| services.nextcloud.appstoreEnable | Allow the installation and updating of apps from the Nextcloud appstore
|
| services.rustus.storage.data_dir | path to the local directory where all files are stored
|
| services.webdav-server-rs.group | Group to run under when setuid is not enabled.
|
| services.vdirsyncer.package | The vdirsyncer package to use.
|
| services.spark.worker.workDir | Spark worker work dir.
|
| services.ipfs-cluster.dataDir | The data dir for ipfs-cluster.
|
| programs.direnv.finalPackage | The wrapped direnv package.
|
| services.vdirsyncer.jobs.<name>.group | group to run vdirsyncer as
|
| users.ldap.extraConfig | Extra configuration options that will be added verbatim at
the end of the ldap configuration file (ldap.conf(5))
|
| security.krb5.settings.includedir | Directories containing files to include in the Kerberos configuration.
|
| services.movim.h2o | With this option, you can customize an H2O virtual host which already
has sensible defaults for Movim
|
| services.cgit.<name>.gitHttpBackend.checkExportOkFiles | Whether git-http-backend should only export repositories that contain a git-daemon-export-ok file
|
| services.davis.nginx.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.slskd.nginx.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.movim.nginx.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.vdirsyncer.jobs.<name>.user | User account to run vdirsyncer as, otherwise as a systemd
dynamic user
|
| services.tt-rss.pubSubHubbub.hub | URL to a PubSubHubbub-compatible hub server
|
| services.slskd.settings.directories.downloads | Directory where downloaded files are stored.
|
| security.duosec.ssh.enable | If enabled, protect SSH logins with Duo Security.
|
| services.snipe-it.nginx.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.searx.settingsFile | The path of the Searx server settings.yml file
|
| services.bacula-sd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.bacula-fd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.journald.audit | If enabled systemd-journald will turn on auditing on start-up
|
| i18n.inputMethod.type | Select the enabled input method
|
| hardware.facter.debug.nvd | A shell application which will produce an nvd diff of the system closure with and without facter enabled.
|
| services.syncplay.enable | If enabled, start the Syncplay server.
|
| services.movim.h2o.tls.redirectCode | HTTP status used by globalRedirect & forceSSL
|
| services.nats.dataDir | The NATS data directory
|
| services.xtreemfs.homeDir | XtreemFS home dir for the xtreemfs user.
|
| security.duosec.pam.enable | If enabled, protect logins with Duo Security using PAM support.
|
| services.nextcloud.datadir | Nextcloud's data storage path
|
| services.akkoma.nginx.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.fluidd.nginx.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.gancio.nginx.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.monica.nginx.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.matomo.nginx.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.davis.nginx.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| services.movim.nginx.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| services.slskd.nginx.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| services.vdirsyncer.jobs.<name>.enable | Whether to enable this vdirsyncer job.
|
| programs.direnv.enable | Whether to enable direnv integration
|
| services.hadoop.hbase.rootdir | This option will set "hbase.rootdir" in hbase-site.xml and determine
the directory shared by region servers and into which HBase persists
|
| services.snipe-it.nginx.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| services.vsftpd.anonymousMkdirEnable | Whether any uploads are permitted to anonymous users.
|
| services.longview.enable | If enabled, system metrics will be sent to Linode LongView.
|
| services.movim.nginx | With this option, you can customize an Nginx virtual host which
already has sensible defaults for Movim
|
| system.autoUpgrade.enable | Whether to periodically upgrade NixOS to the latest
version
|
| services.sympa.web.https | Whether to use HTTPS
|
| services.h2o.hosts.<name>.tls.redirectCode | HTTP status used by globalRedirect & forceSSL
|
| services.broadcast-box.settings | Attribute set of environment variables.
https://github.com/Glimesh/broadcast-box#environment-variables
The status API exposes stream keys so DISABLE_STATUS is enabled
by default.
|
| virtualisation.writableStore | If enabled, the Nix store in the VM is made writable by
layering an overlay filesystem on top of the host's Nix
store
|
| services.kanata.package | The kanata package to use. ::: {.note}
If danger-enable-cmd is enabled in any of the keyboards, the
kanata-with-cmd package should be used.
:::
|
| services.thanos.sidecar.reloader.rule-dirs | Rule directories for the reloader to refresh.
|
| services.veilid.settings.core.table_store.directory | The filesystem directory to store your table store within.
|
| services.veilid.settings.core.block_store.directory | The filesystem directory to store blocks for the block store.
|
| services.vdirsyncer.jobs.<name>.configFile | existing configuration file
|
| hardware.facter.debug.nix-diff | A shell application which will produce a nix-diff of the system closure with and without facter enabled.
|
| i18n.inputMethod.kime.daemonModules | List of enabled daemon modules
|
| services.actual.settings.dataDir | Directory under which Actual runs and saves its data
|
| services.gancio.nginx.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| services.fluidd.nginx.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| services.akkoma.nginx.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| services.monica.nginx.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| services.matomo.nginx.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| services.hickory-dns.quiet | Log ERROR level messages only
|
| services.devpi-server.replica | Run node as a replica
|
| services.dovecot2.enablePop3 | Whether to enable starting the POP3 listener (when Dovecot is enabled).
|
| services.dependency-track.settings."alpine.data.directory" | Defines the path to the data directory
|
| nix.buildMachines | This option lists the machines to be used if distributed builds are
enabled (see nix.distributedBuilds)
|
| services.freeciv.settings.Newusers | Whether to enable new users to login if auth is enabled.
|
| services.eris-server.decode | Whether the HTTP service (when enabled) will decode ERIS content at /uri-res/N2R?urn:eris:
|
| services.bacula-fd.tls.enable | Specifies if TLS should be enabled
|
| services.bacula-sd.tls.enable | Specifies if TLS should be enabled
|
| services.znapzend.pure | Do not persist any stateful znapzend setups
|
| services.public-inbox.inboxes.<name>.inboxdir | The absolute path to the directory which hosts the public-inbox.
|
| services.openafsClient.cache.directory | Cache directory.
|
| services.waagent.settings.OS.EnableRDMA | If enabled, the agent attempts to install and then load an RDMA kernel driver
that matches the version of the firmware on the underlying hardware.
|
| services.emacs.defaultEditor | When enabled, configures emacsclient to be the default editor
using the EDITOR environment variable.
|
| services.kbfs.enableRedirector | Whether to enable the Keybase root redirector service, allowing
any user to access KBFS files via /keybase,
which will show different contents depending on the requester.
|
| services.dovecot2.enableImap | Whether to enable starting the IMAP listener (when Dovecot is enabled).
|
| services.dovecot2.enableLmtp | Whether to enable starting the LMTP listener (when Dovecot is enabled).
|
| services.vdirsyncer.jobs.<name>.timerConfig | systemd timer configuration
|
| services.sourcehut.settings."meta.sr.ht::settings".onboarding-redirect | Where to redirect new users upon registration.
|
| services.hickory-dns.debug | Log DEBUG, INFO, WARN and ERROR messages
|
| programs.gnupg.dirmngr.enable | Enables GnuPG network certificate management daemon with socket-activation for every user session.
|
| services.fail2ban.enable | Whether to enable the fail2ban service
|
| nix.settings.require-sigs | If enabled (the default), Nix will only download binaries from binary caches if
they are cryptographically signed with any of the keys listed in
nix.settings.trusted-public-keys
|
| systemd.sysusers.enable | If enabled, users are created with systemd-sysusers instead of with
the custom update-users-groups.pl script
|
| services.suricata.settings.stats | Engine statistics such as packet counters, memory use counters and others can be logged in several ways
|
| services.vdirsyncer.jobs.<name>.config.pairs | vdirsyncer pair configurations
|
| services.grafana-to-ntfy.settings.ntfyBAuthPass | The path to the password for the specified ntfy-sh user
|
| services.httpd.logPerVirtualHost | If enabled, each virtual host gets its own
access.log and
error.log, namely suffixed by the
hostName of the virtual host.
|
| services.undervolt.turbo | Changes the Intel Turbo feature status (1 is disabled and 0 is enabled).
|
| fileSystems.<name>.overlay.workdir | The path to the workdir
|
| services.tayga.wkpfStrict | Enable restrictions on the use of the well-known prefix (64:ff9b::/96) - prevents translation of non-global IPv4 ranges when using the well-known prefix
|
| containers.<name>.privateUsers | Whether to give the container its own private UIDs/GIDs space (user namespacing)
|
| services.dbus.apparmor | AppArmor mode for dbus.
enabled enables mediation when it's
supported in the kernel, disabled
always disables AppArmor even with kernel support, and
required fails when AppArmor was not found
in the kernel.
|
| services.chhoto-url.settings.redirect_method | The redirect method to use.
|
| services.thanos.query.enable | Whether to enable the Thanos query node exposing PromQL enabled Query API with data retrieved from multiple store nodes.
|