| networking.supplicant | Interfaces for which to start wpa_supplicant
|
| services.xserver.desktopManager.surf-display.pointerButtonMap | Disable right and middle pointer device click in browser sessions
while keeping scrolling wheels' functionality intact
|
| virtualisation.fileSystems.<name>.encrypted.blkDev | Location of the backing encrypted device.
|
| services.prometheus.exporters.py-air-control.protocol | The protocol to use when communicating with the air purification device
|
| networking.interfaces.<name>.proxyARP | Turn on proxy_arp for this device
|
| services.hostapd.radios.<name>.countryCode | Country code (ISO/IEC 3166-1)
|
| services.libinput.touchpad.accelProfile | Sets the pointer acceleration profile to the given profile
|
| services.multipath.devices.*.san_path_err_forget_rate | If set to a value greater than 0, multipathd will check whether the path
failures has exceeded the san_path_err_threshold within this many checks
i.e san_path_err_forget_rate
|
| networking.networkmanager.wifi.backend | Specify the Wi-Fi backend used for the device
|
| services.your_spotify.settings.API_ENDPOINT | The endpoint of your server
This api has to be reachable from the device you use the website from not from the server
|
| networking.networkmanager.wifi.scanRandMacAddress | Whether to enable MAC address randomization of a Wi-Fi device
during scanning.
|
| virtualisation.fileSystems.<name>.depends | List of paths that should be mounted before this one
|
| networking.networkmanager.unmanaged | List of interfaces that will not be managed by NetworkManager
|
| services.tailscale.authKeyParameters.preauthorized | Whether to skip manual device approval.
|
| services.multipath.devices.*.san_path_err_recovery_time | If set to a value greater than 0, multipathd will make sure that when
path failures has exceeded the san_path_err_threshold within
san_path_err_forget_rate then the path will be placed in failed state
for san_path_err_recovery_time duration
|
| services.prometheus.exporters.mqtt.zigbee2MqttAvailability | Whether to enable Normalize sensor name for device availability metric added by Zigbee2MQTT..
|
| virtualisation.fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| hardware.block.scheduler | Assign block I/O scheduler by device name pattern
|
| virtualisation.virtualbox.host.enableHardening | Enable hardened VirtualBox, which ensures that only the binaries in the
system path get access to the devices exposed by the kernel modules
instead of all users in the vboxusers group.
Disabling this can put your system's security at risk, as local users
in the vboxusers group can tamper with the VirtualBox device files.
|
| services.bacula-sd.autochanger.<name>.changerCommand | The name-string specifies an external program to be called that will
automatically change volumes as required by Bacula
|
| services.jellyfin.transcoding.enableSubtitleExtraction | Embedded subtitles can be extracted from videos and delivered to clients in plain text, in order to help prevent video transcoding
|
| services.multipath.devices.*.marginal_path_err_sample_time | One of the four parameters of supporting path check based on accounting IO error such as intermittent error
|
| services.prometheus.exporters.ecoflow.ecoflowDevicesPrettyNamesFile | File must contain one line, example: {"R3300000":"Delta 2","R3400000":"Delta Pro",...}
The key/value map of custom names for your devices
|
| services.prometheus.exporters.ecoflow.mqttDeviceOfflineThreshold | The threshold in seconds which indicates how long we should wait for a metric message from MQTT broker
|
| services.multipath.devices.*.marginal_path_err_rate_threshold | The error rate threshold as a permillage (1/1000)
|
| services.multipath.devices.*.marginal_path_double_failed_time | One of the four parameters of supporting path check based on accounting IO error such as intermittent error
|
| services.multipath.devices.*.marginal_path_err_recheck_gap_time | One of the four parameters of supporting path check based on accounting IO error such as intermittent error
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.hw_offload | Enable hardware offload for this CHILD_SA, if supported by the IPsec
implementation
|
| services.prometheus.exporters.ecoflow.ecoflowDevicesFile | File must contain one line, example: R3300000,R3400000,NC430000,...
|
| services.pipewire.wireplumber.extraConfig | Additional configuration for the WirePlumber daemon when run in
single-instance mode (the default in nixpkgs and currently the only
supported way to run WirePlumber configured via extraConfig)
|
| boot.loader.systemd-boot.installDeviceTree | Install the devicetree blob specified by config.hardware.deviceTree.name
to the ESP and instruct systemd-boot to pass this DTB to linux.
|
| zramSwap.priority | Priority of the zram swap devices
|
| zramSwap.memoryMax | Maximum total amount of memory (in bytes) that can be stored in the zram
swap devices
|
| power.ups.ups | This is where you configure all the UPSes that this system will be
monitoring directly
|
| services.rshim.config | Structural setting for the rshim configuration file
(/etc/rshim.conf)
|
| zramSwap.memoryPercent | Maximum total amount of memory that can be stored in the zram swap devices
(as a percentage of your total memory)
|
| zramSwap.enable | Enable in-memory compressed devices and swap space provided by the zram
kernel module
|
| services.syncthing.overrideDevices | Whether to delete the devices which are not configured via the
devices option
|
| power.ups.enable | Whether to enable support for Power Devices, such as Uninterruptible Power
Supplies, Power Distribution Units and Solar Controllers
.
|
| zramSwap.swapDevices | Number of zram devices to be used as swap, recommended is 1.
|
| services.smartd.autodetect | Whenever smartd should monitor all devices connected to the
machine at the time it's being started (the default)
|
| hardware.i2c.group | Grant access to i2c devices (/dev/i2c-*) to users in this group.
|
| hardware.cpu.x86.msr.mode | Mode to set for devices of the msr kernel subsystem.
|
| hardware.cpu.x86.msr.owner | Owner to set for devices of the msr kernel subsystem.
|
| hardware.cpu.x86.msr.group | Group to set for devices of the msr kernel subsystem.
|
| boot.initrd.clevis.useTang | Whether the Clevis JWE file used to decrypt the devices uses a Tang server as a pin.
|
| boot.initrd.luks.fido2Support | Enables support for authenticating with FIDO2 devices.
|
| hardware.ledger.enable | Whether to enable udev rules for Ledger devices.
|
| services.esphome.usePing | Use ping to check online status of devices instead of mDNS
|
| systemd.network.netdevs | Definition of systemd network devices.
|
| hardware.i2c.enable | Whether to enable i2c devices support
|
| hardware.libftdi.enable | Whether to enable udev rules for devices supported by libftdi.
|
| hardware.bladeRF.enable | Enables udev rules for BladeRF devices
|
| services.hdapsd.enable | Whether to enable Hard Drive Active Protection System Daemon,
devices are detected and managed automatically by udev and systemd
.
|
| hardware.saleae-logic.enable | Whether to enable udev rules for Saleae Logic devices.
|
| programs.pmount.enable | Whether to enable pmount, a tool that allows normal users to mount removable devices
without requiring root privileges
.
|
| security.tpm2.applyUdevRules | Whether to make the /dev/tpm[0-9] devices accessible by the tssUser, or
the /dev/tpmrm[0-9] by tssGroup respectively
|
| hardware.cpu.x86.msr.enable | Whether to enable the msr (Model-Specific Registers) kernel module and configure udev rules for its devices (usually /dev/cpu/*/msr).
|
| services.udisks2.enable | Whether to enable udisks2, a DBus service that allows applications to query and manipulate storage devices.
|
| services.nbd.server.exports | Files or block devices to make available over the network.
|
| hardware.nitrokey.enable | Enables udev rules for Nitrokey devices.
|
| boot.loader.grub.mirroredBoots | Mirror the boot configuration to multiple partitions and install grub
to the respective devices corresponding to those partitions.
|
| services.novacomd.enable | Whether to enable Novacom service for connecting to WebOS devices.
|
| services.fanout.fanoutDevices | Number of /dev/fanout devices
|
| networking.vlans | This option allows you to define vlan devices that tag packets
on top of a physical interface
|
| networking.wireless.enableHardening | Whether to apply security hardening measures to wpa_supplicant
|
| hardware.sensor.iio.enable | Enable this option to support IIO sensors with iio-sensor-proxy
|
| hardware.logitech.lcd.enable | Whether to enable support for Logitech LCD Devices.
|
| services.pcscd.readerConfigs | Configuration for devices that aren't hotpluggable
|
| networking.bonds | This option allows you to define bond devices that aggregate multiple,
underlying networking interfaces together
|
| hardware.rtl-sdr.enable | Enables rtl-sdr udev rules, ensures 'plugdev' group exists, and blacklists DVB kernel modules
|
| boot.initrd.systemd.repart.empty | Controls how to operate on empty devices that contain no partition table yet
|
| services.avahi.openFirewall | Whether to open the firewall for UDP port 5353
|
| hardware.spacenavd.enable | Whether to enable spacenavd to support 3DConnexion devices.
|
| hardware.sane.brscan4.netDevices | The list of network devices that will be registered against the brscan4
sane backend.
|
| hardware.sane.brscan5.netDevices | The list of network devices that will be registered against the brscan5
sane backend.
|
| boot.initrd.systemd.network.netdevs | Definition of systemd network devices.
|
| hardware.hackrf.enable | Enables hackrf udev rules and ensures 'plugdev' group exists
|
| services.zram-generator.enable | Whether to enable Systemd unit generator for zram devices.
|
| boot.initrd.systemd.dmVerity.enable | Mount verity-protected block devices in the initrd
|
| networking.bridges | This option allows you to define Ethernet bridge devices
that connect physical networks together
|
| hardware.hid-fanatecff.enable | Whether to enable hid-fanatecff, a Linux kernel driver that aims to add support for Fanatec devices.
|
| services.airsonic.jvmOptions | Extra command line options for the JVM running AirSonic
|
| hardware.sane.extraBackends | Packages providing extra SANE backends to enable.
The example contains the package for HP scanners, and the package for
Apple AirScan and Microsoft WSD support (supports many
vendors/devices).
|
| services.mediamtx.allowVideoAccess | Whether to enable access to video devices like cameras on the system
.
|
| services.rustdesk-server.enable | Whether to enable RustDesk, a remote access and remote control software, allowing maintenance of computers and other devices.
|
| virtualisation.spiceUSBRedirection.enable | Install the SPICE USB redirection helper with setuid
privileges
|
| programs.joycond-cemuhook.enable | Whether to enable joycond-cemuhook, a program to enable support for cemuhook's UDP protocol for joycond devices.
|
| hardware.libjaylink.enable | Whether to enable udev rules for devices supported by libjaylink
|
| hardware.logitech.wireless.enable | Whether to enable support for Logitech Wireless Devices.
|
| hardware.flipperzero.enable | Whether to enable udev rules and software for Flipper Zero devices.
|
| hardware.block.defaultScheduler | Default block I/O scheduler
|
| services.multipath.blacklist | This section defines which devices should be excluded from the
multipath topology discovery.
|
| services.input-remapper.enableUdevRules | Whether to enable udev rules added by input-remapper to handle hotplugged devices
|
| services.hostapd.radios.<name>.wifi4.enable | Enables support for IEEE 802.11n (WiFi 4, HT)
|
| hardware.cpu.intel.sgx.enableDcapCompat | Whether to enable backward compatibility for SGX software build for the
out-of-tree Intel SGX DCAP driver
|
| services.mirakurun.allowSmartCardAccess | Install polkit rules to allow Mirakurun to access smart card readers
which is commonly used along with tuner devices.
|
| services.usbguard.rules | The USBGuard daemon will load this as the policy rule set
|
| programs.wireshark.usbmon.enable | Whether to allow users in the 'wireshark' group to capture USB traffic
|
| hardware.openrazer.syncEffectsEnabled | Set the sync effects flag to true so any assignment of
effects will work across devices.
|