| services.anuko-time-tracker.nginx.http3 | Whether to enable the HTTP/3 protocol
|
| services.davis.adminLogin | Username for the admin account.
|
| services.druid.historical.openFirewall | Open firewall ports for Druid Historical.
|
| programs.tmux.aggressiveResize | Resize the window to the size of the smallest session for which it is the current window.
|
| boot.loader.efi.efiSysMountPoint | Where the EFI System Partition is mounted.
|
| services.ghostunnel.servers.<name>.extraArguments | Extra arguments to pass to ghostunnel server
|
| programs.wayland.miracle-wm.enable | Whether to enable miracle-wm, a tiling Mir based Wayland compositor
|
| services.gokapi.environment.GOKAPI_CONFIG_DIR | Sets the directory for the config file.
|
| services.jellyfin.transcoding.h264Crf | Constant Rate Factor (CRF) for H.264 encoding
|
| services.cloudflare-dyndns.enable | Whether to enable Cloudflare Dynamic DNS Client.
|
| services.kerberos_server.settings.include | Files to include in the Kerberos configuration.
|
| services.flexget.interval | When to perform a flexget run
|
| services.baikal.group | Group account under which the web-application run.
|
| services.baikal.phpPackage | The php package to use.
|
| services.ipfs-cluster.openSwarmPort | Open swarm port, secured by the cluster secret
|
| programs.tmux.package | The tmux package to use.
|
| services.hardware.lcd.server.extraConfig | Additional configuration added verbatim to the server config.
|
| services.anuko-time-tracker.nginx.locations.<name>.index | Adds index directive.
|
| services.influxdb2.provision.organizations.<name>.buckets.<name>.present | Whether to ensure that this bucket is present or absent.
|
| networking.wireguard.interfaces.<name>.peers.*.persistentKeepalive | This is optional and is by default off, because most
users will not need it
|
| security.agnos.settings.accounts.*.certificates.*.domains | Domains the certificate represents
|
| services.bcachefs.autoScrub.interval | Systemd calendar expression for when to scrub bcachefs filesystems
|
| services.gitlab.pages.settings.pages-root | The directory where pages are stored.
|
| services.ferretdb.settings.FERRETDB_HANDLER | Backend handler
|
| programs.captive-browser.interface | your public network interface (wlp3s0, wlan0, eth0, ...)
|
| networking.firewall.extraReversePathFilterRules | Additional nftables rules to be appended to the rpfilter-allow
chain
|
| security.krb5.settings.module | Modules to obtain Kerberos configuration from.
|
| services.adguardhome.extraArgs | Extra command line parameters to be passed to the adguardhome binary.
|
| services.evremap.settings.dual_role.*.input | The key that should be remapped
|
| services.etcd.peerKeyFile | Key file to use for peer to peer communication
|
| services.jigasi.defaultJvbRoomName | Name of the default JVB room that will be joined if no special header is included in SIP invite.
|
| services.fedimintd.<name>.nginx.config.http3 | Whether to enable the HTTP/3 protocol
|
| programs.htop.settings | Extra global default configuration for htop
which is read on first startup only
|
| services.birdwatcher.package | The birdwatcher package to use.
|
| hardware.deviceTree.overlays.*.dtsText | Literal DTS contents, overlay is applied to
each .dtb file matching "compatible" of the overlay.
|
| services.gitlab.databaseName | GitLab database name.
|
| services.galene.enable | Whether to enable Galene Service.
|
| services.heartbeat.name | Name of the beat
|
| services.influxdb.enable | Whether to enable the influxdb server.
|
| services._3proxy.services.*.acl | Use this option to limit user access to resources.
|
| programs.git.lfs.enablePureSSHTransfer | Whether to enable Enable pure SSH transfer in server side by adding git-lfs-transfer to environment.systemPackages.
|
| services.cassandra.jmxRoles | Roles that are allowed to access the JMX (e.g. nodetool)
BEWARE: The passwords will be stored world readable in the nix store
|
| services.grafana_reporter.enable | Whether to enable grafana_reporter.
|
| services.ircdHybrid.rsaKey | IRCD server RSA key.
|
| image.repart.verityStore.enable | Whether to enable building images with a dm-verity protected nix store.
|
| networking.dhcpcd.enable | Whether to enable dhcpcd for device configuration
|
| services.gitea.settings | Gitea configuration
|
| security.pam.zfs.homes | Prefix of home datasets
|
| services.aesmd.settings.defaultQuotingType | Attestation quote type.
|
| networking.nat.forwardPorts | List of forwarded ports from the external interface to
internal destinations by using DNAT
|
| services.gnome.gnome-remote-desktop.enable | Whether to enable Remote Desktop support using Pipewire.
|
| services.epgstation.package | The epgstation package to use.
|
| services.calibre-server.auth.enable | Password based authentication to access the server
|
| services.airsonic.transcoders | List of paths to transcoder executables that should be accessible
from Airsonic
|
| services.hitch.frontend | The port and interface of the listen endpoint in the
form [HOST]:PORT[+CERT].
|
| security.doas.extraRules.*.cmd | The command the user is allowed to run
|
| services.cook-cli.basePath | Path to the directory cook-cli will look for recipes.
|
| services.clickhouse.extraUsersConfig | Additional raw XML configuration for ClickHouse server.
|
| services.cloudflare-ddns.updateCron | Cron expression for how often to check and update IPs
|
| services.blockbook-frontend.<name>.configFile | Location of the blockbook configuration file.
|
| services.firefly-iii-data-importer.virtualHost | The hostname at which you wish firefly-iii-data-importer to be served
|
| services.cgminer.pools | List of pools where to mine
|
| services.bookstack.settings.DB_PORT | The port your database is listening at.
|
| services.bacula-dir.tls.verifyPeer | Verify peer certificate
|
| services.guix.substituters.authorizedKeys | A list of signing keys for each substitute server to be authorized as
a source of substitutes
|
| boot.zfs.extraPools | Name or GUID of extra ZFS pools that you wish to import during boot
|
| programs.dwl.extraSessionCommands | Shell commands executed just before dwl is started.
|
| services.gitlab.pages.settings.internal-gitlab-server | Internal GitLab server used for API requests, useful
if you want to send that traffic over an internal load
balancer
|
| services.anubis.defaultOptions.group | The group under which Anubis is run
|
| services.bacula-sd.tls | TLS Options for the Storage Daemon
|
| services.davis.nginx.root | The path of the web root directory.
|
| image.repart.imageSize | Size of the produced image in bytes with optional K, M, G, T suffix,
or 'auto' to determine the minimal size automatically
|
| services.anuko-time-tracker.nginx.locations.<name>.proxyWebsockets | Whether to support proxying websocket connections with HTTP/1.1.
|
| services.autorandr.profiles.<name>.config.<name>.scale.x | Horizontal scaling factor/pixels.
|
| networking.ifstate.package | The ifstate package to use.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.alias | Alias directory for requests.
|
| services.flexget.user | The user under which to run flexget.
|
| services.kanata.package | The kanata package to use. ::: {.note}
If danger-enable-cmd is enabled in any of the keyboards, the
kanata-with-cmd package should be used.
:::
|
| services.bepasty.servers.<name>.secretKey | server secret for safe session cookies, must be set
|
| services.firewalld.zones.<name>.forwardPorts.*.to-port | |
| nix.gc.options | Options given to nix-collect-garbage when the garbage collector is run automatically.
|
| services.cgit.<name>.repos | cgit repository settings, see cgitrc(5)
|
| services.anuko-time-tracker.settings.email.smtpDebug | Debug mail sending.
|
| services.calibre-server.auth.userDb | Choose users database file to use for authentication
|
| services.fprintd.tod.driver | Touch OEM Drivers (TOD) package to use.
|
| services.hbase-standalone.package | The hbase package to use.
|
| services.i2pd.proto.sam.name | The endpoint name.
|
| programs.mouse-actions.autorun | Whether to start a user service to run mouse-actions on startup.
|
| services.corteza.user | The user to run Corteza under.
|
| services.geoclue2.submissionUrl | The url to submit data to a GeoLocation Service.
|
| services.jibri.xmppEnvironments.<name>.call.login.passwordFile | File containing the password for the user.
|
| services.klipper.package | The klipper package to use.
|
| services.hardware.openrgb.enable | Whether to enable OpenRGB server, for RGB lighting control.
|
| services.druid.middleManager.jdk | The JDK package to use.
|
| services.athens.index.mysql.params.timeout | Timeout for the MySQL database.
|
| services.firefox-syncserver.singleNode.enableTLS | Whether to enable automatic TLS setup.
|
| services.bind.listenOnIpv6Port | Ipv6 port to listen on.
|
| programs.opengamepadui.extraPackages | Additional packages to add to the OpenGamepadUI environment.
|
| services.freefall.devices | Device paths to all internal spinning hard drives.
|
| services.librenms.poolConfig | Options for the LibreNMS PHP pool
|