| services.nginx.enableQuicBPF | Enables routing of QUIC packets using eBPF
|
| services.thinkfan.fans.*.type | The fan type, can be
hwmon for standard fans,
atasmart to read the temperature via
S
|
| services.limesurvey.httpd.virtualHost.globalRedirect | If set, all requests for this host are redirected permanently to
the given URL.
|
| system.autoUpgrade.enable | Whether to periodically upgrade NixOS to the latest
version
|
| services.dovecot2.enableImap | Whether to enable starting the IMAP listener (when Dovecot is enabled).
|
| services.dovecot2.enableLmtp | Whether to enable starting the LMTP listener (when Dovecot is enabled).
|
| fileSystems.<name>.overlay.upperdir | The path to the upperdir
|
| services.bitwarden-directory-connector-cli.ldap.ssl | Whether to use TLS.
|
| services.resolved.llmnr | Controls Link-Local Multicast Name Resolution support
(RFC 4795) on the local host
|
| services.pixelfed.nginx | With this option, you can customize an nginx virtual host which already has sensible defaults for Pixelfed
|
| hardware.nvidia.prime.sync.enable | Whether to enable NVIDIA Optimus support using the NVIDIA proprietary driver via PRIME
|
| services.bitwarden-directory-connector-cli.ldap.ad | Whether the LDAP Server is an Active Directory.
|
| services.rustus.storage.dir_structure | pattern of a directory structure locally and on s3
|
| services.limesurvey.nginx.virtualHost.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.maubot.settings.plugin_directories.load | The directories from which plugins should be loaded
|
| services.bitbox-bridge.runOnMount | Run bitbox-bridge.service only when hardware wallet is plugged, also registers the systemd device unit
|
| fileSystems.<name>.overlay.lowerdir | The list of path(s) to the lowerdir(s)
|
| services.limesurvey.nginx.virtualHost.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| services.kanboard.nginx | With this option, you can customize an NGINX virtual host which already
has sensible defaults for Kanboard
|
| services.tarsnap.archives.<name>.directories | List of filesystem paths to archive.
|
| services.wordpress.sites.<name>.virtualHost.globalRedirect | If set, all requests for this host are redirected permanently to
the given URL.
|
| security.pam.services.<name>.enableUMask | If enabled, the pam_umask module will be loaded.
|
| services.mobilizon.settings.":mobilizon"."Mobilizon.Storage.Repo".socket_dir | Path to the postgres socket directory
|
| services.ollama.acceleration | What interface to use for hardware acceleration
|
| services.mpd.settings.playlist_directory | The directory where MPD stores playlists
|
| services.bitwarden-directory-connector-cli.ldap.port | Port LDAP is accessible on.
|
| services.maubot.settings.plugin_directories | Plugin directory paths
|
| services.znapzend.features.compressed | Whether to enable compressed feature which adds the options -Lce to
the zfs send command
|
| hardware.tuxedo-drivers.settings.fn-lock | Enables or disables the laptop keyboard's Function (Fn) lock at boot
|
| services.tabby.acceleration | Specifies the device to use for hardware acceleration.
cpu: no acceleration just use the CPUrocm: supported by modern AMD GPUscuda: supported by modern NVIDIA GPUsmetal: supported on darwin aarch64 machines
Tabby will try and determine what type of acceleration that is
already enabled in your configuration when acceleration = null.
- nixpkgs.config.cudaSupport
- nixpkgs.config.rocmSupport
- if stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64
IFF multiple acceleration methods are found to be enabled or if you
haven't set either cudaSupport or rocmSupport you will have to
specify the device type manually here otherwise it will default to
the first from the list above or to cpu.
|
| services.bacula-sd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.bacula-fd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.tomcat.purifyOnStart | On startup, the baseDir directory is populated with various files,
subdirectories and symlinks
|
| nix.channel.enable | Whether the nix-channel command and state files are made available on the machine
|
| services.maubot.settings.plugin_directories.trash | The directory where old plugin versions and conflicting plugins should be moved
|
| services.terraria.enable | If enabled, starts a Terraria server
|
| services.pdfding.backup.enable | Automatic backup of important data to a AWS S3 (or compatible) instance
|
| services.maubot.settings.plugin_directories.upload | The directory where uploaded new plugins should be stored.
|
| services.libinput.mouse.sendEventsMode | Sets the send events mode to disabled, enabled,
or disabled-on-external-mouse
|
| services.bitwarden-directory-connector-cli.sync.users | Sync users.
|
| services.radicle.httpd.nginx | With this option, you can customize an nginx virtual host which already has sensible defaults for radicle-httpd
|
| services.eternal-terminal.silent | If enabled, disables all logging.
|
| services.bitwarden-directory-connector-cli.user | User to run the program.
|
| services.firewalld.settings.NftablesTableOwner | If enabled, the generated nftables rule set will be owned exclusively by firewalld
|
| services.radicle.httpd.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.vsftpd.ssl_sslv2 | Only applies if ssl_enable is activated
|
| services.vsftpd.ssl_sslv3 | Only applies if ssl_enable is activated
|
| services.vsftpd.ssl_tlsv1 | Only applies if ssl_enable is activated
|
| services.misskey.reverseProxy.webserver.nginx.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.bitwarden-directory-connector-cli.ldap.rootPath | Root path for LDAP.
|
| services.misskey.reverseProxy.webserver.nginx.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| boot.initrd.network.udhcpc.extraArgs | Additional command-line arguments passed verbatim to
udhcpc if boot.initrd.network.enable and
boot.initrd.network.udhcpc.enable are enabled.
|
| services.bitwarden-directory-connector-cli.sync.userPath | User directory, relative to root.
|
| services.dolibarr.nginx | With this option, you can customize an nginx virtual host which already has sensible defaults for Dolibarr
|
| services.jitsi-meet.nginx.enable | Whether to enable nginx virtual host that will serve the javascript application and act as
a proxy for the XMPP server
|
| services.redsocks.redsocks.*.redirectInternetOnly | Exclude all non-globally-routable IPs from redsocks
|
| services.bitwarden-directory-connector-cli.ldap.startTls | Whether to use STARTTLS.
|
| services.nextcloud.settings.skeletondirectory | The directory where the skeleton files are located
|
| services.nsd.zones.<name>.multiMasterCheck | If enabled, checks all masters for the last zone version
|
| services.nextcloud.maxUploadSize | The upload limit for files
|
| services.vdirsyncer.jobs.<name>.additionalGroups | additional groups to add the dynamic user to
|
| services.cloudlog.upload-qrz.enable | Whether to periodically upload logs to QRZ
|
| services.archisteamfarm.enable | If enabled, starts the ArchisSteamFarm service
|
| services.caddy.adapter | Name of the config adapter to use
|
| systemd.sysusers.enable | If enabled, users are created with systemd-sysusers instead of with
the custom update-users-groups.pl script
|
| services.cloudlog.update-dok.enable | Whether to periodically update the DOK resource file
|
| nix.buildMachines | This option lists the machines to be used if distributed builds are
enabled (see nix.distributedBuilds)
|
| system.nssDatabases.services | List of services entries to configure in /etc/nsswitch.conf
|
| services.getty.autologinOnce | If enabled the automatic login will only happen in the first tty
once per boot
|
| services.dolibarr.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.fediwall.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.agorakit.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.librenms.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.kanboard.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.pixelfed.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.mainsail.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.bacula-sd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.bacula-fd.director.<name>.tls.certificate | The full path to the PEM encoded TLS certificate
|
| services.bitwarden-directory-connector-cli.sync.groupPath | Group directory, relative to root.
|
| services.mchprs.whitelist.enable | Whether or not the whitelist (in whitelist.json) shoud be enabled
|
| services.firewalld.settings.StrictForwardPorts | If enabled, the generated destination NAT (DNAT) rules will NOT accept traffic that was DNAT'd by other entities, e.g. docker
|
| services.matrix-synapse.workers | Options for configuring workers
|
| services.bitwarden-directory-connector-cli.sync.groups | Whether to sync ldap groups into BitWarden.
|
| services.longview.nginxStatusUrl | The Nginx status page URL
|
| services.cloudlog.update-sota.enable | Whether to periodically update the SOTA database
|
| services.cloudlog.update-wwff.enable | Whether to periodically update the WWFF database
|
| security.pam.services.<name>.failDelay.enable | If enabled, this will replace the FAIL_DELAY setting from login.defs
|
| services.cloudlog.upload-lotw.enable | Whether to periodically upload logs to LoTW
|
| services.nghttpx.single-thread | Run everything in one thread inside the worker process
|
| services.mchprs.whitelist.list | Whitelisted players, only has an effect when
services.mchprs.declarativeWhitelist is
true and the whitelist is enabled
via services.mchprs.whitelist.enable
|
| services.akkoma.config.":pleroma".":instance".upload_dir | Directory where Akkoma will put uploaded files.
|
| services.crossfire-server.enable | If enabled, the Crossfire game server will be started at boot.
|
| services.bitwarden-directory-connector-cli.domain | The domain the Bitwarden/Vaultwarden is accessible on.
|
| services.etebase-server.enable | Whether to enable the Etebase server
|
| services.bitwarden-directory-connector-cli.sync.userFilter | LDAP filter for users.
|
| services.gitlab.secrets.otpFile | A file containing the secret used to encrypt secrets for OTP
tokens
|
| services.grafana.settings.analytics.feedback_links_enabled | Set to false to remove all feedback links from the UI.
|
| services.bitwarden-directory-connector-cli.enable | Whether to enable Bitwarden Directory Connector.
|
| services.printing.webInterface | Specifies whether the web interface is enabled.
|
| services.rsyncd.socketActivated | If enabled Rsync will be socket-activated rather than run persistently.
|