| services.arbtt.package | The arbtt package to use.
|
| services.fedimintd.<name>.nginx.config.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.forgejo.lfs.enable | Enables git-lfs support.
|
| services.hitch.ciphers | The list of ciphers to use
|
| services.akkoma.nginx.locations.<name>.uwsgiPass | Adds uwsgi_pass directive and sets recommended proxy headers if
recommendedUwsgiSettings is enabled.
|
| services.akkoma.nginx.sslCertificate | Path to server SSL certificate.
|
| services.desktopManager.pantheon.debug | Whether to enable gnome-session debug messages.
|
| services.dnsdist.listenPort | Listen port
|
| services.heartbeat.package | The heartbeat package to use.
|
| programs.xfs_quota.projects | Setup of xfs_quota projects
|
| services.firewalld.zones.<name>.sources | Source addresses, address ranges, MAC addresses or ipsets to bind.
|
| services.infinoted.rootDirectory | Root of the directory structure to serve
|
| services.kanboard.nginx.rejectSSL | Whether to listen for and reject all HTTPS connections to this vhost
|
| boot.binfmt.registrations.<name>.fixBinary | Whether to open the interpreter file as soon as the
registration is loaded, rather than waiting for a
relevant file to be invoked
|
| networking.modemmanager.fccUnlockScripts.*.id | vid:pid of either the PCI or USB vendor and product ID
|
| security.acme.defaults.enableDebugLogs | Whether to enable debug logging for this certificate.
|
| services.davis.nginx.locations.<name>.priority | Order of this location block in relation to the others in the vhost
|
| services.kanboard.settings | Customize the default settings, refer to https://github.com/kanboard/kanboard/blob/main/config.default.php
for details on supported values.
|
| boot.nixStoreMountOpts | Defines the mount options used on a bind mount for the /nix/store
|
| programs.kbdlight.enable | Whether to enable kbdlight.
|
| programs.sway.xwayland.enable | Whether to enable XWayland.
|
| services.akkoma.nginx.locations.<name>.return | Adds a return directive, for e.g. redirections.
|
| services.audiobookshelf.openFirewall | Open ports in the firewall for the Audiobookshelf web interface.
|
| services.baikal.enable | Whether to enable baikal.
|
| services.davis.nginx | Use this option to customize an nginx virtual host
|
| services.displayManager.cosmic-greeter.package | The cosmic-greeter package to use.
|
| hardware.keyboard.qmk.enable | Whether to enable non-root access to the firmware of QMK keyboards.
|
| nixpkgs.flake.setNixPath | Whether to set NIX_PATH to include nixpkgs=flake:nixpkgs such that <nixpkgs>
lookups receive the version of nixpkgs that the system was built with, in concert with
nixpkgs.flake.setFlakeRegistry
|
| services.fcron.deny | Users forbidden from using fcron.
|
| services.doh-server.useACMEHost | A host of an existing Let's Encrypt certificate to use.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
|
| services.geoclue2.enable3G | Whether to enable 3G source.
|
| services.geoclue2.package | The geoclue2 package to use
|
| services.hadoop.hbase.zookeeperQuorum | This option will set "hbase.zookeeper.quorum" in hbase-site.xml
|
| services.icecream.daemon.netName | Network name to connect to
|
| services.forgejo.lfs.contentDir | Where to store LFS files.
|
| services.freeradius.debug | Whether to enable debug logging for freeradius (-xx
option)
|
| services.gitDaemon.basePath | Remap all the path requests as relative to the given path
|
| services.keepalived.vrrpInstances.<name>.virtualRouterId | Arbitrary unique number 1..255
|
| services.homepage-dashboard.package | The homepage-dashboard package to use.
|
| services.inputplumber.package | The inputplumber package to use.
|
| services.lanraragi.package | The lanraragi package to use.
|
| services.libinput.touchpad.leftHanded | Enables left-handed button orientation, i.e. swapping left and right buttons.
|
| security.acme.defaults.renewInterval | Systemd calendar expression when to check for renewal
|
| services._3proxy.services.*.acl.*.sources | List of source IP range, use empty list for any.
|
| services.athens.index.postgres.database | Database name for the Postgres database.
|
| services.automysqlbackup.enable | Whether to enable AutoMySQLBackup.
|
| services.grafana.settings.security.cookie_secure | Set to true if you host Grafana behind HTTPS.
|
| services.hadoop.gatewayRole.enableHbaseCli | Whether to enable HBase CLI tools.
|
| services.hostapd.enable | Whether to enable hostapd, a user space daemon for access point and
authentication servers
|
| boot.initrd.systemd.root | Controls how systemd will interpret the root FS in initrd
|
| environment.unixODBCDrivers | Specifies Unix ODBC drivers to be registered in
/etc/odbcinst.ini
|
| networking.dhcpcd.persistent | Whether to leave interfaces configured on dhcpcd daemon
shutdown
|
| programs.dms-shell.enableDynamicTheming | Whether to install dependencies required for dynamic theming support
|
| programs.partition-manager.enable | Whether to enable KDE Partition Manager.
|
| services.dolibarr.h2o.settings | Attrset to be transformed into YAML for host config
|
| services.fluidd.nginx.redirectCode | HTTP status used by globalRedirect and forceSSL
|
| security.doas.extraConfig | Extra configuration text appended to doas.conf
|
| services.airsonic.enable | Whether to enable Airsonic, the Free and Open Source media streaming server (fork of Subsonic and Libresonic).
|
| services.hockeypuck.settings | Configuration file for hockeypuck, here you can override
certain settings (loglevel and
openpgp.db.dsn) by just setting those values
|
| services.fedimintd.<name>.nginx.config.basicAuth | Basic Auth protection for a vhost
|
| services.doh-server.settings.ecs_allow_non_global_ip | By default, non global IP addresses are never forwarded to upstream servers
|
| services.anuko-time-tracker.nginx.http3_hq | Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests
|
| services.headscale.settings.oidc.issuer | URL to OpenID issuer.
|
| programs.hyprland.portalPackage | The xdg-desktop-portal-hyprland package to use
|
| services.akkoma.frontends | Akkoma frontends.
|
| services.auto-epp.settings.Settings.epp_state_for_AC | energy_performance_preference when on plugged in
See available epp states by running:
cat /sys/devices/system/cpu/cpu0/cpufreq/energy_performance_available_preferences
|
| services.avahi.domainName | Domain name for all advertisements.
|
| services.botamusique.enable | Whether to enable botamusique, a bot to play audio streams on mumble.
|
| services.firefox-syncserver.database.createLocally | Whether to create database and user on the local machine if they do not exist
|
| services.libinput.mouse.tappingDragLock | Enables or disables drag lock during tapping behavior
|
| services.duplicity.fullIfOlderThan | If "never" (the default) always do incremental
backups (the first backup will be a full backup, of course)
|
| services.borgbackup.jobs.<name>.postHook | Shell commands to run just before exit
|
| services.firezone.server.domain.enable | Whether to enable the Firezone domain server.
|
| environment.etc.<name>.user | User name of file owner
|
| security.auditd.enable | Whether to enable the Linux Audit daemon.
|
| services.hostapd.radios.<name>.networks.<name>.authentication.saePasswords.*.mac | If this attribute is not included, or if is set to the wildcard address (ff:ff:ff:ff:ff:ff),
the entry is available for any station (client) to use
|
| programs.zsh.promptInit | Shell script code used to initialise the zsh prompt.
|
| services.hardware.lcd.serverHost | Host on which LCDd is listening.
|
| services.akkoma.nginx.locations.<name>.recommendedUwsgiSettings | Enable recommended uwsgi settings.
|
| services.borgbackup.jobs.<name>.startAt | When or how often the backup should run
|
| services.crossfire-server.enable | If enabled, the Crossfire game server will be started at boot.
|
| services.lavalink.plugins | A list of plugins for lavalink.
|
| services.homepage-dashboard.widgets | Homepage widgets configuration
|
| security.duosec.secretKeyFile | A file containing your secret key
|
| hardware.trackpoint.emulateWheel | Enable scrolling while holding the middle mouse button.
|
| hardware.opentabletdriver.blacklistedKernelModules | Blacklist of kernel modules known to conflict with OpenTabletDriver.
|
| services.displayManager.cosmic-greeter.enable | Whether to enable COSMIC greeter.
|
| networking.wireless.networks.<name>.ssid | You could use this field to override the network's ssid
|
| services.lavalink.package | The lavalink package to use.
|
| nix.settings.auto-optimise-store | If set to true, Nix automatically detects files in the store that have
identical contents, and replaces them with hard links to a single copy
|
| programs.nix-ld.enable | Whether to enable nix-ld, Documentation: https://github.com/nix-community/nix-ld.
|
| services.etebase-server.unixSocket | The path to the socket to bind to.
|
| services.hound.package | The hound package to use.
|
| security.pam.services.<name>.allowNullPassword | Whether to allow logging into accounts that have no password
set (i.e., have an empty password field in
/etc/passwd or
/etc/group)
|
| services.invoiceplane.sites | Specification of one or more InvoicePlane sites to serve
|
| security.tpm2.fapi.systemDir | The directory where system objects, policies, and imported objects are stored.
|
| services.ergochat.openFilesLimit | Maximum number of open files
|
| services.gollum.no-edit | Disable editing pages
|
| services.jackett.user | User account under which Jackett runs.
|
| boot.loader.limine.secureBoot.sbctl | The sbctl package to use.
|