| services.cloudlog.upload-clublog.enable | Whether to periodically upload logs to Clublog
|
| services.gitlab-runner.clear-docker-cache.enable | Whether to periodically prune gitlab runner's Docker resources
|
| services.thanos.rule.web.prefix-header | Name of HTTP request header used for dynamic prefixing of UI links and
redirects
|
| services.borgbackup.repos.<name>.quota | Storage quota for the repository
|
| programs.tsmClient.servers.<name>.passworddir | Directory that holds the TSM
node's password information.
|
| services.pdfding.consume.enable | Bulk PDF import from consume directory
|
| system.nssDatabases.sudoers | List of sudoers entries to configure in /etc/nsswitch.conf
|
| services.rstudio-server.serverWorkingDir | Default working directory for server (server-working-dir in rserver.conf).
|
| i18n.inputMethod.fcitx5.ignoreUserConfig | Ignore the user configures. Warning: When this is enabled, the
user config files are totally ignored and the user dict can't be saved
and loaded.
|
| services.mediatomb.customCfg | Allow the service to create and use its own config file inside the dataDir as
configured by services.mediatomb.dataDir
|
| services.mongodb.initialRootPasswordFile | Path to the file containing the password for the root user if auth is enabled.
|
| services.bitwarden-directory-connector-cli.sync.useEmailPrefixSuffix | If a user has no email address, combine a username prefix with a suffix value to form an email.
|
| services.bitwarden-directory-connector-cli.sync.removeDisabled | Remove users from bitwarden groups if no longer in the ldap group.
|
| services.stargazer.allowCgiUser | When enabled, the stargazer process will be given CAP_SETGID
and CAP_SETUID so that it can run cgi processes as a different
user
|
| services.cloudlog.update-clublog-scp.enable | Whether to periodically update the Clublog SCP database
|
| services.thanos.query.store.response-timeout | If a Store doesn't send any data in this specified duration then a
Store will be ignored and partial data will be returned if it's
enabled. 0 disables timeout
|
| services.mediagoblin.settings.mediagoblin.plugins | Plugins to enable
|
| security.pam.services.<name>.kwallet.enable | If enabled, pam_wallet will attempt to automatically unlock the
user's default KDE wallet upon login
|
| services.redsocks.redsocks.*.redirectCondition | Conditions to make outbound packets go through this redsocks
instance
|
| services.meilisearch.package | The meilisearch package to use
|
| services.thanos.query.web.prefix-header | Name of HTTP request header used for dynamic prefixing of UI links and
redirects
|
| system.autoUpgrade.rebootWindow | Define a lower and upper time value (in HH:MM format) which
constitute a time window during which reboots are allowed after an upgrade
|
| services.displayManager.dms-greeter.package | The DankMaterialShell package to use for the greeter
|
| services.reposilite.openFirewall | Whether to open the firewall ports for Reposilite
|
| hardware.sane.dsseries.enable | When enabled, will automatically register the "dsseries" SANE backend
|
| fonts.fontconfig.enable | If enabled, a Fontconfig configuration file will be built
pointing to a set of default fonts
|
| services.firewalld.zones.<name>.forward | Whether to enable intra-zone forwarding
|
| services.cyrus-imap.imapdSettings.configdirectory | The pathname of the IMAP configuration directory.
|
| networking.nat.forwardPorts | List of forwarded ports from the external interface to
internal destinations by using DNAT
|
| services.bitwarden-directory-connector-cli.sync.groupNameAttribute | Attribute for a name of group.
|
| services.bitwarden-directory-connector-cli.sync.userEmailAttribute | Attribute for a users email.
|
| services.postgresqlWalReceiver.receivers.<name>.directory | Directory to write the output to.
|
| systemd.enableStrictShellChecks | Whether to run shellcheck on the generated scripts for systemd
units
|
| programs.i3lock.u2fSupport | Whether to enable U2F support in the i3lock program
|
| documentation.nixos.checkRedirects | Check redirects for manualHTML.
|
| services.bitwarden-directory-connector-cli.sync.memberAttribute | Attribute that lists members in a LDAP group.
|
| services.gitlab.registry.defaultForProjects | If GitLab container registry should be enabled by default for projects.
|
| services.librenms.enableLocalBilling | Enable billing Cron-Jobs on the local instance
|
| services.prosody.s2sInsecureDomains | Some servers have invalid or self-signed certificates
|
| services.radicle.httpd.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.radicle.httpd.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.kanidm.provision.systems.oauth2.<name>.enableLocalhostRedirects | Allow localhost redirects
|
| services.chrony.autotrimThreshold | Maximum estimated error threshold for the rtcautotrim command
|
| services.healthchecks.settings | Environment variables which are read by healthchecks (local)_settings.py
|
| systemd.user.services.<name>.reloadIfChanged | Whether the service should be reloaded during a NixOS
configuration switch if its definition has changed
|
| services.journalwatch.enable | If enabled, periodically check the journal with journalwatch and report the results by mail.
|
| hardware.graphics.enable | Whether to enable hardware accelerated graphics drivers
|
| systemd.sysupdate.enable | Atomically update the host OS, container images, portable service
images or other sources
|
| services.privoxy.certsLifetime | If inspectHttps is enabled, the time generated HTTPS
certificates will be stored in a temporary directory for reuse
|
| boot.initrd.network.flushBeforeStage2 | Whether to clear the configuration of the interfaces that were set up in
the initrd right before stage 2 takes over
|
| services.libinput.mouse.middleEmulation | Enables middle button emulation
|
| services.munin-node.extraPlugins | Additional Munin plugins to activate
|
| services.mjolnir.pantalaimon.options.ssl | Whether or not SSL verification should be enabled for outgoing
connections to the homeserver.
|
| services.healthchecks.settingsFile | Environment variables which are read by healthchecks (local)_settings.py
|
| networking.nftables.checkRulesetRedirects | Set of paths that should be intercepted and rewritten while checking the ruleset
using pkgs.buildPackages.libredirect.
|
| services.neo4j.directories.certificates | Directory for storing certificates to be used by Neo4j for
TLS connections
|
| services.librenms.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.fediwall.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.kanboard.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.agorakit.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.kanboard.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.fediwall.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.librenms.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.dolibarr.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.dolibarr.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.agorakit.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.pixelfed.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.mainsail.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.pixelfed.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.mainsail.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.firefly-iii-data-importer.virtualHost | The hostname at which you wish firefly-iii-data-importer to be served
|
| services.bitwarden-directory-connector-cli.sync.emailPrefixAttribute | The attribute that contains the users username.
|
| services.fedimintd.<name>.nginx.config.http2 | Whether to enable the HTTP/2 protocol
|
| services.netbird.useRoutingFeatures | Enables settings required for NetBird's routing features: Network Resources, Network Routes & Exit Nodes
|
| services.nebula.networks.<name>.enableReload | Enable automatic config reload on config change
|
| systemd.services.<name>.reloadIfChanged | Whether the service should be reloaded during a NixOS
configuration switch if its definition has changed
|
| networking.interfaces.<name>.tempAddress | When IPv6 is enabled with SLAAC, this option controls the use of
temporary address (aka privacy extensions) on this
interface
|
| services.libinput.touchpad.tappingDragLock | Enables or disables drag lock during tapping behavior
|
| virtualisation.directBoot.initrd | In direct boot situations, you may want to influence the initrd to load
to use your own customized payload
|
| services.patroni.postgresqlPackage | PostgreSQL package to use
|
| boot.kernel.randstructSeed | Provides a custom seed for the RANDSTRUCT security
option of the Linux kernel
|
| services.pufferpanel.environment | Environment variables to set for the service
|
| hardware.nvidia.prime.offload.enable | Whether to enable render offload support using the NVIDIA proprietary driver via PRIME
|
| services.strongswan-swanctl.swanctl.connections.<name>.mobike | Enables MOBIKE on IKEv2 connections
|
| hardware.graphics.package32 | The package that provides the 32-bit driver set
|
| services.munin-node.extraAutoPlugins | Additional Munin plugins to autoconfigure, using
munin-node-configure --suggest
|
| services.tailscale.derper.configureNginx | Whether to enable nginx reverse proxy for derper
|
| services.bitwarden-directory-connector-cli.sync.overwriteExisting | Remove and re-add users/groups, See https://bitwarden.com/help/user-group-filters/#overwriting-syncs for more details.
|
| services.unbound.localControlSocketPath | When not set to null this option defines the path
at which the unbound remote control socket should be created at
|
| services.anuko-time-tracker.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.anuko-time-tracker.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.teeworlds.game.tournamentMode | Whether to enable tournament mode
|
| security.pam.services.<name>.enableGnomeKeyring | If enabled, pam_gnome_keyring will attempt to automatically unlock the
user's default Gnome keyring upon login
|
| services.bitwarden-directory-connector-cli.sync.creationDateAttribute | Attribute that lists a user's creation date.
|
| boot.initrd.luks.mitigateDMAAttacks | Unless enabled, encryption keys can be easily recovered by an attacker with physical
access to any machine with PCMCIA, ExpressCard, ThunderBolt or FireWire port
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.zabbixWeb.nginx.virtualHost.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.mediawiki.extensions | Attribute set of paths whose content is copied to the extensions
subdirectory of the MediaWiki installation and enabled in configuration
|
| services.openafsServer.dottedPrincipals | If enabled, allow principal names containing (.) dots
|
| services.prometheus.exporters.nginx.scrapeUri | Address to access the nginx status page
|