| programs.dwl.enable | Whether to enable Dwl is a compact, hackable compositor for Wayland based on wlroots
|
| hardware.rasdaemon.enable | Whether to enable RAS logging daemon.
|
| services.librenms.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.bosun.stateFile | Path to bosun's state file.
|
| services.code-server.extraPackages | Additional packages to add to the code-server PATH.
|
| services.dolibarr.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.drupal.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| boot.loader.grub.backgroundColor | Background color to be used for GRUB to fill the areas the image isn't filling.
|
| services.flaresolverr.port | The port on which FlareSolverr will listen for incoming HTTP traffic.
|
| services.kismet.serverName | The name of the server.
|
| services.hostapd.radios.<name>.networks.<name>.macAllowFile | Specifies a file containing the MAC addresses to allow if macAcl is set to "allow" or "radius"
|
| services.actkbd.bindings.*.command | What to run.
|
| programs.openvpn3.log-service.settings.log_level | How verbose should the logging be
|
| services.distccd.maxJobs | Maximum number of tasks distccd should execute at lib.any time.
|
| programs.waybar.enable | Whether to enable waybar, a highly customizable Wayland bar for Sway and Wlroots based compositors.
|
| services.graylog.enable | Whether to enable Graylog, a log management solution.
|
| services.haven.package | The haven package to use.
|
| programs.hyprland.enable | Whether to enable Hyprland, the dynamic tiling Wayland compositor that doesn't sacrifice on its looks
|
| services.hedgedoc.settings.allowGravatar | Whether to enable Libravatar as
profile picture source on your instance
|
| services.keycloak.database.useSSL | Whether the database connection should be secured by SSL / TLS
|
| services.beszel.hub.environment | Environment variables passed to the systemd service
|
| services.agorakit.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.airsonic.transcoders | List of paths to transcoder executables that should be accessible
from Airsonic
|
| services.i2pd.proto.http.auth | Whether to enable webconsole authentication.
|
| services.gitea.settings.server.HTTP_ADDR | Listen address
|
| networking.networkmanager.ensureProfiles.secrets.entries.*.file | file from which the secret value is read
|
| boot.initrd.systemd.users | Users to include in initrd.
|
| security.sudo-rs.package | The sudo-rs package to use.
|
| services.fider.environment | Environment variables to set for the service
|
| services.kasmweb.enable | Whether to enable kasmweb.
|
| services.eg25-manager.package | The eg25-manager package to use.
|
| ec2.zfs.datasets.<name>.properties | Properties to set on this dataset.
|
| services.forgejo.database.path | Path to the sqlite3 database file.
|
| services.firezone.server.provision.accounts.<name>.auth.<name>.adapter_config.clientSecretFile | A file containing a the client secret for an openid_connect adapter
|
| hardware.sane.brscan4.netDevices.<name>.model | The model of the network device.
|
| hardware.sane.drivers.scanSnap.enable | Whether to enable drivers for the Fujitsu ScanSnap scanners
|
| services.homebridge.settings.bridge.name | Name of the homebridge
|
| services.desktopManager.gnome.debug | Whether to enable pkgs.gnome-session debug messages.
|
| services.gotenberg.downloadFrom.denyList | Deny accepting URLs from these domains in the downloadFrom API field
|
| services.angrr.enableNixGcIntegration | Whether to enable nix-gc.service integration.
|
| services.agorakit.nginx.locations | Declarative location config
|
| services.kmonad.keyboards.<name>.defcfg.allowCommands | Whether to enable keys to run shell commands.
|
| programs.light.brightnessKeys.enable | Whether to enable brightness control with keyboard keys
|
| services.desktopManager.pantheon.extraWingpanelIndicators | Indicators to add to Wingpanel.
|
| services.flexget.user | The user under which to run flexget.
|
| services.diod.exportopts | Establish a default set of export options
|
| boot.initrd.luks.devices.<name>.keyFileTimeout | The amount of time in seconds for a keyFile to appear before
timing out and trying passwords.
|
| services.hadoop.mapredSite | Additional options and overrides for mapred-site.xml
https://hadoop.apache.org/docs/current/hadoop-mapreduce-client/hadoop-mapreduce-client-core/mapred-default.xml
|
| services.grafana.enable | Whether to enable grafana.
|
| services.inadyn.settings.custom.<name>.hostname | Hostname alias(es).
|
| services.firezone.server.web.settings | Environment variables for this component of the Firezone server
|
| services.jicofo.bridgeMuc | JID of the internal MUC used to communicate with Videobridges.
|
| services.icecream.scheduler.port | Server port to listen for icecream daemon requests.
|
| services.libvirtd.autoSnapshot.keep | Default number of snapshots to keep for VMs that don't specify a keep value.
|
| programs.hyprland.xwayland.enable | Whether to enable XWayland.
|
| services.hardware.argonone.package | The argononed package to use.
|
| services.db-rest.redis.user | Optional username used for authentication with redis.
|
| services.dokuwiki.sites.<name>.templates | List of path(s) to respective template(s) which are copied into the 'tpl' directory.
These templates need to be packaged before use, see example.
|
| security.pam.yubico.challengeResponsePath | If not null, set the path used by yubico pam module where the challenge expected response is stored
|
| services.libinput.mouse.tappingDragLock | Enables or disables drag lock during tapping behavior
|
| services.code-server.disableWorkspaceTrust | Disable Workspace Trust feature.
|
| services.forgejo.settings.server.DISABLE_SSH | Disable external SSH feature.
|
| services.heisenbridge.identd.port | identd listen port
|
| services.cadvisor.storageDriver | Cadvisor storage driver.
|
| services.firewalld.packages | Packages providing firewalld zones and other files
|
| services.iodine.server.domain | Domain or subdomain of which nameservers point to us
|
| hardware.libjaylink.enable | Whether to enable udev rules for devices supported by libjaylink
|
| programs.zsh.shellAliases | Set of aliases for zsh shell, which overrides environment.shellAliases
|
| security.loginDefs.settings.SYS_UID_MIN | Range of user IDs used for the creation of system users by useradd or newusers.
|
| services.coder.database.host | Hostname hosting the database.
|
| services.crowdsec-firewall-bouncer.package | The crowdsec-firewall-bouncer package to use.
|
| services.gancio.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.dsnet.settings | The settings to use for dsnet
|
| security.doas.extraRules.*.setEnv | Keep or set the specified variables
|
| services.libeufin.bank.settings | Configuration options for the libeufin bank system config file
|
| services.cassandra.jmxRoles | Roles that are allowed to access the JMX (e.g. nodetool)
BEWARE: The passwords will be stored world readable in the nix store
|
| services.gocd-server.sslPort | Specifies port number on which the Go
|
| services.h2o.hosts.<name>.http.port | Override the default HTTP port for this virtual host.
|
| services.flarum.domain | Domain to serve on.
|
| services.influxdb2.provision.initialSetup.tokenFile | API Token to set for the admin user
|
| services.bitmagnet.settings.http_server.port | HTTP server listen port
|
| services.hledger-web.host | Address to listen on.
|
| services.hbase-standalone.dataDir | Specifies location of HBase database files
|
| programs.command-not-found.enable | Whether interactive shells should show which Nix package (if
any) provides a missing command
|
| services.cntlm.password | Proxy account password
|
| services.kerberos_server.settings | Settings for the kerberos server of choice
|
| services.autosuspend.checks | Checks for activity
|
| services.bonsaid.settings.*.command | Command to run when this transition is taken
|
| services.cloudlog.extraConfig | Any additional text to be appended to the config.php
configuration file
|
| programs.sniffnet.enable | Whether to enable sniffnet, a network traffic monitor application.
|
| services.documize.enable | Whether to enable Documize Wiki.
|
| services.firewalld.zones.<name>.icmpBlocks | ICMP types to block in the zone.
|
| security.sudo-rs.execWheelOnly | Only allow members of the wheel group to execute sudo by
setting the executable's permissions accordingly
|
| services.autorandr.hooks.postswitch | Postswitch hook executed after mode switch.
|
| services.changedetection-io.behindProxy | Enable this option when changedetection-io runs behind a reverse proxy, so that it trusts X-* headers
|
| services.gitlab.packages.gitlab | The gitlab package to use.
|
| programs.gpu-screen-recorder.enable | Whether to install gpu-screen-recorder and generate setcap
wrappers for promptless recording.
|
| services.goatcounter.extraArgs | List of extra arguments to be passed to goatcounter cli
|
| services.arsenik.run | The keyboard shortcut of your application launcher.
|
| services.bookstack.nginx.locations.<name>.root | Root directory for requests.
|