| hardware.ubertooth.group | Group for Ubertooth's udev rules.
|
| programs.minipro.enable | Whether to enable minipro and its udev rules
|
| services.pantalaimon-headless.instances.<name>.homeserver | The URI of the homeserver that the pantalaimon proxy should
forward requests to, without the matrix API path but including
the http(s) schema.
|
| services.firezone.headless-client.name | The name of this client as shown in firezone
|
| services.keycloak.database.name | Database name to use when connecting to an external or
manually provisioned database; has no effect when a local
database is automatically provisioned
|
| services.usbguard.deviceRulesWithPort | Generate device specific rules including the "via-port" attribute.
|
| services.prometheus.remoteRead.*.name | Name of the remote read config, which if specified must be unique among remote read configs
|
| services.rauc.slots.<name>.*.device | The device to update.
|
| boot.initrd.services.udev.binPackages | This will only be used when systemd is used in stage 1.
Packages to search for binaries that are referenced by the udev rules in stage 1
|
| services.mysql.initialDatabases.*.name | The name of the database to create.
|
| services.i2pd.inTunnels.<name>.address | Bind address for ‹name› endpoint.
|
| services.nix-store-gcs-proxy.<name>.bucketName | Name of Google storage bucket
|
| nix.firewall.allowLoopback | Whether to allow traffic on the loopback interface
|
| services.hostapd.radios.<name>.networks.<name>.group | Members of this group can access the control socket for this interface.
|
| services.buildkite-agents.<name>.hooksPath | Path to the directory storing the hooks
|
| services.pretalx.settings.database.name | Database name.
|
| networking.vswitches.<name>.interfaces.<name>.name | Name of the interface
|
| power.ups.ups.<name>.driver | Specify the program to run to talk to this UPS. apcsmart,
bestups, and sec are some examples.
|
| services.pppd.peers.<name>.enable | Whether to enable this PPP peer.
|
| services.tts.servers.<name>.port | Port to bind the TTS server to.
|
| services.phpfpm.pools.<name>.user | User account under which this pool runs.
|
| services.github-runners.<name>.replace | Replace any existing runner with the same name
|
| services.tahoe.nodes.<name>.tub.port | The port on which the tub will listen
|
| services.tahoe.nodes.<name>.web.port | The port on which the Web server will listen
|
| services.nginx.proxyCachePath.<name>.keysZoneName | Set name to shared memory zone.
|
| services.grafana.settings.database.name | The name of the Grafana database.
|
| services.hostapd.radios.<name>.networks.<name>.utf8Ssid | Whether the SSID is to be interpreted using UTF-8 encoding.
|
| hardware.rtl-sdr.enable | Enables rtl-sdr udev rules, ensures 'plugdev' group exists, and blacklists DVB kernel modules
|
| services.bind.zones.<name>.master | Master=false means slave server
|
| services.bind.zones.<name>.slaves | Addresses who may request zone transfers.
|
| services.nsd.zones.<name>.minRetrySecs | Limit retry time for secondary zones.
|
| services.rauc.slots.<name>.*.enable | Whether to enable this RAUC slot.
|
| services.shorewall.enable | Whether to enable Shorewall IPv4 Firewall.
Enabling this service WILL disable the existing NixOS
firewall! Default firewall rules provided by packages are not
considered at the moment.
|
| services.i2pd.outTunnels.<name>.address | Bind address for ‹name› endpoint.
|
| services.peertube-runner.instancesToRegister.<name>.runnerDescription | Runner description declared to the PeerTube instance.
|
| services.nylon.<name>.enable | Enables nylon as a running service upon activation.
|
| services.filesender.database.name | Database name.
|
| services.limesurvey.database.name | Database name.
|
| services.zoneminder.database.name | Name of database.
|
| services.phpfpm.pools.<name>.phpEnv | Environment variables used for this PHP-FPM pool.
|
| services.cgit.<name>.package | The cgit package to use.
|
| services.geth.<name>.package | The geth package to use.
|
| services.uhub.<name>.plugins | Uhub plugin configuration.
|
| services.prometheus.remoteWrite.*.name | Name of the remote write config, which if specified must be unique among remote write configs
|
| services.szurubooru.database.name | Name of the PostgreSQL database.
|
| services.linkwarden.database.name | The name of the Linkwarden database.
|
| services.btrbk.instances.<name>.settings.stream_compress | Compress the btrfs send stream before transferring it from/to remote locations using a
compression command.
|
| services.bacula-sd.director.<name>.tls.verifyPeer | Verify peer certificate
|
| services.bacula-fd.director.<name>.tls.verifyPeer | Verify peer certificate
|
| services.postgresql.ensureUsers.*.name | Name of the user to ensure.
|
| services.mattermost.database.name | Local Mattermost database name.
|
| users.extraUsers.<name>.home | The user's home directory.
|
| hardware.sata.timeout.drives.*.name | Drive name without the full path.
|
| services.pgbackrest.stanzas.<name>.jobs.<name>.type | Backup type as described in:
https://pgbackrest.org/command.html#command-backup/category-command/option-type
|
| nix.firewall.extraNftablesRules | Extra nftables rules to prepend to the generated ones
|
| services.easytier.instances.<name>.settings.network_secret | EasyTier network credential used for verification and
encryption
|
| services.i2pd.inTunnels.<name>.type | Tunnel type.
|
| services.rke2.manifests.<name>.target | Name of the symlink (relative to /var/lib/rancher/rke2/server/manifests)
|
| services.homebridge.uiSettings.name | Name of the homebridge UI platform
|
| users.extraUsers.<name>.homeMode | The user's home directory mode in numeric format
|
| services.iodine.clients | Each attribute of this option defines a systemd service that
runs iodine
|
| services.epgstation.database.name | Name of the MySQL database that holds EPGStation's data.
|
| services.metricbeat.settings.name | Name of the beat
|
| services.earlyoom.killHook | An absolute path to an executable to be run for each process killed
|
| services.tinc.networks.<name>.hostSettings | The name of the host in the network as well as the configuration for that host
|
| services.netbird.tunnels.<name>.user.group | A system group name for this client instance.
|
| services.netbird.clients.<name>.user.group | A system group name for this client instance.
|
| services.pppd.peers.<name>.config | pppd configuration for this peer, see the pppd(8) man page.
|
| services.nginx.virtualHosts.<name>.locations.<name>.root | Root directory for requests.
|
| services.netbird.tunnels.<name>.dir.baseName | A systemd service name to use (without .service suffix).
|
| services.netbird.clients.<name>.dir.baseName | A systemd service name to use (without .service suffix).
|
| programs.flashrom.enable | Installs flashrom and configures udev rules for programmers
used by flashrom
|
| services.quicktun.<name>.privateKey | Local secret key in hexadecimal form.
This option is deprecated
|
| services.i2pd.outTunnels.<name>.type | Tunnel type.
|
| services.rspamd.locals.<name>.text | Text of the file.
|
| services.i2pd.inTunnels.<name>.keys | Keyset used for tunnel identity.
|
| services.phpfpm.pools.<name>.group | Group account under which this pool runs.
|
| programs.regreet.cursorTheme.name | Name of the cursor theme to use for regreet.
|
| services.geth.<name>.metrics.port | Port number of Go Ethereum metrics service.
|
| services.geth.<name>.http.address | Listen address of Go Ethereum HTTP API.
|
| services.autorandr.profiles.<name>.config.<name>.dpi | Output DPI configuration.
|
| services.mautrix-meta.instances | Configuration of multiple mautrix-meta instances.
services.mautrix-meta.instances.facebook and services.mautrix-meta.instances.instagram
come preconfigured with network.mode, appservice.id, bot username, display name and avatar.
|
| services.geth.<name>.network | The network to connect to
|
| hardware.ubertooth.enable | Whether to enable Ubertooth software and its udev rules.
|
| boot.initrd.services.udev.packages | This will only be used when systemd is used in stage 1.
List of packages containing udev rules that will be copied to stage 1
|
| users.extraUsers.<name>.uid | The account UID
|
| services.geth.<name>.authrpc.port | Port number of Go Ethereum Auth RPC API.
|
| services.tts.servers.<name>.useCuda | Whether to offload computation onto a CUDA compatible GPU.
|
| services.h2o.hosts.<name>.tls.policy | add will additionally listen for TLS connections. only will
disable TLS connections. force will redirect non-TLS traffic
to the TLS connection.
|
| services.suricata.settings.rule-files | Files to load suricata-update managed rules, relative to 'default-rule-path'.
|
| services.autorandr.profiles.<name>.config.<name>.mode | Output resolution.
|
| services.autorandr.profiles.<name>.config.<name>.rate | Output framerate.
|
| services.netbird.clients.<name>.bin.suffix | A system group name for this client instance.
|
| services.netbird.tunnels.<name>.bin.suffix | A system group name for this client instance.
|
| services.rsync.jobs.<name>.sources | Source directories.
|
| services.thanos.query.grpc-client-server-name | Server name to verify the hostname on the returned gRPC certificates
|
| services.i2pd.outTunnels.<name>.keys | Keyset used for tunnel identity.
|
| services.webhook.hooks.<name>.id | The ID of your hook
|
| programs.quark-goldleaf.enable | Whether to enable quark-goldleaf with udev rules applied.
|
| services.postfix.masterConfig.<name>.command | A program name specifying a Postfix service/daemon process
|