| security.acme.certs.<name>.inheritDefaults | Whether to inherit values set in security.acme.defaults or not.
|
| services.gnome.gcr-ssh-agent.package | The GCR package to use.
|
| programs.dms-shell.systemd.target | The systemd target that will automatically start the DankMaterialShell service
|
| networking.openconnect.interfaces.<name>.certificate | Certificate to authenticate with.
|
| services.fluidd.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.gvpe.ipAddress | IP address to assign to GVPE interface
|
| services.gns3-server.dynamips.package | The dynamips package to use.
|
| services.hadoop.yarn.nodemanager.resource.memoryMB | Amount of physical memory, in MB, that can be allocated for containers.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.id | If this attribute is given with non-zero length, it will set the password identifier
for this entry
|
| services.i2pd.inTunnels.<name>.port | Bind port for ‹name› endpoint.
|
| services.dnsproxy.enable | Whether to enable dnsproxy.
|
| boot.iscsi-initiator.extraConfig | Extra lines to append to /etc/iscsid.conf
|
| services.borgmatic.settings.repositories | A required list of local or remote repositories with paths and
optional labels (which can be used with the --repository flag to
select a repository)
|
| services.dependency-track.database.username | Username to use when connecting to an external or manually
provisioned database; has no effect when a local database is
automatically provisioned
|
| services.howdy.enable | Whether to enable Howdy and its PAM module for face recognition
|
| programs.regreet.package | The regreet package to use.
|
| services.gitlab.registry.certFile | Path to GitLab container registry certificate.
|
| services.greetd.settings | greetd configuration (documentation)
as a Nix attribute set.
|
| services.hockeypuck.enable | Whether to enable Hockeypuck OpenPGP Key Server.
|
| services.glances.enable | Whether to enable Glances.
|
| services.avahi.publish.domain | Whether to announce the locally used domain name for browsing by other hosts.
|
| services.h2o.user | User running H2O service
|
| services.inadyn.settings.custom.<name>.username | Username for this DDNS provider.
|
| services.engelsystem.createDatabase | Whether to create a local database automatically
|
| services.kimai.sites.<name>.database.createLocally | Create the database and database user locally.
|
| services.cjdns.confFile | Ignore all other cjdns options and load configuration from this file.
|
| services.jellyfin.transcoding.deleteSegments | Delete transcoding segments when finished.
|
| services.diod.logdest | Set the destination for logging
|
| fileSystems.<name>.neededForBoot | If set, this file system will be mounted in the initial ramdisk
|
| programs._1password.package | The 1Password CLI package to use.
|
| services.hans.clients.<name>.extraConfig | Additional command line parameters
|
| services.acpid.enable | Whether to enable the ACPI daemon.
|
| services.croc.pass | Password or passwordfile for the relay.
|
| services.go-neb.baseUrl | Public-facing endpoint that can receive webhooks.
|
| services.kasmweb.networkSubnet | The network subnet to use for the containers.
|
| services.immich-kiosk.package | The immich-kiosk package to use.
|
| services.changedetection-io.enable | Whether to enable changedetection-io.
|
| programs.television.enableFishIntegration | Whether to enable Fish integration.
|
| services.httpd.enable | Whether to enable the Apache HTTP Server.
|
| services.dendrite.settings.federation_api.database.connection_string | Database for the Federation API.
|
| services.certspotter.watchlist | Domain names to watch
|
| services.dendrite.settings | Configuration for dendrite, see:
https://github.com/matrix-org/dendrite/blob/main/dendrite-sample.yaml
for available options with which to populate settings.
|
| services.ersatztv.group | Group under which ErsatzTV runs.
|
| services.lambdabot.package | The lambdabot package to use.
|
| services.lifecycled.queueCleaner.parallel | The number of parallel deletes to run.
|
| programs.fzf.fuzzyCompletion | Whether to enable fuzzy completion with fzf.
|
| services.homebridge.environmentFile | Path to an environment-file which may contain secrets.
|
| programs.bash.undistractMe.enable | Whether to enable notifications when long-running terminal commands complete.
|
| services.castopod.database.user | Database user.
|
| services.keycloak.settings | Configuration options corresponding to parameters set in
conf/keycloak.conf
|
| security.pam.zfs.noUnmount | Do not unmount home dataset on logout.
|
| services.hologram-agent.httpPort | Port for metadata service to listen on.
|
| services.kapacitor.defaultDatabase.username | The username to connect to the remote InfluxDB server
|
| services.alerta.databaseUrl | URL of the MongoDB or PostgreSQL database to connect to
|
| services.baikal.enable | Whether to enable baikal.
|
| services.bind.forward | Whether to forward 'first' (try forwarding but lookup directly if forwarding fails) or 'only'.
|
| services.firewalld.zones.<name>.icmpBlockInversion | Whether to invert the icmp block handling
|
| services.biboumi.settings.realname_from_jid | Whether the realname and username of each biboumi
user will be extracted from their JID
|
| services.flarum.initialAdminPassword | Initial password for the adminUser
|
| boot.initrd.luks.devices.<name>.gpgCard | The option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard
|
| services.atftpd.enable | Whether to enable the atftpd TFTP server
|
| programs.evolution.plugins | Plugins for Evolution.
|
| hardware.cpu.amd.sevGuest.enable | Whether to enable access to the AMD SEV guest device.
|
| services.desktopManager.budgie.extraGSettingsOverrides | Additional GSettings overrides.
|
| services.cloudflare-warp.udpPort | The UDP port to open in the firewall
|
| services.ananicy.rulesProvider | Which package to copy default rules,types,cgroups from.
|
| services.akkoma.enable | Whether to enable Akkoma.
|
| services.bluesky-pds.pdsadmin.enable | Add pdsadmin script to PATH
|
| services.docling-serve.environmentFile | Environment file to be passed to the systemd service
|
| services.i2pd.exploratory.inbound.quantity | Number of simultaneous exploratory tunnels.
|
| services.bookstack.nginx.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.cross-seed.user | User to run cross-seed as.
|
| boot.loader.grub.subEntryOptions | Options applied to the secondary NixOS submenu entry.
|
| services.acme-dns.settings.general.records | Predefined DNS records served in addition to the _acme-challenge TXT records.
|
| services.bee.enable | Whether to enable Ethereum Swarm Bee.
|
| hardware.deviceTree.overlays.*.dtsText | Literal DTS contents, overlay is applied to
each .dtb file matching "compatible" of the overlay.
|
| services.grafana.provision.alerting.templates.settings.templates | List of templates to import or update.
|
| services.firezone.headless-client.tokenFile | A file containing the firezone client token
|
| programs.dms-shell.systemd.enable | Whether to enable DankMaterialShell systemd startup service.
|
| services.anuko-time-tracker.user | User under which Anuko Time Tracker runs.
|
| services.gns3-server.auth.enable | Whether to enable password based HTTP authentication to access the GNS3 Server.
|
| documentation.man.man-db.manualPages | The manual pages to generate caches for if documentation.man.generateCaches
is enabled
|
| services.irqbalance.enable | Whether to enable irqbalance daemon.
|
| services.kubo.user | User under which the Kubo daemon runs
|
| programs.dms-shell.enableVPN | Whether to install dependencies required for VPN widgets
|
| services.athens.singleFlight.redisSentinel.lockConfig.timeout | Timeout for the lock in seconds.
|
| services.cpuminer-cryptonight.threads | Number of miner threads, defaults to available processors
|
| services.jenkins.home | The path to use as JENKINS_HOME
|
| services.bosun.enable | Whether to enable bosun.
|
| programs.steam.gamescopeSession | Run a GameScope driven Steam session from your display-manager
|
| services.etcd.advertiseClientUrls | Etcd list of this member's client URLs to advertise to the rest of the cluster.
|
| services.davis.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.geth.<name>.authrpc.port | Port number of Go Ethereum Auth RPC API.
|
| services.anuko-time-tracker.poolConfig | Options for Anuko Time Tracker's PHP-FPM pool.
|
| services.guacamole-server.extraEnvironment | Environment variables to pass to guacd.
|
| services.greenclip.package | The greenclip package to use.
|
| services.librespeed.frontend.servers.*.dlURL | URL path to download test on this server
|
| services.crab-hole.supplementaryGroups | Adds additional groups to the crab-hole service
|
| services.hddfancontrol.settings.<drive-bay-name>.pwmPaths | PWM filepath(s) to control fan speed (under /sys), followed by initial and fan-stop PWM values
Can also use command substitution to ensure the correct hwmonX is selected on every boot
|
| services.cfssl.enable | Whether to enable the CFSSL CA api-server.
|