| services.garage.package | Garage package to use, needs to be set explicitly
|
| nix.buildMachines.*.system | The system type the build machine can execute derivations on
|
| programs.chromium.homepageLocation | Chromium default homepage
|
| services.hologram-server.roleAttr | Which LDAP group attribute to search for authorized role ARNs
|
| nix.sshServe.write | Whether to enable writing to the Nix store as a remote store via SSH
|
| networking.wireguard.interfaces.<name>.peers.*.publicKey | The base64 public key of the peer.
|
| services.fediwall.settings.showMedia | Show media in posts
|
| services.kasmweb.defaultGuacToken | default guac token to use.
|
| services.libinput.mouse.accelPointsMotion | Sets the points of the (pointer) motion acceleration function
|
| networking.wlanInterfaces.<name>.device | The name of the underlying hardware WLAN device as assigned by udev.
|
| services.foundationdb.group | Group account under which FoundationDB runs.
|
| services.collabora-online.aliasGroups.*.host | Hostname to allow or deny.
|
| services.evremap.settings.device_name | The name of the device that should be remapped
|
| services.g3proxy.settings | Settings of g3proxy.
|
| services.agorakit.nginx.locations.<name>.tryFiles | Adds try_files directive.
|
| services.iio-niri.package | The iio-niri package to use.
|
| services.fluidd.nginx.serverName | Name of this virtual host
|
| security.audit.backlogLimit | The maximum number of outstanding audit buffers allowed; exceeding this is
considered a failure and handled in a manner specified by failureMode.
|
| boot.initrd.services.lvm.enable | This will only be used when systemd is used in stage 1.
Whether to enable booting from LVM2 in the initrd.
|
| services.buffyboard.settings.input.touchscreen | Enable or disable the use of the touchscreen.
|
| services.etesync-dav.apiUrl | The url to the etesync API.
|
| programs.direnv.enableZshIntegration | Whether to enable Zsh integration
.
|
| services.librechat.dataDir | Absolute path for where the LibreChat server will use as its data directory to store logs, user uploads, and generated images.
|
| services.etcd.package | The etcd package to use.
|
| services.hitch.enable | Whether to enable Hitch Server.
|
| services.cloudflare-ddns.detectionTimeout | Timeout for detecting the public IP address.
|
| boot.growPartition | Whether to enable growing the root partition on boot.
|
| networking.wireguard.interfaces.<name>.peers.*.name | Name used to derive peer unit name.
|
| services.agorakit.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.darkhttpd.hideServerId | Don't identify the server type in headers or directory listings.
|
| services.gancio.nginx.listenAddresses | Listen addresses for this virtual host
|
| boot.initrd.luks.yubikeySupport | Enables support for authenticating with a YubiKey on LUKS devices
|
| services.docling-serve.host | The host address which the Docling Serve server HTTP interface listens to.
|
| services.httpd.virtualHosts.<name>.documentRoot | The path of Apache's document root directory
|
| services.envfs.package | Which package to use for the envfs.
|
| services.hadoop.hdfs.namenode.restartIfChanged | Automatically restart the service on config change
|
| services.jellyfin.transcoding.hardwareDecodingCodecs | Which codecs to enable for hardware decoding.
|
| services.influxdb.group | Group under which influxdb runs
|
| services.jellyfin.transcoding.hardwareDecodingCodecs.mpeg2 | Enable hardware decoding for mpeg2 codec.
|
| services.librenms.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| services.draupnir.secrets.accessToken | File containing the access token for Draupnir's Matrix account
to be used in place of services.draupnir.settings.accessToken.
|
| services.libeufin.bank.settings.libeufin-bank.PORT | The port on which libeufin-bank should listen.
|
| services.gammu-smsd.extraConfig.smsd | Extra config lines to be added into [smsd] section
|
| services.gonic.settings | Configuration for Gonic, see https://github.com/sentriz/gonic#configuration-options for supported values.
|
| programs.bash.shellAliases | Set of aliases for bash shell, which overrides environment.shellAliases
|
| services.fedimintd.<name>.ui.bind | Address to bind on for UI connections
|
| services.hatsu.settings.HATSU_LISTEN_PORT | Port where hatsu should listen for incoming requests.
|
| services.cassandra.listenAddress | Address or interface to bind to and tell other Cassandra nodes
to connect to
|
| services.gns3-server.ssl.certFile | Path to the SSL certificate file
|
| services.gmediarender.uuid | A UUID for uniquely identifying the endpoint
|
| services.i2pd.outTunnels.<name>.enable | Whether to enable ‹name›.
|
| services.gnome.rygel.enable | Whether to enable Rygel UPnP Mediaserver
|
| services.irqbalance.package | The irqbalance package to use.
|
| location.latitude | Your current latitude, between
-90.0 and 90.0
|
| services.i2pd.proto.i2pControl.name | The endpoint name.
|
| security.wrappers.<name>.program | The name of the wrapper program
|
| programs.openvpn3.log-service.settings.log_dbus_details | Add D-Bus details in log file/syslog
|
| services.gitweb.gitwebTheme | Use an alternative theme for gitweb, strongly inspired by GitHub.
|
| services.fedimintd.<name>.nginx.config.basicAuth | Basic Auth protection for a vhost
|
| services.icecream.daemon.netName | Network name to connect to
|
| services.invoiceplane.sites.<name>.cron.enable | Enable cron service which periodically runs Invoiceplane tasks
|
| networking.interfaces.<name>.ipv6.addresses | List of IPv6 addresses that will be statically assigned to the interface.
|
| security.auditd.settings | auditd configuration file contents
|
| services.davis.nginx.listen.*.proxyProtocol | Enable PROXY protocol.
|
| services.gns3-server.settings | The global options in config file in ini format
|
| services.handheld-daemon.adjustor.loadAcpiCallModule | Whether to load the acpi_call kernel module
|
| programs.mosh.withUtempter | Whether to enable libutempter for mosh
|
| security.sudo-rs.extraRules.*.groups | The groups / GIDs this rule should apply for.
|
| services.gancio.nginx.acmeFallbackHost | Host which to proxy requests to if ACME challenge is not found
|
| services.buildbot-worker.masterUrl | Specifies the Buildbot Worker connection string.
|
| services.ersatztv.package | The ersatztv package to use.
|
| services.libeufin.nexus.settings.nexus-ebics.HOST_ID | Name of the EBICS host.
|
| services.firewalld.services.<name>.ports | Ports of the service.
|
| services.gitlab-runner.services.<name>.executor | Select executor, eg. shell, docker, etc
|
| services.gancio.nginx.locations | Declarative location config
|
| services.kbfs.mountPoint | Mountpoint for the Keybase filesystem.
|
| services.gammu-smsd.backend.files.sentSMSPath | Where the transmitted SMSes are placed
|
| programs.dms-shell.package | The dms-shell package to use.
|
| services.bookstack.nginx.listen | Listen addresses and ports for this virtual host
|
| networking.networkmanager.dns | Set the DNS (resolv.conf) processing mode
|
| programs.sway.package | The sway package to use
|
| services.corteza.openFirewall | Whether to open ports in the firewall.
|
| services.gocd-server.workDir | Specifies the working directory in which the Go
|
| services.icecream.daemon.cacheLimit | Maximum size in Megabytes of cache used to store compile environments of compile clients.
|
| services.grafana.settings.security.strict_transport_security_max_age_seconds | Sets how long a browser should cache HSTS in seconds
|
| programs.regreet.enable | Enable ReGreet, a clean and customizable greeter for greetd
|
| services.firezone.headless-client.logLevel | The log level for the firezone application
|
| services.guacamole-client.settings | Configuration written to guacamole.properties.
The Guacamole web application uses one main configuration file called
guacamole.properties
|
| programs.television.enable | Whether to enable Blazingly fast general purpose fuzzy finder TUI.
|
| boot.loader.generationsDir.copyKernels | Whether to copy the necessary boot files into /boot, so
/nix/store is not needed by the boot loader.
|
| services.drupal.sites.<name>.virtualHost.listen | Listen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL
|
| programs.vscode.package | The vscode package to use
|
| services.fanout.fanoutDevices | Number of /dev/fanout devices
|
| programs.java.enable | Install and setup the Java development kit.
This adds JAVA_HOME to the global environment, by sourcing the
jdk's setup-hook on shell init
|
| services.dysnomia.containers | An attribute set in which each key represents a container and each value an attribute set providing its configuration properties
|
| services.kapacitor.alerta.enable | Whether to enable kapacitor alerta integration.
|
| services.iptsd.config | Configuration for IPTSD
|
| networking.wireless.networks.<name>.pskRaw | Either the raw pre-shared key in hexadecimal format
or the name of the secret (as defined inside
networking.wireless.secretsFile and prefixed
with ext:) containing the network pre-shared key.
Be aware that this will be written to the Nix store
in plaintext! Always use an external reference.
The external secret can be either the plaintext
passphrase or the raw pre-shared key.
Mutually exclusive with psk and auth.
|
| services.firefly-iii-data-importer.group | Group under which firefly-iii-data-importer runs
|
| services.commafeed.stateDir | Directory holding all state for CommaFeed to run.
|