| services.prometheus.scrapeConfigs.*.basic_auth.username | HTTP username
|
| services.strongswan-swanctl.swanctl.connections.<name>.fragmentation | Use IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2
fragmentation)
|
| services.librenms.environmentFile | File containing env-vars to be substituted into the final config
|
| services.roundcube.enable | Whether to enable roundcube
|
| programs.captive-browser.enable | Whether to enable captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings.
|
| services.thinkfan.fans.*.query | The query string used to match one or more fans: can be
a fullpath to the temperature file (single fan) or a fullpath
to a driver directory (multiple fans).
When multiple fans match, the query can be restricted using the
name or indices options.
|
| services.windmill.database.urlPath | Path to the file containing the database url windmill should connect to
|
| services.cntlm.netbios_hostname | The hostname of your machine.
|
| networking.openconnect.interfaces.<name>.extraOptions | Extra config to be appended to the interface config
|
| services.cadvisor.storageDriverDb | Cadvisord storage driver database name.
|
| services.firezone.server.provision.accounts.<name>.features.self_hosted_relays | Whether to enable the self_hosted_relays feature for this account.
|
| services.sanoid.datasets.<name>.post_snapshot_script | Script to run after taking snapshot.
|
| services.davis.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.movim.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.slskd.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.portunus.dex.oidcClients | List of OIDC clients
|
| services.athens.index.postgres.database | Database name for the Postgres database.
|
| virtualisation.oci-containers.containers.<name>.podman.user | The user under which the container should run.
|
| virtualisation.sharedDirectories.<name>.source | The path of the directory to share, can be a shell variable
|
| virtualisation.sharedDirectories.<name>.target | The mount point of the directory inside the virtual machine
|
| virtualisation.fileSystems.<name>.encrypted.keyFile | Path to a keyfile used to unlock the backing encrypted
device
|
| services.displayManager.dms-greeter.configFiles | List of DankMaterialShell configuration files to copy into the greeter
data directory at /var/lib/dms-greeter
|
| services.apache-kafka.configFiles.serverProperties | Kafka server.properties configuration file path
|
| services.nextcloud.autoUpdateApps.startAt | When to run the update
|
| services.veilid.settings.core.protected_store.always_use_insecure_storage | Should we bypass any attempt to use system-provided secure storage?
|
| services.ntopng.redis.createInstance | Local Redis instance name
|
| services.multipath.pathGroups.*.alias | The name of the multipath device
|
| virtualisation.oci-containers.containers.<name>.image | OCI image to run.
|
| services.victoriatraces.basicAuthUsername | Basic Auth username used to protect VictoriaTraces instance by authorization
|
| networking.wireguard.interfaces.<name>.peers.*.presharedKeyFile | File pointing to preshared key as generated by wg genpsk
|
| services.zfs.autoSnapshot.flags | Flags to pass to the zfs-auto-snapshot command
|
| virtualisation.oci-containers.containers.<name>.user | Override the username or UID (and optionally groupname or GID) used
in the container.
|
| services.snipe-it.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.namespaces.names | Namespace name.
|
| services.outline.storage.uploadBucketName | Name of the bucket where uploads should be stored.
|
| programs.zsh.enable | Whether to configure zsh as an interactive shell
|
| services.anuko-time-tracker.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.multipath.pathGroups.*.array | The DNS name of the storage array
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.resources.*.compress | Whether synapse should compress HTTP responses to clients that support it
|
| virtualisation.oci-containers.containers.<name>.pull | Image pull policy for the container
|
| services.zabbixWeb.nginx.virtualHost.http3 | Whether to enable the HTTP/3 protocol
|
| services.vikunja.database.database | Database name.
|
| services.karakeep.extraEnvironment | Environment variables to pass to Karakaeep
|
| services.biboumi.credentialsFile | Path to a configuration file to be merged with the settings
|
| services.rutorrent.nginx.enable | Whether to enable nginx virtual host management
|
| services.listmonk.database.mutableSettings | Database settings will be reset to the value set in this module if this is not enabled
|
| services.avahi.nssmdns6 | Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv6
|
| boot.iscsi-initiator.target | Name of the iSCSI target to boot from.
|
| networking.wireguard.interfaces.<name>.peers.*.presharedKey | Base64 preshared key generated by wg genpsk
|
| services.prometheus.exporters.artifactory.artiUsername | Username for authentication against JFrog Artifactory API.
|
| networking.openconnect.interfaces.<name>.certificate | Certificate to authenticate with.
|
| services.openvscode-server.host | The host name or IP address the server should listen to.
|
| services.sanoid.templates.<name>.post_snapshot_script | Script to run after taking snapshot.
|
| services.discourse.backendSettings | Additional settings to put in the
discourse.conf file
|
| users.extraUsers.<name>.initialPassword | Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist
|
| services.nginx.recommendedGzipSettings | Enable recommended gzip settings
|
| services.icecream.scheduler.netName | Network name for the icecream scheduler
|
| services.pcscd.ignoreReaderNames | List of reader name patterns for the PCSC daemon to ignore
|
| virtualisation.oci-containers.containers.<name>.labels | Labels to attach to the container at runtime.
|
| services.grafana.settings.security.disable_initial_admin_creation | Disable creation of admin user on first start of Grafana.
|
| services.dendrite.settings.global.trusted_third_party_id_servers | Lists of domains that the server will trust as identity
servers to verify third party identifiers such as phone
numbers and email addresses
|
| services.bookstack.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.sunshine.applications | Configuration for applications to be exposed to Moonlight
|
| services.trilium-server.instanceName | Instance name used to distinguish between different instances
|
| services.gotify.stateDirectoryName | The name of the directory below /var/lib where
gotify stores its runtime data.
|
| services.znc.useLegacyConfig | Whether to propagate the legacy options under
services.znc.confOptions.* to the znc config
|
| virtualisation.credentials.<name>.mechanism | The mechanism used to pass the credential to the VM.
|
| services.borgbackup.jobs | Deduplicating backups using BorgBackup
|
| services.homebridge.uiSettings.log.service | Name of the systemd service to log to
|
| services.fluidd.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.akkoma.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.gancio.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.matomo.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.monica.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.lasuite-meet.livekit.keyFile | LiveKit key file holding one or multiple application secrets
|
| services.outline.oidcAuthentication.usernameClaim | Specify which claims to derive user information from
|
| services.nextcloud.configureRedis | Whether to configure Nextcloud to use the recommended Redis settings for small instances.
The Nextcloud system check recommends to configure either Redis or Memcache for file lock caching.
The notify_push app requires Redis to be configured
|
| services.prometheus.alertmanagerGotify.metrics.username | The username used to access your metrics.
|
| services.nginx.recommendedZstdSettings | Enable recommended zstd settings
|
| services.pomerium.useACMEHost | If set, use a NixOS-generated ACME certificate with the specified name
|
| services.buildbot-worker.adminMessage | Name of the administrator of this worker
|
| services.radicle.httpd.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.nagios.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| services.moodle.virtualHost.servedFiles | This option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS
|
| services.cassandra.clusterName | The name of the cluster
|
| services.nginx.recommendedUwsgiSettings | Whether to enable recommended uwsgi settings if a vhost does not specify the option manually.
|
| services.nginx.recommendedProxySettings | Whether to enable recommended proxy settings if a vhost does not specify the option manually.
|
| services.lavalink.plugins.*.configName | The name of the plugin to use as the key for the plugin configuration.
|
| services.matrix-synapse.settings.url_preview_ip_range_blacklist | List of IP address CIDR ranges that the URL preview spider is denied
from accessing.
|
| services.linux-enable-ir-emitter.device | IR camera device to depend on
|
| services.stargazer.routes | Routes that Stargazer should server
|
| services.thanos.rule.web.prefix-header | Name of HTTP request header used for dynamic prefixing of UI links and
redirects
|
| networking.bonds.<name>.xmit_hash_policy | DEPRECATED, use driverOptions
|
| services.matrix-synapse.settings.url_preview_ip_range_whitelist | List of IP address CIDR ranges that the URL preview spider is allowed
to access even if they are specified in url_preview_ip_range_blacklist.
|
| security.tpm2.fapi.profileName | Name of the default cryptographic profile chosen from the profile_dir directory.
|
| services.dependency-track.nginx.domain | The domain name under which to set up the virtual host.
|
| virtualisation.oci-containers.containers.<name>.devices | List of devices to attach to this container.
|
| networking.wireguard.interfaces.<name>.interfaceNamespace | The pre-existing network namespace the WireGuard
interface is moved to
|
| services.crossfire-server.configFiles | Text to append to the corresponding configuration files
|
| services.headscale.settings.tls_letsencrypt_challenge_type | Type of ACME challenge to use, currently supported types:
HTTP-01 or TLS-ALPN-01.
|