| networking.interfaces.<name>.wakeOnLan.policy | The Wake-on-LAN policy
to set for the device
|
| services.fluidd.nginx.sslCertificateKey | Path to server SSL certificate key.
|
| services.jboss.enable | Whether to enable JBoss
|
| services.clatd.enable | Whether to enable clatd.
|
| security.pam.services.<name>.googleAuthenticator.allowNullOTP | Whether to allow login for accounts that have no OTP set
(i.e., accounts with no OTP configured or no existing
~/.google_authenticator).
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports | Either a single port or port range to allow
|
| services.akkoma.nginx.locations.<name>.extraConfig | These lines go to the end of the location verbatim.
|
| services.bird-lg.frontend.domain | Server name domain suffixes.
|
| services.graphite.web.listenAddress | Graphite web frontend listen address.
|
| networking.jool.siit.<name>.framework | The framework to use for attaching Jool's translation to the exist
kernel packet processing rules
|
| services.i2pd.outTunnels.<name>.keys | Keyset used for tunnel identity.
|
| services.kresd.enable | Whether to enable knot-resolver (version 5) domain name server
|
| services.gitea.captcha.url | CAPTCHA url to use for Gitea
|
| security.auditd.package | The auditd package to use.
|
| services.apache-kafka.settings.listeners | Kafka Listener List
|
| services.firezone.server.provision.accounts.<name>.resources.<name>.filters.*.ports.*.from | The start of the port range, inclusive.
|
| services.geoipupdate.settings.LicenseKey | A file containing the MaxMind license key
|
| services.gitlab.user | User to run gitlab and all related services.
|
| services.akkoma.nginx.globalRedirect | If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode) to the given hostname.
|
| services.anuko-time-tracker.hostname | The hostname to serve Anuko Time Tracker on.
|
| services.anuko-time-tracker.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.dysnomia.components | An attribute set in which each key represents a container and each value an attribute set in which each key represents a component and each value a derivation constructing its initial state
|
| boot.initrd.network.ifstate.cleanupSettings | Content of IfState's initrd cleanup configuration file
|
| hardware.nvidia.prime.offload.enable | Whether to enable render offload support using the NVIDIA proprietary driver via PRIME
|
| networking.nat.extraStopCommands | Additional shell commands executed as part of the nat
teardown script
|
| services.corerad.settings | Configuration for CoreRAD, see https://github.com/mdlayher/corerad/blob/main/internal/config/reference.toml
for supported values
|
| services.dependency-track.settings."alpine.oidc.client.id" | Defines the client ID to be used for OpenID Connect
|
| services.kanboard.enable | Whether to enable Kanboard.
|
| hardware.ksm.enable | Whether to enable Linux kernel Same-Page Merging.
|
| services.blocky.settings | Blocky configuration
|
| services.immichframe.settings.Accounts.*.ApiKey | API key to talk to the Immich server
|
| services.kubo.settings.Mounts.MFS | Where to mount the MFS namespace to
|
| hardware.tuxedo-rs.enable | Whether to enable Rust utilities for interacting with hardware from TUXEDO Computers.
|
| image.repart.partitions | Specify partitions as a set of the names of the partitions with their
configuration as the key.
|
| programs.steam.gamescopeSession.env | Environmental variables to be passed to GameScope for the session.
|
| services.anuko-time-tracker.settings.defaultCurrency | Defines a default currency symbol for new groups
|
| services.coturn.cli-port | CLI server port.
|
| services.deluge.enable | Whether to enable Deluge daemon.
|
| services.gotenberg.libreoffice.disableRoutes | Disable all routes allowing LibreOffice-based conversion.
|
| services.akkoma.dist.address | Listen address for Erlang distribution protocol and Port Mapper Daemon (epmd).
|
| services.cassandra.extraConfig | Extra options to be merged into cassandra.yaml as nix attribute set.
|
| services.headscale.settings.dns.base_domain | Defines the base domain to create the hostnames for MagicDNS
|
| services.jitsi-meet.excalidraw.enable | Whether to enable Excalidraw collaboration backend for Jitsi.
|
| hardware.system76.power-daemon.enable | Whether to enable the system76 power daemon
|
| i18n.inputMethod.enable | Whether to enable an additional input method type.
|
| security.pki.certificateFiles | A list of files containing trusted root certificates in PEM
format
|
| services.aesmd.settings.proxyType | Type of proxy to use
|
| services.centrifugo.enable | Whether to enable Centrifugo messaging server.
|
| services.davis.nginx.locations.<name>.basicAuth | Basic Auth protection for a vhost
|
| services.grafana.settings.database.ca_cert_path | The path to the CA certificate to use.
|
| services.hydra.tracker | Piece of HTML that is included on all pages.
|
| services.caddy.email | Your email address
|
| services.cgit.<name>.extraConfig | These lines go to the end of cgitrc verbatim.
|
| services.karakeep.package | The karakeep package to use.
|
| boot.specialFileSystems.<name>.stratis.poolUuid | UUID of the stratis pool that the fs is located in
This is only relevant if you are using stratis.
|
| services.goatcounter.proxy | Whether Goatcounter service is running behind a reverse proxy
|
| services.grafana-image-renderer.enable | Whether to enable grafana-image-renderer.
|
| services.inadyn.settings.provider.<name>.include | File to include additional settings for this provider from.
|
| hardware.rasdaemon.testing | Whether to enable error injection infrastructure.
|
| services.hqplayerd.auth.username | Username used for HQPlayer's WebUI
|
| services.coder.database.password | Password for accessing the database.
|
| services.akkoma.frontends.<name>.package | Akkoma frontend package.
|
| services.eintopf.enable | Whether to enable Lauti (Eintopf) community event calendar web app.
|
| services.goss.settings | The global options in config file in yaml format
|
| services.immich.settings | Configuration for Immich
|
| networking.wireless.iwd.enable | Whether to enable iwd.
|
| services.keter.globalKeterConfig.rotate-logs | emits keter logs and it's applications to stderr.
which allows journald to capture them
|
| services.discourse.admin.email | The admin user email address.
|
| security.pam.services.<name>.limits | Attribute set describing resource limits
|
| services.forgejo.database.socket | Path to the unix socket file to use for authentication.
|
| services.headscale.settings.oidc.client_secret_path | Path to OpenID Connect client secret file
|
| services.infinoted.plugins | Plugins to enable
|
| programs.xss-lock.lockerCommand | Locker to be used with xsslock
|
| services.jupyter.notebookConfig | Raw jupyter config
|
| services.jellyfin.transcoding.hardwareDecodingCodecs.vc1 | Enable hardware decoding for vc1 codec.
|
| services.ax25.axlisten.enable | Whether to enable AX.25 axlisten daemon.
|
| services.hostapd.radios.<name>.wifi6.enable | Enables support for IEEE 802.11ax (WiFi 6, HE)
|
| services.firefly-iii.dataDir | The place where firefly-iii stores its state.
|
| nix.optimise.randomizedDelaySec | Add a randomized delay before the optimizer will run
|
| services.hadoop.hbaseSite | Additional options and overrides for hbase-site.xml
https://github.com/apache/hbase/blob/rel/2.4.11/hbase-common/src/main/resources/hbase-default.xml
|
| programs.mepo.enable | Whether to enable Mepo, a fast, simple and hackable OSM map viewer.
|
| programs.feedbackd.enable | Whether to enable the feedbackd D-BUS service and udev rules
|
| services.jack.alsa.enable | Route audio to/from generic ALSA-using applications using ALSA JACK PCM plugin.
|
| services.invoiceplane.sites.<name>.database.port | Database host port.
|
| services.keepalived.vrrpInstances.<name>.virtualIps.*.scope | The scope of the area where this address is valid.
|
| nix.optimise.automatic | Automatically run the nix store optimiser at a specific time.
|
| services.gancio.nginx.locations.<name>.root | Root directory for requests.
|
| boot.initrd.unl0kr.allowVendorDrivers | Whether to load additional drivers for certain vendors (I
|
| services.athens.index.mysql.password | Password for the MySQL database
|
| services.filebeat.modules.<name>.module | The name of the module
|
| services.galene.dataDir | Data directory.
|
| boot.zfs.allowHibernation | Allow hibernation support, this may be a unsafe option depending on your
setup
|
| services.asusd.userLedModesConfig | The content of /etc/asusd/asusd-user-ledmodes.ron
|
| services.borgmatic.settings.source_directories | List of source directories and files to backup
|
| security.pam.yubico.mode | Mode of operation
|
| services.iodine.server.ip | The assigned ip address or ip range
|
| services.hydra.notificationSender | Sender email address used for email notifications.
|
| services.dae.package | The dae package to use.
|
| services.couchdb.adminUser | Couchdb (i.e. fauxton) account with permission for all dbs and
tasks.
|
| services.documize.salt | The salt string used to encode JWT tokens, if not set a random value will be generated.
|