| services.bacula-sd.director.<name>.tls.enable | Specifies if TLS should be enabled
|
| services.bacula-fd.director.<name>.tls.enable | Specifies if TLS should be enabled
|
| services.filebeat.inputs | Inputs specify how Filebeat locates and processes input data
|
| services.bookstack.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.jirafeau.nginxConfig.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.umurmur.settings.welcometext | Welcome message for connected clients.
|
| services.nginx.virtualHosts.<name>.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.postgresql.systemCallFilter | Configures the syscall filter for postgresql.service
|
| services.fedimintd.<name>.nginx.config.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.bacula-fd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.bacula-sd.director.<name>.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.filebeat.modules | Filebeat modules provide a quick way to get started
processing common log formats
|
| services.traefik.dynamic.dir | Path to the directory Traefik should watch for configuration files.
Files in this directory matching the glob _nixos-* (reserved for Nix-managed dynamic configurations) will be deleted as part of
systemd-tmpfiles-resetup.service, regardless of their origin..
|
| services.limesurvey.nginx.virtualHost.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.nncp.daemon.socketActivation.listenStreams | TCP sockets to bind to
|
| services.metricbeat.modules | Metricbeat modules are responsible for reading metrics from the various sources
|
| services.misskey.reverseProxy.webserver.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| boot.kernel.sysctl | Runtime parameters of the Linux kernel, as set by
sysctl(8)
|
| services.openssh.authorizedKeysInHomedir | Enables the use of the ~/.ssh/authorized_keys file
|
| services.syncthing.overrideFolders | Whether to delete the folders which are not configured via the
folders option
|
| services.monado.defaultRuntime | Whether to enable Monado as the default OpenXR runtime on the system
|
| services.wivrn.defaultRuntime | Whether to enable WiVRn as the default OpenXR runtime on the system
|
| services.postsrsd.settings.chroot-dir | Path to chroot into at runtime as an additional layer of protection.
We confine the runtime environment through systemd hardening instead, so this option is read-only.
|
| services.matrix-synapse.log | Default configuration for the loggers used by matrix-synapse and its workers
|
| services.galene.keyFile | Path to the server's private key
|
| services.scx.extraArgs | Parameters passed to the chosen scheduler at runtime.
Run chosen-scx-scheduler --help to see the available options
|
| networking.tempAddresses | Whether to enable IPv6 Privacy Extensions for interfaces not
configured explicitly in
networking.interfaces._name_.tempAddress
|
| services.node-red.withNpmAndGcc | Give Node-RED access to NPM and GCC at runtime, so 'Nodes' can be
downloaded and managed imperatively via the 'Palette Manager'.
|
| services.galene.certFile | Path to the server's certificate
|
| services.pgbackrest.stanzas.<name>.settings | An attribute set of options as described in:
https://pgbackrest.org/configuration.html
All options can be used
|
| services.traefik.dynamic.files | Dynamic configuration files to write
|
| services.bacula-sd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.bacula-fd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| virtualisation.rosetta.mountTag | The VirtioFS mount tag for the Rosetta runtime, exposed by the host's virtualisation software
|
| services.bacula-fd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| services.bacula-sd.director.<name>.tls.caCertificateFile | The path specifying a PEM encoded TLS CA certificate(s)
|
| hardware.amdgpu.opencl.enable | Whether to enable OpenCL support using ROCM runtime library.
|
| services.wiki-js.settings.logLevel | Define how much detail is supposed to be logged at runtime.
|
| services.linyaps.enable | Whether to enable linyaps, a cross-distribution package manager with sandboxed apps and shared runtime.
|
| services.bird.preCheckConfig | Commands to execute before the config file check
|
| services.athens.goBinary | The Go package used by Athens at runtime
|
| services.couchdb.configFile | Configuration file for persisting runtime changes
|
| services.maddy.tls.loader | TLS certificates are obtained by modules called "certificate
loaders"
|
| services.forgejo.customDir | Base directory for custom templates and other options
|
| services.lighttpd.cgit.configText | Verbatim contents of the cgit runtime configuration file
|
| services.zitadel.settings | Contents of the runtime configuration file
|
| services.unifi.maximumJavaHeapSize | Set the maximum heap size for the JVM in MB
|
| services.unifi.initialJavaHeapSize | Set the initial heap size for the JVM in MB
|
| system.nixos.label | NixOS version name to be used in the names of generated
outputs and boot labels
|
| hardware.amdgpu.amdvlk.settings | Runtime settings for AMDVLK to be configured /etc/amd/amdVulkanSettings.cfg
|
| boot.plymouth.font | Font file made available for displaying text on the splash screen.
|
| services.wivrn.config.json | Configuration for WiVRn
|
| nix.extraOptions | Additional text appended to nix.conf.
|
| services.prometheus.rules | Alerting and/or Recording rules to evaluate at runtime.
|
| services.rkvm.server.settings.switch-keys | A key list specifying a host switch combination.
A list of key names is available in https://github.com/htrefil/rkvm/blob/master/switch-keys.md.
|
| services.riemann.configFiles | Extra files containing Riemann configuration
|
| services.jupyter.extraPackages | Extra packages to be available in the jupyter runtime environment
|
| services.flannel.storageBackend | Determines where flannel stores its configuration at runtime
|
| hardware.alsa.defaultDevice.capture | The default capture device (i.e. microphone)
|
| services.apcupsd.configText | Contents of the runtime configuration file, apcupsd.conf
|
| services.netdata.python.extraPackages | Extra python packages available at runtime
to enable additional python plugins.
|
| services.deluge.extraPackages | Extra packages available at runtime to enable Deluge's plugins
|
| services.activemq.extraJavaOptions | Add extra options here that you want to be sent to the
Java runtime when the broker service is started.
|
| services.moonraker.analysis.enable | Whether to enable Runtime analysis with klipper-estimator.
|
| hardware.alsa.defaultDevice.playback | The default playback device
|
| services.nextcloud.settings.mail_send_plaintext_only | Email will be sent by default with an HTML and a plain text body
|
| services.gotify.stateDirectoryName | The name of the directory below /var/lib where
gotify stores its runtime data.
|
| services.nginx.uwsgiResolveWhileRunning | Resolves domains of uwsgi targets at runtime
and not only at start, you have to set
services.nginx.resolver, too.
|
| boot.loader.grub.splashImage | Background image used for GRUB
|
| services.userdbd.enableSSHSupport | Whether to enable exposing OpenSSH public keys defined in userdb
|
| services.monado.forceDefaultRuntime | Whether to ensure that Monado is the active runtime set for the current
user
|
| services.dae.config | WARNING: This option will expose store your config unencrypted world-readable in the nix store
|
| services.rabbitmq.config | Verbatim advanced configuration file contents using the Erlang syntax
|
| services.evcc.environmentFile | File with environment variables to pass into the runtime environment
|
| services.ntp.extraConfig | Additional text appended to ntp.conf.
|
| services.firewalld.settings.FlushAllOnReload | Whether to flush all runtime rules on a reload.
|
| services.davis.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.movim.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.slskd.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.mirakurun.tunerSettings | Options which are added to tuners.yml
|
| services.snipe-it.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.crossfire-server.stateDir | Where to store runtime data (save files, persistent items, etc)
|
| services.buffyboard.settings.theme.default | Selects the default theme on boot
|
| services.nginx.proxyResolveWhileRunning | Resolves domains of proxyPass targets at runtime and not only at startup
|
| services.athens.storage.gcp.jsonKey | Base64 encoded GCP service account key
|
| services.borgbackup.jobs.<name>.extraInitArgs | Additional arguments for borg init
|
| security.sudo.extraConfig | Extra configuration text appended to sudoers.
|
| services.schleuder.extraSettingsFile | YAML file to merge into the schleuder config at runtime
|
| security.sudo-rs.extraConfig | Extra configuration text appended to sudoers.
|
| services.akkoma.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.gancio.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.fluidd.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.matomo.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.monica.nginx.basicAuth | Basic Auth protection for a vhost
|
| services.borgbackup.jobs.<name>.extraPruneArgs | Additional arguments for borg prune
|
| services.vault.extraConfig | Extra text appended to vault.hcl.
|
| services.rabbitmq.configItems | Configuration options in RabbitMQ's new config file format,
which is a simple key-value format that can not express nested
data structures
|
| services.mirakurun.channelSettings | Options which are added to channels.yml
|
| services.solanum.motd | Solanum MOTD text
|
| boot.loader.grub.users.<name>.password | Specifies the clear text password for the account
|