| programs.direnv.enableZshIntegration | Whether to enable Zsh integration
.
|
| programs.neovim.enable | Whether to enable Neovim
|
| services.bitwarden-directory-connector-cli.ldap | Options to configure the LDAP connection
|
| services.bitwarden-directory-connector-cli.sync | Options to configure what gets synced
|
| services.longview.apacheStatusUrl | The Apache status page URL
|
| services.dnsmasq.alwaysKeepRunning | If enabled, systemd will always respawn dnsmasq even if shut down manually
|
| services.openssh.generateHostKeys | Whether to generate SSH host keys
|
| boot.loader.systemd-boot.editor | Whether to allow editing the kernel command-line before
boot
|
| services.bitwarden-directory-connector-cli.sync.groupFilter | LDAP filter for groups.
|
| services.borgmatic.settings.source_directories | List of source directories and files to backup
|
| hardware.sane.brscan4.enable | When enabled, will automatically register the "brscan4" sane
backend and bring configuration files to their expected location.
|
| i18n.inputMethod.ibus.engines | Enabled IBus engines
|
| services.bitwarden-directory-connector-cli.secrets.ldap | Path to file that contains LDAP password for user in {option}`ldap.username
|
| services.bitwarden-directory-connector-cli.sync.largeImport | Enable if you are syncing more than 2000 users/groups.
|
| services.bitwarden-directory-connector-cli.sync.emailSuffix | Suffix for the email, normally @example.com.
|
| services.suricata.settings.logging.stacktrace-on-signal | Requires libunwind to be available when Suricata is configured and built
|
| programs.direnv.enableFishIntegration | Whether to enable Fish integration
.
|
| programs.direnv.enableBashIntegration | Whether to enable Bash integration
.
|
| services.anuko-time-tracker.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.bitwarden-directory-connector-cli.ldap.pagedSearch | Whether the LDAP server paginates search results.
|
| services.vsftpd.virtualUseLocalPrivs | If enabled, virtual users will use the same privileges as local
users
|
| services.oink.domains | List of attribute sets containing configuration for each domain
|
| boot.zfs.forceImportRoot | Forcibly import the ZFS root pool(s) during early boot
|
| systemd.network.links.<name>.enable | Whether to enable this .link unit
|
| users.ldap.daemon.enable | Whether to let the nslcd daemon (nss-pam-ldapd) handle the
LDAP lookups for NSS and PAM
|
| services.thinkfan.sensors.*.type | The sensor type, can be
hwmon for standard sensors,
atasmart to read the temperature via
S
|
| services.minecraft-server.enable | If enabled, start a Minecraft Server
|
| services.pipewire.systemWide | If true, a system-wide PipeWire service and socket is enabled
allowing all users in the "pipewire" group to use it simultaneously
|
| services.bitwarden-directory-connector-cli.ldap.username | The user to authenticate as.
|
| services.plausible.mail.smtp.passwordFile | The path to the file with the password in case SMTP auth is enabled.
|
| services.bitwarden-directory-connector-cli.package | The bitwarden-directory-connector-cli package to use.
|
| system.nssDatabases.hosts | List of hosts entries to configure in /etc/nsswitch.conf
|
| services.bitwarden-directory-connector-cli.sync.userObjectClass | Class that users must have.
|
| services.bitwarden-directory-connector-cli.ldap.hostname | The host the LDAP is accessible on.
|
| services.wstunnel.clients.<name>.addNetBind | Whether to enable Whether add CAP_NET_BIND_SERVICE to the tunnel service, this should be enabled if you want to bind port < 1024.
|
| services.zabbixWeb.nginx.virtualHost.http2 | Whether to enable the HTTP/2 protocol
|
| security.pam.ussh.enable | Enables Uber's USSH PAM (pam-ussh) module
|
| networking.nftables.enable | Whether to enable nftables and use nftables based firewall if enabled.
nftables is a Linux-based packet filtering framework intended to
replace frameworks like iptables
|
| services.sabnzbd.settings.servers.<name>.expire_date | If Notifications are enabled and an expiry date is
set, warn 5 days before expiry
|
| services.bookstack.nginx.http2 | Whether to enable the HTTP/2 protocol
|
| services.invidious.nginx.enable | Whether to configure nginx as a reverse proxy for Invidious
|
| security.auditd.plugins.<name>.direction | The option is dictated by the plugin
|
| system.nssDatabases.shadow | List of shadow entries to configure in /etc/nsswitch.conf
|
| programs.direnv.enableXonshIntegration | Whether to enable Xonsh integration
.
|
| services.davis.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.davis.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.slskd.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.movim.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.movim.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.slskd.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.dovecot2.protocols | Additional listeners to start when Dovecot is enabled.
|
| services.nomad.extraSettingsPlugins | Additional plugins dir used to configure nomad.
|
| virtualisation.writableStore | If enabled, the Nix store in the VM is made writable by
layering an overlay filesystem on top of the host's Nix
store
|
| services.znc.useLegacyConfig | Whether to propagate the legacy options under
services.znc.confOptions.* to the znc config
|
| services.udisks2.mountOnMedia | When enabled, instructs udisks2 to mount removable drives under /media/ directory, instead of the
default, ACL-controlled /run/media/$USER/
|
| services.cloudlog.update-lotw-users.enable | Whether to periodically update the list of LoTW users
|
| services.bitwarden-directory-connector-cli.sync.groupObjectClass | A class that groups will have.
|
| services.znc.config | Configuration for ZNC, see
https://wiki.znc.in/Configuration for details
|
| services.opensearch.settings."plugins.security.disabled" | Whether to enable the security plugin,
plugins.security.ssl.transport.keystore_filepath or
plugins.security.ssl.transport.server.pemcert_filepath and
plugins.security.ssl.transport.client.pemcert_filepath
must be set for this plugin to be enabled.
|
| services.hostapd.radios.<name>.wifi4.enable | Enables support for IEEE 802.11n (WiFi 4, HT)
|
| services.postgresql.initdbArgs | Additional arguments passed to initdb during data dir
initialisation.
|
| services.snipe-it.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.snipe-it.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.part-db.enablePostgresql | Whether to configure the postgresql database for part-db
|
| programs.vscode.defaultEditor | When enabled, configures VSCode to be the default editor
using the EDITOR environment variable.
|
| services.anubis.instances.<name>.settings.METRICS_BIND | The address Anubis' metrics server listens to
|
| services.matrix-synapse.extras | Explicitly install extras provided by matrix-synapse
|
| services.broadcast-box.web.openFirewall | Whether to enable opening the HTTP server port and, if enabled, the HTTPS redirect server
port in the firewall.
.
|
| services.libinput.mouse.tappingDragLock | Enables or disables drag lock during tapping behavior
|
| services.easytier.allowSystemForward | Whether to enable Allow the system to forward packets from easytier
|
| services.rke2.cisHardening | Enable CIS Hardening for RKE2
|
| services.traefik.dynamic.files | Dynamic configuration files to write
|
| services.akkoma.config.":pleroma".":instance".static_dir | Directory of static files
|
| services.bitwarden-directory-connector-cli.interval | The interval when to run the connector
|
| services.privatebin.virtualHost | The hostname at which you wish privatebin to be served
|
| services.jirafeau.nginxConfig.http2 | Whether to enable the HTTP/2 protocol
|
| programs.neovim.defaultEditor | When enabled, installs neovim and configures neovim to be the default editor
using the EDITOR environment variable.
|
| services.sabnzbd.secretFiles | Path to a list of ini file containing confidential settings such as credentials
|
| hardware.nvidia.prime.reverseSync.enable | Whether to enable NVIDIA Optimus support using the NVIDIA proprietary driver via reverse
PRIME
|
| services.libinput.touchpad.sendEventsMode | Sets the send events mode to disabled, enabled,
or disabled-on-external-mouse
|
| services.nghttpx.frontends.*.params.tls | Enable or disable TLS
|
| services.gancio.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.akkoma.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.akkoma.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.fluidd.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.fluidd.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.gancio.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.matomo.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.matomo.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.monica.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.monica.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.akkoma.initSecrets | Whether to initialise non‐existent secrets with random values
|
| services.nginx.virtualHosts.<name>.http2 | Whether to enable the HTTP/2 protocol
|
| services.netbird.clients.<name>.dns-resolver.port | A port to serve DNS entries on when dns-resolver.address is enabled.
|
| services.netbird.tunnels.<name>.dns-resolver.port | A port to serve DNS entries on when dns-resolver.address is enabled.
|
| services.fedimintd.<name>.dataDir | Path to the data dir fedimintd will use to store its data
|
| boot.initrd.network.enable | Add network connectivity support to initrd
|
| services.slurm.enableSrunX11 | If enabled srun will accept the option "--x11" to allow for X11 forwarding
from within an interactive session or a batch job
|
| programs.fish.useBabelfish | If enabled, the configured environment will be translated to native fish using babelfish
|
| services.nextcloud.extraAppsEnable | Automatically enable the apps in services.nextcloud.extraApps every time Nextcloud starts
|