlord.config | (key=value) Configuration to be written to runtime.properties of the druid Druid Overlord
https://druid.apache.org/docs/latest/configuration/index.html
|
| services.libeufin.bank.enable | Whether to enable libeufin core banking system and web interface.
|
| boot.crashDump.kernelParams | Parameters that will be passed to the kernel kexec-ed on crash.
|
| services.librespeed.settings | LibreSpeed configuration written as Nix expression
|
| programs.git.lfs.enable | Whether to enable git-lfs (Large File Storage).
|
| hardware.cpu.x86.msr.owner | Owner to set for devices of the msr kernel subsystem.
|
| programs.ydotool.group | Group which users must be in to use ydotool.
|
| services.journaldriver.enable | Whether to enable journaldriver to forward journald logs to
Stackdriver Logging.
|
| services.cross-seed.settings.torrentDir | Directory containing torrent files, or if you're using a torrent
client integration and injection - your torrent client's .torrent
file store/cache.
|
| services.docling-serve.package | The docling-serve package to use.
|
| hardware.trackpoint.press_to_select | Setting this to true will enable the Press to Select functions like tapping the control stick to simulate a left click, and setting false will disable it.
|
| services.bazarr.enable | Whether to enable bazarr, a subtitle manager for Sonarr and Radarr.
|
| services.grafana.provision.alerting.rules.path | Path to YAML rules configuration
|
| services.elasticsearch.dataDir | Data directory for elasticsearch.
|
| hardware.hid-fanatecff.enable | Whether to enable hid-fanatecff, a Linux kernel driver that aims to add support for Fanatec devices.
|
| services.gotosocial.settings | Contents of the GoToSocial YAML config
|
| services.firefox-syncserver.secrets | A file containing the various secrets
|
| services.httpd.logFormat | Selects the access log format written to log files
|
| services.foundationdb.serverProcesses | Number of fdbserver processes to run.
|
| services.hadoop.hdfs.namenode.extraFlags | Extra command line flags to pass to HDFS NameNode
|
| services.anuko-time-tracker.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.grafana-to-ntfy.settings.bauthUser | The user that you will authenticate with in the Grafana webhook settings
|
| services.actkbd.extraConfig | Literal contents to append to the end of actkbd configuration file.
|
| services.atalkd.configFile | Optional path to a custom atalkd.conf file
|
| networking.wireguard.interfaces.<name>.peers.*.persistentKeepalive | This is optional and is by default off, because most
users will not need it
|
| services.cryptpad.settings | Cryptpad configuration settings
|
| boot.binfmt.registrations.<name>.wrapInterpreterInShell | Whether to wrap the interpreter in a shell script
|
| programs.ryzen-monitor-ng.enable | Whether to enable ryzen_monitor_ng, a userspace application for setting and getting Ryzen SMU (System Management Unit) parameters via the ryzen_smu kernel driver
|
| services.davis.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.chrony.makestep.limit | The maximum number of times the system clock will be stepped.
|
| services.duplicity.exclude | List of paths to exclude from backups
|
| services.klipper.user | User account under which Klipper runs
|
| services.librenms.enableLocalBilling | Enable billing Cron-Jobs on the local instance
|
| services.icecream.scheduler.openFirewall | Whether to automatically open the daemon port in the firewall.
|
| boot.loader.limine.style.graphicalTerminal.font.spacing | The horizontal spacing between characters in pixels.
|
| services.hledger-web.stateDir | Path the service has access to
|
| services._3proxy.resolution | Use this option to configure name resolution and DNS caching.
|
| hardware.rtl-sdr.enable | Enables rtl-sdr udev rules, ensures 'plugdev' group exists, and blacklists DVB kernel modules
|
| image.repart.verityStore.ukiPath | Specify the location on the ESP where the UKI is placed.
|
| services.buildkite-agents.<name>.hooksPath | Path to the directory storing the hooks
|
| services.gitlab.packages.gitlab-shell | The gitlab-shell package to use.
|
| hardware.nvidia.dynamicBoost.enable | Whether to enable dynamic Boost balances power between the CPU and the GPU for improved
performance on supported laptops using the nvidia-powerd daemon
|
| services.byedpi.enable | Whether to enable the ByeDPI service.
|
| programs.xonsh.bashCompletion.enable | Whether to enable bash completions for xonsh.
|
| services.dendrite.settings.media_api.database.connection_string | Database for the Media API.
|
| services.freeswitch.enableReload | Issue the reloadxml command to FreeSWITCH when configuration directory changes (instead of restart)
|
| services.guacamole-client.settings | Configuration written to guacamole.properties.
The Guacamole web application uses one main configuration file called
guacamole.properties
|
| services.certspotter.enable | Whether to enable Cert Spotter, a Certificate Transparency log monitor.
|
| programs.mosh.openFirewall | Whether to automatically open the necessary ports in the firewall.
|
| security.acme.certs.<name>.extraDomainNames | A list of extra domain names, which are included in the one certificate to be issued.
|
| services.icingaweb2.enable | Whether to enable the icingaweb2 web interface.
|
| services.caddy.package | The caddy package to use.
|
| services.davis.nginx.default | Makes this vhost the default.
|
| services.duplicity.frequency | Run duplicity with the given frequency (see
systemd.time(7) for the format)
|
| services.fluidd.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.akkoma.config.":logger".":ex_syslogger".level | Log level
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.gatewayGroups | A list of gateway groups (sites) which can reach the resource and may be used to connect to it.
|
| services.dbus.brokerPackage | The dbus-broker package to use.
|
| programs.ccache.cacheDir | CCache directory
|
| services.glusterfs.tlsSettings.tlsPem | Path to the certificate used for TLS.
|
| services.gitea.customDir | Gitea custom directory
|
| programs.ssh.agentPKCS11Whitelist | A pattern-list of acceptable paths for PKCS#11 shared libraries
that may be used with the -s option to ssh-add.
|