| services.kismet.httpd.enable | True to enable the HTTP server.
|
| services.cloudlog.update-wwff.interval | Specification (in the format described by systemd.time(7)) of the time
at which the WWFF update will occur.
|
| services.gancio.nginx.forceSSL | Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS
|
| networking.wlanInterfaces.<name>.mac | MAC address to use for the device
|
| services.cloudlog.dataDir | Cloudlog data directory.
|
| programs.hyprlock.package | The hyprlock package to use.
|
| services.anuko-time-tracker.settings.defaultCurrency | Defines a default currency symbol for new groups
|
| services.desktopManager.plasma6.enable | Enable the Plasma 6 (KDE 6) desktop environment.
|
| programs.usbtop.enable | Whether to enable usbtop and required kernel module, to show estimated USB bandwidth.
|
| services.kanboard.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.i2pd.proto.bob.address | Bind address for bob endpoint.
|
| fonts.fontconfig.defaultFonts.emoji | System-wide default emoji font(s)
|
| services.fedimintd.<name>.nginx.config.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| security.loginDefs.settings.SYS_UID_MAX | Range of user IDs used for the creation of system users by useradd or newusers.
|
| services.chisel-server.port | Port to listen on, falls back to 8080
|
| programs.ssh.pubkeyAcceptedKeyTypes | Specifies the key lib.types that will be used for public key authentication.
|
| programs.nix-required-mounts.allowedPatterns.<name>.unsafeFollowSymlinks | Whether to enable Instructs the hook to mount the symlink targets as well, when any of
the paths contain symlinks
|
| services.dendrite.settings.global.private_key | The path to the signing private key file, used to sign
requests and events.
nix-shell -p dendrite --command "generate-keys --private-key matrix_key.pem"
|
| services.cross-seed.package | The cross-seed package to use.
|
| services.echoip.enablePortLookup | Whether to enable port lookup.
|
| services.grafana.settings.security.x_content_type_options | Set to false to disable the X-Content-Type-Options response header
|
| services.ddclient.verbose | Print verbose information.
|
| services.grafana.provision.dashboards | Declaratively provision Grafana's dashboards.
|
| services.borgbackup.jobs.<name>.removableDevice | Whether the repo (which must be local) is a removable device.
|
| programs.ausweisapp.openFirewall | Whether to open the required firewall ports for the Smartphone as Card Reader (SaC) functionality of AusweisApp.
|
| services.bookstack.nginx.serverName | Name of this virtual host
|
| services.consul.enable | Enables the consul daemon.
|
| services.fakeroute.enable | Whether to enable the fakeroute service.
|
| services.i2pd.ntcpProxy | Proxy URL for NTCP transport.
|
| services.cassandra.jmxRolesFile | Specify your own jmx roles file.
|
| services.libeufin.bank.package | The libeufin package to use.
|
| services.libeufin.nexus.settings.nexus-ebics.PARTNER_ID | Partner ID of the EBICS subscriber
|
| hardware.alsa.deviceAliases | Assign custom names to sound cards.
|
| security.tpm2.tssGroup | Group of the tpm kernel resource manager (tpmrm) device-group, set if
applyUdevRules is set.
|
| services.httpd.virtualHosts.<name>.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.alerta.corsOrigins | List of URLs that can access the API for Cross-Origin Resource Sharing (CORS)
|
| services.fedimintd.<name>.nginx.config.kTLS | Whether to enable kTLS support
|
| services.legit.settings.dirs.static | Directories where static files are located.
|
| services.grafana.settings.security.x_xss_protection | Set to true to enable the X-XSS-Protection header,
which tells browsers to stop pages from loading when they detect reflected cross-site scripting (XSS) attacks.
Note: this is the default in Grafana, it's turned off here
since it's recommended to not use this header anymore.
|
| hardware.nfc-nci.settings | Configuration to be written to the libncf-nci configuration files
|
| services.buildkite-agents.<name>.package | The buildkite-agent package to use.
|
| services.bcachefs.autoScrub.enable | Whether to enable regular bcachefs scrub.
|
| programs.tmux.historyLimit | Maximum number of lines held in window history.
|
| services.displayManager.sddm.wayland.enable | Whether to enable experimental Wayland support.
|
| services.grafana.settings.database.cache_mode | For sqlite3 only.
Shared cache setting used for connecting to the database.
|
| programs.throne.enable | Whether to enable Throne, a GUI proxy configuration manager.
|
| services.firezone.server.provision.accounts.<name>.groups.<name>.forceMembers | Ensure that only the given members are part of this group at every server start.
|
| services.fluidd.nginx.listen.*.addr | Listen address.
|
| services.draupnir.settings | Free-form settings written to Draupnir's configuration file
|
| services.factorio.requireUserVerification | When set to true, the server will only allow clients that have a valid factorio.com account.
|
| services.atuin.package | The atuin package to use.
|
| services.blockbook-frontend.<name>.rpc.url | URL for JSON-RPC connections.
|
| services.languagetool.port | Port on which LanguageTool listens.
|
| services.consul.alerts.consulAddr | Consul api listening address
|
| services.bacula-dir.tls.certificate | The full path to the PEM encoded TLS certificate
|
| programs.zoxide.enableFishIntegration | Whether to enable Fish integration.
|
| programs.tsmClient.dsmSysText | This configuration key contains the effective text
of the client system-options file "dsm.sys"
|
| services.bind.forwarders | List of servers we should forward requests to.
|
| hardware.alsa.config | The content of the system-wide ALSA configuration (/etc/asound.conf)
|
| services.geoipupdate.settings.AccountID | Your MaxMind account ID.
|
| services.atuin.host | The host address the atuin server should listen on.
|
| services.biboumi.package | The biboumi package to use.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.mac | If this attribute is not included, or if is set to the wildcard address (ff:ff:ff:ff:ff:ff),
the entry is available for any station (client) to use
|
| services.collabora-online.settings | Configuration for Collabora Online WebSocket Daemon, see
https://sdk.collaboraonline.com/docs/installation/Configuration.html, or
https://github.com/CollaboraOnline/online/blob/master/coolwsd.xml.in for the default
configuration.
|
| programs.git.config | Configuration to write to /etc/gitconfig
|
| services.drupal.webserver | Whether to use nginx or caddy for virtual host management
|
| services.ceph.global.publicNetwork | A comma-separated list of subnets that will be used as public networks in the cluster.
|
| services.baikal.phpPackage | The php package to use.
|
| services.cloudlog.baseUrl | Cloudlog base URL
|
| services.firezone.server.provision.accounts.<name>.name | The account name
|
| services.agorakit.nginx.listen | Listen addresses and ports for this virtual host
|
| services.cross-seed.enable | Whether to enable cross-seed.
|
| nix.buildMachines.*.system | The system type the build machine can execute derivations on
|
| services.hadoop.hbase.rest.enable | Whether to enable HBase rest.
|
| hardware.sata.timeout.enable | Whether to enable SATA drive timeouts.
|
| services.glitchtip.gunicorn.extraArgs | Extra arguments for gunicorn.
|
| services.gitwatch.<name>.enable | Whether to enable watching for repo.
|
| services.fprintd.tod.enable | Whether to enable Touch OEM Drivers library support.
|
| services.dawarich.sidekiqThreads | Worker threads used by the dawarich-sidekiq-all service
|
| services.corosync.clusterName | Name of the corosync cluster.
|
| services.librechat.user | The user to run the service as.
|
| services.gollum.allowUploads | Enable uploads of external files
|
| services.hadoop.hdfs.datanode.restartIfChanged | Automatically restart the service on config change
|
| networking.wireless.extraConfig | Extra lines appended to the configuration file
|
| services.dovecot2.configFile | Config file used for the whole dovecot configuration.
|
| networking.networkmanager.dns | Set the DNS (resolv.conf) processing mode
|
| services.hostapd.radios.<name>.wifi6.singleUserBeamformee | HE single user beamformee support
|
| services.keycloak.settings.http-port | On which port Keycloak should listen for new HTTP connections.
|
| services.ersatztv.baseUrl | Base URL to support reverse proxies that use paths (e.g. /ersatztv)
|
| services.fedimintd.<name>.nginx.config.locations.<name>.root | Root directory for requests.
|
| services.hledger-web.port | Port to listen on.
|
| services.foldingathome.user | The user associated with the reported computation results
|
| services.baikal.group | Group account under which the web-application run.
|
| services.druid.middleManager.jdk | The JDK package to use.
|
| networking.wireless.driver | Force a specific wpa_supplicant driver.
|
| services.librenms.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.kimai.sites.<name>.database.charset | Database charset.
|
| services.anuko-time-tracker.settings.email.smtpUser | MTA authentication username.
|
| services.aria2.enable | Whether or not to enable the headless Aria2 daemon service
|
| programs.nix-required-mounts.extraWrapperArgs | List of extra arguments (such as --add-flags -v) to pass to the hook's wrapper
|