| boot.initrd.systemd.contents.<name>.enable | Whether to enable copying of this file and symlinking it.
|
| services.hedgedoc.settings.host | Address to listen on.
|
| services.ax25.axlisten.config | Options that will be passed to the axlisten daemon.
|
| boot.specialFileSystems.<name>.depends | List of paths that should be mounted before this one
|
| services.gocd-server.user | User the Go
|
| services.broadcast-box.web.host | Host address the HTTP server listens on
|
| services.invidious.hmacKeyFile | A path to a file containing the hmac_key
|
| services.angrr.logLevel | Set the log level of angrr.
|
| programs.tmux.aggressiveResize | Resize the window to the size of the smallest session for which it is the current window.
|
| services.anuko-time-tracker.nginx.extraConfig | These lines go to the end of the vhost verbatim.
|
| services.icecream.scheduler.netName | Network name for the icecream scheduler
|
| services.firezone.server.provision.accounts.<name>.gatewayGroups | All gateway groups (sites) to provision
|
| hardware.printers.ensurePrinters.*.description | Optional human-readable description.
|
| services.libinput.mouse.additionalOptions | Additional options for libinput mouse driver
|
| services.headscale.settings.prefixes.v6 | Each prefix consists of either an IPv4 or IPv6 address,
and the associated prefix length, delimited by a slash
|
| programs.atop.package | The atop package to use.
|
| services.gancio.nginx.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| hardware.trackpoint.thresh | Minimum value for z-axis force required to trigger a press or release, relative to the running average.
|
| services.anuko-time-tracker.nginx.onlySSL | Whether to enable HTTPS and reject plain HTTP connections
|
| services.bird-lg.frontend.listenAddresses | Address to listen on.
|
| services.bitwarden-directory-connector-cli.ldap.pagedSearch | Whether the LDAP server paginates search results.
|
| services.hadoop.yarn.nodemanager.extraEnv | Extra environment variables
|
| security.doas.extraRules.*.setEnv | Keep or set the specified variables
|
| services.collabora-online.package | The Collabora Online package to use.
|
| programs.gamescope.env | Default environment variables available to the GameScope process, overridable at runtime.
|
| services.espanso.package | The espanso package to use.
|
| services.jigasi.xmppDomain | Domain name of the XMMP server to which to connect as a component
|
| services.authelia.instances.<name>.settings.telemetry.metrics.enabled | Enable Metrics.
|
| services.grafana_reporter.grafana.addr | Grafana address.
|
| security.sudo-rs.execWheelOnly | Only allow members of the wheel group to execute sudo by
setting the executable's permissions accordingly
|
| hardware.amdgpu.initrd.enable | Whether to enable loading amdgpu kernelModule in stage 1
|
| services.fluidd.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.influxdb2.provision.users | Users to provision.
|
| services.dawarich.configureNginx | Configure nginx as a reverse proxy for dawarich
|
| services.fediwall.nginx.locations.<name>.recommendedProxySettings | Enable recommended proxy settings.
|
| services._3proxy.services.*.extraConfig | Extra configuration for service
|
| programs.ccache.group | Group owner of CCache directory
|
| services.lavalink.extraConfig | Configuration to write to application.yml
|
| services.komodo-periphery.excludeDiskMounts | Exclude these mount paths from disk reporting.
|
| services.babeld.interfaceDefaults | A set describing default parameters for babeld interfaces
|
| hardware.nvidia-container-toolkit.mounts | Mounts to be added to every container under the Nvidia CDI profile.
|
| programs.kde-pim.merkuro | Whether to enable Merkuro.
|
| security.pam.u2f.control | This option sets pam "control"
|
| services.amazon-cloudwatch-agent.commonConfigurationFile | Amazon CloudWatch Agent common configuration
|
| services.agorakit.hostName | The hostname to serve agorakit on.
|
| services.infinoted.user | What to call the dedicated user under which infinoted is run
|
| services.airsonic.maxMemory | The memory limit (max Java heap size) in megabytes
|
| services.grafana.settings | Grafana settings
|
| services.athens.storage.minio.endpoint | Endpoint of the minio storage backend.
|
| programs.qgroundcontrol.enable | Whether to enable qgroundcontrol.
|
| services.libeufin.nexus.settings.nexus-ebics.BANK_PUBLIC_KEYS_FILE | Filesystem location where Nexus should store the bank public keys.
|
| services.bacula-sd.director.<name>.tls.require | Require TLS or TLS-PSK encryption
|
| services.gitlab-runner.services.<name>.dockerPrivileged | Give extended privileges to container.
|
| services.dovecot2.quotaPort | The Port the dovecot quota service binds to
|
| services.clamav.clamonacc.enable | Whether to enable ClamAV on-access scanner
|
| services.esdm.enableLinuxCompatServices | Enable /dev/random, /dev/urandom and /proc/sys/kernel/random/* userspace wrapper.
|
| services.kresd.instances | The number of instances to start
|
| services.athens.index.postgres.database | Database name for the Postgres database.
|
| security.pam.services.<name>.duoSecurity.enable | If set, use the Duo Security pam module
pam_duo for authentication
|
| services.headscale.settings.dns.extra_records.*.type | DNS record type.
|
| services.gitlab-runner.services.<name>.limit | Limit how many jobs can be handled concurrently by this service.
0 (default) simply means don't limit.
|
| hardware.fw-fanctrl.ectoolPackage | The fw-ectool package to use.
|
| security.pam.services.<name>.kwallet.forceRun | The force_run option is used to tell the PAM module for KWallet
to forcefully run even if no graphical session (such as a GUI
display manager) is detected
|
| services.gns3-server.dynamips.package | The dynamips package to use.
|
| services.gnome.tinysparql.enable | Whether to enable TinySPARQL services, a search engine,
search tool and metadata storage system.
|
| programs.mosh.withUtempter | Whether to enable libutempter for mosh
|
| services.druid.broker.jvmArgs | Arguments to pass to the JVM
|
| services.glusterfs.tlsSettings.tlsPem | Path to the certificate used for TLS.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.wpaPassword | Sets the password for WPA-PSK that will be converted to the pre-shared key
|
| services.lemmy.database.createLocally | Whether to enable creation of database on the instance.
|
| environment.enlightenment.excludePackages | Which packages Enlightenment should exclude from the default environment
|
| services.fediwall.settings.loadTrends | Load trending posts
|
| services.blendfarm.serverConfig.BroadcastPort | Default port blendfarm server advertises itself on.
|
| services.gatus.environmentFile | File to load as environment file
|
| services.crowdsec.localConfig.parsers.s01Parse | A list of stage s01-parse specifications
|
| fonts.fontconfig.defaultFonts.sansSerif | System-wide default sans serif font(s)
|
| services.dysnomia.extraContainerProperties | An attribute set providing additional container settings in addition to the default properties
|
| services.firewalld.zones.<name>.sources.*.mac | A MAC address.
|
| services.influxdb.package | The influxdb package to use.
|
| programs.dms-shell.plugins | DMS Plugins to install and enable
|
| programs.droidcam.enable | Whether to enable DroidCam client.
|
| services.firezone.server.web.port | The port under which the web interface will be served locally
|
| services.bazarr.package | The bazarr package to use.
|
| services.froide-govplan.secretKeyFile | Path to a file containing the secret key.
|
| services.amule.group | Group under which amule runs
|
| services.hedgedoc.enable | Whether to enable the HedgeDoc Markdown Editor.
|
| boot.initrd.network.ssh.authorizedKeys | Authorized keys for the root user on initrd
|
| services.gitolite.commonHooks | A list of custom git hooks that get copied to ~/.gitolite/hooks/common.
|
| services.knot.settingsFile | As alternative to settings, you can provide whole configuration
directly in the almost-YAML format of Knot DNS
|
| services.bind.package | The bind package to use.
|
| programs.direnv.nix-direnv.enable | Whether to enable a faster, persistent implementation of use_nix and use_flake, to replace the builtin one
.
|
| security.sudo.extraRules.*.runAs | Under which user/group the specified command is allowed to run
|
| documentation.enable | Whether to install documentation of packages from
environment.systemPackages into the generated system path
|
| services.calibre-server.host | The interface on which to listen for connections
|
| services.davis.mail.dsnFile | A file containing the mail DSN for sending emails
|
| services.anubis.instances | An attribute set of Anubis instances
|
| programs.virt-manager.package | The virt-manager package to use.
|
| nix.buildMachines.*.supportedFeatures | A list of features supported by this builder
|
| services.gemstash.settings.bind | Host and port combination for the server to listen on.
|
| services.changedetection-io.behindProxy | Enable this option when changedetection-io runs behind a reverse proxy, so that it trusts X-* headers
|