| services.cadvisor.storageDriverPasswordFile | File that contains the cadvisor storage driver password.
storageDriverPasswordFile takes precedence over storageDriverPassword
Warning: when storageDriverPassword is non-empty this defaults to a file in the
world-readable Nix store that contains the value of storageDriverPassword
|
| services.garage.enable | Whether to enable Garage Object Storage (S3 compatible).
|
| services.firezone.server.settingsSecret.COOKIE_SIGNING_SALT | A file containing a unique base64 encoded secret for the
COOKIE_SIGNING_SALT
|
| services.hardware.openrgb.package | The openrgb package to use.
|
| services.bluemap.enable | Whether to enable bluemap.
|
| services.cockroachdb.package | The cockroachdb package to use
|
| services.buildbot-master.group | Primary group of buildbot user.
|
| services.htpdate.servers | HTTP servers to use for time synchronization.
|
| services.firezone.server.provision.accounts.<name>.auth | All authentication providers to provision
|
| services.hedgedoc.settings.port | Port to listen on.
|
| networking.ucarp.advSkew | Advertisement skew in seconds.
|
| services.foundationdb.dataDir | Data directory
|
| services.grafana.settings.database.server_cert_name | The common name field of the certificate used by the mysql or postgres server
|
| services.klipper.apiSocket | Path of the API socket to create.
|
| programs.clash-verge.tunMode | Whether to enable Setcap for TUN Mode
|
| services.fedimintd.<name>.api_iroh.port | UDP Port to bind Iroh endpoint for API connections
|
| services.jitsi-meet.prosody.allowners_muc | Add module allowners, any user in chat is able to
kick other
|
| programs.plotinus.enable | Whether to enable the Plotinus GTK 3 plugin
|
| services._3proxy.services.*.auth | Authentication type
|
| services.easytier.instances.<name>.settings.instance_name | Identify different instances on same host
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.password | The password for this entry
|
| services.jellyfin.transcoding.hardwareEncodingCodecs.hevc | Enable hardware encoding for hevc codec.
|
| services.cross-seed.settings.linkDirs | List of directories where cross-seed will create links
|
| programs.pay-respects.runtimeRules | List of rules to be added to /etc/xdg/pay-respects/rules.
pay-respects will read the contents of these generated rules to recommend command corrections
|
| services._3proxy.services.*.acl | Use this option to limit user access to resources.
|
| networking.firewall.extraReversePathFilterRules | Additional nftables rules to be appended to the rpfilter-allow
chain
|
| services.cloudflare-ddns.recordComment | Comment to add to managed DNS records.
|
| services.gitlab.secrets.dbFile | A file containing the secret used to encrypt variables in
the DB
|
| services.hledger-web.host | Address to listen on.
|
| services.icecast.admin.user | Username used for all administration functions.
|
| services.keepalived.vrrpInstances.<name>.state | Initial state
|
| hardware.facter.detected.boot.disk.kernelModules | List of kernel modules that are needed to access the disk.
|
| services.bind.listenOn | Interfaces to listen on.
|
| hardware.alsa.controls | Virtual volume controls (softvols) to add to a sound card
|
| security.acme.defaults.email | Email address for account creation and correspondence from the CA
|
| services.jellyseerr.configDir | Config data directory
|
| services.gancio.nginx.locations.<name>.proxyPass | Adds proxy_pass directive and sets recommended proxy headers if
recommendedProxySettings is enabled.
|
| services.librenms.nginx.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| services.agorakit.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.hledger-web.stateDir | Path the service has access to
|
| services.filebeat.settings | Configuration for filebeat
|
| services.kimai.sites.<name>.database.user | Database user.
|
| services._3proxy.services.*.acl.*.rule | ACL rule
|
| services.athens.pprofPort | Port number for pprof endpoints.
|
| services.ceph.mds.enable | Whether to enable Ceph MDS daemon.
|
| services.fediwall.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| boot.loader.limine.additionalFiles | A set of files to be copied to /boot
|
| services.bitwarden-directory-connector-cli.sync.userPath | User directory, relative to root.
|
| services.angrr.settings.temporary-root-policies.<name>.ignore-prefixes | List of path prefixes to ignore
|
| services.g3proxy.enable | Whether to enable g3proxy, a generic purpose forward proxy.
|
| services.coder.database.sslmode | Password for accessing the database.
|
| services.hebbot.package | The hebbot package to use.
|
| services.keycloak.database.createLocally | Whether a database should be automatically created on the
local host
|
| services.anuko-time-tracker.nginx.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| hardware.infiniband.enable | Whether to enable Infiniband support.
|
| services.bitlbee.hostName | Normally, BitlBee gets a hostname using getsockname()
|
| services.gocd-server.sslPort | Specifies port number on which the Go
|
| fonts.fontconfig.defaultFonts.serif | System-wide default serif font(s)
|
| services.homepage-dashboard.environmentFiles | A list of paths to environment files that contain environment variables to pass
to the homepage-dashboard service, for the purpose of passing secrets to
the service
|
| services.freefall.enable | Whether to protect HP/Dell laptop hard drives (not SSDs) in free fall.
|
| services.fanout.fanoutDevices | Number of /dev/fanout devices
|
| services.hadoop.hbase.regionServer.overrideHosts | Remove /etc/hosts entries for "127.0.0.2" and "::1" defined in nixos/modules/config/networking.nix
Regionservers must be able to resolve their hostnames to their IP addresses, through PTR records
or /etc/hosts entries.
|
| services.cntlm.netbios_hostname | The hostname of your machine.
|
| services.jupyter.user | Name of the user used to run the jupyter service
|
| programs.wshowkeys.enable | Whether to enable wshowkeys (displays keypresses on screen on supported Wayland
compositors)
|
| services.bitwarden-directory-connector-cli.ldap.username | The user to authenticate as.
|
| services.drupal.sites.<name>.themesDir | The location for users to install Drupal themes.
|
| services.g810-led.enable | Whether to enable g810-led, a Linux LED controller for some Logitech G Keyboards.
|
| services.gnome.rygel.enable | Whether to enable Rygel UPnP Mediaserver
|
| services.firezone.server.web.trustedProxies | A list of trusted proxies
|
| networking.wg-quick.interfaces.<name>.preDown | Command called before the interface is taken down.
|
| programs.foot.enableBashIntegration | Whether to enable foot bash integration.
|
| programs.proxychains.localnet | By default enable localnet for loopback address ranges.
|
| services.cfssl.enable | Whether to enable the CFSSL CA api-server.
|
| services.echoip.enableReverseHostnameLookups | Whether to enable reverse hostname lookups.
|
| services.influxdb2.provision.organizations.<name>.auths.<name>.writePermissions | The read permissions to include for this token
|
| networking.interfaces.<name>.macAddress | MAC address of the interface
|
| services.garage.settings.metadata_dir | The metadata directory, put this on a fast disk (e.g
|
| services.discourse.admin.username | The admin user username.
|
| services.audiobookshelf.package | The audiobookshelf package to use.
|
| services.gitea.customDir | Gitea custom directory
|
| services.hydra.listenHost | The hostname or address to listen on or * to listen
on all interfaces.
|
| services.inadyn.settings.provider.<name>.ssl | Whether to use HTTPS for this DDNS provider.
|
| networking.vswitches.<name>.interfaces.<name>.vlan | Vlan tag to apply to interface
|
| security.agnos.settings.accounts.*.email | Email associated with this account.
|
| services.ersatztv.openFirewall | Open the default ports in the firewall for the server.
|
| services.hoogle.extraOptions | Additional command-line arguments to pass to
hoogle server
|
| services.isso.settings | Configuration for isso
|
| boot.initrd.network.udhcpc.enable | Enables the udhcpc service during stage 1 of the boot process
|
| security.polkit.adminIdentities | Specifies which users are considered “administrators”, for those
actions that require the user to authenticate as an
administrator (i.e. have an auth_admin
value)
|
| services.coder.tlsCert | The path to the TLS certificate.
|
| services.athens.statsExporter | Stats exporter to use.
|
| environment.memoryAllocator.provider | The system-wide memory allocator
|
| services.dovecot2.user | Dovecot user name.
|
| services.invidious.sig-helper.enable | Whether to enable and configure inv-sig-helper to emulate the youtube client's javascript
|
| environment.localBinInPath | Add ~/.local/bin/ to $PATH
|
| security.isolate.firstGid | Start of block of GIDs reserved for sandboxes.
|
| services.actual.package | The actual-server package to use.
|
| services.gnunet.load.hardNetUpBandwidth | Hard bandwidth limit (in bits per second) when uploading
data.
|
| services.dovecot2.sieve.pipeBins | Programs available for use by the vnd.dovecot.pipe extension
|