| services.atticd.mode | Mode in which to run the server.
'monolithic' runs all components, and is suitable for single-node deployments.
'api-server' runs only the API server, and is suitable for clustering.
'garbage-collector' only runs the garbage collector periodically
|
| services.heisenbridge.extraArgs | Heisenbridge is configured over the command line
|
| services.dovecot2.mailGroup | Default group to store mail for virtual users.
|
| services.evremap.settings.remap | List of remappings.
|
| power.ups.users | Users that can access upsd
|
| services.joycond.package | The joycond package to use.
|
| services.librenms.nginx.root | The path of the web root directory.
|
| services.headscale.package | The headscale package to use.
|
| services.caddy.virtualHosts.<name>.extraConfig | Additional lines of configuration appended to this virtual host in the
automatically generated Caddyfile.
|
| services.discourse.mail.outgoing.passwordFile | A file containing the password of the SMTP server account
|
| services.bacula-dir.extraMessagesConfig | Extra configuration to be passed in Messages directive.
|
| services.firewalld.settings.LogDenied | Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones for the configured link-layer packet type.
|
| security.pam.services.<name>.googleAuthenticator.allowNullOTP | Whether to allow login for accounts that have no OTP set
(i.e., accounts with no OTP configured or no existing
~/.google_authenticator).
|
| services.firewalld.services.<name>.ports | Ports of the service.
|
| boot.loader.generic-extlinux-compatible.mirroredBoots.*.path | The path to the boot directory where the extlinux-compatible
configuration files will be written.
|
| programs.streamcontroller.package | The StreamController package to use
|
| services.librespeed.tlsKey | TLS private key to use
|
| services.atuin.port | The port the atuin server should listen on.
|
| services.akkoma.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.cockroachdb.http.address | Address to bind to for http-based Admin UI
|
| services.conman.package | The conman package to use.
|
| environment.lxqt.excludePackages | Which LXQt packages to exclude from the default environment
|
| services.jibri.xmppEnvironments.<name>.control.muc.roomName | The room name of the MUC to connect to for control.
|
| services.ddccontrol.package | The package with which to control brightness; added also to services.dbus.packages. package to use.
|
| services.jupyter.kernels | Declarative kernel config
|
| programs.direnv.silent | Whether to enable the hiding of direnv logging
.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.password | The password for this entry
|
| services.cachix-watch-store.jobs | Number of threads used for pushing store paths
|
| services.c2fmzq-server.port | The local port to use.
|
| services.libeufin.bank.createLocalDatabase | Whether to enable automatic creation of a local postgres database.
|
| image.repart.name | Name of the image
|
| programs.tsmClient.servers.<name>.nodename | Target node name on the IBM TSM server.
|
| services.borgbackup.jobs.<name>.extraCompactArgs | Additional arguments for borg compact
|
| services.acme-dns.settings.api.disable_registration | Whether to disable the HTTP registration endpoint.
|
| services.canto-daemon.enable | Whether to enable the canto RSS daemon.
|
| services.fedimintd.<name>.ui.port | TCP Port to bind on for UI connections
|
| services.docling-serve.environment | Extra environment variables for Docling Serve
|
| fonts.fontconfig.hinting.style | Hintstyle is the amount of font reshaping done to line up
to the grid.
slight will make the font more fuzzy to line up to the grid but
will be better in retaining font shape, while full will be a
crisp font that aligns well to the pixel grid but will lose a
greater amount of font shape.
|
| services._3proxy.resolution.nscache | Set name cache size for IPv4.
|
| services.kresd.listenPlain | What addresses and ports the server should listen on
|
| fonts.fontconfig.hinting.autohint | Enable the autohinter in place of the default interpreter
|
| programs.chrysalis.enable | Whether to enable Chrysalis.
|
| services.dovecot2.user | Dovecot user name.
|
| services.gocd-agent.group | If the default user "gocd-agent" is configured then this is the primary
group of that user.
|
| services.graphite.web.enable | Whether to enable graphite web frontend.
|
| networking.networkmanager.insertNameservers | A list of name servers that should be inserted before
the ones configured in NetworkManager or received by DHCP.
|
| services.getty.autologinOnce | If enabled the automatic login will only happen in the first tty
once per boot
|
| services.hockeypuck.settings | Configuration file for hockeypuck, here you can override
certain settings (loglevel and
openpgp.db.dsn) by just setting those values
|
| services.kanboard.domain | FQDN for the Kanboard instance.
|
| boot.loader.refind.enable | Whether to enable the rEFInd boot loader.
|
| programs.firejail.enable | Whether to enable firejail, a sandboxing tool for Linux.
|
| services.dnsmasq.configFile | Path to the configuration file of dnsmasq.
|
| programs.minipro.package | The minipro package to use.
|
| programs.fzf.keybindings | Whether to enable fzf keybindings.
|
| services.cassandra.package | The cassandra package to use.
|
| services.i2pd.proto.sam.port | Bind port for sam endpoint.
|
| programs.qdmr.package | The qdmr package to use.
|
| services.librenms.nginx.serverName | Name of this virtual host
|
| services.grafana.provision.datasources | Declaratively provision Grafana's datasources.
|
| services.evremap.settings.dual_role.*.input | The key that should be remapped
|
| services.karma.configFile | A YAML config file which can be used to configure karma instead of the nix-generated file.
|
| services.headscale.settings.policy.mode | The mode can be "file" or "database" that defines
where the ACL policies are stored and read from.
|
| hardware.nvidia.nvidiaPersistenced | Whether to enable nvidia-persistenced a update for NVIDIA GPU headless mode, i.e
|
| services.lavalink.extraConfig | Configuration to write to application.yml
|
| programs.dwl.package | The dwl package to use.
|
| networking.bonds.<name>.interfaces | The interfaces to bond together
|
| services.autorandr.profiles.<name>.config.<name>.dpi | Output DPI configuration.
|
| networking.interfaces.<name>.ipv6.routes.*.type | Type of the route
|
| services.fediwall.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.flannel.subnetMin | The beginning of IP range which the subnet allocation should start with
|
| programs.ryzen-monitor-ng.package | The ryzen-monitor-ng package to use.
|
| services.cjdns.enable | Whether to enable the cjdns network encryption
and routing engine
|
| security.tpm2.fapi.imaLogFile | The binary IMA measurements (Integrity Measurement Architecture).
|
| image.repart.compression.algorithm | Compression algorithm
|
| networking.sits.<name>.encapsulation.type | Select the encapsulation type:
-
6in4: the IPv6 packets are encapsulated using the
6in4 protocol (formerly known as SIT, RFC 4213);
-
gue: the IPv6 packets are encapsulated in UDP packets
using the Generic UDP Encapsulation (GUE) scheme;
-
foo: the IPv6 packets are encapsulated in UDP packets
using the Foo over UDP (FOU) scheme.
|
| networking.bonds.<name>.mode | DEPRECATED, use driverOptions
|
| programs.steam.enable | Whether to enable steam.
|
| services.buildkite-agents.<name>.extraConfig | Extra lines to be added verbatim to the configuration file.
|
| services.anki-sync-server.openFirewall | Whether to open the firewall for the specified port.
|
| networking.networkmanager.ethernet.macAddress | Set the MAC address of the interface.
"XX:XX:XX:XX:XX:XX": MAC address of the interface"permanent": Use the permanent MAC address of the device"preserve": Don’t change the MAC address of the device upon activation"random": Generate a randomized value upon each connect"stable": Generate a stable, hashed MAC address
|
| services.gerbil.port | Specifies the port to listen on for Gerbil.
|
| services.hatsu.package | The hatsu package to use.
|
| services.immich.mediaLocation | Directory used to store media files
|
| services.cage.environment | Additional environment variables to pass to Cage.
|
| services.bacula-sd.autochanger.<name>.devices | |
| services.cloudflare-ddns.wafLists | List of WAF IP Lists to manage, in the format account-id/list-name.
(Experimental feature as of cloudflare-ddns 1.14.0).
|
| services.jboss.tempDir | Location where JBoss stores its temp files
|
| services.kavita.settings.IpAddresses | IP Addresses to bind to
|
| services.kerberos_server.settings.realms.<name>.acl.*.principal | Which principal the rule applies to
|
| programs.proxychains.chain.type | dynamic - Each connection will be done via chained proxies
all proxies chained in the order as they appear in the list
at least one proxy must be online to play in chain
(dead proxies are skipped)
otherwise EINTR is returned to the app.
strict - Each connection will be done via chained proxies
all proxies chained in the order as they appear in the list
all proxies must be online to play in chain
otherwise EINTR is returned to the app.
random - Each connection will be done via random proxy
(or proxy chain, see programs.proxychains.chain.length) from the list.
|
| programs.dms-shell.enableCalendarEvents | Whether to install dependencies required for calendar events support
|
| services.consul.package | The consul package to use.
|
| services.ferretdb.package | The ferretdb package to use.
|
| services.firewalld.services.<name>.destination.ipv6 | IPv6 destination.
|
| services.borgbackup.jobs.<name>.inhibitsSleep | Prevents the system from sleeping while backing up.
|
| services.agorakit.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| boot.kernelPatches | A list of additional patches to apply to the kernel
|
| services.chhoto-url.settings.port | The port to listen on.
|
| services.fediwall.nginx.sslCertificate | Path to server SSL certificate.
|
| services.confd.watch | Confd, whether to watch etcd config for changes.
|