| services.hydra.debugServer | Whether to run the server in debug mode.
|
| boot.loader.limine.efiSupport | Whether or not to install the limine EFI files.
|
| nix.buildMachines.*.mandatoryFeatures | A list of features mandatory for this builder
|
| services.factorio.stateDirName | Name of the directory under /var/lib holding the server's data
|
| services.artalk.allowModify | allow Artalk store the settings to config file persistently
|
| services.hqplayerd.config | HQplayer daemon configuration, written to /etc/hqplayer/hqplayerd.xml
|
| services.firezone.gateway.name | The name of this gateway as shown in firezone
|
| services.influxdb.dataDir | Data directory for influxd data files.
|
| networking.hosts | Locally defined maps of hostnames to IP addresses.
|
| services.cadvisor.port | Cadvisor listening port
|
| services.dependency-track.oidc.clientId | Defines the client ID for OpenID Connect.
|
| services.echoip.enable | Whether to enable echoip.
|
| services.dump1090-fa.package | The dump1090-fa package to use.
|
| services.heisenbridge.address | Address to listen on
|
| programs.benchexec.package | The benchexec package to use.
|
| services.dnsmasq.package | The dnsmasq package to use.
|
| services.fluentd.package | The fluentd package to use.
|
| services.aria2.settings.rpc-listen-port | Specify a port number for JSON-RPC/XML-RPC server to listen to
|
| services.db-rest.redis.user | Optional username used for authentication with redis.
|
| services.asusd.profileConfig.text | Text of the file.
|
| programs.cnping.enable | Whether to enable a setcap wrapper for cnping.
|
| security.polkit.extraConfig | Any polkit rules to be added to config (in JavaScript ;-)
|
| services.journalbeat.name | Name of the beat
|
| hardware.nvidia-container-toolkit.enable | Enable dynamic CDI configuration for Nvidia devices by running
nvidia-container-toolkit on boot.
|
| nix.gc.options | Options given to nix-collect-garbage when the garbage collector is run automatically.
|
| services.dnsmasq.enable | Whether to run dnsmasq.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.writeBuckets | The organization's buckets which should be allowed to be written
|
| services.journald.upload.settings.Upload.ServerCertificateFile | SSL CA certificate in PEM format
|
| services.displayManager.lemurs.settings | Configuration for lemurs, provided as a Nix attribute set and automatically
serialized to TOML
|
| services.libretranslate.threads | Set number of threads.
|
| services.dovecot2.user | Dovecot user name.
|
| programs.chromium.plasmaBrowserIntegrationPackage | The plasma-browser-integration package to use.
|
| services.dae.enable | Whether to enable dae, a Linux high-performance transparent proxy solution based on eBPF.
|
| programs.zsh.zsh-autoenv.package | The zsh-autoenv package to use.
|
| services.forgejo.repositoryRoot | Path to the git repositories.
|
| security.acme.defaults.extraLegoRunFlags | Additional flags to pass to lego run.
|
| services.glitchtip.stateDir | State directory of glitchtip.
|
| boot.loader.systemd-boot.netbootxyz.enable | Make netboot.xyz available from the
systemd-boot menu. netboot.xyz
is a menu system that allows you to boot OS installers and
utilities over the network.
|
| services.gancio.settings.log_path | Directory Gancio logs into
|
| services.crowdsec-firewall-bouncer.settings.api_url | URL of the local API.
|
| programs.regreet.cursorTheme.package | The package that provides the cursor theme given in the name option.
|
| services.atuin.package | The atuin package to use.
|
| boot.loader.limine.panicOnChecksumMismatch | Whether or not checksum validation failure should be a fatal
error at boot time.
|
| services.buildbot-master.configurators | Configurator Steps, see https://docs.buildbot.net/latest/manual/configuration/configurators.html
|
| services.gnunet.load.maxNetUpBandwidth | Maximum bandwidth usage (in bits per second) for GNUnet
when downloading data.
|
| services.crowdsec.package | The crowdsec package to use.
|
| services.anuko-time-tracker.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| security.krb5.enable | Enable and configure Kerberos utilities
|
| services.infinoted.package | The libinfinity package to use.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| programs.spacefm.settings | The system-wide spacefm configuration
|
| services.bookstack.nginx.kTLS | Whether to enable kTLS support
|
| services.gotenberg.enable | Whether to enable Gotenberg, a stateless API for PDF files.
|
| services.diod.userdb | This option disables password/group lookups
|
| services.druid.overlord.jdk | The JDK package to use.
|
| services.ddclient.username | User name.
|
| hardware.cpu.x86.msr.mode | Mode to set for devices of the msr kernel subsystem.
|
| programs.yazi.enable | Whether to enable yazi terminal file manager.
|
| services.kthxbye.enable | Whether to enable kthxbye alert acknowledgement management daemon.
|
| services.dgraph.settings | Contents of the dgraph config
|
| services.botamusique.enable | Whether to enable botamusique, a bot to play audio streams on mumble.
|
| services.cjdns.UDPInterface.connectTo.<name>.publicKey | Public key at the opposite end of the tunnel.
|
| services.librenms.nginx.extraConfig | These lines go to the end of the vhost verbatim.
|
| services.akkoma.group | Group account under which Akkoma runs.
|
| services.inadyn.settings.provider.<name>.username | Username for this DDNS provider.
|
| boot.loader.refind.extraConfig | A string which is prepended to refind.conf.
|
| services.keter.globalKeterConfig.listeners | You want that ip-from-header in
the nginx setup case
|
| hardware.infiniband.enable | Whether to enable Infiniband support.
|
| services.howdy.enable | Whether to enable Howdy and its PAM module for face recognition
|
| networking.wireguard.interfaces.<name>.peers.*.presharedKey | Base64 preshared key generated by wg genpsk
|
| services.gitea.package | The gitea package to use.
|
| services.gotenberg.rootPath | Root path for the Gotenberg API.
|
| services.athens.statsExporter | Stats exporter to use.
|
| services.cntlm.enable | Whether to enable cntlm, which starts a local proxy.
|
| services.geoclue2.enableModemGPS | Whether to enable Modem-GPS source.
|
| programs.idescriptor.users | Users to be added to the idevice group.
|
| security.pam.loginLimits.*.value | Value of this limit
|
| services.bookstack.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.jellyfin.transcoding.hardwareDecodingCodecs.vp9 | Enable hardware decoding for vp9 codec.
|
| hardware.printers.ensurePrinters.*.model | Location of the ppd driver file for the printer.
lpinfo -m shows a list of supported models.
|
| services.gocd-agent.environment | Additional environment variables to be passed to the Go
|
| services.aerospike.workDir | Location where Aerospike stores its files
|
| environment.etc.<name>.text | Text of the file.
|
| services.discourse.admin.passwordFile | A path to a file containing the admin user's password
|
| services.atticd.package | The attic-server package to use.
|
| networking.interfaces.<name>.macAddress | MAC address of the interface
|
| power.ups.users.<name>.actions | Allow the user to do certain things with upsd
|
| services.agorakit.database.name | Database name.
|
| services.cpuminer-cryptonight.pass | Password for mining server
|
| services.deconz.extraArgs | Extra command line arguments for deCONZ, see
https://github.com/dresden-elektronik/deconz-rest-plugin/wiki/deCONZ-command-line-parameters.
|
| services.grafana.settings.analytics.feedback_links_enabled | Set to false to remove all feedback links from the UI.
|
| services.actual.settings.hostname | The address to listen on
|
| services.code-server.hashedPassword | Create the password with: echo -n 'thisismypassword' | nix run nixpkgs#libargon2 -- "$(head -c 20 /dev/random | base64)" -e
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.label | Each address may be tagged with a label string
|
| environment.extraSetup | Shell fragments to be run after the system environment has been created
|
| boot.initrd.network.ssh.port | Port on which SSH initrd service should listen.
|
| services.honk.extraCSS | An extra CSS file to be loaded by the client.
|
| networking.ifstate.settings | Content of IfState's configuration file
|
| security.pam.services.<name>.gnupg.enable | If enabled, pam_gnupg will attempt to automatically unlock the
user's GPG keys with the login password via
gpg-agent
|
| hardware.fw-fanctrl.package | The fw-fanctrl package to use.
|