| services.moonraker.analysis.enable | Whether to enable Runtime analysis with klipper-estimator.
|
| hardware.alsa.defaultDevice.playback | The default playback device
|
| services.gotify.stateDirectoryName | The name of the directory below /var/lib where
gotify stores its runtime data.
|
| services.nginx.uwsgiResolveWhileRunning | Resolves domains of uwsgi targets at runtime
and not only at start, you have to set
services.nginx.resolver, too.
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.resources.*.names | List of resources to host on this listener.
|
| boot.loader.grub.extraFiles | A set of files to be copied to /boot
|
| services.userdbd.enableSSHSupport | Whether to enable exposing OpenSSH public keys defined in userdb
|
| services.monado.forceDefaultRuntime | Whether to ensure that Monado is the active runtime set for the current
user
|
| services.rabbitmq.config | Verbatim advanced configuration file contents using the Erlang syntax
|
| services.evcc.environmentFile | File with environment variables to pass into the runtime environment
|
| services.borgmatic.configurations.<name>.source_directories | List of source directories and files to backup
|
| services.maubot.settings.server.override_resource_path | Override path from where to load UI resources.
|
| services.firewalld.settings.FlushAllOnReload | Whether to flush all runtime rules on a reload.
|
| services.firezone.server.provision.accounts.<name>.features.multi_site_resources | Whether to enable the multi_site_resources feature for this account.
|
| services.mirakurun.tunerSettings | Options which are added to tuners.yml
|
| services.matrix-synapse.workers.<name>.worker_listeners.*.resources.*.compress | Whether synapse should compress HTTP responses to clients that support it
|
| services.crossfire-server.stateDir | Where to store runtime data (save files, persistent items, etc)
|
| services.buffyboard.settings.theme.default | Selects the default theme on boot
|
| services.nginx.proxyResolveWhileRunning | Resolves domains of proxyPass targets at runtime and not only at startup
|
| services.sourcehut.settings."hg.sr.ht".clone_bundle_threshold | .hg/store size (in MB) past which the nightly job generates clone bundles.
|
| services.borgbackup.jobs.<name>.extraInitArgs | Additional arguments for borg init
|
| services.schleuder.extraSettingsFile | YAML file to merge into the schleuder config at runtime
|
| services.borgbackup.jobs.<name>.extraPruneArgs | Additional arguments for borg prune
|
| services.grafana.settings.security.data_source_proxy_whitelist | Define a whitelist of allowed IP addresses or domains, with ports,
to be used in data source URLs with the Grafana data source proxy
|
| services.rabbitmq.configItems | Configuration options in RabbitMQ's new config file format,
which is a simple key-value format that can not express nested
data structures
|
| hardware.nvidia.open | Whether to enable the open source NVIDIA kernel module.
|
| services.mirakurun.channelSettings | Options which are added to channels.yml
|
| services.odoo.enable | Whether to enable odoo, an open source ERP and CRM system.
|
| services.thanos.rule.alert.query-url | The external Thanos Query URL that would be set in all alerts 'Source' field.
|
| services.borgbackup.jobs.<name>.extraCreateArgs | Additional arguments for borg create
|
| virtualisation.cri-o.enable | Whether to enable Container Runtime Interface for OCI (CRI-O).
|
| services.firezone.server.settingsSecret | This is a convenience option which allows you to set secret values for
environment variables by specifying a file which will contain the value
at runtime
|
| services.go2rtc.settings.streams | Stream source configuration
|
| services.prometheus.exporters.py-air-control.stateDir | Directory below /var/lib to store runtime data
|
| services.borgbackup.jobs.<name>.extraCompactArgs | Additional arguments for borg compact
|
| services.wstunnel.clients.<name>.httpProxy | Proxy to use to connect to the wstunnel server (USER:PASS@HOST:PORT).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing PROXY_PASSWORD=<your-password-here> and set
this option to <user>:$PROXY_PASSWORD@<host>:<port>
|
| services.maddy.enable | Whether to enable Maddy, a free an open source mail server.
|
| services.prometheus.exporters.varnish.withGoMetrics | Export go runtime and http handler metrics.
|
| services.sharkey.environmentFiles | List of paths to files containing environment variables for Sharkey to use at runtime
|
| services.komga.enable | Whether to enable Komga, a free and open source comics/mangas media server.
|
| services.thanos.rule.labels | Labels to be applied to all generated metrics
|
| services.prometheus.remoteWrite.*.write_relabel_configs.*.source_labels | The source labels select values from existing labels
|
| services.snipe-it.enable | Whether to enable snipe-it, a free open source IT asset/license management system.
|
| systemd.services.<name>.confinement.enable | If set, all the required runtime store paths for this service are
bind-mounted into a tmpfs-based
chroot(2).
|
| services.borgbackup.jobs.<name>.archiveBaseName | How to name the created archives
|
| services.authelia.instances.<name>.secrets | It is recommended you keep your secrets separate from the configuration
|
| boot.loader.systemd-boot.extraFiles | A set of files to be copied to $BOOT
|
| services.zammad.enable | Whether to enable Zammad, a web-based, open source user support/ticketing solution.
|
| networking.ucarp.srcIp | Source (real) IP address of this host.
|
| services.prometheus.scrapeConfigs.*.metric_relabel_configs.*.source_labels | The source labels select values from existing labels
|
| services.amule.settings.eMule.UDPPort | UDP port for eD2k traffic (searches, source exchange) and all Kad network communication
|
| nixpkgs.pkgs | If set, the pkgs argument to all NixOS modules is the value of
this option, extended with nixpkgs.overlays, if
that is also set
|
| services.gitea-actions-runner.instances.<name>.labels | Labels used to map jobs to their runtime environment
|
| hardware.nvidia.powerManagement.finegrained | Whether to enable experimental power management of PRIME offload
|
| services.tayga.ipv4.address | The source IPv4 address of the TAYGA server.
|
| services.tayga.ipv6.address | The source IPv6 address of the TAYGA server.
|
| services.znapzend.zetup.<name>.timestampFormat | The timestamp format to use for constructing snapshot names
|
| networking.hostName | The name of the machine
|
| services.gpsd.devices | List of devices that gpsd should subscribe to
|
| services.traccar.enable | Whether to enable Traccar, an open source GPS tracking system.
|
| services.jupyter.extraEnvironmentVariables | Extra environment variables to be set in the runtime context of jupyter notebook
|
| services.crowdsec-firewall-bouncer.settings.api_key | API key to authenticate with a local crowdsec API
|
| services.opengfw.enable | Whether to enable OpenGFW, A flexible, easy-to-use, open source implementation of GFW on Linux
.
|
| hardware.nvidia-container-toolkit.device-name-strategy | Specify the strategy for generating device names,
passed to nvidia-ctk cdi generate
|
| virtualisation.podman.extraRuntimes | Extra runtime packages to be installed in the Podman wrapper
|
| security.allowUserNamespaces | Whether to allow creation of user namespaces
|
| services.kubernetes.kubelet.containerRuntimeEndpoint | Endpoint at which to find the container runtime api interface/socket
|
| virtualisation.containerd.enable | Whether to enable containerd container runtime.
|
| services.firefly-iii.enable | Whether to enable Firefly III: A free and open source personal finance manager.
|
| services.qui.settings | qui configuration options
|
| services.vmalert.enable | Wether to enable VictoriaMetrics's vmalert.
vmalert evaluates alerting and recording rules against a data source, sends notifications via Alertmanager.
|
| services.wstunnel.clients.<name>.environmentFile | Environment file to be passed to the systemd service
|
| services.wstunnel.servers.<name>.environmentFile | Environment file to be passed to the systemd service
|
| services.ferretdb.enable | Whether to enable FerretDB, an Open Source MongoDB alternative.
|
| services.docuseal.enable | Whether to enable DocuSeal, open source document signing.
|
| services.sks.webroot | Source directory (will be symlinked, if not null) for the files the
built-in webserver should serve
|
| services.chromadb.enable | Whether to enable ChromaDB, an open-source AI application database..
|
| services.tee-supplicant.trustedApplications | A list of full paths to trusted applications that will be loaded at
runtime by tee-supplicant.
|
| services.ebusd.device | Use DEV as eBUS device [/dev/ttyUSB0]
|
| xdg.icons.fallbackCursorThemes | Names of the fallback cursor themes, in order of preference, to be used when no other icon source can be found
|
| services.airsonic.enable | Whether to enable Airsonic, the Free and Open Source media streaming server (fork of Subsonic and Libresonic).
|
| services.cockroachdb.package | The cockroachdb package to use
|
| services.akkoma.config.":pleroma"."Pleroma.Web.Endpoint".signing_salt | Signing salt
|
| boot.loader.grub.extraGrubInstallArgs | Additional arguments passed to grub-install
|
| services.dashy.enable | Whether to enable Dashy, a highly customizable, easy to use, privacy-respecting dashboard app
|
| services.ntp.restrictSource | The restriction flags to be set on source
|
| services.discourse.enable | Whether to enable Discourse, an open source discussion platform.
|
| boot.loader.limine.additionalFiles | A set of files to be copied to /boot
|
| boot.loader.refind.additionalFiles | A set of files to be copied to /boot
|
| services.headscale.enable | Whether to enable headscale, Open Source coordination server for Tailscale.
|
| services.journald.remote.output | The location of the output journal
|
| services.geoclue2.enableStatic | Whether to enable the static source
|
| services.github-runners.<name>.ephemeral | If enabled, causes the following behavior:
- Passes the
--ephemeral flag to the runner configuration script
- De-registers and stops the runner with GitHub after it has processed one job
- On stop, systemd wipes the runtime directory (this always happens, even without using the ephemeral option)
- Restarts the service after its successful exit
- On start, wipes the state directory and configures a new runner
You should only enable this option if tokenFile points to a file which contains a
personal access token (PAT)
|
| services.akkoma.config.":joken".":default_signer" | JWT signing secret
|
| services.akkoma.config.":pleroma"."Pleroma.Web.Endpoint".live_view.signing_salt | LiveView signing salt
|
| services.healthchecks.settings | Environment variables which are read by healthchecks (local)_settings.py
|
| services.syncthing.enable | Whether to enable Syncthing, a self-hosted open-source alternative to Dropbox and Bittorrent Sync.
|
| virtualisation.qemu.networkingOptions | Networking-related command-line options that should be passed to qemu
|
| system.includeBuildDependencies | Whether to include the build closure of the whole system in
its runtime closure
|
| services.wstunnel.clients.<name>.upgradeCredentials | Use these credentials to authenticate during the HTTP upgrade request
(Basic authorization type, USER:[PASS]).
Passwords specified here will be world-readable in the Nix store!
To pass a password to the service, point the environmentFile option
to a file containing HTTP_PASSWORD=<your-password-here> and set this
option to <user>:$HTTP_PASSWORD
|