| services.jotta-cli.options | Command-line options passed to jottad.
|
| services.freeciv.openFirewall | Whether to enable opening the firewall for the port listening for clients.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswordsFile | Sets the password for WPA3-SAE
|
| services.keepalived.snmp.enableRfc | Enable SNMP handling of RFC2787 and RFC6527 VRRP MIBs.
|
| services.grafana-to-ntfy.settings.bauthUser | The user that you will authenticate with in the Grafana webhook settings
|
| services.cockroachdb.maxSqlMemory | The maximum in-memory storage capacity available to store temporary
data for SQL queries
|
| services.crowdsec.localConfig.acquisitions | A list of acquisition specifications, which define the data sources you want to be parsed
|
| services.anuko-time-tracker.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.bitwarden-directory-connector-cli.sync.useEmailPrefixSuffix | If a user has no email address, combine a username prefix with a suffix value to form an email.
|
| services.kimai.sites.<name>.database.passwordFile | A file containing the password corresponding to
database.user.
|
| security.acme.certs.<name>.dnsPropagationCheck | Toggles lego DNS propagation check, which is used alongside DNS-01
challenge to ensure the DNS entries required are available.
|
| services.hadoop.hdfs.journalnode.extraFlags | Extra command line flags to pass to HDFS JournalNode
|
| networking.fooOverUDP.<name>.protocol | Protocol number of the encapsulated packets
|
| services.fractalart.enable | Enable FractalArt for generating colorful wallpapers on login
|
| services.cross-seed.settings.port | Port the cross-seed daemon listens on.
|
| hardware.mcelog.enable | Enable the Machine Check Exception logger.
|
| services.i2pd.proto.http.pass | Password for webconsole access.
|
| services.gotenberg.libreoffice.autoStart | Automatically start LibreOffice when Gotenberg starts
|
| services.gitlab.databaseCreateLocally | Whether a database should be automatically created on the
local host
|
| services.aesmd.settings.proxyType | Type of proxy to use
|
| networking.bonds.<name>.xmit_hash_policy | DEPRECATED, use driverOptions
|
| services.go-httpbin.settings.PORT | The port to listen on.
|
| services.documize.package | The documize-community package to use.
|
| services.fediwall.nginx.listenAddresses | Listen addresses for this virtual host
|
| services.foundationdb.tls.certificate | Path to the TLS certificate file
|
| services.hans.clients.<name>.passwordFile | File that contains password
|
| boot.initrd.luks.reusePassphrases | When opening a new LUKS device try reusing last successful
passphrase
|
| services.inadyn.settings.provider.<name>.password | Password for this DDNS provider
|
| security.rtkit.package | The rtkit package to use.
|
| services.immich-public-proxy.package | The immich-public-proxy package to use.
|
| services.gitlab.backup.uploadOptions | GitLab automatic upload specification
|
| boot.initrd.luks.devices.<name>.gpgCard.gracePeriod | Time in seconds to wait for the GPG Smartcard.
|
| services.hostapd.radios.<name>.settings | Extra configuration options to put at the end of global initialization, before defining BSSs
|
| services.dolibarr.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.grafana.provision.datasources.settings | Grafana datasource configuration in Nix
|
| fonts.fontconfig.defaultFonts.emoji | System-wide default emoji font(s)
|
| security.pam.services.<name>.makeHomeDir | Whether to try to create home directories for users
with $HOMEs pointing to nonexistent
locations on session login.
|
| programs.thunar.plugins | List of thunar plugins to install.
|
| services.anuko-time-tracker.nginx.reuseport | Create an individual listening socket
|
| services.fluidd.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.govee2mqtt.environmentFile | Environment file as defined in systemd.exec(5)
|
| services.firefox-syncserver.secrets | A file containing the various secrets
|
| services.jupyter.extraPackages | Extra packages to be available in the jupyter runtime environment
|
| services.infinoted.extraConfig | Additional configuration to append to infinoted.conf
|
| programs.bash.completion.enable | Whether to enable Bash completion for all interactive bash shells.
|
| programs.opengamepadui.gamescopeSession.args | Arguments to be passed to GameScope for the session.
|
| services.gitlab.smtp.authentication | Authentication type to use, see http://api.rubyonrails.org/classes/ActionMailer/Base.html
|
| services.gitlab.statePath | GitLab state directory
|
| services.iperf3.affinity | CPU affinity for the process.
|
| services.bacula-fd.tls.allowedCN | Common name attribute of allowed peer certificates
|
| services.kavita.tokenKeyFile | A file containing the TokenKey, a secret with at 512+ bits
|
| fonts.fontconfig.localConf | System-wide customization file contents, has higher priority than
defaultFonts settings.
|
| services.anuko-time-tracker.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.grafana.provision.alerting.policies.path | Path to YAML notification policies configuration
|
| services.couchdb.user | User account under which couchdb runs.
|
| security.pam.p11.control | This option sets pam "control"
|
| services.firewalld.zones.<name>.icmpBlockInversion | Whether to invert the icmp block handling
|
| services.discourse.sslCertificate | The path to the server SSL certificate
|
| security.krb5.settings.module | Modules to obtain Kerberos configuration from.
|
| services.displayManager.lemurs.package | The lemurs package to use.
|
| programs.tmux.reverseSplit | Reverse the window split shortcuts.
|
| services.bitwarden-directory-connector-cli.user | User to run the program.
|
| programs.yazi.settings.yazi | Configuration included in yazi.toml
|
| services.gitlab.pages.settings | Configuration options to set in the GitLab Pages config
file
|
| services.dspam.user | User for the dspam daemon.
|
| boot.loader.limine.biosSupport | Whether or not to install limine for BIOS.
|
| services.input-remapper.serviceWantedBy | Specifies the WantedBy setting for the input-remapper service.
|
| services.buildkite-agents.<name>.tokenPath | The token from your Buildkite "Agents" page
|
| services.cfssl.caBundle | Path to root certificate store.
|
| nix.registry | A system-wide flake registry
|
| services.journald.remote.output | The location of the output journal
|
| services.bcg.baseTopicPrefix | Topic prefix added to all MQTT messages.
|
| networking.iproute2.enable | Whether to enable copying IP route configuration files.
|
| services.dolibarr.nginx.locations.<name>.index | Adds index directive.
|
| services.firefly-iii-data-importer.settings | Options for firefly-iii data importer configuration
|
| services.davis.nginx.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| services.druid.historical.enable | Whether to enable Druid Historical.
|
| services.discourse.mail.outgoing.port | The port of the SMTP server Discourse should use to
send email.
|
| services.forgejo.group | Group under which Forgejo runs.
|
| services.jenkins.home | The path to use as JENKINS_HOME
|
| services.glance.environmentFile | Path to an environment file as defined in systemd.exec(5)
|
| services.davis.nginx.sslCertificate | Path to server SSL certificate.
|
| services.lemmy.adminPasswordFile | File which contains the value of setup.admin_password.
|
| services.fediwall.nginx | Allows customizing the nginx virtualHost settings
|
| services.kubo.settings.Mounts.IPFS | Where to mount the IPFS namespace to
|
| services.esphome.enable | Whether to enable esphome, for making custom firmwares for ESP32/ESP8266.
|
| services.gitlab.extraEnv | Additional environment variables for the GitLab environment.
|
| services.legit.settings.repo.readme | Readme files to look for.
|
| services.angrr.settings.profile-policies.<name>.keep-booted-system | Whether to keep the last booted system generation
|
| boot.loader.limine.secureBoot.enable | Whether to use sign the limine binary with sbctl.
This requires you to already have generated the keys and enrolled them with sbctl
|
| services.diod.nwthreads | Sets the (fixed) number of worker threads created to handle 9P
requests for a unique aname.
|
| services.hadoop.hbase.rest.enable | Whether to enable HBase rest.
|
| programs.neovim.enable | Whether to enable Neovim
|
| security.acme.defaults.server | ACME Directory Resource URI
|
| services.athens.port | Port number Athens listens on.
|
| services.galene.enable | Whether to enable Galene Service.
|
| services.gotenberg.chromium.autoStart | Automatically start Chromium when Gotenberg starts
|
| services.glance.enable | Whether to enable glance.
|
| services.akkoma.config.":pleroma".":media_proxy".base_url | Base path for the media proxy
|
| services.keepalived.snmp.enableRfcV3 | Enable SNMP handling of RFC6527 VRRP MIB.
|