| services.kubernetes.apiserver.enableAdmissionPlugins | Kubernetes admission control plugins to enable
|
| services.jellyfin.transcoding.enableIntelLowPowerEncoding | Enable low-power encoding mode for Intel Quick Sync Video
|
| virtualisation.podman.networkSocket.enable | Make the Podman and Docker compatibility API available over the network
with TLS client certificate authentication
|
| virtualisation.fileSystems.<name>.encrypted.enable | The block device is backed by an encrypted one, adds this device as a initrd luks entry.
|
| services.keepalived.enableScriptSecurity | Don't run scripts configured to be run as root if any part of the path is writable by a non-root user.
|
| security.pam.services.<name>.googleAuthenticator.enable | If set, users with enabled Google Authenticator (created
~/.google_authenticator) will be required
to provide Google Authenticator token to log in.
|
| services.mattermost.telemetry.enableDiagnostics | True if we should enable sending diagnostic data
|
| services.limesurvey.nginx.virtualHost.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.limesurvey.httpd.virtualHost.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.calibre-web.options.enableBookConversion | Configure path to the Calibre's ebook-convert in the DB.
|
| services.desktopManager.gnome.flashback.customSessions.*.enableGnomePanel | Whether to enable the GNOME panel in this session.
|
| hardware.opentabletdriver.daemon.enable | Whether to start OpenTabletDriver daemon as a systemd user service.
|
| services.strongswan.enabledPlugins | A list of additional plugins to enable if
managePlugins is true.
|
| hardware.nvidia.enabled | True if NVIDIA support is enabled
|
| services.system76-scheduler.settings.processScheduler.enable | Tweak scheduling of individual processes in real time.
|
| users.extraUsers.<name>.linger | Whether to enable or disable lingering for this user
|
| virtualisation.docker.enableOnBoot | When enabled dockerd is started on boot
|
| virtualisation.spiceUSBRedirection.enable | Install the SPICE USB redirection helper with setuid
privileges
|
| services.nextcloud.nginx.enableFastcgiRequestBuffering | Whether to buffer requests against fastcgi requests
|
| services.mihomo.tunMode | Whether to enable necessary permission for Mihomo's systemd service for TUN mode to function properly
|
| virtualisation.xen.store.settings.perms.enableWatch | Whether to enable the watch permission system
|
| services.wg-access-server.settings.dns.enabled | Enable/disable the embedded DNS proxy server
|
| services.xserver.windowManager.xmonad.enableConfiguredRecompile | Enable recompilation even if config is set to a
non-null value
|
| services.autosuspend.checks.<name>.enabled | Whether to enable this activity check.
|
| networking.wireless.enableHardening | Whether to apply security hardening measures to wpa_supplicant
|
| services.misskey.reverseProxy.webserver.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.snapserver.settings.tcp.enabled | Whether to enable the TCP JSON-RPC.
|
| services.xserver.desktopManager.gnome.flashback.customSessions.*.enableGnomePanel | Whether to enable the GNOME panel in this session.
|
| services.watchdogd.settings.filenr.enabled | Whether to enable watchdogd plugin filenr.
|
| services.pihole-ftl.lists.*.enabled | Whether this list is enabled
|
| services.snapserver.settings.http.enabled | Whether to enable the HTTP JSON-RPC.
|
| services.suricata.settings.outputs.*.<name>.enabled | Whether to enable .
|
| services.autosuspend.wakeups.<name>.enabled | Whether to enable this wake-up check.
|
| services.suricata.settings.unix-command.enabled | Enable unix-command socket.
|
| services.smartd.notifications.systembus-notify.enable | Whenever to send systembus-notify notifications
|
| programs.singularity.enableExternalLocalStateDir | Whether to use top-level directories as LOCALSTATEDIR
instead of the store path ones
|
| services.watchdogd.settings.meminfo.enabled | Whether to enable watchdogd plugin meminfo.
|
| services.watchdogd.settings.loadavg.enabled | Whether to enable watchdogd plugin loadavg.
|
| services.nixseparatedebuginfod.enable | Whether to enable separatedebuginfod, a debuginfod server providing source and debuginfo for nix packages.
|
| virtualisation.libvirtd.nss.enableGuest | This option enables the newer libvirt_guest NSS module
|
| services.rutorrent.plugins | List of plugins to enable
|
| virtualisation.virtualbox.host.enableHardening | Enable hardened VirtualBox, which ensures that only the binaries in the
system path get access to the devices exposed by the kernel modules
instead of all users in the vboxusers group.
Disabling this can put your system's security at risk, as local users
in the vboxusers group can tamper with the VirtualBox device files.
|
| services.bluemap.webserverSettings.enabled | Enable bluemap's built-in webserver
|
| services.onlyoffice.wopi | Whether to enable Enable WOPI support.
|
| services.prometheus.exporters.snmp.enableConfigCheck | Whether to run a correctness check for the configuration file
|
| services.system76-scheduler.settings.processScheduler.pipewireBoost.enable | Boost Pipewire client priorities.
|
| services.dysnomia.enableAuthentication | Whether to publish privacy-sensitive authentication credentials
|
| services.matrix-synapse.enableRegistrationScript | Whether to install the register_new_matrix_user script, that
allows account creation on the terminal.
This script does not work when the client listener uses UNIX domain sockets
|
| services.listmonk.database.settings.smtp.*.enabled | Whether to enable this SMTP server for listmonk.
|
| services.sourcehut.settings."meta.sr.ht::billing".enabled | Whether to enable the billing system.
|
| services.i2pd.ssu | Whether to enable ssu.
|
| security.auditd.plugins.<name>.active | Whether to enable Whether to enable this plugin.
|
| services.i2pd.nat | Whether to enable NAT bypass.
|
| services.headscale.settings.oidc.pkce.enabled | Enable or disable PKCE (Proof Key for Code Exchange) support
|
| services.nixseparatedebuginfod2.enable | Whether to enable nixseparatedebuginfod2, a debuginfod server providing source and debuginfo for nix packages.
|
| services.snapserver.settings.tcp-control.enabled | Whether to enable the TCP JSON-RPC.
|
| services.i2pd.ntcp | Whether to enable ntcp.
|
| services.matrix-synapse.settings.presence.enabled | Whether to enable presence tracking
|
| services.transmission.settings.utp-enabled | Whether to enable Micro Transport Protocol (µTP).
|
| services.dendrite.settings.sync_api.search.enabled | Whether to enable Dendrite's full-text search engine.
|
| services.earlyoom.enableNotifications | Send notifications about killed processes via the system d-bus
|
| services.sabnzbd.settings.misc.enable_https | Whether to enable HTTPS for the web UI
|
| services.davis.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| programs.throne.tunMode.setuid | Whether to enable setting suid bit for throne-core to run as root, which is less
secure than default setcap method but closer to upstream assumptions
|
| services.movim.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.slskd.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.hockeypuck.settings | Configuration file for hockeypuck, here you can override
certain settings (loglevel and
openpgp.db.dsn) by just setting those values
|
| services.archisteamfarm.bots.<name>.enabled | Whether to enable the bot on startup.
|
| services.akkoma.config.":pleroma".":media_proxy".enabled | Whether to enable proxying of remote media through the instance's proxy.
|
| services.prometheus.exporters.blackbox.enableConfigCheck | Whether to run a correctness check for the configuration file
|
| services.snipe-it.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.tt-rss.plugins | List of plugins to load automatically for all users
|
| services.transmission.settings.watch-dir-enabled | Whether to enable the
services.transmission.settings.watch-dir.
|
| services.system76-scheduler.settings.processScheduler.foregroundBoost.enable | Boost foreground process priorities.
(And de-boost background ones)
|
| console.earlySetup | Enable setting virtual console options as early as possible (in initrd).
|
| programs.kde-pim.kmail | Whether to enable KMail.
|
| programs.i3lock.u2fSupport | Whether to enable U2F support in the i3lock program
|
| hardware.graphics.enable32Bit | On 64-bit systems, whether to also install 32-bit drivers for
32-bit applications (such as Wine).
|
| programs.nekoray.tunMode.setuid | Whether to enable setting suid bit for nekobox_core to run as root, which is less
secure than default setcap method but closer to upstream assumptions
|
| services.akkoma.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.fluidd.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.gancio.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.matomo.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.monica.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.snapserver.settings.tcp-streaming.enabled | Whether to enable streaming via TCP.
|
| virtualisation.virtualbox.host.enableWebService | Build VirtualBox web service tool (vboxwebsrv) to allow managing VMs via other webpage frontend tools
|
| services.grafana.settings.server.enable_gzip | Set this option to true to enable HTTP compression, this can improve transfer speed and bandwidth utilization
|
| services.croc.debug | Whether to enable debug logs.
|
| services.cassandra.remoteJmx | Cassandra ships with JMX accessible only from localhost
|
| services.cloudflared.tunnels.<name>.warp-routing.enabled | Enable warp routing
|
| services.kanidm.provision.systems.oauth2.<name>.enableLocalhostRedirects | Allow localhost redirects
|
| services.odoo.autoInit | Whether to enable automatically initialize the DB.
|
| services.suricata.enabledSources | List of sources that should be enabled
|
| services.peertube-runner.enabledJobTypes | Job types that this runner will execute.
|
| services.avahi.debug | Whether to enable debug logging.
|
| virtualisation.virtualbox.host.enableExtensionPack | Whether to install the Oracle Extension Pack for VirtualBox.
You must set nixpkgs.config.allowUnfree = true in
order to use this
|
| boot.growPartition | Whether to enable growing the root partition on boot.
|
| services.sabnzbd.allowConfigWrite | By default we create the sabnzbd configuration read-only,
which keeps the nixos configuration as the single source
of truth
|
| services.fastnetmon-advanced.enableAdvancedTrafficPersistence | Store historical flow data in clickhouse
|
| services.prometheus.exporters.frr.enabledCollectors | Collectors to enable
|