| services.httpd.virtualHosts.<name>.listen.*.ip | IP to listen on. 0.0.0.0 for IPv4 only, * for all.
|
| services.i2pd.websocket.enable | Whether to enable websockets.
|
| boot.loader.grub.gfxmodeEfi | The gfxmode to pass to GRUB when loading a graphical boot interface under EFI.
|
| boot.loader.systemd-boot.consoleMode | The resolution of the console
|
| security.acme.certs.<name>.renewInterval | Systemd calendar expression when to check for renewal
|
| programs.steam.protontricks.package | The protontricks package to use.
|
| security.duosec.allowTcpForwarding | By default, when SSH forwarding, enabling Duo Security will
disable TCP forwarding
|
| services.bitwarden-directory-connector-cli.sync.groups | Whether to sync ldap groups into BitWarden.
|
| services.grafana.settings.users.viewers_can_edit | Viewers can access and use Explore and perform temporary edits on panels in dashboards they have access to
|
| networking.timeServers | The set of NTP servers from which to synchronise.
|
| hardware.bumblebee.connectDisplay | Set to true if you intend to connect your discrete card to a
monitor
|
| i18n.defaultLocale | The default locale
|
| programs.openvpn3.netcfg | Network configuration
|
| services.bacula-sd.director.<name>.password | Specifies the password that must be supplied for the default Bacula
Console to be authorized
|
| services.bonsaid.settings.*.command | Command to run when this transition is taken
|
| services.engelsystem.package | The engelsystem package to use.
|
| services.hqplayerd.auth.username | Username used for HQPlayer's WebUI
|
| services.ente.web.domains.albums | The domain under which the albums frontend will be served.
|
| services.gvfs.enable | Whether to enable GVfs, a userspace virtual filesystem.
|
| services.i2pd.ntcp2.port | Port to listen for incoming NTCP2 connections (0=auto).
|
| boot.supportedFilesystems | Names of supported filesystem types, or an attribute set of file system types
and their state
|
| services.airsonic.jvmOptions | Extra command line options for the JVM running AirSonic
|
| services.fediwall.nginx.sslCertificate | Path to server SSL certificate.
|
| boot.zfs.passwordTimeout | Timeout in seconds to wait for password entry for decrypt at boot
|
| hardware.printers.ensurePrinters | Will regularly ensure that the given CUPS printers are configured as declared here
|
| programs.direnv.loadInNixShell | Whether to enable loading direnv in nix-shell nix shell or nix develop
.
|
| security.pam.services.<name>.rootOK | If set, root doesn't need to authenticate (e.g. for the
useradd service).
|
| services.grafana.settings.database.max_open_conn | The maximum number of open connections to the database.
|
| services.fail2ban.extraPackages | Extra packages to be made available to the fail2ban service
|
| services.hardware.openrgb.server.port | Set server port of openrgb.
|
| programs.gnome-terminal.enable | Whether to enable GNOME Terminal.
|
| programs.weylus.openFirewall | Open ports needed for the functionality of the program.
|
| services.fediwall.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| security.sudo.wheelNeedsPassword | Whether users of the wheel group must
provide a password to run commands as super user via sudo.
|
| services.libinput.touchpad.clickMethod | Enables a click method
|
| networking.wg-quick.interfaces.<name>.peers.*.endpoint | Endpoint IP or hostname of the peer, followed by a colon,
and then a port number of the peer.
|
| networking.ucarp.advSkew | Advertisement skew in seconds.
|
| services.gitlab-runner.services.<name>.protected | When set to true Runner will only run on pipelines
triggered on protected branches
|
| programs.zsh.autosuggestions.extraConfig | Attribute set with additional configuration values
|
| services.firezone.gateway.enable | Whether to enable the firezone gateway
|
| programs.dconf.enable | Whether to enable dconf.
|
| boot.kernelParams | Parameters added to the kernel command line.
|
| services.hedgedoc.settings.protocolUseSSL | Use https:// for all links
|
| services.dolibarr.nginx.listen.*.port | Port number to listen on
|
| programs.clash-verge.autoStart | Whether to enable Clash Verge auto launch.
|
| security.pam.services.<name>.usshAuth | If set, users with an SSH certificate containing an authorized principal
in their SSH agent are able to log in
|
| services.i2pd.address | Your external IP or hostname.
|
| programs.bat.settings | Parameters to be written to the system-wide bat configuration file.
|
| services.davis.hostname | Domain of the host to serve davis under
|
| programs.opengamepadui.enable | Whether to enable opengamepadui.
|
| security.sudo-rs.extraRules.*.host | For what host this rule should apply.
|
| services.agorakit.mail.from | Mail "from" email.
|
| services.anuko-time-tracker.nginx.kTLS | Whether to enable kTLS support
|
| services.bitwarden-directory-connector-cli.sync.groupNameAttribute | Attribute for a name of group.
|
| services.dockerRegistry.storagePath | Docker registry storage path for the filesystem storage backend
|
| services.authelia.instances.<name>.secrets | It is recommended you keep your secrets separate from the configuration
|
| services.headscale.settings.dns.split | Split DNS configuration (map of domains and which DNS server to use for each)
|
| services.lidarr.environmentFiles | Environment file to pass secret configuration values
|
| services.agorakit.nginx.listen.*.ssl | Enable SSL.
|
| services.dbus.implementation | The implementation to use for the message bus defined by the D-Bus specification
|
| boot.initrd.network.ssh.hostKeys | Specify SSH host keys to import into the initrd
|
| services.flannel.etcd.prefix | Etcd key prefix
|
| services.dkimproxy-out.enable | Whether to enable dkimproxy_out
|
| services.gotenberg.extraArgs | Any extra command-line flags to pass to the Gotenberg service.
|
| services.kanboard.nginx.kTLS | Whether to enable kTLS support
|
| services.cjdns.confFile | Ignore all other cjdns options and load configuration from this file.
|
| services.gancio.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.hadoop.hbase.rest.openFirewall | Open firewall ports for HBase rest.
|
| hardware.deviceTree.overlays.*.filter | Only apply to .dtb files matching glob expression.
|
| services.bacula-dir.tls.key | The path of a PEM encoded TLS private key
|
| services.dovecot2.sieve.plugins | Sieve plugins to load
|
| services.hostapd.radios.<name>.networks.<name>.group | Members of this group can access the control socket for this interface.
|
| services.kimai.sites.<name>.poolConfig | Options for the Kimai PHP pool
|
| services.libvirtd.autoSnapshot.calendar | When to create snapshots (systemd calendar format)
|
| programs.wireshark.usbmon.enable | Whether to allow users in the 'wireshark' group to capture USB traffic
|
| programs.fcast-receiver.package | The fcast-receiver package to use.
|
| services.fediwall.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| networking.firewall.extraStopCommands | Additional shell commands executed as part of the firewall
shutdown script
|
| services.gitea-actions-runner.instances.<name>.settings | Configuration for act_runner daemon
|
| services.bird-lg.frontend.navbar.allServers | Text of 'All server' button in the navigation bar.
|
| fileSystems.<name>.overlay.workdir | The path to the workdir
|
| services.flaresolverr.enable | Whether to enable FlareSolverr, a proxy server to bypass Cloudflare protection.
|
| boot.initrd.luks.devices.<name>.yubikey.iterationStep | How much the iteration count for PBKDF2 is increased at each successful authentication.
|
| programs.neovim.withNodeJs | Enable Node provider.
|
| services.firezone.server.provision.accounts.<name>.groups | All groups to provision
|
| services.elasticsearch.listenAddress | Elasticsearch listen address.
|
| services.fluent-bit.package | The fluent-bit package to use.
|
| programs.projecteur.package | The projecteur package to use.
|
| services.lavalink.package | The lavalink package to use.
|
| services.borgbackup.jobs.<name>.user | The user borg is run as
|
| boot.loader.generic-extlinux-compatible.mirroredBoots.*.path | The path to the boot directory where the extlinux-compatible
configuration files will be written.
|
| programs.dms-shell.enableAudioWavelength | Whether to install dependencies required for audio wavelength visualization
|
| services.bcachefs.autoScrub.fileSystems | List of paths to bcachefs filesystems to regularly call bcachefs scrub on
|
| services.forgejo.settings.log.LEVEL | General log level.
|
| services.healthchecks.group | Group account under which healthchecks runs.
If left as the default value this group will automatically be created
on system activation, otherwise you are responsible for
ensuring the group exists before the healthchecks service starts.
|
| hardware.deviceTree.enable | Build device tree files
|
| programs.joycond-cemuhook.enable | Whether to enable joycond-cemuhook, a program to enable support for cemuhook's UDP protocol for joycond devices.
|
| programs.xonsh.bashCompletion.enable | Whether to enable bash completions for xonsh.
|
| services.agorakit.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| documentation.man.mandoc.settings.output.style | Path to the file used for an external style-sheet
|