| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.protocol | The protocol to allow
|
| services.discourse.enable | Whether to enable Discourse, an open source discussion platform.
|
| services.headscale.enable | Whether to enable headscale, Open Source coordination server for Tailscale.
|
| boot.loader.systemd-boot.extraFiles | A set of files to be copied to $BOOT
|
| programs.fish.vendor.config.enable | Whether fish should source configuration snippets provided by other packages.
|
| programs.localsend.enable | Whether to enable localsend, an open source cross-platform alternative to AirDrop.
|
| services.ntp.restrictSource | The restriction flags to be set on source
|
| services.znapzend.zetup.<name>.enable | Whether to enable this source.
|
| networking.interfaces.<name>.tempAddress | When IPv6 is enabled with SLAAC, this option controls the use of
temporary address (aka privacy extensions) on this
interface
|
| services.maubot.settings.server.override_resource_path | Override path from where to load UI resources.
|
| services.syncthing.enable | Whether to enable Syncthing, a self-hosted open-source alternative to Dropbox and Bittorrent Sync.
|
| services.logmein-hamachi.enable | Whether to enable LogMeIn Hamachi, a proprietary
(closed source) commercial VPN software.
|
| services.syncoid.localSourceAllow | Permissions granted for the services.syncoid.user user
for local source datasets
|
| fileSystems.<name>.device | The device as passed to mount
|
| services.spiped.config.<name>.encrypt | Take unencrypted connections from the
source socket and send encrypted
connections to the target socket.
|
| services.spiped.config.<name>.decrypt | Take encrypted connections from the
source socket and send unencrypted
connections to the target socket.
|
| services.znapzend.zetup.<name>.dataset | The dataset to use for this source.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.resources | List of HTTP resources to serve on this listener.
|
| containers.<name>.forwardPorts.*.hostPort | Source port of the external interface on host
|
| services.snapserver.streams | The definition for an input source.
|
| hardware.deviceTree.kernelPackage | Kernel package where device tree include directory is from
|
| services.suwayomi-server.enable | Whether to enable Suwayomi, a free and open source manga reader server that runs extensions built for Tachiyomi.
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.addressDescription | An optional description for resource address, usually a full link to the resource including a schema.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.resources.*.names | List of resources to host on this listener.
|
| services.geoclue2.staticAltitude | Altitude in meters to use for the static source.
|
| services.geoclue2.staticAccuracy | Accuracy radius in meters to use for the static source.
|
| services.geoclue2.staticLatitude | Latitude to use for the static source
|
| services.amule.settings.eMule.UDPPort | UDP port for eD2k traffic (searches, source exchange) and all Kad network communication
|
| services.privatebin.enable | Whether to enable Privatebin: A minimalist, open source online
pastebin where the server has zero knowledge of pasted data..
|
| services.znapzend.features.skipIntermediates | Whether to enable the skipIntermediates feature to send a single increment
between latest common snapshot and the newly made one
|
| services.sks.webroot | Source directory (will be symlinked, if not null) for the files the
built-in webserver should serve
|
| services.lubelogger.enable | Whether to enable LubeLogger, a self-hosted, open-source, web-based vehicle maintenance and fuel milage tracker.
|
| services.rke2.images | List of derivations that provide container images
|
| services.znapzend.zetup.<name>.presnap | Command to run before snapshots are taken on the source dataset,
e.g. for database locking/flushing
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.resources.*.compress | Whether synapse should compress HTTP responses to clients that support it
|
| services.geoclue2.staticLongitude | Longitude to use for the static source
|
| services.ebusd.device | Use DEV as eBUS device [/dev/ttyUSB0]
|
| services.sabnzbd.allowConfigWrite | By default we create the sabnzbd configuration read-only,
which keeps the nixos configuration as the single source
of truth
|
| boot.loader.limine.additionalFiles | A set of files to be copied to /boot
|
| boot.loader.refind.additionalFiles | A set of files to be copied to /boot
|
| services.qbittorrent.extraArgs | Extra arguments passed to qbittorrent
|
| services.firewalld.settings.IPv6_rpfilter | Performs reverse path filtering (RPF) on IPv6 packets as per RFC 3704
|
| services.znapzend.zetup.<name>.postsnap | Command to run after snapshots are taken on the source dataset,
e.g. for database unlocking
|
| hardware.tuxedo-drivers.enable | Whether to enable The tuxedo-drivers driver enables access to the following on TUXEDO notebooks:
- Driver for Fn-keys
- SysFS control of brightness/color/mode for most TUXEDO keyboards
- Hardware I/O driver for TUXEDO Control Center
For more inforation it is best to check at the source code description: https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers
.
|
| services.ntpd-rs.useNetworkingTimeServers | Use source time servers from networking.timeServers in config.
|
| swapDevices.*.randomEncryption.keySize | Set the encryption key size for the plain device
|
| services.spiped.config.<name>.waitForDNS | Wait for DNS
|
| services.opencloud.settings | Additional YAML configuration for OpenCloud services
|
| containers.<name>.extraVeths.<name>.forwardPorts.*.hostPort | Source port of the external interface on host
|
| boot.specialFileSystems.<name>.device | The device as passed to mount
|
| services.pufferpanel.environment | Environment variables to set for the service
|
| services.firezone.server.provision.accounts.<name>.features.internet_resource | Whether to enable the internet_resource feature for this account.
|
| services.journald.remote.output | The location of the output journal
|
| services.dashy.enable | Whether to enable Dashy, a highly customizable, easy to use, privacy-respecting dashboard app
|
| services.nsd.ratelimit.ratelimit | Max qps allowed from any query source.
0 means unlimited
|
| services.vmalert.instances.<name>.enable | Wether to enable VictoriaMetrics's vmalert.
vmalert evaluates alerting and recording rules against a data source, sends notifications via Alertmanager.
|
| services.victorialogs.enable | Whether to enable VictoriaLogs is an open source user-friendly database for logs from VictoriaMetrics.
|
| services.sourcehut.settings."hg.sr.ht".clone_bundle_threshold | .hg/store size (in MB) past which the nightly job generates clone bundles.
|
| programs.steam.dedicatedServer.openFirewall | Open ports in the firewall for Source Dedicated Server.
|
| services.silverbullet.enable | Whether to enable Silverbullet, an open-source, self-hosted, offline-capable Personal Knowledge Management (PKM) web application.
|
| services.syncoid.commands.<name>.localSourceAllow | Permissions granted for the services.syncoid.user user
for local source datasets
|
| services.znapzend.features.oracleMode | Whether to enable destroying snapshots one by one instead of using one long argument list
|
| services.shadowsocks.extraConfig | Additional configuration for shadowsocks that is not covered by the
provided options
|
| services.hostapd.radios.<name>.settings | Extra configuration options to put at the end of global initialization, before defining BSSs
|
| services.hedgedoc.settings.allowGravatar | Whether to enable Libravatar as
profile picture source on your instance
|
| services.pid-fan-controller.settings.heatSources.*.name | Name of the heat source.
|
| services.firezone.server.provision.accounts.<name>.features.multi_site_resources | Whether to enable the multi_site_resources feature for this account.
|
| networking.jool.enable | Whether to enable Jool, an Open Source implementation of IPv4/IPv6
translation on Linux
|
| services.suwayomi-server.settings.server.localSourcePath | Path to the local source folder.
|
| services.znapzend.features.sendRaw | Whether to enable sendRaw feature which adds the options -w to the
zfs send command
|
| services.znapzend.zetup.<name>.plan | The znapzend backup plan to use for the source
|
| boot.loader.grub.extraGrubInstallArgs | Additional arguments passed to grub-install
|
| systemd.sysupdate.reboot.enable | Whether to automatically reboot after an update
|
| documentation.man.man-db.manualPages | The manual pages to generate caches for if documentation.man.generateCaches
is enabled
|
| boot.kernelPatches | A list of additional patches to apply to the kernel
|
| services.victoriatraces.enable | Whether to enable VictoriaTraces is an open source distributed traces storage and query engine from VictoriaMetrics.
|
| boot.loader.grub.memtest86.params | Parameters added to the Memtest86+ command line
|
| services.thanos.query.query.auto-downsampling | Enable automatic adjustment (step / 5) to what source of data should
be used in store gateways if no
max_source_resolution param is specified.
|
| services.netbird.clients.<name>.config | Additional configuration that exists before the first start and
later overrides the existing values in config.json
|
| services.netbird.tunnels.<name>.config | Additional configuration that exists before the first start and
later overrides the existing values in config.json
|
| networking.firewall.checkReversePath | Performs a reverse path filter test on a packet
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.per_cpu_sas | Enable per-CPU CHILD_SAs
|
| services.guix.substituters.authorizedKeys | A list of signing keys for each substitute server to be authorized as
a source of substitutes
|
| services.firezone.server.provision.accounts | All accounts to provision
|
| services.hostapd.radios.<name>.networks.<name>.settings | Extra configuration options to put at the end of this BSS's defintion in the
hostapd.conf for the associated interface
|
| virtualisation.credentials.<name>.text | Text content of the credential
|
| virtualisation.fileSystems.<name>.device | The device as passed to mount
|
| services.jellyfin.forceEncodingConfig | Whether to overwrite Jellyfin's encoding.xml configuration file on each service start
|
| services.warpgate.settings.config_provider | Source of truth of users
|
| services.prometheus.alertmanagerIrcRelay.settings | Configuration for Alertmanager IRC Relay as a Nix attribute set
|
| services.znapzend.zetup.<name>.destinations.<name>.plan | The znapzend backup plan to use for the source
|
| services.prometheus.scrapeConfigs.*.relabel_configs.*.modulus | Modulus to take of the hash of the source label values.
|
| services.xserver.windowManager.xmonad.config | Configuration from which XMonad gets compiled
|
| services.prometheus.scrapeConfigs.*.relabel_configs.*.separator | Separator placed between concatenated source label values
|
| services.nixseparatedebuginfod.enable | Whether to enable separatedebuginfod, a debuginfod server providing source and debuginfo for nix packages.
|
| services.nixseparatedebuginfod2.enable | Whether to enable nixseparatedebuginfod2, a debuginfod server providing source and debuginfo for nix packages.
|
| services.strongswan-swanctl.swanctl.connections.<name>.remote_addrs | Remote address(es) to use for IKE communication
|
| services.prometheus.remoteWrite.*.write_relabel_configs.*.modulus | Modulus to take of the hash of the source label values.
|
| services.prometheus.remoteWrite.*.write_relabel_configs.*.separator | Separator placed between concatenated source label values
|
| services.prometheus.scrapeConfigs.*.metric_relabel_configs.*.modulus | Modulus to take of the hash of the source label values.
|