| services.prometheus.exporters.unpoller.controllers.*.save_dpi | Collect and save data from deep packet inspection
|
| services.neo4j.https.advertisedAddress | Neo4j advertised address for HTTPS traffic
|
| services.moosefs.cgiserver.openFirewall | Whether to automatically open the web interface port.
|
| services.grafana_reporter.templateDir | Optional template directory to use custom tex templates
|
| services.zoneminder.openFirewall | Open the firewall port(s).
|
| services.prometheus.exporters.dmarc.deduplicationMaxSeconds | How long individual report IDs will be remembered to avoid
counting double delivered reports twice.
|
| services.nsd.zones.<name>.allowNotify | Listed primary servers are allowed to notify this secondary server
|
| services.gokapi.environment.GOKAPI_PORT | Sets the port of the service.
|
| services.prometheus.exporters.postgres.environmentFile | Environment file as defined in systemd.exec(5)
|
| networking.firewall.rejectPackets | If set, refused packets are rejected rather than dropped
(ignored)
|
| services.linkwarden.openFirewall | Whether to open the Linkwarden port in the firewall
|
| services.prometheus.exporters.imap-mailstat.configurationFile | File containing the configuration
|
| services.teamspeak3.queryPort | TCP port opened for ServerQuery connections using the raw telnet protocol.
|
| services.klipper.firmwares.<name>.serial | Path to serial port this printer is connected to
|
| boot.initrd.supportedFilesystems | Names of supported filesystem types, or an attribute set of file system types
and their state
|
| services.wordpress.sites.<name>.virtualHost.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.lighthouse.beacon.openFirewall | Open the port in the firewall
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.values | A set of columns that will be used as values of this metric.
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.labels | A set of columns that will be used as Prometheus labels.
|
| services.jellyseerr.openFirewall | Open port in the firewall for the Jellyseerr web interface.
|
| services.taskserver.openFirewall | Whether to open the firewall for the specified Taskserver port.
|
| services.szurubooru.openFirewall | Whether to open the firewall for the port in services.szurubooru.server.port.
|
| services.wgautomesh.openFirewall | Automatically open gossip port in firewall (recommended).
|
| services.prometheus.exporters.junos-czerwonk.configuration | JunOS exporter configuration as nix attribute set
|
| services.fedimintd.<name>.nginx.config.http2 | Whether to enable the HTTP/2 protocol
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.mailaddress | Your email address (at the moment used as login name)
|
| services.teamspeak3.querySshPort | TCP port opened for ServerQuery connections using the SSH protocol.
|
| services.cassandra.allowClients | Enables or disables the native transport server (CQL binary protocol)
|
| services.homepage-dashboard.listenPort | Port for Homepage to bind to.
|
| nix.firewall.allowLoopback | Whether to allow traffic on the loopback interface
|
| virtualisation.lxd.zfsSupport | Enables lxd to use zfs as a storage for containers
|
| services.prometheus.exporters.mail.configuration.disableFileDeletion | Disables the exporter's function to delete probing mails.
|
| services.prometheus.exporters.junos-czerwonk.configurationFile | Specify the JunOS exporter configuration file to use.
|
| services.SystemdJournal2Gelf.graylogServer | Host and port of your graylog2 input
|
| programs.sharing.enable | Whether to enable sharing, a CLI tool for sharing files
|
| services.pgpkeyserver-lite.hkpPort | Which port the sks-keyserver is listening on.
|
| services.netbird.server.management.metricsPort | Internal port of the metrics server.
|
| services.pantalaimon-headless.instances.<name>.listenPort | The port where the daemon will listen to client connections for
this homeserver
|
| boot.supportedFilesystems | Names of supported filesystem types, or an attribute set of file system types
and their state
|
| services.icingaweb2.modules.monitoring.transports.<name>.password | Password for the api transport
|
| services.icingaweb2.modules.monitoring.transports.<name>.username | Username for the api or remote transport
|
| services.icingaweb2.modules.monitoring.transports.<name>.instance | Assign a icinga instance to this transport
|
| services.gotosocial.openFirewall | Open the configured port in the firewall
|
| services.reposilite.openFirewall | Whether to open the firewall ports for Reposilite
|
| services.icingaweb2.modules.monitoring.transports.<name>.resource | SSH identity resource for the remote transport
|
| services.limesurvey.nginx.virtualHost.http2 | Whether to enable the HTTP/2 protocol
|
| services.teamspeak3.queryHttpPort | TCP port opened for ServerQuery connections using the HTTP protocol.
|
| services.grafana.settings.security.strict_transport_security | Set to true if you want to enable HTTP Strict-Transport-Security (HSTS) response header
|
| services.prometheus.exporters.unpoller.controllers.*.verify_ssl | Verify the Unifi controller's certificate.
|
| services.prometheus.exporters.unpoller.controllers.*.save_sites | Collect and save site data.
|
| services.icecream.scheduler.openFirewall | Whether to automatically open the daemon port in the firewall.
|
| hardware.amdgpu.amdvlk.supportExperimental.enable | Whether to enable Experimental features support.
|
| services.cassandra.rpcAddress | The address or interface to bind the native transport server to
|
| services.prometheus.exporters.mail.configuration.servers.*.detectionDir | Directory in which new mails for the exporter user are placed
|
| services.rabbitmq.listenAddress | IP address on which RabbitMQ will listen for AMQP
connections
|
| services.misskey.reverseProxy.webserver.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.silverbullet.listenPort | Port to listen on.
|
| services.ghostunnel.servers.<name>.listen | Address and port to listen on (can be HOST:PORT, unix:PATH).
|
| services.prometheus.exporters.mail.configuration.servers.*.passphrase | Password to use for SMTP authentication.
|
| services.prometheus.exporters.sql.configuration.jobs.<name>.connections | A list of connection strings of the SQL servers to scrape metrics from
|
| networking.nat.forwardPorts.*.destination | Forward connection to destination ip:port (or [ipv6]:port); to specify a port range, use ip:start-end
|
| services.kubernetes.apiserver.securePort | Kubernetes apiserver secure port.
|
| services.netbird.tunnels.<name>.openFirewall | Opens up firewall port for communication between NetBird peers directly over LAN or public IP,
without using (internet-hosted) TURN servers as intermediaries.
|
| services.netbird.clients.<name>.openFirewall | Opens up firewall port for communication between NetBird peers directly over LAN or public IP,
without using (internet-hosted) TURN servers as intermediaries.
|
| services.varnish.http_address | HTTP listen address and port.
|
| services.fedimintd.<name>.api_ws.openFirewall | Opens TCP port in firewall for fedimintd's Websocket API
|
| services.prometheus.exporters.unpoller.controllers.*.save_events | Collect and save data from UniFi events to influxdb and Loki.
|
| services.prometheus.exporters.unpoller.controllers.*.save_alarms | Collect and save data from UniFi alarms to influxdb and Loki.
|
| services.firezone.server.openClusterFirewall | Opens up the erlang distribution port of all enabled components to
allow reaching the server cluster from the internet
|
| services.prometheus.exporters.mail.configuration.monitoringInterval | Time interval between two probe attempts.
|
| services.spacecookie.openFirewall | Whether to open the necessary port in the firewall for spacecookie.
|
| services.grafana.settings.security.disable_initial_admin_creation | Disable creation of admin user on first start of Grafana.
|
| services.tahoe.introducers.<name>.tub.location | The external location that the introducer should listen on
|
| services.hadoop.yarn.nodemanager.openFirewall | Open firewall ports for nodemanager
|
| services.blendfarm.serverConfig.BroadcastPort | Default port blendfarm server advertises itself on.
|
| services.dragonflydb.memcachePort | To enable memcached compatible API on this port.
null means disabled.
|
| services.prometheus.exporters.imap-mailstat.accounts.<name>.serveraddress | mailserver name or address
|
| services.wstunnel.clients.<name>.httpProxy | Proxy to use to connect to the wstunnel server (USER:PASS@HOST:PORT).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing PROXY_PASSWORD=<your-password-here> and set
this option to <user>:$PROXY_PASSWORD@<host>:<port>
|
| services.netbird.clients | Attribute set of NetBird client daemons, by default each one will:
- be manageable using dedicated tooling:
netbird-<name> script,NetBird - netbird-<name> graphical interface when appropriate (see ui.enable),
- run as a
netbird-<name>.service,
- listen for incoming remote connections on the port
51820 (openFirewall by default),
- manage the
netbird-<name> wireguard interface,
- use the /var/lib/netbird-/config.json configuration file,
- override /var/lib/netbird-/config.json with values from /etc/netbird-/config.d/*.json,
- (
hardened) be locally manageable by netbird-<name> system group,
With following caveats:
- multiple daemons will interfere with each other's DNS resolution of
netbird.cloud, but
should remain fully operational otherwise
|
| programs.coolercontrol.nvidiaSupport | Enable support for Nvidia GPUs.
|
| services.changedetection-io.playwrightSupport | Enable support for fetching web pages using playwright and Chromium
|
| services.nsd.zones.<name>.outgoingInterface | This address will be used for zone-transfer requests if configured
as a secondary server or notifications in case of a primary server
|
| services.i2pd.outTunnels.<name>.destinationPort | Connect to particular port at destination.
|
| services.adguardhome.openFirewall | Open ports in the firewall for the AdGuard Home web interface
|
| services.prosody.modules.admin_telnet | Opens telnet console interface on localhost port 5582
|
| services.kanidm.serverSettings.bindaddress | Address/port combination the webserver binds to.
|
| services.shibboleth-sp.fastcgi.shibResponderPort | Port for shibauthorizer FastCGI process to bind to
|
| security.agnos.settings.dns_listen_addr | Address for agnos to listen on
|
| services.misskey.meilisearch.createLocally | Create and use a local Meilisearch instance
|
| services.silverbullet.openFirewall | Open port in the firewall.
|
| networking.fooOverUDP.<name>.local | Local address (and optionally device) to bind to using the given port.
|
| services.flaresolverr.openFirewall | Open the port in the firewall for FlareSolverr.
|
| hardware.infiniband.guids | A list of infiniband port guids on the system
|
| services.teamspeak3.fileTransferPort | TCP port opened for file transfers.
|
| services.nextcloud.notify_push.dbhost | Database host (+port) or socket path
|
| services.blockbook-frontend.<name>.public | Public http server binding [address]:port.
|
| services.thanos.rule.alertmanagers.urls | Alertmanager replica URLs to push firing alerts
|
| services.postfix.enableSubmission | Whether to enable the `submission` service configured in master.cf
|
| services.postfix.enableSubmissions | Whether to enable the submissions service configured in master.cf
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.disableAuthentication | Disable client authentication, no client certificate will be required.
|