| services.monica.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.opencloud.url | Web interface root public URL, including scheme and port (if non-default).
|
| services.neo4j.bolt.enable | Enable the BOLT connector for Neo4j
|
| services.home-assistant.defaultIntegrations | List of integrations set are always set up, unless in recovery mode.
|
| services.bookstack.nginx.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.libinput.mouse.accelProfile | Sets the pointer acceleration profile to the given profile
|
| fonts.fontconfig.allowType1 | Allow Type-1 fonts
|
| services.hadoop.hbaseSiteDefault | Default options for hbase-site.xml
|
| services.bluemap.maps | Settings for files in maps/
|
| programs.htop.settings | Extra global default configuration for htop
which is read on first startup only
|
| hardware.deviceTree.dtbSource | Path to dtb directory that overlays and other processing will be applied to
|
| programs.nix-ld.libraries | Libraries that automatically become available to all programs
|
| services.dolibarr.h2o.http.port | Override the default HTTP port for this virtual host.
|
| services.matrix-tuwunel.user | The user tuwunel is run as
|
| services.prosody.user | User account under which prosody runs.
If left as the default value this user will automatically be created
on system activation, otherwise you are responsible for
ensuring the user exists before the prosody service starts.
|
| services.sympa.database.user | Database user
|
| services.searx.runInUwsgi | Whether to run searx in uWSGI as a "vassal", instead of using its
built-in HTTP server
|
| services.caddy.dataDir | The data directory for caddy.
If left as the default value this directory will automatically be created
before the Caddy server starts, otherwise you are responsible for ensuring
the directory exists with appropriate ownership and permissions
|
| hardware.graphics.package | The package that provides the default driver set.
|
| services.amule.settings | Free form attribute set for aMule settings
|
| services.tt-rss.database.port | The database's port
|
| networking.wlanInterfaces | Creating multiple WLAN interfaces on top of one physical WLAN device (NIC)
|
| security.doas.extraRules.*.cmd | The command the user is allowed to run
|
| services.couchdb.viewIndexDir | Specifies location of CouchDB view index files
|
| services.galene.stateDir | The directory where Galene stores its internal state
|
| programs.pay-respects.alias | pay-respects needs an alias to be configured
|
| services.cinnamon.apps.enable | Whether to enable Cinnamon default applications.
|
| services.fail2ban.enable | Whether to enable the fail2ban service
|
| boot.tmp.zramSettings.options | By default, file systems and swap areas are trimmed on-the-go
by setting "discard"
|
| services.btrbk.instances | Set of btrbk instances
|
| boot.initrd.luks.devices.<name>.gpgCard | The option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard
|
| services.airsonic.maxMemory | The memory limit (max Java heap size) in megabytes
|
| services.pantheon.apps.enable | Whether to enable Pantheon default applications.
|
| services.subsonic.maxMemory | The memory limit (max Java heap size) in megabytes
|
| services.neo4j.https.enable | Enable the HTTPS connector for Neo4j
|
| services.mealie.settings | Configuration of the Mealie service
|
| services.sanoid.interval | Run sanoid at this interval
|
| services.znapzend.logLevel | The log level when logging to file
|
| services.anubis.defaultOptions.settings.DIFFICULTY | The difficulty required for clients to solve the challenge
|
| services.jirafeau.nginxConfig.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.misskey.reverseProxy.webserver.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| services.postfix.relayDomains | List of domains we agree to relay to
|
| security.pam.mount.debugLevel | Sets the Debug-Level. 0 disables debugging, 1 enables pam_mount tracing,
and 2 additionally enables tracing in mount.crypt
|
| programs.neovim.enable | Whether to enable Neovim
|
| networking.proxy.noProxy | This option specifies the no_proxy environment variable
|
| services.kubo.enable | Whether to enable the Interplanetary File System (WARNING: may cause severe network degradation)
|
| services.matrix-tuwunel.group | The group tuwunel is run as
|
| services.opencloud.group | The group to run OpenCloud under
|
| services.nylon.<name>.verbosity | Enable verbose output, default is to not be verbose.
|
| services.outline.forceHttps | Auto-redirect to HTTPS in production
|
| services.samba-wsdd.workgroup | Set workgroup name (default WORKGROUP).
|
| services.prosody.group | Group account under which prosody runs.
If left as the default value this group will automatically be created
on system activation, otherwise you are responsible for
ensuring the group exists before the prosody service starts.
|
| services.nginx.gitweb.virtualHost | VirtualHost to serve gitweb on
|
| services.snowflake-proxy.stun | STUN broker URL (default "stun:stun.stunprotocol.org:3478")
|
| services.syncthing.group | The group to run Syncthing under
|
| system.autoUpgrade.channel | The URI of the NixOS channel to use for automatic
upgrades
|
| systemd.units.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.paths.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.mounts.*.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.xrdp.extraConfDirCommands | Extra commands to run on the default confDir derivation.
|
| services.zammad.database.port | Database port
|
| security.acme.defaults.validMinDays | Minimum remaining validity before renewal in days.
|
| services.getty.greetingLine | Welcome line printed by agetty
|
| services.hadoop.mapredSiteDefault | Default options for mapred-site.xml
|
| services.graylog.rootUsername | Name of the default administrator user
|
| services.prosody.dataDir | The prosody home directory used to store all data
|
| services.oauth2-proxy.loginURL | Authentication endpoint
|
| services.mailman.webSettings | Overrides for the default mailman-web Django settings.
|
| services.minetest-server.port | Port number to bind to
|
| services.mpd.openFirewall | Open ports in the firewall for mpd
|
| services.owncast.dataDir | The directory where owncast stores its data files
|
| services.xandikos.address | The IP address on which Xandikos will listen
|
| services.zapret.httpMode | By default this service only changes the first packet sent, which is enough in most cases
|
| services.kubernetes.caFile | Default kubernetes certificate authority
|
| services.anubis.defaultOptions.settings.METRICS_BIND_NETWORK | The network family that the metrics server should bind to
|
| services.anubis.defaultOptions.settings.WEBMASTER_EMAIL | If set, shows a contact email address when rendering error pages
|
| services.prometheus.exporters.ecoflow.prefix | The prefix that will be added to all metrics
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.key | Path to certificate private key (PEM with private key)
|
| <imports = [ pkgs.ghostunnel.services.default ]>.ghostunnel.cert | Path to certificate (PEM with certificate chain)
|
| services.freshrss.language | Default language for FreshRSS.
|
| services.cyrus-imap.listenQueue | Socket listen queue backlog size
|
| hardware.bluetooth.powerOnBoot | Whether to power up the default Bluetooth controller on boot.
|
| services.coturn.realm | The default realm to be used for the users when no explicit
origin/realm relationship was found in the database, or if the TURN
server is not using any database (just the commands-line settings
and the userdb file)
|
| programs.sway.enable | Whether to enable Sway, the i3-compatible tiling Wayland compositor
|
| services.trickster.log-level | Level of Logging to use (debug, info, warn, error) (default "info").
|
| services.opencloud.user | The user to run OpenCloud as
|
| services.marytts.settings | Settings for MaryTTS
|
| services.vmagent.openFirewall | Whether to open the firewall for the default ports.
|
| services.vlagent.openFirewall | Whether to open the firewall for the default ports.
|
| services.strongswan-swanctl.swanctl.connections.<name>.local_port | Local UDP port for IKE communication
|
| services.grafana.settings.users.default_theme | Sets the default UI theme. system matches the user's system theme.
|
| services.snapserver.codec | Default audio compression method.
|
| services.forgejo.customDir | Base directory for custom templates and other options
|
| security.doas.extraRules.*.runAs | Which user or group the specified command is allowed to run as
|
| services.dolibarr.user | User account under which dolibarr runs.
If left as the default value this user will automatically be created
on system activation, otherwise you are responsible for
ensuring the user exists before the dolibarr application starts.
|
| services.factorio.saveName | The name of the savegame that will be used by the server
|
| security.acme.defaults.keyType | Key type to use for private keys
|
| services.asterisk.extraConfig | Extra configuration options appended to the default
asterisk.conf file.
|
| security.duosec.failmode | On service or configuration errors that prevent Duo
authentication, fail "safe" (allow access) or "secure" (deny
access)
|