| services.kmscon.hwRender | Whether to enable 3D hardware acceleration to render the console.
|
| programs.pay-respects.alias | pay-respects needs an alias to be configured
|
| services.displayManager.dms-greeter.compositor.customConfig | Custom compositor configuration to use for the greeter session
|
| services.druid.overlord.restartIfChanged | Automatically restart the service on config change
|
| services.firezone.server.settingsSecret.RELEASE_COOKIE | A file containing a unique secret identifier for the Erlang
cluster
|
| services.grafana.provision.alerting.rules.settings | Grafana rules configuration in Nix
|
| networking.firewall.logRefusedConnections | Whether to log rejected or dropped incoming connections
|
| programs.tmux.resizeAmount | Number of lines/columns when resizing.
|
| services.bcg.automaticRenameNodes | Automatically rename all nodes.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.pairwiseCiphers | Set of accepted cipher suites (encryption algorithms) for pairwise keys (unicast packets)
|
| lib | This option allows modules to define helper functions, constants, etc.
|
| programs.geary.enable | Whether to enable Geary, a Mail client for GNOME.
|
| services.anuko-time-tracker.nginx.basicAuthFile | Basic Auth password file for a vhost
|
| services.hound.enable | Whether to enable hound.
|
| services.infinoted.keyFile | Private key to use for TLS
|
| boot.iscsi-initiator.extraConfig | Extra lines to append to /etc/iscsid.conf
|
| programs.fish.generateCompletions | Whether to enable generating completion files from man pages.
|
| services.domoticz.enable | Whether to enable Domoticz home automation.
|
| services.firezone.server.web.enable | Whether to enable the Firezone web server.
|
| services.kerberos_server.settings.includedir | Directories containing files to include in the Kerberos configuration.
|
| services.bacula-dir.tls.verifyPeer | Verify peer certificate
|
| services.cassandra.group | Run Apache Cassandra under this group.
|
| services.elasticsearch.port | Elasticsearch port to listen for HTTP traffic.
|
| services.fediwall.nginx.enableACME | Whether to ask Let's Encrypt to sign a certificate for this vhost
|
| services.gammu-smsd.backend.files.inboxPath | Where the received SMSes are stored
|
| services.grafana.provision.enable | Whether to enable provision.
|
| services.hadoop.yarn.resourcemanager.extraFlags | Extra command line flags to pass to the service
|
| services.infnoise.fillDevRandom | Whether to run the infnoise driver as a daemon to refill /dev/random
|
| nix.buildMachines.*.mandatoryFeatures | A list of features mandatory for this builder
|
| programs.nncp.package | The nncp package to use.
|
| services.bacula-fd.extraMessagesConfig | Extra configuration to be passed in Messages directive.
|
| services.cachefilesd.enable | Whether to enable cachefilesd network filesystems caching daemon.
|
| services.epgstation.settings.encode | Encoding presets for recorded videos.
|
| services.fedimintd.<name>.api_ws.openFirewall | Opens TCP port in firewall for fedimintd's Websocket API
|
| services.firewalld.zones.<name>.description | Description for the zone.
|
| services.gancio.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.glusterfs.enableGlustereventsd | Whether to enable the GlusterFS Events Daemon
|
| services.hound.user | User the hound daemon should execute under.
|
| hardware.fw-fanctrl.config.strategies | Additional strategies which can be used by fw-fanctrl
|
| services.authelia.instances.<name>.secrets.oidcHmacSecretFile | Path to your HMAC secret used to sign OIDC JWTs.
|
| services.foundationdb.group | Group account under which FoundationDB runs.
|
| services.graylog.plugins | Extra graylog plugins
|
| hardware.cpu.amd.ryzen-smu.enable | Whether to enable ryzen_smu, a linux kernel driver that exposes access to the SMU (System Management Unit) for certain AMD Ryzen Processors
|
| security.pam.u2f.settings | Options to pass to the PAM module
|
| services.below.collect.diskStats | Whether to enable dist_stat collection.
|
| services.cloudflared.tunnels.<name>.originRequest.noTLSVerify | Disables TLS verification of the certificate presented by your origin
|
| services.cntlm.noproxy | A list of domains where the proxy is skipped.
|
| services.dante.config | Contents of Dante's configuration file
|
| services.factorio.allowedPlayers | If non-empty, only these player names are allowed to connect
|
| services.grafana.settings.security.admin_password | Default admin password
|
| services.grafana.openFirewall | Open the ports in the firewall for the server.
|
| services.factorio.enable | Whether to enable Factorio.
|
| services.g3proxy.package | The g3proxy package to use.
|
| services.ax25.axports.<name>.baud | The serial port speed of this interface.
|
| services.davis.hostname | Domain of the host to serve davis under
|
| services.dysnomia.containers | An attribute set in which each key represents a container and each value an attribute set providing its configuration properties
|
| services.ente.web.domains.photos | The domain under which the photos frontend will be served.
|
| services.govee2mqtt.group | Group under which Govee2MQTT should run.
|
| programs.waybar.systemd.target | The systemd target that will automatically start the Waybar service.
|
| services.chrony.enableRTCTrimming | Enable tracking of the RTC offset to the system clock and automatic trimming
|
| services.dawarich.environment | Extra environment variables to pass to all dawarich services.
|
| services.gatus.settings.web.port | The TCP port to serve the Gatus service at.
|
| services.jitsi-meet.jibri.enable | Whether to enable a Jibri instance and configure it to connect to Prosody
|
| hardware.cpu.intel.updateMicrocode | Update the CPU microcode for Intel processors.
|
| services.activemq.enable | Enable the Apache ActiveMQ message broker service.
|
| services.fcgiwrap.instances.<name>.socket.user | User to be set as owner of the UNIX socket.
|
| services.flannel.network | IPv4 network in CIDR format to use for the entire flannel network
|
| services.icingaweb2.authentications | authentication.ini contents
|
| services.inadyn.settings.custom | Settings for custom DNS providers.
|
| services.jupyter.enable | Whether to enable Jupyter development server.
|
| services.libinput.touchpad.tappingDragLock | Enables or disables drag lock during tapping behavior
|
| security.auditd.plugins.<name>.settings | Plugin-specific config file to link to /etc/audit/.conf
|
| programs.neovim.package | The neovim-unwrapped package to use.
|
| security.sudo.extraRules.*.runAs | Under which user/group the specified command is allowed to run
|
| services.actual.openFirewall | Whether to open the firewall for the specified port.
|
| services.h2o.hosts.<name>.host | Set the host address for this virtual host
|
| services.libretranslate.port | The the application should listen on.
|
| security.acme.defaults.validMinDays | Minimum remaining validity before renewal in days.
|
| services.bitcoind.<name>.package | The bitcoind package to use.
|
| services.cyrus-imap.imapdSettings | IMAP configuration settings
|
| services.invoiceplane.sites.<name>.quoteTemplates | List of path(s) to respective template(s) which are copied from the 'quote_templates/pdf' directory.
These templates need to be packaged before use, see example.
|
| services.cachix-agent.credentialsFile | Required file that needs to contain CACHIX_AGENT_TOKEN=...
|
| programs.zsh.enableLsColors | Enable extra colors in directory listings (used by ls and tree).
|
| services.crowdsec.localConfig.parsers | The set of parser specifications
|
| services.displayManager.sddm.stopScript | A script to execute when stopping the display server.
|
| services.fedimintd.<name>.nginx.config.listen.*.addr | Listen address.
|
| services.haven.importRelays | List of relay configurations for importing historical events
|
| programs.dms-shell.quickshell.package | The quickshell package to use.
|
| services.devpi-server.host | domain/ip address to listen on
|
| security.pam.mount.extraVolumes | List of volume definitions for pam_mount
|
| services.cgminer.config | Additional config
|
| services.artalk.package | The artalk package to use.
|
| services.firewalld.zones.<name>.ports.*.protocol | |
| services.jitsi-meet.secureDomain.authentication | The authentication type to be used by jitsi
|
| services.grafana.settings.server.root_url | This is the full URL used to access Grafana from a web browser
|
| services.librespeed.package | The librespeed-rust package to use.
|
| security.doas.extraRules.*.users | The usernames / UIDs this rule should apply for.
|
| services.grafana.settings.server.cert_file | Path to the certificate file (if protocol is set to https or h2).
|
| services.centrifugo.credentials | Environment variables with absolute paths to credentials files to load
on service startup.
|
| services.activemq.configurationURI | The URI that is passed along to the BrokerFactory to
set up the configuration of the ActiveMQ broker service
|