| services.gitlab.databaseName | GitLab database name.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saeAddToMacAllow | If set, all sae password entries that have a non-wildcard MAC associated to
them will additionally be used to populate the MAC allow list
|
| programs.bazecor.package | The bazecor package to use.
|
| programs.mosh.enable | Whether to enable mosh.
|
| services.ente.api.package | The museum package to use.
|
| services.guix.substituters.urls | A list of substitute servers' URLs for the Guix daemon to download
substitutes from.
|
| services.legit.settings.repo.scanPath | Directory where legit will scan for repositories.
|
| services.lemmy.settings.hostname | The domain name of your instance (eg 'lemmy.ml').
|
| security.krb5.settings | Structured contents of the krb5.conf file
|
| security.pam.services.<name>.googleOsLoginAuthentication | If set, will use the pam_oslogin_login's user
authentication methods to authenticate users using 2FA
|
| services.armagetronad.servers.<name>.name | The name of this server.
|
| boot.initrd.allowMissingModules | Whether the initrd can be built even though modules listed in
boot.initrd.kernelModules or
boot.initrd.availableKernelModules are missing from
the kernel
|
| boot.initrd.systemd.repart.extraArgs | Extra command-line arguments to pass to systemd-repart
|
| powerManagement.powertop.preStart | Shell commands executed before powertop is started.
|
| services._3proxy.extraConfig | Extra configuration, appended to the 3proxy configuration file
|
| services.bitcoind.<name>.prune | Reduce storage requirements by enabling pruning (deleting) of old
blocks
|
| boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.age | Delete a file when it reaches a certain age
|
| nix.sshServe.write | Whether to enable writing to the Nix store as a remote store via SSH
|
| power.ups.ups | This is where you configure all the UPSes that this system will be
monitoring directly
|
| services.clatd.enableNetworkManagerIntegration | Whether to enable NetworkManager integration.
|
| services.drupal.sites.<name>.virtualHost.robotsEntries | Specification of pages to be ignored by web crawlers
|
| services.infinoted.port | Port to listen on
|
| boot.kernelModules | The set of kernel modules to be loaded in the second stage of
the boot process
|
| fonts.enableDefaultPackages | Enable a basic set of fonts providing several styles
and families and reasonable coverage of Unicode.
|
| nix.firewall.allowedUDPPorts | UDP ports to which traffic is allowed
|
| programs.uwsm.waylandCompositors.<name>.comment | The comment field of the desktop entry file.
|
| services.dwm-status.package | The dwm-status package to use.
|
| services.i2pd.proto.socksProxy.inbound.length | Guaranteed minimum hops for socksproxy tunnels.
|
| services.atticd.group | The group under which attic runs.
|
| hardware.gpgSmartcards.enable | Whether to enable udev rules for gnupg smart cards.
|
| hardware.nvidia-container-toolkit.enable-hooks | List of hooks to enable when generating the CDI specification
|
| services.agorakit.nginx.locations.<name>.index | Adds index directive.
|
| services.armagetronad.servers.<name>.host | Host to listen on
|
| services.chhoto-url.enable | Whether to enable Chhoto URL.
|
| programs.firefox.nativeMessagingHosts.packages | Additional packages containing native messaging hosts that should be made available to Firefox extensions.
|
| services.anuko-time-tracker.nginx.locations | Declarative location config
|
| networking.wg-quick.interfaces.<name>.peers.*.presharedKey | Base64 preshared key generated by wg genpsk
|
| documentation.man.enable | Whether to install manual pages
|
| services.firewalld.packages | Packages providing firewalld zones and other files
|
| services.apcupsd.configText | Contents of the runtime configuration file, apcupsd.conf
|
| services.consul.forceIpv4 | Deprecated: Use consul.forceAddrFamily instead
|
| services.freeswitch.configDir | Override file in FreeSWITCH config template directory
|
| services.kanboard.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.deconz.allowRebootSystem | Whether to enable rebooting the system.
|
| services.dwm-status.settings.order | List of enabled features in order.
|
| services.filebrowser.enable | Whether to enable FileBrowser.
|
| services.incron.extraPackages | Extra packages available to the system incrontab.
|
| services.librespeed.useACMEHost | Use a certificate generated by the NixOS ACME module for the given host
|
| services.gancio.nginx.listenAddresses | Listen addresses for this virtual host
|
| security.auditd.plugins.<name>.settings | Plugin-specific config file to link to /etc/audit/.conf
|
| hardware.onlykey.enable | Enable OnlyKey device (https://crp.to/p/) support.
|
| services.autobrr.enable | Whether to enable Autobrr.
|
| services.deluge.dataDir | The directory where deluge will create files.
|
| services.authelia.instances.<name>.settings.default_2fa_method | Default 2FA method for new users and fallback for preferred but disabled methods.
|
| services.fedimintd.<name>.nginx.config.sslTrustedCertificate | Path to root SSL certificate for stapling and client certificates.
|
| services.autorandr.profiles.<name>.hooks.predetect | Predetect hook executed before autorandr attempts to run xrandr.
|
| security.pam.ussh.authorizedPrincipals | Comma-separated list of authorized principals to permit; if the user
presents a certificate with one of these principals, then they will be
authorized
|
| services.calibre-server.auth.enable | Password based authentication to access the server
|
| services.dockerRegistry.package | The distribution package to use.
|
| services.displayManager.sddm.extraPackages | Extra Qt plugins / QML libraries to add to the environment.
|
| power.ups.users.<name>.upsmon | Add the necessary actions for a upsmon process to work
|
| services.ceph.mds.package | The ceph package to use.
|
| services.dolibarr.nginx.listen.*.addr | Listen address.
|
| security.duosec.acceptEnvFactor | Look for factor selection or passcode in the
$DUO_PASSCODE environment variable before
prompting the user for input
|
| services.dolibarr.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| hardware.nvidia.videoAcceleration | Whether to enable Whether video acceleration (VA-API) should be enabled.
.
|
| services.desktopManager.gnome.flashback.customSessions.*.wmName | A unique identifier for the window manager.
|
| services.agorakit.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.filebrowser.settings | Settings for FileBrowser
|
| networking.networkmanager.ensureProfiles.secrets.entries.*.matchSetting | name of the setting section for which secrets are requested
|
| power.ups.upsmon.enable | Whether to enable upsmon.
|
| security.pam.krb5.enable | Enables Kerberos PAM modules (pam-krb5,
pam-ccreds)
|
| security.pam.services.<name>.setEnvironment | Whether the service should set the environment variables
listed in environment.sessionVariables
using pam_env.so.
|
| services.anki-sync-server.package | The anki-sync-server package to use.
|
| services.bitmagnet.settings.dht_server | DHT server settings
|
| services.desktopManager.gnome.flashback.enableMetacity | Whether to enable the standard GNOME Flashback session with Metacity.
|
| services._3proxy.privateRanges | What IP ranges to deny access when denyPrivate is set tu true.
|
| services.glpiAgent.enable | Whether to enable GLPI Agent.
|
| services.automysqlbackup.calendar | Configured when to run the backup service systemd unit (DayOfWeek Year-Month-Day Hour:Minute:Second).
|
| services.influxdb2.provision.organizations | Organizations to provision.
|
| services.jupyter.kernels.<name>.argv | Command and arguments to start the kernel.
|
| services.athens.storageType | Specifies the type of storage backend to use.
|
| services.autofs.autoMaster | Contents of /etc/auto.master file
|
| services.dendrite.loadCredential | This can be used to pass secrets to the systemd service without adding them to
the nix store
|
| services.btrbk.sshAccess | SSH keys that should be able to make or push snapshots on this system remotely with btrbk
|
| services.invidious-router.settings | Configuration for invidious-router
|
| security.acme.certs.<name>.postRun | Commands to run after new certificates go live
|
| services.forgejo.settings | Free-form settings written directly to the app.ini configfile file
|
| services.atftpd.extraOptions | Extra command line arguments to pass to atftp.
|
| services.dolibarr.nginx.locations.<name>.basicAuthFile | Basic Auth password file for a vhost
|
| services.borgbackup.jobs.<name>.postPrune | Shell commands to run after borg prune.
|
| services.dendrite.settings.media_api.database.connection_string | Database for the Media API.
|
| services.borgbackup.jobs.<name>.wrapper | Name of the wrapper that is installed into PATH
|
| services.firebird.port | Port Firebird uses.
|
| services.forgejo.dump.type | Archive format used to store the dump file.
|
| services.drbd.config | Contents of the drbd.conf configuration file.
|
| services.grocy.hostName | FQDN for the grocy instance.
|
| services.guacamole-client.settings | Configuration written to guacamole.properties.
The Guacamole web application uses one main configuration file called
guacamole.properties
|
| services.journald.remote.settings | Configuration in the journal-remote configuration file
|
| services.karma.package | The karma package to use.
|