| services.hardware.dell-bios-fan-control.enable | Whether to enable One-shot service to disable dell bios fan control on startup.
|
| services.borgbackup.jobs.<name>.wrapper | Name of the wrapper that is installed into PATH
|
| services.jitsi-meet.nginx.enable | Whether to enable nginx virtual host that will serve the javascript application and act as
a proxy for the XMPP server
|
| services.collectd.validateConfig | Validate the syntax of collectd configuration file at build time
|
| services.kapacitor.loadDirectory | Directory where to load services from, such as tasks, templates and handlers (or null to disable service loading on startup)
|
| services.immich.database.enableVectors | Whether to enable pgvecto.rs in the database
|
| services.geoclue2.enableStatic | Whether to enable the static source
|
| services.vsftpd.anonymousUserNoPassword | Whether to disable the password for the anonymous FTP user.
|
| services.opensearch.settings."plugins.security.disabled" | Whether to enable the security plugin,
plugins.security.ssl.transport.keystore_filepath or
plugins.security.ssl.transport.server.pemcert_filepath and
plugins.security.ssl.transport.client.pemcert_filepath
must be set for this plugin to be enabled.
|
| services.grafana.settings.database.wal | For sqlite3 only
|
| services.pomerium.useACMEHost | If set, use a NixOS-generated ACME certificate with the specified name
|
| services.invidious.nginx.enable | Whether to configure nginx as a reverse proxy for Invidious
|
| services.librespeed.downloadIPDB | Whether to download the IP info database before starting librespeed
|
| services.forgejo.settings.server.DISABLE_SSH | Disable external SSH feature.
|
| services.nghttpx.frontends.*.params.tls | Enable or disable TLS
|
| services.scrutiny.influxdb.enable | Enables InfluxDB on the host system using the services.influxdb2 NixOS module
with default options
|
| services.zapret.configureFirewall | Whether to setup firewall routing so that system http(s) traffic is forwarded via this service
|
| services.xserver.windowManager.awesome.noArgb | Disable client transparency support, which can be greatly detrimental to performance in some setups
|
| services.vsftpd.portPromiscuous | Set to YES if you want to disable the PORT security check that ensures that
outgoing data connections can only connect to the client
|
| services.watchdogd.settings.safe-exit | With safeExit enabled, the daemon will ask the driver to disable the WDT before exiting
|
| fonts.fontconfig.hinting.enable | Enable font hinting
|
| security.duosec.allowTcpForwarding | By default, when SSH forwarding, enabling Duo Security will
disable TCP forwarding
|
| services.librenms.enableLocalBilling | Enable billing Cron-Jobs on the local instance
|
| services.strongswan.managePlugins | If set to true, this option will disable automatic plugin loading and
then tell strongSwan to enable the plugins specified in the
enabledPlugins option.
|
| services.nezha-agent.settings.disable_command_execute | Disable executing the command from dashboard.
|
| services.stargazer.responseTimeout | Number of seconds to wait for the client to send a complete
request and for stargazer to finish sending the response
|
| services.dendrite.settings.client_api.registration_disabled | Whether to disable user registration to the server
without the shared secret.
|
| services.cassandra.fullRepairInterval | Set the interval how often full repairs are run, i.e.
nodetool repair --full is executed
|
| services.lighttpd.enableUpstreamMimeTypes | Whether to include the list of mime types bundled with lighttpd
(upstream)
|
| services.clamsmtp.instances.*.keepAlives | Number of seconds to wait between each NOOP sent to the sending
server. 0 to disable
|
| services.gitlab-runner.services.<name>.dockerDisableCache | Disable all container caching.
|
| programs.ssh.forwardX11 | Whether to request X11 forwarding on outgoing connections by default
|
| services.jitsi-meet.prosody.lockdown | Whether to disable Prosody features not needed by Jitsi Meet
|
| services.lldap.silenceForceUserPassResetWarning | Disable warning when the admin password is set declaratively with the ldap_user_pass_file setting
but the force_ldap_user_pass_reset is set to false
|
| services.wg-access-server.settings.dns.enabled | Enable/disable the embedded DNS proxy server
|
| networking.dhcpcd.denyInterfaces | Disable the DHCP client for any interface whose name matches
any of the shell glob patterns in this list
|
| services.nitter.preferences.replaceYouTube | Replace YouTube links with links to this instance (blank to disable).
|
| services.cron.systemCronJobs | A list of Cron jobs to be appended to the system-wide
crontab
|
| services.ollama.package | The ollama package to use
|
| services.cloudflare-ddns.provider.ipv4 | IP detection provider for IPv4
|
| services.cloudflare-ddns.provider.ipv6 | IP detection provider for IPv6
|
| services.dnscrypt-proxy.upstreamDefaults | Whether to base the config declared in services.dnscrypt-proxy.settings on the upstream example config (https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml)
Disable this if you want to declare your dnscrypt config from scratch.
|
| networking.wireless.fallbackToWPA2 | Whether to fall back to WPA2 authentication protocols if WPA3 failed
|
| services.umami.settings.DISABLE_TELEMETRY | Umami collects completely anonymous telemetry data in order help improve the application
|
| services.buffyboard.settings.input.pointer | Enable or disable the use of a hardware mouse or other pointing device.
|
| networking.tempAddresses | Whether to enable IPv6 Privacy Extensions for interfaces not
configured explicitly in
networking.interfaces._name_.tempAddress
|
| services.nitter.preferences.replaceReddit | Replace Reddit links with links to this instance (blank to disable).
|
| virtualisation.fileSystems.<name>.noCheck | Disable running fsck on this filesystem.
|
| services.dnscrypt-proxy2.upstreamDefaults | Whether to base the config declared in services.dnscrypt-proxy2.settings on the upstream example config (https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml)
Disable this if you want to declare your dnscrypt config from scratch.
|
| services.znc.config | Configuration for ZNC, see
https://wiki.znc.in/Configuration for details
|
| services.gitlab-runner.services.<name>.debugTraceDisabled | When set to true Runner will disable the possibility of
using the CI_DEBUG_TRACE feature.
|
| services.pocket-id.settings.ANALYTICS_DISABLED | Whether to disable analytics
|
| services.sabnzbd.settings.servers.<name>.optional | In case of connection failures, temporarily
disable this server. (See sabnzbd's documentation
for usage guides).
|
| services.paretosecurity.trayIcon | Set to false to disable the tray icon and run as a CLI tool only.
|
| services.rustus.disable_health_access_logs | disable access log for /health endpoint
|
| services.nextcloud.appstoreEnable | Allow the installation and updating of apps from the Nextcloud appstore
|
| services.tarsnap.archives.<name>.cachedir | The cache allows tarsnap to identify previously stored data
blocks, reducing archival time and bandwidth usage
|
| services.nitter.preferences.replaceTwitter | Replace Twitter links with links to this instance (blank to disable).
|
| services.grafana.settings.database.ssl_mode | For Postgres, use either disable, require or verify-full
|
| services.weblate.configurePostgresql | Whether to enable and configure a local PostgreSQL server by creating a user and database for weblate
|
| services.wyoming.satellite.microphone.autoGain | Automatic gain control in dbFS, with 31 being the loudest value
|
| virtualisation.vmware.guest.headless | Whether to disable X11-related features.
|
| services.ferretdb.settings.FERRETDB_TELEMETRY | Enable or disable basic telemetry
|
| services.movim.podConfig.disableregistration | Remove the XMPP registration flow and buttons from the interface
|
| services.headscale.settings.oidc.pkce.enabled | Enable or disable PKCE (Proof Key for Code Exchange) support
|
| services.crowdsec-firewall-bouncer.createRulesets | Whether to have the module create the appropriate firewall configuration
based on the bouncer settings
|
| networking.wireless.athUserRegulatoryDomain | If enabled, sets the ATH_USER_REGD kernel config switch to true to
disable the enforcement of EEPROM regulatory restrictions for ath
drivers
|
| services.paperless.passwordFile | A file containing the superuser password
|
| services.nextcloud-spreed-signaling.settings.mcu.type | The type of MCU to use
|
| services.yggdrasil.denyDhcpcdInterfaces | Disable the DHCP client for any interface whose name matches
any of the shell glob patterns in this list
|
| services.tarsnap.archives.<name>.checkpointBytes | Create a checkpoint every checkpointBytes
of uploaded data (optionally specified using an SI prefix).
1GB is the minimum value
|
| services.librenms.distributedPoller.enable | Configure this LibreNMS instance as a distributed poller
|
| networking.firewall.checkReversePath | Performs a reverse path filter test on a packet
|
| hardware.nvidia.prime.reverseSync.setupCommands.enable | Whether to enable configure the display manager to be able to use the outputs
attached to the NVIDIA GPU
|
| services.logrotate.checkConfig | Whether the config should be checked at build time
|
| services.nextcloud.enableImagemagick | Whether to enable the ImageMagick module for PHP
|
| services.desktopManager.plasma6.enableQt5Integration | Enable Qt 5 integration (theming, etc)
|
| services.nextcloud-spreed-signaling.settings.grpc.listen | IP and port to listen on for GRPC requests
|
| services.libinput.mouse.horizontalScrolling | Enables or disables horizontal scrolling
|
| services.buffyboard.settings.input.touchscreen | Enable or disable the use of the touchscreen.
|
| services.xserver.desktopManager.surf-display.pointerButtonMap | Disable right and middle pointer device click in browser sessions
while keeping scrolling wheels' functionality intact
|
| services.ollama.acceleration | What interface to use for hardware acceleration
|
| networking.getaddrinfo.precedence | Similar to networking.getaddrinfo.label, but this option
defines entries for the precedence table instead
|
| services.resolved.dnssec | If set to
"true":
all DNS lookups are DNSSEC-validated locally (excluding
LLMNR and Multicast DNS)
|
| services.nextcloud-spreed-signaling.settings.turn.servers | A list of TURN servers to use
|
| services.matomo.periodicArchiveProcessing | Enable periodic archive processing, which generates aggregated reports from the visits
|
| services.sabnzbd.settings.servers.<name>.expire_date | If Notifications are enabled and an expiry date is
set, warn 5 days before expiry
|
| services.cassandra.incrementalRepairInterval | Set the interval how often incremental repairs are run, i.e.
nodetool repair is executed
|
| networking.interfaces.<name>.tempAddress | When IPv6 is enabled with SLAAC, this option controls the use of
temporary address (aka privacy extensions) on this
interface
|
| services.grafana.settings.plugins.preinstall_disabled | When set to true, disables the Background Plugin Installer, which runs before Grafana starts
|
| services.libinput.touchpad.horizontalScrolling | Enables or disables horizontal scrolling
|
| virtualisation.xen.store.settings.ringScanInterval | Perodic scanning for all the rings as a safenet for lazy clients
|
| services.prometheus.exporters.opnsense.enabledExporter | Collectors to enable or disable
|
| services.cloudflared.tunnels.<name>.originRequest.noHappyEyeballs | Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
|
| services.kanidm.serverSettings.online_backup.versions | Number of backups to keep
|
| hardware.trackpoint.press_to_select | Setting this to true will enable the Press to Select functions like tapping the control stick to simulate a left click, and setting false will disable it.
|
| services.suricata.settings.exception-policy | Define a common behavior for all exception policies
|
| services.kanidm.server.settings.online_backup.versions | Number of backups to keep
|
| services.grafana.settings.security.disable_initial_admin_creation | Disable creation of admin user on first start of Grafana.
|
| networking.firewall.connectionTrackingModules | List of connection-tracking helpers that are auto-loaded
|