| security.pam.ussh.caFile | By default pam-ussh reads the trusted user CA keys
from /etc/ssh/trusted_user_ca
|
| services.h2o.hosts.<name>.host | Set the host address for this virtual host
|
| services.h2o.hosts.<name>.tls.port | Override the default TLS port for this virtual host.
|
| services.node-red.user | User under which Node-RED runs
|
| services.memos.group | The group to run Memos as.
If changing the default value, you are responsible of creating the corresponding group with users.groups.
|
| services.murmur.group | The name of an existing group to use to run the service
|
| services.wivrn.config.json | Configuration for WiVRn
|
| services.prometheus.alertmanagerGotify.defaultPriority | The default priority for messages sent to gotify.
|
| services.jenkins.home | The path to use as JENKINS_HOME
|
| services.jenkins.group | If the default user "jenkins" is configured then this is the primary
group of that user.
|
| services.baikal.pool | Name of existing phpfpm pool that is used to run web-application
|
| services.gocd-server.group | If the default user "gocd-server" is configured then this is the primary group of that user.
|
| services.code-server.user | The user to run code-server as
|
| services.syncthing.openDefaultPorts | Whether to open the default ports in the firewall: TCP/UDP 22000 for transfers
and UDP 21027 for discovery
|
| services.hylafax.commonModemConfig | Attribute set of default values for
modem config files etc/config.*
|
| nix.sshServe.write | Whether to enable writing to the Nix store as a remote store via SSH
|
| services.freshrss.baseUrl | Default URL for FreshRSS.
|
| services.actual.user | User account under which Actual runs
|
| services.leaps.address | Hostname or IP-address to listen to
|
| services.h2o.hosts.<name>.http.port | Override the default HTTP port for this virtual host.
|
| services.geth.<name>.network | The network to connect to
|
| services.outline.group | Group under which the service should run
|
| services.nylon.<name>.logging | Enable logging, default is no logging.
|
| services.system76-scheduler.settings.cfsProfiles.default.bandwidth-size | sched_cfs_bandwidth_slice_us.
|
| services.davis.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.movim.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.slskd.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| environment.enableDebugInfo | Some NixOS packages provide debug symbols
|
| services.displayManager.defaultSession | Graphical session to pre-select in the session chooser (only effective for GDM, LightDM and SDDM)
|
| services.grafana.settings.server.http_addr | Listening address.
This setting intentionally varies from upstream's default to be a bit more secure by default.
|
| services.snipe-it.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.nextcloud.phpOptions | Options for PHP's php.ini file for nextcloud
|
| services.fedimintd.<name>.nginx.config.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.syncthing.settings | Extra configuration options for Syncthing
|
| services.bind.configFile | Overridable config file to use for named
|
| services.klipper.user | User account under which Klipper runs
|
| services.kanboard.dataDir | Default data folder for Kanboard.
|
| services.atftpd.enable | Whether to enable the atftpd TFTP server
|
| services.httpd.configFile | Override the configuration file used by Apache
|
| services.coder.group | Group under which the coder service runs.
If left as the default value this group will automatically be created
on system activation, otherwise it needs to be configured manually.
|
| services.freshrss.dataDir | Default data folder for FreshRSS.
|
| services.quassel.user | The existing user the Quassel daemon should run as
|
| services.node-red.group | Group under which Node-RED runs
|
| services.outline.user | User under which the service should run
|
| services.squid.configText | Verbatim contents of squid.conf
|
| services.microbin.dataDir | Default data folder for MicroBin.
|
| services.rke2.role | Whether rke2 should run as a server or agent
|
| programs.singularity.systemBinPaths | (Extra) system-wide /**/bin paths
for Apptainer/Singularity to find command-line utilities in.
"/run/wrappers/bin" is included by default to make
utilities with SUID bit set available to Apptainer/Singularity
|
| services.kapacitor.defaultDatabase.password | The password to connect to the remote InfluxDB server
|
| services.kapacitor.defaultDatabase.username | The username to connect to the remote InfluxDB server
|
| services.gancio.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.fluidd.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.commafeed.environment | Extra environment variables passed to CommaFeed, refer to
https://github.com/Athou/commafeed/blob/master/commafeed-server/config.yml.example
for supported values
|
| services.akkoma.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.matomo.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.monica.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.code-server.group | The group to run code-server under
|
| services.caddy.user | User account under which caddy runs.
If left as the default value this user will automatically be created
on system activation, otherwise you are responsible for
ensuring the user exists before the Caddy service starts.
|
| console.font | The font used for the virtual consoles
|
| security.acme.acceptTerms | Accept the CA's terms of service
|
| services.guix.stateDir | The state directory where Guix service will store its data such as its
user-specific profiles, cache, and state files.
Changing it to something other than the default will rebuild the
package.
|
| services.deconz.device | Force deCONZ to use a specific USB device (e.g. /dev/ttyACM0)
|
| services.mysql.user | User account under which MySQL runs.
If left as the default value this user will automatically be created
on system activation, otherwise you are responsible for
ensuring the user exists before the MySQL service starts.
|
| services.clamav.scanner.scanDirectories | List of directories to scan
|
| services.unpoller.unifi.controllers.*.sites | List of site names for which statistics should be exported
|
| services.neo4j.ssl.policies.<name>.revokedDir | Path to directory of CRLs (Certificate Revocation Lists) in
PEM format
|
| services.forgejo.dump.file | Filename to be used for the dump
|
| hardware.i2c.enable | Whether to enable i2c devices support
|
| services.h2o.defaultTLSRecommendations | By default, H2O, without prejudice, will use as many TLS versions &
cipher suites as it & the TLS library (OpenSSL) can support
|
| services.actual.group | Group account under which Actual runs
|
| services.ferm.enable | Whether to enable Ferm Firewall.
Warning: Enabling this service WILL disable the existing NixOS
firewall! Default firewall rules provided by packages are not
considered at the moment.
|
| services.ifm.settings | Configuration of the IFM service
|
| services.maddy.user | User account under which maddy runs.
If left as the default value this user will automatically be created
on system activation, otherwise the sysadmin is responsible for
ensuring the user exists before the maddy service starts.
|
| services.rss-bridge.pool | Name of phpfpm pool that is used to run web-application
|
| services.quickwit.user | The user Quickwit runs as
|
| services.nginx.gitweb.user | Existing user that the CGI process will belong to. (Default almost surely will do.)
|
| services.mysql.configFile | Override the configuration file used by MySQL
|
| services.temporal.user | The user Temporal runs as
|
| services.zeyple.user | User to run Zeyple as.
If left as the default value this user will automatically be created
on system activation, otherwise the sysadmin is responsible for
ensuring the user exists.
|
| services.meilisearch.payloadSizeLimit | Sets the maximum size of accepted JSON payloads
|
| services.schleuder.settings.keyserver | Key server from which to fetch and update keys
|
| services.postgresql.authentication | Defines how users authenticate themselves to the server
|
| programs.thefuck.alias | thefuck needs an alias to be configured
|
| services.cfssl.dataDir | The work directory for CFSSL.
If left as the default value this directory will automatically be
created before the CFSSL server starts, otherwise you are
responsible for ensuring the directory exists with appropriate
ownership and permissions.
|
| services.caddy.group | Group under which caddy runs.
If left as the default value this group will automatically be created
on system activation, otherwise you are responsible for
ensuring the group exists before the Caddy service starts.
|
| services.bitcoind.<name>.port | Override the default port on which to listen for connections.
|
| services.bee.daemonNiceLevel | Daemon process priority for bee.
0 is the default Unix process priority, 19 is the lowest.
|
| hardware.bladeRF.enable | Enables udev rules for BladeRF devices
|
| services.dovecot2.mailUser | Default user to store mail for virtual users.
|
| services.klipper.group | Group account under which Klipper runs
|
| services.klipper.configFile | Path to default Klipper config.
|
| services.flannel.iface | Interface to use (IP or name) for inter-host communication
|
| services.i2pd.limits.ntcpSoft | Threshold to start probabalistic backoff with ntcp sessions (default: use system limit).
|
| services.patroni.user | The user for the service
|
| services.selfoss.pool | Name of existing phpfpm pool that is used to run web-application
|
| services.mpd.dataDir | The directory where MPD stores its state, tag cache, playlists etc
|
| services.anubis.defaultOptions.settings.POLICY_FNAME | The policy file to use
|
| services.transmission.enable | Whether to enable the headless Transmission BitTorrent daemon
|
| <imports = [ pkgs.php.services.default ]>.php-fpm.settings.log_level | Error log level.
|
| services.anubis.defaultOptions.policy.settings | Additional policy settings merged into the policy file
|