| documentation.man.mandoc.settings.output.width | The ASCII and UTF-8 output width, default is 78
|
| services.dependency-track.settings."alpine.oidc.teams.default" | Defines one or more team names that auto-provisioned OIDC users shall be added to
|
| security.acme.defaults.extraLegoRunFlags | Additional flags to pass to lego run.
|
| services.jenkins.listenAddress | Specifies the bind address on which the jenkins HTTP interface listens
|
| services.factorio.configFile | The server's configuration file
|
| powerManagement.scsiLinkPolicy | SCSI link power management policy
|
| nix.settings.require-sigs | If enabled (the default), Nix will only download binaries from binary caches if
they are cryptographically signed with any of the keys listed in
nix.settings.trusted-public-keys
|
| services.couchdb.uriFile | This file contains the full URI that can be used to access this
instance of CouchDB
|
| services.gitolite.dataDir | The gitolite home directory used to store all repositories
|
| nix.settings.allowed-users | A list of names of users (separated by whitespace) that are
allowed to connect to the Nix daemon
|
| boot.tmp.tmpfsHugeMemoryPages |
never - Do not allocate huge memory pages
|
| services.kapacitor.alerta.token | Default Alerta authentication token
|
| services.ersatztv.openFirewall | Open the default ports in the firewall for the server.
|
| services.oauth2-proxy.httpAddress | HTTPS listening address
|
| services.nginx.typesHashMaxSize | Sets the maximum size of the types hash tables (types_hash_max_size)
|
| services.traefik.group | Primary group under which Traefik runs
|
| services.syncthing.relay.pools | Relay pools to join
|
| services.sabnzbd.settings.ntfosd.ntfosd_enable | Whether to enable NotifyOSD alerts
|
| services.sourcehut.todo.group | Group for todo.sr.ht
|
| services.sourcehut.meta.group | Group for meta.sr.ht
|
| networking.ucarp.package | The ucarp package to use
|
| services.immich.mediaLocation | Directory used to store media files
|
| nix.settings | Configuration for Nix, see
https://nixos.org/manual/nix/stable/command-ref/conf-file.html or
nix.conf(5) for available options
|
| boot.zfs.forceImportRoot | Forcibly import the ZFS root pool(s) during early boot
|
| services.nagios.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.teeworlds.game.gameType | The game type to use on the server
|
| services.soju.acceptProxyIP | Allow the specified IPs to act as a proxy
|
| services.moodle.virtualHost.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.oncall.settings.db.conn.str | Database connection scheme
|
| services.mjolnir.settings | Additional settings (see mjolnir default config for available settings)
|
| services.mbpfan.aggressive | If true, favors higher default fan speeds.
|
| systemd.sockets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.targets.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| services.postfix.networks | Net masks for trusted - allowed to relay mail to third parties -
hosts
|
| services.icingaweb2.pool | Name of existing PHP-FPM pool that is used to run Icingaweb2
|
| services.bitbox-bridge.runOnMount | Run bitbox-bridge.service only when hardware wallet is plugged, also registers the systemd device unit
|
| security.acme.defaults.enableDebugLogs | Whether to enable debug logging for this certificate.
|
| services.airsonic.jvmOptions | Extra command line options for the JVM running AirSonic
|
| services.headscale.user | User account under which headscale runs.
If left as the default value this user will automatically be created
on system activation, otherwise you are responsible for
ensuring the user exists before the headscale service starts.
|
| programs.git.config | Configuration to write to /etc/gitconfig
|
| programs.envision.openFirewall | Whether to enable the default ports in the firewall for the WiVRn server.
|
| services.scrutiny.openFirewall | Whether to enable opening the default ports in the firewall for Scrutiny.
|
| services.resilio.directoryRoot | Default directory to add folders in the web UI.
|
| services.radicle.httpd.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.searx.settings | Searx settings
|
| services.stubby.settings | Content of the Stubby configuration file
|
| systemd.user.slices.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| systemd.user.timers.<name>.enable | If set to false, this unit will be a symlink to
/dev/null
|
| users.ldap.bind.policy | Specifies the policy to use for reconnecting to an unavailable
LDAP server
|
| _module.args | Additional arguments passed to each module in addition to ones
like lib, config,
and pkgs, modulesPath
|
| system.stateVersion | This option defines the first version of NixOS you have installed on this particular machine,
and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions
|
| hardware.deviceTree.kernelPackage | Kernel package where device tree include directory is from
|
| services.couchdb.databaseDir | Specifies location of CouchDB database files (*.couch named)
|
| fonts.fontconfig.enable | If enabled, a Fontconfig configuration file will be built
pointing to a set of default fonts
|
| services.kapacitor.alerta.origin | Default origin of alert
|
| security.auditd.plugins.<name>.type | This tells the dispatcher how the plugin wants to be run
|
| services.redis.servers.<name>.appendOnly | By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.
|
| services.logrotate.configFile | Override the configuration file used by logrotate
|
| services.neo4j.https.sslPolicy | Neo4j SSL policy for HTTPS traffic
|
| nixpkgs.crossSystem | Systems with a recently generated hardware-configuration.nix
may instead specify only nixpkgs.buildPlatform,
or fall back to removing the nixpkgs.hostPlatform line from the generated config
|
| system.autoUpgrade.rebootWindow | Define a lower and upper time value (in HH:MM format) which
constitute a time window during which reboots are allowed after an upgrade
|
| services.strongswan-swanctl.swanctl.connections.<name>.reauth_time | Time to schedule IKE reauthentication
|
| services.limesurvey.nginx.virtualHost.locations.<name>.fastcgiParams | FastCGI parameters to override
|
| virtualisation.qemu.networkingOptions | Networking-related command-line options that should be passed to qemu
|
| services.sourcehut.paste.group | Group for paste.sr.ht
|
| services.sourcehut.lists.group | Group for lists.sr.ht
|
| services.sourcehut.pages.group | Group for pages.sr.ht
|
| services.davis.nginx.forceSSL | Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS
|
| services.eternal-terminal.port | The port the server should listen on
|
| services.httpd.virtualHosts.<name>.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.irkerd.listenAddress | Specifies the bind address on which the irker daemon listens
|
| services.keycloak.database.port | Port of the database to connect to.
|
| services.anuko-time-tracker.nginx.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| security.pam.u2f.settings.appid | By default pam-u2f module sets the application
ID to pam://$HOSTNAME
|
| services.headscale.group | Group under which headscale runs.
If left as the default value this group will automatically be created
on system activation, otherwise you are responsible for
ensuring the user exists before the headscale service starts.
|
| services.netdata.configDir | Complete netdata config directory except netdata.conf
|
| services.prosody.muc.*.roomDefaultPublic | If set, the MUC rooms will be public by default.
|
| services.redis.servers.<name>.user | User account under which this instance of redis-server runs.
If left as the default value this user will automatically be
created on system activation, otherwise you are responsible for
ensuring the user exists before the redis service starts.
|
| services.locate.interval | Update the locate database at this interval
|
| services.slskd.nginx.forceSSL | Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS
|
| services.movim.nginx.forceSSL | Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS
|
| services.nginx.virtualHosts.<name>.addSSL | Whether to enable HTTPS in addition to plain HTTP
|
| services.udp-over-tcp.tcp2udp.<name>.threads | Sets the number of worker threads to use
|
| nixpkgs.buildPlatform | Specifies the platform on which NixOS should be built
|
| services.postgresql.ensureUsers.*.ensureClauses.inherit | Grants the user created inherit permissions
|
| services.draupnir.settings | Free-form settings written to Draupnir's configuration file
|
| nix.settings.trusted-public-keys | List of public keys used to sign binary caches
|
| security.acme.defaults.extraLegoRenewFlags | Additional flags to pass to lego renew.
|
| services.hologram-server.awsDefaultRole | AWS default role
|
| services.knot-resolver.enable | Whether to enable knot-resolver (version 6) domain name server
|
| services.kresd.instances | The number of instances to start
|
| services.rss2email.feeds.<name>.to | Email address to which to send feed items
|
| services.snipe-it.nginx.forceSSL | Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode) all plain HTTP traffic to
HTTPS
|
| services.nginx.serverNamesHashBucketSize | Sets the bucket size for the server names hash tables
|
| services.stalwart.settings | Configuration options for the Stalwart server
|
| services.kanidm.serverSettings.online_backup.versions | Number of backups to keep
|
| documentation.man.mandoc.settings.output.indent | Number of blank characters at the left margin for normal text,
default of 5 for mdoc(7) and 7 for
man(7)
|
| services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_in | Netfilter mark and mask for input traffic
|
| security.acme.certs.<name>.dnsResolver | Set the resolver to use for performing recursive DNS queries
|
| nixpkgs.flake.setNixPath | Whether to set NIX_PATH to include nixpkgs=flake:nixpkgs such that <nixpkgs>
lookups receive the version of nixpkgs that the system was built with, in concert with
nixpkgs.flake.setFlakeRegistry
|